[ovs-dev] [PATCH 2/2] utilities: add --in-db-ssl option to ovs-ctl

Tue, 06 Jun 2023 23:33:53 -0700 

It is possible to parametrize ovs-ctl script to start ovsdb-server with
DB_SCHEME other than Open_vSwitch.  This scheme may not have currently
required table "SSL" with "key", "cert" and "cacert" columns.

This patch adds configuration knob "--in-db-ssl", which has default
behavior as it is now: run ovsdb server with ssl options.

User must pass "--in-db-ssl=no" to run ovsdb-server without these
arguments.

Signed-off-by: Vladislav Odintsov <[email protected]>
---
 utilities/ovs-ctl.in | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in
index 72c8881e3..44a6496ef 100644
--- a/utilities/ovs-ctl.in
+++ b/utilities/ovs-ctl.in
@@ -150,9 +150,11 @@ do_start_ovsdb () {
         fi
         set "$@" -vconsole:emer -vsyslog:err -vfile:info
         set "$@" --remote=punix:"$DB_SOCK"
-        set "$@" --private-key=db:Open_vSwitch,SSL,private_key
-        set "$@" --certificate=db:Open_vSwitch,SSL,certificate
-        set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert
+        if test X"$IN_DB_SSL" = Xyes; then
+            set "$@" --private-key=db:Open_vSwitch,SSL,private_key
+            set "$@" --certificate=db:Open_vSwitch,SSL,certificate
+            set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert
+        fi
         [ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER"
         [ "$OVSDB_SERVER_OPTIONS" != "" ] && set "$@" $OVSDB_SERVER_OPTIONS
 
@@ -356,6 +358,7 @@ set_defaults () {
     DB_SOCK=$rundir/db.sock
     DB_SCHEMA=$datadir/vswitch.ovsschema
     EXTRA_DBS=
+    IN_DB_SSL=yes
 
     PROTOCOL=gre
     DPORT=
@@ -457,6 +460,8 @@ File location options:
   --db-file=FILE     database file name (default: $DB_FILE)
   --db-sock=SOCKET   JSON-RPC socket name (default: $DB_SOCK)
   --db-schema=FILE   database schema file name (default: $DB_SCHEMA)
+  --in-db-ssl=yes|no use ssl key, cert and cacert file paths from Open_vSwitch
+                     database (default: $IN_DB_SSL)
 
 Options for "enable-protocol":
   --protocol=PROTOCOL  protocol to enable with iptables (default: gre)
-- 
2.36.1

_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to