Re: [integration-dev] [OpenDaylight TSC] [opendaylight-dev][release] OpenDaylight - Aluminium SR2 release status


Luis Gomez
 

Well, since the odl-restconf feature includes both draft and RFC8040 API, I believe this bug is effectively a security hole with a non trivial workaround even for the draft users (e.g. repack the restconf feature to skip RFC8040).

So my suggest is to skip Aluminium SR2 official release. Other TSC (or not TSC) opinions?

BR/Luis

On Jan 28, 2021, at 10:33 AM, Venkatrangan Govindarajan <gvrangan@...> wrote:

The problem occurs if the RFC8040 is used

curl http://127.0.0.1:8181/rests/data/network-topology:network-topology  -v
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8181 (#0)
> GET /rests/data/network-topology:network-topology HTTP/1.1
> Host: 127.0.0.1:8181
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< ETag: "2013-10-21-network-topology"
< Last-Modified: 2021-Jan-28 18:31:25
< Content-Type: application/yang-data+json
< Content-Length: 133
<
* Connection #0 to host 127.0.0.1 left intact
{"network-topology:net


It does not require authorization. The  issue seems to be recreated.

வியா., 28 ஜன., 2021, பிற்பகல் 11:46 அன்று, Daniel de la Rosa <ddelarosa0707@...> எழுதியது:
Thanks Oleksii... IMHO, this issue is not a show stopper for Aluminium SR2 but please confirm

On Thu, Jan 28, 2021 at 10:09 AM Oleksii Mozghovyi <Oleksii.Mozghovyi@...> wrote:

Hello everyone,

This issue is related only to the RFC8040 implementation of the RESTconf, so you have to use a proper endpoint for the testing, for example:

The thing is that {apiRoot}/restconf is managed by a different web initializer and doesn't have such an issue.


From: release@... <release@...> on behalf of Venkatrangan Govindarajan <gvrangan@...>
Sent: Thursday, January 28, 2021 8:01:59 PM
To: Luis Gomez
Cc: Daniel de la Rosa; THOUENON Gilles TGI/OLN; integration-dev@...; Anil Belur; Casey Cain; Jordan Conway; LAMBERT Guillaume TGI/OLN; Release; Robert Varga; TSC; Transportpce-dev@...
Subject: Re: [integration-dev] [OpenDaylight TSC] [opendaylight-dev][release] OpenDaylight - Aluminium SR2 release status
 
Just downloaded SR2 and installed some project that uses topology model and executed this...

******************
curl http://127.0.0.1:8181/restconf/operational/network-topology:network-topology -v
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8181 (#0)
> GET /restconf/operational/network-topology:network-topology HTTP/1.1
> Host: 127.0.0.1:8181
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: BASIC realm="application"
< Content-Length: 0
<
* Connection #0 to host 127.0.0.1 left intact
gvrangan@gvrangan-Latitude-3490:~\> curl http://127.0.0.1:8181/restconf/operational/network-topology:network-topology --user 'admin:admin;
> ^C
gvrangan@gvrangan-Latitude-3490:~\> curl http://127.0.0.1:8181/restconf/operational/network-topology:network-topology --user 'admin:admin'
{"network-topology":{"topology":[{"topology-id":"hwvtep:1"},{"topology-id":"ovsdb:1"},{"topology-id":"netvirt:1"}]}}gvrangan@gvrangan-Latitude-3490:~\>
gvrangan@gvrangan-Latitude-3490:~\>
gvrangan@gvrangan-Latitude-3490:~\>
gvrangan@gvrangan-Latitude-3490:~\>
gvrangan@gvrangan-Latitude-3490:~\> curl http://127.0.0.1:8181/restconf/operational/network-topology:network-topology --user 'admin:admin'
{"network-topology":{"topology":[{"topology-id":"hwvtep:1"},{"topology-id":"ovsdb:1"},{"topology-id":"netvirt:1"}]}}gvrangan@gvrangan-Latitude-3490:~\>
gvrangan@gvrangan-Latitude-3490:~\>
gvrangan@gvrangan-Latitude-3490:~\> curl http://127.0.0.1:8181/restconf/operational/network-topology:network-topology --user 'admin:admin'
{"network-topology":{"topology":[{"topology-id":"hwvtep:1"},{"topology-id":"ovsdb:1"},{"topology-id":"netvirt:1"}]}}
************

The GET seems to require authorization. Also used wrong password which was also blocked.





