ovn-northd not always restarted after certificates written
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
charm-ovn-central |
Fix Committed
|
High
|
Frode Nordahl |
Bug Description
The symptom is:
2020-09-
2020-09-
in /var/log/
2020-09-
in /var/log/
Normally this means a mismatch between the host FQDN and what is configured in the Open_vSwitch table and/or the CN in the hypervisors certificate. But in this case that looks correct. What I do see is that none of the ovn-central units is claiming to have an active ovn-northd, and looking at /var/log/
The root cause of this is that the ovn-northd service has not been restarted after writing the certificates to disk.
systemctl status ovn-northd indicates that the service started before the certificate files in /etc/ovn were created.
It is ovn-northd's responsibility to create the RBAC rules in the database, and if it has never connected they would not be there, which would lead to chassis not being able to register itself.
Changed in charm-ovn-central: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in charm-ovn-central: | |
assignee: | nobody → Frode Nordahl (fnordahl) |
Changed in charm-ovn-central: | |
milestone: | none → 20.10 |
Changed in charm-ovn-central: | |
status: | Fix Committed → Fix Released |
To be clear, the workaround is to restart the ovn-northd daemon on each ovn-central unit. For example:
juju ssh ovn-central/0 sudo systemctl restart ovn-northd
juju ssh ovn-central/1 sudo systemctl restart ovn-northd
juju ssh ovn-central/2 sudo systemctl restart ovn-northd