[ovs-dev] [PATCH] docs: fix typo in testing.rst

Coverage section refers to "check-lcoc" target, should be "check-lcov". Signed-off-by: Lance Richardson <lrich...@redhat.com> --- Documentation/topics/testing.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/topics/testing.

[ovs-dev] [PATCH] rhel: remove duplicate line from rhel/automake.mk

Fixes: commit 55f36be59122 ("rhel: Firewall service files for OVN.") Signed-off-by: Lance Richardson <lrich...@redhat.com> --- rhel/automake.mk | 1 - 1 file changed, 1 deletion(-) diff --git a/rhel/automake.mk b/rhel/automake.mk index df4c19a..c4f043a 100644 --- a/rhel/automa

Re: [ovs-dev] [PATCH branch-2.7 1/1] datapath: maintain correct checksum state in conntrack actions.

> From: "Joe Stringer" <j...@ovn.org> > To: d...@openvswitch.org > Cc: "Lance Richardson" <lrich...@redhat.com> > Sent: Wednesday, February 8, 2017 8:14:08 PM > Subject: [PATCH branch-2.7 1/1] datapath: maintain correct checksum stat

Re: [ovs-dev] who tell ovsdb-server to create listen socket for oven's nb and sb?

> From: "lg.yue" > To: "devovs" > Sent: Friday, February 10, 2017 5:31:00 AM > Subject: [ovs-dev] who tell ovsdb-server to create listen socket for oven's > nb and sb? > > Hi, all: > 1. who tell ovsdb-server to create listen socket for oven's nb

Re: [ovs-dev] [PATCH] ovn-nbctl: Ability to bootstrap CA certificate.

certificate. It looks useful for ovn-nbctl to have > the same ability too. One could connect over to OVN NB > database over SSL for transactions without having to > copy over the certificate being used by ovsdb-server > backing OVN NB. > > Signed-off-by: Gurucharan Shetty <g.

Re: [ovs-dev] [PATCH] ovn-ctl: Add bootstrap ovn-controller CA certificate option.

> > Signed-off-by: Gurucharan Shetty <g...@ovn.org> > --- LGTM (haven't tried it, but I'm planning to). Thanks for the enhancement as well as the clean-ups. It would be nice if this could go into the 2.7 branch as well. Acked-by: Lance Richardson <lrich...@redhat.com>

[ovs-dev] testing

Please ignore. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH] ovn-sb: support for managing SSL and connection config in sb db

et-ssl Delete SSL configuration: ovn-sbctl del-ssl Set SSL configuration: ovn-sbctl [--bootstrap] set-ssl PRIV-KEY CERT CA-CERT Signed-off-by: Lance Richardson <lrich...@redhat.com> --- ovn/ovn-sb.ovsschema | 21 - ovn/ovn-sb.xml| 49 ++- ovn/u

[ovs-dev] [PATCH v3 2/3] ovn-sbctl: commands for managing connection configuration

nly ptcp:0:127.0.0.1 \ pssl:0:127.0.0.1 \ read-write ptcp:0:192.168.100.4 Signed-off-by: Lance Richardson <lrich...@redhat.com> --- manpages.mk | 4 ++ ovn/utilities/ovn-sbctl.8.in | 31 +-- ovn/util

[ovs-dev] [PATCH v3 1/3] ovn-sb: add SSL configuration to southbound db schema

Augment OVN southbound database schema to allow SSL connection configuration information to be stored and managed within the southbound database. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- ovn/ovn-sb.ovsschema | 21 ++--- ovn/ovn-sb.xml

[ovs-dev] [PATCH v3 2/3] ovn-sbctl: commands for managing connection configuration

nly ptcp:0:127.0.0.1 \ pssl:0:127.0.0.1 \ read-write ptcp:0:192.168.100.4 Signed-off-by: Lance Richardson <lrich...@redhat.com> --- manpages.mk | 4 ++ ovn/utilities/ovn-sbctl.8.in | 31 +-- ovn/util

[ovs-dev] [PATCH v3 0/3] ovn-sb: support for managing connections in db

and common.man (missing from ovn-sbctl.8.in) to a separate patch.declarator Also removed statements saying ovn-sbctl should not be used in production environments since there are now valid reasons to use it. Lance Richardson (3): ovn-sb: add SSL configuration to southbound db schema ovn-sbctl

[ovs-dev] [PATCH v3 1/3] ovn-sb: add SSL configuration to southbound db schema

Augment OVN southbound database schema to allow SSL connection configuration information to be stored and managed within the southbound database. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- ovn/ovn-sb.ovsschema | 21 ++--- ovn/ovn-sb.xml

[ovs-dev] [PATCH] ovn-sbctl: document logging and common options in man page

The ovn-sbctl is currently missing a description of logging and common (-h/--help/-V/--version) command-line options. Add them by including corresponding man page fragments. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- manpages.mk | 4 ovn/utilities/ovn-s

Re: [ovs-dev] [PATCH 4/4] [RFC] ofproto-dpif: Make ofproto/trace output easier to read.

