Hi All ,
I am following below wiki for OVSDB-TLS communication:
https://wiki.opendaylight.org/view/OVSDB_Integration:TLS_Communication
Steps followed:
I have copied ctl.jks and truststore.jks from my ubuntu to config/ssl folder
made <use-config>true</use-config> in aaa-cert-config.xml
made use-ssl = true in org.opendaylight.ovsdb.library.cfg
sudo ovs-vsctl --bootstrap set-ssl /etc/openvswitch/sc-privkey.pem
/etc/openvswitch/sc-cert.pem /var/lib/openvswitch/pki/controllerca/cacert.pem
sudo ovs-vsctl set-manager ssl:192.168.56.1:6640
I am seeing below error in ODL logs:
D: [id: 0x78b62606, L:/192.168.56.1:6640 - R:/192.168.56.102:41618]
-01-03 14:31:42,261 | ERROR | assiveConnServ-3 | OvsdbConnectionService
| 380 - org.opendaylight.ovsdb.library - 1.6.0.SNAPSHOT | Ssl handshake fail.
channel [id: 0x78b62606, L:/192.168.56.1:6640 ! R:/192.168.56.102:41618]
And I am not seeing the SSL connection on OVS :
stack@ubuntu:/etc/openvswitch$ sudo ovs-vsctl show
3dfb73ad-1ea2-46ed-b749-ba55a1ee912f
Manager "ssl:192.168.56.1:6640"
Bridge br-ex
Controller "ssl:192.168.56.1:6653"
Port br-ex
Interface br-ex
type: internal
ovs_version: "2.6.1"
stack@ubuntu:/etc/openvswitch$
stack@ubuntu:/etc/openvswitch$
stack@ubuntu:/var/log/openvswitch$
stack@ubuntu:/var/log/openvswitch$ tail -5 ovsdb-server.log
2018-01-02T18:20:05.920Z|07252|reconnect|INFO|ssl:192.168.56.1:6640: waiting 8
seconds before reconnect
2018-01-02T18:20:13.921Z|07253|reconnect|INFO|ssl:192.168.56.1:6640:
connecting...
2018-01-02T18:20:13.928Z|07254|stream_ssl|WARN|SSL_connect: error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
2018-01-02T18:20:13.928Z|07255|reconnect|INFO|ssl:192.168.56.1:6640: connection
attempt failed (Protocol error)
2018-01-02T18:20:13.928Z|07256|reconnect|INFO|ssl:192.168.56.1:6640: waiting 8
seconds before reconnect
stack@ubuntu:/var/log/openvswitch$
stack@ubuntu:/var/log/openvswitch$
Can you please help me out in fixing this issue ?
Attaching the config files changed & Please let me know if you need any info to
help on this issue.
Thanks,
Vamsi
#********************************************************************************************
# Boot Time Configuration
*
# Config knob changes will require controller restart
*
#********************************************************************************************
#Ovsdb plugin's (OVS, HwVtep) support both active and passive connections.
OVSDB library by
#default listens on port 6640 for switch initiated connection. Please use
following config
#knob for changing this default port.
ovsdb-listener-port = 6640
#This flag will be enforced across all the connection's (passive and active) if
set to true
use-ssl = true
#Set Json Rpc decoder max frame length value. If the OVSDB node contains large
configurations
#that can cause connection related issue while reading the configuration from
the OVSDB node
#database. Increasing the max frame lenge helps resolve the issue. Please see
following bug
#report for more details ( https://bugs.opendaylight.org/show_bug.cgi?id=2732 &
#https://bugs.opendaylight.org/show_bug.cgi?id=2487). Default value set to
100000.
json-rpc-decoder-max-frame-length = 100000
#********************************************************************************************
# Run Time Configuration
*
# Config knob changes doesn't require controller resart
*
#********************************************************************************************
#Timeout value (in millisecond) after which OVSDB rpc task will be
cancelled.Default value is
#set to 1000ms, please uncomment and override the value if requires.Changing
the value don't
#require controller restart.
ovsdb-rpc-task-timeout = 1000
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