வியா., 28 ஜன., 2021, பிற்பகல் 10:53 அன்று, Luis Gomez <ecelgp@...> எழுதியது:
It seems like we have to stop the Aluminium SR2 release after hearing the authentication issue from Robert.

On Jan 27, 2021, at 4:32 PM, Daniel de la Rosa <ddelarosa0707@...> wrote:

Thank you all.. @Luis Gomez please proceed with distribution at your earliest convenience

On Mon, Jan 25, 2021 at 10:25 AM <gilles.thouenon@...> wrote:

Hello,

 

I’ve proceeded to the TransportPCE release merge job for Aluminium SR2 which is tagged with version 2.2.0.

https://jenkins.opendaylight.org/releng/view/transportpce/job/transportpce-release-merge/lastBuild/

Everything on our side seems ok.

Tell us if additional action is required from our side.

 

Best Regards,

 

Gilles Thouénon

 

De : release@... [mailto:release@...] De la part de Gilles Thouenon via lists.opendaylight.org
Envoyé : lundi 25 janvier 2021 08:31
À : Daniel de la Rosa <ddelarosa0707@...>; Anil Belur <abelur@...>; Luis Gomez <ecelgp@...>; LAMBERT Guillaume TGI/OLN <guillaume.lambert@...>
Cc : 'integration-dev@...' (integration-dev@...) (integration-dev@...) <integration-dev@...>; Release <release@...>; TSC <tsc@...>; Jordan Conway <jconway@...>; Casey Cain <ccain@...>; Robert Varga <nite@...>; Venkatrangan Govindarajan <gvrangan@...>
Objet : Re: [integration-dev] [OpenDaylight TSC] [opendaylight-dev][release] OpenDaylight - Aluminium SR2 release status

 

Thanks Daniel.

On TransportPCE side, our stable/aluminium branch is ready. We encountered the same issue as

https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/IT-21406
to stage the release.

So, we are waiting for the resolution of Jenkins jobs failing issue.

Best Regards,

 

Gilles Thouenon

 

De : integration-dev@... [mailto:integration-dev@...] De la part de Daniel de la Rosa
Envoyé : lundi 25 janvier 2021 06:39
À : Anil Belur <abelur@...>; Luis Gomez <ecelgp@...>; LAMBERT Guillaume TGI/OLN <guillaume.lambert@...>
Cc : 'integration-dev@...' (integration-dev@...) (integration-dev@...) <integration-dev@...>; Release <release@...>; TSC <tsc@...>; Jordan Conway <jconway@...>; Casey Cain <ccain@...>; Robert Varga <nite@...>; Venkatrangan Govindarajan <gvrangan@...>
Objet : Re: [integration-dev] [OpenDaylight TSC] [opendaylight-dev][release] OpenDaylight - Aluminium SR2 release status

 

Thanks Anil. TransportPCE team, please proceed at your earliest convenience.

 

 

 

On Sun, Jan 24, 2021 at 7:43 PM Anil Belur <abelur@...> wrote:

Hello All,

OpenDaylight Aluminium SR2 version bump is complete and the staging repository is been promoted. The 'stable/aluminum' branch is unlocked and ready for development.


Pending activities that need to be completed for the release:
1. Self-managed projects release of Aluminum SR2.
2. Release Distribution once the 1. is complete.
3. Release notes - to be merged CR [1.]
4. Update ODL downloads page [1.].

Thanks to everyone who contributed to the release.

Regards,
Anil Belur

[0.] https://docs.opendaylight.org/en/latest/downloads.html
[1.] https://git.opendaylight.org/gerrit/c/docs/+/94758

 

_________________________________________________________________________________________________________________________
 
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
 
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.



--
Venkatrangan Govindarajan
( When there is no wind...Row )


--
Venkatrangan Govindarajan
( When there is no wind...Row )

Join TSC@lists.opendaylight.org to automatically receive all group messages.