[BUG] Requested method not exposed: minion_runner #57016
Comments
|
@idontwanttosignin @dwoz is working on a PR to address this issue. It will be a part of the Sodium release. You will have to manually patch your system if you need it before the Sodium release. |
twangboy
added
Core
|
Are you able to make these changes to your salt master(s)? |
|
@dwoz That's the change I made, fixes it on our setup at least. I didn't do that last line of adding the I just want to weigh in and say that this is super frustrating as a user. Our options are handpatching our saltmaster (and every new saltmaster we create) or running with a known severe vulnerability since a single character fix won't be published for months, and that fix will only come in a new major release? Seems like a weird bind to put users in. |
|
Can confirm that @dwoz's patch worked for us on v3000.2 and I want to echo @thusoy's sentiment that it's weird to have to wait ~6 weeks to get this fixed. For anyone looking to apply this patch on linux, you should be able to find the master.py file under /usr/lib. e.g. The following worked for me to patch the file. NB: if you're going to run this yourself, make sure you take a backup, test on a non-production system first and don't trust code from strangers on the internet. |
|
This also affects the integration with Hashicorp Vault, which can't fetch secrets anymore without the manual patch. |
|
@dwoz Yes, we had tried that (minus '_file_hash_and_stat') and I can confirm that it works. Based on the patch being released with the typo as a known issue and having a 2 month time frame to get it properly fixed upstream, we were concerned that it may be more complex and changing the expose list could negate security or stability. Since it sounds like thats not the case, I'll continue forward with the roll out and patch that change in as I go. |
|
Hi guys, I've took some time to backport the security patches since upgrading may be tricky if you are behind. I've included |
|
Can we have a release (3000.3/2019.2.5) before the Sodium release in few weeks ? |
|
Agreed with the sentiment from everyone here... this is a breaking change introduced by a security patch... I think a 3000.3 release fixing these issues should come before Sodium. This is affecting us on the |
|
These tips are gold for this kind of situation... https://salt.tips/patching-salt-modules/#self-patching |
- Fix saltstack#57016 - Fix saltstack#57027 - Add tests for exposed methods on AESFuncs and ClearFuncs - Add response validation for patched ClearFuncs.wheel - Add release notes template for 2019.2.5
- Fix saltstack#57016 - Fix saltstack#57027 - Add tests for exposed methods on AESFuncs and ClearFuncs - Add response validation for patched ClearFuncs.wheel - Add release notes template for 2019.2.5
So I'm a bit confused on the known issue for 2019.2.4. We are seeing highstate failures on several servers with the patch, changing _minion_runner to minion_runner in expose_methods seems to fix theses issues.
[ERROR ] Requested method not exposed: minion_runner
It seems like this is a know error that won't be fixed till June? This seems like a small fix to have that long of a timeline, is there more to this that I'm not seeing?
https://docs.saltstack.com/en/2019.2/topics/releases/2019.2.4.html
The text was updated successfully, but these errors were encountered: