[NETCONF-854] mount with TLS fails on phosphorus-sr1

Fri, 11 Feb 2022 16:13:29 +0000

This feature was working in silicon-sr1.

How to reproduce:

* mount device with TLS

PUT /rests/data/network-topology:network-topology/topology=topology-netconf/node=tlstest 
<node xmlns="urn:TBD:params:xml:ns:yang:network-topology">
  <node-id>tlstest</node-id>
  <key-based xmlns="urn:opendaylight:netconf-node-topology">
    <key-id xmlns="urn:opendaylight:netconf-node-topology">ODL_private_key_0</key-id>
    <username xmlns="urn:opendaylight:netconf-node-topology">netconf</username>
  </key-based>
  <host xmlns="urn:opendaylight:netconf-node-topology">10.20.35.147</host>
  <port xmlns="urn:opendaylight:netconf-node-topology">31500</port>
  <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only>
  <protocol xmlns="urn:opendaylight:netconf-node-topology">
    <name xmlns="urn:opendaylight:netconf-node-topology">TLS</name>
  </protocol>
  <max-connection-attempts xmlns="urn:opendaylight:netconf-node-topology">2</max-connection-attempts>
</node>

* wait for connected state... will never happen

GET /rests/data/network-topology:network-topology/topology=topology-netconf 
{
    "network-topology:topology": [
        {
            "topology-id": "topology-netconf",
            "node": [
                {
                    "node-id": "tlstest",
                    "netconf-node-topology:connection-status": "unable-to-connect",
                    "netconf-node-topology:connected-message": "javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error",
                    "netconf-node-topology:max-connection-attempts": 2,
                    "netconf-node-topology:key-based": {
                        "username": "netconf",
                        "key-id": ""
                    },
                    "netconf-node-topology:host": "10.20.35.147",
                    "netconf-node-topology:port": 31500,
                    "netconf-node-topology:protocol": {
                        "name": "TLS"
                    },
                    "netconf-node-topology:tcp-only": false
                }
            ]
        }
    ]
}

