1488826 – [RFE] [ODL] TLS/SSL Support

Bug 1488826 - [RFE] [ODL] TLS/SSL Support

Summary: [RFE] [ODL] TLS/SSL Support

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	12.0 (Pike)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	Upstream M3
Target Release:	13.0 (Queens)
Assignee:	Tim Rozet
QA Contact:	Itzik Brown
Docs Contact:
URL:
Whiteboard:
Depends On:	1542605 1558236 1558652 1560741 1562394 1570940 1571988 1571990 1572236
Blocks:	1569858
TreeView+	depends on / blocked

Reported:	2017-09-06 09:45 UTC by Nir Yechiel
Modified:	2018-10-18 07:18 UTC (History)
CC List:	7 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-8.0.0-0.20180215092255
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:	N/A
Last Closed:	2018-06-27 13:36:15 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenDaylight gerrit	66285	None	None	None	2017-12-08 21:58:53 UTC
OpenDaylight gerrit	66525	None	None	None	2017-12-15 21:40:03 UTC
OpenDaylight gerrit	66995	None	None	None	2018-01-11 14:47:18 UTC
OpenStack gerrit	530809	None	MERGED	Adds SSL custom type/provider	2020-05-01 16:24:19 UTC
OpenStack gerrit	530967	None	MERGED	Adds TLS support to configuring OVS with OpenDaylight	2020-05-01 16:24:19 UTC
OpenStack gerrit	531003	None	MERGED	Adds TLS support for OpenDaylight	2020-05-01 16:24:19 UTC
OpenStack gerrit	531026	None	MERGED	Adds SSL/TLS everywhere for OpenDaylight	2020-05-01 16:24:19 UTC
Red Hat Product Errata	RHEA-2018:2086	None	None	None	2018-06-27 13:37:07 UTC

Description Nir Yechiel 2017-09-06 09:45:06 UTC

Description of problem:

Encryption of internal API traffic has been a very high priority for RHOSP. We have been making steady progress to deliver coverage for all internal services, and need to ensure that OpenDaylight is covered as well.

TripleO already has TLS/SSL support for other services and we need to add support with OepnDaylight where possible:

From Southbound with OVS it looks to be supported [1][2][3]. 
Northbound SSL REST is documented as well [4].

This feature will require changes to TripleO and puppet-opendaylight as well. 


[1] http://docs.openvswitch.org/en/latest/howto/ssl/
[2] https://wiki.opendaylight.org/view/OpenDaylight_OpenFlow_Plugin:_TLS_Support
[3] https://wiki.opendaylight.org/view/AAA:Secure_TLS_communication 
[4] https://wiki.opendaylight.org/view/OpenDaylight_Controller:SSL_RestConf

Comment 13 Itzik Brown 2018-05-15 06:20:54 UTC

Checked with:
2018-05-10.3

There is still this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1572173 but it's being investigated and there is a reasonable workaround.

Comment 15 errata-xmlrpc 2018-06-27 13:36:15 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086

Note You need to log in before you can comment on or make changes to this bug.