Juniper Openstack

[5.0.1 contrail-security]failing to create security objects in mixed draft mode

Bug #1782523 reported by aswani kumar
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R5.0
Fix Released
Critical
Andrey Pavlov
Juniper Openstack r5.0.1
Trunk
Fix Committed
Critical
Andrey Pavlov
Juniper Openstack r5.1.0

Bug Description

seeing this in Build 5.0.1 145, 5.1 190
Scenario:

Enabled draft mode in both global and project level
Tried to create address groups and other security objects.
Throwing ineternal server error

Draft mode either alone in global or project scope is working

contrail-api.log
----------------
07/19/2018 12:34:23 PM [contrail-api] [ERROR]: __default__ [SYS_ERR]: VncApiError: <type 'exceptions.AttributeError'>
Python 2.7.5: /usr/bin/python
Thu Jul 19 12:34:23 2018

A problem occurred in a Python script. Here is the sequence of
function calls leading up to the error, in the order they occurred.

 /usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_cfg_api_server.py in handler_trap_exception(*args=(), **kwargs={})
 2045 (code, err_msg) = status
 2046 raise cfgm_common.exceptions.HttpError(code, err_msg)
 2047 response = handler(*args, **kwargs)
 2048 self._generate_rest_api_response_trace(trace, response)
 2049
response undefined
handler = <functools.partial object>
args = ()
kwargs = {}

 /usr/lib/python2.7/site-packages/cfgm_common/vnc_api_stats.py in wrapper(api_server_obj=<vnc_cfg_api_server.vnc_cfg_api_server.VncApiServer object>, resource_type='address_group', *args=(), **kwargs={})
   15 statistics = VncApiStatistics(
   16 obj_type=resource_type.replace('-', '_'))
   17 response = func(api_server_obj, resource_type, *args, **kwargs)
   18 statistics.response_size = len(str(response))
   19 statistics.response_code = bottle.response.status_code
response undefined
func = <function http_resource_create>
api_server_obj = <vnc_cfg_api_server.vnc_cfg_api_server.VncApiServer object>
resource_type = 'address_group'
args = ()
kwargs = {}

 /usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_cfg_api_server.py in http_resource_create(self=<vnc_cfg_api_server.vnc_cfg_api_server.VncApiServer object>, obj_type='address_group')
  736 # Can abort resource creation and retrun 202 status code
  737 get_context().set_state('PENDING_DBE_CREATE')
  738 ok, result = r_class.pending_dbe_create(obj_dict)
  739 if not ok:

  736 # Can abort resource creation and retrun 202 status code
  737 get_context().set_state('PENDING_DBE_CREATE')
  738 ok, result = r_class.pending_dbe_create(obj_dict)
  739 if not ok:
  740 code, msg = result
ok = True
result = ''
r_class = <class 'vnc_cfg_api_server.vnc_cfg_types.AddressGroupServer'>
r_class.pending_dbe_create = <bound method __metaclass__.pending_dbe_create o...fg_api_server.vnc_cfg_types.AddressGroupServer'>>
obj_dict = {'address_group_prefix': {'subnet': []}, 'fq_name': ['default-policy-management', 'ctest-TestFirewallDraft_1-48463899-51707779'], 'parent_type': 'policy-management', 'uuid': None}

 /usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_cfg_types.py in wrapper(cls=<class 'vnc_cfg_api_server.vnc_cfg_types.AddressGroupServer'>, obj_dict={'address_group_prefix': {'subnet': []}, 'fq_name': ['default-policy-management', 'ctest-TestFirewallDraft_1-48463899-51707779'], 'parent_type': 'policy-management', 'uuid': None}, *args=(), **kwargs={})
  263 cls.server.security_lock_prefix,
  264 scope_type,
  265 ':'.join(scope_fq_name),
  266 ),
  267 )
scope_fq_name = [u'default-global-system-config']

