[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvswitch-discuss
Subject:    [ovs-discuss] ovs-vsctl set-manager and remote administration
From:       blp () nicira ! com (Ben Pfaff)
Date:       2012-09-25 16:14:27
Message-ID: 20120925161427.GA9493 () nicira ! com
[Download RAW message or body]

On Tue, Sep 25, 2012 at 09:47:56AM +0200, r po wrote:
> I understand what i missed. On the ovs which must remotely administrate we open a \
> passive tcp connection : set-manager ptcp:port:ip We can specify which adresses ovs \
> listen.  
> Me, i would specify which adresses is able to administrate the ovs. Is there \
> anything to do in OVS or do i set this restriction  in other way ? i would \
> administrate my remote ovs but only from a specific IP. 

The usual way to do that would be to use SSL.

> In the same slice, 
> I would now if it's possible to restrict access to ovs management on the host by a \
> login/mdp above the root account ?

Sorry, root always has access.

> thank's again for your multiple response, it's really helpfull. 
> 
> 
> 
> 
> > Date: Mon, 24 Sep 2012 22:07:31 -0700
> > From: blp at nicira.com
> > To: r2.d2 at live.fr
> > CC: discuss at openvswitch.org
> > Subject: Re: [ovs-discuss] ovs-vsctl set-manager and remote administration
> > 
> > On Mon, Sep 24, 2012 at 02:17:14PM +0200, r po wrote:
> > > I have two OpenVswitch and i should configure the second from the first.
> > > 
> > > so, on OVS-2 I set : 
> > > 
> > > ovs-vsctl set-manager ptcp:
> > > 
> > > and on OVS-1 i can administrate the 2nd OVS with this command : 
> > > 
> > > ovs-vsctl --db=tcp:ip_ovs_2 show  (or any ovs-vsctl command)   (i can send this \
> > > command in any ovs which is connect with ovs2 .. ) 
> > > it's work !
> > > 
> > > Now, i should restrict host who can admin ovs remotely : 
> > > 
> > > on ovs1 and 2 : ovs-vsctl emer-reset 
> > > 
> > > on ovs2 : 
> > > 
> > > ovs-vsctl set-manager tcp:ip_ovs1:6633 
> > 
> > Missing "p", wrong order?
> > ovs-vsctl set-manager ptcp:6633:ip_ovs1 
> 		 	   		  


[prev in list] [next in list] [prev in thread] [next in thread]