Juniper Openstack

Need to fix the hardcoded bundle path in VncApi class

Bug #1644707 reported by musharani on 2016-11-25

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R3.0.3.x	Fix Committed	Medium	Ignatious Johnson Christopher	Juniper Openstack r3.0.3.2
R3.1	Fix Committed	Medium	Ignatious Johnson Christopher	Juniper Openstack r3.1.2.0
R3.1.1.x	Fix Committed	Medium	Ignatious Johnson Christopher	Juniper Openstack r3.1.1.1
R3.2	Fix Committed	Medium	Ignatious Johnson Christopher	Juniper Openstack r3.2.0.0-fcs "r3.2.0.0"
Trunk	Fix Committed	Medium	Ignatious Johnson Christopher	Juniper Openstack r4.0.0.0-fcs "r4.0.0.0"

Bug Description

In /usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py, VncApi class, the bundle path for Api is hardcoded as /tmp/apiservercertbundle.pem. But if we use VncApi library to remotely connect to multiple api servers, that tmp files will be overwritten because of hardcoding path. This will make problem.

So need to fix this issue.

Tags:

Jeba Paulaiyan (jebap) on 2016-11-28

tags:

added: api

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-12-02: [Review update] master

Review in progress for https://review.opencontrail.org/26706
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-12-02: [Review update] R3.2

Review in progress for https://review.opencontrail.org/26723
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-12-02: A change has been merged

Reviewed: https://review.opencontrail.org/26706
Committed: http://github.org/Juniper/contrail-controller/commit/d49aec87815d0b881aaec405832c5ac581e29c3d
Submitter: Zuul (<email address hidden>)
Branch: master

commit d49aec87815d0b881aaec405832c5ac581e29c3d
Author: Ignatious Johnson Christopher <email address hidden>
Date: Thu Dec 1 22:52:26 2016 -0800

Getting certs as argument to the VncApi class and creating
unique certbundle for request to different api-servers.

Change-Id: I7fddf73df728937c7712e99282b32147bc311937
Closes-Bug: 1644713
Closes-Bug: 1644707

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-12-03:

Reviewed: https://review.opencontrail.org/26723
Committed: http://github.org/Juniper/contrail-controller/commit/e0092a75e0e2c7ce0174d5210acf88c031df9259
Submitter: Zuul (<email address hidden>)
Branch: R3.2

commit e0092a75e0e2c7ce0174d5210acf88c031df9259
Author: Ignatious Johnson Christopher <email address hidden>
Date: Thu Dec 1 22:52:26 2016 -0800

Getting certs as argument to the VncApi class and creating
unique certbundle for request to different api-servers.

Change-Id: I7fddf73df728937c7712e99282b32147bc311937
Closes-Bug: 1644713
Closes-Bug: 1644707

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-12-14: [Review update] R3.0.3.x

Review in progress for https://review.opencontrail.org/27292
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-12-14: A change has been merged

#11

Reviewed: https://review.opencontrail.org/27292
Committed: http://github.org/Juniper/contrail-controller/commit/18a920da6f4ce95a66565a5e61ed9b5d6af39d4f
Submitter: Zuul (<email address hidden>)
Branch: R3.0.3.x

commit 18a920da6f4ce95a66565a5e61ed9b5d6af39d4f
Author: Ignatious Johnson Christopher <email address hidden>
Date: Mon Nov 21 15:07:15 2016 -0800

Certificates needs to be chanined and bundled
in the order (certfile, keyfile and cacert).

1. Chaining in the certificate in correct order
2. Making certfile/keyfile optional

Closes-Bug: 1639426
Closes-Bug: 1630513

Getting certs as argument to the VncApi class and creating
unique certbundle for request to different api-servers.
Closes-Bug: 1644713
Closes-Bug: 1644707

Change-Id: Ib5e66bfdd27795bd090c3b3b49207241cbc5f0ae
(cherry picked from commit df192ce6f9623c628dee975754027f827dbc28d9)
(cherry picked from commit d49aec87815d0b881aaec405832c5ac581e29c3d)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-12-15: [Review update] R3.0.3.x

#12

Review in progress for https://review.opencontrail.org/27325
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-12-15: A change has been merged

#14

Reviewed: https://review.opencontrail.org/27325
Committed: http://github.org/Juniper/contrail-controller/commit/6223e65dd1ecda43ab6b686a924eaa5d2ff9c035
Submitter: Zuul (<email address hidden>)
Branch: R3.0.3.x

commit 6223e65dd1ecda43ab6b686a924eaa5d2ff9c035
Author: Ignatious Johnson Christopher <email address hidden>
Date: Wed Dec 14 22:36:58 2016 -0800

Adding the missing import, due to cherry-pick from
a branch which has import os earlier to commit.

