Message ID | 20240706142123.1179116-1-odivlad@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [ovs-dev] tests: Fix ssl-ciphers RO sb test with old openssl. | expand |
Context | Check | Description |
---|---|---|
ovsrobot/apply-robot | success | apply and check: success |
ovsrobot/github-robot-_ovn-kubernetes | success | github build: passed |
ovsrobot/github-robot-_Build_and_Test | fail | github build: failed |
On Sat, Jul 6, 2024 at 4:21 PM Vladislav Odintsov <odivlad@gmail.com> wrote: > The test "read-only sb db:pssl access with ssl-ciphers and ssl-protocols" > fails when running with openssl which doesn't support some of passed > values. > For instance, on openssl 1.0.2 there is no support for 'SECLEVEL' and > test fails due to extra string in stderr, which is asserted as a part of > test: > > ./ovn.at:37851: ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \ > --private-key=$PKIDIR/testpki-test-privkey.pem \ > --certificate=$PKIDIR/testpki-test-cert.pem \ > --ca-cert=$PKIDIR/testpki-cacert.pem \ > --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' \ > --ssl-protocols='TLSv1,TLSv1.1,TLSv1.2' \ > chassis-add ch vxlan 1.2.4.8 > --- - 2024-07-05 13:48:11.697647047 +0300 > +++ > /builddir/build/BUILD/ovn-24.03.90/tests/testsuite.dir/at-groups/520/stderr > 2024-07-05 13:48:11.694353357 +0300 > @@ -1,2 +1,3 @@ > +2024-07-05T10:48:11Z|00001|stream_ssl|ERR|SSL_CTX_set_cipher_list: > error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command > ovn-sbctl: transaction error: {"details":"insert operation not allowed > when database server is in read only mode","error":"not allowed"} > > This patch fixes the test adding grep of expected transaction error. > > CC: Aliasgar Ginwala <aginwala@ebay.com> > Fixes: 620203f9f0d9 ("Fix segfault due to ssl-ciphers.") > Signed-off-by: Vladislav Odintsov <odivlad@gmail.com> > --- > tests/ovn.at | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/tests/ovn.at b/tests/ovn.at > index 87a64499f..2341f52d5 100644 > --- a/tests/ovn.at > +++ b/tests/ovn.at > @@ -37854,9 +37854,9 @@ AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \ > --ca-cert=$PKIDIR/testpki-cacert.pem \ > --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' \ > --ssl-protocols='TLSv1,TLSv1.1,TLSv1.2' \ > - chassis-add ch vxlan 1.2.4.8], [1], [ignore], > -[ovn-sbctl: transaction error: {"details":"insert operation not allowed > when database server is in read only mode","error":"not allowed"} > -]) > + chassis-add ch vxlan 1.2.4.8 2>&1 | grep 'transaction > error]', [0], [dnl > +ovn-sbctl: transaction error: {"details":"insert operation not allowed > when database server is in read only mode","error":"not allowed"} > +], [ignore]) > > OVS_APP_EXIT_AND_WAIT([ovsdb-server]) > AT_CLEANUP > -- > 2.45.2 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > Looks good to me, thanks. Acked-by: Ales Musil <amusil@redhat.com>
On Wed, Jul 10, 2024 at 2:57 AM Ales Musil <amusil@redhat.com> wrote: > > On Sat, Jul 6, 2024 at 4:21 PM Vladislav Odintsov <odivlad@gmail.com> wrote: > > > The test "read-only sb db:pssl access with ssl-ciphers and ssl-protocols" > > fails when running with openssl which doesn't support some of passed > > values. > > For instance, on openssl 1.0.2 there is no support for 'SECLEVEL' and > > test fails due to extra string in stderr, which is asserted as a part of > > test: > > > > ./ovn.at:37851: ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \ > > --private-key=$PKIDIR/testpki-test-privkey.pem \ > > --certificate=$PKIDIR/testpki-test-cert.pem \ > > --ca-cert=$PKIDIR/testpki-cacert.pem \ > > --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' \ > > --ssl-protocols='TLSv1,TLSv1.1,TLSv1.2' \ > > chassis-add ch vxlan 1.2.4.8 > > --- - 2024-07-05 13:48:11.697647047 +0300 > > +++ > > /builddir/build/BUILD/ovn-24.03.90/tests/testsuite.dir/at-groups/520/stderr > > 2024-07-05 13:48:11.694353357 +0300 > > @@ -1,2 +1,3 @@ > > +2024-07-05T10:48:11Z|00001|stream_ssl|ERR|SSL_CTX_set_cipher_list: > > error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command > > ovn-sbctl: transaction error: {"details":"insert operation not allowed > > when database server is in read only mode","error":"not allowed"} > > > > This patch fixes the test adding grep of expected transaction error. > > > > CC: Aliasgar Ginwala <aginwala@ebay.com> > > Fixes: 620203f9f0d9 ("Fix segfault due to ssl-ciphers.") > > Signed-off-by: Vladislav Odintsov <odivlad@gmail.com> > > --- > > tests/ovn.at | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/tests/ovn.at b/tests/ovn.at > > index 87a64499f..2341f52d5 100644 > > --- a/tests/ovn.at > > +++ b/tests/ovn.at > > @@ -37854,9 +37854,9 @@ AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \ > > --ca-cert=$PKIDIR/testpki-cacert.pem \ > > --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' \ > > --ssl-protocols='TLSv1,TLSv1.1,TLSv1.2' \ > > - chassis-add ch vxlan 1.2.4.8], [1], [ignore], > > -[ovn-sbctl: transaction error: {"details":"insert operation not allowed > > when database server is in read only mode","error":"not allowed"} > > -]) > > + chassis-add ch vxlan 1.2.4.8 2>&1 | grep 'transaction > > error]', [0], [dnl > > +ovn-sbctl: transaction error: {"details":"insert operation not allowed > > when database server is in read only mode","error":"not allowed"} > > +], [ignore]) > > > > OVS_APP_EXIT_AND_WAIT([ovsdb-server]) > > AT_CLEANUP > > -- > > 2.45.2 > > > > _______________________________________________ > > dev mailing list > > dev@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > > > > Looks good to me, thanks. > > Acked-by: Ales Musil <amusil@redhat.com> Thanks. Applied to main. Numan > > -- > > Ales Musil > > Senior Software Engineer - OVN Core > > Red Hat EMEA <https://www.redhat.com> > > amusil@redhat.com > <https://red.ht/sig> > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
diff --git a/tests/ovn.at b/tests/ovn.at index 87a64499f..2341f52d5 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -37854,9 +37854,9 @@ AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \ --ca-cert=$PKIDIR/testpki-cacert.pem \ --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' \ --ssl-protocols='TLSv1,TLSv1.1,TLSv1.2' \ - chassis-add ch vxlan 1.2.4.8], [1], [ignore], -[ovn-sbctl: transaction error: {"details":"insert operation not allowed when database server is in read only mode","error":"not allowed"} -]) + chassis-add ch vxlan 1.2.4.8 2>&1 | grep 'transaction error]', [0], [dnl +ovn-sbctl: transaction error: {"details":"insert operation not allowed when database server is in read only mode","error":"not allowed"} +], [ignore]) OVS_APP_EXIT_AND_WAIT([ovsdb-server]) AT_CLEANUP
The test "read-only sb db:pssl access with ssl-ciphers and ssl-protocols" fails when running with openssl which doesn't support some of passed values. For instance, on openssl 1.0.2 there is no support for 'SECLEVEL' and test fails due to extra string in stderr, which is asserted as a part of test: ./ovn.at:37851: ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \ --private-key=$PKIDIR/testpki-test-privkey.pem \ --certificate=$PKIDIR/testpki-test-cert.pem \ --ca-cert=$PKIDIR/testpki-cacert.pem \ --ssl-ciphers='HIGH:!aNULL:!MD5:@SECLEVEL=1' \ --ssl-protocols='TLSv1,TLSv1.1,TLSv1.2' \ chassis-add ch vxlan 1.2.4.8 --- - 2024-07-05 13:48:11.697647047 +0300 +++ /builddir/build/BUILD/ovn-24.03.90/tests/testsuite.dir/at-groups/520/stderr 2024-07-05 13:48:11.694353357 +0300 @@ -1,2 +1,3 @@ +2024-07-05T10:48:11Z|00001|stream_ssl|ERR|SSL_CTX_set_cipher_list: error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command ovn-sbctl: transaction error: {"details":"insert operation not allowed when database server is in read only mode","error":"not allowed"} This patch fixes the test adding grep of expected transaction error. CC: Aliasgar Ginwala <aginwala@ebay.com> Fixes: 620203f9f0d9 ("Fix segfault due to ssl-ciphers.") Signed-off-by: Vladislav Odintsov <odivlad@gmail.com> --- tests/ovn.at | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)