RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1384484 - Some resource agents' metadata do not conform to the xml schema
Summary: Some resource agents' metadata do not conform to the xml schema
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: pacemaker
Version: 8.0
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: pre-dev-freeze
: ---
Assignee: Ken Gaillot
QA Contact: cluster-qe@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-13 11:38 UTC by Tomas Jelinek
Modified: 2021-10-07 14:31 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-13 21:56:43 UTC
Type: Enhancement
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Cluster Labs 5447 0 None None None 2020-10-13 21:56:32 UTC
Red Hat Bugzilla 1281463 0 low CLOSED cluster properties metadata do not specify allowed values for enum properties 2023-05-13 07:09:51 UTC
Red Hat Bugzilla 1377928 0 unspecified CLOSED Inclusion of "s" to denote seconds in power_timeout attribute causes fence_ipmilan STONITH devices to fail. 2021-02-22 00:41:40 UTC

Internal Links: 1281463 1377928

Description Tomas Jelinek 2016-10-13 11:38:43 UTC 
Description of problem:
Some resource agents' metadata do not conform to the xml schema.

It might seem the bug should have been filed againts resource agents. However, pacemaker provides metadata for lsb, systemd and service agents which do not conform either. Fence agents' metadata obtained from pacemaker do not conform either. Also various metadata defined and provided by pacemaker (stonithd, cib, cmrd, pengine) do not conform. Nagios agents metadata are the only one which are ok.

When fixing the agents / pacemaker it is very likely to find out the metadata schema needs to be updated and extended to support new features already included in metadata.

For now I filed the bug againts pacemaker. It can be cloned to other components if needed once investigated.


Version-Release number of selected component (if applicable):
pacemaker-1.1.15-10.el7
resource-agents-3.9.5-81.el7
fence-agents-all-4.0.11-27.el7


How reproducible:
always, easily


Steps to Reproduce:
Output from the validator is really long, considering the number of agents, so I only put the commands here and ommit the actual output.


For resource agents (I left out valid agents from the output):
# cd /usr/share/resource-agents
# for agent in `pcs resource list ocf: --nodesc`; do echo $agent; crm_resource --show-metadata $agent | xmllint --noout --valid --dtdvalid ra-api-1.dtd -; done

Agents with not valid metadata are:
ocf:heartbeat:portblock
ocf:openstack:nova-compute-wait
ocf:openstack:NovaEvacuate
ocf:pacemaker:remote


For lsb, service and systemd agents (most likely all agents in the given standard have the same errors):
# cd /usr/share/resource-agents
# for agent in `pcs resource list lsb: --nodesc`; do echo $agent; crm_resource --show-metadata $agent | xmllint --noout --valid --dtdvalid ra-api-1.dtd -; done
# for agent in `pcs resource list systemd: --nodesc`; do echo $agent; crm_resource --show-metadata $agent | xmllint --noout --valid --dtdvalid ra-api-1.dtd -; done
# for agent in `pcs resource list service: --nodesc`; do echo $agent; crm_resource --show-metadata $agent | xmllint --noout --valid --dtdvalid ra-api-1.dtd -; done
This shows not a single agent's metadata is valid.


For fence agents:
# cd /usr/share/resource-agents
# for agent in `pcs stonith list --nodesc`; do echo $agent; crm_resource --show-metadata stonith:$agent | xmllint --noout --valid --dtdvalid ra-api-1.dtd -; done
This shows not a single agent's metadata is valid.

Fence agents package however ships its own schema, let's try it:
# for agent in `pcs stonith list --nodesc`; do echo $agent; crm_resource --show-metadata stonith:$agent | xmllint --noout --relaxng /usr/share/cluster/relaxng/metadata.rng -; done
This again shows not a single agent's metadata is valid.
fence_apc
-:194: element action: Relax-NG validity error : Invalid attribute timeout for element action
-:195: element action: Relax-NG validity error : Invalid attribute timeout for element action
- fails to validate
{snip}
fence_xvm
-:5: element parameters: Relax-NG validity error : Did not expect element parameters there
- fails to validate

Original metadata provided by agents mostly conform, though:
# for agent in `pcs stonith list --nodesc`; do echo $agent; $agent -o metadata | xmllint --noout --relaxng /usr/share/cluster/relaxng/metadata.rng -; done
fence_apc
- validates
{snip}
fence_xvm
-:4: element parameters: Relax-NG validity error : Did not expect element parameters there
- fails to validate


Metadata defined in pacemaker:
# for agent in {cib,crmd,pengine,stonithd}; do echo $agent; /usr/libexec/pacemaker/$agent metadata | xmllint --noout --valid --dtdvalid ra-api-1.dtd -; done
This shows not a single agent's metadata is valid.


