Bug 1571988

Summary: [Deployment][TLS] MD-SAL based trust keystore needs to be disabled in HA
Product: Red Hat OpenStack Reporter: Tim Rozet <trozet>
Component: puppet-opendaylightAssignee: Tim Rozet <trozet>
Status: CLOSED ERRATA QA Contact: Itzik Brown <itbrown>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 13.0 (Queens)CC: dfarrell, jjoyce, jschluet, mkolesni, nyechiel, slinaber, tvignaud
Target Milestone: betaKeywords: Triaged
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: odl_deployment,odl_tls
Fixed In Version: puppet-opendaylight-8.1.2-1.38977efgit.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
N/A
Last Closed: 2018-06-27 13:53:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1488826    

Description Tim Rozet 2018-04-25 21:36:42 UTC 
Description of problem:
Due to the lack of support for MD-SAL based truststore in ODL, we need to disable it and only use a file based truststore.  Currently we use a file based truststore for no-ha deployments, and we use MD-SAL for HA.  However since MD-SAL truststore is non-functional (see https://bugzilla.redhat.com/show_bug.cgi?id=1571985) we need to disable it even in the HA scenario.

Version-Release number of selected component (if applicable):
OSP13

How reproducible:
Reproducible in SSL/TLS HA deployments

Steps to Reproduce:
1. Deploy SSL/TLS in HA with ODL
2. Deployment will succeed, but OVSDB and OF in OVS connections will be down
Comment 1 Daniel Farrell 2018-04-25 23:16:32 UTC 
Fix merged upstream: https://git.opendaylight.org/gerrit/#/c/71362/
Comment 2 Jon Schlueter 2018-05-01 14:30:04 UTC 
proposed 8.1.2 version cbs build to RDO and built same for this bug for OSP 13
Comment 7 Itzik Brown 2018-05-03 08:22:33 UTC 
Checked with:
puppet-opendaylight-8.1.2-1.38977efgit.el7ost.noarch
Comment 11 errata-xmlrpc 2018-06-27 13:53:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086