> From: "Ben Pfaff" > To: d...@openvswitch.org > Sent: Wednesday, December 7, 2016 11:36:13 AM > Subject: Re: [ovs-dev] [PATCH 4/4] [RFC] ofproto-dpif: Make ofproto/trace > output easier to read. > > On Tue, Dec 06, 2016 at 11:28:43PM -0800, Ben Pfaff wrote: > > "ovs-appctl

Re: [ovs-dev] [PATCH 4/4] [RFC] ofproto-dpif: Make ofproto/trace output easier to read.

> From: "Ben Pfaff" <b...@ovn.org> > To: "Lance Richardson" <lrich...@redhat.com> > Cc: d...@openvswitch.org > Sent: Wednesday, December 7, 2016 12:38:42 PM > Subject: Re: [ovs-dev] [PATCH 4/4] [RFC] ofproto-dpif: Make ofproto/trace > output easie

Re: [ovs-dev] [PATCH 3/3] ovn-ctl: add support for SSL nb/sb db connections

> From: "Numan Siddique" <nusid...@redhat.com> > To: "Lance Richardson" <lrich...@redhat.com> > Cc: "ovs dev" <d...@openvswitch.org> > Sent: Thursday, December 8, 2016 8:01:07 AM > Subject: Re: [ovs-dev] [PATCH 3/3] ovn-ctl: add suppor

[ovs-dev] [PATCH v2 3/3] ovn-ctl: add support for SSL nb/sb db connections

-by: Numan Siddique <num...@redhat.com> Signed-off-by: Numan Siddique <num...@redhat.com> Signed-off-by: Lance Richardson <lrich...@redhat.com> --- NEWS| 5 +++ manpages.mk | 4 ++ ovn/utilities/o

Re: [ovs-dev] [PATCH v2 0/3] ovn: support ssl connections to nb/sb dbs

> From: "Lance Richardson" <lrich...@redhat.com> > To: d...@openvswitch.org, b...@ovn.org, russ...@ovn.org, nusid...@redhat.com > Sent: Thursday, December 8, 2016 1:12:22 PM > Subject: [ovs-dev] [PATCH v2 0/3] ovn: support ssl connections to nb/sb dbs > >

[ovs-dev] [PATCH v2 1/3] ovn-nb: remote connection management in nb db

Add support for managing remote connections, including SSL configuration, to northbound db schema, and add necessary commands to ovn-nbctl. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- NEWS | 2 + ovn/ovn-nb.ovsschema | 53 +++- o

[ovs-dev] [PATCH v2 0/3] ovn: support ssl connections to nb/sb dbs

remote configuration in db instead of via command-line options. Lance Richardson (3): ovn-nb: remote connection management in nb db ovn-sb: remote connection management in sb db ovn-ctl: add support for SSL nb/sb db connections NEWS | 7 + manpages.mk

[ovs-dev] [PATCH v2 2/3] ovn-sb: remote connection management in sb db

Add support for managing remote connections, including SSL configuration, to southbound db schema, and add necessary commands to ovn-sbctl. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- NEWS | 2 +- manpages.mk | 6 ++ ovn/ovn-sb.ovs

[ovs-dev] [PATCH] ovn-northd: fix monitor process naming

With the call to ovs_cmdl_proctitle_init() added, we have: ... ovn-northd: monitoring pid 15662 (healthy) ... ovn-northd --detach --monitor --log-file=ovn-northd.log --pidfile Signed-off-by: Lance Richardson <lrich...@redhat.com> --- ovn/northd/ovn-northd.c | 1 + 1 file changed, 1 ins

Re: [ovs-dev] [PATCH] dist-docs: Make "make dist-docs" work again.

