lib/db-ctl-base.xml \
lib/ssl.xml \
lib/ssl-bootstrap.xml \
+ lib/ssl-peer-ca-cert.xml \
lib/table.xml \
lib/vlog.xml \
lib/unixctl.xml
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>
+<dl>
+ <dt><code>--peer-ca-cert=</code><var>peer-cacert.pem</var></dt>
+ <dd>
+ <p>
+ Specifies a PEM file that contains one or more additional certificates
+ to send to SSL peers. <var>peer-cacert.pem</var> should be the CA
+ certificate used to sign the program's own certificate, that is, the
+ certificate specified on <code>-c</code> or <code>--certificate</code>.
+ If the program's certificate is self-signed, then
+ <code>--certificate</code> and <code>--peer-ca-cert</code> should specify
+ the same file.
+ </p>
+ <p>
+ This option is not useful in normal operation, because the SSL peer
+ must already have the CA certificate for the peer to have any
+ confidence in the program's identity. However, this offers a way for
+ a new installation to bootstrap the CA certificate on its first SSL
+ connection.
+ </p>
+ </dd>
+</dl>
lib/netdev-dpdk-unixctl.man \
lib/service.man \
lib/ssl-bootstrap.man \
+ lib/ssl-peer-ca-cert.man \
lib/ssl.man \
lib/unixctl.man \
lib/vlog-unixctl.man \
database (see <code>vtep</code>(5)) over the OVSDB protocol.
</p>
+ <h2>PKI Options</h2>
+ <p>
+ PKI configuration is required in order to use SSL for the connections to
+ the VTEP and Southbound databases.
+ </p>
+ <xi:include href="lib/ssl.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
+ <xi:include href="lib/ssl-bootstrap.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
+ <xi:include href="lib/ssl-peer-ca-cert.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
+
<h1>Configuration</h1>
<p>
<code>ovn-controller-vtep</code> retrieves its configuration
-o, --options list available options\n\
-V, --version display version information\n\
", program_name, program_name, default_db(), default_db());
- stream_usage("database", true, false, false);
+ stream_usage("database", true, false, true);
daemon_usage();
vlog_usage();
exit(EXIT_SUCCESS);
the Northbound and Southbound databases.
</p>
<xi:include href="lib/ssl.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
+ <xi:include href="lib/ssl-bootstrap.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
+ <xi:include href="lib/ssl-peer-ca-cert.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>
<h2>Other Options</h2>
"usage %s [OPTIONS] [OVS-DATABASE]\n"
"where OVS-DATABASE is a socket on which the OVS OVSDB server is listening.\n",
program_name, program_name);
- stream_usage("OVS-DATABASE", true, false, false);
+ stream_usage("OVS-DATABASE", true, false, true);
daemon_usage();
vlog_usage();
printf("\nOther options:\n"
vlog_usage();
printf("\
--no-syslog equivalent to --verbose=vsctl:syslog:warn\n");
- stream_usage("database", true, true, false);
+ stream_usage("database", true, true, true);
printf("\n\
Other options:\n\
-h, --help display this help message\n\
.SS "Public Key Infrastructure Options"
.so lib/ssl.man
.so lib/ssl-bootstrap.man
+.so lib/ssl-peer-ca-cert.man
.SS "Logging Options"
.so lib/vlog.man
.SS "Other Options"