Bug 1570384 - Engine-setup hangs on "Creating CA" with openvswitch-ovn-common v2.9.0
Summary: Engine-setup hangs on "Creating CA" with openvswitch-ovn-common v2.9.0
Status: CLOSED DUPLICATE of bug 1593252
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: Setup.Engine.OVN
Version: ---
Hardware: Unspecified
OS: Unspecified
Target Milestone: ovirt-4.2.6
: ---
Assignee: Marcin Mirecki
QA Contact: Roni
Depends On: 1575929
Blocks: 1593252
TreeView+ depends on / blocked
Reported: 2018-04-22 13:12 UTC by John Boero
Modified: 2018-10-11 03:24 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1593252 (view as bug list)
Last Closed: 2018-08-20 10:45:09 UTC
oVirt Team: Network
rule-engine: ovirt-4.2+

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1575929 0 urgent CLOSED openvswitch-ovn-common v2.9.0 hangs configuring ssl if ssl configuraiton exists 2021-02-22 00:41:40 UTC

Internal Links: 1575929

Description John Boero 2018-04-22 13:12:15 UTC
Description of problem:
Fresh install using engine-setup of a new Engine host.  When it gets to step "Creating CA" it hangs indefinitely.  Tailing the logs along with it shows an ovn command that has infinite timeout.  Workaround to downgrade openvswitch-ovn-common restores working install.

Version-Release number of selected component (if applicable):
otopi.noarch                           1.7.7-1.el7.centos             @ovirt-4.2
openvswitch-ovn-common v2.9.0
CentOS 7.4.1708

How reproducible:
ALWAYS, but note that I had used engine-cleanup on a successful install and done a re-install.

Steps to Reproduce:
1. Enable ovirt-4.2 repo for EL7.
2. Engine-setup with or without answers file, enabling ovn setup.
3. Tail the log file.
4. Install hangs indefinitely on "Creating CA":

2018-04-22 14:10:06,849+0100 DEBUG otopi.plugins.ovirt_engine_setup.ovirt_engine.network.ovirtproviderovn plugin.executeRaw:813 execute: ('ovn-nbctl', 'set-ssl', '/etc/pki/ovirt-engine/keys/ovn-ndb.key.nopass', '/etc/pki/ovirt-engine/certs/ovn-ndb.cer', '/etc/pki/ovirt-engine/ca.pem'), executable='None', cwd='None', env=None

Actual results:
Install hangs on a socket poll and must be killed with ^C

Expected results:
Install finishes.

Additional info:
Strace reveals a poll with unlimited timeout.

Comment 1 Sandro Bonazzola 2018-05-08 10:23:34 UTC
It's a known bug of openvswitch 2.9.0 which has been solved in openvswitch 2.10.
I just talked with openvswitch maintainers and I managed to reproduce by doing:

# engine-setup
# engine-cleanup
# engine-setup

in this flow, ovn ssl configuration is not cleared during the cleanup (Marcin, please fix the cleanup part) and ovn hangs when configuring ssl if a ssl configuration exists.

As a workaround, you can issue the following commands before running engine-setup:

# ovn-nbctl del-ssl
# ovn-sbctl del-ssl

this will remove ssl configuration and will allow you to complete the setup.

Comment 2 Yaniv Kaul 2018-05-23 10:45:41 UTC
(In reply to Sandro Bonazzola from comment #1)
> It's a known bug of openvswitch 2.9.0 which has been solved in openvswitch
> 2.10.

Do we know when we'll move to 2.10? Shall we close this one on a separate 'rebase to 2.10' bz?

Comment 3 Yedidyah Bar David 2018-05-31 08:57:08 UTC
Now happened to me too. I vote for making engine-setup run the workaround from comment 1, if it's safe, and if it's indeed the best solution.

Comment 5 Dan Kenigsberg 2018-07-20 21:07:06 UTC
Please test with openvswitch-2.9.0-53.el7fdn

Comment 6 John Boero 2018-07-23 15:51:55 UTC
Thanks I don't have that openvswitch release available yet but I can verify the ovn workaround works.  In fact it works if you're mid-install and mid-hang: 

# ovn-nbctl del-ssl
# ovn-sbctl del-ssl

Thanks folks I'll try again when that hits my repo. Also congrats @Sandro

Comment 7 Dan Kenigsberg 2018-08-20 08:22:07 UTC
Marcin, if a BZ does not need doc update, you should set requires_doc_text to minus.

Comment 8 Dan Kenigsberg 2018-08-20 10:45:09 UTC
This is a dup of a RHV bug 1593252, let us close this one to track the issue only once.

*** This bug has been marked as a duplicate of bug 1593252 ***

Note You need to log in before you can comment on or make changes to this bug.