Bug 1720221
| Summary: | [RFE] Add support for corosync option totem.block_unlisted_ips | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Tomas Jelinek <tojeline> | ||||
| Component: | pcs | Assignee: | kmalyjur | ||||
| Status: | CLOSED ERRATA | QA Contact: | cluster-qe <cluster-qe> | ||||
| Severity: | low | Docs Contact: | Steven J. Levine <slevine> | ||||
| Priority: | low | ||||||
| Version: | 8.1 | CC: | cfeist, cluster-maint, idevat, mlisik, mmazoure, nhostako, omular, slevine, tojeline | ||||
| Target Milestone: | rc | Keywords: | FutureFeature, Reopened, Triaged | ||||
| Target Release: | 8.5 | Flags: | pm-rhel:
mirror+
|
||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | pcs-0.10.8-2.el8 | Doc Type: | Enhancement | ||||
| Doc Text: |
Feature:
Add support for corosync option totem.block_unlisted_ips.
Reason:
User cannot set the totem.block_unlisted_ips option via pcs.
Result:
It is possible to set totem.block_unlisted_ips via pcs in commands `pcs cluster config update` and `pcs cluster setup`.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2021-11-09 17:33:12 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Tomas Jelinek
2019-06-13 12:28:46 UTC
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened. Created attachment 1780644 [details]
proposed fix
test:
(pcs) a83-1 ~ $ pcs cluster config | grep block_unlisted_ips
block_unlisted_ips: yes
(pcs) a83-1 ~ $ pcs cluster config update totem block_unlisted_ips=no
Sending updated corosync.conf to nodes...
a83-1: Succeeded
...
(pcs) a83-1 ~ $ pcs cluster config | grep block_unlisted_ips
block_unlisted_ips: no
Option block_unlisted_ips is possible to use with commands `pcs cluster setup` and `pcs cluster config update`.
Test: [root@r8-node-01 ~]# rpm -q pcs pcs-0.10.8-2.el8.x86_64 [root@r8-node-01 ~]# pcs cluster config | grep block_unlisted_ips [root@r8-node-01 ~]# pcs cluster config update totem block_unlisted_ips=1 Error: '1' is not a valid block_unlisted_ips value, use 'no', 'yes' Error: Errors have occurred, therefore pcs is unable to continue [root@r8-node-01 ~]# pcs cluster config update totem block_unlisted_ips=yes Sending updated corosync.conf to nodes... r8-node-03: Succeeded r8-node-01: Succeeded r8-node-02: Succeeded r8-node-01: Corosync configuration reloaded [root@r8-node-01 ~]# pcs cluster config | grep block_unlisted_ips block_unlisted_ips: yes BEFORE: ======= [root@virt-525 ~]# rpm -q pcs corosync pcs-0.10.8-1.el8.x86_64 corosync-3.1.0-5.el8.x86_64 [root@virt-525 ~]# pcs cluster config update totem block_unlisted_ips=yes Error: invalid totem option 'block_unlisted_ips', allowed options are: 'consensus', 'downcheck', 'fail_recv_const', 'heartbeat_failures_allowed', 'hold', 'join', 'max_messages', 'max_network_delay', 'merge', 'miss_count_const', 'send_join', 'seqno_unchanged_const', 'token', 'token_coefficient', 'token_retransmit', 'token_retransmits_before_loss_const', 'window_size' Error: Errors have occurred, therefore pcs is unable to continue > not supported yet AFTER: ====== [root@virt-249 ~]# rpm -q pcs corosync pcs-0.10.8-2.el8.x86_64 corosync-3.1.0-5.el8.x86_64 [root@virt-249 ~]# pcs cluster config update --help Usage: pcs cluster config update... config update [transport <transport options>] [compression <compression options>] [crypto <crypto options>] [totem <totem options>] [--corosync_conf <path>] Update cluster configuration. If --corosync_conf is specified, update cluster configuration in file specified by <path>. All options are documented in