Re: [ovs-dev] [PATCH 3/3] debian: Install self-signed certificates.

Fri, 17 Feb 2012 16:45:26 -0800 

On Fri, Feb 17, 2012 at 3:41 PM, Gurucharan Shetty <gshe...@nicira.com>wrote:

> Install self-signed certificates in /etc/openvswitch using the
> ovs-pki utility.
>
> Bug #9063.
>
> Signed-off-by: Gurucharan Shetty <gshe...@nicira.com>
> ---
>  debian/openvswitch-switch.postinst |    7 +++++++
>  debian/openvswitch-switch.postrm   |    3 +++
>  2 files changed, 10 insertions(+), 0 deletions(-)
>
> diff --git a/debian/openvswitch-switch.postinst
> b/debian/openvswitch-switch.postinst
> index c50853a..e28951b 100755
> --- a/debian/openvswitch-switch.postinst
> +++ b/debian/openvswitch-switch.postinst
> @@ -33,6 +33,13 @@ case "$1" in
>                 fi
>             done
>        fi
> +
> +    #Install self-signed certificates.
> +    OVSPKI="/usr/bin/ovs-pki"
> +    if [ -x "${OVSPKI}" ]; then
> +        (cd /etc/openvswitch && ${OVSPKI} req ovsclient && \
> +            ${OVSPKI} self-sign ovsclient) > /dev/null 2>&1
> +    fi
>
This would break upgrades, because certs are already present and ovs-pki
would return non-zero return value.

Also, we should attempt to generate certs only if they are not already
present, otherwise the user would have to copy them to Controller each time
after an upgrade.

        ;;
>
>     abort-upgrade|abort-remove|abort-deconfigure)
> diff --git a/debian/openvswitch-switch.postrm
> b/debian/openvswitch-switch.postrm
> index baf37c8..ad79d64 100755
> --- a/debian/openvswitch-switch.postrm
> +++ b/debian/openvswitch-switch.postrm
> @@ -26,6 +26,9 @@ case "$1" in
>         rm -f /etc/default/openvswitch-switch
>         rm -f /var/log/openvswitch/ovs-vswitchd.log* || true
>         rm -f /var/log/openvswitch/ovsdb-server.log* || true
> +        rm -f /etc/openvswitch/ovsclient-privkey.pem
> +        rm -f /etc/openvswitch/ovsclient-req.pem
> +        rm -f /etc/openvswitch/ovsclient-cert.pem

        ;;
>
>     remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
> --
> 1.7.2.5
>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev
>

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to