> From: "Andy Zhou" <az...@ovn.org>
> To: "Ben Pfaff" <b...@ovn.org>
> Cc: "ovs dev" <dev@openvswitch.org>, "Numan Siddique" <nusid...@redhat.com>,
> "Babu Shanmugam" <bscha...@redhat.com>,
> "Lance Richardson" <lrich...@redhat.com>, "Justin Pettit" <jpet...@ovn.org>,
> "Russell Bryant" <russ...@ovn.org>
> Sent: Thursday, October 13, 2016 3:05:40 PM
> Subject: Re: ovn: Improving southbound database security
>
> On Thu, Oct 13, 2016 at 11:26 AM, Ben Pfaff <b...@ovn.org> wrote:
>
> > On Wed, Oct 12, 2016 at 01:51:39PM -0400, Russell Bryant wrote:
> > > 1) Add support to ovsdb-server for read-only remotes. The port reachable
> > > by ovn-controller would only accept read-only connections.
> >
> > Andy, is this something that you can put on your to-do list? I guess
> > that it is not a huge amount of work.
> >
> > Thanks,
> >
> > Ben.
> >
>
> Sure, I think the read-only OVSDB server has already been implemented as
> part of the replication work.
> Currently, it is only tied to active/backup state. We probably just need to
> make this feature decouple from replication.
>
Right, the prototype RFC I just posted builds on the work done for replication,
essentially this:
ovsdb_jsonrpc_session_create(remote, jsonrpc_session_open(name, true),
- svr->read_only);
+ svr->read_only ||
+ stream_or_pstream_is_read_only(name));
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
