diff options
| author | Gurucharan Shetty <gshetty@nicira.com> | 2015-08-19 15:42:07 -0700 |
|---|---|---|
| committer | Gurucharan Shetty <gshetty@nicira.com> | 2015-08-21 15:36:54 -0700 |
| commit | 5bf6cbd6961f22a99df799ea0f3e816792ba42c3 (patch) | |
| tree | 00c4919baac8e3691ad61c76d82da1a2f2d40879 /tests/ovs-vsctl.at | |
| parent | 36561090182f5bd90725f3724bbf4d9f60e8b8fa (diff) | |
| download | openvswitch-5bf6cbd6961f22a99df799ea0f3e816792ba42c3.tar.gz | |
ovsdb-server: Add the ability to push peer-cert.
In OVN, ovsdb-server is the daemon that manages the databases
and can be called as the central controller. So it would be
nice for ovsdb-server to be able to push its self-signed
certificate to all the other nodes where ovn-controller runs.
Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
Diffstat (limited to 'tests/ovs-vsctl.at')
| -rw-r--r-- | tests/ovs-vsctl.at | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/tests/ovs-vsctl.at b/tests/ovs-vsctl.at index 435116a0d..fef7b8856 100644 --- a/tests/ovs-vsctl.at +++ b/tests/ovs-vsctl.at @@ -1309,3 +1309,27 @@ AT_CHECK([RUN_OVS_VSCTL([get interface 0fcd11a1-2ba8-4b38-a358-4bccf2bf3057 type OVS_VSCTL_CLEANUP AT_CLEANUP + +AT_SETUP([peer ca cert]) +AT_KEYWORDS([ovs-vsctl ssl]) +AT_SKIP_IF([test "$HAVE_OPENSSL" = no]) +PKIDIR=`pwd` +OVS_PKI="sh $abs_top_srcdir/utilities/ovs-pki.in --dir=$PKIDIR/pki --log=$PKIDIR/ovs-pki.log" +$OVS_PKI -B 1024 init && \ +$OVS_PKI -B 1024 req+sign vsctl switch && \ +$OVS_PKI -B 1024 req ovsdbserver && $OVS_PKI self-sign ovsdbserver + +dnl Create database. +touch .conf.db.~lock~ +AT_CHECK([ovsdb-tool create conf.db $abs_top_srcdir/vswitchd/vswitch.ovsschema]) +AT_CHECK([ovsdb-server --detach --no-chdir --pidfile="`pwd`"/pid --private-key=$PKIDIR/ovsdbserver-privkey.pem --certificate=$PKIDIR/ovsdbserver-cert.pem --ca-cert=$PKIDIR/pki/switchca/cacert.pem --peer-ca-cert=$PKIDIR/ovsdbserver-cert.pem --remote=pssl:0:127.0.0.1 --unixctl="`pwd`"/unixctl --log-file="`pwd`"/ovsdb-server.log conf.db], [0], [ignore], [ignore]) +ON_EXIT_UNQUOTED([kill `cat pid`]) +SSL_PORT=`parse_listening_port < ovsdb-server.log` + +# During bootstrap, the connection gets torn down. So the o/p of ovs-vsctl is error. +AT_CHECK([ovs-vsctl -t 5 --db=ssl:127.0.0.1:$SSL_PORT --private-key=$PKIDIR/vsctl-privkey.pem --certificate=$PKIDIR/vsctl-cert.pem --bootstrap-ca-cert=$PKIDIR/cacert.pem show], [1], [ignore], [ignore]) + +# If the bootstrap was successful, the following file should exist. +OVS_WAIT_UNTIL([test -e $PKIDIR/cacert.pem]) +OVSDB_SERVER_SHUTDOWN +AT_CLEANUP |