Bug 1571985 - [Netvirt] MD-SAL based trust keystore does not work with OpenFlow Plugin or OVSDB
Summary: [Netvirt] MD-SAL based trust keystore does not work with OpenFlow Plugin or O...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: opendaylight
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: Upstream M2
: 15.0 (Stein)
Assignee: Tim Rozet
QA Contact: Noam Manos
URL:
Whiteboard: Netvirt
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-25 21:28 UTC by Tim Rozet
Modified: 2019-03-06 16:17 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-06 16:16:13 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Tim Rozet 2018-04-25 21:28:06 UTC
Description of problem:
ODL uses a trust keystore in order to store certificates from OVS.  Either a file keystore or using the MD-SAL is supported to store the certificates.  MD-SAL makes more sense in an HA deployment because files are not HA across the cluster and the certificates must be added to each one.  However, OFP does not support the aaa-cert library and only supports file keystore.  OVSDB does support MD-SAL type, but it does not seem to work during my testing.

Version-Release number of selected component (if applicable):
OSP13

How reproducible:
always

Steps to Reproduce:
1. enable use-mdsal in aaa-cert-service-config
2. add switch certificates to the trust store via rest call to ODL
3. OVSDB will fail to connect
4. OFP will also fail to connect due to no support of aaa-cert lib

Comment 8 Franck Baudin 2019-03-06 16:16:13 UTC
As per depreciation notice [1], closing this bug. Please reopen if relevant for RHOSP13, as this is the only version shipping ODL.

[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/14/html-single/release_notes/index#deprecated_functionality

Comment 9 Franck Baudin 2019-03-06 16:17:38 UTC
As per depreciation notice [1], closing this bug. Please reopen if relevant for RHOSP13, as this is the only version shipping ODL.

[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/14/html-single/release_notes/index#deprecated_functionality


Note You need to log in before you can comment on or make changes to this bug.