Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 1780747

Summary: [ovs2.11] SSL connections drops are constantly logged in ovsdb-server-nb.log
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Timothy Redaelli <tredaelli>
Component: openvswitch2.11Assignee: Timothy Redaelli <tredaelli>
Status: CLOSED ERRATA QA Contact: Jianlin Shi <jishi>
Severity: medium Docs Contact:
Priority: high    
Version: FDP 19.DCC: amuller, atragler, ctrautma, dholler, fleitner, jhsiao, jishi, kfida, klaas, lmartins, mduarted, mkalfon, mmartinv, mmichels, obockows, ovs-qe, pchavva, qding, ralongi, rhodain, schandle, sirao, twilson
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openvswitch2.11-2.11.0-34.el8fdp Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1780745 Environment:
Last Closed: 2020-01-22 04:02:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 2 Jianlin Shi 2019-12-18 07:36:11 UTC 
reproduced on python3-openvswitch2.11-2.11.0-26.el8fdp.x86_64 :

[root@hp-dl380pg8-12 bz1780747]# bash -x setup.sh
+ systemctl start ovn-northd
+ ovs-pki init --force
Creating controllerca...
Creating switchca...                                                                                  
+ pushd /etc/openvswitch                                                                              
/etc/openvswitch ~/bz1780747
+ ovs-pki req+sign northdb controller
northdb-req.pem Wed Dec 18 02:32:47 EST 2019
        fingerprint 1d39999cb03d8210ce13c8c2e548682d5e2d3b1f                                          
+ ovs-pki req+sign nbctl controller
nbctl-req.pem   Wed Dec 18 02:32:47 EST 2019                                                          
        fingerprint dec7dfa36bbeb73e21dc48b34b17e8483c4c0983                                          
+ popd
~/bz1780747
+ chown -R openvswitch /etc/openvswitch                                                               
+ chown -R openvswitch /var/lib/openvswitch                                                           
+ ovn-nbctl set-ssl /etc/openvswitch/northdb-privkey.pem /etc/openvswitch/northdb-cert.pem /var/lib/openvswitch/pki/controllerca/cacert.pem
+ ovn-nbctl set-connection pssl:6641
+ python3 ovsdb_ssl_test.py
(0, None, "['hello world']")
+ python3 ovsdb_ssl_test.py                                                                           
(0, None, "['hello world']")
+ sleep 5
+ tail -n 10 /var/log/messages
Dec 18 02:32:46 hp-dl380pg8-12 ovn-ctl[20854]: Starting ovn-northd [  OK  ]                           
Dec 18 02:32:46 hp-dl380pg8-12 systemd[1]: Started OVN northd management daemon.
Dec 18 02:32:47 hp-dl380pg8-12 ovn-nbctl[20953]: ovs|00001|nbctl|INFO|Called as ovn-nbctl set-ssl /etc/openvswitch/northdb-privkey.pem /etc/openvswitch/northdb-cert.pem /var/lib/openvswitch/pki/controllerca/cacert.pem
Dec 18 02:32:47 hp-dl380pg8-12 ovn-nbctl[20954]: ovs|00001|nbctl|INFO|Called as ovn-nbctl set-connection pssl:6641
Dec 18 02:32:48 hp-dl380pg8-12 ovsdb-server[20868]: ovs|00003|stream_ssl|WARN|SSL_read: unexpected SSL connection close
Dec 18 02:32:48 hp-dl380pg8-12 ovsdb-server[20868]: ovs|00004|jsonrpc|WARN|ssl:127.0.0.1:41346: receive error: Protocol error
Dec 18 02:32:48 hp-dl380pg8-12 ovsdb-server[20868]: ovs|00005|reconnect|WARN|ssl:127.0.0.1:41346: connection dropped (Protocol error)
Dec 18 02:32:48 hp-dl380pg8-12 ovsdb-server[20868]: ovs|00006|stream_ssl|WARN|SSL_read: unexpected SSL connection close
Dec 18 02:32:48 hp-dl380pg8-12 ovsdb-server[20868]: ovs|00007|jsonrpc|WARN|ssl:127.0.0.1:41348: receive error: Protocol error
Dec 18 02:32:48 hp-dl380pg8-12 ovsdb-server[20868]: ovs|00008|reconnect|WARN|ssl:127.0.0.1:41348: connection dropped (Protocol error)

