Re: [ovs-dev] [PATCH v1] ovndb-servers.ocf: add LB support for managing ovsdb cluster

2018-05-18 Thread Ginwala, Aliasgar 
Please try v2 that is sent out. Have made minor improvements post review from 
Han.

Please set LISTEN_ON_MASTER_IP_ONLY and LISTEN_ON_SLAVE to no when creating 
resource for LB.



Regards,

From: "Ginwala, Aliasgar" <aginw...@ebay.com>
Date: Friday, May 18, 2018 at 12:01 PM
To: Numan Siddique <nusid...@redhat.com>, aginwala <amgin...@gmail.com>
Cc: ovs dev <d...@openvswitch.org>
Subject: Re: [ovs-dev] [PATCH v1] ovndb-servers.ocf: add LB support for 
managing ovsdb cluster

Sure Thanks:
Below is the command I use for resource creation in this case:

pcs resource create ovndb_servers ocf:ovn:ovndb-servers \
 master_ip="vip_IP" \
 op monitor interval="10s" \
 op monitor role=Master interval="15s" --debug
pcs resource master ovndb_servers-master ovndb_servers \
meta notify="true"


Regards,


From: Numan Siddique <nusid...@redhat.com>
Date: Thursday, May 17, 2018 at 11:37 PM
To: aginwala <amgin...@gmail.com>
Cc: ovs dev <d...@openvswitch.org>, "Ginwala, Aliasgar" <aginw...@ebay.com>
Subject: Re: [ovs-dev] [PATCH v1] ovndb-servers.ocf: add LB support for 
managing ovsdb cluster

Hi Aliasgar,

I will try it out and come back with my comments.

Thanks
Numan


On Tue, May 8, 2018 at 10:37 AM, aginwala 
<amgin...@gmail.com<mailto:amgin...@gmail.com>> wrote:
using pacemaker so that controllers can be placed in different fault domains.

Signed-off-by: aginwala <aginw...@ebay.com<mailto:aginw...@ebay.com>>
---
 ovn/utilities/ovndb-servers.ocf | 63 +
 1 file changed, 51 insertions(+), 12 deletions(-)

diff --git a/ovn/utilities/ovndb-servers.ocf b/ovn/utilities/ovndb-servers.ocf
index 164b6bc..85a5d92 100755
--- a/ovn/utilities/ovndb-servers.ocf
+++ b/ovn/utilities/ovndb-servers.ocf
@@ -9,6 +9,7 @@
 : ${SB_MASTER_PROTO_DEFAULT="tcp"}
 : ${MANAGE_NORTHD_DEFAULT="no"}
 : ${INACTIVE_PROBE_DEFAULT="5000"}
+: ${LISTEN_ON_MASTER_IP_ONLY_DEFAULT="yes"}

 CRM_MASTER="${HA_SBIN_DIR}/crm_master -l reboot"
 CRM_ATTR_REPL_INFO="${HA_SBIN_DIR}/crm_attribute --type crm_config --name 
OVN_REPL_INFO -s ovn_ovsdb_master_server"
@@ -21,6 +22,10 @@ 
SB_MASTER_PROTO=${OCF_RESKEY_sb_master_protocol:-${SB_MASTER_PROTO_DEFAULT}}
 MANAGE_NORTHD=${OCF_RESKEY_manage_northd:-${MANAGE_NORTHD_DEFAULT}}
 INACTIVE_PROBE=${OCF_RESKEY_inactive_probe_interval:-${INACTIVE_PROBE_DEFAULT}}

+# In order for pacemaker to work with LB, we can keep LISTEN_ON_MASTER_IP_ONLY
+# to false and pass LB vip IP while creating pcs resource.
+LISTEN_ON_MASTER_IP_ONLY=${OCF_RESKEY_listen_on_master_ip:-${LISTEN_ON_MASTER_IP_ONLY_DEFAULT}}
+
 # Invalid IP address is an address that can never exist in the network, as
 # mentioned in rfc-5737. The ovsdb servers connects to this IP address till
 # a master is promoted and the IPAddr2 resource is started.
@@ -157,20 +162,29 @@ ovsdb_server_notify() {
 ${OVN_CTL} --ovn-manage-ovsdb=no start_northd
 fi

