[openstack-dev] [networking-ovn] [tripleo] enable open ptcp communication to NB and SB databases

Numan Siddique nusiddiq at redhat.com
Mon Dec 18 07:22:20 UTC 2017


On Thu, Dec 14, 2017 at 2:31 PM, pranab boruah <pranabjyotiboruah at gmail.com>
wrote:

> Thanks Numan for the reply.
>
> >tripleo takes care of that and there should be no need to run those
> >commands manually. Which release of tripleo you are using ?
> We are using Pike. My bad, I was looking for the aforementioned
> commands and didn't check the code properly for the alternate way to
> use open tcp based communication.
>
> I have couple of follow-up questions:
>
> 1. Is the open TCP(no SSL) based mechanism enabled by default in
> TripleO ? Or we have to set a config parameter for using open TCP ?
>

I think tripleo supports SSL  for all the service endpoints. You need to
include certain environment files.
I am not very clear whether your question is for tripleo in general or for
the communication between neutron server and OVN db servers.

For the communication between neutron-server/ovn-controller/ovn-northd and
OVN db servers, OVN tripleo heat temaplates/puppet modules doesn't support
SSL yet.
We need to enhance these to support this use case.


2. In actual production deployments, is open TCP used instead of SSL?
>

If your queston is for tripleo deployment in original, I am afraid I am not
right person.  May be Tripleo folks can answer this question.

Thanks
Numan


> Thanks,
> Pranab
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171218/af8ea40f/attachment.html>


More information about the OpenStack-dev mailing list