Created attachment 1267321 [details] logs and screenshots Description of problem: The save button is greyed out I think the save button is greyed out because of the hawkular that when editing the provider requires validation Version-Release number of selected component (if applicable): cfme-5.8.0.7-1.el7cf.x86_64 tested on both cfme podify and a vm How reproducible: 100% Steps to Reproduce: 1. add a container provider using 'ssl with no validation' 2. navigate to compute -> containers -> providers 3. select the provider -> edit provider 4. try to change the provider's name Actual results: we cannot edit the provider. an alert is shown for the hawkular Expected results: we should have be able to edit the provider Additional info: screenshot + logs Also, we cannot validate the hawkular when trying.
I can reproduce. AFAICT dafna-pods-master.qa.lab.tlv.redhat.com has no hawkular. - When initially creating a provider, Hawkular tab is initialized "valid" so you can [Save] without touching Hawkular fields. Hovere a hawkular endpoint will be created anyway in DB! This was by design, and not entirely pointless — we're trying to autodetect hawkular hostname from `hawkular-metrics` route. However now it has lower chances of success, as the it's created with the secure default of "SSL". (*) - Whatever the reason, from SSL to not having hawkular at all, it gets a bad authentication status. - When editing a provider, the Default and Hawkular tab's statuses are initalized from the last authentication status. If Hawkular endpoint never worked, it will be "invalid" and you can't [Save]. Dafna, can you test if same happens in 5.7 too with this openshift? (*) This leads to a similar scenario with my provider that does have hawkular but won't work in "SSL" mode — on edit Hawkular endpoint is invalid, however that reflects a real issue, you *can* edit Hawkular to "custom CA" or "no validation", [Validate] successfully and [Save]. This scenario is fine, except for hawkular autodetection being less useful (but it's unclear that we'd ever want to auto-detect an insecure config)
sure. I tested and the same happens in cfme-5.7.2.0-1.el7cf.x86_64.
Based on the above input I'm not sure this is a regression. This might be a situation that we never tested (openshift with out hawkular) Why is this a test blocker?
Ok turns out this is a problem that is coming up often, mostly in dev/qa scenarios. Here is a description of the current behavior and a suggestion for a fix: Current status: If the hawkular endpoint is empty on addition, an endpoint based on the hawkular route in openshift (5.8) or the openshift matser hostname (5.7) will be added. If there is no such route, an empty endpoint will be added - that causes the bug described here. The reason we could do validation in 5.7 was the assumed endpoint was the openshift master so validation against it would succeed - even if there is no hawkular. minimalist fix(one line?): if there is no hawkular route, fallback to the 5.7 behaviour. Possible bigger fix: Barak suggested to add a toggle of the endpoint, allowing to disable it. This is done in other providers. will add screenshots. [1] https://github.com/ManageIQ/manageiq-ui-classic/pull/37/files
Created attachment 1270219 [details] vmware with events
Created attachment 1270220 [details] vmware no events
Self assigned per discussion with Barak and Beni. I've submitted the minimalist fix: https://github.com/ManageIQ/manageiq-ui-classic/pull/974 Federico do we want to track disabling of the endpoint(comment 5) or is this fix enough for us?
(In reply to Mooli Tayer from comment #8) > Federico do we want to track disabling of the endpoint(comment 5) or is this > fix enough for us? What I don't like of the current PR is that it's not deterministic enough on addition of the provider (users don't really know what's going on). It's not really the fault of the PR though, it's just bad history. Also, setting the metrics endpoint to the master when there is no metrics route is going to create errors now (connection refused, etc.). I think that to make this usable enough we should have: 1. Have a button to specifically enable/disable the metrics endpoint 2. Do not allow an empty endpoint if the metrics is enabled 3. Have a button to automatically detect the endpoint (once clicked it will fill in the endpoint in the UI for the user) Special care from QE will be needed to see what happens when there is no metrics endpoint defined (no errors anywhere, etc.).
Hi Dafna, could you provide the output of: # open console $ cd /var/www/miq/vmdb/ $ source /etc/default/evm $ bin/rails c > ap ExtManagementSystem.last.connection_configurations # The last command will work if this is the only/last provider, please change if needed This will help make sure my fix is doing what it should
Federico, Loic: There seem to be two options for defaults here and implementation is very different. So help figure out what we need: 1. by default, if the user does not go to the hawkular tab and adds provider, the hawkular endpoint will be disabled. 2. by default, the hawkular tab will be marked as non valid and the user will have to select it and either fill hawkular or disable it to add the new provider
see comment 14
Clarify: In the first option the hawkular selection will be disabled by default. in the second the selection will be enabled
(In reply to Mooli Tayer from comment #13) > Hi Dafna, could you provide the output of: > > # open console > $ cd /var/www/miq/vmdb/ > $ source /etc/default/evm > $ bin/rails c > > > ap ExtManagementSystem.last.connection_configurations > > # The last command will work if this is the only/last provider, please > change if needed > > This will help make sure my fix is doing what it should Not sure what you mean on the last command but it simply opens rails console: [root@dhcp-8-196-157 vmdb]# bin/rails c Loading production environment (Rails 5.0.2) irb(main):001:0>