+if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
+nb_target=""
+sb_target=""
+else
+nb_target="p${NB_MASTER_PROTO}\:${NB_MASTER_PORT}\:${MASTER_IP}"
+sb_target="p${SB_MASTER_PROTO}\:${SB_MASTER_PORT}\:${MASTER_IP}"
+fi
+
 conn=`ovn-nbctl get NB_global . connections`
 if [ "$conn" == "[]" ]
 then
-ovn-nbctl -- --id=@conn_uuid create Connection \
-target="p${NB_MASTER_PROTO}\:${NB_MASTER_PORT}\:${MASTER_IP}" \
+ovn-nbctl -- --id=@conn_uuid create Connection target=$nb_target \
 inactivity_probe=$INACTIVE_PROBE -- set NB_Global . connections=@conn_uuid
+
 fi

 conn=`ovn-sbctl get SB_global . connections`
 if [ "$conn" == "[]" ]
 then
-ovn-sbctl -- --id=@conn_uuid create Connection \
-target="p${SB_MASTER_PROTO}\:${SB_MASTER_PORT}\:${MASTER_IP}" \
+
+ovn-sbctl -- --id=@conn_uuid create Connection target=$sb_target \
 inactivity_probe=$INACTIVE_PROBE -- set SB_Global . connections=@conn_uuid
+
 fi

 else
@@ -295,15 +309,15 @@ ovsdb_server_start() {

 set ${OVN_CTL}

-set $@ --db-nb-addr=${MASTER_IP} --db-nb-port=${NB_MASTER_PORT}
-set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT}
+# For LB vip to talk to master pool member on a specific tcp port, we need
+# to listen on 0.0.0.0.instead of master_ip
+if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
+set $@ --db-nb-port=${NB_MASTER_PORT}
+set $@ --db-sb-port=${SB_MASTER_PORT}

-if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
-set $@ --db-nb-create-insecure-remote=yes
-fi
-
-if [ "x${SB_MASTER_PROTO}" = xtcp ]; then
-

Re: [ovs-dev] [PATCH v1] ovndb-servers.ocf: add LB support for managing ovsdb cluster

2018-05-18 Thread Ginwala, Aliasgar 
Sure Thanks:
Below is the command I use for resource creation in this case:

pcs resource create ovndb_servers ocf:ovn:ovndb-servers \
 master_ip="vip_IP" \
 op monitor interval="10s" \
 op monitor role=Master interval="15s" --debug
pcs resource master ovndb_servers-master ovndb_servers \
meta notify="true"


Regards,


From: Numan Siddique <nusid...@redhat.com>
Date: Thursday, May 17, 2018 at 11:37 PM
To: aginwala <amgin...@gmail.com>
Cc: ovs dev <d...@openvswitch.org>, "Ginwala, Aliasgar" <aginw...@ebay.com>
Subject: Re: [ovs-dev] [PATCH v1] ovndb-servers.ocf: add LB support for 
managing ovsdb cluster

Hi Aliasgar,

I will try it out and come back with my comments.

Thanks
Numan


On Tue, May 8, 2018 at 10:37 AM, aginwala 
<amgin...@gmail.com<mailto:amgin...@gmail.com>> wrote:
using pacemaker so that controllers can be placed in different fault domains.

Signed-off-by: aginwala <aginw...@ebay.com<mailto:aginw...@ebay.com>>
---
 ovn/utilities/ovndb-servers.ocf | 63 +
 1 file changed, 51 insertions(+), 12 deletions(-)

diff --git a/ovn/utilities/ovndb-servers.ocf b/ovn/utilities/ovndb-servers.ocf
index 164b6bc..85a5d92 100755
--- a/ovn/utilities/ovndb-servers.ocf
+++ b/ovn/utilities/ovndb-servers.ocf
@@ -9,6 +9,7 @@
 : ${SB_MASTER_PROTO_DEFAULT="tcp"}
 : ${MANAGE_NORTHD_DEFAULT="no"}
 : ${INACTIVE_PROBE_DEFAULT="5000"}
+: ${LISTEN_ON_MASTER_IP_ONLY_DEFAULT="yes"}

