← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1474933] [NEW] Nova compute interprets rabbitmq passwords

 

Public bug reported:

Using the kilo rpms - openstack-nova-compute-2015.1.0-3.el7.noarch

If the rabbit_password (set in [Default] section - this is how the
Ansible role I am using sets it) includes a slash character - "/" - then
the service fails to start.

In the log - /var/log/nova/nova-compute.log
the following error is seen:-

CRITICAL nova [req-72c0fe29-f2d6-4164-95de-e9e8f50fa7bc - - - - -]
ValueError: invalid literal for int() with base 10: 'prefix'

where prefix is the first part of the password - ie
  rabbit_password = 'prefix/suffix'

Traceback enclosed below.

If the Rabbit password is changed to not include a / then the service
starts up OK

This could have security implications, but I am not currently flagging
it as a security issue....

2015-07-15 16:28:50.824 9670 TRACE nova Traceback (most recent call last):
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/bin/nova-compute", line 10, in <module>
2015-07-15 16:28:50.824 9670 TRACE nova     sys.exit(main())
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/nova/cmd/compute.py", line 72, in main
2015-07-15 16:28:50.824 9670 TRACE nova     db_allowed=CONF.conductor.use_local)
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/nova/service.py", line 277, in create
2015-07-15 16:28:50.824 9670 TRACE nova     db_allowed=db_allowed)
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/nova/service.py", line 157, in __init__
2015-07-15 16:28:50.824 9670 TRACE nova     self.conductor_api.wait_until_ready(context.get_admin_context())
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/nova/conductor/api.py", line 292, in wait_until_ready
2015-07-15 16:28:50.824 9670 TRACE nova     timeout=timeout)
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/nova/baserpc.py", line 62, in ping
2015-07-15 16:28:50.824 9670 TRACE nova     return cctxt.call(context, 'ping', arg=arg_p)
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/client.py", line 156, in call
2015-07-15 16:28:50.824 9670 TRACE nova     retry=self.retry)
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/transport.py", line 90, in _send
2015-07-15 16:28:50.824 9670 TRACE nova     timeout=timeout, retry=retry)
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 350, in send
2015-07-15 16:28:50.824 9670 TRACE nova     retry=retry)
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 312, in _send
2015-07-15 16:28:50.824 9670 TRACE nova     msg.update({'_reply_q': self._get_reply_q()})
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 283, in _get_reply_q
2015-07-15 16:28:50.824 9670 TRACE nova     conn = self._get_connection(rpc_amqp.PURPOSE_LISTEN)
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 274, in _get_connection
2015-07-15 16:28:50.824 9670 TRACE nova     purpose=purpose)
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqp.py", line 121, in __init__
2015-07-15 16:28:50.824 9670 TRACE nova     self.connection = connection_pool.create(purpose)
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqp.py", line 93, in create
2015-07-15 16:28:50.824 9670 TRACE nova     return self.connection_cls(self.conf, self.url, purpose)
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/impl_rabbit.py", line 664, in __init__
2015-07-15 16:28:50.824 9670 TRACE nova     heartbeat=self.driver_conf.heartbeat_timeout_threshold)
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 180, in __init__
2015-07-15 16:28:50.824 9670 TRACE nova     params.update(parse_url(hostname))
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/kombu/utils/url.py", line 34, in parse_url
2015-07-15 16:28:50.824 9670 TRACE nova     scheme, host, port, user, password, path, query = _parse_url(url)
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/kombu/utils/url.py", line 22, in _parse_url
2015-07-15 16:28:50.824 9670 TRACE nova     port = scheme != 'mongodb' and parts.port or None
2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib64/python2.7/urlparse.py", line 112, in port
2015-07-15 16:28:50.824 9670 TRACE nova     port = int(port, 10)

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1474933

Title:
  Nova compute interprets rabbitmq passwords

Status in OpenStack Compute (nova):
  New

Bug description:
  Using the kilo rpms - openstack-nova-compute-2015.1.0-3.el7.noarch

  If the rabbit_password (set in [Default] section - this is how the
  Ansible role I am using sets it) includes a slash character - "/" -
  then the service fails to start.

