Bug 1552666 - clufter does not filter out some corosync qdevice options (votes,tls) when it generates 'pcs quorum device add...' command
Summary: clufter does not filter out some corosync qdevice options (votes,tls) when it...
Status: POST
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: clufter
Version: 7.5
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jan Pokorný [poki]
QA Contact: cluster-qe@redhat.com
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-03-07 13:52 UTC by Miroslav Lisik
Modified: 2019-03-02 00:52 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 1476862 None None None Never

Internal Trackers: 1476862

Description Miroslav Lisik 2018-03-07 13:52:42 UTC
Description of problem:

If there are options in corosync.conf that pcs does not allow to set, clufter
does not filter it out and adds it to generated 'pcs quorum device...' command.

Version-Release number of selected component (if applicable):

clufter-cli-0.77.0-2.el7

How reproducible:

always


Steps to Reproduce:

1. Create cluster with configured quorum device.

# pcs cluster auth virt-005 virt-006
# pcs cluster setup --name HAcluster virt-005 virt-006 --enable --start
# pcs quorum device add model net algorithm=ffsplit host=virt-007

NOTE: Arbitrator node 'virt-007' should be configured with command:

# pcs qdevice setup model net --enable --start

2. Add option 'tls: on' to the corosync.conf

[root@virt-005 c]# cat /etc/corosync/corosync.conf
totem {
    version: 2
    cluster_name: HAcluster
    secauth: off
    transport: udpu
}

nodelist {
    node {
        ring0_addr: virt-005
        nodeid: 1
    }

    node {
        ring0_addr: virt-006
        nodeid: 2
    }
}

quorum {
    provider: corosync_votequorum

    device {
        model: net
        votes: 1

        net {
            algorithm: ffsplit
            host: virt-007
            tls: on
        }
    }
}

logging {
    to_logfile: yes
    logfile: /var/log/cluster/corosync.log
    to_syslog: yes
}


3. Generete pcs command using clufter:

[root@virt-005 c]# clufter pcs2pcscmd --silent --noguidance --quiet --text-width=-1
#!/usr/bin/sh
# sequence generated on 2018-03-07 06:41:54 with: clufter 0.77.0
# invoked as: ['/usr/bin/clufter', 'pcs2pcscmd', '--silent', '--noguidance', '--quiet', '--text-width=-1']
# targeting system: ('linux', 'redhat', '7.5', 'Maipo')
# using interpreter: CPython 2.7.5
pcs cluster auth virt-005 virt-006 <> /dev/tty
pcs cluster setup --name HAcluster virt-005 virt-006 --transport udpu
pcs cluster start --all --wait=60
pcs quorum device add votes=1 model net algorithm=ffsplit host=virt-007 tls=on
pcs cluster cib tmp-cib.xml
cp tmp-cib.xml tmp-cib.xml.deltasrc
pcs cluster cib-push tmp-cib.xml diff-against=tmp-cib.xml.deltasrc

4. Remove quorum device from cluster and try generated command

[root@virt-005 c]# pcs quorum device remove
Disabling corosync-qdevice...
virt-006: corosync-qdevice disabled
virt-005: corosync-qdevice disabled
Stopping corosync-qdevice...
virt-005: corosync-qdevice stopped
virt-006: corosync-qdevice stopped
Removing qdevice certificates from nodes...
virt-005: Succeeded
virt-006: Succeeded
Sending updated corosync.conf to nodes...
virt-005: Succeeded
virt-006: Succeeded
Corosync configuration reloaded

[root@virt-005 c]# pcs quorum device add votes=1 model net algorithm=ffsplit host=virt-007 tls=on
Error: invalid quorum device model option 'tls', allowed options are: algorithm, connect_timeout, force_ip_version, host, port, tie_breaker, use --force to override
Error: invalid quorum device option 'votes', allowed options are: sync_timeout, timeout, use --force to override


Actual results:

Clufter does not filter out forbidden options when it generates 'pcs quorum...'
command.

Expected results:

Clufter filters out forbidden options when it generates 'pcs quorum...'
command.  Also, clufter could add --force option, but it looks like less
appropriate solution.

Comment 2 Jan Pokorný [poki] 2018-03-07 14:57:32 UTC
Thanks for the report.

Tomáš pointed out that "tls" in particular is enabled by default
([bug 1476862 comment 5]) and ability to disable it is planned.

Comment 3 Jan Pokorný [poki] 2018-03-09 18:46:36 UTC
Fixed in upstream and going to hit planned v0.77.1:

https://pagure.io/clufter/c/b1abb872edbf373d5d49c275cf4ea0cc7e2194fb?branch=next

Comment 4 Jan Pokorný [poki] 2018-03-09 18:51:49 UTC
To test, add for instance "tls: required" under quorum.device.net.tls
section in corosync.conf, then rerun that "clufter pcs2pcscmd" and
observe:

- no 'tls=required" within any of the resulting pcs commands

- on stderr:

> [needleqdevicexml2pcscmd] xslt: WARNING: non-default
>                           `quorum.device.net.tls` value `required`
>                           specified, but current pcs not capable
>                           to set it

Comment 5 Jan Pokorný [poki] 2018-03-13 18:50:34 UTC
re [comment 3]:

actually, forgot to reference this bug, hence the new valid "next" commit
https://pagure.io/clufter/c/28a954072365dff33d2498bdd2bb115b7aa82350?branch=next


Note You need to log in before you can comment on or make changes to this bug.