Project

General

Profile

Actions

action #112181

closed

[sle][security][backlog][FIPS] test fails in openvswitch_ssl due to POX and python3 updated

Added by bchou over 2 years ago. Updated about 2 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Category:
Enhancement to existing tests
Target version:
-
Start date:
2022-06-08
Due date:
% Done:

50%

Estimated time:
32.00 h
Difficulty:

Description

Observation

openQA test in scenario sle-15-SP4-Online-x86_64-fips_ker_mode_tests_crypt_tool@64bit fails in
openvswitch_ssl

Test suite description

Maintainer: bchou@suse.com

Reproducible

Fails since (at least) Build 98.1

Expected result

Last good: 97.1 (or more recent)

Further details

Always latest result in this scenario: latest

Actions #1

Updated by bchou over 2 years ago

bsc#1196316 - [SLES15SP4][Build 101.1][SECURITY][FIPS] openvswitch_ssl: RuntimeError: SSL is not available

https://bugzilla.suse.com/show_bug.cgi?id=1196316

Actions #2

Updated by bchou over 2 years ago

Because of the POX and python3 are updated, our original test code is outdated.

We need to try to apply new POX and python3 in the test and enhance the test code.

Actions #3

Updated by bchou over 2 years ago

  • Subject changed from [sle][security][backlog] test fails in openvswitch_ssl due to POX and python3 updated to [sle][security][backlog][FIPS] test fails in openvswitch_ssl due to POX and python3 updated
Actions #4

Updated by rfan1 over 2 years ago

  • Assignee changed from bchou to shawnhao
Actions #5

Updated by shawnhao over 2 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 10

Preparing environment, will manually try this case on tw and see if POX and Python3 can work

Actions #6

Updated by shawnhao over 2 years ago

  • % Done changed from 10 to 30

Found that port 6634 used in original tests steps might be unavailable since it seems to be used by another service. Changed to default port 6633 which is suggested by openvswitch documentation. Connection failure solved, cert problem showed up instead when either with self-signed certs or with certs and keys generated from ovs-pki. Need further investigation on the reason why certs failed to work.

Actions #7

Updated by shawnhao over 2 years ago

  • Status changed from In Progress to Blocked
  • % Done changed from 30 to 50

Case blocked now due to certification issue. Switch cannot set up connection to controller. Not sure now if this is related to POX or openvswitch.

Actions #8

Updated by shawnhao over 2 years ago

  • Assignee changed from shawnhao to bchou

Additional resource: tried to use ovs-pki to generate key and certs, however, same issue with private key ssl configuration failed occured.
In tw, I found that port 6634 is being used by another service from a nmap scan, thus result in connection failed. Switching to default port 6633 can solve this problem, but the above problem with key and certs still exists.

For reference: ovs-pki ssl key and certs generation https://docs.openvswitch.org/en/latest/howto/ssl/

Actions #9

Updated by bchou about 2 years ago

  • Status changed from Blocked to Rejected

POX and OVS and python are updated, so this case need to reconsider if we still need it and refactor.

Actions

Also available in: Atom PDF