Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1096406

Summary: Unable to start neutron-server during new installation setup, when a password with special characters is used
Product: Red Hat OpenStack Reporter: Chris Roberts <chrobert>
Component: doc-Installation_and_Configuration_GuideAssignee: Martin Lopes <mlopes>
Status: CLOSED CURRENTRELEASE QA Contact: Bruce Reeler <breeler>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: apevec, chrisw, chrobert, ddomingo, ihrachys, jdexter, markmc, ndipanov, nyechiel, rlandman, yeylon
Target Milestone: ---Keywords: Documentation, Reopened, Triaged
Target Release: 5.0 (RHEL 7)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-04 13:07:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Roberts 2014-05-09 21:02:38 UTC 
Description of problem: Unable to start neutron-server during new installation setup, when a password with special characters is used



How reproducible: 


Steps to Reproduce:
1. put special characters in neutron.conf file
2. tried to start neutron in debug mode for verbose output
3. verfied with a password without special characters and neutron works fine

Actual results: got a 2014-05-08 14:29:49.460 8566 TRACE neutron     value = getattr(self.conf, key)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 1652, in __getattr__
2014-05-08 14:29:49.460 8566 TRACE neutron     raise NoSuchOptError(name)
2014-05-08 14:29:49.460 8566 TRACE neutron NoSuchOptError: no such option: c0123


Expected results: Neutron to start normally


Additional info:

service neutron-server status
neutron dead but pid file exists
[root@rtp1-osc-mgmt-001 log]# 


**********************************************

2014-05-08 14:29:49.460 8566 TRACE neutron     service.start()
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/neutron/service.py", line 68, in start
2014-05-08 14:29:49.460 8566 TRACE neutron     self.wsgi_app = _run_wsgi(self.app_name)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/neutron/service.py", line 112, in _run_wsgi
2014-05-08 14:29:49.460 8566 TRACE neutron     app = config.load_paste_app(app_name)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/neutron/common/config.py", line 144, in load_paste_app
2014-05-08 14:29:49.460 8566 TRACE neutron     app = deploy.loadapp("config:%s" % config_path, name=app_name)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 247, in loadapp
2014-05-08 14:29:49.460 8566 TRACE neutron     return loadobj(APP, uri, name=name, **kw)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 272, in loadobj
2014-05-08 14:29:49.460 8566 TRACE neutron     return context.create()
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 710, in create
2014-05-08 14:29:49.460 8566 TRACE neutron     return self.object_type.invoke(self)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 144, in invoke
2014-05-08 14:29:49.460 8566 TRACE neutron     **context.local_conf)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/util.py", line 56, in fix_call
2014-05-08 14:29:49.460 8566 TRACE neutron     val = callable(*args, **kw)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/paste/urlmap.py", line 25, in urlmap_factory
2014-05-08 14:29:49.460 8566 TRACE neutron     app = loader.get_app(app_name, global_conf=global_conf)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 350, in get_app
2014-05-08 14:29:49.460 8566 TRACE neutron     name=name, global_conf=global_conf).create()
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 710, in create
2014-05-08 14:29:49.460 8566 TRACE neutron     return self.object_type.invoke(self)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/loadwsgi.py", line 144, in invoke
2014-05-08 14:29:49.460 8566 TRACE neutron     **context.local_conf)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/PasteDeploy-1.5.0-py2.6.egg/paste/deploy/util.py", line 56, in fix_call
2014-05-08 14:29:49.460 8566 TRACE neutron     val = callable(*args, **kw)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/neutron/auth.py", line 62, in pipeline_factory
2014-05-08 14:29:49.460 8566 TRACE neutron     app = filter(app)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 1412, in auth_filter
2014-05-08 14:29:49.460 8566 TRACE neutron     return AuthProtocol(app, conf)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 460, in __init__
2014-05-08 14:29:49.460 8566 TRACE neutron     self.admin_password = self._conf_get('admin_password')
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/keystoneclient/middleware/auth_token.py", line 519, in _conf_get
2014-05-08 14:29:49.460 8566 TRACE neutron     return CONF.keystone_authtoken[name]
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 2200, in __getitem__
2014-05-08 14:29:49.460 8566 TRACE neutron     return self.__getattr__(key)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 2196, in __getattr__
2014-05-08 14:29:49.460 8566 TRACE neutron     return self._conf._get(name, self._group)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 1996, in _get
2014-05-08 14:29:49.460 8566 TRACE neutron     value = self._substitute(self._do_get(name, group, namespace))
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 2052, in _substitute
2014-05-08 14:29:49.460 8566 TRACE neutron     return tmpl.safe_substitute(self.StrSubWrapper(self))
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib64/python2.6/string.py", line 205, in safe_substitute
2014-05-08 14:29:49.460 8566 TRACE neutron     return self.pattern.sub(convert, self.template)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib64/python2.6/string.py", line 190, in convert
2014-05-08 14:29:49.460 8566 TRACE neutron     return '%s' % (mapping[named],)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 2270, in __getitem__
2014-05-08 14:29:49.460 8566 TRACE neutron     value = getattr(self.conf, key)
2014-05-08 14:29:49.460 8566 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 1652, in __getattr__
2014-05-08 14:29:49.460 8566 TRACE neutron     raise NoSuchOptError(name)
2014-05-08 14:29:49.460 8566 TRACE neutron NoSuchOptError: no such option: c0123
2014-05-08 14:29:49.460 8566 TRACE neutron
Comment 2 Alan Pevec 2014-05-09 21:14:06 UTC 
> 1. put special characters in neutron.conf file

