action #112181
closed
[sle][security][backlog][FIPS] test fails in openvswitch_ssl due to POX and python3 updated
Added by bchou over 2 years ago.
Updated about 2 years ago.
Category:
Enhancement to existing tests
Description
Observation¶
openQA test in scenario sle-15-SP4-Online-x86_64-fips_ker_mode_tests_crypt_tool@64bit fails in
openvswitch_ssl
Test suite description¶
Maintainer: bchou@suse.com
Reproducible¶
Fails since (at least) Build 98.1
Expected result¶
Last good: 97.1 (or more recent)
Further details¶
Always latest result in this scenario: latest
Because of the POX and python3 are updated, our original test code is outdated.
We need to try to apply new POX and python3 in the test and enhance the test code.
- Subject changed from [sle][security][backlog] test fails in openvswitch_ssl due to POX and python3 updated to [sle][security][backlog][FIPS] test fails in openvswitch_ssl due to POX and python3 updated
- Assignee changed from bchou to shawnhao
- Status changed from New to In Progress
- % Done changed from 0 to 10
Preparing environment, will manually try this case on tw and see if POX and Python3 can work
- % Done changed from 10 to 30
Found that port 6634 used in original tests steps might be unavailable since it seems to be used by another service. Changed to default port 6633 which is suggested by openvswitch documentation. Connection failure solved, cert problem showed up instead when either with self-signed certs or with certs and keys generated from ovs-pki. Need further investigation on the reason why certs failed to work.
- Status changed from In Progress to Blocked
- % Done changed from 30 to 50
Case blocked now due to certification issue. Switch cannot set up connection to controller. Not sure now if this is related to POX or openvswitch.
- Assignee changed from shawnhao to bchou
Additional resource: tried to use ovs-pki to generate key and certs, however, same issue with private key ssl configuration failed occured.
In tw, I found that port 6634 is being used by another service from a nmap scan, thus result in connection failed. Switching to default port 6633 can solve this problem, but the above problem with key and certs still exists.
For reference: ovs-pki ssl key and certs generation https://docs.openvswitch.org/en/latest/howto/ssl/
- Status changed from Blocked to Rejected
POX and OVS and python are updated, so this case need to reconsider if we still need it and refactor.
Also available in: Atom
PDF