On Wed, Dec 21, 2016 at 06:35:43PM -0500, Lance Richardson wrote: > Add support for SSL connections to OVN northbound and/or > southbound databases. > > To improve security, the NB and SB ovsdb daemons no longer > have open ptcp connections by default. This is a change in > behavior from previous versions, users wishing to use TCP > connections to the NB/SB daemons can either request that > a passive TCP connection be used via ovn-ctl command-line > options (e.g. via OVN_CTL_OPTS/OVN_NORTHD_OPTS in startup > scripts): > > --db-sb-create-remote=yes > --db-nb-create-remote=yes
Thanks for writing this, and for rebasing. I don't yet understand the design choices for the --db-?b-create-remote options. The names seem odd to me, since these options are particularly about adding insecure remotes, and so I would expect the names to say something about "legacy" or "insecure". I'm also puzzled why these options, which I'd expect to be supplied time after time to ovn-ctl if they are necessary at all, make a stateful database change. I would have guessed, instead, that they add another --remote option to daemon invocations. Can you help me understand better? Thanks, Ben. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
