Bug 1665404

Summary: pcs should check that values of unique resource attributes are unique
Product: Red Hat Enterprise Linux 8 Reporter: Tomas Jelinek <tojeline>
Component: pcsAssignee: Ondrej Mular <omular>
Status: CLOSED ERRATA QA Contact: cluster-qe <cluster-qe>
Severity: high Docs Contact:
Priority: high    
Version: 8.0CC: cfeist, cluster-maint, idevat, kgaillot, mlisik, mmazoure, omular, tojeline
Target Milestone: rcKeywords: FutureFeature
Target Release: 8.1Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: pcs-0.10.1-6.el8 Doc Type: Enhancement
Doc Text:
Feature: Add check for uniqueness of instance attributes (marked as unique in a resource agent metadata) of a particular resource agent across the cluster configuration. Reason: It may be possible that resources with such misconfiguration will not start up properly. Result: Pcs now checks for such misconfiguration when creating/updating resources and informs the user about it.
 Story Points: ---
Clone Of: 1389140 Environment:
Last Closed: 2019-11-05 20:39:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1682129    
Bug Blocks:    

Description Tomas Jelinek 2019-01-11 09:53:16 UTC 
+++ This bug was initially created as a clone of Bug #1389140 +++

Description of problem:
Pacemaker ip resource does not give error when two resources are created with same ipaddress. Also both the resources are started.

Version-Release number of selected component (if applicable):

resource-agents-3.9.5-54.el7_2.10.x86_64


How reproducible:

Create two IP resources with different name and with same ipaddress.

Steps to Reproduce:
1. 

Resource: app-ip (class=ocf provider=heartbeat type=IPaddr2)
   Attributes: ip=10.8.210.60 cidr_netmask=24             <----      SAME IP 
   Operations: start interval=0s timeout=20s (dom-prdvip-start-interval-0s)
               stop interval=0s timeout=20s (dom-prdvip-stop-interval-0s)
               monitor interval=10s timeout=20s (dom-prdvip-monitor-interval-10s)


Resource: db-ip (class=ocf provider=heartbeat type=IPaddr2)
   Attributes: ip=10.8.210.60 cidr_netmask=24             <-------- SAME IP
   Operations: start interval=0s timeout=20s (dom-nfsip-start-interval-0s)
               stop interval=0s timeout=20s (dom-nfsip-stop-interval-0s)
               monitor interval=10s timeout=20s (dom-nfsip-monitor-interval-10s)

2.

3.

Actual results:

Both resources show as started.
app-ip (ocf::heartbeat:IPaddr2):       Started test1.example.com
db-ip  (ocf::heartbeat:IPaddr2):       Started test1.example.com

Expected results:

It should give an error when resource is created or when the resource is started 

Additional info:

--- Additional comment from Ken Gaillot on 2018-07-10 23:04:59 CEST ---

Reassigning to pcs as it isn't practical to do this in pacemaker.

When creating a resource, pcs should read the agent's meta-data, and ensure that the specified parameters satisfy the new "unique" criteria.
Comment 1 Ondrej Mular 2019-01-14 07:29:30 UTC 
Upstream patch:
https://github.com/ClusterLabs/pcs/commit/a5028f663a7bf0142a7573afab5e045fc0f4249e
Comment 5 Ondrej Mular 2019-05-02 12:03:14 UTC 
After fix:
[root@rhel81-node1 ~]# rpm -q pcs
pcs-0.10.1-6.el8.x86_64

[root@rhel81-node1 ~]# pcs resource describe ocf:pacemaker:Dummy | grep unique
  state (unique): Location to store the resource state in.
  passwd (unique): Fake password field
  op_sleep (unique): Number of seconds to sleep during operations. This can be
  envfile (unique): If this is set, the environment will be dumped to this file
[root@rhel81-node1 ~]# pcs resource create R1 ocf:pacemaker:Dummy state=1 --no-default-ops
[root@rhel81-node1 ~]# pcs resource create R2 ocf:pacemaker:Dummy state=1 --no-default-ops
Error: Value '1' of option 'state' is not unique across 'ocf:pacemaker:Dummy' resources. Following resources are configured with the same value of the instance attribute: 'R1', use --force to override
[root@rhel81-node1 ~]# echo $?
1
[root@rhel81-node1 ~]# pcs resource create R2 ocf:pacemaker:Dummy state=1 --no-default-ops --force
Warning: Value '1' of option 'state' is not unique across 'ocf:pacemaker:Dummy' resources. Following resources are configured with the same value of the instance attribute: 'R1'
[root@rhel81-node1 ~]# echo $?
0
[root@rhel81-node1 ~]# pcs resource config R1 R2
 Resource: R1 (class=ocf provider=pacemaker type=Dummy)
  Attributes: state=1
  Operations: monitor interval=10s timeout=20s (R1-monitor-interval-10s)
 Resource: R2 (class=ocf provider=pacemaker type=Dummy)
  Attributes: state=1
  Operations: monitor interval=10s timeout=20s (R2-monitor-interval-10s)
Comment 7 Michal Mazourek 2019-07-24 13:03:41 UTC 
BEFORE FIX:
===========