> From: "Ben Pfaff" <b...@ovn.org> > To: d...@openvswitch.org > Cc: "Ben Pfaff" <b...@ovn.org>, "Stephen Finucane" <step...@that.guru>, > "Lance Richardson" <lrich...@redhat.com> > Sent: Tuesday, December 13, 2016 3:5

[ovs-dev] [PATCH] Documentation: fix some typos

s/deamon/daemon/ s/dependant/dependent/ Signed-off-by: Lance Richardson <lrich...@redhat.com> --- Documentation/intro/install/dpdk-advanced.rst | 2 +- Documentation/topics/openflow.rst | 4 ++-- lib/daemon.xml| 2 +- 3 files changed, 4 inse

Re: [ovs-dev] [PATCH] ovn-ctl: Modify SYNC FROM connection default protocol to SSL

> From: "e" > To: ovs-dev@openvswitch.org > Cc: "e" > Sent: Monday, January 9, 2017 9:44:43 PM > Subject: [ovs-dev] [PATCH] ovn-ctl: Modify SYNC FROM connection default > protocol to SSL > > This patch is used for the OVSDB HA by pacemaker. > which

[ovs-dev] [PATCH net] openvswitch: maintain correct checksum state in conntrack actions

8a436eaa2c ("openvswitch: Add conntrack action") Signed-off-by: Lance Richardson <lrich...@redhat.com> --- net/openvswitch/conntrack.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 6b78bab..54253ea 10

[ovs-dev] [PATCH 1/3] ovn-nb: remote connection management in nb db

Add support for managing remote connections, including SSL configuration, to northbound db schema, and add necessary commands to ovn-nbctl. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- NEWS | 2 + ovn/ovn-nb.ovsschema | 53 +++- o

[ovs-dev] [PATCH] build: fix rpm-fedora target breakage

08f2 ("doc: Convert AUTHORS to rST") Signed-off-by: Lance Richardson <lrich...@redhat.com> --- Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.am b/Makefile.am index a14d48b..974cb9a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -66,6 +66,7 @@ PYCOV_CLE

Re: [ovs-dev] [PATCH v2 0/4] make ofproto/trace output easier to read

> 20 files changed, 1531 insertions(+), 1440 deletions(-) > create mode 100644 ofproto/ofproto-dpif-trace.c > create mode 100644 ofproto/ofproto-dpif-trace.h > > -- The new output format is immensely easier to read and understand. For the series: Acked-by: Lance Richardson <lrich...@redhat.com> ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH v5] ovn-ctl: add support for SSL nb/sb db connections

> From: "Numan Siddique" <nusid...@redhat.com> > To: "Ben Pfaff" <b...@ovn.org> > Cc: "Lance Richardson" <lrich...@redhat.com>, "Russell Bryant" > <russ...@ovn.org>, "ovs dev" <d...@openvswitch.org>

[ovs-dev] [PATCH v3] ovn-ctl: add support for SSL nb/sb db connections

-by: Numan Siddique <nusid...@redhat.com> Signed-off-by: Numan Siddique <nusid...@redhat.com> Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v3: - rebased - s/db-sb-default-remote/db-sb-create-remote/ in man page - s/db-nb-default-remote/db-nb-create-remote/ in man p

Re: [ovs-dev] [PATCH v3] ovn-ctl: add support for SSL nb/sb db connections

> From: "Ben Pfaff" <b...@ovn.org> > To: "Lance Richardson" <lrich...@redhat.com> > Cc: d...@openvswitch.org, nusid...@redhat.com > Sent: Thursday, December 22, 2016 12:04:05 AM > Subject: Re: [PATCH v3] ovn-ctl: add support for SSL nb/sb db conn

Re: [ovs-dev] [PATCH v3] ovn-ctl: add support for SSL nb/sb db connections

> From: "Lance Richardson" <lrich...@redhat.com> > To: "Ben Pfaff" <b...@ovn.org>, nusid...@redhat.com, "Russell Bryant" > <russ...@ovn.org> > Cc: d...@openvswitch.org > Sent: Thursday, December 22, 2016 7:51:16 AM > Subject

[ovs-dev] [PATCH] ovn-controller: enable ssl config via local ovsdb

, the configuration in the local ovsdb has precedence. This is consistent with how vswitchd is currently implemented. The existing ovs-vsctl get-ssl/set-ssl/del-ssl commands can be used to manage the configuration in the vswitchd database. Signed-off-by: Lance Richardson <lrich...@redhat.com> --

[ovs-dev] [PATCH] ovn-nbctl: include db connection options in help

Include db connection options in help text. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- ovn/utilities/ovn-nbctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ovn/utilities/ovn-nbctl.c b/ovn/utilities/ovn-nbctl.c index 900b088..ebb9349 100644 --- a/ovn/utilities/ovn-n

