1806276 – [HE] ovirt-provider-ovn is non-functional on 4.3.9 Hosted-Engine

Bug 1806276 - [HE] ovirt-provider-ovn is non-functional on 4.3.9 Hosted-Engine

Summary: [HE] ovirt-provider-ovn is non-functional on 4.3.9 Hosted-Engine

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine
Sub Component:
Version:	4.3.9
Hardware:	x86_64
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	ovirt-4.4.0
Target Release:	---
Assignee:	Dominik Holler
QA Contact:	msheena
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1809470
TreeView+	depends on / blocked

Reported:	2020-02-23 13:42 UTC by msheena
Modified:	2020-08-04 13:22 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Previously, the ovirt-provider-ovn network provider was non-functional on RHV 4.3.9 Hosted-Engine. This happened because, with FDP 20.A (bug 1791388), the OVS/OVN service no longer had the permissions to read the private SSL/TLS key file. The current release fixes this issue: It updates the private SSL/TLS key file permissions. OVS/OVN reads the key file and works as expected.
Clone Of:
Clones:	1809470 (view as bug list)
Environment:
Last Closed:	2020-08-04 13:21:50 UTC
oVirt Team:	Network
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1791388	unspecified	CLOSED	Launch ovn daemons as non-root user	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHSA-2020:3247	None	None	None	2020-08-04 13:22:10 UTC
oVirt gerrit	107227	master	MERGED	packaging: setup: pki: set owner of private keys	2020-08-26 17:21:40 UTC
oVirt gerrit	107228	ovirt-engine-4.3	MERGED	packaging: setup: pki: set owner of private keys	2020-08-26 17:21:40 UTC
oVirt gerrit	107385	master	MERGED	packaging: setup: pki: Fix for developer mode	2020-08-26 17:21:40 UTC
oVirt gerrit	107387	ovirt-engine-4.3	MERGED	packaging: setup: pki: Fix for developer mode	2020-08-26 17:21:40 UTC

Internal Links: 1809463

Description msheena 2020-02-23 13:42:21 UTC

Description of problem
======================
ovirt-provider-ovn is not functional on 4.3.9 Hosted-Engine.
There is no option of connecting RHV to the provider, creating OVN networks, etc.

Version-Release number of selected component (if applicable)
============================================================
ovirt-engine-4.3.9.0-0.1.el7.noarch
rhvm-appliance-4.3-20200204.0.el7
openvswitch2.11-2.11.0-9.el7fdp.x86_64

How reproducible
================
100%

Steps to Reproduce
==================
1. Deploy Hosted-Engine using [1], [2] on a bare metal.
2. Create a cluster with ovirt-provider-ovn as an external network provider
3. Go to 'Providers' tab in webadmin UI - edit the ovirt-provider-ovn - click 'test'

[1] - rhvm-appliance-4.3-20200204.0.el7
[2] - ovirt-engine-setup-4.3.9.0-0.1.el7.noarch

Actual results
==============
A red box appears with the text: 'Failed to communicate with the external provider, see log for additional details.'

Expected results
================
A green box appears with the text: 'Test succeeded, managed to access provider.'

Additional info
===============
- In step 1 the deafult answer file was used. this issue reproduced on a manual deploy using cli.

- The output for `# systemctl status ovn-controller.service` shows the following error: ovs|00025|stream_ssl|ERR|ssl:10.35.128.44:6642: connect: Network is unreachable

- No Geneve tunnel is created on the host installed in a cluster with ovirt-provider-ovn configured as the external network provider

- Naturally, the output for `ovn-sbctl show` on the Engine VM shows no Chassis

Comment 2 Michael Burman 2020-02-23 14:29:11 UTC

ovirt-provider-ovn-1.2.29-1.el7ev.noarch

Comment 3 Michal Skrivanek 2020-02-24 13:19:44 UTC

we suspect a regression caused by bug 1791388

Comment 14 Michael Burman 2020-03-16 09:05:41 UTC

Verified on - rhvm-4.4.0-0.25.master.el8ev.noarch with
ovirt-provider-ovn-1.2.29-1.el8ev.noarch
ovn2.11-central-2.11.1-24.el8fdp.x86_64
rhv-openvswitch-ovn-central-2.11-7.el8ev.noarch
ovn2.11-2.11.1-33.el8fdp.x86_64

rhv-python-openvswitch-2.11-7.el8ev.noarch
openvswitch-selinux-extra-policy-1.0-19.el8fdp.noarch
openvswitch2.11-2.11.0-48.el8fdp.x86_64
rhv-openvswitch-ovn-central-2.11-7.el8ev.noarch
python3-openvswitch2.11-2.11.0-48.el8fdp.x86_64
rhv-openvswitch-ovn-common-2.11-7.el8ev.noarch
rhv-openvswitch-2.11-7.el8ev.noarch

Comment 18 errata-xmlrpc 2020-08-04 13:21:50 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3247

Note You need to log in before you can comment on or make changes to this bug.