Bug 1552666
| Summary: | clufter does not filter out some corosync qdevice options (votes,tls) when it generates 'pcs quorum device add...' command | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Miroslav Lisik <mlisik> |
| Component: | clufter | Assignee: | Tomas Jelinek <tojeline> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | cluster-qe <cluster-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.5 | CC: | cfeist, tojeline |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-05-15 09:11:45 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Thanks for the report. Tomáš pointed out that "tls" in particular is enabled by default ([bug 1476862 comment 5]) and ability to disable it is planned. Fixed in upstream and going to hit planned v0.77.1: https://pagure.io/clufter/c/b1abb872edbf373d5d49c275cf4ea0cc7e2194fb?branch=next To test, add for instance "tls: required" under quorum.device.net.tls
section in corosync.conf, then rerun that "clufter pcs2pcscmd" and
observe:
- no 'tls=required" within any of the resulting pcs commands
- on stderr:
> [needleqdevicexml2pcscmd] xslt: WARNING: non-default
> `quorum.device.net.tls` value `required`
> specified, but current pcs not capable
> to set it
re [comment 3]: actually, forgot to reference this bug, hence the new valid "next" commit https://pagure.io/clufter/c/28a954072365dff33d2498bdd2bb115b7aa82350?branch=next Fixed in clufter-0.77.1-1.el7
# clufter pcs2pcscmd --silent --noguidance --quiet --text-width=-1
#!/usr/bin/sh
# sequence generated on 2020-05-15 11:08:26 with: clufter 0.77.1
# invoked as: ['/usr/bin/clufter', 'pcs2pcscmd', '--silent', '--noguidance', '--quiet', '--text-width=-1']
# targeting system: ('linux', 'redhat', '7.8', 'Maipo')
# using interpreter: CPython 2.7.5
pcs cluster auth virt-005 virt-006 <> /dev/tty
pcs cluster setup --name HAcluster virt-005 virt-006 --transport udpu
pcs cluster start --all --wait=60
pcs quorum device add model net algorithm=ffsplit host=virt-007
...{snipped}
# cat /etc/corosync/corosync.conf
totem {
version: 2
cluster_name: HAcluster
secauth: off
transport: udpu
}
nodelist {
node {
ring0_addr: virt-005
nodeid: 1
}
node {
ring0_addr: virt-006
nodeid: 2
}
}
quorum {
provider: corosync_votequorum
device {
model: net
votes: 1
net {
algorithm: ffsplit
host: virt-007
tls: on
}
}
}
logging {
to_logfile: yes
logfile: /var/log/cluster/corosync.log
to_syslog: yes
}
|
Description of problem: If there are options in corosync.conf that pcs does not allow to set, clufter does not filter it out and adds it to generated 'pcs quorum device...' command. Version-Release number of selected component (if applicable): clufter-cli-0.77.0-2.el7 How reproducible: always Steps to Reproduce: 1. Create cluster with configured quorum device. # pcs cluster auth virt-005 virt-006 # pcs cluster setup --name HAcluster virt-005 virt-006 --enable --start # pcs quorum device add model net algorithm=ffsplit host=virt-007 NOTE: Arbitrator node 'virt-007' should be configured with command: # pcs qdevice setup model net --enable --start 2. Add option 'tls: on' to the corosync.conf [root@virt-005 c]# cat /etc/corosync/corosync.conf totem { version: 2 cluster_name: HAcluster secauth: off transport: udpu } nodelist { node { ring0_addr: virt-005 nodeid: 1 } node { ring0_addr: virt-006 nodeid: 2 } } quorum { provider: corosync_votequorum device { model: net votes: 1 net { algorithm: ffsplit host: virt-007 tls: on } } } logging { to_logfile: yes logfile: /var/log/cluster/corosync.log to_syslog: yes } 3. Generete pcs command using clufter: [root@virt-005 c]# clufter pcs2pcscmd --silent --noguidance --quiet --text-width=-1 #!/usr/bin/sh # sequence generated on 2018-03-07 06:41:54 with: clufter 0.77.0 # invoked as: ['/usr/bin/clufter', 'pcs2pcscmd', '--silent', '--noguidance', '--quiet', '--text-width=-1'] # targeting system: ('linux', 'redhat', '7.5', 'Maipo') # using interpreter: CPython 2.7.5 pcs cluster auth virt-005 virt-006 <> /dev/tty pcs cluster setup --name HAcluster virt-005 virt-006 --transport udpu pcs cluster start --all --wait=60 pcs quorum device add votes=1 model net algorithm=ffsplit host=virt-007 tls=on pcs cluster cib tmp-cib.xml cp tmp-cib.xml tmp-cib.xml.deltasrc pcs cluster cib-push tmp-cib.xml diff-against=tmp-cib.xml.deltasrc 4. Remove quorum device from cluster and try generated command [root@virt-005 c]# pcs quorum device remove Disabling corosync-qdevice... virt-006: corosync-qdevice disabled virt-005: corosync-qdevice disabled Stopping corosync-qdevice... virt-005: corosync-qdevice stopped virt-006: corosync-qdevice stopped Removing qdevice certificates from nodes... virt-005: Succeeded virt-006: Succeeded Sending updated corosync.conf to nodes... virt-005: Succeeded virt-006: Succeeded Corosync configuration reloaded [root@virt-005 c]# pcs quorum device add votes=1 model net algorithm=ffsplit host=virt-007 tls=on Error: invalid quorum device model option 'tls', allowed options are: algorithm, connect_timeout, force_ip_version, host, port, tie_breaker, use --force to override Error: invalid quorum device option 'votes', allowed options are: sync_timeout, timeout, use --force to override Actual results: Clufter does not filter out forbidden options when it generates 'pcs quorum...' command. Expected results: Clufter filters out forbidden options when it generates 'pcs quorum...' command. Also, clufter could add --force option, but it looks like less appropriate solution.