Good afternoon, Since installing ovirt, there have been problems with OVN Provider. But we didn't do it, and we didn't have to. Now we need to create virtual networks, but nothing works for us. Please help with thoughts. I updated the Ovirt OVN Provider certificate, previously there was a problem with them after 2 years. all host install with ovirt node: software: OS Version:RHEL - 8 - 2.2004.0.2.el8 OS Description:oVirt Node 4.4.3 Kernel Version:4.18.0 - 193.28.1.el8_2.x86_64 KVM Version:4.2.0 - 29.el8.6 LIBVIRT Version:libvirt-6.0.0-25.2.el8 VDSM Version:vdsm-4.40.35.1-1.el8 SPICE Version:0.14.2 - 1.el8_2.1 GlusterFS Version:glusterfs-7.8-1.el8 CEPH Version:librbd1-12.2.7-9.el8 Open vSwitch Version:[N/A] Nmstate Version:nmstate-0.3.6-2.el8 Kernel Features:MDS: (Not affected), L1TF: (Not affected), SRBDS: (Not affected), MELTDOWN: (Not affected), SPECTRE_V1: (Mitigation: usercopy/swapgs barriers and __user pointer sanitization), SPECTRE_V2: (Mitigation: Enhanced IBRS, IBPB: conditional, RSB filling), ITLB_MULTIHIT: (KVM: Mitigation: Split huge pages), TSX_ASYNC_ABORT: (Mitigation: Clear CPU buffers; SMT vulnerable), SPEC_STORE_BYPASS: (Mitigation: Speculative Store Bypass disabled via prctl and seccomp) VNC Encryption:Disabled FIPS mode enabled:Disabled Logs /var/log/ovirt-provider-ovn.log 2023-02-07 12:32:18,629 root Starting server 2023-02-07 12:32:18,630 root Version: 1.2.32-1 2023-02-07 12:32:18,630 root Build date: 20200929061233 2023-02-07 12:32:18,630 root Githash: 44a7426 2023-02-07 12:34:17,362 ovsdbapp.backend.ovs_idl.idlutils Unable to open stream to ssl:127.0.0.1:6641 to retrieve schema: Connection reset by peer 2023-02-07 12:34:17,362 root From: ::ffff:10.0.120.11:43288 Request: GET /v2.0/networks 2023-02-07 12:34:17,362 root Could not retrieve schema from ssl:127.0.0.1:6641 Traceback (most recent call last): File "/usr/share/ovirt-provider-ovn/handlers/base_handler.py", line 138, in _handle_request method, path_parts, content File "/usr/share/ovirt-provider-ovn/handlers/selecting_handler.py", line 175, in handle_request return self.call_response_handler(handler, content, parameters) File "/usr/share/ovirt-provider-ovn/handlers/neutron.py", line 35, in call_response_handler with NeutronApi() as ovn_north: File "/usr/share/ovirt-provider-ovn/neutron/neutron_api.py", line 95, in __init__ self.ovsidl, self.idl = ovn_connection.connect() File "/usr/share/ovirt-provider-ovn/ovn_connection.py", line 46, in connect ovnconst.OVN_NORTHBOUND File "/usr/lib/python3.6/site-packages/ovsdbapp/backend/ovs_idl/connection.py", line 154, in from_server helper = idlutils.get_schema_helper(connection_string, schema_name) File "/usr/lib/python3.6/site-packages/ovsdbapp/backend/ovs_idl/idlutils.py", line 144, in get_schema_helper raise Exception("Could not retrieve schema from %s" % connection) Exception: Could not retrieve schema from ssl:127.0.0.1:6641 Test in Ovirt Engine OVN Provider Error:Failed to communicate with the external provider, see log for additional details. [root@ovirtengine ~]# cat /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf # This file is automatically generated by engine-setup. Please do not edit manually [PROVIDER] provider-host=ovirt.test.test.org [SSL] ssl-cert-file=/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer ssl-key-file=/etc/pki/ovirt-engine/keys/ovirt-provider-ovn.key.nopass ssl-cacert-file=/etc/pki/ovirt-engine/ca.pem https-enabled=true [OVN REMOTE] ovn-remote=ssl:127.0.0.1:6641 [OVIRT] ovirt-sso-client-id=ovirt-provider-ovn ovirt-sso-client-secret=SECRET KEY ovirt-host=https://ovirt.test.test.org:443 ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem [NETWORK] port-security-enabled-default=True Reinstall Ovirt OVN with engine-setup did not solve the problem [root@vovirtengine ~]# ovn-nbctl get-ssl Private key: /etc/pki/ovirt-engine/keys/ovn-ndb.key.nopass Certificate: /etc/pki/ovirt-engine/certs/ovn-ndb.cer CA Certificate: /etc/pki/ovirt-engine/ca.pem Bootstrap: false [root@vovirtengine ~]# ovn-nbctl get-connection pssl:6641:[::] [root@vovirtengine ~]# ovn-sbctl get-ssl Private key: /etc/pki/ovirt-engine/keys/ovn-sdb.key.nopass Certificate: /etc/pki/ovirt-engine/certs/ovn-sdb.cer CA Certificate: /etc/pki/ovirt-engine/ca.pem Bootstrap: false [root@vovirtengine ~]# ovn-sbctl get-connection read-write role="" pssl:6642:[::] [root@vovirtengine ~]# Ovirt-ENgine Config Name ovirt-provider-ovn Description oVirt network provider for OVN Networking Plugin oVirt Network Provider for OVN Automatic Synchronization YES Unmanaged NO Read-Only NO Provider URL https://ovirt.test.test.org:9696 Requires Authentication YES Username admin@internal Password PASWORD Protocol HTTPS Host Name ovirt.test.test.org API Port 35357 API Version v2.0 Tenant Name on host in cluster logs /var/log/openvswitch/ovn-controller.log <...> 2023-02-07T09:11:58.903Z|303247|stream_ssl|WARN|SSL_connect: system error (Success) 2023-02-07T09:12:06.912Z|303248|stream_ssl|WARN|SSL_connect: system error (Success) 2023-02-07T09:12:14.920Z|303249|stream_ssl|WARN|SSL_connect: system error (Success) 2023-02-07T09:12:22.929Z|303250|stream_ssl|WARN|SSL_connect: system error (Success) 2023-02-07T09:12:30.937Z|303251|stream_ssl|WARN|SSL_connect: system error (Success)