Project

General

Profile

Actions
Copy link

action #166289

closed

[security][15-SP7][ipmi] test fails in ntp

Added by amanzini 4 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
amanzini
Category:
Bugs in existing tests
Target version:
-
Start date:
Due date:
% Done:

10%

Estimated time:
8.00 h
Difficulty:
Tags:
fail, study

Description

Observation

openQA test in scenario sle-15-SP7-Online-x86_64-fips_env_mode_tests_crypt_tool@ipmi-tyrion fails in
git

Test suite description

The base test suite is used for job templates defined in YAML documents. It has no settings of its own.

Reproducible

https://openqa.suse.de/tests/15293970#step/git/26

Expected result

Last good: (unknown) (or more recent)

Further details

Always latest result in this scenario: latest

First observation

Trying a git-clone over ssh, the system is asking to accept the host key, so the test hangs missing a confirmation. 

git clone ssh://localhost:/root/repos/qa0 qa2 | tee /dev/sshserial
Cloning into 'qa2'...

The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:g+NwCdw0BqlfdZf6fVy/HSefb7qQQZun2tRcwZ0vv5E.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

note: The issue occurs only on IPMI.

Actions
Copy link
 #1

Updated by tjyrinki_suse 4 months ago

  • Tags changed from fail to fail, study
  • Subject changed from [security][15-SP7][ipmi] test fails in git to [security][15-SP7][ipmi] test fails in git, behavior change in 15-SP7
  • Status changed from New to Workable
  • Start date deleted (2024-09-04)

This works differently in 15-SP6, possibly an updated git version or something else? https://openqa.suse.de/tests/15345705#step/git/26

Actions
Copy link
 #2

Updated by tjyrinki_suse 4 months ago

  • Estimated time set to 8.00 h
Actions
Copy link
 #3

Updated by amanzini 4 months ago

  • Assignee set to amanzini
Actions
Copy link
 #4

Updated by amanzini 4 months ago

note: now it fails on ntp step. Most likely same behavior as https://progress.opensuse.org/issues/166337

Actions
Copy link
 #5

Updated by amanzini 4 months ago

  • Status changed from Workable to In Progress
Actions
Copy link
 #6

Updated by amanzini 4 months ago

  • % Done changed from 0 to 10
Actions
Copy link
 #7

Updated by amanzini 4 months ago · Edited

looks like IPMI host at 10.168.192.75/22 is not able to reach NTP servers 

susetest:~ # ntpq
ntpq> peers
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 172.16.12.34    .INIT.          16 u    -   64    0    0.000   +0.000   0.000
 172.16.21.43    .INIT.          16 u    -   64    0    0.000   +0.000   0.000
 2a07:de40:b205: .INIT.          16 u    -   64    0    0.000   +0.000   0.000
 2a07:de40:b205: .INIT.          16 u    -   64    0    0.000   +0.000   0.000
ntpq> 
susetest:~ # ntpdate 172.16.12.34
 3 Jul 10:44:33 ntpdate[17291]: the NTP socket is in use, exiting
susetest:~ # ntpdate 172.16.12.34


 3 Jul 10:44:51 ntpdate[17297]: no server suitable for synchronization found

$ date
Tue Jul  3 10:48:08 AM EDT 2018
Actions
Copy link
 #8

Updated by amanzini 4 months ago · Edited

  • Subject changed from [security][15-SP7][ipmi] test fails in git, behavior change in 15-SP7 to [security][15-SP7][ipmi] test fails in ntp

seems all configured server remains in a .INIT. state 

$ ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 2a07:de40:b205: .INIT.          16 u    -   64    0    0.000   +0.000   0.000
 2a07:de40:b205: .INIT.          16 u    -   64    0    0.000   +0.000   0.000
 10.160.0.45     .INIT.          16 u    -   64    0    0.000   +0.000   0.000
 10.160.0.44     .INIT.          16 u    -   64    0    0.000   +0.000   0.000
 10.160.255.254  .INIT.          16 u    -   64    0    0.000   +0.000   0.000

inspecting the traffic, I can see only outgoing packets:

$ systemctl restart ntpd ; tcpdump -npi any port 123 
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
06:29:39.056428 eth0  Out IP6 2a07:de40:a102:5:3eec:efff:fe42:57e0.123 > 2a07:de40:b205:26:10:144:55:129.123: NTPv4, Client, length 48
06:29:40.056448 eth0  Out IP6 2a07:de40:a102:5:3eec:efff:fe42:57e0.123 > 2a07:de40:b205:26:10:144:55:130.123: NTPv4, Client, length 48
06:29:58.056447 eth0  Out IP 10.168.192.75.123 > 10.160.255.254.123: NTPv4, Client, length 48
06:30:03.056332 eth0  Out IP 10.168.192.75.123 > 10.160.0.44.123: NTPv4, Client, length 48
06:30:06.056313 eth0  Out IP 10.168.192.75.123 > 10.160.0.45.123: NTPv4, Client, length 48
06:30:44.056433 eth0  Out IP6 2a07:de40:a102:5:3eec:efff:fe42:57e0.123 > 2a07:de40:b205:26:10:144:55:130.123: NTPv4, Client, length 48
06:30:45.056395 eth0  Out IP6 2a07:de40:a102:5:3eec:efff:fe42:57e0.123 > 2a07:de40:b205:26:10:144:55:129.123: NTPv4, Client, length 48
06:31:02.056427 eth0  Out IP 10.168.192.75.123 > 10.160.255.254.123: NTPv4, Client, length 48
Actions
Copy link
 #9

Updated by amanzini 4 months ago

filed SD-168367 to ask port opening

Actions
Copy link
 #10

Updated by amanzini 4 months ago

  • Status changed from In Progress to Blocked
Actions
Copy link
 #12

Updated by amanzini 4 months ago

correct (current) NTP servers to configure are

server ntp1.prg2.suse.org
server ntp2.prg2.suse.org
server ntp3.prg2.suse.org

for some reason, the machine get wrong (dismissed) NTP peers. Need to have a check on DNS

Actions
Copy link
 #13

Updated by amanzini 3 months ago

  • Status changed from Blocked to Resolved
Actions
Copy link

Also available in: Atom PDF