Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 831725

Summary: Cleanup ALLOW_NEGOTIATOR* params
Product: Red Hat Enterprise MRG Reporter: Robert Rati <rrati>
Component: condor-wallaby-base-dbAssignee: Robert Rati <rrati>
Status: CLOSED ERRATA QA Contact: Lubos Trilety <ltrilety>
Severity: unspecified Docs Contact:
Priority: low    
Version: 2.0CC: jthomas, ltoscano, ltrilety, matt, wmealing
Target Milestone: 2.3   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: condor-wallaby-base-db-1.24-1 Doc Type: Bug Fix
Doc Text:
Cause: The ALLOW_NEGOTIATOR_* values set on features in the Remote Configuration default database did not contain IP_ADDRESS Consequence: Some pools configured with Remote Configuration would need additional changes to be functional Fix: ALLOW_NEGOTIATOR_* param values now contain IP_ADDRESS Result: The issue does not occur
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-06 18:44:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Rati 2012-06-13 16:11:48 UTC 
Description of problem:
The ALLOW_NEGOTIATOR* values on features need to be cleaned up.  Need to remove mention of FLOCKING and add $(IP_ADDRESS).  Possibly other changes needed.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Robert Rati 2012-09-28 19:30:32 UTC 
Removed references to FLOCKING* from values on features with ALLOW_NEGOTIATOR*.  Also added $(IP_ADDRESS).

Fixed upstream on:
BZ831725-cleanup-ALLOW_NEGOTIATOR
Comment 4 Lubos Trilety 2012-12-18 10:37:27 UTC 
tested with:
condor-wallaby-base-db-1.25-1

tested on:
RHEL6 i386,x86_64
RHEL5 i386,x86_64

- !ruby/object:Mrg::Grid::SerializedConfigs::Feature
  annotation: A non-functional base for the scheduler.  This needs further configuration and is not meant to be used by itself
  conflicts: []

  depends:
  - Master
  - NodeAccess
  included:
  - BaseJobExecuter
  name: BaseScheduler
  params:
...
    ALLOW_NEGOTIATOR_SCHEDD: $(ALLOW_NEGOTIATOR_SCHEDD), $(CONDOR_HOST), $(IP_ADDRESS)

- !ruby/object:Mrg::Grid::SerializedConfigs::Feature
  annotation: Enables running jobs
  conflicts: []

  depends:
  - Master
  included:
  - BaseJobExecuter
  name: ExecuteNode
  params:
...
    ALLOW_NEGOTIATOR: $(ALLOW_NEGOTIATOR), $(CONDOR_HOST), $(IP_ADDRESS)

- !ruby/object:Mrg::Grid::SerializedConfigs::Feature
  annotation: Enables high availability for the central manager
  conflicts: []

  depends: []

  included:
  - CentralManager
  name: HACentralManager
  params:
...
    ALLOW_NEGOTIATOR_SCHEDD: $(IP_ADDRESS), $(COLLECTOR_HOST)
    ALLOW_NEGOTIATOR: $(ALLOW_NEGOTIATOR), $(COLLECTOR_HOST), $(IP_ADDRESS)

- !ruby/object:Mrg::Grid::SerializedConfigs::Feature
  annotation: Enables negotiator functionality
  conflicts: []

  depends:
  - Master
  - NodeAccess
  included: []

  name: Negotiator
  params:
...
    ALLOW_NEGOTIATOR: $(ALLOW_NEGOTIATOR), $(CONDOR_HOST), $(IP_ADDRESS)


No FLOCKING* in base db, all ALLOW_NEGOTIATOR in all features has IP_ADDRESS.

>>> verified
Comment 5 Lubos Trilety 2012-12-18 13:26:03 UTC 
back to modified

I noticed that in the Doc text, some issue is mentioned. I just checked that described changes are made in base db, but probably it should be better to check that the issue does not occur any more. Could you please provide more specific scenario for testing the issue? Some pool configuration which led to the issue in previous version.
Comment 6 Robert Rati 2012-12-18 13:46:24 UTC 
Removal of FLOCKING mention was cosmetic.  We don't support flocking so it shouldn't be mentioned in params.

IP_ADDRESS issue was a change needed from upstream modifications.  Should be verifiable by setting up a personal condor and running jobs.
Comment 7 Lubos Trilety 2012-12-19 12:18:05 UTC 
(In reply to comment #6)
> Removal of FLOCKING mention was cosmetic.  We don't support flocking so it
> shouldn't be mentioned in params.
> 

Well then probably there should not be these in wallaby base db:

- !ruby/object:Mrg::Grid::SerializedConfigs::Feature
  annotation: Enables collector functionality
  conflicts: []

  depends:
  - Master
  - NodeAccess
  included: []

  name: Collector
  params:
...
    FLOCK_COLLECTOR_HOSTS: $(FLOCK_TO)

- !ruby/object:Mrg::Grid::SerializedConfigs::Feature
  annotation: Enables negotiator functionality
  conflicts: []

  depends:
  - Master
  - NodeAccess
  included: []

  name: Negotiator
  params:
...
    FLOCK_NEGOTIATOR_HOSTS: $(FLOCK_TO)

- !ruby/object:Mrg::Grid::SerializedConfigs::Parameter
  annotation: ""
  conflicts: []

  default_val: ""
  depends: []

  description: A list of collectors for pools that the scheduler attempt to use to run jobs
  kind: String
  level: 0
  must_change: true
  name: FLOCK_COLLECTOR_HOSTS
  needs_restart: false

- !ruby/object:Mrg::Grid::SerializedConfigs::Parameter
  annotation: ""
  conflicts: []

  default_val: ""
  depends: []

  description: A list of negotiator for pools that the scheduler attempt to use to run jobs
  kind: String
  level: 0
  must_change: true
  name: FLOCK_NEGOTIATOR_HOSTS
  needs_restart: false


> IP_ADDRESS issue was a change needed from upstream modifications.  Should be
> verifiable by setting up a personal condor and running jobs.

Successfully reproduced with version:
condor-wallaby-base-db-1.23-1

$ cat SchedLog
...
12/19/12 07:09:26 (pid:18351) Adding to resolved authorization table: unauthenticated@unmapped/IP: DENY_NEGOTIATOR
12/19/12 07:09:26 (pid:18351) PERMISSION DENIED to unauthenticated@unmapped from host IP for command 416 (NEGOTIATE), access level NEGOTIATOR: reason: NEGOTIATOR authorization policy contains no matching ALLOW entry for 
this request; identifiers used for this host: IP,hostname
...



Verified with version:
condor-wallaby-base-db-1.25-1

tested on:
RHEL6 i386,x86_64
RHEL5 i386,x86_64

no permission denied in SchedLog, jobs are running
Comment 8 Robert Rati 2012-12-19 13:00:10 UTC 
Yes, but those weren't functionally impacting like the ALLOW_* params were.  Should probably log a BZ to remove all such params.
Comment 9 Lubos Trilety 2012-12-19 15:28:16 UTC 
tested with:
condor-wallaby-base-db-1.25-1

tested on:
RHEL6 i386,x86_64
RHEL5 i386,x86_64

All occurrences of ALLOW_NEGOTIATOR* don't have any FLOCK* parameter as value. For removing all other FLOCK* parameters a new Bug 888829 was created.

>>> verified
Comment 13 errata-xmlrpc 2013-03-06 18:44:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0564.html