neutron

Cannot create password-authenticated BGP peer

Bug #1592982 reported by Paulo Matias
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Dongcan Ye

Bug Description

When trying to create a password-authenticated BGP peer, it fails with an error message in the log (below).

Step-by-step reproduction steps:

neutron bgp-peer-create --peer-ip 2001:db8::1 --remote-as 65001 --auth-type md5 --password plaintext bgp-peer1

Actual output:

2016-06-10 15:59:00.329 3181 ERROR ryu.lib.hub [-] hub: uncaught exception: Traceback (most recent call last):
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/hub.py", line 52, in _launch
    func(*args, **kwargs)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/peer.py", line 1072, in _connect_loop
    password=password)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/base.py", line 411, in _connect_tcp
    sockopt.set_tcp_md5sig(sock, peer_addr[0], password)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 69, in set_tcp_md5sig
    impl(s, addr, key)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 41, in _set_tcp_md5sig_linux
    tcp_md5sig = ss + struct.pack("2xH4x80s", len(key), key)
error: argument for 's' must be a string

Version: stable/mitaka deployed with OpenStack-Ansible on Ubuntu Trusty

Environment: multi-node

Pre-conditions: Add init script for BGP DrAgent (does not come by default with the OSA deployment)

Perceived severity: Blocks usage of authenticated BGP. Unauthenticated BGP still works.

Comments:

The database model returns (get_bgp_peer) the password as an unicode string, which is passed around until it reaches the Ryu library, causing the error shown in the stacktrace above.

I tried to follow the Neutron codebase's standard solution to deal with this. Several places do encode unicode strings which have been read from the database before passing them around, e.g.:

neutron/agent/linux/utils.py: if isinstance(dev, six.text_type):
neutron/agent/linux/utils.py- dev = dev.encode('utf-8')
--
neutron/agent/metadata/agent.py: if isinstance(secret, six.text_type):
neutron/agent/metadata/agent.py- secret = secret.encode('utf-8')
neutron/agent/metadata/agent.py: if isinstance(instance_id, six.text_type):
neutron/agent/metadata/agent.py- instance_id = instance_id.encode('utf-8')

The attached patch fixes this issue (tested and working on stable/mitaka) using the same strategy. Should I open a review request for that in gerrit?

Thanks

See original description
Revision history for this message
Paulo Matias (paulo-matias) wrote :
description: updated
Dariusz Smigiel (smigiel-dariusz)
Changed in neutron:
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Dongcan Ye (hellochosen) wrote :

@Paulo Matias, Please put your patch to neutron-dynamic-routing gerrit.

Revision history for this message
vikram.choudhary (vikschw) wrote :

Thanks for fixing this Paulo.. Please raise a gerrit review link.

Revision history for this message
Dongcan Ye (hellochosen) wrote :

Hi Paulo and vikram, I will take a look at this problem.

Changed in neutron:
assignee: nobody → Dongcan Ye (hellochosen)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-dynamic-routing (master)

Fix proposed to branch: master
Review: https://review.openstack.org/337589

Changed in neutron:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron-dynamic-routing (master)

Reviewed: https://review.openstack.org/337589
Committed: https://git.openstack.org/cgit/openstack/neutron-dynamic-routing/commit/?id=15c83c5b1243ebeacbe700fbfeb7a77eaa121514
Submitter: Jenkins
Branch: master

commit 15c83c5b1243ebeacbe700fbfeb7a77eaa121514
Author: Dongcan Ye <email address hidden>
Date: Tue Jul 5 18:04:41 2016 +0800

    Fix unicode bug for password-authenticated BGP peer

    Using encodeutils convert password to utf-8 format.

    Change-Id: I77211a75e38d8dcc8cfa54e1c31a3b94c277c3a8
    Closes-Bug: #1592982

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/339306

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/mitaka)

Reviewed: https://review.openstack.org/339306
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=dcbf7537cf62b777682f62a9e11b90689a00274e
Submitter: Jenkins
Branch: stable/mitaka

commit dcbf7537cf62b777682f62a9e11b90689a00274e
Author: Dongcan Ye <email address hidden>
Date: Fri Jul 8 09:46:10 2016 +0800

    Fix unicode bug for password-authenticated BGP peer

    Using encodeutils convert password to utf-8 format.

    Backport from neutron-dynamic-routing repo.
    Commit id: 15c83c5b1243ebeacbe700fbfeb7a77eaa121514

    Change-Id: I441ea91afa5f7a66eb77aebdb90f4fb4d4bcab8a
    Closes-Bug: #1592982

tags: added: in-stable-mitaka
Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/neutron-dynamic-routing 9.0.0.0b2

This issue was fixed in the openstack/neutron-dynamic-routing 9.0.0.0b2 development milestone.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/neutron 8.2.0

This issue was fixed in the openstack/neutron 8.2.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.