RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1598197 - Updating a bundle is a bit cumbersome
Summary: Updating a bundle is a bit cumbersome
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pcs
Version: 7.5
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Ivan Devat
QA Contact: cluster-qe@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-07-04 15:23 UTC by Michele Baldessari
Modified: 2019-08-06 13:10 UTC (History)
10 users (show)

Fixed In Version: pcs-0.9.167-1.el7
Doc Type: Enhancement
Doc Text:
Feature: An ability to update bundle to look exactly like specified. Reason: User (OpenStack) needs to update bundle by full specification but command `pcs bundle update` expects only changes. Result: New command `pcs bundle reset` was introduced.
Clone Of:
: 1657166 (view as bug list)
Environment:
Last Closed: 2019-08-06 13:10:01 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
proposed fix (143.78 KB, patch)
2019-01-21 16:10 UTC, Ivan Devat 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1568353 0 medium CLOSED "pcs resource update" should not create an empty meta-attributes element 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 1725849 0 urgent CLOSED 'pcs resource bundle reset' fails if existing port-map and storage-map ids are reused 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHBA-2019:2244 0 None None None 2019-08-06 13:10:12 UTC

Internal Links: 1568353 1725849 1734687

Description Michele Baldessari 2018-07-04 15:23:14 UTC 
Description of problem:
So we'd like to update bundle resources in puppet-pacemaker and we simply wanted to use the usual command:
/usr/sbin/pcs -f /var/lib/pacemaker/cib/puppet-cib-backup20180704-6-1ubl4u5 resource bundle update haproxy-bundle container docker image=192.168.24.1:8787/tripleomaster/centos-binary-haproxy:pcmklatest replicas=3 options="--user=root --log-driver=journald -e
 KOLLA_CONFIG_STRATEGY=COPY_ALWAYS" run -command="/bin/bash /usr/local/bin/kolla_start" network=host storage-map id=haproxy-cfg-files source-dir=/var/lib/kolla/config_files/haproxy.json target-dir=/var/lib/kolla/config_files/config.json options=ro storage-map id=haproxy-cfg-data source-dir=/var/lib/config-data/puppet-generated/haproxy/ target-dir=/var/lib/kolla/config_files/src options=ro storage-map id=haproxy-hosts source-dir=/etc/hosts target-dir=/etc/hosts options=ro storage-map id=haproxy-localtime source-dir=/etc/localtime target-dir=/etc/localtime options=ro storage-map id=haproxy-var-lib source-dir=/var/lib/haproxy target-dir=/var/lib/haproxy options=rw storage-map id=haproxy-pki-extracted source-dir=/etc/pki/ca-trust/extracted target-dir=/etc/pki/ca-trust/extracted options=ro storage-map id=haproxy-pki-ca-bundle-crt source-dir=/etc/pki/tls/certs/ca-bundle.crt target-dir=/etc/pki/tls/certs/ca-bundle.crt options=ro storage-map id=haproxy-pki-ca-bundle-trust-crt source-dir=/etc/pki/tls/certs/ca-bundle.trust.crt target-dir=/etc/pki/tls/certs/ca-bundle.trust.crt options=ro storage-map id=haproxy-pki-cert source-dir=/etc/pki/tls/cert.pem target-dir=/etc/pki/tls/cert.pem options=ro storage-map id=haproxy-dev-log source-dir=/dev/log target-dir=/dev/log options=rw

The problem is that this fails with:
Error: When using 'storage-map' you must specify either 'add' and options or 'remove' and id(s)

Version-Release number of selected component (if applicable):
pcs-0.9.162-5.el7.x86_64

To overcome this I would have to dump the xml for the bundle, parse the all the storage maps, detect which ones are to be added/removed, which ones are changed and then add (add/remove) storage-maps commands. This seems a bit inefficient when I already am passing the exact list of storage-maps I want to have.

Would it be possible to remove this restriction?
Comment 2 Andrew Beekhof 2018-07-06 11:30:12 UTC 
Why on earth wouldn't we be able to update bundle resources?
Comment 5 Tomas Jelinek 2018-07-10 12:21:03 UTC 
There are two approaches to the "update" functionality:
A. The user tells pcs which part of a resource settings they want to change. Pcs changes that bit and does not touch anything else.
B. The user tells pcs they want a resource to look exactly like specified. Pcs drops all current setting of the resource and applies the specified settings.

All update commands in pcs work as described in A. "pcs resource update my_resource attr1=value1" changes my_resource's instance attribute attr1's value to value1. It does not change or remove any existing instance attributes not named attr1. Setting cluster properties, utilization, quorum settings, you name it, all updates work the same way. The reason for this is to keep the commands short and easy to use.

