Fuel for OpenStack

fuel should not parse password vCenter from UI

Bug #1436083 reported by Michael Kraynov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Released
Critical
Igor Zinovik
Fuel for OpenStack 6.1
6.0.x
Fix Committed
High
Igor Zinovik
Fuel for OpenStack 6.0-updates

Bug Description

If password for vCenter contains "$" symbol (for example: $password) installation process fails with the following errors:

2015-03-24 08:20:02.909 25381 TRACE nova File "/usr/lib/python2.7/dist-packages/oslo/config/cfg.py", line 2043, in _get
2015-03-24 08:20:02.909 25381 TRACE nova value = self._do_get(name, group, namespace)
2015-03-24 08:20:02.909 25381 TRACE nova File "/usr/lib/python2.7/dist-packages/oslo/config/cfg.py", line 2061, in _do_get
2015-03-24 08:20:02.909 25381 TRACE nova info = self._get_opt_info(name, group)
2015-03-24 08:20:02.909 25381 TRACE nova File "/usr/lib/python2.7/dist-packages/oslo/config/cfg.py", line 2189, in _get_opt_info
2015-03-24 08:20:02.909 25381 TRACE nova raise NoSuchOptError(opt_name, group)
2015-03-24 08:20:02.909 25381 TRACE nova NoSuchOptError: no such option: password

2015-03-24 07:38:38.544 26789 TRACE glance return '%s' % (mapping[named],)
2015-03-24 07:38:38.544 26789 TRACE glance value = self.conf._get(key, namespace=self.namespace)
2015-03-24 07:38:38.544 26789 TRACE glance File "/usr/lib/python2.7/dist-packages/oslo/config/cfg.py", line 2043, in _get
2015-03-24 07:38:38.544 26789 TRACE glance value = self._do_get(name, group, namespace)
2015-03-24 07:38:38.544 26789 TRACE glance File "/usr/lib/python2.7/dist-packages/oslo/config/cfg.py", line 2061, in _do_get
2015-03-24 07:38:38.544 26789 TRACE glance info = self._get_opt_info(name, group)
2015-03-24 07:38:38.544 26789 TRACE glance File "/usr/lib/python2.7/dist-packages/oslo/config/cfg.py", line 2189, in _get_opt_info
2015-03-24 07:38:38.544 26789 TRACE glance raise NoSuchOptError(opt_name, group)
2015-03-24 07:38:38.544 26789 TRACE glance NoSuchOptError: no such option: password

Revision history for this message
Ryan Moe (rmoe) wrote :

Looks related to this: http://docs.openstack.org/developer/oslo.config/cfg.html#option-value-interpolation. The solution is to escape these values.

Changed in fuel:
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Fuel Library Team (fuel-library)
milestone: none → 6.1
Vladimir Kuklin (vkuklin)
Changed in fuel:
assignee: Fuel Library Team (fuel-library) → Fuel Partner Integration Team (fuel-partner)
Igor Zinovik (izinovik)
Changed in fuel:
assignee: Fuel Partner Integration Team (fuel-partner) → Igor Zinovik (izinovik)
status: Confirmed → Triaged
Igor Zinovik (izinovik)
tags: added: pi-board
Revision history for this message
Igor Zinovik (izinovik) wrote :

Fuel project entered Soft code freeze state, it means that only Critical and High bugs are primary targets, Medium
bugs are not fixed.

Two options to workaround this problem:
- change password for account that will be used by nova-compute to operate vCenter
- edit nova-compute configuration file and change all occurencies of $ with $$ and restart nova-compute service

Igor Zinovik (izinovik)
tags: added: vcenter
Igor Zinovik (izinovik)
tags: removed: pi-board
Revision history for this message
Roman Alekseenkov (ralekseenkov) wrote :

Updating priority to High for customer-found issues, so they don't get moved to 7.0. Let's address this in 6.1

Changed in fuel:
importance: Medium → High
Revision history for this message
Igor Zinovik (izinovik) wrote :

Escalating priority to Critical, becase deployment process fails. Nova-compute service fails to start:
http://paste.openstack.org/show/212076

Changed in fuel:
importance: High → Critical
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-web (master)

Fix proposed to branch: master
Review: https://review.openstack.org/178699

Changed in fuel:
status: Triaged → In Progress
Revision history for this message
Igor Zinovik (izinovik) wrote :

