Bug 1415080

Summary: "pcs stonith create" produces an invalid cib when the device type contains a colon
Product: Red Hat Enterprise Linux 7 Reporter: Ivan Devat <idevat>
Component: pcsAssignee: Tomas Jelinek <tojeline>
Status: CLOSED ERRATA QA Contact: cluster-qe <cluster-qe>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.2CC: cfeist, cluster-maint, idevat, omular, rsteiger, tojeline
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pcs-0.9.157-1.el7 Doc Type: Bug Fix
Doc Text:
Cause: The user creates a stonith device and puts a colon in the stonith agent name. Consequence: Pcs exits with a "unable to update cib" error. Fix: Validate stonith agent name. Result: Pcs exits with an error explaining the stonith agent name is not valid.
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 18:26:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
proposed fix (partial)
none
proposed fix none

Description Ivan Devat 2017-01-20 07:56:55 UTC
Description of problem:
"pcs stonith create" allows to force the use a "device type" that is not present in a system. It produces an invalid cib when there is a colon in a "device type".


How reproducible:
always


Steps to Reproduce:
[vm-rhel72-1 ~pcs] $ pcs stonith create F fence_xvm:whatever --force

Actual results:
Warning: Agent 'fence_xvm:whatever' not found
Error: Unable to update cib
Call cib_replace failed (-203): Update does not conform to the configured schema
<cib...


Expected results:
Error: 'fence_xvm:whatever' is not a valid stonith device type

Comment 3 Ivan Devat 2017-02-01 17:05:07 UTC
Created attachment 1246746 [details]
proposed fix (partial)

The proposed fix solves the problem with the invalid cib. But the stonith resource with the agent name that contains ":" does not work - even if such agent exists. It is necessary to reject such name.

Comment 4 Tomas Jelinek 2017-03-21 17:12:34 UTC
Created attachment 1265182 [details]
proposed fix

Test:
[root@rh73-node1:~]# pcs stonith create aaa fence_xvm:test
Error: Invalid stonith agent name 'fence_xvm:test'. List of agents can be obtained by using command 'pcs stonith list'. Do not use the 'stonith:' prefix. Agent name cannot contain the ':' character.
[root@rh73-node1:~]# pcs stonith create aaa fence_xvm:test --force
Error: Invalid stonith agent name 'fence_xvm:test'. List of agents can be obtained by using command 'pcs stonith list'. Do not use the 'stonith:' prefix. Agent name cannot contain the ':' character.

Comment 5 Ivan Devat 2017-04-10 16:00:44 UTC
After Fix:

[vm-rhel72-1 ~] $ rpm -q pcs
pcs-0.9.157-1.el7.x86_64

[vm-rhel72-1 ~] $ pcs stonith create aaa fence_xvm:test
Error: Invalid stonith agent name 'fence_xvm:test'. List of agents can be obtained by using command 'pcs stonith list'. Do not use the 'stonith:' prefix. Agent name cannot contain the ':' character.
[vm-rhel72-1 ~] $ pcs stonith create aaa fence_xvm:test --force
Error: Invalid stonith agent name 'fence_xvm:test'. List of agents can be obtained by using command 'pcs stonith list'. Do not use the 'stonith:' prefix. Agent name cannot contain the ':' character.

Comment 9 errata-xmlrpc 2017-08-01 18:26:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1958