On Wed, Mar 30, 2016 at 8:15 PM, Ben Pfaff <b...@ovn.org> wrote:
> On Wed, Mar 30, 2016 at 07:56:51PM -0400, Russell Bryant wrote:
> > On Wed, Mar 30, 2016 at 2:40 PM, Ben Pfaff <b...@ovn.org> wrote:
> > > I'm starting to get really disturbed that ssl isn't the default here.
> >
> > We need to add SSL config to these tables.
>
> I'm not sure that it makes sense to have SSL configuration in
> OVN_Northbound or OVN_Southbound, because the clients would need to
> connect to the databases before they could obtain the configuration.
> I'd guess that SSL configuration would have to be populated to each
> hypervisor as a separate step before it joins OVN for the first time.
>
> Or maybe I misunderstand your point.
>
I honestly haven't thought through this in enough detail, but:
I was talking about the server side config. ovsdb-server for OVS is
started with:
set "$@" --private-key=db:Open_vSwitch,SSL,private_key
set "$@" --certificate=db:Open_vSwitch,SSL,certificate
set "$@" --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert
I assumed we might add the same SSL table to the OVN dbs. Then again, it
seems kind of awkward to me to have this in the DB. I'd expect it to be
something only configured locally.
Anyway, I'd love to see this get sorted out and have SSL everywhere the
default.
--
Russell Bryant
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
