Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1096406 - Unable to start neutron-server during new installation setup, when a password with special characters is used
Unable to start neutron-server during new installation setup, when a password...
Status: CLOSED CURRENTRELEASE
Product: Red Hat OpenStack
Classification: Red Hat
Component: doc-Installation_and_Configuration_Guide (Show other bugs)
4.0
Unspecified Unspecified
medium Severity medium
: ---
: 5.0 (RHEL 7)
Assigned To: Martin Lopes
Bruce Reeler
: Documentation, Reopened, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2014-05-09 17:02 EDT by Chris Roberts
Modified: 2016-04-26 19:00 EDT (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-09-04 09:07:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Chris Roberts 2014-05-09 17:02:38 EDT 
Description of problem: Unable to start neutron-server during new installation setup, when a password with special characters is used



How reproducible: 


Steps to Reproduce:
1. put special characters in neutron.conf file
2. tried to start neutron in debug mode for verbose output
3. verfied with a password without special characters and neutron works fine

Actual results: got a 2014-05-08 14:29:49.460 8566 TRACE neutron     value = getattr(self.conf, key)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 1652, in __getattr__
2014-05-08 14:29:49.460 8566 TRACE neutron     raise NoSuchOptError(name)
2014-05-08 14:29:49.460 8566 TRACE neutron NoSuchOptError: no such option: c0123


Expected results: Neutron to start normally


Additional info:

service neutron-server status
neutron dead but pid file exists
[root@rtp1-osc-mgmt-001 log]# 


**********************************************

2014-05-08 14:29:49.460 8566 TRACE neutron     service.start()
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/neutron/service.py", line 68, in start
2014-05-08 14:29:49.460 8566 TRACE neutron     self.wsgi_app = _run_wsgi(self.app_name)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/neutron/service.py", line 112, in _run_wsgi
2014-05-08 14:29:49.460 8566 TRACE neutron     app = config.load_paste_app(app_name)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/neutron/common/config.py", line 144, in load_paste_app
2014-05-08 14:29:49.460 8566 TRACE neutron     app = deploy.loadapp("config:%s" % config_path, name=app_name)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 247, in loadapp
2014-05-08 14:29:49.460 8566 TRACE neutron     return loadobj(APP, uri, name=name, **kw)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 272, in loadobj
2014-05-08 14:29:49.460 8566 TRACE neutron     return context.create()
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 710, in create
2014-05-08 14:29:49.460 8566 TRACE neutron     return self.object_type.invoke(self)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 144, in invoke
2014-05-08 14:29:49.460 8566 TRACE neutron     **context.local_conf)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/util.py", line 56, in fix_call
2014-05-08 14:29:49.460 8566 TRACE neutron     val = callable(*args, **kw)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/paste/urlmap.py", line 25, in urlmap_factory
2014-05-08 14:29:49.460 8566 TRACE neutron     app = loader.get_app(app_name, global_conf=global_conf)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 350, in get_app
2014-05-08 14:29:49.460 8566 TRACE neutron     name=name, global_conf=global_conf).create()
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 710, in create
2014-05-08 14:29:49.460 8566 TRACE neutron     return self.object_type.invoke(self)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 144, in invoke
2014-05-08 14:29:49.460 8566 TRACE neutron     **context.local_conf)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/util.py", line 56, in fix_call
2014-05-08 14:29:49.460 8566 TRACE neutron     val = callable(*args, **kw)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/neutron/auth.py", line 62, in pipeline_factory
2014-05-08 14:29:49.460 8566 TRACE neutron     app = filter(app)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1412, in auth_filter
2014-05-08 14:29:49.460 8566 TRACE neutron     return AuthProtocol(app, conf)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 460, in __init__
2014-05-08 14:29:49.460 8566 TRACE neutron     self.admin_password = self._conf_get('admin_password')
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 519, in _conf_get
2014-05-08 14:29:49.460 8566 TRACE neutron     return CONF.keystone_authtoken[name]
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 2200, in __getitem__
2014-05-08 14:29:49.460 8566 TRACE neutron     return self.__getattr__(key)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 2196, in __getattr__
2014-05-08 14:29:49.460 8566 TRACE neutron     return self._conf._get(name, self._group)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 1996, in _get
2014-05-08 14:29:49.460 8566 TRACE neutron     value = self._substitute(self._do_get(name, group, namespace))
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 2052, in _substitute
2014-05-08 14:29:49.460 8566 TRACE neutron     return tmpl.safe_substitute(self.StrSubWrapper(self))
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib64/python2.6/string.py", line 205, in safe_substitute
2014-05-08 14:29:49.460 8566 TRACE neutron     return self.pattern.sub(convert, self.template)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib64/python2.6/string.py", line 190, in convert
2014-05-08 14:29:49.460 8566 TRACE neutron     return '%s' % (mapping[named],)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 2270, in __getitem__
2014-05-08 14:29:49.460 8566 TRACE neutron     value = getattr(self.conf, key)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 1652, in __getattr__
2014-05-08 14:29:49.460 8566 TRACE neutron     raise NoSuchOptError(name)
2014-05-08 14:29:49.460 8566 TRACE neutron NoSuchOptError: no such option: c0123
2014-05-08 14:29:49.460 8566 TRACE neutron
Comment 2 Alan Pevec 2014-05-09 17:14:06 EDT 
> 1. put special characters in neutron.conf file

