Bug 1292605

Summary: (RHEL6) hook script for CTDB should not change Samba config
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Michael Adam <madam>
Component: sambaAssignee: Michael Adam <madam>
Status: CLOSED ERRATA QA Contact: surabhi <sbhaloth>
Severity: medium Docs Contact:
Priority: medium    
Version: rhgs-3.1CC: hgowtham, nlevinki, rcyriac, rhs-bugs, rjoseph, rtalur, sankarshan, sbhaloth
Target Milestone: ---Keywords: Triaged, ZStream
Target Release: RHGS 3.1.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glusterfs-3.7.5-13 Doc Type: Bug Fix
Doc Text:
Cause: S29CTDB hook scripts modify Samba's global configuration and restart Samba when the ctdb lock volume is started or stopped. Specifically 'clustering = yes' and 'idmap backend = tdb2' are added and removed. Consequence: This can have undesired effects. Manual changes to the smb.conf file may get overwritten. It is not reliably possible to use a custom idmap configuration. More seriously, a samba installation is either clustered or not cluster. If this changes, data access may be lost, and data corruption can happen. Fix: Stop the S29CTDB hook scripts from changing Samba configuration and restarting Samba. Result: Manual changes to the global section of smb.conf are safe, and data corruption is prevented.
 Story Points: ---
Clone Of: 1292254
: 1292751 (view as bug list) Environment:
Last Closed: 2016-03-01 06:04:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1290151, 1292254    
Bug Blocks: 1292751    

Description Michael Adam 2015-12-17 22:04:46 UTC 
+++ This bug was initially created as a clone of Bug #1292254 +++

+++ This bug was initially created as a clone of Bug #1290151 +++

There are several reasons why the behaviour in
the hook scripts was bad:

1. A samba installation is clustered or non-clustered.
   That does not change because of the availability
   of the CTDB lock-volume. If the lock-volume is not
   available (and hence CTDB is not available or not
   healthy), then Samba won't be operational. But turning
   it into a non-clustered Samba-installation can in
   the worst case lead to data corruption if clients
   manage to access the same files (on share volumes).
   Hence 'clustering = yes/no' in Samba's config should
   not be touched.

   In particular, Samba should not be stopped/started by
   the hook script. If needed, then ctdb will take care
   of it.

2. Changing the idmap configuration is potentially
   dangerous as well. In particular the used tdb2
   backend is legacy nowadays and should not be used
   any more in new installs. (I stems from the times
   when ctdb could not host persistent databases.)
   Changing the idmap can result in loss of access
   to files or in giving access to files where it is
   not intended.

3. The pattern used for detecting need for change is
   fragile. It may or may not play well possible
   manual changes to smb.conf.

Hence the hook scripts should be changed not to do this.

--- Additional comment from Vijay Bellur on 2015-12-09 13:37:26 EST ---

REVIEW: http://review.gluster.org/12930 (hook-scripts: don't let ctdb script change samba config) posted (#1) for review on master by Michael Adam (obnox)

--- Additional comment from Vijay Bellur on 2015-12-10 01:11:42 EST ---

REVIEW: http://review.gluster.org/12930 (hook-scripts: don't let ctdb script change samba config) posted (#2) for review on master by Michael Adam (obnox)

--- Additional comment from Vijay Bellur on 2015-12-10 04:31:06 EST ---

REVIEW: http://review.gluster.org/12930 (hook-scripts: don't let ctdb script change samba config) posted (#3) for review on master by Michael Adam (obnox)

--- Additional comment from Vijay Bellur on 2015-12-16 14:13:45 EST ---

COMMIT: http://review.gluster.org/12930 committed in master by Raghavendra Talur (rtalur) 
------
commit 27c16d6da82876a689dfba53b8d45c3a3a657954
Author: Michael Adam <obnox>
Date:   Wed Dec 9 18:57:59 2015 +0100

    hook-scripts: don't let ctdb script change samba config
    
    There are several reasons why the behaviour in
    the hook scripts was bad:
    
    1. A samba installation is clustered or non-clustered.
       That does not change because of the availability
       of the CTDB lock-volume. If the lock-volume is not
       available (and hence CTDB is not available or not
       healthy), then Samba won't be operational. But turning
       it into a non-clustered Samba-installation can in
       the worst case lead to data corruption if clients
       manage to access the same files (on share volumes).
       Hence 'clustering = yes/no' in Samba's config should
       not be touched.
    
       In particular, Samba should not be stopped/started by
       the hook script. If needed, then ctdb will take care
       of it.
    
    2. Changing the idmap configuration is potentially
       dangerous as well. In particular the used tdb2
       backend is legacy nowadays and should not be used
       any more in new installs. (I stems from the times
       when ctdb could not host persistent databases.)
       Changing the idmap can result in loss of access
       to files or in giving access to files where it is
       not intended.
    
    3. The pattern used for detecting need for change is
       fragile. It may or may not play well possible
       manual changes to smb.conf.
    
    This change removes the parts that change the smb.conf
    file and start or stop Samba from the S29CTDB* hook scripts.
    
    Change-Id: I72f7aabafa8f089da4531fca2572a72c22825bcc
    BUG: 1290151
    Signed-off-by: Michael Adam <obnox>
    Reviewed-on: http://review.gluster.org/12930
    Tested-by: Gluster Build System <jenkins.com>
    Reviewed-by: Raghavendra Talur <rtalur>

--- Additional comment from Vijay Bellur on 2015-12-16 15:36:24 EST ---

REVIEW: http://review.gluster.org/12986 (hook-scripts: don't let ctdb script change samba config) posted (#1) for review on release-3.7 by Michael Adam (obnox)
Comment 3 rjoseph 2015-12-19 05:36:19 UTC 
Upstream master: http://review.gluster.org/12930
Upstream release-3.7: http://review.gluster.org/12986
Downstream: https://code.engineering.redhat.com/gerrit/#/c/64210/
Comment 5 surabhi 2015-12-29 11:11:43 UTC 
Please add the fixed in Version.
Comment 6 surabhi 2015-12-29 11:40:37 UTC 
Verified the BZ on RHEL6 with following build :
glusterfs-3.7.5-13.el7rhgs.x86_64
samba-4.2.4-12.el7rhgs.x86_64


Following steps are executed:

1.Create a ctdb lock volume as per admin guide instructions
2.Update the S29CTDBSetup and S29teardown hook scripts to add the ctdb volume name in meta=all.
3.started the ctdb volume
4.Verified the mount point /gluster/lock
5.Verified the entries in smb.conf , there should not be any entry created by ctdb volume start(via hook script): the clustering=yes, idmap-backend entry is not added to smb.conf via hook script.
6. Also verified after adding the clustering=yes in smb.conf and stopping ctdb volume does not remove the entry from smb.conf.
7.Started ctdb services , ctdb starts successfully and starts smb service.
8. Again stopped and started the ctdb volume , the smbd service is not restarted.

Marking the BZ verified.
Comment 7 surabhi 2015-12-29 12:01:08 UTC 
Corrected the build versions :
glusterfs-3.7.5-13.el6rhs.x86_64
samba-4.2.4-12.el6rhs.x86_64
Comment 9 errata-xmlrpc 2016-03-01 06:04:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0193.html