[Openstack-security] [Bug 1195431] Re: kombu_ssl_version is a cfg.StrOpt but the ssl socket code requires an Integer value
Davanum Srinivas (DIMS)
davanum at gmail.com
Tue Jul 2 13:12:38 UTC 2013
** Changed in: oslo
Milestone: None => havana-2
** Changed in: oslo
Importance: Undecided => Medium
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1195431
Title:
kombu_ssl_version is a cfg.StrOpt but the ssl socket code requires an
Integer value
Status in Oslo - a Library of Common OpenStack Code:
In Progress
Bug description:
When specifying 'kombu_ssl_version' for the RPC driver such as either
"kombu_ssl_version=3" or "kombu_ssl_version=SSLv3" the relevant
OpenStack service (nova, cinder, etc) will fail with the following
traceback:
2013-06-27 15:05:30.257 CRITICAL cinder [-] an integer is required
2013-06-27 15:05:30.257 TRACE cinder Traceback (most recent call last):
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/bin/cinder-scheduler", line 50, in <module>
2013-06-27 15:05:30.257 TRACE cinder service.wait()
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/service.py", line 624, in wait
2013-06-27 15:05:30.257 TRACE cinder _launcher.wait()
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/service.py", line 135, in wait
2013-06-27 15:05:30.257 TRACE cinder service.wait()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/greenthread.py", line 168, in wait
2013-06-27 15:05:30.257 TRACE cinder return self._exit_event.wait()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/event.py", line 116, in wait
2013-06-27 15:05:30.257 TRACE cinder return hubs.get_hub().switch()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/hubs/hub.py", line 187, in switch
2013-06-27 15:05:30.257 TRACE cinder return self.greenlet.switch()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/greenthread.py", line 194, in main
2013-06-27 15:05:30.257 TRACE cinder result = function(*args, **kwargs)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/service.py", line 96, in run_server
2013-06-27 15:05:30.257 TRACE cinder server.start()
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/service.py", line 359, in start
2013-06-27 15:05:30.257 TRACE cinder self.manager.init_host()
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/scheduler/manager.py", line 62, in init_host
2013-06-27 15:05:30.257 TRACE cinder self.request_service_capabilities(ctxt)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/scheduler/manager.py", line 141, in request_service_capabilities
2013-06-27 15:05:30.257 TRACE cinder volume_rpcapi.VolumeAPI().publish_service_capabilities(context)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/volume/rpcapi.py", line 133, in publish_service_capabilities
2013-06-27 15:05:30.257 TRACE cinder version='1.2')
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/proxy.py", line 142, in fanout_cast
2013-06-27 15:05:30.257 TRACE cinder rpc.fanout_cast(context, self._get_topic(topic), msg)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/__init__.py", line 179, in fanout_cast
2013-06-27 15:05:30.257 TRACE cinder return _get_impl().fanout_cast(CONF, context, topic, msg)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/impl_kombu.py", line 812, in fanout_cast
2013-06-27 15:05:30.257 TRACE cinder rpc_amqp.get_connection_pool(conf, Connection))
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/amqp.py", line 635, in fanout_cast
2013-06-27 15:05:30.257 TRACE cinder with ConnectionContext(conf, connection_pool) as conn:
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/amqp.py", line 122, in __init__
2013-06-27 15:05:30.257 TRACE cinder self.connection = connection_pool.get()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/pools.py", line 119, in get
2013-06-27 15:05:30.257 TRACE cinder created = self.create()
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/amqp.py", line 76, in create
2013-06-27 15:05:30.257 TRACE cinder return self.connection_cls(self.conf)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/impl_kombu.py", line 447, in __init__
2013-06-27 15:05:30.257 TRACE cinder self.reconnect()
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/impl_kombu.py", line 519, in reconnect
2013-06-27 15:05:30.257 TRACE cinder self._connect(params)
2013-06-27 15:05:30.257 TRACE cinder File "/opt/stack/cinder/cinder/openstack/common/rpc/impl_kombu.py", line 495, in _connect
2013-06-27 15:05:30.257 TRACE cinder self.connection.connect()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/kombu-2.5.11-py2.7.egg/kombu/connection.py", line 246, in connect
2013-06-27 15:05:30.257 TRACE cinder return self.connection
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/kombu-2.5.11-py2.7.egg/kombu/connection.py", line 761, in connection
2013-06-27 15:05:30.257 TRACE cinder self._connection = self._establish_connection()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/kombu-2.5.11-py2.7.egg/kombu/connection.py", line 720, in _establish_connection
2013-06-27 15:05:30.257 TRACE cinder conn = self.transport.establish_connection()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/kombu-2.5.11-py2.7.egg/kombu/transport/pyamqp.py", line 110, in establish_connection
2013-06-27 15:05:30.257 TRACE cinder **conninfo.transport_options or {})
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/amqp-1.0.12-py2.7.egg/amqp/connection.py", line 136, in __init__
2013-06-27 15:05:30.257 TRACE cinder self.transport = create_transport(host, connect_timeout, ssl)
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/amqp-1.0.12-py2.7.egg/amqp/transport.py", line 252, in create_transport
2013-06-27 15:05:30.257 TRACE cinder return SSLTransport(host, connect_timeout, ssl)
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/amqp-1.0.12-py2.7.egg/amqp/transport.py", line 170, in __init__
2013-06-27 15:05:30.257 TRACE cinder super(SSLTransport, self).__init__(host, connect_timeout)
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/amqp-1.0.12-py2.7.egg/amqp/transport.py", line 105, in __init__
2013-06-27 15:05:30.257 TRACE cinder self._setup_transport()
2013-06-27 15:05:30.257 TRACE cinder File "/usr/local/lib/python2.7/dist-packages/amqp-1.0.12-py2.7.egg/amqp/transport.py", line 178, in _setup_transport
2013-06-27 15:05:30.257 TRACE cinder self.sslobj = ssl.wrap_socket(self.sock, **self.sslopts)
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/green/ssl.py", line 288, in wrap_socket
2013-06-27 15:05:30.257 TRACE cinder return GreenSSLSocket(sock, *a, **kw)
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/dist-packages/eventlet/green/ssl.py", line 46, in __init__
2013-06-27 15:05:30.257 TRACE cinder super(GreenSSLSocket, self).__init__(sock.fd, *args, **kw)
2013-06-27 15:05:30.257 TRACE cinder File "/usr/lib/python2.7/ssl.py", line 197, in __init__
2013-06-27 15:05:30.257 TRACE cinder ciphers)
2013-06-27 15:05:30.257 TRACE cinder TypeError: an integer is required
This is because the underlying rpc driver is trying to create an SSL
socket which requires an integer such as the following built-in SSL
integer constants:
PROTOCOL_SSLv2
PROTOCOL_SSLv3
PROTOCOL_SSLv23
PROTOCOL_TLSv1
To manage notifications about this bug go to:
https://bugs.launchpad.net/oslo/+bug/1195431/+subscriptions
More information about the Openstack-security
mailing list