| 2016-06-15 20:57:27 |
Paulo Matias |
description |
When trying to create a password-authenticated BGP peer, it fails with an error message in the log (below).
Step-by-step reproduction steps:
neutron bgp-peer-create --peer-ip 2001:db8::1 --remote-as 65001 --auth-type md5 --password plaintext bgp-peer1
Actual output:
2016-06-10 15:59:00.329 3181 ERROR ryu.lib.hub [-] hub: uncaught exception: Traceback (most recent call last):
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/hub.py", line 52, in _launch
func(*args, **kwargs)
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/peer.py", line 1072, in _connect_loop
password=password)
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/base.py", line 411, in _connect_tcp
sockopt.set_tcp_md5sig(sock, peer_addr[0], password)
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 69, in set_tcp_md5sig
impl(s, addr, key)
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 41, in _set_tcp_md5sig_linux
tcp_md5sig = ss + struct.pack("2xH4x80s", len(key), key)
error: argument for 's' must be a string
Version: stable/mitaka deployed with OpenStack-Ansible on Ubuntu Trusty
Environment: multi-node
Pre-conditions: Add init script for BGP DrAgent (does not come by default with the OSA deployment)
Perceived severity: Blocks usage of authenticated BGP. Unauthenticated BGP still works.
Comments:
The database model returns (get_bgp_peer) the password as an unicode string, which is passed around until it reaches the Ryu library, causing the error shown in the stacktrace above.
I tried to follow the Neutron codebase standard solution to deal with this. Several places do encode unicode strings read from the database before passing around, e.g.:
neutron/agent/linux/utils.py: if isinstance(dev, six.text_type):
neutron/agent/linux/utils.py- dev = dev.encode('utf-8')
--
neutron/agent/metadata/agent.py: if isinstance(secret, six.text_type):
neutron/agent/metadata/agent.py- secret = secret.encode('utf-8')
neutron/agent/metadata/agent.py: if isinstance(instance_id, six.text_type):
neutron/agent/metadata/agent.py- instance_id = instance_id.encode('utf-8')
The attached patch fixes this issue (tested and working on stable/mitaka) using the same strategy. Should I open a review request for that in gerrit?
Thanks |
When trying to create a password-authenticated BGP peer, it fails with an error message in the log (below).
Step-by-step reproduction steps:
neutron bgp-peer-create --peer-ip 2001:db8::1 --remote-as 65001 --auth-type md5 --password plaintext bgp-peer1
Actual output:
2016-06-10 15:59:00.329 3181 ERROR ryu.lib.hub [-] hub: uncaught exception: Traceback (most recent call last):
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/hub.py", line 52, in _launch
func(*args, **kwargs)
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/peer.py", line 1072, in _connect_loop
password=password)
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/base.py", line 411, in _connect_tcp
sockopt.set_tcp_md5sig(sock, peer_addr[0], password)
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 69, in set_tcp_md5sig
impl(s, addr, key)
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 41, in _set_tcp_md5sig_linux
tcp_md5sig = ss + struct.pack("2xH4x80s", len(key), key)
error: argument for 's' must be a string
Version: stable/mitaka deployed with OpenStack-Ansible on Ubuntu Trusty
Environment: multi-node
Pre-conditions: Add init script for BGP DrAgent (does not come by default with the OSA deployment)
Perceived severity: Blocks usage of authenticated BGP. Unauthenticated BGP still works.
Comments:
The database model returns (get_bgp_peer) the password as an unicode string, which is passed around until it reaches the Ryu library, causing the error shown in the stacktrace above.
I tried to follow the Neutron codebase's standard solution to deal with this. Several places do encode unicode strings which have been read from the database before passing them around, e.g.:
neutron/agent/linux/utils.py: if isinstance(dev, six.text_type):
neutron/agent/linux/utils.py- dev = dev.encode('utf-8')
--
neutron/agent/metadata/agent.py: if isinstance(secret, six.text_type):
neutron/agent/metadata/agent.py- secret = secret.encode('utf-8')
neutron/agent/metadata/agent.py: if isinstance(instance_id, six.text_type):
neutron/agent/metadata/agent.py- instance_id = instance_id.encode('utf-8')
The attached patch fixes this issue (tested and working on stable/mitaka) using the same strategy. Should I open a review request for that in gerrit?
Thanks |
|
