Description of problem: Fresh install using engine-setup of a new Engine host. When it gets to step "Creating CA" it hangs indefinitely. Tailing the logs along with it shows an ovn command that has infinite timeout. Workaround to downgrade openvswitch-ovn-common restores working install. Version-Release number of selected component (if applicable): otopi.noarch 1.7.7-1.el7.centos @ovirt-4.2 openvswitch-ovn-common v2.9.0 CentOS 7.4.1708 How reproducible: ALWAYS, but note that I had used engine-cleanup on a successful install and done a re-install. Steps to Reproduce: 1. Enable ovirt-4.2 repo for EL7. 2. Engine-setup with or without answers file, enabling ovn setup. 3. Tail the log file. 4. Install hangs indefinitely on "Creating CA": 2018-04-22 14:10:06,849+0100 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn plugin.executeRaw:813 execute: ('ovn-nbctl', 'set-ssl', '/etc/pki/ovirt-engine/keys/ovn-ndb.key.nopass', '/etc/pki/ovirt-engine/certs/ovn-ndb.cer', '/etc/pki/ovirt-engine/ca.pem'), executable='None', cwd='None', env=None Actual results: Install hangs on a socket poll and must be killed with ^C Expected results: Install finishes. Additional info: Strace reveals a poll with unlimited timeout.
It's a known bug of openvswitch 2.9.0 which has been solved in openvswitch 2.10. I just talked with openvswitch maintainers and I managed to reproduce by doing: # engine-setup # engine-cleanup # engine-setup in this flow, ovn ssl configuration is not cleared during the cleanup (Marcin, please fix the cleanup part) and ovn hangs when configuring ssl if a ssl configuration exists. As a workaround, you can issue the following commands before running engine-setup: # ovn-nbctl del-ssl # ovn-sbctl del-ssl this will remove ssl configuration and will allow you to complete the setup.
(In reply to Sandro Bonazzola from comment #1) > It's a known bug of openvswitch 2.9.0 which has been solved in openvswitch > 2.10. Do we know when we'll move to 2.10? Shall we close this one on a separate 'rebase to 2.10' bz?
Now happened to me too. I vote for making engine-setup run the workaround from comment 1, if it's safe, and if it's indeed the best solution.
Please test with openvswitch-2.9.0-53.el7fdn
Thanks I don't have that openvswitch release available yet but I can verify the ovn workaround works. In fact it works if you're mid-install and mid-hang: # ovn-nbctl del-ssl # ovn-sbctl del-ssl Thanks folks I'll try again when that hits my repo. Also congrats @Sandro
Marcin, if a BZ does not need doc update, you should set requires_doc_text to minus.
This is a dup of a RHV bug 1593252, let us close this one to track the issue only once. *** This bug has been marked as a duplicate of bug 1593252 ***