Bug #5913
closedttcn3-pgw-test is broken (open5gs components fail to start)
100%
Description
Since recently, all testcases are failing in ttcn3-pgw-test:
https://jenkins.osmocom.org/jenkins/view/TTCN3/job/ttcn3-pgw-test/326/
The problem is that some open5gs components fail to start:
Open5GS daemon v2.6.0-35-g0df402b 02/18 14:00:24.733: [app] INFO: Configuration: '/data/open5gs-smf.yaml' (../lib/app/ogs-init.c:126) 02/18 14:00:24.746: [sbi] ERROR: TLS enabled but no server key (../lib/sbi/context.c:186) 02/18 14:00:24.746: [app] ERROR: Failed to intialize SMF (../src/smf/app.c:28) 02/18 14:00:24.746: [app] FATAL: Open5GS initialization failed. Aborted (../src/main.c:219)
Open5GS daemon v2.6.0-35-g0df402b 02/18 14:00:23.789: [app] INFO: Configuration: '/data/open5gs-nrf.yaml' (../lib/app/ogs-init.c:126) 02/18 14:00:23.791: [sbi] ERROR: TLS enabled but no server key (../lib/sbi/context.c:186) 02/18 14:00:23.791: [app] ERROR: Failed to intialize NRF (../src/nrf/app.c:28) 02/18 14:00:23.791: [app] FATAL: Open5GS initialization failed. Aborted (../src/main.c:219)
Interestingly enough, nowhere in our config files TLS is enabled explicitly.
Files
Updated by fixeria about 1 year ago
- File open5gs-nrf.yaml open5gs-nrf.yaml added
- File open5gs-smf.yaml open5gs-smf.yaml added
fixeria wrote:
Interestingly enough, nowhere in our config files TLS is enabled explicitly.
Attaching them to this ticket for the reference.
Updated by fixeria about 1 year ago
The related commit is:
commit 05fbaf69587488e53b5e741a9ada9f9fa5749322
Author: Sukchan Lee <acetcom@gmail.com>
Date: Sat Feb 18 10:58:29 2023 +0900
[SBI] HTTP2-TLS verification - ConfFile Changed
You should add the following configuration if you would not use TLS.
sbi:
server:
no_tls: true
client:
no_tls: true
Updated by fixeria about 1 year ago
- Status changed from New to Feedback
- % Done changed from 0 to 80
I reached out to Sukchan by E-mail trying to explain the backwards compatibility problems this commit creates, but it seems this is not a concern to him. In his response Sukchan said that he wants to request TLS by default starting from v2.6.0 for security reasons, and that one needs to disable TLS explicitly by putting "no_tls: true" if it's not needed. I don't really like this user-unfriendly approach, because it requires manual investigation, but of course it's up to Sukchan whichever policy to enforce.
Our config files are slightly outdated, so I took a chance to update them and added the missing TLS params:
https://gerrit.osmocom.org/c/docker-playground/+/31422 ttcn3-pgw-test: update open5gs-{nrf,smf,upf} config files
This patch fixes ttcn3-pgw-test. Additionally, I submitted patches making it possible to execute tests against open5gs-latest:
https://gerrit.osmocom.org/c/docker-playground/+/31411 osmo-uecups-latest: install missing iputils-ping
https://gerrit.osmocom.org/c/docker-playground/+/31412 open5gs-latest: install missing packages for ttcn3-pgw-test
https://gerrit.osmocom.org/c/docker-playground/+/31413 open5gs-latest: add osmocom user for ttcn3-pgw-test
With all these patches applied, I confirmed that the new config files are also accepted by open5gs-latest.
Updated by fixeria about 1 year ago
While testing the above-mentioned patches, I faced a problem with ping failing to start (exit code 512) due to insignificant write permissions for stderr/stdout redirection. Somehow this was not affecting Jenkins, but I also noticed that we don't have TESTCASE.prog.std{out,err} files in the artifacts. Here is a patch fixing this:
https://gerrit.osmocom.org/c/docker-playground/+/31424 ttcn3-pgw-test: make all directories writable by all users [NEW]
Updated by fixeria about 1 year ago
- Status changed from Feedback to Resolved
- % Done changed from 80 to 100
laforge wrote in #note-5:
I guess this can be closed?
All patches have been merged and ttcn3-pgw-test is all green. So yes, closing.