corosync.conf(5) man page. There are different transport options for transport types. Compression and crypto options are only available for knet transport. Totem options can be set regardless of the transport type. Transport options for knet transport are: ip_version, knet_pmtud_interval, link_mode Transport options for udp and updu transports are: ip_version, netmtu Compression options are: level, model, threshold Crypto options are: cipher, hash, model Totem options are: block_unlisted_ips, consensus, downcheck, fail_recv_const, heartbeat_failures_allowed, hold, join, max_messages, max_network_delay, merge, miss_count_const, send_join, seqno_unchanged_const, token, token_coefficient, token_retransmit, token_retransmits_before_loss_const, window_size > OK: 'block_unlisted_ips option' is present in help output for pcs cluster config, as well as in man pcs ## Checking the value before updating it [root@virt-249 ~]# pcs cluster config | grep block_unlisted_ips [root@virt-249 ~]# echo $? 1 [root@virt-249 ~]# cat /etc/corosync/corosync.conf | grep block_unlisted_ips [root@virt-249 ~]# echo $? 1 [root@virt-249 ~]# corosync-cmapctl | grep block_unlisted_ips runtime.config.totem.block_unlisted_ips (u32) = 1 > OK: The option is not present in corosync.conf, but is in runtime configuration with default value 1 ## Updating and checking the value [root@virt-249 ~]# man corosync.conf | grep block_unlisted_ips -A 2 block_unlisted_ips Allow UDPU and KNET to drop packets from IP addresses that are not known (nodes which don't exist in the nodelist) to corosync. Value is yes or no. > Valid values are yes/no, according to corosync.conf man page [root@virt-249 ~]# pcs cluster config update totem block_unlisted_ips=yes Sending updated corosync.conf to nodes... virt-249: Succeeded virt-250: Succeeded virt-249: Corosync configuration reloaded [root@virt-249 ~]# echo $? 0 [root@virt-249 ~]# pcs cluster config | grep block_unlisted_ips -B 1 Totem Options: block_unlisted_ips: yes [root@virt-249 ~]# cat /etc/corosync/corosync.conf | grep block_unlisted_ips -B 6 totem { version: 2 cluster_name: STSRHTS13666 transport: knet crypto_cipher: aes256 crypto_hash: sha256 block_unlisted_ips: yes > OK: the option is present in the config [root@virt-249 ~]# corosync-cmapctl | grep block_unlisted_ips runtime.config.totem.block_unlisted_ips (u32) = 1 totem.block_unlisted_ips (str) = yes > OK: 'yes' value is translated to 1 for 'runtime.config.totem.block_unlisted_ips' ## Switching and checking the value [root@virt-249 ~]# pcs cluster config update totem block_unlisted_ips=no Sending updated corosync.conf to nodes... virt-249: Succeeded virt-250: Succeeded virt-249: Corosync configuration reloaded [root@virt-249 ~]# echo $? 0 [root@virt-249 ~]# pcs cluster config | grep block_unlisted_ips -B 1 Totem Options: block_unlisted_ips: no [root@virt-249 ~]# cat /etc/corosync/corosync.conf | grep block_unlisted_ips -B 6 totem { version: 2 cluster_name: STSRHTS13666 transport: knet crypto_cipher: aes256 crypto_hash: sha256 block_unlisted_ips: no > OK: the option switched the value correctly in the config [root@virt-249 ~]# corosync-cmapctl | grep block_unlisted_ips runtime.config.totem.block_unlisted_ips (u32) = 0 totem.block_unlisted_ips (str) = no > OK: 'no' value in the option switched the 'runtime.config.totem.block_unlisted_ips' to 0 ## Changing the option in stopped cluster [root@virt-249 ~]# pcs cluster stop --all virt-249: Stopping Cluster (pacemaker)... virt-250: Stopping Cluster (pacemaker)... virt-249: Stopping Cluster (corosync)... virt-250: Stopping Cluster (corosync)... [root@virt-249 ~]# pcs cluster config | grep block_unlisted_ips -B 1 Totem Options: block_unlisted_ips: no [root@virt-249 ~]# pcs cluster config update totem block_unlisted_ips=yes Sending updated corosync.conf to nodes... virt-249: Succeeded virt-250: Succeeded Warning: virt-249: Corosync is not running, therefore reload of the corosync configuration is not possible Warning: virt-250: Corosync is not running, therefore reload of the corosync configuration is not possible [root@virt-249 ~]# pcs cluster config | grep block_unlisted_ips -B 1 Totem Options: block_unlisted_ips: yes [root@virt-249 ~]# cat /etc/corosync/corosync.conf | grep block_unlisted_ips -B 6 totem { version: 2 cluster_name: STSRHTS13666 transport: knet crypto_cipher: aes256 crypto_hash: sha256 block_unlisted_ips: yes [root@virt-249 ~]# corosync-cmapctl | grep block_unlisted_ips Failed to initialize the cmap API. Error CS_ERR_LIBRARY [root@virt-249 ~]# pcs cluster start --all virt-250: Starting Cluster... virt-249: Starting Cluster... [root@virt-249 ~]# corosync-cmapctl | grep block_unlisted_ips runtime.config.totem.block_unlisted_ips (u32) = 1 totem.block_unlisted_ips (str) = yes > OK ## Checking the option from other node [root@virt-250 ~]# pcs cluster config | grep block_unlisted_ips -B 1 Totem Options: block_unlisted_ips: yes [root@virt-250 ~]# corosync-cmapctl | grep block_unlisted_ips runtime.config.totem.block_unlisted_ips (u32) = 1 totem.block_unlisted_ips (str) = yes > OK ## Checking that possibility of changing other totem options preserved [root@virt-249 ~]# pcs cluster config update totem consensus=3000 downcheck=1200 fail_recv_const=3000 heartbeat_failures_allowed=1 hold=200 join=80 max_messages=15 max_network_delay=70 merge=150 miss_count_const=0 send_join=1 seqno_unchanged_const=20 token=3000 token_coefficient=800 token_retransmit=250 token_retransmits_before_loss_const=5 window_size=25 Sending updated corosync.conf to nodes... virt-249: Succeeded virt-250: Succeeded virt-249: Corosync configuration reloaded [root@virt-249 ~]# pcs cluster config Cluster Name: STSRHTS13666 Transport: knet Nodes: virt-249: Link 0 address: virt-249 nodeid: 1 virt-250: Link 0 address: virt-250 nodeid: 2 Crypto Options: cipher: aes256 hash: sha256 Totem Options: block_unlisted_ips: yes consensus: 3000 downcheck: 1200 fail_recv_const: 3000 heartbeat_failures_allowed: 1 hold: 200 join: 80 max_messages: 15 max_network_delay: 70 merge: 150 miss_count_const: 0 send_join: 1 seqno_unchanged_const: 20 token: 3000 token_coefficient: 800 token_retransmit: 250 token_retransmits_before_loss_const: 5 window_size: 25 > OK ## Changing the 'block_unlisted_ips' option to default [root@virt-249 ~]# pcs cluster config update totem block_unlisted_ips= Sending updated corosync.conf to nodes... virt-249: Succeeded virt-250: Succeeded virt-249: Corosync configuration reloaded [root@virt-249 ~]# pcs cluster config | grep block_unlisted_ips -B 1 [root@virt-249 ~]# echo $? 1 [root@virt-249 ~]# cat /etc/corosync/corosync.conf | grep block_unlisted_ips [root@virt-249 ~]# echo $? 1 [root@virt-249 ~]# corosync-cmapctl | grep block_unlisted_ips runtime.config.totem.block_unlisted_ips (u32) = 1 > OK ## Setting the 'block_unlisted_ips' option in cluster setup [root@virt-249 ~]# pcs cluster destroy --all virt-250: Stopping Cluster (pacemaker)... virt-249: Stopping Cluster (pacemaker)... virt-249: Successfully destroyed cluster virt-250: Successfully destroyed cluster [root@virt-249 ~]# pcs cluster setup hacluster virt-2{49,50} totem block_unlisted_ips=no --start --wait {..setup output..