metadata agent unable to connect to Southbound DB using TLS

Bug #1847032 reported by Frode Nordahl
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Cloud Archive
High
Unassigned
Stein
High
Unassigned
Train
High
Unassigned
networking-ovn
Undecided
Frode Nordahl
networking-ovn (Ubuntu)
High
James Page
Disco
High
Unassigned
Eoan
High
James Page

Bug Description

2019-10-07 07:49:22.234 752648 INFO networking_ovn.agent.metadata.agent [-] DEBUG: 0
2019-10-07 07:49:22.234 752648 INFO networking_ovn.agent.metadata.ovsdb [-] DEBUG: connection_string="ssl:10.246.114.19:6642,ssl:10.246.114.26:6642,ssl:10.246.114.10:6642"
2019-10-07 07:49:22.235 752648 CRITICAL neutron [-] Unhandled error: TypeError: Path must be represented as bytes or unicode string
2019-10-07 07:49:22.235 752648 ERROR neutron Traceback (most recent call last):
2019-10-07 07:49:22.235 752648 ERROR neutron File "/usr/bin/networking-ovn-metadata-agent", line 10, in <module>
2019-10-07 07:49:22.235 752648 ERROR neutron sys.exit(main())
2019-10-07 07:49:22.235 752648 ERROR neutron File "/usr/lib/python3/dist-packages/networking_ovn/cmd/eventlet/agents/metadata.py", line 17, in main
2019-10-07 07:49:22.235 752648 ERROR neutron metadata_agent.main()
2019-10-07 07:49:22.235 752648 ERROR neutron File "/usr/lib/python3/dist-packages/networking_ovn/agent/metadata_agent.py", line 38, in main
2019-10-07 07:49:22.235 752648 ERROR neutron agt.start()
2019-10-07 07:49:22.235 752648 ERROR neutron File "/usr/lib/python3/dist-packages/networking_ovn/agent/metadata/agent.py", line 163, in start
2019-10-07 07:49:22.235 752648 ERROR neutron SbGlobalUpdateEvent(self)]).start()
2019-10-07 07:49:22.235 752648 ERROR neutron File "/usr/lib/python3/dist-packages/networking_ovn/agent/metadata/ovsdb.py", line 38, in __init__
2019-10-07 07:49:22.235 752648 ERROR neutron helper = self._get_ovsdb_helper(connection_string)
2019-10-07 07:49:22.235 752648 ERROR neutron File "/usr/lib/python3/dist-packages/networking_ovn/agent/metadata/ovsdb.py", line 52, in _get_ovsdb_helper
2019-10-07 07:49:22.235 752648 ERROR neutron return idlutils.get_schema_helper(connection_string, self.SCHEMA)
2019-10-07 07:49:22.235 752648 ERROR neutron File "/usr/lib/python3/dist-packages/ovsdbapp/backend/ovs_idl/idlutils.py", line 123, in get_schema_helper
2019-10-07 07:49:22.235 752648 ERROR neutron stream.Stream.open(c))
2019-10-07 07:49:22.235 752648 ERROR neutron File "/usr/lib/python3/dist-packages/ovs/stream.py", line 190, in open
2019-10-07 07:49:22.235 752648 ERROR neutron error, sock = cls._open(suffix, dscp)
2019-10-07 07:49:22.235 752648 ERROR neutron File "/usr/lib/python3/dist-packages/ovs/stream.py", line 786, in _open
2019-10-07 07:49:22.235 752648 ERROR neutron ctx.use_privatekey_file(Stream._SSL_private_key_file)
2019-10-07 07:49:22.235 752648 ERROR neutron File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 957, in use_privatekey_file
2019-10-07 07:49:22.235 752648 ERROR neutron keyfile = _path_string(keyfile)
2019-10-07 07:49:22.235 752648 ERROR neutron File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 107, in path_string
2019-10-07 07:49:22.235 752648 ERROR neutron raise TypeError("Path must be represented as bytes or unicode string")
2019-10-07 07:49:22.235 752648 ERROR neutron TypeError: Path must be represented as bytes or unicode string
2019-10-07 07:49:22.235 752648 ERROR neutron

Frode Nordahl (fnordahl)
Changed in networking-ovn:
status: New → In Progress
assignee: nobody → Frode Nordahl (fnordahl)
Frode Nordahl (fnordahl)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to networking-ovn (master)

