Hide Forgot
Description of problem: There are two checks, 'DHCP on the Provisioning Network' and 'DHCP on the Introspection Network'. These two checks fail (from scapy.all import BOOTP raises an exception), despite scapy installed on the system: [root@director ~] # pip show scapy --- Metadata-Version: 1.0 Name: scapy Version: 2.3.2 Summary: Scapy: interactive packet manipulation tool Home-page: http://www.secdev.org/projects/scapy Author: Philippe BIONDI Author-email: phil(at)secdev.org License: GPLv2 Location: /usr/lib/python2.7/site-packages Requires: I applied the following to workaround the issue. 1- Updated /usr/share/openstack-tripleo-validations/validations/dhcp-provisioning.yaml by appending the following setting to the 'pip' line: virtualenv_site_packages=yes pip: name=scapy version=2.3.2 state=present virtualenv=/tmp/validations-venv virtualenv_site_packages=yes 2- Did the same for dhcp-introspection.yaml Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Launch the 'DHCP on the Provisioning Network' and 'DHCP on the Provisioning Network DHCP on the Provisioning Network'checks 2. Both will fail (from scapy.all import BOOTP raises an exception) Actual results: The virtual environment does not import the Scapy module Expected results: The virtual environment should import the Scapy module and the two checks should pass. Additional info: As a side node, the RPM package scapy 2.3.2 is non existing, thus preventing this feature to work in offline installations.
Created attachment 1246756 [details] Workaround
Created attachment 1246757 [details] Workaround - second file
doing a bit of digging here is what I found for scapy references in OSP 10 [openstack-tripleo-validations]$ ag scapy tripleo-validations-5.1.1/validations/dhcp-provisioning.yaml 23: - name: Install scapy 24: pip: name=scapy version=2.3.2 state=present virtualenv=/tmp/validations-venv tripleo-validations-5.1.1/validations/files/rogue_dhcp.py 17:# Disable scapy's warning to stderr: 20:logging.getLogger("scapy.runtime").setLevel(logging.ERROR) 23:from scapy.all import BOOTP 24:from scapy.all import conf 25:from scapy.all import DHCP 26:from scapy.all import Ether 27:from scapy.all import get_if_raw_hwaddr 28:from scapy.all import IP 29:from scapy.all import srp 30:from scapy.all import UDP tripleo-validations-5.1.1/validations/dhcp-introspection.yaml 18: - name: Install scapy 19: pip: name=scapy version=2.3.2 state=present virtualenv=/tmp/validations-venv
how are we getting pip installed on the system?
I've pushed a patch both upstream [1] and downstream [2] that replaces the scapy script by one using raw sockets. The upstream patch received negative feedback asking to package scapy instead. My suggestion would be to remove this validation if the patch is not going to be merged. I don't know how much work is needed to get scapy packaged for RHEL, but this is not something I can commit to right now. Jason, can someone from the UI DFG take over these patches? [1] https://review.openstack.org/#/c/430681/ [2] https://code.engineering.redhat.com/gerrit/#/c/97154/
Martin - yes