Project

General

Profile

action #112181

[sle][security][backlog][FIPS] test fails in openvswitch_ssl due to POX and python3 updated

Added by bchou 8 months ago. Updated 4 months ago.

Status:
Rejected
Priority:
Normal
Assignee:
bchou
Category:
Enhancement to existing tests
Target version:
-
Start date:
2022-06-08
Due date:
% Done:

50%

Estimated time:
32.00 h
Difficulty:

Description

Observation

openQA test in scenario sle-15-SP4-Online-x86_64-fips_ker_mode_tests_crypt_tool@64bit fails in
openvswitch_ssl

Test suite description

Maintainer: bchou@suse.com

Reproducible

Fails since (at least) Build 98.1

Expected result

Last good: 97.1 (or more recent)

Further details

Always latest result in this scenario: latest

History

#1 Updated by bchou 8 months ago

bsc#1196316 - [SLES15SP4][Build 101.1][SECURITY][FIPS] openvswitch_ssl: RuntimeError: SSL is not available

https://bugzilla.suse.com/show_bug.cgi?id=1196316

#2 Updated by bchou 8 months ago

Because of the POX and python3 are updated, our original test code is outdated.

We need to try to apply new POX and python3 in the test and enhance the test code.

#3 Updated by bchou 8 months ago

  • Subject changed from [sle][security][backlog] test fails in openvswitch_ssl due to POX and python3 updated to [sle][security][backlog][FIPS] test fails in openvswitch_ssl due to POX and python3 updated

#4 Updated by rfan1 8 months ago

  • Assignee changed from bchou to shawnhao

#5 Updated by shawnhao 8 months ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 10

Preparing environment, will manually try this case on tw and see if POX and Python3 can work

#6 Updated by shawnhao 8 months ago

  • % Done changed from 10 to 30

Found that port 6634 used in original tests steps might be unavailable since it seems to be used by another service. Changed to default port 6633 which is suggested by openvswitch documentation. Connection failure solved, cert problem showed up instead when either with self-signed certs or with certs and keys generated from ovs-pki. Need further investigation on the reason why certs failed to work.

#7 Updated by shawnhao 7 months ago

  • Status changed from In Progress to Blocked
  • % Done changed from 30 to 50

Case blocked now due to certification issue. Switch cannot set up connection to controller. Not sure now if this is related to POX or openvswitch.

#8 Updated by shawnhao 7 months ago

  • Assignee changed from shawnhao to bchou

Additional resource: tried to use ovs-pki to generate key and certs, however, same issue with private key ssl configuration failed occured.
In tw, I found that port 6634 is being used by another service from a nmap scan, thus result in connection failed. Switching to default port 6633 can solve this problem, but the above problem with key and certs still exists.

For reference: ovs-pki ssl key and certs generation https://docs.openvswitch.org/en/latest/howto/ssl/

#9 Updated by bchou 4 months ago

  • Status changed from Blocked to Rejected

POX and OVS and python are updated, so this case need to reconsider if we still need it and refactor.

Also available in: Atom PDF