 CRM_MASTER="${HA_SBIN_DIR}/crm_master -l reboot"
 CRM_ATTR_REPL_INFO="${HA_SBIN_DIR}/crm_attribute --type crm_config --name 
OVN_REPL_INFO -s ovn_ovsdb_master_server"
@@ -21,6 +22,10 @@ 
SB_MASTER_PROTO=${OCF_RESKEY_sb_master_protocol:-${SB_MASTER_PROTO_DEFAULT}}
 MANAGE_NORTHD=${OCF_RESKEY_manage_northd:-${MANAGE_NORTHD_DEFAULT}}
 INACTIVE_PROBE=${OCF_RESKEY_inactive_probe_interval:-${INACTIVE_PROBE_DEFAULT}}

+# In order for pacemaker to work with LB, we can keep LISTEN_ON_MASTER_IP_ONLY
+# to false and pass LB vip IP while creating pcs resource.
+LISTEN_ON_MASTER_IP_ONLY=${OCF_RESKEY_listen_on_master_ip:-${LISTEN_ON_MASTER_IP_ONLY_DEFAULT}}
+
 # Invalid IP address is an address that can never exist in the network, as
 # mentioned in rfc-5737. The ovsdb servers connects to this IP address till
 # a master is promoted and the IPAddr2 resource is started.
@@ -157,20 +162,29 @@ ovsdb_server_notify() {
 ${OVN_CTL} --ovn-manage-ovsdb=no start_northd
 fi

+if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
+nb_target=""
+sb_target=""
+else
+nb_target="p${NB_MASTER_PROTO}\:${NB_MASTER_PORT}\:${MASTER_IP}"
+sb_target="p${SB_MASTER_PROTO}\:${SB_MASTER_PORT}\:${MASTER_IP}"
+fi
+
 conn=`ovn-nbctl get NB_global . connections`
 if [ "$conn" == "[]" ]
 then
-ovn-nbctl -- --id=@conn_uuid create Connection \
-target="p${NB_MASTER_PROTO}\:${NB_MASTER_PORT}\:${MASTER_IP}" \
+ovn-nbctl -- --id=@conn_uuid create Connection target=$nb_target \
 inactivity_probe=$INACTIVE_PROBE -- set NB_Global . connections=@conn_uuid
+
 fi

 conn=`ovn-sbctl get SB_global . connections`
 if [ "$conn" == "[]" ]
 then
-ovn-sbctl -- --id=@conn_uuid create Connection \
-target="p${SB_MASTER_PROTO}\:${SB_MASTER_PORT}\:${MASTER_IP}" \
+
+ovn-sbctl -- --id=@conn_uuid create Connection target=$sb_target \
 inactivity_probe=$INACTIVE_PROBE -- set SB_Global . connections=@conn_uuid
+
 fi

 else
@@ -295,15 +309,15 @@ ovsdb_server_start() {

 set ${OVN_CTL}

-set $@ --db-nb-addr=${MASTER_IP} --db-nb-port=${NB_MASTER_PORT}
-set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT}
+# For LB vip to talk to master pool member on a specific tcp port, we need
+# to listen on 0.0.0.0.instead of master_ip
+if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
+set $@ --db-nb-port=${NB_MASTER_PORT}
+set $@ --db-sb-port=${SB_MASTER_PORT}

-if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
-set $@ --db-nb-create-insecure-remote=yes
-fi
-
-if [ "x${SB_MASTER_PROTO}" = xtcp ]; then
-set $@ --db-sb-create-insecure-remote=yes
+else
+   set $@ --db-nb-addr=${MASTER_IP} --db-nb-port=${NB_MASTER_PORT}
+   set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT}
 fi

 if [ "x${present_master}" = x ]; then
@@ -313,9 +327,29 @@ ovsdb_server_start() {
 # Force all copies to come up as slaves by pointing them into
 # space and let pacemaker pick one to promote:
 #
+if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
+

Re: [ovs-dev] [PATCH v1] ovndb-servers.ocf: add LB support for managing ovsdb cluster

2018-05-18 Thread Numan Siddique 
Hi Aliasgar,

I will try it out and come back with my comments.

