Bug 1292605 - (RHEL6) hook script for CTDB should not change Samba config
Summary: (RHEL6) hook script for CTDB should not change Samba config
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: samba
Version: rhgs-3.1
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: RHGS 3.1.2
Assignee: Michael Adam
QA Contact: surabhi
URL:
Whiteboard:
Depends On: 1290151 1292254
Blocks: 1292751
TreeView+ depends on / blocked
 
Reported: 2015-12-17 22:04 UTC by Michael Adam
Modified: 2016-03-01 06:04 UTC (History)
8 users (show)

Fixed In Version: glusterfs-3.7.5-13
Doc Type: Bug Fix
Doc Text:
Cause: S29CTDB hook scripts modify Samba's global configuration and restart Samba when the ctdb lock volume is started or stopped. Specifically 'clustering = yes' and 'idmap backend = tdb2' are added and removed. Consequence: This can have undesired effects. Manual changes to the smb.conf file may get overwritten. It is not reliably possible to use a custom idmap configuration. More seriously, a samba installation is either clustered or not cluster. If this changes, data access may be lost, and data corruption can happen. Fix: Stop the S29CTDB hook scripts from changing Samba configuration and restarting Samba. Result: Manual changes to the global section of smb.conf are safe, and data corruption is prevented.
Clone Of: 1292254
: 1292751 (view as bug list)
Environment:
Last Closed: 2016-03-01 06:04:21 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0193 0 normal SHIPPED_LIVE Red Hat Gluster Storage 3.1 update 2 2016-03-01 10:20:36 UTC

Description Michael Adam 2015-12-17 22:04:46 UTC 
+++ This bug was initially created as a clone of Bug #1292254 +++

+++ This bug was initially created as a clone of Bug #1290151 +++

There are several reasons why the behaviour in
the hook scripts was bad:

1. A samba installation is clustered or non-clustered.
   That does not change because of the availability
   of the CTDB lock-volume. If the lock-volume is not
   available (and hence CTDB is not available or not
   healthy), then Samba won't be operational. But turning
   it into a non-clustered Samba-installation can in
   the worst case lead to data corruption if clients
   manage to access the same files (on share volumes).
   Hence 'clustering = yes/no' in Samba's config should
   not be touched.

   In particular, Samba should not be stopped/started by
   the hook script. If needed, then ctdb will take care
   of it.

2. Changing the idmap configuration is potentially
   dangerous as well. In particular the used tdb2
   backend is legacy nowadays and should not be used
   any more in new installs. (I stems from the times
   when ctdb could not host persistent databases.)
   Changing the idmap can result in loss of access
   to files or in giving access to files where it is
   not intended.

3. The pattern used for detecting need for change is
   fragile. It may or may not play well possible
   manual changes to smb.conf.

Hence the hook scripts should be changed not to do this.

--- Additional comment from Vijay Bellur on 2015-12-09 13:37:26 EST ---

REVIEW: http://review.gluster.org/12930 (hook-scripts: don't let ctdb script change samba config) posted (#1) for review on master by Michael Adam (obnox)

--- Additional comment from Vijay Bellur on 2015-12-10 01:11:42 EST ---

REVIEW: http://review.gluster.org/12930 (hook-scripts: don't let ctdb script change samba config) posted (#2) for review on master by Michael Adam (obnox)

--- Additional comment from Vijay Bellur on 2015-12-10 04:31:06 EST ---

REVIEW: http://review.gluster.org/12930 (hook-scripts: don't let ctdb script change samba config) posted (#3) for review on master by Michael Adam (obnox)

--- Additional comment from Vijay Bellur on 2015-12-16 14:13:45 EST ---

COMMIT: http://review.gluster.org/12930 committed in master by Raghavendra Talur (rtalur) 
------
commit 27c16d6da82876a689dfba53b8d45c3a3a657954
Author: Michael Adam <obnox>
Date:   Wed Dec 9 18:57:59 2015 +0100

    hook-scripts: don't let ctdb script change samba config
    
    There are several reasons why the behaviour in
    the hook scripts was bad:
    
    1. A samba installation is clustered or non-clustered.
       That does not change because of the availability
       of the CTDB lock-volume. If the lock-volume is not
       available (and hence CTDB is not available or not
       healthy), then Samba won't be operational. But turning
       it into a non-clustered Samba-installation can in
       the worst case lead to data corruption if clients
       manage to access the same files (on share volumes).
       Hence 'clustering = yes/no' in Samba's config should
       not be touched.
    
       In particular, Samba should not be stopped/started by
       the hook script. If needed, then ctdb will take care
       of it.
    
    2. Changing the idmap configuration is potentially
       dangerous as well. In particular the used tdb2
       backend is legacy nowadays and should not be used
       any more in new installs. (I stems from the times
       when ctdb could not host persistent databases.)
       Changing the idmap can result in loss of access
       to files or in giving access to files where it is
       not intended.
    
    3. The pattern used for detecting need for change is
       fragile. It may or may not play well possible
       manual changes to smb.conf.
    
    This change removes the parts that change the smb.conf
    file and start or stop Samba from the S29CTDB* hook scripts.
    
    Change-Id: I72f7aabafa8f089da4531fca2572a72c22825bcc
    BUG: 1290151
    Signed-off-by: Michael Adam <obnox>
    Reviewed-on: http://review.gluster.org/12930
    Tested-by: Gluster Build System <jenkins.com>
    Reviewed-by: Raghavendra Talur <rtalur>

--- Additional comment from Vijay Bellur on 2015-12-16 15:36:24 EST ---

REVIEW: http://review.gluster.org/12986 (hook-scripts: don't let ctdb script change samba config) posted (#1) for review on release-3.7 by Michael Adam (obnox)
Comment 3 rjoseph 2015-12-19 05:36:19 UTC 
Upstream master: http://review.gluster.org/12930
Upstream release-3.7: http://review.gluster.org/12986
Downstream: https://code.engineering.redhat.com/gerrit/#/c/64210/
Comment 5 surabhi 2015-12-29 11:11:43 UTC 
Please add the fixed in Version.
Comment 6 surabhi 2015-12-29 11:40:37 UTC 
Verified the BZ on RHEL6 with following build :
glusterfs-3.7.5-13.el7rhgs.x86_64
samba-4.2.4-12.el7rhgs.x86_64


Following steps are executed:

1.Create a ctdb lock volume as per admin guide instructions
2.Update the S29CTDBSetup and S29teardown hook scripts to add the ctdb volume name in meta=all.
3.started the ctdb volume
4.Verified the mount point /gluster/lock
5.Verified the entries in smb.conf , there should not be any entry created by ctdb volume start(via hook script): the clustering=yes, idmap-backend entry is not added to smb.conf via hook script.
6. Also verified after adding the clustering=yes in smb.conf and stopping ctdb volume does not remove the entry from smb.conf.
7.Started ctdb services , ctdb starts successfully and starts smb service.
8. Again stopped and started the ctdb volume , the smbd service is not restarted.

Marking the BZ verified.
Comment 7 surabhi 2015-12-29 12:01:08 UTC 
Corrected the build versions :
glusterfs-3.7.5-13.el6rhs.x86_64
samba-4.2.4-12.el6rhs.x86_64
Comment 9 errata-xmlrpc 2016-03-01 06:04:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0193.html
Note You need to log in before you can comment on or make changes to this bug.