** Changed in: neutron Status: Fix Committed => Fix Released ** Changed in: neutron Milestone: None => kilo-1
-- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1393329 Title: Trailing whitespaces pass IP address validation Status in OpenStack Neutron (virtual network service): Fix Released Bug description: API attributes validation doesn't detect a trailing CR code. By the following operations, a CR code causes a serious trouble. 1. Create files in Windows (newline characters are CR+LF) for heat. template.yaml --------------------- : parameters: subnet_secure_allocation_start: type: string description: Allocation of the secure subnet. : resources: swift_network_secure: type: OS::Neutron::Net properties: name: { get_param: network_secure_name } swift_ctl_subnet_secure: type: OS::Neutron::Subnet depends_on: swift_network_secure properties: cidr: { get_param: subnet_secure_cidr } name: { get_param: subnet_secure_name } network_id: { get_resource: swift_network_secure } gateway_ip: { get_param: subnet_secure_gateway_ip } allocation_pools: [{"end": {get_param: subnet_secure_allocation_end},"start": {get_param: subnet_secure_allocation_start}}] : --------------------- param.txt ------------------------------- availability_zone=xxx;...;subnet_secure_allocation_end=172.16.16.250;subnet_secure_allocation_start=172.16.16.240 ------------------------------- 2. Execute 'heat stack-create' command with these files. $ heat stack-create -f template.yaml -P `cat param.txt` stack_name Then, 'subnet_secure_allocation_start', or the last parameter of param.txt contains a trailing CR code. This parameter is given to neutron as a start IP address of allocation_pools. The trailing CR code passes IP address validation and causes ovs-agent to crash. The CR code was accepted. $ neutron subnet-show xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx +------------------+------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------+ | allocation_pools | {"start": "172.16.16.240\r", "end": "172.16.16.250"} | The error occurred in ovs-agent. -------------------------------------- 2014-11-05 12:35:32.046 16862 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent RuntimeError: 2014-11-05 12:35:32.046 16862 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'iptables-restore', '-c'] 2014-11-05 12:35:32.046 16862 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Exit code: 2 2014-11-05 12:35:32.046 16862 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Stdout: '' 2014-11-05 12:35:32.046 16862 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Stderr: "iptables-restore v1.4.7: host/network `172.16.16.240\r' notfound\nError occurred at line: 220\nTry `iptables-restore -h' or 'iptables-restore --help' for more information.\n" -------------------------------------- It is critical that a tenant user's operation mistake affects whole system. We think the validation should reject parameters with trailing CR codes. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1393329/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp