The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.
Bug 1780747 - [ovs2.11] SSL connections drops are constantly logged in ovsdb-server-nb.log
Summary: [ovs2.11] SSL connections drops are constantly logged in ovsdb-server-nb.log
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux Fast Datapath
Classification: Red Hat
Component: openvswitch2.11
Version: FDP 19.D
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ---
: ---
Assignee: Timothy Redaelli
QA Contact: Jianlin Shi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-12-06 19:23 UTC by Timothy Redaelli
Modified: 2020-01-22 04:03 UTC (History)
23 users (show)

Fixed In Version: openvswitch2.11-2.11.0-34.el8fdp
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1780745
Environment:
Last Closed: 2020-01-22 04:02:49 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:0171 0 None None None 2020-01-22 04:03:05 UTC

Comment 2 Jianlin Shi 2019-12-18 07:36:11 UTC 
reproduced on python3-openvswitch2.11-2.11.0-26.el8fdp.x86_64 :

[root@hp-dl380pg8-12 bz1780747]# bash -x setup.sh
+ systemctl start ovn-northd
+ ovs-pki init --force
Creating controllerca...
Creating switchca...                                                                                  
+ pushd /etc/openvswitch                                                                              
/etc/openvswitch ~/bz1780747
+ ovs-pki req+sign northdb controller
northdb-req.pem Wed Dec 18 02:32:47 EST 2019
        fingerprint 1d39999cb03d8210ce13c8c2e548682d5e2d3b1f                                          
+ ovs-pki req+sign nbctl controller
nbctl-req.pem   Wed Dec 18 02:32:47 EST 2019                                                          
        fingerprint dec7dfa36bbeb73e21dc48b34b17e8483c4c0983                                          
+ popd
~/bz1780747
+ chown -R openvswitch /etc/openvswitch                                                               
+ chown -R openvswitch /var/lib/openvswitch                                                           
+ ovn-nbctl set-ssl /etc/openvswitch/northdb-privkey.pem /etc/openvswitch/northdb-cert.pem /var/lib/openvswitch/pki/controllerca/cacert.pem
+ ovn-nbctl set-connection pssl:6641
+ python3 ovsdb_ssl_test.py
(0, None, "['hello world']")
+ python3 ovsdb_ssl_test.py                                                                           
(0, None, "['hello world']")
+ sleep 5
+ tail -n 10 /var/log/messages
Dec 18 02:32:46 hp-dl380pg8-12 ovn-ctl[20854]: Starting ovn-northd [  OK  ]                           
Dec 18 02:32:46 hp-dl380pg8-12 systemd[1]: Started OVN northd management daemon.
Dec 18 02:32:47 hp-dl380pg8-12 ovn-nbctl[20953]: ovs|00001|nbctl|INFO|Called as ovn-nbctl set-ssl /etc/openvswitch/northdb-privkey.pem /etc/openvswitch/northdb-cert.pem /var/lib/openvswitch/pki/controllerca/cacert.pem
Dec 18 02:32:47 hp-dl380pg8-12 ovn-nbctl[20954]: ovs|00001|nbctl|INFO|Called as ovn-nbctl set-connection pssl:6641
Dec 18 02:32:48 hp-dl380pg8-12 ovsdb-server[20868]: ovs|00003|stream_ssl|WARN|SSL_read: unexpected SSL connection close
Dec 18 02:32:48 hp-dl380pg8-12 ovsdb-server[20868]: ovs|00004|jsonrpc|WARN|ssl:127.0.0.1:41346: receive error: Protocol error
Dec 18 02:32:48 hp-dl380pg8-12 ovsdb-server[20868]: ovs|00005|reconnect|WARN|ssl:127.0.0.1:41346: connection dropped (Protocol error)
Dec 18 02:32:48 hp-dl380pg8-12 ovsdb-server[20868]: ovs|00006|stream_ssl|WARN|SSL_read: unexpected SSL connection close
Dec 18 02:32:48 hp-dl380pg8-12 ovsdb-server[20868]: ovs|00007|jsonrpc|WARN|ssl:127.0.0.1:41348: receive error: Protocol error
Dec 18 02:32:48 hp-dl380pg8-12 ovsdb-server[20868]: ovs|00008|reconnect|WARN|ssl:127.0.0.1:41348: connection dropped (Protocol error)

