neutron

  1. Bug #1592982
  2. Comment #0

Comment 0 for bug 1592982

Revision history for this message
Paulo Matias (paulo-matias) wrote :

When trying to create a password-authenticated BGP peer, it fails with an error message in the log (below).

Step-by-step reproduction steps:

neutron bgp-peer-create --peer-ip 2001:db8::1 --remote-as 65001 --auth-type md5 --password plaintext bgp-peer1

Actual output:

2016-06-10 15:59:00.329 3181 ERROR ryu.lib.hub [-] hub: uncaught exception: Traceback (most recent call last):
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/hub.py", line 52, in _launch
    func(*args, **kwargs)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/peer.py", line 1072, in _connect_loop
    password=password)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/base.py", line 411, in _connect_tcp
    sockopt.set_tcp_md5sig(sock, peer_addr[0], password)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 69, in set_tcp_md5sig
    impl(s, addr, key)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 41, in _set_tcp_md5sig_linux
    tcp_md5sig = ss + struct.pack("2xH4x80s", len(key), key)
error: argument for 's' must be a string

Version: stable/mitaka deployed with OpenStack-Ansible on Ubuntu Trusty

Environment: multi-node

Pre-conditions: Add init script for BGP DrAgent (does not come by default with the OSA deployment)

Perceived severity: Blocks usage of authenticated BGP. Unauthenticated BGP still works.

Comments:

The database model returns (get_bgp_peer) the password as an unicode string, which is passed around until it reaches the Ryu library, causing the error shown in the stacktrace above.

I tried to follow the Neutron codebase standard solution to deal with this. Several places do encode unicode strings read from the database before passing around, e.g.:

neutron/agent/linux/utils.py: if isinstance(dev, six.text_type):
neutron/agent/linux/utils.py- dev = dev.encode('utf-8')
--
neutron/agent/metadata/agent.py: if isinstance(secret, six.text_type):
neutron/agent/metadata/agent.py- secret = secret.encode('utf-8')
neutron/agent/metadata/agent.py: if isinstance(instance_id, six.text_type):
neutron/agent/metadata/agent.py- instance_id = instance_id.encode('utf-8')

The attached patch fixes this issue (tested and working on stable/mitaka) using the same strategy. Should I open a review request for that in gerrit?

Thanks