Bug 1806276

Summary: [HE] ovirt-provider-ovn is non-functional on 4.3.9 Hosted-Engine
Product: Red Hat Enterprise Virtualization Manager Reporter: msheena
Component: ovirt-engineAssignee: Dominik Holler <dholler>
Status: CLOSED ERRATA QA Contact: msheena
Severity: urgent Docs Contact:
Priority: urgent    
Version: 4.3.9CC: bugs, dagur, dholler, mburman, michal.skrivanek, mperina, mtessun, rdlugyhe
Target Milestone: ovirt-4.4.0Keywords: AutomationBlocker, BuildBlocker, Regression, ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Previously, the *ovirt-provider-ovn* network provider was non-functional on RHV 4.3.9 Hosted-Engine. This happened because, with FDP 20.A (bug 1791388), the OVS/OVN service no longer had the permissions to read the private SSL/TLS key file. The current release fixes this issue: It updates the private SSL/TLS key file permissions. OVS/OVN reads the key file and works as expected.
 Story Points: ---
Clone Of:
: 1809470 (view as bug list) Environment:
Last Closed: 2020-08-04 13:21:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Network RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1809470    

Description msheena 2020-02-23 13:42:21 UTC 
Description of problem
======================
ovirt-provider-ovn is not functional on 4.3.9 Hosted-Engine.
There is no option of connecting RHV to the provider, creating OVN networks, etc.

Version-Release number of selected component (if applicable)
============================================================
ovirt-engine-4.3.9.0-0.1.el7.noarch
rhvm-appliance-4.3-20200204.0.el7
openvswitch2.11-2.11.0-9.el7fdp.x86_64

How reproducible
================
100%

Steps to Reproduce
==================
1. Deploy Hosted-Engine using [1], [2] on a bare metal.
2. Create a cluster with ovirt-provider-ovn as an external network provider
3. Go to 'Providers' tab in webadmin UI - edit the ovirt-provider-ovn - click 'test'

[1] - rhvm-appliance-4.3-20200204.0.el7
[2] - ovirt-engine-setup-4.3.9.0-0.1.el7.noarch

Actual results
==============
A red box appears with the text: 'Failed to communicate with the external provider, see log for additional details.'

Expected results
================
A green box appears with the text: 'Test succeeded, managed to access provider.'

Additional info
===============
- In step 1 the deafult answer file was used. this issue reproduced on a manual deploy using cli.

- The output for `# systemctl status ovn-controller.service` shows the following error: ovs|00025|stream_ssl|ERR|ssl:10.35.128.44:6642: connect: Network is unreachable

- No Geneve tunnel is created on the host installed in a cluster with ovirt-provider-ovn configured as the external network provider

- Naturally, the output for `ovn-sbctl show` on the Engine VM shows no Chassis
Comment 2 Michael Burman 2020-02-23 14:29:11 UTC 
ovirt-provider-ovn-1.2.29-1.el7ev.noarch
Comment 3 Michal Skrivanek 2020-02-24 13:19:44 UTC 
we suspect a regression caused by bug 1791388
Comment 14 Michael Burman 2020-03-16 09:05:41 UTC 
Verified on - rhvm-4.4.0-0.25.master.el8ev.noarch with
ovirt-provider-ovn-1.2.29-1.el8ev.noarch
ovn2.11-central-2.11.1-24.el8fdp.x86_64
rhv-openvswitch-ovn-central-2.11-7.el8ev.noarch
ovn2.11-2.11.1-33.el8fdp.x86_64

rhv-python-openvswitch-2.11-7.el8ev.noarch
openvswitch-selinux-extra-policy-1.0-19.el8fdp.noarch
openvswitch2.11-2.11.0-48.el8fdp.x86_64
rhv-openvswitch-ovn-central-2.11-7.el8ev.noarch
python3-openvswitch2.11-2.11.0-48.el8fdp.x86_64
rhv-openvswitch-ovn-common-2.11-7.el8ev.noarch
rhv-openvswitch-2.11-7.el8ev.noarch
Comment 18 errata-xmlrpc 2020-08-04 13:21:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3247