<==== error message

[root@hp-dl380pg8-12 bz1780747]# rpm -qa | grep -E "openvswitch|ovn"
openvswitch2.11-2.11.0-26.el8fdp.x86_64                                                               
ovn2.11-host-2.11.1-24.el8fdp.x86_64                                                                  
openvswitch-selinux-extra-policy-1.0-19.el8fdp.noarch                                                 
python3-openvswitch2.11-2.11.0-26.el8fdp.x86_64                                                       
ovn2.11-central-2.11.1-24.el8fdp.x86_64                                                               
ovn2.11-2.11.1-24.el8fdp.x86_64

Verified on python3-openvswitch2.11-2.11.0-35.el8fdp.x86_64 :

[root@hp-dl380pg8-12 bz1780747]# bash -x setup.sh                                                     
+ systemctl start ovn-northd
+ ovs-pki init --force
Creating controllerca...
Creating switchca...
+ pushd /etc/openvswitch
/etc/openvswitch ~/bz1780747                                                                          
+ ovs-pki req+sign northdb controller                                                                 
northdb-req.pem Wed Dec 18 02:35:13 EST 2019                                                          
        fingerprint 3c4ecd8106baad2d84ed55eed2242f3151051462                                          
+ ovs-pki req+sign nbctl controller
nbctl-req.pem   Wed Dec 18 02:35:14 EST 2019                                                          
        fingerprint 98e4e2d9b022a257800ef4abdcdbcf53e7fa5579                                          
+ popd
~/bz1780747
+ chown -R openvswitch /etc/openvswitch                                                               
+ chown -R openvswitch /var/lib/openvswitch                                                           
+ ovn-nbctl set-ssl /etc/openvswitch/northdb-privkey.pem /etc/openvswitch/northdb-cert.pem /var/lib/openvswitch/pki/controllerca/cacert.pem
+ ovn-nbctl set-connection pssl:6641                                                                  
+ python3 ovsdb_ssl_test.py
(0, None, "['hello world']")
+ python3 ovsdb_ssl_test.py                                                                           
(0, None, "['hello world']")
+ sleep 5
+ tail -n 10 /var/log/messages
Dec 18 02:35:13 hp-dl380pg8-12 ovn-nbctl[21728]: ovs|00001|nbctl|INFO|Called as ovn-nbctl init        
Dec 18 02:35:13 hp-dl380pg8-12 ovn-ctl[21713]: /var/lib/openvswitch/ovnsb_db.db does not exist ... (warning).
Dec 18 02:35:13 hp-dl380pg8-12 ovn-ctl[21713]: Creating empty database /var/lib/openvswitch/ovnsb_db.db [  OK  ]
Dec 18 02:35:13 hp-dl380pg8-12 ovsdb-server[21734]: ovs|00001|vlog|INFO|opened log file /var/log/openvswitch/ovsdb-server-sb.log
Dec 18 02:35:13 hp-dl380pg8-12 ovsdb-server[21736]: ovs|00002|ovsdb_server|INFO|ovsdb-server (Open vSwitch) 2.11.0
Dec 18 02:35:13 hp-dl380pg8-12 ovn-sbctl[21737]: ovs|00001|sbctl|INFO|Called as ovn-sbctl init        
Dec 18 02:35:13 hp-dl380pg8-12 ovn-ctl[21713]: Starting ovn-northd [  OK  ]
Dec 18 02:35:13 hp-dl380pg8-12 systemd[1]: Started OVN northd management daemon.
Dec 18 02:35:14 hp-dl380pg8-12 ovn-nbctl[21812]: ovs|00001|nbctl|INFO|Called as ovn-nbctl set-ssl /etc/openvswitch/northdb-privkey.pem /etc/openvswitch/northdb-cert.pem /var/lib/openvswitch/pki/controllerca/cacert.pem
Dec 18 02:35:14 hp-dl380pg8-12 ovn-nbctl[21813]: ovs|00001|nbctl|INFO|Called as ovn-nbctl set-connection pssl:6641

<=== no error message

[root@hp-dl380pg8-12 bz1780747]# rpm -qa | grep -E "openvswitch|ovn"                                  
ovn2.11-host-2.11.1-24.el8fdp.x86_64                                                                  
openvswitch-selinux-extra-policy-1.0-19.el8fdp.noarch                                                 
ovn2.11-central-2.11.1-24.el8fdp.x86_64                                                               
openvswitch2.11-2.11.0-35.el8fdp.x86_64                                                               
ovn2.11-2.11.1-24.el8fdp.x86_64                                                                       
python3-openvswitch2.11-2.11.0-35.el8fdp.x86_64
Comment 4 errata-xmlrpc 2020-01-22 04:02:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:0171
Note You need to log in before you can comment on or make changes to this bug.