[NETCONF-650] Creating a TLS mount w/o a key in keystore results in karaf.log filling up (not logging at ERROR, gating gets skipped) Created: 07/Nov/19  Updated: 02/May/23  Resolved: 02/May/23

Status: Resolved
Project: netconf
Component/s: netconf
Affects Version/s: Neon SR1
Fix Version/s: None

Type: Bug Priority: Medium
Reporter: Jeff Hartley Assignee: Ivan Martiniak
Resolution: Cannot Reproduce Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

To reproduce:
1. Use Neon-SR1 w/Netconf+RestConf.
2. Create a new TLS-mounted mountpoint, but do NOT create a key in the keystore for this device/VNF.
3. Watch the incorrectly-labeled (INFO) logs saturate the karaf.log, bypassing the mountpoint controls to dampen the connection attempts.

Attachments: Microsoft Word [NETCONF-650] Steps to reproduce.docx     Zip Archive files650.zip     File karaf.log.2    

 Description   

This is an operational issue that can result in all disk space filling up on the ODL VM.

Mounting a new netconf-over-TLS mountpoint without preconfiguring the keystore correctly results in extremely fast fail+remounts happening, which then fills up the logs and potentially kills the controller.

See karaf.log.2 (attached)

2019-11-06T12:16:50,920 | INFO | nioEventLoopGroupCloseable-3-5 | AbstractNetconfSessionNegotiator | 316 - org.opendaylight.netconf.netty-util - 1.6.1 | Unexpected error during negotiation
java.lang.IllegalStateException: java.security.KeyStoreException: No keystore private key found

Fixes in Neon, Sodium, and Master/Mg are desirable (ONAP intends to release on Neon).

Thanks
Generated at Wed Feb 07 20:15:33 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.