diff --git a/src/control-node/contrail-control.conf b/src/control-node/contrail-control.conf index 75f461cca1d..63743899814 100644 --- a/src/control-node/contrail-control.conf +++ b/src/control-node/contrail-control.conf @@ -19,6 +19,10 @@ log_file=/var/log/contrail/contrail-control.log log_level=SYS_NOTICE log_local=1 # test_mode=0 +# xmpp_auth_enable=0 +# xmpp_server_cert=/etc/contrail/ssl/certs/server.pem +# xmpp_server_key=/etc/contrail/ssl/private/server-privkey.pem +# xmpp_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem # xmpp_server_port=5269 # Sandesh send rate limit can be used to throttle system logs transmitted per diff --git a/src/control-node/test/options_test.cc b/src/control-node/test/options_test.cc index cbbcf841560..275c852e44a 100644 --- a/src/control-node/test/options_test.cc +++ b/src/control-node/test/options_test.cc @@ -213,8 +213,12 @@ TEST_F(OptionsTest, CustomConfigFile) { "log_files_count=20\n" "log_file_size=1024\n" "log_level=SYS_DEBUG\n" - "log_local=1\n" - "test_mode=1\n" + "log_local=false\n" + "test_mode=0\n" + "xmpp_auth_enable=true\n" + "xmpp_server_cert=/etc/server.pem\n" + "xmpp_server_key=/etc/server.key\n" + "xmpp_ca_cert=/etc/ca-cert.pem\n" "xmpp_server_port=100\n" "sandesh_send_rate_limit=5\n" "\n" @@ -264,13 +268,17 @@ TEST_F(OptionsTest, CustomConfigFile) { EXPECT_EQ(options_.log_files_count(), 20); EXPECT_EQ(options_.log_file_size(), 1024); EXPECT_EQ(options_.log_level(), "SYS_DEBUG"); - EXPECT_EQ(options_.log_local(), true); + EXPECT_EQ(options_.log_local(), false); EXPECT_EQ(options_.ifmap_server_url(), "https://127.0.0.1:100"); EXPECT_EQ(options_.ifmap_password(), "test-password"); EXPECT_EQ(options_.ifmap_user(), "test-user"); EXPECT_EQ(options_.ifmap_certs_store(), "test-store"); EXPECT_EQ(options_.xmpp_port(), 100); - EXPECT_EQ(options_.test_mode(), true); + EXPECT_EQ(options_.test_mode(), false); + EXPECT_EQ(options_.xmpp_auth_enabled(), true); + EXPECT_EQ(options_.xmpp_server_cert(), "/etc/server.pem"); + EXPECT_EQ(options_.xmpp_server_key(), "/etc/server.key"); + EXPECT_EQ(options_.xmpp_ca_cert(), "/etc/ca-cert.pem"); EXPECT_EQ(options_.sandesh_send_rate_limit(), 5); } diff --git a/src/dns/cmn/dns_options.cc b/src/dns/cmn/dns_options.cc index 8c7a2d85e2f..121762b72f4 100644 --- a/src/dns/cmn/dns_options.cc +++ b/src/dns/cmn/dns_options.cc @@ -290,4 +290,5 @@ void Options::Process(int argc, char *argv[], GetOptValue(var_map, xmpp_auth_enable_, "DEFAULT.xmpp_dns_auth_enable"); GetOptValue(var_map, xmpp_server_cert_, "DEFAULT.xmpp_server_cert"); GetOptValue(var_map, xmpp_server_key_, "DEFAULT.xmpp_server_key"); + GetOptValue(var_map, xmpp_ca_cert_, "DEFAULT.xmpp_ca_cert"); } diff --git a/src/dns/contrail-dns.conf b/src/dns/contrail-dns.conf index 03cb0a1b608..51299df85f9 100644 --- a/src/dns/contrail-dns.conf +++ b/src/dns/contrail-dns.conf @@ -24,6 +24,10 @@ log_level=SYS_NOTICE log_local=1 # test_mode=0 # log_property_file= # log4cplus property file +# xmpp_dns_auth_enable=0 +# xmpp_server_cert=/etc/contrail/ssl/certs/server.pem +# xmpp_server_key=/etc/contrail/ssl/private/server-privkey.pem +# xmpp_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem # Sandesh send rate limit can be used to throttle system logs transmitted per # second. System logs are dropped if the sending rate is exceeded diff --git a/src/dns/test/dns_options_test.cc b/src/dns/test/dns_options_test.cc index 756049407e4..383094e6f18 100644 --- a/src/dns/test/dns_options_test.cc +++ b/src/dns/test/dns_options_test.cc @@ -237,6 +237,10 @@ TEST_F(OptionsTest, CustomConfigFile) { "test_mode=1\n" "log_property_file=log4cplus.prop\n" "sandesh_send_rate_limit=5\n" + "xmpp_dns_auth_enable=1\n" + "xmpp_server_cert=/etc/server.pem\n" + "xmpp_server_key=/etc/server-privkey.pem\n" + "xmpp_ca_cert=/etc/ca-cert.pem\n" "\n" "[DISCOVERY]\n" "port=100\n" @@ -296,6 +300,10 @@ TEST_F(OptionsTest, CustomConfigFile) { EXPECT_EQ(options_.ifmap_certs_store(), "test-store"); EXPECT_EQ(options_.test_mode(), true); EXPECT_EQ(options_.sandesh_send_rate_limit(), 5); + EXPECT_EQ(options_.xmpp_auth_enabled(), true); + EXPECT_EQ(options_.xmpp_server_cert(), "/etc/server.pem"); + EXPECT_EQ(options_.xmpp_server_key(), "/etc/server-privkey.pem"); + EXPECT_EQ(options_.xmpp_ca_cert(), "/etc/ca-cert.pem"); std::remove("./dns_options_test_config_file.conf"); } diff --git a/src/vnsw/agent/contrail-vrouter-agent.conf b/src/vnsw/agent/contrail-vrouter-agent.conf index 3abba2aa6aa..4dfb10f2a24 100644 --- a/src/vnsw/agent/contrail-vrouter-agent.conf +++ b/src/vnsw/agent/contrail-vrouter-agent.conf @@ -64,6 +64,13 @@ log_local=1 # second. System logs are dropped if the sending rate is exceeded # sandesh_send_rate_limit=100 +# Enable/Disable SSL based XMPP Authentication +# xmpp_auth_enable=false +# xmpp_dns_auth_enable=false +# xmpp_server_cert=/etc/contrail/ssl/certs/server.pem +# xmpp_server_key=/etc/contrail/ssl/private/server-privkey.pem +# xmpp_ca_cert=/etc/contrail/ssl/certs/ca-cert.pem + [DISCOVERY] #If DEFAULT.collectors and/or CONTROL-NODE and/or DNS is not specified this #section is mandatory. Else this section is optional