Bug 1571985

Summary: [Netvirt] MD-SAL based trust keystore does not work with OpenFlow Plugin or OVSDB
Product: Red Hat OpenStack Reporter: Tim Rozet <trozet>
Component: opendaylightAssignee: Tim Rozet <trozet>
Status: CLOSED WONTFIX QA Contact: Noam Manos <nmanos>
Severity: medium Docs Contact:
Priority: medium    
Version: 13.0 (Queens)CC: aadam, mkolesni
Target Milestone: Upstream M2Keywords: Triaged
Target Release: 15.0 (Stein)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: Netvirt
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-06 16:16:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Tim Rozet 2018-04-25 21:28:06 UTC
Description of problem:
ODL uses a trust keystore in order to store certificates from OVS.  Either a file keystore or using the MD-SAL is supported to store the certificates.  MD-SAL makes more sense in an HA deployment because files are not HA across the cluster and the certificates must be added to each one.  However, OFP does not support the aaa-cert library and only supports file keystore.  OVSDB does support MD-SAL type, but it does not seem to work during my testing.

Version-Release number of selected component (if applicable):
OSP13

How reproducible:
always

Steps to Reproduce:
1. enable use-mdsal in aaa-cert-service-config
2. add switch certificates to the trust store via rest call to ODL
3. OVSDB will fail to connect
4. OFP will also fail to connect due to no support of aaa-cert lib

Comment 8 Franck Baudin 2019-03-06 16:16:13 UTC
As per depreciation notice [1], closing this bug. Please reopen if relevant for RHOSP13, as this is the only version shipping ODL.

[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/14/html-single/release_notes/index#deprecated_functionality

Comment 9 Franck Baudin 2019-03-06 16:17:38 UTC
As per depreciation notice [1], closing this bug. Please reopen if relevant for RHOSP13, as this is the only version shipping ODL.

[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/14/html-single/release_notes/index#deprecated_functionality