oslo-incubator

kombu_ssl_version is a cfg.StrOpt but the ssl socket code requires an Integer value

Bug #1195431 reported by Nathanael Burton
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
oslo-incubator
Fix Released
Medium
Davanum Srinivas (DIMS)
oslo-incubator 2013.2 "havana"

Bug Description

When specifying 'kombu_ssl_version' for the RPC driver such as either "kombu_ssl_version=3" or "kombu_ssl_version=SSLv3" the relevant OpenStack service (nova, cinder, etc) will fail with the following traceback:

2013-06-27 15:05:30.257 CRITICAL cinder [-] an integer is required
2013-06-27 15:05:30.257 TRACE cinder Traceback (most recent call last):
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/bin/cinder-scheduler", line 50, in <module>
2013-06-27 15:05:30.257 TRACE cinder service.wait()
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/service.py", line 624, in wait
2013-06-27 15:05:30.257 TRACE cinder _launcher.wait()
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/service.py", line 135, in wait
2013-06-27 15:05:30.257 TRACE cinder service.wait()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/greenthread.py", line 168, in wait
2013-06-27 15:05:30.257 TRACE cinder return self._exit_event.wait()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/event.py", line 116, in wait
2013-06-27 15:05:30.257 TRACE cinder return hubs.get_hub().switch()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/hubs/hub.py", line 187, in switch
2013-06-27 15:05:30.257 TRACE cinder return self.greenlet.switch()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/greenthread.py", line 194, in main
2013-06-27 15:05:30.257 TRACE cinder result = function(*args, **kwargs)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/service.py", line 96, in run_server
2013-06-27 15:05:30.257 TRACE cinder server.start()
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/service.py", line 359, in start
2013-06-27 15:05:30.257 TRACE cinder self.manager.init_host()
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/scheduler/manager.py", line 62, in init_host
2013-06-27 15:05:30.257 TRACE cinder self.request_service_capabilities(ctxt)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/scheduler/manager.py", line 141, in request_service_capabilities
2013-06-27 15:05:30.257 TRACE cinder volume_rpcapi.VolumeAPI().publish_service_capabilities(context)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/volume/rpcapi.py", line 133, in publish_service_capabilities
2013-06-27 15:05:30.257 TRACE cinder version='1.2')
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/proxy.py", line 142, in fanout_cast
2013-06-27 15:05:30.257 TRACE cinder rpc.fanout_cast(context, self._get_topic(topic), msg)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/__init__.py", line 179, in fanout_cast
2013-06-27 15:05:30.257 TRACE cinder return _get_impl().fanout_cast(CONF, context, topic, msg)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/impl_kombu.py", line 812, in fanout_cast
2013-06-27 15:05:30.257 TRACE cinder rpc_amqp.get_connection_pool(conf, Connection))
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/amqp.py", line 635, in fanout_cast
2013-06-27 15:05:30.257 TRACE cinder with ConnectionContext(conf, connection_pool) as conn:
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/amqp.py", line 122, in __init__
2013-06-27 15:05:30.257 TRACE cinder self.connection = connection_pool.get()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/pools.py", line 119, in get
2013-06-27 15:05:30.257 TRACE cinder created = self.create()
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/amqp.py", line 76, in create
2013-06-27 15:05:30.257 TRACE cinder return self.connection_cls(self.conf)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/impl_kombu.py", line 447, in __init__
2013-06-27 15:05:30.257 TRACE cinder self.reconnect()
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/impl_kombu.py", line 519, in reconnect
2013-06-27 15:05:30.257 TRACE cinder self._connect(params)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/impl_kombu.py", line 495, in _connect
2013-06-27 15:05:30.257 TRACE cinder self.connection.connect()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/kombu-2.5.11-py2.7.egg/kombu/connection.py", line 246, in connect
2013-06-27 15:05:30.257 TRACE cinder return self.connection
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/kombu-2.5.11-py2.7.egg/kombu/connection.py", line 761, in connection
2013-06-27 15:05:30.257 TRACE cinder self._connection = self._establish_connection()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/kombu-2.5.11-py2.7.egg/kombu/connection.py", line 720, in _establish_connection
2013-06-27 15:05:30.257 TRACE cinder conn = self.transport.establish_connection()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/kombu-2.5.11-py2.7.egg/kombu/transport/pyamqp.py", line 110, in establish_connection
2013-06-27 15:05:30.257 TRACE cinder **conninfo.transport_options or {})
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/amqp-1.0.12-py2.7.egg/amqp/connection.py", line 136, in __init__
2013-06-27 15:05:30.257 TRACE cinder self.transport = create_transport(host, connect_timeout, ssl)
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/amqp-1.0.12-py2.7.egg/amqp/transport.py", line 252, in create_transport
2013-06-27 15:05:30.257 TRACE cinder return SSLTransport(host, connect_timeout, ssl)
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/amqp-1.0.12-py2.7.egg/amqp/transport.py", line 170, in __init__
2013-06-27 15:05:30.257 TRACE cinder super(SSLTransport, self).__init__(host, connect_timeout)
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/amqp-1.0.12-py2.7.egg/amqp/transport.py", line 105, in __init__
2013-06-27 15:05:30.257 TRACE cinder self._setup_transport()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/amqp-1.0.12-py2.7.egg/amqp/transport.py", line 178, in _setup_transport
2013-06-27 15:05:30.257 TRACE cinder self.sslobj = ssl.wrap_socket(self.sock, **self.sslopts)
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/green/ssl.py", line 288, in wrap_socket
2013-06-27 15:05:30.257 TRACE cinder return GreenSSLSocket(sock, *a, **kw)
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/green/ssl.py", line 46, in __init__
2013-06-27 15:05:30.257 TRACE cinder super(GreenSSLSocket, self).__init__(sock.fd, *args, **kw)
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/ssl.py", line 197, in __init__
2013-06-27 15:05:30.257 TRACE cinder ciphers)
2013-06-27 15:05:30.257 TRACE cinder TypeError: an integer is required

