On Fri, Jul 29, 2016 at 04:11:00PM -0500, Ryan Moats wrote: > > We just received a new operational requirement that we have > to restrict access to all binaries that provide RW access to > infrastructure components, but yet still have the ability to > read current state from the infrastructure. > > For OVN/OVS, this means we won't be able to use the following > binaries in our production environment to read current state: > ovs-vsctl, ovs-dpctl, ovs-ofctl, ovs-appctl, ovn-nbctl, and > ovn-sbctl. > > I'm thinking of meeting this by creating new binaries > ovs-vsread, ovs-dpread, ovs-ofread, ovs-appread, ovn-nbread, > and ovn-sbread that would include the show, list, and search > commands from their RW brethren, but omit the various add > and del commands. > > Before I start crafting code, I wanted to see if folks can > think of a simpler way of meeting this new requirement...
You could hard-code the 'dry_run' variable to true. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