Thanks
Numan


On Tue, May 8, 2018 at 10:37 AM, aginwala  wrote:

> using pacemaker so that controllers can be placed in different fault
> domains.
>
> Signed-off-by: aginwala 
> ---
>  ovn/utilities/ovndb-servers.ocf | 63 ++
> +++
>  1 file changed, 51 insertions(+), 12 deletions(-)
>
> diff --git a/ovn/utilities/ovndb-servers.ocf
> b/ovn/utilities/ovndb-servers.ocf
> index 164b6bc..85a5d92 100755
> --- a/ovn/utilities/ovndb-servers.ocf
> +++ b/ovn/utilities/ovndb-servers.ocf
> @@ -9,6 +9,7 @@
>  : ${SB_MASTER_PROTO_DEFAULT="tcp"}
>  : ${MANAGE_NORTHD_DEFAULT="no"}
>  : ${INACTIVE_PROBE_DEFAULT="5000"}
> +: ${LISTEN_ON_MASTER_IP_ONLY_DEFAULT="yes"}
>
>  CRM_MASTER="${HA_SBIN_DIR}/crm_master -l reboot"
>  CRM_ATTR_REPL_INFO="${HA_SBIN_DIR}/crm_attribute --type crm_config
> --name OVN_REPL_INFO -s ovn_ovsdb_master_server"
> @@ -21,6 +22,10 @@ SB_MASTER_PROTO=${OCF_RESKEY_sb_master_protocol:-${SB_
> MASTER_PROTO_DEFAULT}}
>  MANAGE_NORTHD=${OCF_RESKEY_manage_northd:-${MANAGE_NORTHD_DEFAULT}}
>  INACTIVE_PROBE=${OCF_RESKEY_inactive_probe_interval:-${
> INACTIVE_PROBE_DEFAULT}}
>
> +# In order for pacemaker to work with LB, we can keep
> LISTEN_ON_MASTER_IP_ONLY
> +# to false and pass LB vip IP while creating pcs resource.
> +LISTEN_ON_MASTER_IP_ONLY=${OCF_RESKEY_listen_on_master_
> ip:-${LISTEN_ON_MASTER_IP_ONLY_DEFAULT}}
> +
>  # Invalid IP address is an address that can never exist in the network, as
>  # mentioned in rfc-5737. The ovsdb servers connects to this IP address
> till
>  # a master is promoted and the IPAddr2 resource is started.
> @@ -157,20 +162,29 @@ ovsdb_server_notify() {
>  ${OVN_CTL} --ovn-manage-ovsdb=no start_northd
>  fi
>
> +if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
> +nb_target=""
> +sb_target=""
> +else
> +nb_target="p${NB_MASTER_PROTO}\:${NB_MASTER_PORT}\:${MASTER_
> IP}"
> +sb_target="p${SB_MASTER_PROTO}\:${SB_MASTER_PORT}\:${MASTER_
> IP}"
> +fi
> +
>  conn=`ovn-nbctl get NB_global . connections`
>  if [ "$conn" == "[]" ]
>  then
> -ovn-nbctl -- --id=@conn_uuid create Connection \
> -target="p${NB_MASTER_PROTO}\:${NB_MASTER_PORT}\:${MASTER_IP}" \
> +ovn-nbctl -- --id=@conn_uuid create Connection
> target=$nb_target \
>  inactivity_probe=$INACTIVE_PROBE -- set NB_Global .
> connections=@conn_uuid
> +
>  fi
>
>  conn=`ovn-sbctl get SB_global . connections`
>  if [ "$conn" == "[]" ]
>  then
> -ovn-sbctl -- --id=@conn_uuid create Connection \
> -target="p${SB_MASTER_PROTO}\:${SB_MASTER_PORT}\:${MASTER_IP}" \
> +
> +ovn-sbctl -- --id=@conn_uuid create Connection
> target=$sb_target \
>  inactivity_probe=$INACTIVE_PROBE -- set SB_Global .
> connections=@conn_uuid
> +
>  fi
>
>  else
> @@ -295,15 +309,15 @@ ovsdb_server_start() {
>
>  set ${OVN_CTL}
>
> -set $@ --db-nb-addr=${MASTER_IP} --db-nb-port=${NB_MASTER_PORT}
> -set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT}
> +# For LB vip to talk to master pool member on a specific tcp port, we
> need
> +# to listen on 0.0.0.0.instead of master_ip
> +if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
> +set $@ --db-nb-port=${NB_MASTER_PORT}
> +set $@ --db-sb-port=${SB_MASTER_PORT}
>
> -if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
> -set $@ --db-nb-create-insecure-remote=yes
> -fi
> -
> -if [ "x${SB_MASTER_PROTO}" = xtcp ]; then
> -set $@ --db-sb-create-insecure-remote=yes
> +else
> +   set $@ --db-nb-addr=${MASTER_IP} --db-nb-port=${NB_MASTER_PORT}
> +   set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT}
>  fi
>
>  if [ "x${present_master}" = x ]; then
> @@ -313,9 +327,29 @@ ovsdb_server_start() {
>  # Force all copies to come up as slaves by pointing them into
>  # space and let pacemaker pick one to promote:
>  #
> +if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
> +set $@ --db-nb-create-insecure-remote=yes
> +fi
> +
> +if [ "x${SB_MASTER_PROTO}" = xtcp ]; then
> +set $@ --db-sb-create-insecure-remote=yes
> +fi
>  set $@ --db-nb-sync-from-addr=${INVALID_IP_ADDRESS}
> --db-sb-sync-from-addr=${INVALID_IP_ADDRESS}
>
>  elif [ ${present_master} != ${host_name} ]; then
> +if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
> +# TODO for using LB vip, need to test for ssl.
> +set $@ --db-nb-create-insecure-remote=no
> +set $@ --db-sb-create-insecure-remote=no
> +else
> +if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
> +set $@ --db-nb-create-insecure-remote=yes
> +fi
> +
> +if [ "x${SB_MASTER_PROTO}" = xtcp

