Cannot create password-authenticated BGP peer

Bug #1592982 reported by Paulo Matias
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Medium
Dongcan Ye

Bug Description

When trying to create a password-authenticated BGP peer, it fails with an error message in the log (below).

Step-by-step reproduction steps:

neutron bgp-peer-create --peer-ip 2001:db8::1 --remote-as 65001 --auth-type md5 --password plaintext bgp-peer1

Actual output:

2016-06-10 15:59:00.329 3181 ERROR ryu.lib.hub [-] hub: uncaught exception: Traceback (most recent call last):
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/hub.py", line 52, in _launch
    func(*args, **kwargs)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/peer.py", line 1072, in _connect_loop
    password=password)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/base.py", line 411, in _connect_tcp
    sockopt.set_tcp_md5sig(sock, peer_addr[0], password)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 69, in set_tcp_md5sig
    impl(s, addr, key)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 41, in _set_tcp_md5sig_linux
    tcp_md5sig = ss + struct.pack("2xH4x80s", len(key), key)
error: argument for 's' must be a string

Version: stable/mitaka deployed with OpenStack-Ansible on Ubuntu Trusty

Environment: multi-node

Pre-conditions: Add init script for BGP DrAgent (does not come by default with the OSA deployment)

Perceived severity: Blocks usage of authenticated BGP. Unauthenticated BGP still works.

Comments:

The database model returns (get_bgp_peer) the password as an unicode string, which is passed around until it reaches the Ryu library, causing the error shown in the stacktrace above.

I tried to follow the Neutron codebase's standard solution to deal with this. Several places do encode unicode strings which have been read from the database before passing them around, e.g.:

neutron/agent/linux/utils.py: if isinstance(dev, six.text_type):
neutron/agent/linux/utils.py- dev = dev.encode('utf-8')
--
neutron/agent/metadata/agent.py: if isinstance(secret, six.text_type):
neutron/agent/metadata/agent.py- secret = secret.encode('utf-8')
neutron/agent/metadata/agent.py: if isinstance(instance_id, six.text_type):
neutron/agent/metadata/agent.py- instance_id = instance_id.encode('utf-8')

The attached patch fixes this issue (tested and working on stable/mitaka) using the same strategy. Should I open a review request for that in gerrit?

Thanks

Revision history for this message
Paulo Matias (paulo-matias) wrote :
description: updated
Changed in neutron:
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Dongcan Ye (hellochosen) wrote :

@Paulo Matias, Please put your patch to neutron-dynamic-routing gerrit.

Revision history for this message
vikram.choudhary (vikschw) wrote :

Thanks for fixing this Paulo.. Please raise a gerrit review link.

Revision history for this message
Dongcan Ye (hellochosen) wrote :

Hi Paulo and vikram, I will take a look at this problem.

Changed in neutron:
assignee: nobody → Dongcan Ye (hellochosen)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-dynamic-routing (master)

Fix proposed to branch: master
Review: https://review.openstack.org/337589

Changed in neutron:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron-dynamic-routing (master)

Reviewed: https://review.openstack.org/337589
Committed: https://git.openstack.org/cgit/openstack/neutron-dynamic-routing/commit/?id=15c83c5b1243ebeacbe700fbfeb7a77eaa121514
Submitter: Jenkins
Branch: master

commit 15c83c5b1243ebeacbe700fbfeb7a77eaa121514
Author: Dongcan Ye <email address hidden>
Date: Tue Jul 5 18:04:41 2016 +0800

    Fix unicode bug for password-authenticated BGP peer

    Using encodeutils convert password to utf-8 format.

    Change-Id: I77211a75e38d8dcc8cfa54e1c31a3b94c277c3a8
    Closes-Bug: #1592982

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/339306

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/mitaka)

Reviewed: https://review.openstack.org/339306
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=dcbf7537cf62b777682f62a9e11b90689a00274e
Submitter: Jenkins
Branch: stable/mitaka

commit dcbf7537cf62b777682f62a9e11b90689a00274e
Author: Dongcan Ye <email address hidden>
Date: Fri Jul 8 09:46:10 2016 +0800

    Fix unicode bug for password-authenticated BGP peer

    Using encodeutils convert password to utf-8 format.

    Backport from neutron-dynamic-routing repo.
    Commit id: 15c83c5b1243ebeacbe700fbfeb7a77eaa121514

    Change-Id: I441ea91afa5f7a66eb77aebdb90f4fb4d4bcab8a
    Closes-Bug: #1592982

tags: added: in-stable-mitaka
Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/neutron-dynamic-routing 9.0.0.0b2

This issue was fixed in the openstack/neutron-dynamic-routing 9.0.0.0b2 development milestone.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/neutron 8.2.0

This issue was fixed in the openstack/neutron 8.2.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers