Cinder

CONF.ssh_hosts_key_file was referenced before it was retrieved

Bug #1398488 reported by Xing Yang
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
High
Jay Bryant
Cinder 2015.1.0 "kilo"
Juno
Fix Released
High
Jay Bryant
Cinder 2014.2.1

Bug Description

As part of the following fix, CONF.ssh_hosts_key_file was used before it was retrieved from cinder.conf in Brocade's lookup service. As a result, line 69 (known_hosts_file = CONF.ssh_hosts_key_file
) in the following file threw an exception when create_ssh_client() was called:

https://review.openstack.org/#/c/134600/1/cinder/zonemanager/drivers/brocade/brcd_fc_san_lookup_service.py

Adding the following import at the beginning of brcd_fc_san_lookup_service.py will fix the problem because the SSH options are registered in ssh_utils.py.

from cinder import ssh_utils

Since ssh_utils is not directly referenced, it will probably break the hacking rule if we import it as above.

Revision history for this message
Xing Yang (xing-yang) wrote :

Fixed the project. Should be Cinder.

affects: openstack-manuals → cinder
Jay Bryant (jsbryant)
Changed in cinder:
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Jay Bryant (jsbryant) wrote :

Ok, I just took a quick look at this and we shouldn't have let the change through this way.

There are two ways to handle this ... add a brocade_ssh_hosts_key_file in this file. That is easy but hacky and bad for backport to stable/Juno.

Other option is we move this to using ssh_util for creating SSH connections. Honestly, I am not sure why it isn't already doing that. So, let me see what it would take to do that.

Revision history for this message
Jay Bryant (jsbryant) wrote :

It is going to take a little work to get this working using ssh_utils. I think the first thing to do is to revert ab4f57212683baec45d5b682bdd3952ff58249ed since it has broken the Brocade driver. I will continue working on fixing this.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/138526

Changed in cinder:
assignee: nobody → Jay Bryant (jsbryant)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/138526
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=57103807c5e7fad7276f97ac82f8704f17f4b846
Submitter: Jenkins
Branch: master

commit 57103807c5e7fad7276f97ac82f8704f17f4b846
Author: Jay S. Bryant <email address hidden>
Date: Tue Dec 2 14:35:06 2014 -0600

    Revert "Fix Brocade FC SAN lookup MITM vulnerability"

    This reverts commit ab4f57212683baec45d5b682bdd3952ff58249ed.

    The change is being reverted as it broke the Brocade FC SAN lookup
    functionality. The change uses configuration options from
    ssh_utils that are not initialized when the Brocade driver is
    run causing an exception to be thrown complaining that
    CONF.ssh_hosts_key_file is used before it is initialized.

    The right solution is to change the Brocade driver to use ssh_utils to
    make SSH connections.

    Conflicts:

     cinder/zonemanager/drivers/brocade/brcd_fc_san_lookup_service.py

    Change-Id: I7814c3da9c0e6fcf3143969e74304a48cafcb3d1
    Closes-bug: 1398488

Changed in cinder:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/139194

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (stable/juno)

Reviewed: https://review.openstack.org/139194
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=498fe7e1c1f056da3cf147e79acd22c19111dbeb
Submitter: Jenkins
Branch: stable/juno

commit 498fe7e1c1f056da3cf147e79acd22c19111dbeb
Author: Jay S. Bryant <email address hidden>
Date: Tue Dec 2 14:35:06 2014 -0600

    Revert "Fix Brocade FC SAN lookup MITM vulnerability"

    This reverts commit ab4f57212683baec45d5b682bdd3952ff58249ed.

    The change is being reverted as it broke the Brocade FC SAN lookup
    functionality. The change uses configuration options from
    ssh_utils that are not initialized when the Brocade driver is
    run causing an exception to be thrown complaining that
    CONF.ssh_hosts_key_file is used before it is initialized.

    The right solution is to change the Brocade driver to use ssh_utils to
    make SSH connections.

    Conflicts:

     cinder/zonemanager/drivers/brocade/brcd_fc_san_lookup_service.py

    Change-Id: I7814c3da9c0e6fcf3143969e74304a48cafcb3d1
    Closes-bug: 1398488
    (cherry-picked from commit 57103807c5e7fad7276f97ac82f8704f17f4b846)

Thierry Carrez (ttx)
Changed in cinder:
milestone: none → kilo-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in cinder:
milestone: kilo-1 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.