Red Hat Bugzilla – Bug 1552666
clufter does not filter out some corosync qdevice options (votes,tls) when it generates 'pcs quorum device add...' command
Last modified: 2018-03-13 14:50:34 EDT
Description of problem: If there are options in corosync.conf that pcs does not allow to set, clufter does not filter it out and adds it to generated 'pcs quorum device...' command. Version-Release number of selected component (if applicable): clufter-cli-0.77.0-2.el7 How reproducible: always Steps to Reproduce: 1. Create cluster with configured quorum device. # pcs cluster auth virt-005 virt-006 # pcs cluster setup --name HAcluster virt-005 virt-006 --enable --start # pcs quorum device add model net algorithm=ffsplit host=virt-007 NOTE: Arbitrator node 'virt-007' should be configured with command: # pcs qdevice setup model net --enable --start 2. Add option 'tls: on' to the corosync.conf [root@virt-005 c]# cat /etc/corosync/corosync.conf totem { version: 2 cluster_name: HAcluster secauth: off transport: udpu } nodelist { node { ring0_addr: virt-005 nodeid: 1 } node { ring0_addr: virt-006 nodeid: 2 } } quorum { provider: corosync_votequorum device { model: net votes: 1 net { algorithm: ffsplit host: virt-007 tls: on } } } logging { to_logfile: yes logfile: /var/log/cluster/corosync.log to_syslog: yes } 3. Generete pcs command using clufter: [root@virt-005 c]# clufter pcs2pcscmd --silent --noguidance --quiet --text-width=-1 #!/usr/bin/sh # sequence generated on 2018-03-07 06:41:54 with: clufter 0.77.0 # invoked as: ['/usr/bin/clufter', 'pcs2pcscmd', '--silent', '--noguidance', '--quiet', '--text-width=-1'] # targeting system: ('linux', 'redhat', '7.5', 'Maipo') # using interpreter: CPython 2.7.5 pcs cluster auth virt-005 virt-006 <> /dev/tty pcs cluster setup --name HAcluster virt-005 virt-006 --transport udpu pcs cluster start --all --wait=60 pcs quorum device add votes=1 model net algorithm=ffsplit host=virt-007 tls=on pcs cluster cib tmp-cib.xml cp tmp-cib.xml tmp-cib.xml.deltasrc pcs cluster cib-push tmp-cib.xml diff-against=tmp-cib.xml.deltasrc 4. Remove quorum device from cluster and try generated command [root@virt-005 c]# pcs quorum device remove Disabling corosync-qdevice... virt-006: corosync-qdevice disabled virt-005: corosync-qdevice disabled Stopping corosync-qdevice... virt-005: corosync-qdevice stopped virt-006: corosync-qdevice stopped Removing qdevice certificates from nodes... virt-005: Succeeded virt-006: Succeeded Sending updated corosync.conf to nodes... virt-005: Succeeded virt-006: Succeeded Corosync configuration reloaded [root@virt-005 c]# pcs quorum device add votes=1 model net algorithm=ffsplit host=virt-007 tls=on Error: invalid quorum device model option 'tls', allowed options are: algorithm, connect_timeout, force_ip_version, host, port, tie_breaker, use --force to override Error: invalid quorum device option 'votes', allowed options are: sync_timeout, timeout, use --force to override Actual results: Clufter does not filter out forbidden options when it generates 'pcs quorum...' command. Expected results: Clufter filters out forbidden options when it generates 'pcs quorum...' command. Also, clufter could add --force option, but it looks like less appropriate solution.
Thanks for the report. Tomáš pointed out that "tls" in particular is enabled by default ([bug 1476862 comment 5]) and ability to disable it is planned.
Fixed in upstream and going to hit planned v0.77.1: https://pagure.io/clufter/c/b1abb872edbf373d5d49c275cf4ea0cc7e2194fb?branch=next
To test, add for instance "tls: required" under quorum.device.net.tls section in corosync.conf, then rerun that "clufter pcs2pcscmd" and observe: - no 'tls=required" within any of the resulting pcs commands - on stderr: > [needleqdevicexml2pcscmd] xslt: WARNING: non-default > `quorum.device.net.tls` value `required` > specified, but current pcs not capable > to set it
re [comment 3]: actually, forgot to reference this bug, hence the new valid "next" commit https://pagure.io/clufter/c/28a954072365dff33d2498bdd2bb115b7aa82350?branch=next