Bug #1447653 “x509 keypair cannot be created if the given subjec...” : Bugs : OpenStack Compute (nova)

Claudiu Belu (cbelu) on 2015-04-23

Changed in nova:
assignee:	nobody → Claudiu Belu (cbelu)

Claudiu Belu (cbelu) on 2015-04-23

tags:

added: kilo-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-04-23: Fix proposed to nova (master)

#1

Fix proposed to branch: master
Review: https://review.openstack.org/176817

Changed in nova:
status:	New → In Progress

John Garbutt (johngarbutt) on 2015-04-23

Changed in nova:
importance:	Undecided → Medium

Revision history for this message

Matt Riedemann (mriedem) wrote on 2015-04-24:

#2

Download full text (4.4 KiB)

Here is the error from the test:

http://logs.openstack.org/58/136458/24/check/check-novaclient-dsvm-functional/ae7b130/logs/screen-n-api.txt.gz?level=TRACE#_2015-04-23_09_23_16_289

2015-04-23 09:23:16.289 ERROR nova.api.openstack.extensions [req-8eee9b8c-0f46-4ddf-a8b7-79a92c134a1e admin admin] Unexpected exception in API method
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions Traceback (most recent call last):
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions File "/opt/stack/new/nova/nova/api/openstack/extensions.py", line 471, in wrapped
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions return f(*args, **kwargs)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions File "/opt/stack/new/nova/nova/api/validation/__init__.py", line 58, in wrapper
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions return func(*args, **kwargs)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions File "/opt/stack/new/nova/nova/api/openstack/compute/plugins/v3/keypairs.py", line 73, in create
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions return self._create(req, body, type=True)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions File "/opt/stack/new/nova/nova/api/openstack/compute/plugins/v3/keypairs.py", line 109, in _create
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions context, context.user_id, name, key_type)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions File "/opt/stack/new/nova/nova/exception.py", line 88, in wrapped
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions payload)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions File "/usr/local/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 85, in __exit__
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions six.reraise(self.type_, self.value, self.tb)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions File "/opt/stack/new/nova/nova/exception.py", line 71, in wrapped
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions return f(self, context, *args, **kw)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions File "/opt/stack/new/nova/nova/compute/api.py", line 3783, in create_key_pair
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions context, user_id, key_type)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions File "/opt/stack/new/nova/nova/compute/api.py", line 3807, in _generate_key_pair
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions return crypto.generate_winrm_x509_cert(user_id, context.project_id)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions File "/opt/stack/new/nova/nova/crypto.py", line 383, in generate_winrm_x509_cert
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions '-extensions', 'v3_req_client')
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions File "/opt/stack/new/nova/nova/utils.py", line 206, in execute
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions return...

Here is the error from the test:

http://logs.openstack.org/58/136458/24/check/check-novaclient-dsvm-functional/ae7b130/logs/screen-n-api.txt.gz?level=TRACE#_2015-04-23_09_23_16_289

2015-04-23 09:23:16.289 ERROR nova.api.openstack.extensions [req-8eee9b8c-0f46-4ddf-a8b7-79a92c134a1e admin admin] Unexpected exception in API method
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions Traceback (most recent call last):
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions   File "/opt/stack/new/nova/nova/api/openstack/extensions.py", line 471, in wrapped
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions     return f(*args, **kwargs)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions   File "/opt/stack/new/nova/nova/api/validation/__init__.py", line 58, in wrapper
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions     return func(*args, **kwargs)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions   File "/opt/stack/new/nova/nova/api/openstack/compute/plugins/v3/keypairs.py", line 73, in create
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions     return self._create(req, body, type=True)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions   File "/opt/stack/new/nova/nova/api/openstack/compute/plugins/v3/keypairs.py", line 109, in _create
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions     context, context.user_id, name, key_type)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions   File "/opt/stack/new/nova/nova/exception.py", line 88, in wrapped
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions     payload)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions   File "/usr/local/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 85, in __exit__
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions     six.reraise(self.type_, self.value, self.tb)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions   File "/opt/stack/new/nova/nova/exception.py", line 71, in wrapped
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions     return f(self, context, *args, **kw)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions   File "/opt/stack/new/nova/nova/compute/api.py", line 3783, in create_key_pair
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions     context, user_id, key_type)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions   File "/opt/stack/new/nova/nova/compute/api.py", line 3807, in _generate_key_pair
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions     return crypto.generate_winrm_x509_cert(user_id, context.project_id)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions   File "/opt/stack/new/nova/nova/crypto.py", line 383, in generate_winrm_x509_cert
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions     '-extensions', 'v3_req_client')
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions   File "/opt/stack/new/nova/nova/utils.py", line 206, in execute
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions     return processutils.execute(*cmd, **kwargs)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions   File "/usr/local/lib/python2.7/dist-packages/oslo_concurrency/processutils.py", line 233, in execute
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions     cmd=sanitized_cmd)
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions ProcessExecutionError: Unexpected error while running command.
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions Command: openssl req -x509 -nodes -days 3650 -config /tmp/tmp4oZkbJ/temp.conf -newkey rsa:2048 -outform PEM -keyout /tmp/tmp4oZkbJ/temp.key -subj /CN=a5cfb57bdee94c9995f5f7cd610d479a-775f4bce4d9945388b9cad58b91385f8 -extensions v3_req_client
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions Exit code: 1
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions Stdout: u''
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions Stderr: u"Generating a 2048 bit RSA private key\n................................................+++\n...+++\nwriting new private key to '/tmp/tmp4oZkbJ/temp.key'\n-----\nproblems making Certificate Request\n139736680101536:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=64\n"
2015-04-23 09:23:16.289 13567 TRACE nova.api.openstack.extensions

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-04-29: Fix merged to nova (master)

#3

Reviewed: https://review.openstack.org/176817
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=f88edaa6fc80e0c38727469ca69f0016de23db18
Submitter: Jenkins
Branch: master

commit f88edaa6fc80e0c38727469ca69f0016de23db18
Author: Claudiu Belu <email address hidden>
Date: Thu Apr 23 08:20:21 2015 -0700

Fixes X509 keypair creation failure

    Currently, the Subject created for the X509 certificate
    is too long, resulting in exceptions and failing to
    create the keypair.

This change shortens the Subject.
Unit test added to prove the issue's existence.

Issue found by: Andrey Kurilin

Co-authored-by: Andrey Kurilin <email address hidden>

Change-Id: I7885c120ce81a22d416f806779bf9a12092d5040
Closes-Bug: #1447653

Changed in nova:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2015-06-24

Changed in nova:
milestone:	none → liberty-1
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-10-15

Changed in nova:
milestone:	liberty-1 → 12.0.0

OpenStack Compute (nova)

x509 keypair cannot be created if the given subject is too long

Bug Description

Other bug subscribers

Remote bug watches