Created
October 16, 2015 18:53
-
-
Save smurugap/e8e89199f2d7479338c0 to your computer and use it in GitHub Desktop.
changes reqd for ovsdb over ssl with contrail
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To generate certs: | |
apt-get install openvswitch-common | |
ovs-pki init | |
ovs-pki req+sign vtep | |
scp vtep-cert.pem root@<tor>:/var/db/certs | |
scp vtep-privkey.pem root@<tor>:/var/db/certs | |
QFX Config: | |
set protocols ovsdb controller <ha proxy vip> protocol ssl port <port> | |
(remove the passive option) | |
testbed.py: | |
env.ca_cert_file= '/var/lib/openvswitch/pki/switchca/cacert.pem' | |
under tor-agent set the protocol to pssl: | |
'tor_ovs_protocol':'pssl', | |
the ssl port is where the agent listens so it has to be uniq unless the agents are spawned on different tsns |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@smurugap Is this correct one? not working!!! Venu/Vinoth are stuck