[ovs-dev] [RFC 2/5] ovsdb: refactor utility functions into separate file

Move local db access functions to a new file and make give them global scope so they can be included in the ovsdb library and used by other ovsdb library functions. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- ovsdb/automake.mk| 4 +- ovsdb/ovsdb-server.c

[ovs-dev] [RFC 4/5] ovn: add rbac tables to ovn southbound schema

Add rbac "roles" and "permissions" tables to ovn southbound database schema. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- ovn/northd/ovn-northd.c | 190 ovn/ovn-sb.ovsschema| 26 ++- ovn

[ovs-dev] [RFC 0/5] role-based access controls for ovsdb-server, ovn-sb

- No unit tests. - Sketchy documentation. Regards, Lance Lance Richardson (5): stream: store stream peer id with stream state ovsdb: refactor utility functions into separate file ovsdb: add support for role-based access controls ovn: add rbac tables to ovn southbound schema ovn-sbctl:

[ovs-dev] [RFC 1/5] stream: store stream peer id with stream state

Keep track of authenticated ID for stream peer. For SSL connections, the authenticated ID is the CN (Common Name) field from the peer's SSL certificate. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- lib/stream-provider.h | 1 + lib/stream-ssl.c

[ovs-dev] [RFC 3/5] ovsdb: add support for role-based access controls

, in combination with session role and client id, to determine whether operations modifying database contents should be permitted. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- lib/jsonrpc.c | 10 ++ lib/jsonrpc.h | 2 + ovsdb/automake.mk

[ovs-dev] [RFC 5/5] ovn-sbctl: support setting rbac role for remote connections

Add support for specifying rbac "role" when setting remote connection configuration in southbound database. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- ovn/utilities/ovn-sbctl.c | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/o

[ovs-dev] [RFC] sandbox: use ssl for ovn-controller to sb db connection

When SSL support is available, use SSL for the ovn-controller to southbound database connection. When configured without SSL, unix socket connections are used. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- tutorial/automake.mk | 3 ++- tutorial/ovs-sandbo

[ovs-dev] [PATCH] sandbox: use ssl for ovn-controller to sb db connection

When SSL support is available, use SSL for the ovn-controller to southbound database connection. When configured without SSL, unix socket connections are used. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- tutorial/automake.mk | 3 ++- tutorial/ovs-sandbo

[ovs-dev] [PATCH] table: provide table formatting option help at runtime

Show table formatting options with help output from ovn-nbctl, obn-sbctl, ovs-vsctl, and vtep-ctl commands. Include "--data" option in ovsdb-client help output. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- lib/table.c | 16 +

Re: [ovs-dev] sphinx on os x on travis?

> From: "Lance Richardson" <lrich...@redhat.com> > To: "Ben Pfaff" <b...@ovn.org> > Cc: d...@openvswitch.org > Sent: Friday, March 17, 2017 7:39:03 PM > Subject: Re: sphinx on os x on travis? > > > From: "Ben Pfaff" <b...@ov

Re: [ovs-dev] sphinx on os x on travis?

> From: "Ben Pfaff" <b...@ovn.org> > To: d...@openvswitch.org > Cc: "Lance Richardson" <lrich...@redhat.com> > Sent: Friday, March 17, 2017 7:09:51 PM > Subject: sphinx on os x on travis? > > I'm seeing failures on Travis that boil down to

Re: [ovs-dev] sphinx on os x on travis?

- Original Message - > From: "Ben Pfaff" <b...@ovn.org> > To: "Lance Richardson" <lrich...@redhat.com> > Cc: d...@openvswitch.org > Sent: Friday, March 17, 2017 10:08:38 PM > Subject: Re: sphinx on os x on travis? > > On Fri, Mar

Re: [ovs-dev] sphinx on os x on travis?