Fix proposed to branch: master
Review: https://review.opendev.org/686974

James Page (james-page)
Changed in networking-ovn (Ubuntu):
status: New → Triaged
importance: Undecided → High
James Page (james-page)
Changed in networking-ovn (Ubuntu Disco):
status: New → Triaged
importance: Undecided → High
Changed in networking-ovn (Ubuntu Eoan):
assignee: nobody → James Page (james-page)
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package networking-ovn - 7.0.0~rc1-0ubuntu2

---------------
networking-ovn (7.0.0~rc1-0ubuntu2) eoan; urgency=medium

  * d/p/initialize-TLS-prior-to-retrieving-OVSDB-schema.patch: Cherry
    pick inflight fix to ensure that SSL configuration is setup prior to
    accessing the OVN SB and NB databases (LP: #1847032).

 -- James Page <email address hidden> Wed, 09 Oct 2019 10:47:25 +0100

Changed in networking-ovn (Ubuntu Eoan):
status: In Progress → Fix Released
James Page (james-page)
Changed in cloud-archive:
status: Triaged → Fix Committed
Revision history for this message
James Page (james-page) wrote :

This bug was fixed in the package networking-ovn - 7.0.0~rc1-0ubuntu2~cloud0
---------------

 networking-ovn (7.0.0~rc1-0ubuntu2~cloud0) bionic-train; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 networking-ovn (7.0.0~rc1-0ubuntu2) eoan; urgency=medium
 .
   * d/p/initialize-TLS-prior-to-retrieving-OVSDB-schema.patch: Cherry
     pick inflight fix to ensure that SSL configuration is setup prior to
     accessing the OVN SB and NB databases (LP: #1847032).

Changed in cloud-archive:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-ovn (master)

Reviewed: https://review.opendev.org/686974
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=e349bfb14aeaa884e3d26dce7e09ffb96cc0ae73
Submitter: Zuul
Branch: master

commit e349bfb14aeaa884e3d26dce7e09ffb96cc0ae73
Author: Frode Nordahl <email address hidden>
Date: Mon Oct 7 10:10:34 2019 +0200

    Initialize TLS prior to retrieving OVSDB schema

    Change-Id: Ic7e97ae78dadc4a07cff695a108c82fd3cb8e559
    Closes-Bug: #1847032

Changed in networking-ovn:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to networking-ovn (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/694006

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to networking-ovn (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/694007

tags: added: networking-ovn-proactive-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-ovn (stable/train)

Reviewed: https://review.opendev.org/694006
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=0ef9461c5b7b2a4220ea5c9deadf3d5b4515a8fd
Submitter: Zuul
Branch: stable/train

commit 0ef9461c5b7b2a4220ea5c9deadf3d5b4515a8fd
Author: Frode Nordahl <email address hidden>
Date: Mon Oct 7 10:10:34 2019 +0200

    Initialize TLS prior to retrieving OVSDB schema

    Change-Id: Ic7e97ae78dadc4a07cff695a108c82fd3cb8e559
    Closes-Bug: #1847032
    (cherry picked from commit e349bfb14aeaa884e3d26dce7e09ffb96cc0ae73)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-ovn (stable/stein)

Reviewed: https://review.opendev.org/694007
Committed: https://git.openstack.org/cgit/openstack/networking-ovn/commit/?id=5b93b558c6bcaeeabf80f9213a4f78c42d0ab850
Submitter: Zuul
Branch: stable/stein

commit 5b93b558c6bcaeeabf80f9213a4f78c42d0ab850
Author: Frode Nordahl <email address hidden>
Date: Mon Oct 7 10:10:34 2019 +0200

    Initialize TLS prior to retrieving OVSDB schema

    Change-Id: Ic7e97ae78dadc4a07cff695a108c82fd3cb8e559
    Closes-Bug: #1847032
    (cherry picked from commit e349bfb14aeaa884e3d26dce7e09ffb96cc0ae73)

tags: added: in-stable-stein
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to networking-ovn (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/700836

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on networking-ovn (master)

Change abandoned by Frode Nordahl (<email address hidden>) on branch: master
Review: https://review.opendev.org/700836
Reason: Superseded by https://review.opendev.org/#/c/701079/

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-ovn 7.1.0

This issue was fixed in the openstack/networking-ovn 7.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-ovn 6.0.1

This issue was fixed in the openstack/networking-ovn 6.0.1 release.

tags: removed: networking-ovn-proactive-backport-potential
Steve Langasek (vorlon)
Changed in networking-ovn (Ubuntu Disco):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers