← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #52395

[Bug 1592982] [NEW] Cannot create password-authenticated BGP peer

  Thread PreviousDate PreviousThread Next 
Public bug reported:

When trying to create a password-authenticated BGP peer, it fails with
an error message in the log (below).

Step-by-step reproduction steps:

neutron bgp-peer-create --peer-ip 2001:db8::1 --remote-as 65001 --auth-
type md5 --password plaintext bgp-peer1

Actual output:

2016-06-10 15:59:00.329 3181 ERROR ryu.lib.hub [-] hub: uncaught exception: Traceback (most recent call last):
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/hub.py", line 52, in _launch
    func(*args, **kwargs)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/peer.py", line 1072, in _connect_loop
    password=password)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/base.py", line 411, in _connect_tcp
    sockopt.set_tcp_md5sig(sock, peer_addr[0], password)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 69, in set_tcp_md5sig
    impl(s, addr, key)
  File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 41, in _set_tcp_md5sig_linux
    tcp_md5sig = ss + struct.pack("2xH4x80s", len(key), key)
error: argument for 's' must be a string

Version: stable/mitaka deployed with OpenStack-Ansible on Ubuntu Trusty

Environment: multi-node

Pre-conditions: Add init script for BGP DrAgent (does not come by
default with the OSA deployment)

Perceived severity: Blocks usage of authenticated BGP. Unauthenticated
BGP still works.

Comments:

The database model returns (get_bgp_peer) the password as an unicode
string, which is passed around until it reaches the Ryu library, causing
the error shown in the stacktrace above.

I tried to follow the Neutron codebase's standard solution to deal with
this. Several places do encode unicode strings which have been read from
the database before passing them around, e.g.:

neutron/agent/linux/utils.py:    if isinstance(dev, six.text_type):
neutron/agent/linux/utils.py-        dev = dev.encode('utf-8')
--
neutron/agent/metadata/agent.py:        if isinstance(secret, six.text_type):
neutron/agent/metadata/agent.py-            secret = secret.encode('utf-8')
neutron/agent/metadata/agent.py:        if isinstance(instance_id, six.text_type):
neutron/agent/metadata/agent.py-            instance_id = instance_id.encode('utf-8')

The attached patch fixes this issue (tested and working on
stable/mitaka) using the same strategy. Should I open a review request
for that in gerrit?

Thanks

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: l3-bgp

** Patch added: "bgp_dragent_password_encode.diff"
   https://bugs.launchpad.net/bugs/1592982/+attachment/4684533/+files/bgp_dragent_password_encode.diff

** Description changed:

  When trying to create a password-authenticated BGP peer, it fails with
  an error message in the log (below).
  
  Step-by-step reproduction steps:
  
  neutron bgp-peer-create --peer-ip 2001:db8::1 --remote-as 65001 --auth-
  type md5 --password plaintext bgp-peer1
  
  Actual output:
  
  2016-06-10 15:59:00.329 3181 ERROR ryu.lib.hub [-] hub: uncaught exception: Traceback (most recent call last):
-   File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/hub.py", line 52, in _launch
-     func(*args, **kwargs)
-   File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/peer.py", line 1072, in _connect_loop
-     password=password)
-   File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/base.py", line 411, in _connect_tcp
-     sockopt.set_tcp_md5sig(sock, peer_addr[0], password)
-   File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 69, in set_tcp_md5sig
-     impl(s, addr, key)
-   File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 41, in _set_tcp_md5sig_linux
-     tcp_md5sig = ss + struct.pack("2xH4x80s", len(key), key)
+   File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/hub.py", line 52, in _launch
+     func(*args, **kwargs)
+   File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/peer.py", line 1072, in _connect_loop
+     password=password)
+   File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/base.py", line 411, in _connect_tcp
+     sockopt.set_tcp_md5sig(sock, peer_addr[0], password)
+   File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 69, in set_tcp_md5sig
+     impl(s, addr, key)
+   File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 41, in _set_tcp_md5sig_linux
+     tcp_md5sig = ss + struct.pack("2xH4x80s", len(key), key)
  error: argument for 's' must be a string
  
  Version: stable/mitaka deployed with OpenStack-Ansible on Ubuntu Trusty
  
  Environment: multi-node
  
  Pre-conditions: Add init script for BGP DrAgent (does not come by
  default with the OSA deployment)
  
  Perceived severity: Blocks usage of authenticated BGP. Unauthenticated
  BGP still works.
  