 /usr/lib/python2.7/site-packages/cfgm_common/zkclient.py in read_lock(self=<cfgm_common.zkclient.ZookeeperClient object>, path=u'//vnc_api_server_locks//security/global_system_config/default-global-system-config', identifier='nodem14-1')
  591 if not identifier:
  592 identifier = '%s-%s' % (socket.gethostname(), os.getpid())
  593 return self._zk_client.ReadLock(path, identifier)
  594
  595 def write_lock(self, path, identifier=None):
self = <cfgm_common.zkclient.ZookeeperClient object>
self._zk_client = <kazoo.client.KazooClient object>
self._zk_client.ReadLock undefined
path = u'//vnc_api_server_locks//security/global_system_config/default-global-system-config'
identifier = 'nodem14-1'
<type 'exceptions.AttributeError'>: 'KazooClient' object has no attribute 'ReadLock'
    __class__ = <type 'exceptions.AttributeError'>
    __delattr__ = <method-wrapper '__delattr__' of exceptions.AttributeError object>
    __dict__ = {}
    __doc__ = 'Attribute not found.'
    __format__ = <built-in method __format__ of exceptions.AttributeError object>
    __getattribute__ = <method-wrapper '__getattribute__' of exceptions.AttributeError object>
    __getitem__ = <method-wrapper '__getitem__' of exceptions.AttributeError object>
    __getslice__ = <method-wrapper '__getslice__' of exceptions.AttributeError object>
    __hash__ = <method-wrapper '__hash__' of exceptions.AttributeError object>
    __init__ = <method-wrapper '__init__' of exceptions.AttributeError object>
    __new__ = <built-in method __new__ of type object>
    __reduce__ = <built-in method __reduce__ of exceptions.AttributeError object>
    __reduce_ex__ = <built-in method __reduce_ex__ of exceptions.AttributeError object>
    __repr__ = <method-wrapper '__repr__' of exceptions.AttributeError object>
    __setattr__ = <method-wrapper '__setattr__' of exceptions.AttributeError object>
    __setstate__ = <built-in method __setstate__ of exceptions.AttributeError object>
    __sizeof__ = <built-in method __sizeof__ of exceptions.AttributeError object>
    __str__ = <method-wrapper '__str__' of exceptions.AttributeError object>
    __subclasshook__ = <built-in method __subclasshook__ of type object>
    __unicode__ = <built-in method __unicode__ of exceptions.AttributeError object>
    args = ("'KazooClient' object has no attribute 'ReadLock'",)
    message = "'KazooClient' object has no attribute 'ReadLock'"
The above is a description of an error in a Python program. Here is
the original traceback:

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_cfg_api_server.py", line 2047, in handler_trap_exception
    response = handler(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/cfgm_common/vnc_api_stats.py", line 17, in wrapper
    response = func(api_server_obj, resource_type, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_cfg_api_server.py", line 738, in http_resource_create
    ok, result = r_class.pending_dbe_create(obj_dict)
  File "/usr/lib/python2.7/site-packages/vnc_cfg_api_server/vnc_cfg_types.py", line 265, in wrapper
    ':'.join(scope_fq_name),
  File "/usr/lib/python2.7/site-packages/cfgm_common/zkclient.py", line 593, in read_lock
    return self._zk_client.ReadLock(path, identifier)
AttributeError: 'KazooClient' object has no attribute 'ReadLock'

aswani kumar (aswanikumar90)
tags: added: contrail-security
Revision history for this message
Édouard Thuleau (ethuleau) wrote :

can you provide the kazoo python package version installed on API config containers?

From the release 5.0.1 Contrail API uses kazoo recipes `ReadLock` and `WriteLock` and that recipes appeared on kazoo 2.3.0

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/44823
Submitter: prasad miriyala (<email address hidden>)

Revision history for this message
prasad miriyala (pmiriyala) wrote :

Hi Abhay,
It looks like changing requirement.txt in the api-server is not enough.
Could you please assign it to packaging folks to take care of this bug?
kazoo python package version installed with these builds are 2.2.1,
it should have a check for >= 2.3.0, as ReadLock/WriteLock recipes are introduced with 2.3.0.
Regards,
Prasad.

Revision history for this message
Abhay Joshi (abhayj) wrote :

Abhay, Please check the update on the above bug. Root caused it to kazoo package version is lower. Apparently we need more than changing requirement files of config. Please assign it to packaging folks, as I don’t know, who is responsible, I assigned it to you. Regards, Prasad.