This is because the underlying rpc driver is trying to create an SSL socket which requires an integer such as the following built-in SSL integer constants:

PROTOCOL_SSLv2
PROTOCOL_SSLv3
PROTOCOL_SSLv23
PROTOCOL_TLSv1

Tags: security ssl
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to oslo-incubator (master)

Fix proposed to branch: master
Review: https://review.openstack.org/35291

Changed in oslo:
assignee: nobody → Davanum Srinivas (DIMS) (dims-v)
status: New → In Progress
Davanum Srinivas (DIMS) (dims-v)
Changed in oslo:
milestone: none → havana-2
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oslo-incubator (master)

Reviewed: https://review.openstack.org/35291
Committed: http://github.com/openstack/oslo-incubator/commit/99b7c354271e2ed0893b3c48c7f2a58a55b59b11
Submitter: Jenkins
Branch: master

commit 99b7c354271e2ed0893b3c48c7f2a58a55b59b11
Author: Davanum Srinivas <email address hidden>
Date: Tue Jul 2 09:08:29 2013 -0400

    Convert kombu SSL version string into integer

    When specifying 'kombu_ssl_version' for the RPC driver such as either
    "kombu_ssl_version=3" or "kombu_ssl_version=SSLv3" the relevant
    OpenStack service (nova, cinder, etc) will fail as the underlying
    rpc driver is trying to create an SSL socket which requires an
    integer such as the following built-in SSL integer constants. Added
    a validation step that ensures one can set only the supported ssl
    versions and to convert from the specified string to an integer

    Fixes LP# 1195431

    Change-Id: I5d188f46a15bc4ba60d573d6b98def60c56cb987

Changed in oslo:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in oslo:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in oslo:
milestone: havana-2 → 2013.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.