puppet-neutron

OpenDaylight OVS class needs to add SSL certificates to every ODL

Bug #1766989 reported by Tim Rozet on 2018-04-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	puppet-neutron	Fix Released	Medium	Tim Rozet

Bug Description

In HA mode, we were trying to use an MD-SAL based trust store to add OVS certificates to. However this is currently unsupported with OpenFlow Plugin and does not work correctly with OVSDB. Therefore we need to stick with file based trust store. In that case, every ODL needs the certificate added to it.

Tags:

Tim Rozet (trozet) on 2018-04-25

Changed in puppet-neutron:
assignee:	nobody → Tim Rozet (trozet)

Tim Rozet (trozet) on 2018-04-25

Changed in puppet-neutron:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-25: Fix proposed to puppet-neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/564353

Emilien Macchi (emilienm) on 2018-04-26

Changed in puppet-neutron:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-30: Fix merged to puppet-neutron (master)

Reviewed: https://review.openstack.org/564353
Committed: https://git.openstack.org/cgit/openstack/puppet-neutron/commit/?id=7c7a39da8081eaf536050daaa350b6fb2606be12
Submitter: Zuul
Branch: master

commit 7c7a39da8081eaf536050daaa350b6fb2606be12
Author: Tim Rozet <email address hidden>
Date: Wed Apr 25 18:03:33 2018 -0400

Fixes ODL OVS to add certs to every node

    Certificates were only being added to the VIP, which means only one node
    would get the add certificate request. This would work if there was a
    highly available trust store, however MD-SAL lacks support in OpenFlow
    Plugin and therefore we have to use a file based trust store. Since we
    are using a file based trust store, the certificate needs to be pushed
    to every OpenDaylight node.

Also includes minor fix where tcp was only being force-modified to ssl
for the first ODL OVSDB URI.

Closes-Bug: 1766989

Change-Id: Ifd8401e2facdad07ccda4ec6f885a82bc0a16421
Signed-off-by: Tim Rozet <email address hidden>

Changed in puppet-neutron:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-30: Fix proposed to puppet-neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/565281

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-30: Fix merged to puppet-neutron (stable/queens)

Reviewed: https://review.openstack.org/565281
Committed: https://git.openstack.org/cgit/openstack/puppet-neutron/commit/?id=43ce982fda8ef2ec2ae0cb2e17b5610b1ca77c97
Submitter: Zuul
Branch: stable/queens

commit 43ce982fda8ef2ec2ae0cb2e17b5610b1ca77c97
Author: Tim Rozet <email address hidden>
Date: Wed Apr 25 18:03:33 2018 -0400

Fixes ODL OVS to add certs to every node

Also includes minor fix where tcp was only being force-modified to ssl
for the first ODL OVSDB URI.

Closes-Bug: 1766989

    Change-Id: Ifd8401e2facdad07ccda4ec6f885a82bc0a16421
    Signed-off-by: Tim Rozet <email address hidden>
    (cherry picked from commit 7c7a39da8081eaf536050daaa350b6fb2606be12)