Yes in the console please type: puts ExtManagementSystem.last.connection_configurations
irb(main):001:0> puts ExtManagementSystem.last.connection_configurations PostgreSQLAdapter#log_after_checkout, connection_pool: size: 5, connections: 1, in use: 1, waiting_in_queue: 0 #<OpenStruct default=#<OpenStruct endpoint=#<Endpoint id: 3, role: "default", ipaddress: nil, hostname: "dafna-pods-master.qa.lab.tlv.redhat.com", port: 8443, resource_type: "ExtManagementSystem", resource_id: 2, created_at: "2017-04-26 11:49:55", updated_at: "2017-04-26 11:49:55", verify_ssl: 0, url: nil, security_protocol: "ssl-without-validation", api_version: nil, path: nil, certificate_authority: nil>, authentication=#<AuthToken id: 3, name: "ManageIQ::Providers::Openshift::ContainerManager d...", authtype: "bearer", userid: nil, password: nil, resource_id: 2, resource_type: "ExtManagementSystem", created_on: "2017-04-26 11:49:55", updated_on: "2017-04-26 12:10:06", last_valid_on: "2017-04-26 12:10:06", last_invalid_on: nil, credentials_changed_on: "2017-04-26 11:49:55", status: "Valid", status_details: "Ok", type: "AuthToken", auth_key: "v2:{D3CXqSKTEaeq1WKpRm0+WVxMynLkCLI+5Jm3+O3EPEOoe8...", fingerprint: nil, service_account: nil, challenge: nil, login: nil, public_key: nil, htpassd_users: [], ldap_id: [], ldap_email: [], ldap_name: [], ldap_preferred_user_name: [], ldap_bind_dn: nil, ldap_insecure: nil, ldap_url: nil, request_header_challenge_url: nil, request_header_login_url: nil, request_header_headers: [], request_header_preferred_username_headers: [], request_header_name_headers: [], request_header_email_headers: [], open_id_sub_claim: nil, open_id_user_info: nil, open_id_authorization_endpoint: nil, open_id_token_endpoint: nil, open_id_extra_scopes: [], open_id_extra_authorize_parameters: nil, certificate_authority: nil, google_hosted_domain: nil, github_organizations: [], rhsm_sku: nil, rhsm_pool_id: nil, rhsm_server: nil, manager_ref: nil, options: nil>>, hawkular=#<OpenStruct endpoint=#<Endpoint id: 4, role: "hawkular", ipaddress: nil, hostname: nil, port: 443, resource_type: "ExtManagementSystem", resource_id: 2, created_at: "2017-04-26 11:49:55", updated_at: "2017-04-26 11:49:55", verify_ssl: 1, url: nil, security_protocol: "ssl-with-validation", api_version: nil, path: nil, certificate_authority: nil>, authentication=#<AuthToken id: 4, name: "ManageIQ::Providers::Openshift::ContainerManager d...", authtype: "hawkular", userid: nil, password: nil, resource_id: 2, resource_type: "ExtManagementSystem", created_on: "2017-04-26 11:49:55", updated_on: "2017-04-26 12:10:06", last_valid_on: nil, last_invalid_on: "2017-04-26 12:10:06", credentials_changed_on: "2017-04-26 11:49:55", status: "Error", status_details: "Failed to open TCP connection to dafna-pods-master...", type: "AuthToken", auth_key: "v2:{D3CXqSKTEaeq1WKpRm0+WVxMynLkCLI+5Jm3+O3EPEOoe8...", fingerprint: nil, service_account: nil, challenge: nil, login: nil, public_key: nil, htpassd_users: [], ldap_id: [], ldap_email: [], ldap_name: [], ldap_preferred_user_name: [], ldap_bind_dn: nil, ldap_insecure: nil, ldap_url: nil, request_header_challenge_url: nil, request_header_login_url: nil, request_header_headers: [], request_header_preferred_username_headers: [], request_header_name_headers: [], request_header_email_headers: [], open_id_sub_claim: nil, open_id_user_info: nil, open_id_authorization_endpoint: nil, open_id_token_endpoint: nil, open_id_extra_scopes: [], open_id_extra_authorize_parameters: nil, certificate_authority: nil, google_hosted_domain: nil, github_organizations: [], rhsm_sku: nil, rhsm_pool_id: nil, rhsm_server: nil, manager_ref: nil, options: nil>>, roles=["default", "hawkular"]> => nil irb(main):002:0>
Thanks Dafna
changes for this bz: Hawkular hostname detection changes #1304 https://github.com/ManageIQ/manageiq-ui-classic/pull/1304 Remove Invalid Hawkular Endpoints #14990 https://github.com/ManageIQ/manageiq/pull/14990 Allow to explicitly disable hawkular in containers #1205 https://github.com/ManageIQ/manageiq-ui-classic/pull/1205 Avoid metrics collection workers unless endpoint #7 https://github.com/ManageIQ/manageiq-providers-kubernetes/pull/7 Ensure that error indicator appears on Hawkular tab #1172 https://github.com/ManageIQ/manageiq-ui-classic/pull/1172 All should reach 5.8.1
Correction. I would actually prefer not to zstream any of these changes. Main reason being the benefit is mostly for dev / qa situations and we have to really thoroughly know that the one endpoint situation does not cause any problems in the system. Federico ok to postpone this to 5.9?
(In reply to Mooli Tayer from comment #22) > Correction. I would actually prefer not to zstream any of these changes. Let's keep it for 5.8.1, we'll reevaluate in some time (closer to the dealine).
All of the PRs in comment 22 would either all have to be in fine or out. manageiq/#14990 is a migration. I could replace it with a PR selecting 'disabled' for the hawkular endpoint if the it is invalid (hostname="") manageiq-providers-kubernetes#7 is safe to be backported alone
(In reply to Mooli Tayer from comment #25) > All of the PRs in comment 22 would either all have to be in fine or out. I meant comment 21
Verified in 5.9. Compute-containers-->Providers --> Edit this provider. I changed the Provider name and the "Save" button was enabled.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0380