[root@virt-141 ~]# rpm -q pcs
pcs-0.10.1-4.el8_0.3.x86_64

> No keyword 'unique' within resource options description 

[root@virt-141 ~]# pcs resource describe ocf:heartbeat:IPaddr2 | grep '(unique)'
[root@virt-141 ~]# echo $?
1

> Creating two IP resources with different name and same ip address

[root@virt-141 ~]# pcs resource create app-ip ocf:heartbeat:IPaddr2 ip=10.37.165.40 cidr_netmask=22
[root@virt-141 ~]# pcs resource create db-ip ocf:heartbeat:IPaddr2 ip=10.37.165.40 cidr_netmask=22
[root@virt-141 ~]# echo $?
0
[root@virt-141 ~]# pcs resource
 Clone Set: locking-clone [locking]
     Started: [ virt-141 virt-142 virt-143 ]
 app-ip	(ocf::heartbeat:IPaddr2):	Started virt-141
 db-ip	(ocf::heartbeat:IPaddr2):	Started virt-142

> It is possible to set non-unique value across instances of same resource

AFTER FIX:
==========

[root@virt-045 ~]# rpm -q pcs
pcs-0.10.2-3.el8.x86_64

[root@virt-045 ~]# pcs resource describe ocf:heartbeat:IPaddr2 | grep '(unique)'
  ip (required) (unique): The IPv4 (dotted quad notation) or IPv6 address (colon

[root@virt-045 ~]# pcs resource create app-ip ocf:heartbeat:IPaddr2 ip=10.37.165.40 cidr_netmask=22
[root@virt-045 ~]# pcs resource create db-ip ocf:heartbeat:IPaddr2 ip=10.37.165.40 cidr_netmask=22
Error: Value '10.37.165.40' of option 'ip' is not unique across 'ocf:heartbeat:IPaddr2' resources. Following resources are configured with the same value of the instance attribute: 'app-ip', use --force to override
[root@virt-045 ~]# echo $?
1
[root@virt-045 ~]# pcs resource
 Clone Set: locking-clone [locking]
     Started: [ virt-045 virt-046 virt-049 ]
 app-ip	(ocf::heartbeat:IPaddr2):	Started virt-045

> Cannot set value which is not unique across resource instances

[root@virt-045 ~]# pcs resource create db-ip ocf:heartbeat:IPaddr2 ip=10.37.165.40 cidr_netmask=22 --force
Warning: Value '10.37.165.40' of option 'ip' is not unique across 'ocf:heartbeat:IPaddr2' resources. Following resources are configured with the same value of the instance attribute: 'app-ip'
[root@virt-045 ~]# echo $?
0
[root@virt-045 ~]# pcs resource
 Clone Set: locking-clone [locking]
     Started: [ virt-045 virt-046 virt-049 ]
 app-ip	(ocf::heartbeat:IPaddr2):	Started virt-045
 db-ip	(ocf::heartbeat:IPaddr2):	Started virt-046

> Option --force works

[root@virt-045 ~]# pcs resource delete db-ip
Attempting to stop: db-ip... Stopped
[root@virt-045 ~]# pcs resource create db-ip ocf:heartbeat:IPaddr2 ip=10.37.165.41 cidr_netmask=22
[root@virt-045 ~]# pcs resource update db-ip ip=10.37.165.40
Error: Value '10.37.165.40' of option 'ip' is not unique across 'ocf:heartbeat:IPaddr2' resources. Following resources are configured with the same value of the instance attribute: 'app-ip', use --force to override

> Trying to set value which is not unique across resource instances through update is not possible as well

[root@virt-045 ~]# pcs resource describe ocf:pacemaker:Dummy | grep '(unique)'
  state (unique): Location to store the resource state in.
  passwd (unique): Fake password field
  op_sleep (unique): Number of seconds to sleep during operations. This can be
  envfile (unique): If this is set, the environment will be dumped to this file

> The same procedure were tested with all of the unique resource options of Dummy (state, passwd, op_sleep, envfile)

Marking as VERIFIED in pcs-0.10.2-3.el8
Comment 9 errata-xmlrpc 2019-11-05 20:39:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:3311