Hi guru, It worked for me. Thank you.
Regards, Vikas -----Original Message----- From: Guru Shetty [mailto:guru....@gmail.com] Sent: Saturday, May 21, 2016 10:01 PM To: D M, Vikas <vikas....@hpe.com> Cc: Guru Shetty <g...@ovn.org>; dev@openvswitch.org; Kamat, Maruti Haridas <maruti.ka...@hpe.com> Subject: Re: [ovs-dev] need info on ssl in manager table You will have to create the vtep database. The file that I referred is a startup script of a vtep debian package and if you look at it, it does create one. You will have to do something similar. > On May 20, 2016, at 9:22 PM, "D M, Vikas" <vikas....@hpe.com> wrote: > > Hi guru, > > Thanks for the guidance. > > My ovsdb server was enabled with SSL via below command. > (ovsdb-server -C /home/sdn/certificates/switch/cacert.pem -p > /home/sdn/certificates/switch/sc-privkey.pem -c > /home/sdn/certificates/switch/sc-cert.pem > /usr/local/etc/openvswitch/conf.db --remote=pssl:6632 > --remote=db:hardware_vtep,Global,managers --pidfile > --overwrite-pidfile --detach --no-chdir --verbose > --log-file=/usr/local/var/log/openvswitch/ovsdb-server.log) > > Only missing thing in my command is /etc/openvswitch/vtep.db . > So added the same. > (ovsdb-server -C /home/sdn/certificates/switch/cacert.pem -p > /home/sdn/certificates/switch/sc-privkey.pem -c > /home/sdn/certificates/switch/sc-cert.pem > /usr/local/etc/openvswitch/conf.db /usr/local/etc/openvswitch/vtep.db > --remote=pssl:6632 --remote=db:hardware_vtep,Global,managers --pidfile > --overwrite-pidfile --detach --no-chdir --verbose > --log-file=/usr/local/var/log/openvswitch/ovsdb-server.log) > > But there is no vtep.db file, only conf.db file exists in > /usr/local/etc/openvswitch/ folder. > So ovsdb-server fails to start with IO Error (ovsdb-server: I/O > error: open: /usr/local/etc/openvswitch/vtep.db failed (No such file > or directory)) > > So searched the entire / dir to locate vtep.db file. But vtep.db doesn’t > exist. > > Thanks, > Vikas > > > > > > > > > > From: Guru Shetty [mailto:g...@ovn.org] > Sent: Friday, May 20, 2016 10:02 PM > To: D M, Vikas <vikas....@hpe.com> > Cc: dev@openvswitch.org; Kamat, Maruti Haridas <maruti.ka...@hpe.com> > Subject: Re: [ovs-dev] need info on ssl in manager table > > > > On 20 May 2016 at 09:07, D M, Vikas > <vikas....@hpe.com<mailto:vikas....@hpe.com>> wrote: > Hi , > > We are using ovsdb hardware vtep schema in openstack l2gateway project > [1] > > ovsdb server initiates the connection to l2gateway agent with the entries in > manager table in ovsdb hardware vtep schema[3]. > Already tcp connection for manager table is implemented in our code [2]. > > I am trying to use ovsdb manager table (hardware vtep schema) by > setting ssl:IP:PORT. (ssl:IP:6632) > > But while implementing ssl communication in our code is throwing error, > saying unknown protocol, while wrapping the socket (sslv23) . > (I have tried with different versions of SSL protocol, but some are > not supported) > > I am using working certificates. Since the same certificates are used for > initiating ssl connection from the other way and it works fine. > (l2gateway agent to ovsdb server via ssl connection). > > While stating ovsdb-server with ssl we are specifying the certs path. > But for manager table, ovsdb-server has to pick the certs from some location > while initiating the connection. > So what is the default location? > You will have to provide the location. Like here: > https://github.com/openvswitch/ovs/blob/master/debian/openvswitch-vtep > .init#L43 > > > > Is manager table works with SSl ? > Am I missing something? > > Please guide me on this. > > Note: my setup details > Both nodes are with below config and date. > Ubuntu 14.04 > Python 2.7.6 > OpenSSL 1.0.1f > > > Thanks, > Vikas > > [1] > https://github.com/openstack/networking-l2gw/blob/master/specs/kilo/l2 > -gateway-api-implementation.rst [2] > https://review.openstack.org/#/c/208524/ > [3] https://bugs.launchpad.net/networking-l2gw/+bug/1466302 > _______________________________________________ > dev mailing list > dev@openvswitch.org<mailto:dev@openvswitch.org> > http://openvswitch.org/mailman/listinfo/dev > > _______________________________________________ > dev mailing list > dev@openvswitch.org > http://openvswitch.org/mailman/listinfo/dev _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
