Description of problem: ODL uses a trust keystore in order to store certificates from OVS. Either a file keystore or using the MD-SAL is supported to store the certificates. MD-SAL makes more sense in an HA deployment because files are not HA across the cluster and the certificates must be added to each one. However, OFP does not support the aaa-cert library and only supports file keystore. OVSDB does support MD-SAL type, but it does not seem to work during my testing. Version-Release number of selected component (if applicable): OSP13 How reproducible: always Steps to Reproduce: 1. enable use-mdsal in aaa-cert-service-config 2. add switch certificates to the trust store via rest call to ODL 3. OVSDB will fail to connect 4. OFP will also fail to connect due to no support of aaa-cert lib
As per depreciation notice [1], closing this bug. Please reopen if relevant for RHOSP13, as this is the only version shipping ODL. [1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/14/html-single/release_notes/index#deprecated_functionality