Actual results:
Metadata do not conform to the schema.


Expected results:
Metadata do conform to the schema.
Comment 1 Ken Gaillot 2016-10-13 14:17:05 UTC 
This is a reflection of the state of the OCF standard. The standard was created in 2002 and the group that originally maintained it disbanded, so software packages (including pacemaker) have added custom extensions to it over the years.

The proper solution to this issue would be for pacemaker to document its extended schema, and make the ocf:pacemaker resource agents claim adherence to that. (I wouldn't be surprised if there are also a few errors that need to be corrected, but that would the most important thing.)

There is some upstream discussion about adopting the OCF standard under the banner of ClusterLabs, and updating it. That would help this issue, but pacemaker would likely still need extensions as experimental features were trialed before being adopted in the standard, so a documented extension schema could still be worthwhile.
Comment 2 Ken Gaillot 2016-10-13 14:25:24 UTC 
Also, fence agents are not covered by the OCF resource agent standard. They follow a very similar format, but at least the ones I've looked at don't claim adherence to the DTD, and none meet the standard (fence agents support different actions than resource agents, among other differences).

The effort to update the OCF standard will likely incorporate fence agents.
Comment 3 Marek Grac 2016-10-16 16:21:25 UTC 
@Ken:

Can you take a look at our schema:

https://github.com/ClusterLabs/fence-agents/blob/master/fence/agents/lib/metadata.rng

or example at:

https://github.com/ClusterLabs/fence-agents/blob/master/tests/data/metadata/fence_apc.xml

-
I'm mostly interested on pieces that you are missing. I'm aware that there is a ton of tags that are not important for resource agents as they support cmdline interface as much as fence agents.
Comment 4 Tomas Jelinek 2016-10-17 11:51:10 UTC 
Fence agents metadata obtained from pacemaker do not conform to the schema shipped with fence agents due to extra actions added by pacemaker in the stonith_api_device_metadata function in the st_client.c file:

[root@rh72-node1:~]# crm_resource --show-metadata stonith:fence_apc > fence_apc.xml
[root@rh72-node1:~]# jing /usr/share/cluster/relaxng/metadata.rng fence_apc.xml 
/root/fence_apc.xml:194:40: error: attribute "timeout" not allowed here; expected attribute "automatic" or "on_target"
/root/fence_apc.xml:195:41: error: attribute "timeout" not allowed here; expected attribute "automatic" or "on_target"
[root@rh72-node1:~]# sed -n 190,200p fence_apc.xml 
    <action name="list"/>
    <action name="list-status"/>
    <action name="monitor"/>
    <action name="metadata"/>
    <action name="stop" timeout="20s"/>
    <action name="start" timeout="20s"/>
  </actions>
</resource-agent>
Comment 5 Ken Gaillot 2016-10-17 16:57:53 UTC 
Unless there's a pressing reason to do this sooner, I'd rather defer this until the OCF standard has been updated upstream. We can bring up these differences as part of that discussion, and address whatever is left after that effort is done.
Comment 6 Tomas Jelinek 2016-10-18 07:02:27 UTC 
As I see it this should be definitely tightly connected to the OCF standard update process which is currently ongoing upstream. There is no urgent need from pcs side.
Comment 7 Ken Gaillot 2017-01-10 21:38:08 UTC 
OCF update will not be in the 7.4 timeframe
Comment 8 Ken Gaillot 2017-07-18 15:54:55 UTC 
OCF standard update is not on the horizon at this moment, bumping again
Comment 11 Ken Gaillot 2020-10-13 21:56:43 UTC 
Sadly, the planned updates to the OCF standard have repeatedly been pushed back. An upstream bug has been filed for this issue, and this report will be closed. If the standard is updated, and developer time becomes available to work on the pacemaker side, we can reopen this.
Note You need to log in before you can comment on or make changes to this bug.