[ovs-dev] [PATCH v1] ovndb-servers.ocf: add LB support for managing ovsdb cluster

2018-05-17 Thread aginwala 
using pacemaker so that controllers can be placed in different fault domains.

Signed-off-by: aginwala 
---
 ovn/utilities/ovndb-servers.ocf | 63 +
 1 file changed, 51 insertions(+), 12 deletions(-)

diff --git a/ovn/utilities/ovndb-servers.ocf b/ovn/utilities/ovndb-servers.ocf
index 164b6bc..85a5d92 100755
--- a/ovn/utilities/ovndb-servers.ocf
+++ b/ovn/utilities/ovndb-servers.ocf
@@ -9,6 +9,7 @@
 : ${SB_MASTER_PROTO_DEFAULT="tcp"}
 : ${MANAGE_NORTHD_DEFAULT="no"}
 : ${INACTIVE_PROBE_DEFAULT="5000"}
+: ${LISTEN_ON_MASTER_IP_ONLY_DEFAULT="yes"}
 
 CRM_MASTER="${HA_SBIN_DIR}/crm_master -l reboot"
 CRM_ATTR_REPL_INFO="${HA_SBIN_DIR}/crm_attribute --type crm_config --name 
OVN_REPL_INFO -s ovn_ovsdb_master_server"
@@ -21,6 +22,10 @@ 
SB_MASTER_PROTO=${OCF_RESKEY_sb_master_protocol:-${SB_MASTER_PROTO_DEFAULT}}
 MANAGE_NORTHD=${OCF_RESKEY_manage_northd:-${MANAGE_NORTHD_DEFAULT}}
 INACTIVE_PROBE=${OCF_RESKEY_inactive_probe_interval:-${INACTIVE_PROBE_DEFAULT}}
 
+# In order for pacemaker to work with LB, we can keep LISTEN_ON_MASTER_IP_ONLY
+# to false and pass LB vip IP while creating pcs resource.
+LISTEN_ON_MASTER_IP_ONLY=${OCF_RESKEY_listen_on_master_ip:-${LISTEN_ON_MASTER_IP_ONLY_DEFAULT}}
+
 # Invalid IP address is an address that can never exist in the network, as
 # mentioned in rfc-5737. The ovsdb servers connects to this IP address till
 # a master is promoted and the IPAddr2 resource is started.
@@ -157,20 +162,29 @@ ovsdb_server_notify() {
 ${OVN_CTL} --ovn-manage-ovsdb=no start_northd
 fi
 