Please provide example neutron.conf, what "special characters" were used?
Comment 4 Jeff Dexter 2014-05-09 17:26:15 EDT 
@Alan
I was able to reproduce this issue on the gsslab enviroment running RHOSP4 A3

The password used was c1$redhat1!

It had the same trace. 

014-05-09 16:35:21.735 24380 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 1652, in __getattr__
2014-05-09 16:35:21.735 24380 TRACE neutron     raise NoSuchOptError(name)
2014-05-09 16:35:21.735 24380 TRACE neutron NoSuchOptError: no such option: redhat1
2014-05-09 16:35:21.735 24380 TRACE neutron



[DEFAULT]
debug = False
verbose = True
use_syslog = False
log_dir =/var/log/neutron
bind_host = 0.0.0.0
bind_port = 9696
core_plugin =neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
auth_strategy = keystone
base_mac = fa:16:3e:00:00:00
mac_generation_retries = 16
dhcp_lease_duration = 120
allow_bulk = True
allow_overlapping_ips = True
rpc_backend = neutron.openstack.common.rpc.impl_qpid
control_exchange = neutron
qpid_hostname = 10.10.72.1
qpid_port = 5671
qpid_username = qpid_user
qpid_password = 453fb79409404204
qpid_heartbeat = 60
qpid_protocol = ssl
qpid_tcp_nodelay = True
agent_down_time = 9
router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
dhcp_agents_per_network = 1
api_workers = 0
qpid_reconnect_limit=0
qpid_reconnect_interval_max=0
qpid_reconnect_timeout=0
qpid_reconnect=True
qpid_reconnect_interval_min=0
qpid_reconnect_interval=0
report_interval=4
[quotas]
[agent]
[keystone_authtoken]
auth_host = 10.10.72.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = services
admin_user = neutron
admin_password = c1$redhat1!
auth_uri=http://10.10.72.1:5000/
[database]
connection = mysql://neutron:4cc41f5540aa4753@10.10.72.1/ovs_neutron
max_retries = 10
retry_interval = 10
idle_timeout = 3600
[service_providers]
[AGENT]
root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf
Comment 5 Alan Pevec 2014-05-10 17:01:15 EDT 
> admin_password = c1$redhat1!

oslo.config interpolates $parameter_name so you need to escape dollar sign as $$
i.e. admin_password = c1$$redhat1! to set exact value c1$redhat1! for admin_password parameter.

https://github.com/openstack/oslo.config/blob/68640a4d7552d8110a1a4626b03c234eb8931689/oslo/config/cfg.py#L218
Comment 6 Chris Roberts 2014-05-14 10:43:00 EDT 
Is there anyway we can get this changed and a patch submitted upstream and then if accepted backported to RHOS? There are a lot of use cases out there that I see running into this issue, especially when using auth like LDAP, etc.
Comment 7 Ihar Hrachyshka 2014-05-15 05:09:59 EDT 
We are not going to introduce special handling for $ chars in specific statements. Instead, those who put passwords into config files should make sure they properly escape those chars.

If there is any work to do on our side, it's in documentation. F.e. for nova, it's documented upstream at: http://docs.openstack.org/havana/config-reference/content/compute-options.html Maybe we should do the same thing for neutron and other services that still lack this knowledge in docs.
Comment 9 Ihar Hrachyshka 2014-06-02 04:14:23 EDT 
I think there is still place for improvement:

- I think only $ char should be escaped. Other characters do not need it, so there is no need to refer to 'special character*s*' in the note.
- there is also a special rule in case you want your password to contain a space. In that case, the password string should be quoted.

We should also probably check whether we play nice with quotes and double quotes in passwords.
Comment 11 Ihar Hrachyshka 2014-06-03 05:19:23 EDT 
Thanks! Now it looks good. We may revisit escaping rules in regards to quotes in case anyone is interested in it.
Comment 12 Martin Lopes 2014-06-12 20:43:43 EDT 
Ready for QE once package is available.
Comment 14 Bruce Reeler 2014-06-27 02:34:05 EDT 
Reviewed - note is present and correct.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.