Bug 2019836

Summary: pcs should validate resource/stonith agents metadata upon reading
Product: Red Hat Enterprise Linux 9 Reporter: Tomas Jelinek <tojeline>
Component: pcsAssignee: Tomas Jelinek <tojeline>
Status: CLOSED ERRATA QA Contact: cluster-qe <cluster-qe>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 9.0CC: cluster-maint, cluster-qe, idevat, mlisik, mpospisi, nhostako, omular, tojeline
Target Milestone: rcKeywords: Reopened, Triaged
Target Release: 9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pcs-0.11.1-7.el9 Doc Type: Enhancement
Doc Text:
Feature: Pcs now validates resource and stonith agent metadata XML against OCF schemas. Reason: Provide better error messages when metadata do not match the schema. Result: If metadata provided by an agent do not match OCF schema, pcs provides a descriptive error message pointing to a line not complying with the schema.
 Story Points: ---
Clone Of: 1384485 Environment:
Last Closed: 2022-05-17 12:19:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1384485, 2018969    

Description Tomas Jelinek 2021-11-03 12:51:46 UTC 
+++ This bug was initially created as a clone of Bug #1384485 +++

Pcs should validate resource, fence and fake pacemaker (stonithd, cib, crmd, pengine) agents' metadata upon reading. This is currently not possible as the metadata do not conform to the schema - see bz1384484.

--- Additional comment from Tomas Jelinek on 2021-10-07 16:31:23 CEST ---

We will use a custom RNG shipped with pcs to validate OCF 1.0 agents to work around bz1384484.
Comment 1 Tomas Jelinek 2021-11-03 14:16:56 UTC 
Upstream patch: https://github.com/ClusterLabs/pcs/commit/5eb51289926d5e1e68092db5d1d177fddc31a766
It's the same patch as for bz2018969

Test:
Pcs returns an error when a resource / stonith agent provides metadata not matching to OCF 1.0 / 1.1 schemas shipped with pcs. These schemas are a bit relaxed comparing to official OCF schemas, their purpose is to make sure metadata are parsable by pcs.
Comment 3 Miroslav Lisik 2021-11-19 07:58:16 UTC 
DevTestResults:

[root@r90-node-01 ~]# rpm -q pcs
pcs-0.11.1-5.el9.x86_64

Edit metadata for Dummy resource agent
'/usr/lib/ocf/resource.d/pacemaker/Dummy' in way which is not compliant with
'/usr/lib64/pcs/data/ocf-1.0.rng' or '/usr/lib64/pcs/data/ocf-1.1.rng'

Changed value of reloadable atrribute of parameter named 'passwd' from
reloadable="1" to reloadable="true".

[root@r90-node-01 ~]# crm_resource --show-metadata=ocf:pacemaker:Dummy | xmllint --xpath "//parameter[@name='passwd']/@reloadable" -
 reloadable="true"

Try to create a Dummy resource:

[root@r90-node-01 ~]# pcs resource create d-01 ocf:pacemaker:Dummy
Error: Agent 'ocf:pacemaker:Dummy' is not installed or does not provide valid metadata: Invalid attribute reloadable for element parameter, line 23, use --force to override
Error: Errors have occurred, therefore pcs is unable to continue
[root@r90-node-01 ~]# echo $?
1
Comment 7 Ondrej Mular 2021-12-08 13:09:59 UTC 
additional patch:
https://github.com/ClusterLabs/pcs/commit/888d3e9a4902a8b75894bc5ff0863fbf45383f1c
Comment 9 Miroslav Lisik 2021-12-16 16:22:36 UTC 
DevTestResults:

[root@r90-node-01 ~]# rpm -q pcs
pcs-0.11.1-7.el9.x86_64

[root@r90-node-01 ~]# pcs resource create not_installed ocf:pacemaker:not_installed --disabled --force
Warning: Agent 'ocf:pacemaker:not_installed' is not installed or does not provide valid metadata: crm_resource: Metadata query for ocf:pacemaker:not_installed failed: No such device or address, Error performing operation: No such object
[root@r90-node-01 ~]# pcs resource config
 Resource: not_installed (class=ocf provider=pacemaker type=not_installed)
  Meta Attrs: target-role=Stopped
  Operations: monitor interval=60s (not_installed-monitor-interval-60s)


[root@r90-node-01 ~]# pcs resource update not_installed a=b --force
Warning: Agent 'ocf:pacemaker:not_installed' is not installed or does not provide valid metadata: crm_resource: Metadata query for ocf:pacemaker:not_installed failed: No such device or address, Error performing operation: No such object
[root@r90-node-01 ~]# pcs resource config
 Resource: not_installed (class=ocf provider=pacemaker type=not_installed)
  Attributes: a=b
  Meta Attrs: target-role=Stopped
  Operations: monitor interval=60s (not_installed-monitor-interval-60s)

Resource is updated.
Comment 12 errata-xmlrpc 2022-05-17 12:19:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: pcs), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2290