Change-Id: Ibbdf7173ffd30d64526a7ecb525c109ff37098a3
Closes-Bug: 1644707

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-12-20:

#15

Reviewed: https://review.opencontrail.org/27357
Committed: http://github.org/Juniper/contrail-controller/commit/fa7307e874566ceaf4c083dc82508587de19ed55
Submitter: Zuul (<email address hidden>)
Branch: R3.0

commit fa7307e874566ceaf4c083dc82508587de19ed55
Author: Ignatious Johnson Christopher <email address hidden>
Date: Wed Oct 19 12:32:17 2016 -0700

Making certfile/keyfile optional, so that vnc_api can rely on CA or CA/CERT.

Change-Id: Iffb9bf9d8cf23fe3943335565bf2adaf878c5df8
Partial-Bug: 1630513
(cherry picked from commit d7407a1fbb0876f0a84a0864824b3eb3c6ef591d)

Issue:
Password is displayed in the log files of the config daemon, during
uncaught exceptions.

Fix:
cgitb sets sys.excepthook to format uncaught exceptions. Deriving the
cgitb Hook and modifying the handle method to mask password along
with formatting.

Change-Id: I5b4251f2ebe0205465b15430a9ef38ef04b3a634
Closes-Bug: 1626317
(cherry picked from commit 6dc670c851d31b12ffa0f07f418b74705e3b5902)

Certificates needs to be chanined and bundled
in the order (certfile, keyfile and cacert).

1. Chaining in the certificate in correct order
2. Making certfile/keyfile optional

Closes-Bug: 1639426
Closes-Bug: 1630513

Getting certs as argument to the VncApi class and creating
unique certbundle for request to different api-servers.
Closes-Bug: 1644713
Closes-Bug: 1644707

Change-Id: Ib5e66bfdd27795bd090c3b3b49207241cbc5f0ae
(cherry picked from commit df192ce6f9623c628dee975754027f827dbc28d9)
(cherry picked from commit d49aec87815d0b881aaec405832c5ac581e29c3d)
(cherry picked from commit 18a920da6f4ce95a66565a5e61ed9b5d6af39d4f)

Conflicts:
src/api-lib/vnc_api.py

Adding the missing import, due to cherry-pick from
a branch which has import os earlier to commit.

Change-Id: Ibbdf7173ffd30d64526a7ecb525c109ff37098a3
Closes-Bug: 1644707
(cherry picked from commit 6223e65dd1ecda43ab6b686a924eaa5d2ff9c035)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-01-14: [Review update] R3.1

#16

Review in progress for https://review.opencontrail.org/27891
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-01-14: [Review update] R3.1.1.x

#18

Review in progress for https://review.opencontrail.org/27898
Submitter: Ignatious Johnson Christopher (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-01-15: A change has been merged

#20

Reviewed: https://review.opencontrail.org/27891
Committed: http://github.org/Juniper/contrail-controller/commit/5b00aab809627c057c3b27c7ce0046089479d32a
Submitter: Zuul (<email address hidden>)
Branch: R3.1

commit 5b00aab809627c057c3b27c7ce0046089479d32a
Author: Ignatious Johnson Christopher <email address hidden>
Date: Thu Dec 1 22:52:26 2016 -0800

Getting certs as argument to the VncApi class and creating
unique certbundle for request to different api-servers.

Change-Id: I7fddf73df728937c7712e99282b32147bc311937
Closes-Bug: 1644713
Closes-Bug: 1644707
(cherry picked from commit d49aec87815d0b881aaec405832c5ac581e29c3d)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2017-01-31:

#21

Reviewed: https://review.opencontrail.org/27898
Committed: http://github.org/Juniper/contrail-controller/commit/edeac12c6f0fb44e79039d914da28153fca10cb7
Submitter: Zuul (<email address hidden>)
Branch: R3.1.1.x

commit edeac12c6f0fb44e79039d914da28153fca10cb7
Author: Ignatious Johnson Christopher <email address hidden>
Date: Mon Nov 21 15:07:15 2016 -0800

Certificates needs to be chanined and bundled
in the order (certfile, keyfile and cacert).

1. Chaining in the certificate in correct order
2. Making certfile/keyfile optional

Closes-Bug: 1639426
Closes-Bug: 1630513

Getting certs as argument to the VncApi class and creating
unique certbundle for request to different api-servers.
Closes-Bug: 1644713
Closes-Bug: 1644707

Conflicts:
src/api-lib/vnc_api.py

When insecure flag is set to True in contrail-keystone-auth.conf,
contrail-api fails to start as the cafile is not initialized.
Initializing cafile to empty string, to handle insecure connections.

Change-Id: I23e4fd8ba533000e041fc892845ccc0bbd50fc48
Closes-Bug: 1650697
(cherry picked from commit 9c6d9ca425e9030fdab01db81f15eac479772854)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.