Bug 1488826 - [RFE] [ODL] TLS/SSL Support
Summary: [RFE] [ODL] TLS/SSL Support
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 12.0 (Pike)
Hardware: Unspecified
OS: Unspecified
Target Milestone: Upstream M3
: 13.0 (Queens)
Assignee: Tim Rozet
QA Contact: Itzik Brown
Depends On: 1542605 1558236 1558652 1560741 1562394 1570940 1571988 1571990 1572236
Blocks: 1569858
TreeView+ depends on / blocked
Reported: 2017-09-06 09:45 UTC by Nir Yechiel
Modified: 2018-10-18 07:18 UTC (History)
7 users (show)

Fixed In Version: openstack-tripleo-heat-templates-8.0.0-0.20180215092255
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-06-27 13:36:15 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
OpenDaylight gerrit 66285 0 None None None 2017-12-08 21:58:53 UTC
OpenDaylight gerrit 66525 0 None None None 2017-12-15 21:40:03 UTC
OpenDaylight gerrit 66995 0 None None None 2018-01-11 14:47:18 UTC
OpenStack gerrit 530809 0 None MERGED Adds SSL custom type/provider 2020-05-01 16:24:19 UTC
OpenStack gerrit 530967 0 None MERGED Adds TLS support to configuring OVS with OpenDaylight 2020-05-01 16:24:19 UTC
OpenStack gerrit 531003 0 None MERGED Adds TLS support for OpenDaylight 2020-05-01 16:24:19 UTC
OpenStack gerrit 531026 0 None MERGED Adds SSL/TLS everywhere for OpenDaylight 2020-05-01 16:24:19 UTC
Red Hat Product Errata RHEA-2018:2086 0 None None None 2018-06-27 13:37:07 UTC

Description Nir Yechiel 2017-09-06 09:45:06 UTC
Description of problem:

Encryption of internal API traffic has been a very high priority for RHOSP. We have been making steady progress to deliver coverage for all internal services, and need to ensure that OpenDaylight is covered as well.

TripleO already has TLS/SSL support for other services and we need to add support with OepnDaylight where possible:

From Southbound with OVS it looks to be supported [1][2][3]. 
Northbound SSL REST is documented as well [4].

This feature will require changes to TripleO and puppet-opendaylight as well. 

[1] http://docs.openvswitch.org/en/latest/howto/ssl/
[2] https://wiki.opendaylight.org/view/OpenDaylight_OpenFlow_Plugin:_TLS_Support
[3] https://wiki.opendaylight.org/view/AAA:Secure_TLS_communication 
[4] https://wiki.opendaylight.org/view/OpenDaylight_Controller:SSL_RestConf

Comment 13 Itzik Brown 2018-05-15 06:20:54 UTC
Checked with:

There is still this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1572173 but it's being investigated and there is a reasonable workaround.

Comment 15 errata-xmlrpc 2018-06-27 13:36:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.