Bug 1488826

Summary: [RFE] [ODL] TLS/SSL Support
Product: Red Hat OpenStack Reporter: Nir Yechiel <nyechiel>
Component: openstack-tripleo-heat-templatesAssignee: Tim Rozet <trozet>
Status: CLOSED ERRATA QA Contact: Itzik Brown <itbrown>
Severity: high Docs Contact:
Priority: high    
Version: 12.0 (Pike)CC: jjung, mburns, mkolesni, oblaut, rhel-osp-director-maint, tjamrisk, trozet
Target Milestone: Upstream M3Keywords: FutureFeature, Triaged
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: openstack-tripleo-heat-templates-8.0.0-0.20180215092255 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-27 13:36:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1542605, 1558236, 1558652, 1560741, 1562394, 1570940, 1571988, 1571990, 1572236    
Bug Blocks: 1569858    

Description Nir Yechiel 2017-09-06 09:45:06 UTC
Description of problem:

Encryption of internal API traffic has been a very high priority for RHOSP. We have been making steady progress to deliver coverage for all internal services, and need to ensure that OpenDaylight is covered as well.

TripleO already has TLS/SSL support for other services and we need to add support with OepnDaylight where possible:

From Southbound with OVS it looks to be supported [1][2][3]. 
Northbound SSL REST is documented as well [4].

This feature will require changes to TripleO and puppet-opendaylight as well. 

[1] http://docs.openvswitch.org/en/latest/howto/ssl/
[2] https://wiki.opendaylight.org/view/OpenDaylight_OpenFlow_Plugin:_TLS_Support
[3] https://wiki.opendaylight.org/view/AAA:Secure_TLS_communication 
[4] https://wiki.opendaylight.org/view/OpenDaylight_Controller:SSL_RestConf

Comment 13 Itzik Brown 2018-05-15 06:20:54 UTC
Checked with:

There is still this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1572173 but it's being investigated and there is a reasonable workaround.

Comment 15 errata-xmlrpc 2018-06-27 13:36:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.