MicroOVN with SSL breaks nbctl on >3 machines
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
microovn |
Fix Released
|
High
|
Frode Nordahl |
Bug Description
The recent addition of SSL to MicroOVN seems to cause issues with `ovn-nbctl` when there are more than 3 nodes in the cluster:
```
cat /var/snap/
# Generated by MicroOVN, DO NOT EDIT.
OVN_INITIAL_
OVN_INITIAL_
OVN_NB_
OVN_SB_
OVN_LOCAL_
```
```
snap run --shell microovn -c "ovn-nbctl --timeout=10 --db ssl:10.
(2023-06-
2023-06-
2023-06-
2023-06-
2023-06-
2023-06-
2023-06-
2023-06-
ovn-nbctl: ssl:10.
```
Likely related is that the new certificates are only placed on the first three machines of the cluster, but additional machines don't receive these certs:
on the first 3 machines:
```
ls -l /var/snap/
total 36
-rw-r--r-- 1 root root 749 Jun 22 03:32 cacert.pem
-rw-r--r-- 1 root root 745 Jun 22 03:32 ovn-controller-
-rw-r--r-- 1 root root 288 Jun 22 03:32 ovn-controller-
-rw-r--r-- 1 root root 741 Jun 22 03:32 ovn-northd-cert.pem
-rw-r--r-- 1 root root 288 Jun 22 03:32 ovn-northd-
-rw-r--r-- 1 root root 733 Jun 22 03:32 ovnnb-cert.pem
-rw-r--r-- 1 root root 288 Jun 22 03:32 ovnnb-privkey.pem
-rw-r--r-- 1 root root 733 Jun 22 03:32 ovnsb-cert.pem
```
on machines that joined afterward:
```
ls -l /var/snap/
total 12
-rw-r--r-- 1 root root 749 Jun 22 03:32 cacert.pem
-rw-r--r-- 1 root root 745 Jun 22 03:32 ovn-controller-
-rw-r--r-- 1 root root 288 Jun 22 03:32 ovn-controller-
```
Changed in microovn: | |
status: | Fix Committed → Fix Released |
https:/ /github. com/canonical/ microovn/ pull/37