The following exception is thrown in karaf.log

2022-01-28T03:51:09,695 | INFO  | globalWorkerGroup-3-1 | AbstractNetconfSessionNegotiator | 352 - org.opendaylight.netconf.netty-util - 2.0.11 | Unexpected error during negotiation on channel [id: 0x50cee553, L:0.0.0.0/0.0.0.0:34890]2022-01-28T03:51:09,695 | INFO  | globalWorkerGroup-3-1 | AbstractNetconfSessionNegotiator | 352 - org.opendaylight.netconf.netty-util - 2.0.11 | Unexpected error during negotiation on channel [id: 0x50cee553, L:0.0.0.0/0.0.0.0:34890]io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:477) ~[bundleFile:4.1.69.Final] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[bundleFile:4.1.69.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [bundleFile:4.1.69.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [bundleFile:4.1.69.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [bundleFile:4.1.69.Final] at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [bundleFile:4.1.69.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [bundleFile:4.1.69.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [bundleFile:4.1.69.Final] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [bundleFile:4.1.69.Final] at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) [bundleFile:4.1.69.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719) [bundleFile:4.1.69.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655) [bundleFile:4.1.69.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581) [bundleFile:4.1.69.Final] at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) [bundleFile:4.1.69.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986) [bundleFile:4.1.69.Final] at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [bundleFile:4.1.69.Final] at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [bundleFile:4.1.69.Final] at java.lang.Thread.run(Unknown Source) [?:?]Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?] at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?] at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?] at sun.security.ssl.Alert$AlertConsumer.consume(Unknown Source) ~[?:?] at sun.security.ssl.TransportContext.dispatch(Unknown Source) ~[?:?] at sun.security.ssl.SSLTransport.decode(Unknown Source) ~[?:?] at sun.security.ssl.SSLEngineImpl.decode(Unknown Source) ~[?:?] at sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source) ~[?:?] at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[?:?] at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[?:?] at javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[?:?] at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:296) ~[bundleFile:4.1.69.Final] at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1342) ~[bundleFile:4.1.69.Final] at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1235) ~[bundleFile:4.1.69.Final] at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1284) ~[bundleFile:4.1.69.Final] at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507) ~[bundleFile:4.1.69.Final] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446) ~[bundleFile:4.1.69.Final] ... 17 more2022-01-28T03:51:09,735 | INFO  | opendaylight-cluster-data-notification-dispatcher-45 | NetconfNodeStateServiceImpl      | 234 - org.onap.ccsdk.features.sdnr.wt.phosphorus.sr1.sdnr-wt-netconfnode-state-service-provider - 1.3.0.SNAPSHOT | L1 TreeChange enter changes:12022-01-28T03:51:09,735 | INFO  | opendaylight-cluster-data-notification-dispatcher-41 | NetconfNodeStateServiceImpl      | 234 - org.onap.ccsdk.features.sdnr.wt.phosphorus.sr1.sdnr-wt-netconfnode-state-service-provider - 1.3.0.SNAPSHOT | L2 TreeChange enter changes:12022-01-28T03:51:09,736 | INFO  | opendaylight-cluster-data-notification-dispatcher-41 | NetconfNodeStateServiceImpl      | 234 - org.onap.ccsdk.features.sdnr.wt.phosphorus.sr1.sdnr-wt-netconfnode-state-service-provider - 1.3.0.SNAPSHOT | L2 TreeChange leave2022-01-28T03:51:09,736 | INFO  | opendaylight-cluster-data-notification-dispatcher-45 | NetconfNodeStateServiceImpl      | 234 - org.onap.ccsdk.features.sdnr.wt.phosphorus.sr1.sdnr-wt-netconfnode-state-service-provider - 1.3.0.SNAPSHOT | L1 NETCONF id:Uri{_value=tlstest} t:WRITE created false before:false after:false akkaIsCluster:false cl stat:null2022-01-28T03:51:09,737 | INFO  | opendaylight-cluster-data-notification-dispatcher-45 | DeviceManagerNetconfNotConnectHandler | 212 - org.onap.ccsdk.features.sdnr.wt.phosphorus.sr1.sdnr-wt-devicemanager-core-provider - 1.3.0.SNAPSHOT | onStateChange Uri{_value=tlstest}2022-01-28T03:51:09,721 | WARN  | globalWorkerGroup-3-2 | ChannelInitializer               | 66 - io.netty.common - 4.1.69.Final | Failed to initialize a channel. Closing: [id: 0xd0dc51df]io.netty.channel.ChannelPipelineException: org.opendaylight.netconf.nettyutil.ReconnectPromise$1 is not a @Sharable handler, so can't be added or removed multiple times. at io.netty.channel.DefaultChannelPipeline.checkMultiplicity(DefaultChannelPipeline.java:600) ~[bundleFile:4.1.69.Final] at io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:202) ~[bundleFile:4.1.69.Final] at io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:381) ~[bundleFile:4.1.69.Final] at io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:370) ~[bundleFile:4.1.69.Final] at org.opendaylight.netconf.nettyutil.ReconnectPromise.lambda$lockedConnect$0(ReconnectPromise.java:114) ~[bundleFile:?] at org.opendaylight.netconf.nettyutil.AbstractNetconfDispatcher$3.initChannel(AbstractNetconfDispatcher.java:202) ~[bundleFile:?] at