Good afternoon,
Since installing ovirt, there have been problems with OVN Provider. But we
didn't do it, and we didn't have to. Now we need to create virtual networks,
but nothing works for us. Please help with thoughts. I updated the Ovirt OVN
Provider certificate, previously there was a problem with them after 2 years.
all host install with ovirt node:
software:
OS Version:RHEL - 8 - 2.2004.0.2.el8
OS Description:oVirt Node 4.4.3
Kernel Version:4.18.0 - 193.28.1.el8_2.x86_64
KVM Version:4.2.0 - 29.el8.6
LIBVIRT Version:libvirt-6.0.0-25.2.el8
VDSM Version:vdsm-4.40.35.1-1.el8
SPICE Version:0.14.2 - 1.el8_2.1
GlusterFS Version:glusterfs-7.8-1.el8
CEPH Version:librbd1-12.2.7-9.el8
Open vSwitch Version:[N/A]
Nmstate Version:nmstate-0.3.6-2.el8
Kernel Features:MDS: (Not affected), L1TF: (Not affected), SRBDS: (Not
affected), MELTDOWN: (Not affected), SPECTRE_V1: (Mitigation: usercopy/swapgs
barriers and __user pointer sanitization), SPECTRE_V2: (Mitigation: Enhanced
IBRS, IBPB: conditional, RSB filling), ITLB_MULTIHIT: (KVM: Mitigation: Split
huge pages), TSX_ASYNC_ABORT: (Mitigation: Clear CPU buffers; SMT vulnerable),
SPEC_STORE_BYPASS: (Mitigation: Speculative Store Bypass disabled via prctl and
seccomp)
VNC Encryption:Disabled
FIPS mode enabled:Disabled
Logs /var/log/ovirt-provider-ovn.log
2023-02-07 12:32:18,629 root Starting server
2023-02-07 12:32:18,630 root Version: 1.2.32-1
2023-02-07 12:32:18,630 root Build date: 20200929061233
2023-02-07 12:32:18,630 root Githash: 44a7426
2023-02-07 12:34:17,362 ovsdbapp.backend.ovs_idl.idlutils Unable to open stream
to ssl:127.0.0.1:6641 to retrieve schema: Connection reset by peer
2023-02-07 12:34:17,362 root From: ::ffff:10.0.120.11:43288 Request: GET
/v2.0/networks
2023-02-07 12:34:17,362 root Could not retrieve schema from ssl:127.0.0.1:6641
Traceback (most recent call last):
File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in
_handle_request
method, path_parts, content
File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175,
in handle_request
return self.call_response_handler(handler, content, parameters)
File "/usr/share/ovirt-provider-ovn/handlers/neutron.py", line 35, in
call_response_handler
with NeutronApi() as ovn_north:
File "/usr/share/ovirt-provider-ovn/neutron/neutron_api.py", line 95, in
__init__
self.ovsidl, self.idl = ovn_connection.connect()
File "/usr/share/ovirt-provider-ovn/ovn_connection.py", line 46, in connect
ovnconst.OVN_NORTHBOUND
File
"/usr/lib/python3.6/site-packages/ovsdbapp/backend/ovs_idl/connection.py", line
154, in from_server
helper = idlutils.get_schema_helper(connection_string, schema_name)
File "/usr/lib/python3.6/site-packages/ovsdbapp/backend/ovs_idl/idlutils.py",
line 144, in get_schema_helper
raise Exception("Could not retrieve schema from %s" % connection)
Exception: Could not retrieve schema from ssl:127.0.0.1:6641
Test in Ovirt Engine OVN Provider
Error:Failed to communicate with the external provider, see log for additional
details.
[root@ovirtengine ~]# cat
/etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf
# This file is automatically generated by engine-setup. Please do not edit
manually
[PROVIDER]
provider-host=ovirt.test.test.org
[SSL]
ssl-cert-file=/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer
ssl-key-file=/etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass
ssl-cacert-file=/etc/pki/ovirt-engine/ca.pem
https-enabled=true
[OVN REMOTE]
ovn-remote=ssl:127.0.0.1:6641
[OVIRT]
ovirt-sso-client-id=ovirt-provider-ovn
ovirt-sso-client-secret=SECRET KEY
ovirt-host=https://ovirt.test.test.org:443
ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem
[NETWORK]
port-security-enabled-default=True
Reinstall Ovirt OVN with engine-setup did not solve the problem
[root@vovirtengine ~]# ovn-nbctl get-ssl
Private key: /etc/pki/ovirt-engine/keys/ovn-ndb.key.nopass
Certificate: /etc/pki/ovirt-engine/certs/ovn-ndb.cer
CA Certificate: /etc/pki/ovirt-engine/ca.pem
Bootstrap: false
[root@vovirtengine ~]# ovn-nbctl get-connection
pssl:6641:[::]
[root@vovirtengine ~]# ovn-sbctl get-ssl
Private key: /etc/pki/ovirt-engine/keys/ovn-sdb.key.nopass
Certificate: /etc/pki/ovirt-engine/certs/ovn-sdb.cer
CA Certificate: /etc/pki/ovirt-engine/ca.pem
Bootstrap: false
[root@vovirtengine ~]# ovn-sbctl get-connection
read-write role="" pssl:6642:[::]
[root@vovirtengine ~]#
Ovirt-ENgine Config
Name ovirt-provider-ovn
Description oVirt network provider for OVN
Networking Plugin oVirt Network Provider for OVN
Automatic Synchronization YES
Unmanaged NO
Read-Only NO
Provider URL https://ovirt.test.test.org:9696
Requires Authentication YES
Username admin@internal
Password PASWORD
Protocol HTTPS
Host Name ovirt.test.test.org
API Port 35357
API Version v2.0
Tenant Name
on host in cluster logs /var/log/openvswitch/ovn-controller.log
<...>
2023-02-07T09:11:58.903Z|303247|stream_ssl|WARN|SSL_connect: system error
(Success)
2023-02-07T09:12:06.912Z|303248|stream_ssl|WARN|SSL_connect: system error
(Success)
2023-02-07T09:12:14.920Z|303249|stream_ssl|WARN|SSL_connect: system error
(Success)
2023-02-07T09:12:22.929Z|303250|stream_ssl|WARN|SSL_connect: system error
(Success)
2023-02-07T09:12:30.937Z|303251|stream_ssl|WARN|SSL_connect: system error
(Success)
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TUNTKKQCDRXEFRZNDJDVTBP7H22VT7WP/
