Thanks Numan for review. Just to update that V3 will only have changes for ovn-ctl as per Han's suggestion to add details in help section there. ocf script will remain unchanged. That is why I have added acked-by on this patch. :)
On Mon, Oct 8, 2018 at 11:59 PM Numan Siddique <nusid...@redhat.com> wrote: > > > On Tue, Oct 9, 2018 at 6:11 AM Han Zhou <zhou...@gmail.com> wrote: > >> >> >> >> Giving a second thought, it seems there is still a problem. >> >> >> >> There should be two sets of SSL related parameters we should consider >> in >> the active-standby scenario. >> >> - One set of parameters is for the server side. For ipaddr2 use case, >> both active and standby nodes will need them. For LB use case, where only >> the active node should listen on the port, only the active node should >> need >> these parameters. >> >> - Another set of parameters is for the client side, together with the >> --sync-from parameter, so that the standby node can connect to the active >> node as a client using SSL. These parameters are needed in standby node >> only. >> >> >> >> I didn't see how is this addressed. Did I miss anything? >> >> >> >> For the server side SSL parameters, it should be valid to use DB >> settings instead of command line options. (For client side, it may not be >> possible to use DB settings since the standby nodes need to get the SSL >> parameters before connecting to the (active) DB). >> > >> > >> Just to clarify, for active-standby scenario, since we dont know who >> will became active server any time, it is safe to use same certs on all >> central nodes irrespective of which node is client or server. >> >> Ok, thanks. It is clarified after discussion that we are combining the >> server side and client side ssl keys/certs to the same value for all >> central nodes in the active-standby setup. I didn't know that same >> settings >> actually work for both server and client, so it sounds good for me. >> > > From the pacemaker Resource script perspective, it looks good to me. I > will take > another look when you post v3. > > Thanks > Numan > > _______________________________________________ >> dev mailing list >> d...@openvswitch.org >> https://mail.openvswitch.org/mailman/listinfo/ovs-dev >> > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev