[NETCONF-598] Keys and certificates used for Netconf over TLS not found after restart, Fluorine SR1 Created: 14/Jan/19 Updated: 17/Jan/19 Resolved: 17/Jan/19 |
|
| Status: | Resolved |
| Project: | netconf |
| Component/s: | netconf |
| Affects Version/s: | Fluorine, Neon, Fluorine SR1 |
| Fix Version/s: | Neon, Fluorine SR2 |
| Type: | Bug | Priority: | Medium |
| Reporter: | Martin Sandberg | Assignee: | Jakub Morvay |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
add-keystore_entry.txt
add-private-key.txt
add-trusted-certificate.txt
karaf.log
|
| Description |
|
Keys and certificates used for Netconf over TLS are configured using the RPCs in the opendaylight:netconf-keystore Yang model. After a restart of ODL, the netconf connector is unable to find keys and certificates that were configured before the restart. It throws an exception saying for example "Unable to find private key". The keys and certificates can be read out over the restconf interface also after a restart, so they seem to be persistently stored. But internally, the netconf connector seem unaware of them, or unable to find them after the restart. |
| Comments |
| Comment by Jakub Morvay [ 17/Jan/19 ] |
|
Hi Martin_S, is it possible for you to provide me with the RPCs you use to configure keys and certificates? Also karaf log with the exception would be useful. |
| Comment by Martin Sandberg [ 17/Jan/19 ] |
|
karaf log and restconf calls attached. Immediatly after restart, ODL enters a fast loop, where it keeps retrying to setup the netconf connection but fails when it can't find it's own private key it seems. This cyclic behavior is also reported in NETCONF-597. I realize I didn't say so explicitly, but this test uses the ordinary non-clustered toplogy. The scenario is to configure the keys and certificates with the attached restconf calls, then successfully setup a netconf/tls connection to the device. After that, close down ODL and restart it. During restart, ODL reads the persistently stored connection configuration of the device and enters the unsuccessful cyclic setup attempt behavoir. |