Your message dated Fri, 15 Jan 2016 10:18:15 +0000 with message-id <[email protected]> and subject line Bug#810850: fixed in ganeti 2.5.2-1+deb7u2 has caused the Debian Bug report #810850, regarding /usr/sbin/gnt-instance: gnt-instance info $instance fails with the exception "KeyError: 'secret'". to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 810850: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810850 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: ganeti Version: 2.12.4-1+deb8u2 Severity: normal File: /usr/sbin/gnt-instance After updating ganeti2 to fix CVE-2015-7945. The gnt-instance info $instance command fails when querying instances with a drbd disk template because the 'secret' key is not in the drbd_info dict. # gnt-instance info instance1 Traceback (most recent call last): File "/usr/sbin/gnt-instance", line 21, in <module> sys.exit(main.Main()) File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 1678, in Main env_override=_ENV_OVERRIDE) File "/usr/share/ganeti/2.12/ganeti/cli.py", line 2709, in GenericMain result = func(options, args) File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 1234, in ShowInstanceConfig for instance in result.values() File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 1198, in _FormatInstanceInfo for (idx, device) in enumerate(instance["disks"]) File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 1064, in _FormatBlockDevInfo l_id = _FormatDiskDetails(dev["dev_type"], dev, roman) File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 963, in _FormatDiskDetails ("auth key", str(drbd_info["secret"])), KeyError: 'secret' I tracked the error down to this line #/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py 963: ("auth key", str(drbd_info["secret"])), If you inspect drbd_info the "secret" key does not exist. I was able to have the command execute by changing the line 963 to: ("auth key", str(drbd_info.get("secret"))), Now the info shows the auth_key as None: Disk template: drbd Disks: - disk/0: drbd, size 20.0G access mode: rw nodeA: host5, minor=0 nodeB: host4, minor=1 port: 11006 auth key: None It looks like this issue was introduced by this commit: http://git.ganeti.org/?p=ganeti.git;a=commit;h=6f9ba80f8312d5607da70841f698c49000a31126 diff --git a/lib/storage/drbd.py b/lib/storage/drbd.py index 7381c01..215a0f4 100644 (file) --- a/lib/storage/drbd.py +++ b/lib/storage/drbd.py @@ -201,7 +201,9 @@ class DRBD8Dev(base.BlockDev): self._rhost = dyn_params[constants.DDP_REMOTE_IP] self._rport = unique_id[2] self._aminor = dyn_params[constants.DDP_LOCAL_MINOR] - self._secret = unique_id[5] + # The secret is wrapped in the Private data type, and it has to be extracted + # before use + self._secret = unique_id[5].Get() if children: if not _CanReadDevice(children[1].dev_path): Thanks, Zach Newell [email protected] -- Package-specific info: Version symlinks: /etc/ganeti/share -> /usr/share/ganeti/2.12 /etc/ganeti/lib -> /usr/lib/ganeti/2.12 Cluster config version: 2.12.4 Address family: IPv4 Enabled hypervisors: kvm kvm hypervisor parameters: acpi=True boot_order=disk cpu_cores=0 cpu_mask=all cpu_sockets=0 cpu_threads=0 disk_aio=threads disk_cache=default disk_type=paravirtual kernel_args=ro kvm_path=/usr/bin/kvm migration_bandwidth=32 migration_downtime=30 migration_mode=live migration_port=8102 nic_type=paravirtual reboot_behavior=reboot root_path=/dev/vda1 security_model=none serial_console=True serial_speed=38400 spice_ip_version=0 spice_playback_compression=True spice_tls_ciphers=HIGH:-DES:-3DES:-EXPORT:-ADH spice_use_tls=False spice_use_vdagent=True