2016-06-10 15:59:00.329 3181 ERROR ryu.lib.hub [-] hub: uncaught exception: Traceback (most recent call last):
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/hub.py", line 52, in _launch
func(*args, **kwargs)
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/peer.py", line 1072, in _connect_loop
password=password)
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/base.py", line 411, in _connect_tcp
sockopt.set_tcp_md5sig(sock, peer_addr[0], password)
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 69, in set_tcp_md5sig
impl(s, addr, key)
File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 41, in _set_tcp_md5sig_linux
tcp_md5sig = ss + struct.pack("2xH4x80s", len(key), key)
error: argument for 's' must be a string
Version: stable/mitaka deployed with OpenStack-Ansible on Ubuntu Trusty
Environment: multi-node
Pre-conditions: Add init script for BGP DrAgent (does not come by default with the OSA deployment)
Perceived severity: Blocks usage of authenticated BGP. Unauthenticated BGP still works.
Comments:
The database model returns (get_bgp_peer) the password as an unicode string, which is passed around until it reaches the Ryu library, causing the error shown in the stacktrace above.
I tried to follow the Neutron codebase standard solution to deal with this. Several places do encode unicode strings read from the database before passing around, e.g.:
neutron/agent/linux/utils.py: if isinstance(dev, six.text_type):
neutron/agent/linux/utils.py- dev = dev.encode('utf-8')
--
neutron/agent/metadata/agent.py: if isinstance(secret, six.text_type):
neutron/agent/metadata/agent.py- secret = secret.encode('utf-8')
neutron/agent/metadata/agent.py: if isinstance(instance_id, six.text_type):
neutron/agent/metadata/agent.py- instance_id = instance_id.encode('utf-8')
The attached patch fixes this issue (tested and working on stable/mitaka) using the same strategy. Should I open a review request for that in gerrit?
When trying to create a password- authenticated BGP peer, it fails with an error message in the log (below).
Step-by-step reproduction steps:
neutron bgp-peer-create --peer-ip 2001:db8::1 --remote-as 65001 --auth-type md5 --password plaintext bgp-peer1
Actual output:
2016-06-10 15:59:00.329 3181 ERROR ryu.lib.hub [-] hub: uncaught exception: Traceback (most recent call last): venvs/neutron- 13.1.2/ lib/python2. 7/site- packages/ ryu/lib/ hub.py" , line 52, in _launch venvs/neutron- 13.1.2/ lib/python2. 7/site- packages/ ryu/services/ protocols/ bgp/peer. py", line 1072, in _connect_loop password) venvs/neutron- 13.1.2/ lib/python2. 7/site- packages/ ryu/services/ protocols/ bgp/base. py", line 411, in _connect_tcp set_tcp_ md5sig( sock, peer_addr[0], password) venvs/neutron- 13.1.2/ lib/python2. 7/site- packages/ ryu/lib/ sockopt. py", line 69, in set_tcp_md5sig venvs/neutron- 13.1.2/ lib/python2. 7/site- packages/ ryu/lib/ sockopt. py", line 41, in _set_tcp_ md5sig_ linux pack("2xH4x80s" , len(key), key)
File "/openstack/
func(*args, **kwargs)
File "/openstack/
password=
File "/openstack/
sockopt.
File "/openstack/
impl(s, addr, key)
File "/openstack/
tcp_md5sig = ss + struct.
error: argument for 's' must be a string
Version: stable/mitaka deployed with OpenStack-Ansible on Ubuntu Trusty
Environment: multi-node
Pre-conditions: Add init script for BGP DrAgent (does not come by default with the OSA deployment)
Perceived severity: Blocks usage of authenticated BGP. Unauthenticated BGP still works.
Comments:
The database model returns (get_bgp_peer) the password as an unicode string, which is passed around until it reaches the Ryu library, causing the error shown in the stacktrace above.
I tried to follow the Neutron codebase standard solution to deal with this. Several places do encode unicode strings read from the database before passing around, e.g.:
neutron/ agent/linux/ utils.py: if isinstance(dev, six.text_type): agent/linux/ utils.py- dev = dev.encode('utf-8') agent/metadata/ agent.py: if isinstance(secret, six.text_type): agent/metadata/ agent.py- secret = secret. encode( 'utf-8' ) agent/metadata/ agent.py: if isinstance( instance_ id, six.text_type): agent/metadata/ agent.py- instance_id = instance_ id.encode( 'utf-8' )
neutron/
--
neutron/
neutron/
neutron/
neutron/
The attached patch fixes this issue (tested and working on stable/mitaka) using the same strategy. Should I open a review request for that in gerrit?
Thanks