7020998: Pacemaker remote: RuntimeError: Neutron instance ‘default’ for nova not found

This document (7020998) is provided subject to the disclaimer at the end of this document.

Environment


SUSE OpenStack Cloud 6

Situation

Within /var/log/chef/client.log:

[2017-06-19T14:50:31+02:00] ERROR: Running exception handlers
[2017-06-19T14:50:31+02:00] ERROR: Report handler Chef::Handler::ErrorReport raised #<Encoding::UndefinedConversionError: "x86" from ASCII-8BIT to UTF-8>
...
[2017-06-19T14:50:31+02:00] ERROR: RuntimeError: Neutron instance 'default' for nova not found 

Within the output of “crm_mon -1” you see:

FAILED remote-d0c-c4-7a-d2-88-ea


Resolution

Rebooting controller nodes, start pacemaker when it is not starting automatically, then reboot pacemaker remote nodes.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

Patient death from hacked medical devices plausible, says top Kaspersky security researcher

“Pacemaker systems do not rely on the same technologies that we hear about in the news in every day, and as a result are not susceptible to attacks like SQL injection. “To put it in perspective, the risks of things like getting in a car crash are something people accept every day and are much, much more …

Related:

Hack to Kill: Could Cyber-warfare Get Much Worse?

Up until now, hacking and cybercrime have mainly involved either stealing money or stealing data. Hackers working independently tend to be interested in financial rewards. Nation-states tend to be more interested in corporate and political espionage (though North Korea has allegedly been hacking banks). Now, however, worrying signs are emerging that hacking could take a turn for the worse – with experts warning that terrorists or rogue states could begin to use cyber-warfare to kill people.

Get a VPN Service Today!

A VPN is the best digital privacy tool on the market

Unblock any website with a VPN today

Early in November, reports emerged that cybercriminals can hack pacemakers in order to make them behave erratically – or even stop altogether. The problem is being highlighted currently, though it has been understood for some time within the cybersecurity industry.

In 2013, the former US Vice President, Dick Cheney, had the WiFi functions on his pacemaker disabled. His doctor had warned him that the feature could possibly be exploited to carry out an assassination attempt. Meanwhile, in August, the US Food and Drugs Administration suddenly ordered a voluntary recall of six different kinds of cardiac pacemakers.

Those devices are implanted in 465,000 citizens, meaning that cybercriminals could, in theory, kill half a million people by orchestrating an attack on their owners. It is not yet known how many people are heeding the FDA’s recommendation and going to have their devices fixed.

Thankfully, the devices don’t need removing; they simply need to be flashed with updated firmware. As such, anybody who has (or knows anybody who has) an Abbot pacemaker (sold under the St Jude Medical brand) is strongly advised to go to their doctor for the security patch.

Medical Devices

It is not just pacemakers, either. Late in October, Barnaby Jack, a security researcher at McAfee, made a speech at a hacking conference in Miami. In his presentation, Jack explained that he had discovered a method for hacking insulin pumps. Using the attack, hackers could deliver lethal doses of the peptide hormone to diabetic patients:

“With this device I created and the software I created, I could actually instruct the pump to perform all manner of commands. I could make it dispense its entire reservoir of insulin, which is about 300 units. I just scan for any devices in the vicinity and they will respond with the serial number of the device.”

Fortunately, the attack discovered by the McAfee researcher can only be carried out from within a 300-foot range, meaning that a hacker wouldn’t be able to remotely attack a large number of people. However, these medical device hacks all help to highlight the problems emerging within the developing implant industry.

As implant technology improves further, manufacturers and policymakers will need to think hard about the possible downsides of remote connectivity. This point is often raised by Liz McIntyre at CAMCAT, who feels strongly that policymakers must stay one step ahead of the implications attached to implant technologies.

Much Larger Death Toll

Hacking medical devices, or medical institutions, is an obvious way that cybercriminals could cause a loss of life. However, cybersecurity researchers are warning that there are other methods that could result in much larger numbers of citizens being killed.

The latest warning comes from a security researcher at New York University. Justin Cappos believes that any car designed since 2005 could theoretically be attacked by cybercriminals.

The attack, which the researcher believes isn’t currently ever investigated by the authorities, could cause a life-threatening crash. In fact, Cappos says that the vulnerability could already have been exploited in the wild without anyone even realizing. Cappos claims that the cyberattack should be treated as a severe threat to national security:

“If there was a war or escalation with a country with strong cybercapability, I would be very afraid of hacking of vehicles.

“Many of our enemies are nuclear powers but any nation with the ability to launch a cyberstrike could kill millions of civilians by hacking cars. It’s daunting.”

The attack works by allowing cybercriminals to remotely stop brakes from working and turn off power steering. Cappos has an issued a strong warning to senators and government ministers around the world, explaining that security updates need to be issued and taken by drivers in order to fix the issue. If this advice isn’t taken, Cappos fears that we might see the emergence of these kinds of attacks.

According to his research, it’s even possible that a coordinated attack on multiple cars, in many locations, all at one time could result in the death of millions of drivers:

“Once you are in the network you are able to communicate with any device so you could send a message to engage the brakes.”

Already Exploited?

This isn’t the first time that this sort of research has emerged. In 2015, cybersecurity researchers Chris Valasek and Charlie Miller discovered that they could hack a 2014 Jeep Cherokee via its Uconnect infotainment system.

The hackers managed to remotely disable the brakes, turn up the radio’s volume, turn on the windshield wipers, tamper with the transmission, and even perform surveillance on the car. The research led Fiat Chrysler Automobiles to recall 1.4 million vehicles (11 models were affected in total).

Furthermore, Wikileaks documents leaked in March revealed that the CIA has known how to cause crashes by hacking cars for some time. According to those damning leaks, the cyberattack is almost undetectable and could have already been used to carry out “nearly undetectable assassinations.”

Title image credit: Akhenaton Images/Shutterstock.com

Image credits: Picsfive/Shutterstock.com, Gubin Yury/Shutterstock.com, IB Photography/Shutterstock.com

Related:

7017620: SUSE OpenStack Cloud 6.0 NoMethodError: undefined method `[]’ for nil:NilClass after removing a node from cluster.

This document (7017620) is provided subject to the disclaimer at the end of this document.

Environment

SUSE OpenStack Cloud 6

Situation

After removing a node via crowbar from a pacemaker cluster, chef client throws following error :

NoMethodError: undefined method `[]’ for nil:NilClass

/var/chef/cache/cookbooks/utils/libraries/helpers.rb:48:in `get_host_for_public_url’

Resolution

Remove obsolete roles manually executing the following commands on the Cloud 6 admin node :

1. Get full node name for the node removed:

knife node list

2. Get role name for the node from role list:

knife node show <full node name>

3. Obtain the node role from the output, for example

crowbar-<mac address_cloud6_example_com

4. Remove obsolete roles from “run_list”:

knife role edit <role> 

 "chef_type": "role",
 "run_list": [
...
 "role[glance-server]",
...

Which roles need to be removed depend on the cluster type.

For example ‘Pacemaker’ roles would be already removed, but e.g. for controller there could also be e.g. cinder, glance, nova which need to be removed manually.

Cause

Crowbar only removes the pacemaker role while not simultaneously removing all of the other openstack roles.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related: