On 6/7/23 08:33, Vladislav Odintsov wrote: > It is possible to parametrize ovs-ctl script to start ovsdb-server with > DB_SCHEME other than Open_vSwitch. This scheme may not have currently > required table "SSL" with "key", "cert" and "cacert" columns.
The db-schema option is primarily exists to override the path to the Open_vSwitch schema file, in case of an unconventional installation. It's not for using a completely different schema. Many other parts of the script rely on using ovs-vsctl against a running database. Also, the OVS-ctl name means that this script controls OVS, it's not intended for and shouldn't be used for anything else. Best regards, Ilya Maximets. > > This patch adds configuration knob "--in-db-ssl", which has default > behavior as it is now: run ovsdb server with ssl options. > > User must pass "--in-db-ssl=no" to run ovsdb-server without these > arguments. > > Signed-off-by: Vladislav Odintsov <[email protected]> > --- > utilities/ovs-ctl.in | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) > > diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in > index 72c8881e3..44a6496ef 100644 > --- a/utilities/ovs-ctl.in > +++ b/utilities/ovs-ctl.in > @@ -150,9 +150,11 @@ do_start_ovsdb () { > fi > set "$@" -vconsole:emer -vsyslog:err -vfile:info > set "$@" --remote=punix:"$DB_SOCK" > - set "$@" --private-key=db:Open_vSwitch,SSL,private_key > - set "$@" --certificate=db:Open_vSwitch,SSL,certificate > - set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert > + if test X"$IN_DB_SSL" = Xyes; then > + set "$@" --private-key=db:Open_vSwitch,SSL,private_key > + set "$@" --certificate=db:Open_vSwitch,SSL,certificate > + set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert > + fi > [ "$OVS_USER" != "" ] && set "$@" --user "$OVS_USER" > [ "$OVSDB_SERVER_OPTIONS" != "" ] && set "$@" $OVSDB_SERVER_OPTIONS > > @@ -356,6 +358,7 @@ set_defaults () { > DB_SOCK=$rundir/db.sock > DB_SCHEMA=$datadir/vswitch.ovsschema > EXTRA_DBS= > + IN_DB_SSL=yes > > PROTOCOL=gre > DPORT= > @@ -457,6 +460,8 @@ File location options: > --db-file=FILE database file name (default: $DB_FILE) > --db-sock=SOCKET JSON-RPC socket name (default: $DB_SOCK) > --db-schema=FILE database schema file name (default: $DB_SCHEMA) > + --in-db-ssl=yes|no use ssl key, cert and cacert file paths from > Open_vSwitch > + database (default: $IN_DB_SSL) > > Options for "enable-protocol": > --protocol=PROTOCOL protocol to enable with iptables (default: gre) _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
