From: Aliasgar Ginwala <aginw...@ebay.com>
When using ssl mode for ovn nb/sb active-standby/cluster db service models,
northd can use ssl mode too.
e.g. one can pass --ovn-northd-ssl-key, --ovn-northd-ssl-ca-cert and
--ovn-northd-ssl-cert to start northd with ssl
Signed-off-by: Aliasgar Ginwala <aginw...@ebay.com>
Acked-by: Han Zhou <hzh...@ebay.com>
---
ovn/utilities/ovn-ctl | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl
index f1297a262..769c09752 100755
--- a/ovn/utilities/ovn-ctl
+++ b/ovn/utilities/ovn-ctl
@@ -314,6 +314,15 @@ start_northd () {
if test X"$OVN_NORTHD_LOGFILE" != X; then
set "$@" --log-file=$OVN_NORTHD_LOGFILE
fi
+ if test X"$OVN_NORTHD_SSL_KEY" != X; then
+ set "$@" --private-key=$OVN_NORTHD_SSL_KEY
+ fi
+ if test X"$OVN_NORTHD_SSL_CERT" != X; then
+ set "$@" --certificate=$OVN_NORTHD_SSL_CERT
+ fi
+ if test X"$OVN_NORTHD_SSL_CA_CERT" != X; then
+ set "$@" --ca-cert=$OVN_NORTHD_SSL_CA_CERT
+ fi
[ "$OVN_USER" != "" ] && set "$@" --user "$OVN_USER"
@@ -475,6 +484,10 @@ set_defaults () {
OVN_CONTROLLER_SSL_CA_CERT=""
OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT=""
+ OVN_NORTHD_SSL_KEY=""
+ OVN_NORTHD_SSL_CERT=""
+ OVN_NORTHD_SSL_CA_CERT=""
+
DB_SB_CREATE_INSECURE_REMOTE="no"
DB_NB_CREATE_INSECURE_REMOTE="no"
@@ -571,6 +584,9 @@ Options:
--ovn-sb-db-ssl-key=KEY OVN Southbound DB SSL private key file
--ovn-sb-db-ssl-cert=CERT OVN Southbound DB SSL certificate file
--ovn-sb-db-ssl-ca-cert=CERT OVN Southbound DB SSL CA certificate file
+ --ovn-northd-ssl-key=KEY OVN Northd SSL private key file
+ --ovn-northd-ssl-cert=CERT OVN Northd SSL certificate file
+ --ovn-northd-ssl-ca-cert=CERT OVN Northd SSL CA certificate file
--ovn-manage-ovsdb=yes|no Whether or not the OVN databases should be
automatically started and stopped along
with ovn-northd. The default is "yes". If
--
2.20.1 (Apple Git-117)
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
