[openstack-dev] [networking-ovn] [tripleo] enable open ptcp communication to NB and SB databases

Numan Siddique nusiddiq at redhat.com
Mon Dec 18 07:22:20 UTC 2017

On Thu, Dec 14, 2017 at 2:31 PM, pranab boruah <pranabjyotiboruah at gmail.com>

> Thanks Numan for the reply.
> >tripleo takes care of that and there should be no need to run those
> >commands manually. Which release of tripleo you are using ?
> We are using Pike. My bad, I was looking for the aforementioned
> commands and didn't check the code properly for the alternate way to
> use open tcp based communication.
> I have couple of follow-up questions:
> 1. Is the open TCP(no SSL) based mechanism enabled by default in
> TripleO ? Or we have to set a config parameter for using open TCP ?

I think tripleo supports SSL  for all the service endpoints. You need to
include certain environment files.
I am not very clear whether your question is for tripleo in general or for
the communication between neutron server and OVN db servers.

For the communication between neutron-server/ovn-controller/ovn-northd and
OVN db servers, OVN tripleo heat temaplates/puppet modules doesn't support
SSL yet.
We need to enhance these to support this use case.

2. In actual production deployments, is open TCP used instead of SSL?

If your queston is for tripleo deployment in original, I am afraid I am not
right person.  May be Tripleo folks can answer this question.


> Thanks,
> Pranab
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171218/af8ea40f/attachment.html>

More information about the OpenStack-dev mailing list