- Original Message - > From: "Ben Pfaff" <b...@ovn.org> > To: d...@openvswitch.org > Cc: "Lance Richardson" <lrich...@redhat.com> > Sent: Friday, March 17, 2017 7:09:51 PM > Subject: sphinx on os x on travis? > > I'm seeing failure

Re: [ovs-dev] OVN: Compromised Chassis Mitigation

> From: "Mickey Spiegel" <mickeys@gmail.com> > To: "Lance Richardson" <lrich...@redhat.com> > Cc: "Russell Bryant" <russ...@ovn.org>, "devovs" <d...@openvswitch.org> > Sent: Tuesday, March 14, 2017 3:06:53 PM > Su

Re: [ovs-dev] OVN: Compromised Chassis Mitigation

> From: "Russell Bryant" <russ...@ovn.org> > To: "Mickey Spiegel" <mickeys@gmail.com> > Cc: "Lance Richardson" <lrich...@redhat.com>, "devovs" <d...@openvswitch.org> > Sent: Tuesday, March 14, 2017 1:48:55 PM >

Re: [ovs-dev] OVN: Compromised Chassis Mitigation

- Original Message - > From: "Mickey Spiegel" <mickeys@gmail.com> > To: "Lance Richardson" <lrich...@redhat.com> > Cc: "Russell Bryant" <russ...@ovn.org>, "devovs" <d...@openvswitch.org> > Sent: Tuesday,

Re: [ovs-dev] OVN: Compromised Chassis Mitigation

- Original Message - > From: "Mickey Spiegel" <mickeys@gmail.com> > To: "Lance Richardson" <lrich...@redhat.com> > Cc: "Russell Bryant" <russ...@ovn.org>, "devovs" <d...@openvswitch.org> > Sent: Tuesday,

Re: [ovs-dev] sphinx on os x on travis?

> From: "Ilya Maximets" <i.maxim...@samsung.com> > To: ovs-dev@openvswitch.org, "Lance Richardson" <lrich...@redhat.com>, "Ben > Pfaff" <b...@ovn.org> > Sent: Monday, March 20, 2017 2:54:55 AM > Subject: [ovs-dev] sphinx on os x on tr

Re: [ovs-dev] [PATCH] travis: Fix build on Travis by installing new-enough docutils.

-prepare.sh b/.travis/osx-prepare.sh > index 611c0709d760..25a65e26090a 100755 > --- a/.travis/osx-prepare.sh > +++ b/.travis/osx-prepare.sh > @@ -1,5 +1,6 @@ > #!/bin/bash > set -ev > pip install --user six > +pip install --user --upgrade docutils > > brew unin

Re: [ovs-dev] [PATCH v2] python: Allow tuning the session probe_interval from IDL

> From: "Terry Wilson" > To: "Lucas Alvares Gomes" > Cc: "ovs dev" > Sent: Monday, 10 April, 2017 1:01:31 PM > Subject: Re: [ovs-dev] [PATCH v2] python: Allow tuning the session > probe_interval from IDL > > ovsdb-server has the

Re: [ovs-dev] [PATCH v2] python: Allow tuning the session probe_interval from IDL

- Original Message - > From: "Lance Richardson" <lrich...@redhat.com> > To: "Terry Wilson" <twil...@redhat.com> > Cc: "ovs dev" <d...@openvswitch.org>, "Lucas Alvares Gomes" > <lucasago...@gmail.com> > Sen

[ovs-dev] [PATCH v2 0/3] fix table formatting option descriptions in man pages

Correct some typos in man pages related to table formatting options. Clarify description of "--data=json" option. Add XML version of lib/table.man to include in ovn-nbctl man page. v2: Corrections to table.man and ovsdb-client.1.in, whitespace issue and extraneous text in table.x

[ovs-dev] [PATCH v2 1/3] ovsdb-client: improve formatting option description in man page

Use correct option name for "--no-headings", remove duplicate "--no-heading" option in synopsis. Clarify description of "--data=json" option. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v2: all new lib/table.man | 12 ++--

[ovs-dev] [PATCH v2 2/3] table: add xml version of lib/table.man

Add lib/table.xml, translated from lib/table.man for inclusion in XML man pages (such as ovn-nbctl.8.xml). Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v2: incorporated v2 table.man changes, fixed whitespace issue, removed extraneous text from description of "--pre

[ovs-dev] [PATCH v2 3/3] ovn-nbctl: include table formatting options in man page

Include descriptions of table formatting optiosn in ovn-nbctl man page. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v2: no changes ovn/utilities/ovn-nbctl.8.xml | 6 ++ 1 file changed, 6 insertions(+) diff --git a/ovn/utilities/ovn-nbctl.8.xml b/ovn/utilities/ovn-nbctl

Re: [ovs-dev] [RFC 0/5] role-based access controls for ovsdb-server, ovn-sb

> From: "Lance Richardson" <lrich...@redhat.com> > To: "Ben Pfaff" <b...@ovn.org> > Cc: d...@openvswitch.org, "mickeys dev" <mickeys@gmail.com>, "Russell > Bryant" <russ...@ovn.org> > Sent: Thursday, 6 April,

