action #112181
closed[sle][security][backlog][FIPS] test fails in openvswitch_ssl due to POX and python3 updated
50%
Description
Observation¶
openQA test in scenario sle-15-SP4-Online-x86_64-fips_ker_mode_tests_crypt_tool@64bit fails in
openvswitch_ssl
Test suite description¶
Maintainer: bchou@suse.com
Reproducible¶
Fails since (at least) Build 98.1
Expected result¶
Last good: 97.1 (or more recent)
Further details¶
Always latest result in this scenario: latest
Updated by bchou almost 2 years ago
bsc#1196316 - [SLES15SP4][Build 101.1][SECURITY][FIPS] openvswitch_ssl: RuntimeError: SSL is not available
Updated by bchou almost 2 years ago
Because of the POX and python3 are updated, our original test code is outdated.
We need to try to apply new POX and python3 in the test and enhance the test code.
Updated by bchou almost 2 years ago
- Subject changed from [sle][security][backlog] test fails in openvswitch_ssl due to POX and python3 updated to [sle][security][backlog][FIPS] test fails in openvswitch_ssl due to POX and python3 updated
Updated by shawnhao almost 2 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 10
Preparing environment, will manually try this case on tw and see if POX and Python3 can work
Updated by shawnhao almost 2 years ago
- % Done changed from 10 to 30
Found that port 6634 used in original tests steps might be unavailable since it seems to be used by another service. Changed to default port 6633 which is suggested by openvswitch documentation. Connection failure solved, cert problem showed up instead when either with self-signed certs or with certs and keys generated from ovs-pki. Need further investigation on the reason why certs failed to work.
Updated by shawnhao almost 2 years ago
- Status changed from In Progress to Blocked
- % Done changed from 30 to 50
Case blocked now due to certification issue. Switch cannot set up connection to controller. Not sure now if this is related to POX or openvswitch.
Updated by shawnhao almost 2 years ago
- Assignee changed from shawnhao to bchou
Additional resource: tried to use ovs-pki to generate key and certs, however, same issue with private key ssl configuration failed occured.
In tw, I found that port 6634 is being used by another service from a nmap scan, thus result in connection failed. Switching to default port 6633 can solve this problem, but the above problem with key and certs still exists.
For reference: ovs-pki ssl key and certs generation https://docs.openvswitch.org/en/latest/howto/ssl/
Updated by bchou over 1 year ago
- Status changed from Blocked to Rejected
POX and OVS and python are updated, so this case need to reconsider if we still need it and refactor.