Description of problem:
In the current behavior, the OVS configuration for ODL adds a certificate to ODL via the VIP. This works fine in no-ha deployments, but in HA it only results in 1 ODL instance adding the certificate, so only 1 ODL accepts an OVSDB connection. This is because of issues with using MD-SAL trust store type (see https://bugzilla.redhat.com/show_bug.cgi?id=1571985). Since MD-SAL trust store doesn't work, we have to use a file based trust store. In that case the file is not highly available, so we need to add the certificate to every ODL node.
Always in SSL/TLS HA ODL deployment
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.