use_chroot=False use_localtime=False user_shutdown=False vhost_net=False virtio_net_queues=1 vnc_tls=False vnc_x509_verify=False vnet_hdr=True -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/16 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ganeti depends on: ii adduser 3.113+nmu3 ii ganeti-2.12 2.12.4-1+deb8u2 ii ganeti-haskell-2.12 2.12.4-1+deb8u2 ii ganeti-htools-2.12 2.12.4-1+deb8u2 ii python 2.7.9-1 Versions of packages ganeti recommends: ii drbd-utils 8.9.2~rc1-2 ii ganeti-instance-debootstrap 0.15-1 ii ndisc6 1.0.1-1+b1 ii qemu-kvm 1:2.1+dfsg-12+deb8u4 Versions of packages ganeti suggests: pn blktap-dkms <none> pn ganeti-doc <none> pn molly-guard <none> -- Configuration Files: /etc/default/ganeti changed [not included] -- no debconf information
--- End Message ---
--- Begin Message ---Source: ganeti Source-Version: 2.5.2-1+deb7u2 We believe that the bug you reported is fixed in the latest version of ganeti, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Apollon Oikonomopoulos <[email protected]> (supplier of updated ganeti package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 14 Jan 2016 11:27:18 +0200 Source: ganeti Binary: ganeti2 ganeti-htools Architecture: source all amd64 Version: 2.5.2-1+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Debian Ganeti Team <[email protected]> Changed-By: Apollon Oikonomopoulos <[email protected]> Description: ganeti-htools - Cluster allocation tools for Ganeti ganeti2 - Cluster-based virtualization management software Closes: 810850 Changes: ganeti (2.5.2-1+deb7u2) wheezy-security; urgency=high . * Fix gnt-instance info regression after CVE-2015-7945 (Closes: #810850) Checksums-Sha1: ba01222ca51106488f16f7ee59bae24478d8ada0 2226 ganeti_2.5.2-1+deb7u2.dsc ad273d7ecbe09cf50104bd0ee14a6a219f17a03d 12395 ganeti_2.5.2-1+deb7u2.debian.tar.gz 9741f20b352bdcdaadfc55156bd25a50de4bff5c 1391106 ganeti2_2.5.2-1+deb7u2_all.deb edebbe0ae300e9051ffb594c5709437c2bde451e 853862 ganeti-htools_2.5.2-1+deb7u2_amd64.deb Checksums-Sha256: 4bc0989a1d63aecf73d3dfaeadf34a22a08962e0e96e41f16e961e32a57c3d1b 2226 ganeti_2.5.2-1+deb7u2.dsc 7d735a215bb1aa0679ead8b32d1b462a3d59613e016b2848435d1efeda44cf56 12395 ganeti_2.5.2-1+deb7u2.debian.tar.gz 9347c337b06df30ca9338d0534cb483f8e3354ee7bd71ba0c9f051ff648e8642 1391106 ganeti2_2.5.2-1+deb7u2_all.deb f5d09ecb52406137c5cd100a2371ebea34e7db44fbdfabb3a70c84258c77518d 853862 ganeti-htools_2.5.2-1+deb7u2_amd64.deb Files: c2b9ac7f111442bb857511f1a49fb3fa 2226 admin extra ganeti_2.5.2-1+deb7u2.dsc b9953bb8502345f8b637319583a6f94e 12395 admin extra ganeti_2.5.2-1+deb7u2.debian.tar.gz e28ad03b7f7539b16138832993b0cba0 1391106 admin extra ganeti2_2.5.2-1+deb7u2_all.deb 6f516953e873a9d604d42a7de9adb990 853862 admin extra ganeti-htools_2.5.2-1+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWl2pgAAoJENutyevup8YOzW0P/3rv/WNKazqDNQSfg5S2ZgFD DqESRSGUW50Ilw0uAW53V0IU8r6ioaoDWwGp96AQoDB/kjr+eK0OWETMbTNS6a7x d0eGezOo8vwO4xGoJhlHKPiVqPH9QM5gpBwa/a3Tm0eO/Fl+bcEhoTbSgBaE4JPq 3D8qxSREiVIBgzYXixIN/MGsWl4uta/owB9QFeD6igll8ObJX21x5eZX6kk7N/Vr 3rH99Li+dN+PGelsSZc586uXVxnx9lT097zjgjiFn40qvEN3sJB1G+NBoO2aHhwy /UPsB8mSRvbfnJ8/FUXtJHhEc20mk+0d0Gug/DkVrHYUzq9UgxX/1YITqK2Mu0XZ DBaVAJswW1/yoZkgV4HNq0vAznkBtYiFVr/FCSWW48BjPPAOVggYhk12Dc1QSrKO 4l/zhNYWZLSjTWv6zHRoLVJgIRFxkNLD4AX0q7bTErOT6rjLAAZb47al8/6EKkvT 5HRIcVVqT4QtcxIzo5AhKuc92FtoGU1Tzu1x3CnUGOEuayxt9y99JW9qs9PEpmdb 3AiOfB9Wj0cmDUjBFFWPtnwY/J2ea/YHCnWJCPj8wIPG+IOuDHrKorTMDnmpxjXH xB8hPoETCj+rzTUGDwVzBREhMyxI/+iv2nSbw1tO/NA0QGAAL+5hrSk0zX9Eb2qi 23/FIoyxhpY1vJM8VPwU =q3Mn -----END PGP SIGNATURE-----
--- End Message ---
