Bug#810850: marked as done (/usr/sbin/gnt-instance: gnt-instance info $instance fails with the exception "KeyError: 'secret'".)

Fri, 15 Jan 2016 02:22:34 -0800 

Your message dated Fri, 15 Jan 2016 10:17:07 +0000
with message-id <[email protected]>
and subject line Bug#810850: fixed in ganeti 2.12.4-1+deb8u3
has caused the Debian Bug report #810850,
regarding /usr/sbin/gnt-instance: gnt-instance info $instance fails with the 
exception  "KeyError: 'secret'".
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
810850: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810850
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ganeti
Version: 2.12.4-1+deb8u2
Severity: normal
File: /usr/sbin/gnt-instance


After updating ganeti2 to fix CVE-2015-7945. The gnt-instance info $instance 
command fails when querying
instances with a drbd disk template because the 'secret' key is not in the 
drbd_info dict.


# gnt-instance info instance1
Traceback (most recent call last):
  File "/usr/sbin/gnt-instance", line 21, in <module>
    sys.exit(main.Main())
  File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 1678, in 
Main
    env_override=_ENV_OVERRIDE)
  File "/usr/share/ganeti/2.12/ganeti/cli.py", line 2709, in GenericMain
    result = func(options, args)
  File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 1234, in 
ShowInstanceConfig
    for instance in result.values()
  File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 1198, in 
_FormatInstanceInfo
    for (idx, device) in enumerate(instance["disks"])
  File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 1064, in 
_FormatBlockDevInfo
    l_id = _FormatDiskDetails(dev["dev_type"], dev, roman)
  File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 963, in 
_FormatDiskDetails
    ("auth key", str(drbd_info["secret"])),
KeyError: 'secret'


I tracked the error down to this line
#/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py
963:      ("auth key", str(drbd_info["secret"])),


If you inspect drbd_info the "secret" key does not exist. I was able to have 
the command execute by changing
the line 963 to:


      ("auth key", str(drbd_info.get("secret"))),


Now the info shows the auth_key as None:


  Disk template: drbd
  Disks:
    - disk/0: drbd, size 20.0G
      access mode: rw
      nodeA: host5, minor=0
      nodeB: host4, minor=1
      port: 11006
      auth key: None


It looks like this issue was introduced by this commit:
http://git.ganeti.org/?p=ganeti.git;a=commit;h=6f9ba80f8312d5607da70841f698c49000a31126


diff --git a/lib/storage/drbd.py b/lib/storage/drbd.py
index 7381c01..215a0f4 100644 (file)
--- a/lib/storage/drbd.py
+++ b/lib/storage/drbd.py
@@ -201,7 +201,9 @@ class DRBD8Dev(base.BlockDev):
     self._rhost = dyn_params[constants.DDP_REMOTE_IP]
     self._rport = unique_id[2]
     self._aminor = dyn_params[constants.DDP_LOCAL_MINOR]
-    self._secret = unique_id[5]
+    # The secret is wrapped in the Private data type, and it has to be 
extracted
+    # before use
+    self._secret = unique_id[5].Get()


     if children:
       if not _CanReadDevice(children[1].dev_path):


Thanks,
Zach Newell
[email protected]


-- Package-specific info:
Version symlinks:
  /etc/ganeti/share -> /usr/share/ganeti/2.12
  /etc/ganeti/lib -> /usr/lib/ganeti/2.12
Cluster config version: 2.12.4
Address family: IPv4
Enabled hypervisors: kvm
kvm hypervisor parameters:
  acpi=True
  boot_order=disk
  cpu_cores=0
  cpu_mask=all
  cpu_sockets=0
  cpu_threads=0
  disk_aio=threads
  disk_cache=default
  disk_type=paravirtual
  kernel_args=ro
  kvm_path=/usr/bin/kvm
  migration_bandwidth=32
  migration_downtime=30
  migration_mode=live
  migration_port=8102
  nic_type=paravirtual
  reboot_behavior=reboot
  root_path=/dev/vda1
  security_model=none
  serial_console=True
  serial_speed=38400
  spice_ip_version=0
  spice_playback_compression=True
  spice_tls_ciphers=HIGH:-DES:-3DES:-EXPORT:-ADH
  spice_use_tls=False
  spice_use_vdagent=True
  use_chroot=False
  use_localtime=False
  user_shutdown=False
  vhost_net=False
  virtio_net_queues=1
  vnc_tls=False
  vnc_x509_verify=False
  vnet_hdr=True


-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)