+if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
+nb_target=""
+sb_target=""
+else
+nb_target="p${NB_MASTER_PROTO}\:${NB_MASTER_PORT}\:${MASTER_IP}"
+sb_target="p${SB_MASTER_PROTO}\:${SB_MASTER_PORT}\:${MASTER_IP}"
+fi
+
 conn=`ovn-nbctl get NB_global . connections`
 if [ "$conn" == "[]" ]
 then
-ovn-nbctl -- --id=@conn_uuid create Connection \
-target="p${NB_MASTER_PROTO}\:${NB_MASTER_PORT}\:${MASTER_IP}" \
+ovn-nbctl -- --id=@conn_uuid create Connection target=$nb_target \
 inactivity_probe=$INACTIVE_PROBE -- set NB_Global . connections=@conn_uuid
+
 fi
 
 conn=`ovn-sbctl get SB_global . connections`
 if [ "$conn" == "[]" ]
 then
-ovn-sbctl -- --id=@conn_uuid create Connection \
-target="p${SB_MASTER_PROTO}\:${SB_MASTER_PORT}\:${MASTER_IP}" \
+
+ovn-sbctl -- --id=@conn_uuid create Connection target=$sb_target \
 inactivity_probe=$INACTIVE_PROBE -- set SB_Global . connections=@conn_uuid
+
 fi
 
 else
@@ -295,15 +309,15 @@ ovsdb_server_start() {
 
 set ${OVN_CTL}
 
-set $@ --db-nb-addr=${MASTER_IP} --db-nb-port=${NB_MASTER_PORT}
-set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT}
+# For LB vip to talk to master pool member on a specific tcp port, we need
+# to listen on 0.0.0.0.instead of master_ip
+if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
+set $@ --db-nb-port=${NB_MASTER_PORT}
+set $@ --db-sb-port=${SB_MASTER_PORT}
 
-if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
-set $@ --db-nb-create-insecure-remote=yes
-fi
-
-if [ "x${SB_MASTER_PROTO}" = xtcp ]; then
-set $@ --db-sb-create-insecure-remote=yes
+else
+   set $@ --db-nb-addr=${MASTER_IP} --db-nb-port=${NB_MASTER_PORT}
+   set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT}
 fi
 
 if [ "x${present_master}" = x ]; then
@@ -313,9 +327,29 @@ ovsdb_server_start() {
 # Force all copies to come up as slaves by pointing them into
 # space and let pacemaker pick one to promote:
 #
+if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
+set $@ --db-nb-create-insecure-remote=yes
+fi
+
+if [ "x${SB_MASTER_PROTO}" = xtcp ]; then
+set $@ --db-sb-create-insecure-remote=yes
+fi
 set $@ --db-nb-sync-from-addr=${INVALID_IP_ADDRESS} 
--db-sb-sync-from-addr=${INVALID_IP_ADDRESS}
 
 elif [ ${present_master} != ${host_name} ]; then
+if [ "x${LISTEN_ON_MASTER_IP_ONLY}" = xno ]; then
+# TODO for using LB vip, need to test for ssl.
+set $@ --db-nb-create-insecure-remote=no
+set $@ --db-sb-create-insecure-remote=no
+else
+if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
+set $@ --db-nb-create-insecure-remote=yes
+fi
+
+if [ "x${SB_MASTER_PROTO}" = xtcp ]; then
+set $@ --db-sb-create-insecure-remote=yes
+fi
+fi
 # An existing master is active, connect to it
 set $@ --db-nb-sync-from-addr=${MASTER_IP} 
--db-sb-sync-from-addr=${MASTER_IP}
 set $@ --db-nb-sync-from-port=${NB_MASTER_PORT}
@@ -416,6 +450,11 @@ ovsdb_server_promote() {
 ;;
 esac
 
+if [