org.opendaylight.netconf.nettyutil.AbstractNetconfDispatcher$3.initChannel(AbstractNetconfDispatcher.java:199) ~[bundleFile:?] at io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129) [bundleFile:4.1.69.Final] at io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112) [bundleFile:4.1.69.Final] at io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:938) [bundleFile:4.1.69.Final] at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:609) [bundleFile:4.1.69.Final] at io.netty.channel.DefaultChannelPipeline.access$100(DefaultChannelPipeline.java:46) [bundleFile:4.1.69.Final] at io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1463) [bundleFile:4.1.69.Final] at io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1115) [bundleFile:4.1.69.Final] at io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:650) [bundleFile:4.1.69.Final] at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:514) [bundleFile:4.1.69.Final] at io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:429) [bundleFile:4.1.69.Final] at io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:486) [bundleFile:4.1.69.Final] at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164) [bundleFile:4.1.69.Final] at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:469) [bundleFile:4.1.69.Final] at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:500) [bundleFile:4.1.69.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986) [bundleFile:4.1.69.Final] at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [bundleFile:4.1.69.Final] at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [bundleFile:4.1.69.Final] at java.lang.Thread.run(Unknown Source) [?:?]2022-01-28T03:51:09,742 | INFO  | opendaylight-cluster-data-notification-dispatcher-45 | Capabilities                     | 233 - org.onap.ccsdk.features.sdnr.wt.phosphorus.sr1.sdnr-wt-netconfnode-state-service-model - 1.3.0.SNAPSHOT | GetAvailableCapabilities for node2022-01-28T03:51:09,742 | INFO  | opendaylight-cluster-data-notification-dispatcher-45 | Capabilities                     | 233 - org.onap.ccsdk.features.sdnr.wt.phosphorus.sr1.sdnr-wt-netconfnode-state-service-model - 1.3.0.SNAPSHOT | GetUnavailableCapabilities for node2022-01-28T03:51:09,743 | INFO  | opendaylight-cluster-data-notification-dispatcher-45 | HtDatabaseEventsService          | 210 - org.onap.ccsdk.features.sdnr.wt.phosphorus.sr1.sdnr-wt-data-provider-provider - 1.3.0.SNAPSHOT | update networkelement-connection for tlstest with data NetworkElementConnection{coreModelCapability=Unsupported, deviceType=Unknown, host=10.20.35.147, id=tlstest, isRequired=false, mountMethod=KeyAuth, nodeDetails=NodeDetails{availableCapabilities=[], unavailableCapabilities=[]}, nodeId=tlstest, port=31500, status=UnableToConnect, tlsKey=, username=netconf}2022-01-28T03:51:09,725 | ERROR | globalEventExecutor-1-1 | AbstractNetconfTopology          | 362 - org.opendaylight.netconf.topology - 2.0.11 | Connector for tlstest failedio.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:477) ~[?:?] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[bundleFile:4.1.69.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[bundleFile:4.1.69.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) ~[bundleFile:4.1.69.Final] at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[bundleFile:4.1.69.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[bundleFile:4.1.69.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) ~[bundleFile:4.1.69.Final] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[bundleFile:4.1.69.Final] at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[bundleFile:4.1.69.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719) ~[bundleFile:4.1.69.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655) ~[bundleFile:4.1.69.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581) ~[bundleFile:4.1.69.Final] at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) ~[bundleFile:4.1.69.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986) ~[bundleFile:4.1.69.Final] at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [bundleFile:4.1.69.Final] at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [bundleFile:4.1.69.Final] at java.lang.Thread.run(Unknown Source) [?:?]Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?] at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?] at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?] at sun.security.ssl.Alert$AlertConsumer.consume(Unknown Source) ~[?:?] at sun.security.ssl.TransportContext.dispatch(Unknown Source) ~[?:?] at sun.security.ssl.SSLTransport.decode(Unknown Source) ~[?:?] at sun.security.ssl.SSLEngineImpl.decode(Unknown Source) ~[?:?] at sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source) ~[?:?] at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[?:?] at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[?:?] at javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[?:?] at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:296) ~[?:?] at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1342) ~[?:?] at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1235) ~[?:?] at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1284) ~[?:?] at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507) ~[?:?] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446) ~[?:?] ... 17 more

OpenDaylight JIRA

[NETCONF-854] mount with TLS fails on phosphorus-sr1