Kernel: Linux 3.16.0-4-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


Versions of packages ganeti depends on:
ii  adduser              3.113+nmu3
ii  ganeti-2.12          2.12.4-1+deb8u2
ii  ganeti-haskell-2.12  2.12.4-1+deb8u2
ii  ganeti-htools-2.12   2.12.4-1+deb8u2
ii  python               2.7.9-1


Versions of packages ganeti recommends:
ii  drbd-utils                   8.9.2~rc1-2
ii  ganeti-instance-debootstrap  0.15-1
ii  ndisc6                       1.0.1-1+b1
ii  qemu-kvm                     1:2.1+dfsg-12+deb8u4


Versions of packages ganeti suggests:
pn  blktap-dkms  <none>
pn  ganeti-doc   <none>
pn  molly-guard  <none>


-- Configuration Files:
/etc/default/ganeti changed [not included]


-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: ganeti
Source-Version: 2.12.4-1+deb8u3

We believe that the bug you reported is fixed in the latest version of
ganeti, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Apollon Oikonomopoulos <[email protected]> (supplier of updated ganeti package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 13 Jan 2016 11:51:48 +0200
Source: ganeti
Binary: ganeti2 ganeti ganeti-2.12 ganeti-haskell-2.12 ganeti-htools 
ganeti-htools-2.12 ganeti-doc python-ganeti-rapi
Architecture: source all amd64
Version: 2.12.4-1+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian Ganeti Team <[email protected]>
Changed-By: Apollon Oikonomopoulos <[email protected]>
Description:
 ganeti     - cluster virtualization manager
 ganeti-2.12 - cluster virtualization manager - Python components
 ganeti-doc - cluster virtualization manager - documentation
 ganeti-haskell-2.12 - cluster virtualization manager - Haskell components
 ganeti-htools - cluster virtualization manager - tools (stand-alone)
 ganeti-htools-2.12 - cluster virtualization manager - tools for Ganeti 2.12
 ganeti2    - transitional dummy package
 python-ganeti-rapi - cluster virtualization manager - RAPI client library
Closes: 810850
Changes:
 ganeti (2.12.4-1+deb8u3) jessie-security; urgency=high
 .
   * Fix gnt-instance info regression after CVE-2015-7945 (Closes: #810850)
Checksums-Sha1:
 adbe685dd2ab4d5fd589c43dd8f051d5aa0396c0 3088 ganeti_2.12.4-1+deb8u3.dsc
 2aac1a4a8791d3760f75daa73a7f519e874112e0 42996 
ganeti_2.12.4-1+deb8u3.debian.tar.xz
 a5a16ef379406c21d8cd4ec7a522a97ce65bac36 69410 ganeti2_2.12.4-1+deb8u3_all.deb
 2651b7fda268ce04780f88fbf11ddeec047b80c3 89902 ganeti_2.12.4-1+deb8u3_all.deb
 c70d5eed96fe179431d36240e9d30d507adda4c0 806684 
ganeti-2.12_2.12.4-1+deb8u3_all.deb
 8cca80826f8fdce1e9f4bdcdc77c213550f4b25f 9424410 
ganeti-haskell-2.12_2.12.4-1+deb8u3_amd64.deb
 c37c8c2f9f8f335339552ac32ea71f10d12a6d83 18964 
ganeti-htools_2.12.4-1+deb8u3_all.deb
 498dff4be7cae8adec9079399565412c7fd564a6 1574222 
ganeti-htools-2.12_2.12.4-1+deb8u3_amd64.deb
 2710bd2ea1ff1ca7325a0870b510690e09c9f1ec 917686 
ganeti-doc_2.12.4-1+deb8u3_all.deb
 db0145340e7b31c05eaa8e5d767da4bd169b25a6 31144 