[ovs-dev] [RFC v2 3/5] ovsdb: add support for role-based access controls

, in combination with session role and client id, to determine whether operations modifying database contents should be permitted. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v2: - Added ovsdb_perm_error() to format permission error strings. - Re-implemented RBAC

[ovs-dev] [RFC v2 5/5] ovn-sbctl: support setting rbac role for remote connections

Add support for specifying rbac "role" when setting remote connection configuration in southbound database. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v2: no changes ovn/utilities/ovn-sbctl.c | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-)

Re: [ovs-dev] [RFC v2 0/5] role-based access controls for ovsdb-server, ovn-sb

> From: "Lance Richardson" <lrich...@redhat.com> > To: d...@openvswitch.org, b...@ovn.org, russ...@ovn.org, "mickeys dev" > <mickeys@gmail.com> > Sent: Thursday, 13 April, 2017 11:00:21 AM > Subject: [ovs-dev] [RFC v2 0/5] role-bas

[ovs-dev] [RFC v2 2/5] ovsdb: refactor utility functions into separate file

Move local db access functions to a new file and make give them global scope so they can be included in the ovsdb library and used by other ovsdb library functions. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v2: - Renamed functions in ovsdb-util.c to have "ovsdb_ut

[ovs-dev] [RFC v2 1/5] stream: store stream peer id with stream state

Keep track of authenticated ID for stream peer. For SSL connections, the authenticated ID is the CN (Common Name) field from the peer's SSL certificate. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v2: - Accomodate OpenSSL 1.1 deprecation of ASN1_STRING_data(). - Added c

[ovs-dev] [RFC v2 0/5] role-based access controls for ovsdb-server, ovn-sb

d db. - Evaluate other methods for enabling RBAC enforcement in ovsdb-server, see https://mail.openvswitch.org/pipermail/ovs-dev/2017-April/330718.html - Add "chassis" column to OVN southbound Encap table to allow more effective RBAC. Lance Richardson (5): stream: st

[ovs-dev] [RFC v2 4/5] ovn: add rbac tables to ovn southbound schema

Add rbac "roles" and "permissions" tables to ovn southbound database schema, add support to ovn-northd for managing these tables. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v2: - Corrected authorization setup for Chassis and Encap tables. ovn

[ovs-dev] [RFC v3 4/6] ovsdb: add support for role-based access controls

r applying the RBAC role and permission tables, in combination with session role and client id, to determine whether operations modifying database contents should be permitted. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v2: - Added ovsdb_perm_error() to form

[ovs-dev] [RFC v3 5/6] ovn: add rbac tables to ovn southbound schema

Add rbac "roles" and "permissions" tables to ovn southbound database schema, add support to ovn-northd for managing these tables. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v2: - Corrected authorization setup for Chassis and Encap tables. v3: -

[ovs-dev] [RFC v3 6/6] ovn-sbctl: support setting rbac role for remote connections

Add support for specifying rbac "role" when setting remote connection configuration in southbound database. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v2: no changes v3: no changes ovn/utilities/ovn-sbctl.c | 12 ++-- 1 file changed, 10 insertions

[ovs-dev] [RFC v3 2/6] ovsdb: refactor utility functions into separate file

Move local db access functions to a new file and make give them global scope so they can be included in the ovsdb library and used by other ovsdb library functions. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v2: - Renamed functions in ovsdb-util.c to have "ovsdb_ut

[ovs-dev] [RFC v3 1/6] stream: store stream peer id with stream state

Track authenticated stream peer ID. For SSL connections, the authenticated ID is the CN (Common Name) field extracted from the peer's SSL certificate. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v2: - Accomodate OpenSSL 1.1 deprecation of ASN1_STRING_data(). - Added c

[ovs-dev] [RFC v3 3/6] ovs-pki: add option to suppress generated id in common name

For some applications, it is desirable to have full control of the common name field in generated certificates. Add a command-line option to suppress appending " id:" to the user- specified name. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v3: New patch. uti

[ovs-dev] [PATCH 3/3] ovn-controller: document command-line options in man page

Signed-off-by: Lance Richardson <lrich...@redhat.com> --- ovn/controller/ovn-controller.8.xml | 64 + 1 file changed, 23 insertions(+), 41 deletions(-) diff --git a/ovn/controller/ovn-controller.8.xml b/ovn/controller/ovn-controller.8.xml index f