- 
  Comments:
  
  The database model returns (get_bgp_peer) the password as an unicode
  string, which is passed around until it reaches the Ryu library, causing
  the error shown in the stacktrace above.
  
- I tried to follow the Neutron codebase standard solution to deal with
- this. Several places do encode unicode strings read from the database
- before passing around, e.g.:
+ I tried to follow the Neutron codebase's standard solution to deal with
+ this. Several places do encode unicode strings which have been read from
+ the database before passing them around, e.g.:
  
  neutron/agent/linux/utils.py:    if isinstance(dev, six.text_type):
  neutron/agent/linux/utils.py-        dev = dev.encode('utf-8')
  --
  neutron/agent/metadata/agent.py:        if isinstance(secret, six.text_type):
  neutron/agent/metadata/agent.py-            secret = secret.encode('utf-8')
  neutron/agent/metadata/agent.py:        if isinstance(instance_id, six.text_type):
  neutron/agent/metadata/agent.py-            instance_id = instance_id.encode('utf-8')
  
  The attached patch fixes this issue (tested and working on
  stable/mitaka) using the same strategy. Should I open a review request
  for that in gerrit?
  
  Thanks

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1592982

Title:
  Cannot create password-authenticated BGP peer

Status in neutron:
  New

Bug description:
  When trying to create a password-authenticated BGP peer, it fails with
  an error message in the log (below).

  Step-by-step reproduction steps:

  neutron bgp-peer-create --peer-ip 2001:db8::1 --remote-as 65001
  --auth-type md5 --password plaintext bgp-peer1

  Actual output:

  2016-06-10 15:59:00.329 3181 ERROR ryu.lib.hub [-] hub: uncaught exception: Traceback (most recent call last):
    File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/hub.py", line 52, in _launch
      func(*args, **kwargs)
    File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/peer.py", line 1072, in _connect_loop
      password=password)
    File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/services/protocols/bgp/base.py", line 411, in _connect_tcp
      sockopt.set_tcp_md5sig(sock, peer_addr[0], password)
    File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 69, in set_tcp_md5sig
      impl(s, addr, key)
    File "/openstack/venvs/neutron-13.1.2/lib/python2.7/site-packages/ryu/lib/sockopt.py", line 41, in _set_tcp_md5sig_linux
      tcp_md5sig = ss + struct.pack("2xH4x80s", len(key), key)
  error: argument for 's' must be a string

  Version: stable/mitaka deployed with OpenStack-Ansible on Ubuntu
  Trusty

  Environment: multi-node

  Pre-conditions: Add init script for BGP DrAgent (does not come by
  default with the OSA deployment)

  Perceived severity: Blocks usage of authenticated BGP. Unauthenticated
  BGP still works.

  Comments:

  The database model returns (get_bgp_peer) the password as an unicode
  string, which is passed around until it reaches the Ryu library,
  causing the error shown in the stacktrace above.

  I tried to follow the Neutron codebase's standard solution to deal
  with this. Several places do encode unicode strings which have been
  read from the database before passing them around, e.g.:

  neutron/agent/linux/utils.py:    if isinstance(dev, six.text_type):
  neutron/agent/linux/utils.py-        dev = dev.encode('utf-8')
  --
  neutron/agent/metadata/agent.py:        if isinstance(secret, six.text_type):
  neutron/agent/metadata/agent.py-            secret = secret.encode('utf-8')
  neutron/agent/metadata/agent.py:        if isinstance(instance_id, six.text_type):
  neutron/agent/metadata/agent.py-            instance_id = instance_id.encode('utf-8')

  The attached patch fixes this issue (tested and working on
  stable/mitaka) using the same strategy. Should I open a review request
  for that in gerrit?

  Thanks

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1592982/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next