python-ganeti-rapi_2.12.4-1+deb8u3_all.deb
Checksums-Sha256:
 ee7f2d3c5696524e2648f5f6c40938d644d2acd6db36e253dc83fae5e8c7fb5e 3088 
ganeti_2.12.4-1+deb8u3.dsc
 1267cabe3d88b393fc242b3b54719fab86c2c1fb1b439e1a27c862d0a6447dd9 42996 
ganeti_2.12.4-1+deb8u3.debian.tar.xz
 0b602595244f2ec6a130ef816566dcf8ac66b586f67d8984d31107bf35cc6a91 69410 
ganeti2_2.12.4-1+deb8u3_all.deb
 4580a4106361de2a8852945a1aaf93e2af89ea7bb9b4ea566d72e92f424e700a 89902 
ganeti_2.12.4-1+deb8u3_all.deb
 bdcaf6d9e869f1de7247c7b48f9ce1399edf0786658cb1f8059f70ad567c26cc 806684 
ganeti-2.12_2.12.4-1+deb8u3_all.deb
 5e536ec63e5871abe55ca0b985a9cd718859e5ffac7a762449375b231a2348ae 9424410 
ganeti-haskell-2.12_2.12.4-1+deb8u3_amd64.deb
 ec90277a86561ec08bffd29331e9960a9f291f35ec008f42f30b5bf436837d28 18964 
ganeti-htools_2.12.4-1+deb8u3_all.deb
 efae4874aa8109fa5e61ec48fbefcece58064bb33edea2b0c23904d300b447df 1574222 
ganeti-htools-2.12_2.12.4-1+deb8u3_amd64.deb
 0e717f43b73adb0dbd6ffcd4601584007230b57ce417b3fb3036c890ee01532a 917686 
ganeti-doc_2.12.4-1+deb8u3_all.deb
 229de7586b29ea4bdd78ba492dd51ff26d9673841979fae8282b2489579292e0 31144 
python-ganeti-rapi_2.12.4-1+deb8u3_all.deb
Files:
 ed1aa2dbda44b339262f257e3b8a2d5a 3088 admin extra ganeti_2.12.4-1+deb8u3.dsc
 ae2faffa789c8551d832382c7a878c75 42996 admin extra 
ganeti_2.12.4-1+deb8u3.debian.tar.xz
 f47e5060f3bb9f88b34c27208dbbaca9 69410 admin extra 
ganeti2_2.12.4-1+deb8u3_all.deb
 108c4a3039fd3515e1a9f765ffb508dd 89902 admin extra 
ganeti_2.12.4-1+deb8u3_all.deb
 6c5770093490fbf55aee866184e1e4db 806684 admin extra 
ganeti-2.12_2.12.4-1+deb8u3_all.deb
 4c225af337e1630be5697def23ea7664 9424410 admin extra 
ganeti-haskell-2.12_2.12.4-1+deb8u3_amd64.deb
 4f1e4ef82f3e3c8d788b809e87ddaeea 18964 admin extra 
ganeti-htools_2.12.4-1+deb8u3_all.deb
 da38002747d7dd1f73d4af0e291cc4f6 1574222 admin extra 
ganeti-htools-2.12_2.12.4-1+deb8u3_amd64.deb
 ae3063be095d99dc40aa5c2be8af73ab 917686 doc extra 
ganeti-doc_2.12.4-1+deb8u3_all.deb
 ee2b82691cc27b9011b4843215f10580 31144 python extra 
python-ganeti-rapi_2.12.4-1+deb8u3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWl2lDAAoJENutyevup8YOp/EP/3a/oJXeBncibgr4uG1pGq7f
Ezy2GO3GAXqMi27EkDg+XsAxugrDW3I93Xli/w5Xd1Vh1BQ6eHjJ+l8smeXZInWb
gACaRJrPydXYqFBULeols6NC2QTzD5a1mo+/z/JyF+d8kY0NJSeViqbTKPSzaehu
yowlMSgQ6v9tvjFyD13KE5RCRK9FrQGHxNRKmlNpWh/6aNn44uo6C7FHFo4HAZf+
sYM2L5GGxIlPCYjiyFAIBfPR92Oqxalj9DjlfIhv2ezRt+x1iLn7MoRTo+vNDy+d
UtAVDIb+KkFq8VjS/XFuz9CcqH65Gy7j2DypBoJAlTcHJh8qdUgrFrkZ12z7a8Gu
XA4Cs5ycHGCViqej/A/UY3Ih3AURo0bS1h53+l9gIXUUtzg1sx8EyRnq9ThlnenJ
GkdQmSzI6wDA+V9rt/8imzJtPiLW1R6mq3jBCW3+fxhqs5MMGAQkyC+2ZGUw7oek
HmrRqJzNgtbQqhLA0mmHKxIoCORzGN0u09iomBAn9agXBNPmoh5lBg8wTzJAWHlg
VGCYH8sARzd62oKqufXwMHqE8iwoE7ggQ8VBWu00f0rxR4pbDdlE/NBYg1ttsyFX
eRTEd5J/tPH8AEnjt5tJ3oZpCqdpj5T1WXJkmps8pnvNznmWINK0eicVyc4pNyR0
tC7RUu5Rh+3wGJp1UbP9
=yhAL
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to