Easy workaround for this problem:
Type $ as $$ in vCenter password, this way deployment process goes fine.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-web (master)

Reviewed: https://review.openstack.org/178699
Committed: https://git.openstack.org/cgit/stackforge/fuel-web/commit/?id=3ef6dc0ef57bb286ea81e53a7f3495cd3a5ca315
Submitter: Jenkins
Branch: master

commit 3ef6dc0ef57bb286ea81e53a7f3495cd3a5ca315
Author: Igor Zinovik <email address hidden>
Date: Wed Apr 29 17:40:39 2015 +0300

    Replace all occurrences of $ with $$ in vCenter input values

    - OpenStack services may reference to previously defined variable in
      configuration files using $ (dollar sign), e.g. 'metadata_host =
      $my_ip'. Interpolation can be avoided by using $$. Passwords often
      contain metachars and $ is one of them. We must replace all $
      occurrences with $$, otherwise service will fail to start because it
      cannot interpolate non-existing variable.
    - add static method escape_dollar() to VMwareDeploymentSerializerMixin
      class that implements conversion
    - also handle username and regular expression that is used for datastore
      search
    - provide input values with '$' in test fixture vmware_attributes.json
    - modify integration test

    Change-Id: I0d7d9f2d7f0ccaa3310c865a7f467c377c067442
    Closes-bug: #1436083

Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
Olesia Tsvigun (otsvigun) wrote :

Verified at Fuel ISO#392
OS Ubuntu, Centos

Steps to reproduce:
1. Create env with 1 controller node.
2.Change vsphera password to ''$Qwer!1234$"" and set new vsphera password on env
3. Deploy env

Fuel version:
api: '1.0'
astute_sha: 6a4dcd11c67af2917815f3678fb594c7412a4c97
auth_required: true
build_id: 2015-05-07_22-54-38
build_number: '392'
feature_groups:
- mirantis
fuel-library_sha: 53ce3081a4dfda2995232714de7d17e6edf6e97d
fuel-ostf_sha: 740ded337bb2a8a9b3d505026652512257375c01
fuelmain_sha: 43b890efe560ab65dd748b8c2d7bd7d7cb0649e3
nailgun_sha: ca9c91abed5e5b0671f4c514f7efd47eb5ca501c
openstack_version: 2014.2.2-6.1
production: docker
python-fuelclient_sha: af6c9c3799b9ec107bcdc6dbf035cafc034526ce
release: '6.1'
release_versions:
  2014.2.2-6.1:
    VERSION:
      api: '1.0'
      astute_sha: 6a4dcd11c67af2917815f3678fb594c7412a4c97
      build_id: 2015-05-07_22-54-38
      build_number: '392'
      feature_groups:
      - mirantis
      fuel-library_sha: 53ce3081a4dfda2995232714de7d17e6edf6e97d
      fuel-ostf_sha: 740ded337bb2a8a9b3d505026652512257375c01
      fuelmain_sha: 43b890efe560ab65dd748b8c2d7bd7d7cb0649e3
      nailgun_sha: ca9c91abed5e5b0671f4c514f7efd47eb5ca501c
      openstack_version: 2014.2.2-6.1
      production: docker
      python-fuelclient_sha: af6c9c3799b9ec107bcdc6dbf035cafc034526ce
      release: '6.1'

Changed in fuel:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-web (stable/6.0)

Fix proposed to branch: stable/6.0
Review: https://review.openstack.org/182420

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: stable/6.0
Review: https://review.openstack.org/182590

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on fuel-web (stable/6.0)

Change abandoned by Andriy Popovych (<email address hidden>) on branch: stable/6.0
Review: https://review.openstack.org/182420
Reason: new change https://review.openstack.org/#/c/182590/

Revision history for this message
Igor Zinovik (izinovik) wrote :
Download full text (5.6 KiB)

I've tried to reproduce this problem on Fuel 6.0.1 ISO #239.

I enterd password with dollar (Q$wer!123), added one controller node to the cluster and
started deployment process.

Deployment process finished successfully, but I ended up with inoprable cluster.
nova-compute service fail to start on controller, because it cannot interpolate variable $wer.

Pacemaker marks nova-compute service as 'Started', but actually it is constantly restarting and
it does not appear in 'nova service-list' output. There are no available hypervisors in OpenStack
to operate. So I think we should raise severity for 6.0.1 to High.