[ovs-dev] [PATCH 0/3] document command-line options in ovn man pages

Add command-line option documentation to ovn-northd and ovn-controller man pages. Lance Richardson (3): ovsdb: add xml equivalents of remote man page fragments northd: document command-line options in man page ovn-controller: document command-line options in man page ovn/controller/ovn

[ovs-dev] [PATCH 1/3] ovsdb: add xml equivalents of remote man page fragments

Add XML equivalents for remote-active.man and remote-passive.man for inclusion by man pages using XML format. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- ovsdb/remote-active.xml | 30 ++ ovsdb/remote-passive.xm

Re: [ovs-dev] [RFC v3 4/6] ovsdb: add support for role-based access controls

- Original Message - > From: "Lance Richardson" <lrich...@redhat.com> > > +struct ovsdb_error *ovsdb_perm_error(const char *details, ...) > +{ > +struct ovsdb_error *error; > +va_list args; > + > +va_start(args, details); > +e

Re: [ovs-dev] OVN: Compromised Chassis Mitigation

> From: "Mickey Spiegel" <mickeys@gmail.com> > To: "Lance Richardson" <lrich...@redhat.com> > Cc: "devovs" <d...@openvswitch.org> > Sent: Wednesday, March 8, 2017 10:41:01 PM > Subject: Re: [ovs-dev] OVN: Compromised Chassis M

[ovs-dev] [PATCH] rhel: Use correct default port for OVN SB database

Fix typo in OVN SB database TCP port number. Fixes: commit 55f36be59122 ("rhel: Firewall service files for OVN.") Signed-off-by: Lance Richardson <lrich...@redhat.com> --- rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml | 2 +- 1 file changed, 1 insertion(+), 1 d

[ovs-dev] OVN: Compromised Chassis Mitigation

discuss in IRC tomorrow. Regards, Lance Richardson Problem Description --- Each ovn-controller instance currently has full write access to the OVN southbound database. This means that a single compromised chassis can potentially disrupt every chassis in an OVN network. Goals

Re: [ovs-dev] OVN: Compromised Chassis Mitigation

> From: "Mickey Spiegel" <mickeys@gmail.com> > To: "Lance Richardson" <lrich...@redhat.com> > Cc: "devovs" <d...@openvswitch.org> > Sent: Thursday, March 9, 2017 6:49:53 PM > Subject: Re: [ovs-dev] OVN: Compromised Chassis Mitigati

Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

- Original Message - > From: "Numan Siddique" > To: "Russell Bryant" > Cc: "ovs dev" > Sent: Tuesday, March 14, 2017 11:21:33 AM > Subject: Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for > router ports

Re: [ovs-dev] [RFC 1/5] stream: store stream peer id with stream state

> From: "Ben Pfaff" <b...@ovn.org> > To: "Lance Richardson" <lrich...@redhat.com> > Cc: d...@openvswitch.org, russe...@ovn.org, "mickeys dev" > <mickeys@gmail.com> > Sent: Thursday, 6 April, 2017 11:39:52 AM > Subject: Re: [R

[ovs-dev] [PATCH 0/2] add table formatting options to ovn-nbctl man page

Add missing descriptions of table formatting options to the ovn-nbctl(8) man page. Lance Richardson (2): table: add xml version of lib/table.man ovn-nbctl: include table formatting options in man page lib/automake.mk | 1 + lib/table.xml | 114

[ovs-dev] [PATCH 1/2] table: add xml version of lib/table.man

Add lib/table.xml, translated from lib/table.man for inclusion in XML man pages (such as ovn-nbctl.8.xml). Signed-off-by: Lance Richardson <lrich...@redhat.com> --- lib/automake.mk | 1 + lib/table.xml | 114 2 files change

[ovs-dev] [PATCH 2/2] ovn-nbctl: include table formatting options in man page

Include descriptions of table formatting optiosn in ovn-nbctl man page. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- ovn/utilities/ovn-nbctl.8.xml | 6 ++ 1 file changed, 6 insertions(+) diff --git a/ovn/utilities/ovn-nbctl.8.xml b/ovn/utilities/ovn-nbctl.8.xml index 1

Re: [ovs-dev] [PATCH] m4: fix use of log fd vs. file in "configure"

> From: "Ben Pfaff" <b...@ovn.org> > To: "Lance Richardson" <lrich...@redhat.com> > Cc: d...@openvswitch.org, tredae...@redhat.com > Sent: Friday, 7 April, 2017 6:13:44 PM > Subject: Re: [PATCH] m4: fix use of log fd vs. file in "configure&q