Please provide example neutron.conf, what "special characters" were used?
Comment 4 Jeff Dexter 2014-05-09 21:26:15 UTC 
@Alan
I was able to reproduce this issue on the gsslab enviroment running RHOSP4 A3

The password used was c1$redhat1!

It had the same trace. 

014-05-09 16:35:21.735 24380 TRACE neutron   File "/usr/lib/python2.6/site-packages/oslo/config/cfg.py", line 1652, in __getattr__
2014-05-09 16:35:21.735 24380 TRACE neutron     raise NoSuchOptError(name)
2014-05-09 16:35:21.735 24380 TRACE neutron NoSuchOptError: no such option: redhat1
2014-05-09 16:35:21.735 24380 TRACE neutron



[DEFAULT]
debug = False
verbose = True
use_syslog = False
log_dir =/var/log/neutron
bind_host = 0.0.0.0
bind_port = 9696
core_plugin =neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
auth_strategy = keystone
base_mac = fa:16:3e:00:00:00
mac_generation_retries = 16
dhcp_lease_duration = 120
allow_bulk = True
allow_overlapping_ips = True
rpc_backend = neutron.openstack.common.rpc.impl_qpid
control_exchange = neutron
qpid_hostname = 10.10.72.1
qpid_port = 5671
qpid_username = qpid_user
qpid_password = 453fb79409404204
qpid_heartbeat = 60
qpid_protocol = ssl
qpid_tcp_nodelay = True
agent_down_time = 9
router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
dhcp_agents_per_network = 1
api_workers = 0
qpid_reconnect_limit=0
qpid_reconnect_interval_max=0
qpid_reconnect_timeout=0
qpid_reconnect=True
qpid_reconnect_interval_min=0
qpid_reconnect_interval=0
report_interval=4
[quotas]
[agent]
[keystone_authtoken]
auth_host = 10.10.72.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = services
admin_user = neutron
admin_password = c1$redhat1!
auth_uri=http://10.10.72.1:5000/
[database]
connection = mysql://neutron:4cc41f5540aa4753.72.1/ovs_neutron
max_retries = 10
retry_interval = 10
idle_timeout = 3600
[service_providers]
[AGENT]
root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf
Comment 5 Alan Pevec 2014-05-10 21:01:15 UTC 
> admin_password = c1$redhat1!

oslo.config interpolates $parameter_name so you need to escape dollar sign as $$
i.e. admin_password = c1$$redhat1! to set exact value c1$redhat1! for admin_password parameter.

https://github.com/openstack/oslo.config/blob/68640a4d7552d8110a1a4626b03c234eb8931689/oslo/config/cfg.py#L218
Comment 6 Chris Roberts 2014-05-14 14:43:00 UTC 
Is there anyway we can get this changed and a patch submitted upstream and then if accepted backported to RHOS? There are a lot of use cases out there that I see running into this issue, especially when using auth like LDAP, etc.
Comment 7 Ihar Hrachyshka 2014-05-15 09:09:59 UTC 
We are not going to introduce special handling for $ chars in specific statements. Instead, those who put passwords into config files should make sure they properly escape those chars.

If there is any work to do on our side, it's in documentation. F.e. for nova, it's documented upstream at: http://docs.openstack.org/havana/config-reference/content/compute-options.html Maybe we should do the same thing for neutron and other services that still lack this knowledge in docs.
Comment 9 Ihar Hrachyshka 2014-06-02 08:14:23 UTC 
I think there is still place for improvement:

- I think only $ char should be escaped. Other characters do not need it, so there is no need to refer to 'special character*s*' in the note.
- there is also a special rule in case you want your password to contain a space. In that case, the password string should be quoted.

We should also probably check whether we play nice with quotes and double quotes in passwords.
Comment 11 Ihar Hrachyshka 2014-06-03 09:19:23 UTC 
Thanks! Now it looks good. We may revisit escaping rules in regards to quotes in case anyone is interested in it.
Comment 12 Martin Lopes 2014-06-13 00:43:43 UTC 
Ready for QE once package is available.
Comment 14 Bruce Reeler 2014-06-27 06:34:05 UTC 
Reviewed - note is present and correct.