2015-05-14 10:56:46.313 7208 INFO nova.virt.driver [-] Loading compute driver 'vmwareapi.VMwareVCDriver'
2015-05-14 10:56:46.349 7208 INFO nova.openstack.common.periodic_task [-] Skipping periodic task _periodic_update_dns because its interval is negat
ive
2015-05-14 10:56:46.362 7208 CRITICAL nova [-] NoSuchOptError: no such option: wer
2015-05-14 10:56:46.362 7208 TRACE nova Traceback (most recent call last):
2015-05-14 10:56:46.362 7208 TRACE nova File "/usr/bin/nova-compute", line 10, in <module>
2015-05-14 10:56:46.362 7208 TRACE nova sys.exit(main())
2015-05-14 10:56:46.362 7208 TRACE nova File "/usr/lib/python2.7/dist-packages/nova/cmd/compute.py", line 72, in main
2015-05-14 10:56:46.362 7208 TRACE nova db_allowed=CONF.conductor.use_local)
2015-05-14 10:56:46.362 7208 TRACE nova File "/usr/lib/python2.7/dist-packages/nova/service.py", line 275, in create
2015-05-14 10:56:46.362 7208 TRACE nova db_allowed=db_allowed)
2015-05-14 10:56:46.362 7208 TRACE nova File "/usr/lib/python2.7/dist-packages/nova/service.py", line 148, in __init__
2015-05-14 10:56:46.362 7208 TRACE nova self.manager = manager_class(host=self.host, *args, **kwargs)
2015-05-14 10:56:46.362 7208 TRACE nova File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 631, in __init__
2015-05-14 10:56:46.362 7208 TRACE nova self.driver = driver.load_compute_driver(self.virtapi, compute_driver)
2015-05-14 10:56:46.362 7208 TRACE nova File "/usr/lib/python2.7/dist-packages/nova/virt/driver.py", line 1403, in load_compute_driver
2015-05-14 10:56:46.362 7208 TRACE nova virtapi)
2015-05-14 10:56:46.362 7208 TRACE nova File "/usr/lib/python2.7/dist-packages/nova/openstack/common/importutils.py", line 50, in import_object_n
s
2015-05-14 10:56:46.362 7208 TRACE nova return import_class(import_value)(*args, **kwargs)
2015-05-14 10:56:46.362 7208 TRACE nova File "/usr/lib/python2.7/dist-packages/nova/openstack/common/importutils.py", line 27, in import_class
2015-05-14 10:56:46.362 7208 TRACE nova __import__(mod_str)
2015-05-14 10:56:46.362 7208 TRACE nova File "/usr/lib/python2.7/dist-packages/nova/virt/vmwareapi/__init__.py", line 19, in <module>
2015-05-14 10:56:46.362 7208 TRACE nova from nova.virt.vmwareapi import driver
2015-05-14 10:56:46.362 7208 TRACE nova File "/usr/lib/python2.7/dist-packages/nova/virt/vmwareapi/driver.py", line 633, in <module>
2015-05-14 10:56:46.362 7208 TRACE nova class VMwareAPISession(api.VMwareAPISession):
2015-05-14 10:56:46.362 7208 TRACE nova File "/usr/lib/python2....

Read more...

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-web (stable/6.0)

Reviewed: https://review.openstack.org/182590
Committed: https://git.openstack.org/cgit/stackforge/fuel-web/commit/?id=9f77fda680836dc4226bf8b2b1ad21a7c1b89169
Submitter: Jenkins
Branch: stable/6.0

commit 9f77fda680836dc4226bf8b2b1ad21a7c1b89169
Author: Andriy Popovych <email address hidden>
Date: Tue May 12 21:41:37 2015 +0300

    Replace all occurrences of $ with $$ in vCenter

    Backport from 6.1

    OpenStack services may reference to previously defined variable in
    configuration files using $ (dollar sign), e.g. 'metadata_host =
    $my_ip'. Interpolation can be avoided by using $$. Passwords often
    contain metachars and $ is one of them. We must replace all $
    occurrences with $$, otherwise service will fail to start because it
    cannot interpolate non-existing variable.

    Change-Id: I0d7d9f2d7f0ccaa3310c865a7f467c377c067442
    Closes-bug: #1436083

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.