} virt-249: Cluster started virt-250: Cluster started [root@virt-249 ~]# pcs cluster config | grep block_unlisted_ips -B 1 Totem Options: block_unlisted_ips: no [root@virt-249 ~]# cat /etc/corosync/corosync.conf | grep block_unlisted_ips block_unlisted_ips: no [root@virt-249 ~]# corosync-cmapctl | grep block_unlisted_ips runtime.config.totem.block_unlisted_ips (u32) = 0 totem.block_unlisted_ips (str) = no > OK ## Invalid inputs # wrong values [root@virt-249 ~]# pcs cluster config update totem block_unlisted_ips=1 Error: '1' is not a valid block_unlisted_ips value, use 'no', 'yes' Error: Errors have occurred, therefore pcs is unable to continue [root@virt-249 ~]# echo $? 1 > OK [root@virt-249 ~]# pcs cluster config update totem block_unlisted_ips=false Error: 'false' is not a valid block_unlisted_ips value, use 'no', 'yes' Error: Errors have occurred, therefore pcs is unable to continue [root@virt-249 ~]# echo $? 1 > OK # Non-ASCII character [root@virt-249 ~]# pcs cluster config update totem block_unlisted_ips=ř Error: 'ř' is not a valid block_unlisted_ips value, use 'no', 'yes' Error: Errors have occurred, therefore pcs is unable to continue [root@virt-249 ~]# echo $? 1 > OK # omitting key word [root@virt-249 ~]# pcs cluster config update block_unlisted_ips=no Usage: pcs cluster config update... {..usage output..} [root@virt-249 ~]# echo $? 1 > OK # wrong key words [root@virt-249 ~]# pcs cluster config update transport block_unlisted_ips=no Error: invalid knet transport option 'block_unlisted_ips', allowed options are: 'ip_version', 'knet_pmtud_interval', 'link_mode' Error: Errors have occurred, therefore pcs is unable to continue [root@virt-249 ~]# echo $? 1 [root@virt-249 ~]# pcs cluster config update crypto block_unlisted_ips=no Error: invalid crypto option 'block_unlisted_ips', allowed options are: 'cipher', 'hash', 'model' Error: Errors have occurred, therefore pcs is unable to continue [root@virt-249 ~]# echo $? 1 [root@virt-249 ~]# pcs cluster config update compression block_unlisted_ips=no Error: invalid compression option 'block_unlisted_ips', allowed options are: 'level', 'model', 'threshold' Error: Errors have occurred, therefore pcs is unable to continue [root@virt-249 ~]# echo $? 1 > OK # wrong value in setup [root@virt-249 ~]# pcs cluster setup hacluster virt-2{49,50} totem block_unlisted_ips=1 --start --wait No addresses specified for host 'virt-249', using 'virt-249' No addresses specified for host 'virt-250', using 'virt-250' Error: '1' is not a valid block_unlisted_ips value, use 'no', 'yes' Error: Errors have occurred, therefore pcs is unable to continue [root@virt-249 ~]# echo $? 1 > OK # wrong key word in setup [root@virt-249 ~]# pcs cluster setup hacluster virt-2{49,50} transport knet crypto block_unlisted_ips=no --start --wait No addresses specified for host 'virt-249', using 'virt-249' No addresses specified for host 'virt-250', using 'virt-250' Error: invalid crypto option 'block_unlisted_ips', allowed options are: 'cipher', 'hash', 'model' Error: Errors have occurred, therefore pcs is unable to continue [root@virt-249 ~]# echo $? 1 > OK ## Functional check of the option itself - tested in bz1153818 comment 21 Marking as VERIFIED for pcs-0.10.8-2.el8 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Low: pcs security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:4142 |