  In the log - /var/log/nova/nova-compute.log
  the following error is seen:-

  CRITICAL nova [req-72c0fe29-f2d6-4164-95de-e9e8f50fa7bc - - - - -]
  ValueError: invalid literal for int() with base 10: 'prefix'

  where prefix is the first part of the password - ie
    rabbit_password = 'prefix/suffix'

  Traceback enclosed below.

  If the Rabbit password is changed to not include a / then the service
  starts up OK

  This could have security implications, but I am not currently flagging
  it as a security issue....

  2015-07-15 16:28:50.824 9670 TRACE nova Traceback (most recent call last):
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/bin/nova-compute", line 10, in <module>
  2015-07-15 16:28:50.824 9670 TRACE nova     sys.exit(main())
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/nova/cmd/compute.py", line 72, in main
  2015-07-15 16:28:50.824 9670 TRACE nova     db_allowed=CONF.conductor.use_local)
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/nova/service.py", line 277, in create
  2015-07-15 16:28:50.824 9670 TRACE nova     db_allowed=db_allowed)
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/nova/service.py", line 157, in __init__
  2015-07-15 16:28:50.824 9670 TRACE nova     self.conductor_api.wait_until_ready(context.get_admin_context())
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/nova/conductor/api.py", line 292, in wait_until_ready
  2015-07-15 16:28:50.824 9670 TRACE nova     timeout=timeout)
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/nova/baserpc.py", line 62, in ping
  2015-07-15 16:28:50.824 9670 TRACE nova     return cctxt.call(context, 'ping', arg=arg_p)
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/client.py", line 156, in call
  2015-07-15 16:28:50.824 9670 TRACE nova     retry=self.retry)
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/transport.py", line 90, in _send
  2015-07-15 16:28:50.824 9670 TRACE nova     timeout=timeout, retry=retry)
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 350, in send
  2015-07-15 16:28:50.824 9670 TRACE nova     retry=retry)
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 312, in _send
  2015-07-15 16:28:50.824 9670 TRACE nova     msg.update({'_reply_q': self._get_reply_q()})
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 283, in _get_reply_q
  2015-07-15 16:28:50.824 9670 TRACE nova     conn = self._get_connection(rpc_amqp.PURPOSE_LISTEN)
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 274, in _get_connection
  2015-07-15 16:28:50.824 9670 TRACE nova     purpose=purpose)
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqp.py", line 121, in __init__
  2015-07-15 16:28:50.824 9670 TRACE nova     self.connection = connection_pool.create(purpose)
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqp.py", line 93, in create
  2015-07-15 16:28:50.824 9670 TRACE nova     return self.connection_cls(self.conf, self.url, purpose)
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/impl_rabbit.py", line 664, in __init__
  2015-07-15 16:28:50.824 9670 TRACE nova     heartbeat=self.driver_conf.heartbeat_timeout_threshold)
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/kombu/connection.py", line 180, in __init__
  2015-07-15 16:28:50.824 9670 TRACE nova     params.update(parse_url(hostname))
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/kombu/utils/url.py", line 34, in parse_url
  2015-07-15 16:28:50.824 9670 TRACE nova     scheme, host, port, user, password, path, query = _parse_url(url)
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib/python2.7/site-packages/kombu/utils/url.py", line 22, in _parse_url
  2015-07-15 16:28:50.824 9670 TRACE nova     port = scheme != 'mongodb' and parts.port or None
  2015-07-15 16:28:50.824 9670 TRACE nova   File "/usr/lib64/python2.7/urlparse.py", line 112, in port
  2015-07-15 16:28:50.824 9670 TRACE nova     port = int(port, 10)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1474933/+subscriptions


Follow ups