diff options
| author | Gurucharan Shetty <guru@ovn.org> | 2017-01-18 03:21:12 -0800 |
|---|---|---|
| committer | Gurucharan Shetty <guru@ovn.org> | 2017-01-18 14:37:35 -0800 |
| commit | ea2d950a1302a6e1c6217fdbbe1d83d4324b576d (patch) | |
| tree | 54bab301a4f3aa8560f79aed9f0a27f7706ba9e6 /ovn/utilities | |
| parent | cb991590239e1709f20ce3fc992a7b2f8cda5dc0 (diff) | |
| download | openvswitch-ea2d950a1302a6e1c6217fdbbe1d83d4324b576d.tar.gz | |
ovn-ctl: Add bootstrap ovn-controller CA certificate option.
ovn-controller accepts the option --bootstrap-ca-cert. With this
commit, ovn-ctl will let user pass a value for that via
--ovn-controller-ssl-bootstrap-ca-cert option.
Bootstrapping is useful for ovn-controller as you don't have to
copy the controller's certificate (self-signed or otherwise) to every host.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Lance Richardson <lrichard@redhat.com>
Diffstat (limited to 'ovn/utilities')
| -rwxr-xr-x | ovn/utilities/ovn-ctl | 20 | ||||
| -rw-r--r-- | ovn/utilities/ovn-ctl.8.xml | 1 |
2 files changed, 19 insertions, 2 deletions
diff --git a/ovn/utilities/ovn-ctl b/ovn/utilities/ovn-ctl index 90d0463ea..a3bdad12b 100755 --- a/ovn/utilities/ovn-ctl +++ b/ovn/utilities/ovn-ctl @@ -220,22 +220,36 @@ start_northd () { start_controller () { set ovn-controller "unix:$DB_SOCK" set "$@" $OVN_CONTROLLER_LOG - if test X"$OVN_CONTROLLER_SSL_CERT" != X; then + if test X"$OVN_CONTROLLER_SSL_KEY" != X; then set "$@" --private-key=$OVN_CONTROLLER_SSL_KEY + fi + if test X"$OVN_CONTROLLER_SSL_CERT" != X; then set "$@" --certificate=$OVN_CONTROLLER_SSL_CERT + fi + if test X"$OVN_CONTROLLER_SSL_CA_CERT" != X; then set "$@" --ca-cert=$OVN_CONTROLLER_SSL_CA_CERT fi + if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then + set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT + fi OVS_RUNDIR=${OVN_RUNDIR} start_daemon "$OVN_CONTROLLER_PRIORITY" "$OVN_CONTROLLER_WRAPPER" "$@" } start_controller_vtep () { set ovn-controller-vtep "unix:$DB_SOCK" set "$@" -vconsole:emer -vsyslog:err -vfile:info - if test X"$OVN_CONTROLLER_SSL_CERT" != X; then + if test X"$OVN_CONTROLLER_SSL_KEY" != X; then set "$@" --private-key=$OVN_CONTROLLER_SSL_KEY + fi + if test X"$OVN_CONTROLLER_SSL_CERT" != X; then set "$@" --certificate=$OVN_CONTROLLER_SSL_CERT + fi + if test X"$OVN_CONTROLLER_SSL_CA_CERT" != X; then set "$@" --ca-cert=$OVN_CONTROLLER_SSL_CA_CERT fi + if test X"$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT" != X; then + set "$@" --bootstrap-ca-cert=$OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT + fi OVS_RUNDIR=${OVN_RUNDIR} start_daemon "$OVN_CONTROLLER_PRIORITY" "$OVN_CONTROLLER_WRAPPER" "$@" } @@ -335,6 +349,7 @@ set_defaults () { OVN_CONTROLLER_SSL_KEY="" OVN_CONTROLLER_SSL_CERT="" OVN_CONTROLLER_SSL_CA_CERT="" + OVN_CONTROLLER_SSL_BOOTSTRAP_CA_CERT="" DB_SB_CREATE_INSECURE_REMOTE="no" DB_NB_CREATE_INSECURE_REMOTE="no" @@ -384,6 +399,7 @@ Options: --ovn-controller-ssl-key=KEY OVN Southbound SSL private key file --ovn-controller-ssl-cert=CERT OVN Southbound SSL certificate file --ovn-controller-ssl-ca-cert=CERT OVN Southbound SSL CA certificate file + --ovn-controller-ssl-bootstrap-ca-cert=CERT Bootstrapped OVN Southbound SSL CA certificate file --ovn-manage-ovsdb=yes|no Whether or not the OVN databases should be automatically started and stopped along with ovn-northd. The default is "yes". If diff --git a/ovn/utilities/ovn-ctl.8.xml b/ovn/utilities/ovn-ctl.8.xml index c4884f8bf..7b090aee4 100644 --- a/ovn/utilities/ovn-ctl.8.xml +++ b/ovn/utilities/ovn-ctl.8.xml @@ -48,6 +48,7 @@ <p><code>--ovn-controller-ssl-key=<var>KEY</var></code></p> <p><code>--ovn-controller-ssl-cert=<var>CERT</var></code></p> <p><code>--ovn-controller-ssl-ca-cert=<var>CERT</var></code></p> + <p><code>--ovn-controller-ssl-bootstrap-ca-cert=<var>CERT</var></code></p> <h1>Address and port options</h1> <p><code>--db-nb-sync-from-addr=<var>IP ADDRESS</var></code></p> |