[ovs-dev] [PATCH] m4: fix use of log fd vs. file in "configure"

;configure") Signed-off-by: Lance Richardson <lrich...@redhat.com> --- m4/openvswitch.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/m4/openvswitch.m4 b/m4/openvswitch.m4 index cbfd755..48892f9 100644 --- a/m4/openvswitch.m4 +++ b/m4/openvswitch.m4 @@ -357,7 +357,7 @@ els

Re: [ovs-dev] [RFC 1/5] stream: store stream peer id with stream state

> From: "Ben Pfaff" <b...@ovn.org> > To: "Lance Richardson" <lrich...@redhat.com> > Cc: d...@openvswitch.org, russe...@ovn.org, "mickeys dev" > <mickeys@gmail.com> > Sent: Thursday, 6 April, 2017 11:37:34 AM > Subject: Re: [R

Re: [ovs-dev] [RFC 0/5] role-based access controls for ovsdb-server, ovn-sb

> From: "Ben Pfaff" <b...@ovn.org> > To: "Lance Richardson" <lrich...@redhat.com> > Cc: d...@openvswitch.org, "mickeys dev" <mickeys@gmail.com>, "Russell > Bryant" <russ...@ovn.org> > Sent: Thursday, 13 April,

Re: [ovs-dev] [PATCH] rhel: Use systemd Restart option for ovn-controllers.

rt_controller > $OVN_CONTROLLER_OPTS > +ExecStart=/usr/share/openvswitch/scripts/ovn-ctl --no-monitor \ > + start_controller $OVN_CONTROLLER_OPTS > ExecStop=/usr/share/openvswitch/scripts/ovn-ctl stop_controller > > [Install] > -- > 2.13.3 > LGTM, but now I'm won

[ovs-dev] [PATCH v8 4/7] ovsdb-idl: Autogenerated functions for compound indexes

ncourt <esteb...@hpe.com> Co-authored-by: Arnoldo Lutz Guevara <arnoldo.lutz.guev...@hpe.com> Co-authored-by: Esteban Rodriguez Betancourt <esteb...@hpe.com> Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v8: - Rebased, no changes. v7: - Rebased and made n

[ovs-dev] [PATCH v8 5/7] ovn-controller: use idl index for multicast group table

Use IDL index for multicast group table lookups, avoiding the overhead of creating/destroying an index hmap for each iteration of the ovn-controller main loop. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v8: Rebased, changes required. v7: New patch. ovn/controller/l

[ovs-dev] [PATCH v8 0/7] ovsdb-idl: ovsdb client index support

mewhat. v5: - Rebased on ovs master. - Implemented changes suggestion in review of v4. - Coding style fixes, some text polishing. - Testing by using this feature to eliminate a number of ad-hoc indexing structures used in ovn-controller. - Fixes for memory leaks found in testing. Lance

[ovs-dev] [PATCH v8 6/7] ovn-controller: use idl indexes for logical port table

Use IDL index for logical port table lookups, avoiding the overhead of creating/destroying an index hmap for each iteration of the ovn-controller main loop. Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v8: Rebased, changes required. v7: New patch. ovn/controller/bin

[ovs-dev] [PATCH v8 3/7] ovsdb-idl: idl compound indexes implementation

This patch adds support for the creation of multicolumn indexes in the C IDL to enable for efficient search and retrieval of database rows by key. Signed-off-by: Esteban Rodriguez Betancourt <esteb...@hpe.com> Co-authored-by: Lance Richardson <lrich...@redhat.com> Signed-off-by: Lanc

[ovs-dev] [PATCH v8 1/7] ovsdb-idl: compound indexes design document

Arturo Sauma Vargas <jorge.sa...@hpe.com> Co-authored-by: Javier Albornoz <javier.albor...@hpe.com> Co-authored-by: Esteban Rodriguez Betancourt <esteb...@hpe.com> Co-authored-by: Jorge Arturo Sauma Vargas <jorge.sa...@hpe.com> Co-aughored-by: Lance Richardson <lrich...@redh

[ovs-dev] [PATCH v8 2/7] lib: skiplist implementation

Skiplist implementation intended for use in the IDL compound indexes feature. Signed-off-by: Esteban Rodriguez Betancourt <esteb...@hpe.com> Co-authored-by: Lance Richardson <lrich...@redhat.com> Signed-off-by: Lance Richardson <lrich...@redhat.com> --- v8: - Rebased, no ch

  1   2   3   >