<==== error message

[root@hp-dl380pg8-12 bz1780747]# rpm -qa | grep -E "openvswitch|ovn"
openvswitch2.11-2.11.0-26.el8fdp.x86_64                                                               
ovn2.11-host-2.11.1-24.el8fdp.x86_64                                                                  
openvswitch-selinux-extra-policy-1.0-19.el8fdp.noarch                                                 
python3-openvswitch2.11-2.11.0-26.el8fdp.x86_64                                                       
ovn2.11-central-2.11.1-24.el8fdp.x86_64                                                               
ovn2.11-2.11.1-24.el8fdp.x86_64

Verified on python3-openvswitch2.11-2.11.0-35.el8fdp.x86_64 :

[root@hp-dl380pg8-12 bz1780747]# bash -x setup.sh                                                     
+ systemctl start ovn-northd
+ ovs-pki init --force
Creating controllerca...
Creating switchca...
+ pushd /etc/openvswitch
/etc/openvswitch ~/bz1780747                                                                          
+ ovs-pki req+sign northdb controller                                                                 
northdb-req.pem Wed Dec 18 02:35:13 EST 2019                                                          
        fingerprint 3c4ecd8106baad2d84ed55eed2242f3151051462                                          
+ ovs-pki req+sign nbctl controller
nbctl-req.pem   Wed Dec 18 02:35:14 EST 2019                                                          
        fingerprint 98e4e2d9b022a257800ef4abdcdbcf53e7fa5579                                          
+ popd
~/bz1780747
+ chown -R openvswitch /etc/openvswitch                                                               
+ chown -R openvswitch /var/lib/openvswitch                                                           
+ ovn-nbctl set-ssl /etc/openvswitch/northdb-privkey.pem /etc/openvswitch/northdb-cert.pem /var/lib/openvswitch/pki/controllerca/cacert.pem
+ ovn-nbctl set-connection pssl:6641                                                                  
+ python3 ovsdb_ssl_test.py
(0, None, "['hello world']")
+ python3 ovsdb_ssl_test.py                                                                           
(0, None, "['hello world']")
+ sleep 5
+ tail -n 10 /var/log/messages
Dec 18 02:35:13 hp-dl380pg8-12 ovn-nbctl[21728]: ovs|00001|nbctl|INFO|Called as ovn-nbctl init        
Dec 18 02:35:13 hp-dl380pg8-12 ovn-ctl[21713]: /var/lib/openvswitch/ovnsb_db.db does not exist ... (warning).
Dec 18 02:35:13 hp-dl380pg8-12 ovn-ctl[21713]: Creating empty database /var/lib/openvswitch/ovnsb_db.db [  OK  ]
Dec 18 02:35:13 hp-dl380pg8-12 ovsdb-server[21734]: ovs|00001|vlog|INFO|opened log file /var/log/openvswitch/ovsdb-server-sb.log
Dec 18 02:35:13 hp-dl380pg8-12 ovsdb-server[21736]: ovs|00002|ovsdb_server|INFO|ovsdb-server (Open vSwitch) 2.11.0
Dec 18 02:35:13 hp-dl380pg8-12 ovn-sbctl[21737]: ovs|00001|sbctl|INFO|Called as ovn-sbctl init        
Dec 18 02:35:13 hp-dl380pg8-12 ovn-ctl[21713]: Starting ovn-northd [  OK  ]
Dec 18 02:35:13 hp-dl380pg8-12 systemd[1]: Started OVN northd management daemon.
Dec 18 02:35:14 hp-dl380pg8-12 ovn-nbctl[21812]: ovs|00001|nbctl|INFO|Called as ovn-nbctl set-ssl /etc/openvswitch/northdb-privkey.pem /etc/openvswitch/northdb-cert.pem /var/lib/openvswitch/pki/controllerca/cacert.pem
Dec 18 02:35:14 hp-dl380pg8-12 ovn-nbctl[21813]: ovs|00001|nbctl|INFO|Called as ovn-nbctl set-connection pssl:6641

<=== no error message

[root@hp-dl380pg8-12 bz1780747]# rpm -qa | grep -E "openvswitch|ovn"                                  
ovn2.11-host-2.11.1-24.el8fdp.x86_64                                                                  
openvswitch-selinux-extra-policy-1.0-19.el8fdp.noarch                                                 
ovn2.11-central-2.11.1-24.el8fdp.x86_64                                                               
openvswitch2.11-2.11.0-35.el8fdp.x86_64                                                               
ovn2.11-2.11.1-24.el8fdp.x86_64                                                                       
python3-openvswitch2.11-2.11.0-35.el8fdp.x86_64
Comment 4 errata-xmlrpc 2020-01-22 04:02:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:0171