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Review in progress for https://review.opencontrail.org/44828
Submitter: Andrey Pavlov (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Review in progress for https://review.opencontrail.org/44829
Submitter: Andrey Pavlov (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/44829
Committed: http://github.com/Juniper/contrail-third-party/commit/6fd047686e585af93570b8b111373136fb9eb041
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 6fd047686e585af93570b8b111373136fb9eb041
Author: Andrey Pavlov <email address hidden>
Date: Sat Jul 21 15:02:29 2018 +0300

add kazoo client to the list of thirdparty libraries

Change-Id: I7c31e6765abc8f57acbb5637508a54f615fa8e33
Partial-Bug: #1782523

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/44828
Submitter: Andrey Pavlov (<email address hidden>)

aswani kumar (aswanikumar90)
tags: added: sanityblocker
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Review in progress for https://review.opencontrail.org/44852
Submitter: Andrey Pavlov (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Review in progress for https://review.opencontrail.org/44828
Submitter: Andrey Pavlov (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Review in progress for https://review.opencontrail.org/44852
Submitter: Andrey Pavlov (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Review in progress for https://review.opencontrail.org/44871
Submitter: Andrey Pavlov (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/44852
Committed: http://github.com/Juniper/contrail-third-party-packages/commit/13aa4998cd61575c2b0d76300ef354e04287b442
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 13aa4998cd61575c2b0d76300ef354e04287b442
Author: Andrey Pavlov <email address hidden>
Date: Mon Jul 23 16:48:39 2018 +0300

add spec for python-kazoo-2.5.0

Change-Id: I0b01b9250c217f64a36808a7002137ee13899fa4
Partial-Bug: #1782523

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R5.0

Review in progress for https://review.opencontrail.org/44915
Submitter: Andrey Pavlov (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/44828
Committed: http://github.com/Juniper/contrail-packages/commit/5f7bf10c516942b06378905cfc03cf2d168e1639
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 5f7bf10c516942b06378905cfc03cf2d168e1639
Author: Andrey Pavlov <email address hidden>
Date: Mon Jul 23 09:19:59 2018 +0300

update requiremets for kazoo client

From the release 5.0.1 Contrail API uses kazoo recipes `ReadLock`
and `WriteLock` and that recipes appeared on kazoo 2.3.0

Depends-On: I0b01b9250c217f64a36808a7002137ee13899fa4
Change-Id: Ie0b4ae6aed392a635740bfd759e25605243d9d6c
Partial-Bug: #1782523

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/44915
Committed: http://github.com/Juniper/contrail-packages/commit/f3d4164a10d74528cea7b22c876a7b09a7a41c3e
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit f3d4164a10d74528cea7b22c876a7b09a7a41c3e
Author: Andrey Pavlov <email address hidden>
Date: Mon Jul 23 09:19:59 2018 +0300

update requiremets for kazoo client

From the release 5.0.1 Contrail API uses kazoo recipes `ReadLock`
and `WriteLock` and that recipes appeared on kazoo 2.3.0

Depends-On: I0b01b9250c217f64a36808a7002137ee13899fa4
Change-Id: Ie0b4ae6aed392a635740bfd759e25605243d9d6c
Partial-Bug: #1782523

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/44871
Committed: http://github.com/Juniper/contrail-third-party/commit/8bb9361745f842864d327b8e3fdf7fd9e634c331
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 8bb9361745f842864d327b8e3fdf7fd9e634c331
Author: Andrey Pavlov <email address hidden>
Date: Mon Jul 23 13:23:23 2018 -0700

Revert "add kazoo client to the list of thirdparty libraries"

This reverts commit 6fd047686e585af93570b8b111373136fb9eb041.

Change-Id: I166a4639ade7aa12b3ce68a92ce4661950239490
Partial-Bug: #1782523

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/44823
Committed: http://github.com/Juniper/contrail-controller/commit/9a50a2677cfcee42f67a81a3a6bdb0ba99ef1cb8
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 9a50a2677cfcee42f67a81a3a6bdb0ba99ef1cb8
Author: Prasad Miriyala <email address hidden>
Date: Fri Jul 20 16:22:44 2018 -0700

kazoo version is 2.2.1, where as ReadLock/WriteLock recipes are introduced in 2.3.0
specifying that, >=2.3.0 package for kazoo for api server

Closes-Bug: #1782523

Change-Id: I4cc30a72a3a8fc7f9cc17889470428e4b008f452

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.