[Bug 1771506] Re: Unit test failure with OpenSSL 1.1.1

OpenStack Infra 1771506 at bugs.launchpad.net
Mon Jul 1 20:34:09 UTC 2019 

Reviewed:  https://review.opendev.org/656308
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=5b0adaa0ca5f757bb224d1ffac0c6705b03ee2ed
Submitter: Zuul
Branch:    stable/queens

commit 5b0adaa0ca5f757bb224d1ffac0c6705b03ee2ed
Author: Corey Bryant <corey.bryant at canonical.com>
Date:   Thu Feb 7 10:12:54 2019 -0500

    xenapi/agent: Change openssl error handling
    
    Prior to this patch, if the openssl command returned a zero exit code
    and wrote details to stderr, nova would raise a RuntimeError exception.
    This patch changes the behavior to only raise a RuntimeError exception
    when openssl returns a non-zero exit code. Regardless of the exit code
    a warning will always be logged with stderr details if stderr is not
    None. Note that processutils.execute will now raise a
    processutils.ProcessExecutionError exception for any non-zero exit code
    since we are passing check_exit_code=True, which we convert to a
    Runtime error.
    
    Thanks to Dimitri John Ledkov <xnox at ubuntu.com> and Eric Fried
    <openstack at fried.cc> for helping with this patch.
    
    Conflicts:
        nova/virt/xenapi/agent.py
    
    NOTE(coreycb): The conflict is due to
    Ibe2f478288db42f8168b52dfc14d85ab92ace74b not being in stable/queens.
    
    Change-Id: I212ac2b5ccd93e00adb7b9fe102fcb70857c6073
    Partial-Bug: #1771506
    (cherry picked from commit 1da71fa4ab1d7d0f580cd5cbc97f2dfd2e1c378a)
    (cherry picked from commit 64793cf6f77c5ba7c9ea51662d936c7545ffce8c)
    (cherry picked from commit 82de38ad4ce86c5398538a8635713a86407216d0)


** Tags added: in-stable-queens

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1771506

Title:
  Unit test failure with OpenSSL 1.1.1

Status in Ubuntu Cloud Archive:
  Fix Committed
Status in Ubuntu Cloud Archive queens series:
  Fix Committed
Status in Ubuntu Cloud Archive rocky series:
  Fix Committed
Status in Ubuntu Cloud Archive stein series:
  Fix Committed
Status in OpenStack Compute (nova):
  In Progress
Status in nova package in Ubuntu:
  Fix Released
Status in nova source package in Bionic:
  Fix Released
Status in nova source package in Cosmic:
  Fix Released
Status in nova source package in Disco:
  Fix Committed

Bug description:
  Hi,

  Building the Nova Queens package with OpenSSL 1.1.1 leads to unit test
  problems. This was reported to Debian at:
  https://bugs.debian.org/898807

  The new openssl 1.1.1 is currently in experimental [0]. This package
  failed to build against this new package [1] while it built fine
  against the openssl version currently in unstable [2]. Could you
  please have a look?

  FAIL: nova.tests.unit.virt.xenapi.test_xenapi.XenAPIDiffieHellmanTestCase.test_encrypt_newlines_inside_message
  |nova.tests.unit.virt.xenapi.test_xenapi.XenAPIDiffieHellmanTestCase.test_encrypt_newlines_inside_message
  |----------------------------------------------------------------------
  |_StringException: pythonlogging:'': {{{2018-05-01 20:48:09,960 WARNING [oslo_config.cfg] Config option key_manager.api_class  is deprecated. Use option key_manager.backend instead.}}}
  |
  |Traceback (most recent call last):
  |  File "/<<PKGBUILDDIR>>/nova/tests/unit/virt/xenapi/test_xenapi.py", line 1592, in test_encrypt_newlines_inside_message
  |    self._test_encryption('Message\nwith\ninterior\nnewlines.')
  |  File "/<<PKGBUILDDIR>>/nova/tests/unit/virt/xenapi/test_xenapi.py", line 1577, in _test_encryption
  |    enc = self.alice.encrypt(message)
  |  File "/<<PKGBUILDDIR>>/nova/virt/xenapi/agent.py", line 432, in encrypt
  |    return self._run_ssl(text).strip('\n')
  |  File "/<<PKGBUILDDIR>>/nova/virt/xenapi/agent.py", line 428, in _run_ssl
  |    raise RuntimeError(_('OpenSSL error: %s') % err)
  |RuntimeError: OpenSSL error: *** WARNING : deprecated key derivation used.
  |Using -iter or -pbkdf2 would be better.

  It looks like due to additional message on stderr.

  [0] https://lists.debian.org/msgid-search/20180501211400.GA21460@roeckx.be
  [1] https://breakpoint.cc/openssl-rebuild/2018-05-03-rebuild-openssl1.1.1-pre6/attempted/nova_17.0.0-4_amd64-2018-05-01T20%3A39%3A38Z
  [2] https://breakpoint.cc/openssl-rebuild/2018-05-03-rebuild-openssl1.1.1-pre6/successful/nova_17.0.0-4_amd64-2018-05-02T18%3A46%3A36Z

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1771506/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list