The default ODL NorthBound REST API username:password is admin:admin. I'm told there is nice TripleO magic that allows us to set this to some secure, random value. Should enable that for ODL.
Hi. to verify this 1. Deploy with the said rpms 2. check ODL password in overcloud plan. Plan can be generated by openstack object save overcloud plan-environment.yaml Check that "OpenDaylightPassword" in plan-environment.yaml is not "admin" or some english word but a randomly generated 16 digit (or so) number. 3. You can also verfiy this from puppet hieradata on controller nodes. ssh into controller nodes and check for "opendaylight::password" in /etc/puppet/hieradata/service_configs.json. 4. Delete stack 5. Create env file with ODL Password $ cat odl_password.yaml parameter_defaults: OpenDaylightPassword: admin 6. Pass this file to the deploy command openstack overcloud deploy <other env files> -e odl_password.yaml 7. Repeat steps 2 and 3 and check that ODL password has value "admin" and not some randomly generated digits.
Verification steps completed on OSP13, puddle 2018-07-03.3 : 1. Deploy with the ODL CI production job: DFG-opendaylight-odl-netvirt-13_director-rhel-virthost-3cont_2comp-ipv4-vxlan-ha-tempest 2. Delete stack: # . stackrc (undercloud) [stack@undercloud-0 ~]$ openstack stack delete overcloud --yes --wait 3. Remove ODL password from config_heat.yaml: (undercloud) [stack@undercloud-0 ~]$ cp virt/config_heat.yaml virt/config_heat.yaml.bak (undercloud) [stack@undercloud-0 ~]$ vi virt/config_heat.yaml - delete OpenDaylightUsername: odladmin 4. Re-deploy overcloud (takes ~30 minutes): (undercloud) [stack@undercloud-0 ~]$ ./overcloud_deploy.sh Stack overcloud CREATE_COMPLETE Host 10.0.0.101 not found in /home/stack/.ssh/known_hosts Started Mistral Workflow tripleo.deployment.v1.get_horizon_url. Execution ID: c16ca26a-f246-4c98-b389-448d59fbb357 Overcloud Endpoint: http://10.0.0.101:5000/ Overcloud Horizon Dashboard URL: http://10.0.0.101:80/dashboard Overcloud rc file: /home/stack/overcloudrc Overcloud Deployed 5. Verify that ODL password was auto-generated during deployment: (undercloud) [stack@undercloud-0 ~]$ openstack object save overcloud plan-environment.yaml (undercloud) [stack@undercloud-0 ~]$ grep OpenDaylightPassword plan-environment.yaml OpenDaylightPassword: PGnH9bhnqtDGwTuNnC8JsR9dJ 6. Connect to Controller: (undercloud) [stack@undercloud-0 ~]$ openstack server list | grep controller-0 | 1f78a2f7-d333-4eea-80fb-729025cac70a | controller-0 | ACTIVE | ctlplane=192.168.24.12 | overcloud-full | controller | (undercloud) [stack@undercloud-0 ~]$ ssh heat-admin.24.12 7. Check ODL containers status: [heat-admin@controller-0 ~]$ sudo -s [heat-admin@controller-0 ~]$ docker ps | grep opendaylight 3993d1510f54 192.168.24.1:8787/rhosp13/openstack-neutron-server-opendaylight:2018-07-03.3 "kolla_start" 24 minutes ago Up 24 minutes (healthy) neutron_api 145caf8f011e 192.168.24.1:8787/rhosp13/openstack-opendaylight:2018-07-03.3 "kolla_start" 50 minutes ago Up 50 minutes (healthy) opendaylight_api 8. Find ODL REST URL: [root@controller-0 heat-admin]# docker exec neutron_api grep -A3 ml2_odl /etc/neutron/plugin.ini [ml2_odl] username=odladmin password=PGnH9bhnqtDGwTuNnC8JsR9dJ url=http://172.17.1.16:8081/controller/nb/v2/neutron 9. Check Neutron API with CURL: [root@controller-0 heat-admin]# curl -v -H "Content-Type:application/json" -u odladmin:PGnH9bhnqtDGwTuNnC8JsR9dJ http://172.17.1.16:8081/controller/nb/v2/neutron/networks { "networks" : [ { "id" : "bd8db3a8-2b30-4083-a8b3-b3fd46401142", "tenant_id" : "bd8db3a82b304083a8b3b3fd46401142", "project_id" : "bd8db3a8-2b30-4083-a8b3-b3fd46401142", "name" : "Sync Canary Network", "admin_state_up" : false, "status" : "ACTIVE", "shared" : false, "router:external" : false, "provider:network_type" : "flat", "segments" : [ ], "vlan_transparent" : false } ] }
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2214