Not sure if this got sent out.
On 19/07/2021 16:29, Brendan Doyle wrote:
Folks,
When I start OVN/OVs using ovn-ctl /ovs-ctl the ovsdb-server processes
have SSL credentials of the form:
--private-key=db:Open_vSwitch,SSL,private_key
--certificate=db:Open_vSwitch,SSL,certificate
--bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert
--private-key=db:OVN_Northbound,SSL,private_key
--certificate=db:OVN_Northbound,SSL,certificate
--ca-cert=db:OVN_Northbound,SSL,ca_cert
--ssl-protocols=db:OVN_Northbound,SSL,ssl_protocols
--ssl-ciphers=db:OVN_Northbound,SSL,ssl_ciphers
--private-key=db:OVN_Southbound,SSL,private_key
--certificate=db:OVN_Southbound,SSL,certificate
--ca-cert=db:OVN_Southbound,SSL,ca_cert
--ssl-protocols=db:OVN_Southbound,SSL,ssl_protocols
--ssl-ciphers=db:OVN_Southbound,SSL,ssl_ciphers
From what I gather this means it gets these values from the database,
OVS, OVN North/South?
But does that mean that SSL is enabled by default and use a default
set of credentials/cipers?
Or does it mean If these values (Open_vSwitch,SSL,certificate e,g) are
not set in the OVS, or OVN North/South bound data base
then the connections are not SSL.
And if the later is the case how are these set?
Thanks
Brendan
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
