Re: [OVSDB-TLS] Probe failed to OVSDB switch.


Mohamed ElSerngawy
 

Hi Vamsikrishna,

So you are following the previous wiki to establish OVS TLS communication without any cipher-suites specific (just to be not confused with ur other emails). Let's do the troubleshooting:

1- in the aaa-cert-config.xml using mdsal (<use-mdsal>true</use-mdsal>) that's mean you are using ODL in cluster mode ? if yes, so make sure that the aaa-cert data-tree has been configured in the cluster. If not, the recommendation is to use the jks files for certificates data store in ODL single instance.

2- Did you make sure that the OVS certificate has been stored in ODL ? check step 9 at the wiki.

I will try to go through the wiki again in order to reproduce it. Are you using ODL Nitrogen, Master ? let me know

Thank

-----

Thanks Jamo


On Wed, Jan 3, 2018 at 4:32 PM, Jamo Luhrsen <jluhrsen@...> wrote:
sending again with Mahamed's gmail address

On 01/03/2018 01:06 PM, Jamo Luhrsen wrote:
> Vamsi,
>
> I've added Mohamed explicitly to this email, as he was the author of the
> wiki page you are referring to.
>
> I've personally never set up ovsdb with TLS, so not sure if it even
> works. It does seem like a gap we have in our CSIT jobs. Hopefully someone
> (maybe me) can find time to add it. It's not out of the realm of possibility
> that it does not work and we need a bug.
>
> Thanks,
> JamO
>
> On 01/01/2018 07:19 AM, A Vamsikrishna wrote:
>> Hi All,
>>
>>  
>>
>> I am following below wiki for OVSDB-TLS communication:
>>
>>  
>>
>> https://wiki.opendaylight.org/view/OVSDB_Integration:TLS_Communication
>>
>>  
>>
>> I am seeing below error in ODL logs:
>>
>>  
>>
>> _remoteIp=IpAddress [_ipv4Address=Ipv4Address [_value=192.168.56.102]], _remotePort=PortNumber [_value=36526], augmentation=[]]
>>
>> 2018-01-01 20:36:43,103 | ERROR | DBConnNotifSer-0 | OvsdbConnectionService           | 380 - org.opendaylight.ovsdb.library
>> - 1.6.0.SNAPSHOT | *Probe failed to OVSDB swit*
>>
>> *ch. Disconnecting the channel ConnectionInfo* [Remote-address=192.168.56.102, Remote-port=36526, Local-address192.168.56.1,
>> Local-port=6640, type=PASSIVE]
>>
>>  
>>
>> And I am not seeing the SSL connection on OVS :
>>
>>  
>>
>> stack@ubuntu:/etc/openvswitch$ sudo ovs-vsctl show
>>
>> 3dfb73ad-1ea2-46ed-b749-ba55a1ee912f
>>
>> *    Manager "ssl:192.168.56.1:6640"*
>>
>>     Bridge br-ex
>>
>>         Controller "ssl:192.168.56.1:6653"
>>
>>        Port br-ex
>>
>>             Interface br-ex
>>
>>                 type: internal
>>
>>     ovs_version: "2.6.1"
>>
>> stack@ubuntu:/etc/openvswitch$
>>
>> stack@ubuntu:/etc/openvswitch$
>>
>>  
>>
>> Can you please help me out in fixing this issue ?
>>
>>  
>>
>> Attaching the config files changed & Please let me know if you need any info to help on this issue.
>>
>>  
>>
>> Thanks,
>>
>> Vamsi
>>
>>
>>
>> _______________________________________________
>> ovsdb-dev mailing list
>> ovsdb-dev@....org
>> https://lists.opendaylight.org/mailman/listinfo/ovsdb-dev
>>

Join z.archive.ovsdb-dev@lists.opendaylight.org to automatically receive all group messages.