X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=controller%2Fcontroller.8.in;h=f7f265c351ee4109512fbc876838406087714b2d;hb=ddbf6040e308bd5f3c5d6ac6445f5a0e58735d07;hp=25f9c32209f2db830a92334819884344195eabf0;hpb=1b6df17a65624f5491872de5a8683b76c4420895;p=sliver-openvswitch.git diff --git a/controller/controller.8.in b/controller/controller.8.in index 25f9c3220..f7f265c35 100644 --- a/controller/controller.8.in +++ b/controller/controller.8.in @@ -19,14 +19,19 @@ one or more of the following OpenFlow connection methods: .TP \fBpssl:\fR[\fIport\fR] Listens for SSL connections from remote OpenFlow switches on -\fIport\fR (default: 976). The \fB--private-key\fR, +\fIport\fR (default: 6633). The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBptcp:\fR[\fIport\fR] Listens for TCP connections from remote OpenFlow switches on -\fIport\fR (default: 975). +\fIport\fR (default: 6633). + +.TP +\fBpunix:\fIfile\fR +Listens for connections from OpenFlow switches on the Unix domain +server socket named \fIfile\fR. .TP \fBnl:\fIdp_idx\fR @@ -37,15 +42,19 @@ module for Linux loaded. .TP \fBssl:\fIhost\fR[\fB:\fIport\fR] -The specified SSL \fIport\fR (default: 976) on the given remote +The specified SSL \fIport\fR (default: 6633) on the given remote \fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .TP \fBtcp:\fIhost\fR[\fB:\fIport\fR] -The specified TCP \fIport\fR (default: 975) on the given remote +The specified TCP \fIport\fR (default: 6633) on the given remote \fIhost\fR. +.TP +\fBunix:\fIfile\fR +The Unix domain server socket named \fIfile\fR. + .SH OPTIONS .TP \fB-p\fR, \fB--private-key=\fIprivkey.pem\fR @@ -59,10 +68,24 @@ controller's certificate authority (CA), that certifies the switch's private key to identify a trustworthy switch. .TP -\fB-C\fR, \fB--ca-cert=\fIcacert.pem\fR +\fB-C\fR, \fB--ca-cert=\fIswitch-cacert.pem\fR Specifies a PEM file containing the CA certificate used to verify that the switch is connected to a trustworthy controller. +.TP +\fB--peer-ca-cert=\fIcontroller-cacert.pem\fR +Specifies a PEM file that contains one or more additional certificates +to send to switches. \fIcontroller-cacert.pem\fR should be the CA +certificate used to sign the controller's own certificate (the +certificate specified on \fB-c\fR or \fB--certificate\fR). + +This option is not useful in normal operation, because the switch must +already have the controller CA certificate for it to have any +confidence in the controller's identity. However, this option allows +a newly installed switch to obtain the controller CA certificate on +first boot using, e.g., the \fB--bootstrap-ca-cert\fR option to +\fBsecchan\fR(8). + .TP .BR \-n ", " \-\^\-noflow By default, the controller sets up a flow in each OpenFlow switch @@ -106,7 +129,17 @@ performance, so it should not be used in production. Causes a file (by default, \fBcontroller.pid\fR) to be created indicating the PID of the running process. If \fIpidfile\fR is not specified, or if it does not begin with \fB/\fR, then it is created in -\fB@rundir@\fR. +\fB@RUNDIR@\fR. + +.TP +\fB-f\fR, \fB--force\fR +By default, when \fB-P\fR or \fB--pidfile\fR is specified and the +specified pidfile already exists and is locked by a running process, +\fBcontroller\fR refuses to start. Specify \fB-f\fR or \fB--force\fR +to cause it to instead overwrite the pidfile. + +When \fB-P\fR or \fB--pidfile\fR is not specified, this option has no +effect. .TP \fB-D\fR, \fB--detach\fR @@ -136,6 +169,11 @@ omitted, \fIlevel\fR defaults to \fBdbg\fR. Sets the maximum logging verbosity level, equivalent to \fB--verbose=ANY:ANY:dbg\fR. +.TP +\fB-vPATTERN:\fIfacility\fB:\fIpattern\fR, \fB--verbose=PATTERN:\fIfacility\fB:\fIpattern\fR +Sets the log pattern for \fIfacility\fR to \fIpattern\fR. Refer to +\fBvlogconf\fR(8) for a description of the valid syntax for \fIpattern\fR. + .TP .BR \-V ", " \-\^\-version Prints version information to the console. @@ -148,7 +186,7 @@ To connect directly to local datapath 0 over netlink (Linux only): .B % controller nl:0 .TP -To bind locally to port 975 (the default) and wait for incoming connections from OpenFlow switches: +To bind locally to port 6633 (the default) and wait for incoming connections from OpenFlow switches: .B % controller ptcp: