RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1575929 - openvswitch-ovn-common v2.9.0 hangs configuring ssl if ssl configuraiton exists
Summary: openvswitch-ovn-common v2.9.0 hangs configuring ssl if ssl configuraiton exists
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openvswitch
Version: 7.5
Hardware: Unspecified
OS: Unspecified
urgent
high
Target Milestone: rc
: ---
Assignee: Timothy Redaelli
QA Contact: haidong li
URL:
Whiteboard:
Depends On:
Blocks: 1570384 1593252
TreeView+ depends on / blocked
 
Reported: 2018-05-08 10:29 UTC by Sandro Bonazzola
Modified: 2020-01-14 22:17 UTC (History)
10 users (show)

Fixed In Version: openvswitch-2.9.0-53.el7fdn
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-08-15 13:53:04 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1570384 0 high CLOSED Engine-setup hangs on "Creating CA" with openvswitch-ovn-common v2.9.0 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHBA-2018:2432 0 None None None 2018-08-15 13:53:51 UTC

Internal Links: 1570384

Description Sandro Bonazzola 2018-05-08 10:29:10 UTC 
Issue has been seen in oVirt / RHV deployment and reported in bug #1570384.
I've been told that openvswitch v 2.10 should already have a fix for this, please rebase on the new version.
I would suggest an async release for this.
Comment 2 Mark Michelson 2018-05-08 13:58:37 UTC 
@Sandro, you say this is fixed in 2.10 (OVS master, I guess). Do you know which commit fixes this? The closest thing I've found is https://patchwork.ozlabs.org/project/openvswitch/list/?series=40928

which is not yet merged.
Comment 3 Mark Michelson 2018-05-11 12:56:04 UTC 
Hi Sandro,

Lorenzo Bianconi gave me instructions on how to reproduce this outside of ovirt. What I can say right now is that the suspected patches to fix this (the ones I referenced earlier) appear NOT to fix this issue.

I am looking into it and will let you know when I have a fix.
Comment 4 Sandro Bonazzola 2018-05-14 14:31:58 UTC 
Thanks Mark, we'll stay tuned.
Comment 5 Mark Michelson 2018-05-15 13:41:40 UTC 
I believe I've found the cause of the problem. It's from a commit introduced in December.

The SSL table in the OVN northbound database has a constraint on it that it can have at most 1 row in it. A check was added in December that makes it so that if we are attempting to insert a row into the table when there is already a row present, then the insert will fail the verification step. This was intended to prevent race conditions where multiple clients might attempt to insert at the same time.

The problem is that when running 'ovn-nbctl set-ssl', this check causes the operation to fail. The set-ssl operation creates a transaction that is supposed to delete the current row in the SSL table and then insert a new one. The problem is that the check added in December is unaware that the delete is part of the transaction. Therefore, it fails the transaction because it thinks we are inserting into a table that already has its maximum amount of data in it.

There are essentially two issues:
1) The transaction should succeed instead of failing.
2) Even if the transaction fails, it should not cause a hang.
Comment 6 Mark Michelson 2018-05-17 17:19:02 UTC 
I've submitted a patch upstream: https://patchwork.ozlabs.org/patch/915611/

I am moving this issue to POST.
Comment 7 Yaniv Lavi 2018-06-24 07:53:50 UTC 
Can you backport this bug to OVS 2.9?
As OVS now in support in RHV, we need this fix urgently.
Comment 8 Mark Michelson 2018-06-25 12:11:53 UTC 
I have sent a message to the upstream maintainer to please backport this to version 2.9 of OVS.
Comment 9 Mark Michelson 2018-06-25 20:32:12 UTC 
Ben has backported the change to the OVS 2.9 branch. I'm setting the state of the issue to MODIFIED.
Comment 13 Timothy Redaelli 2018-08-10 13:45:33 UTC 
The openvwitch component is delivered through the fast datapath channel, it is not documented in release notes.
Comment 15 errata-xmlrpc 2018-08-15 13:53:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2432
Note You need to log in before you can comment on or make changes to this bug.