Generally, the syntax is "attr1=value1" to set attr1's value to value1 and "attr2=" to delete attr2. With bundles, the situation is a bit complicated. Managing individual attributes is not enough, it is needed to manage groups of them called storage-map and port-map. So we came up with "storage-map add attr1=value1 attr2=value2..." and "storage-map remove storage_map_id". "storage-map update storage_map_id attr1=value1 attr2=value2" could be added to replace add-remove combo to change an existing storage-map. This does not seem to be requested here, though.

What I think is being requested here is the way described as B. This requires all the settings of a resource (all the cluster properties, utilization attributes, quorum settings) to be specified in a command as not specified settings get removed. This is difficult to use by people because for changing one little setting all the existing settings have to be repeated in a command just to keep them the same they already were (and prevent them to be deleted). On the other hand, it fits Michele's use case better.

The best way to implement this is to introduce new pcs command(s) to prevent confusion with existing update command(s) as their semantics (A vs. B) is very different.

Related question:
Michele, when you update primitive resources, how do you delete attributes? Syntax for that is "pcs resource update attr_to_delete=", so you must know which attributes to delete and specify them with no values in the update command.
Comment 6 Jan Pokorný [poki] 2018-07-16 18:08:32 UTC 
re [comment 5]:

> With bundles, the situation is a bit complicated. Managing individual
> attributes is not enough, it is needed to manage groups of them called
> storage-map and port-map.

To be honest, it's not that different assuming that a special semantic
rule is established:

> id of a keyword-denoted attribute set (here: {port,storage}-map)
> is always immutable regarding the effect on the configuration,
> meaning that its only direct footprint there is with the pristine
> addition, otherwise it is used just to access the right one with
> updates (here: triggered with pcs resource bundle update)
> -- it therefore needs to be specified unless the ambiguity is
> resolved by other means (here: "{port,storage}-map add" achieves
> that implicitly with selection of yet-unused id automatically)

Also With additional normalization rule:

> do not leave empty attribute sets around
> (would be a flaw in pacemaker's schemas if any such
> dropping was prevented)

in place,

  storage-map remove storage_map_id

would become equivalent with

  storage-map id=storage_map_id [nothing but a start of a new
                                 syntactical group if at all]

meaning that "{port,storage}-map add/remove" would become completely
avoidable (could be emulated by the proposed logic).


I think this would:

- satisfy Michele's use case (have very exact idea of what needs
  to be in the resulting configuration AND do not want to bother
  how to get there piecewise AND do not want to get there in two
  invocations, i.e., drop and define anew -- why wasn't this
  mentioned so far?)

- would hopefully not clash with existing syntactical uses (anyway, is
  changing identifiers a sane thing to do? I'd argue it's not and the
  rule of immutability should have been firmly established in early
  days)

- would not incur users' frustration arising from having to edit
  the previous new-bundle-establishing command twice+ in possibly
  a very long, screen-wrapped command(!) in case that was the
  easiest way to post-fix something about the bundle defined

1 Kč
Comment 7 Michele Baldessari 2018-10-12 15:58:03 UTC 
(In reply to Tomas Jelinek from comment #5)
> There are two approaches to the "update" functionality:
> A. The user tells pcs which part of a resource settings they want to change.
> Pcs changes that bit and does not touch anything else.
> B. The user tells pcs they want a resource to look exactly like specified.
> Pcs drops all current setting of the resource and applies the specified
> settings.
> 
> All update commands in pcs work as described in A. "pcs resource update
> my_resource attr1=value1" changes my_resource's instance attribute attr1's
> value to value1. It does not change or remove any existing instance
> attributes not named attr1. Setting cluster properties, utilization, quorum
> settings, you name it, all updates work the same way. The reason for this is
> to keep the commands short and easy to use.
> 
> Generally, the syntax is "attr1=value1" to set attr1's value to value1 and
> "attr2=" to delete attr2. With bundles, the situation is a bit complicated.
> Managing individual attributes is not enough, it is needed to manage groups
> of them called storage-map and port-map. So we came up with "storage-map add
> attr1=value1 attr2=value2..." and "storage-map remove storage_map_id".
> "storage-map update storage_map_id attr1=value1 attr2=value2" could be added
> to replace add-remove combo to change an existing storage-map. This does not
> seem to be requested here, though.
> 
> What I think is being requested here is the way described as B. This
> requires all the settings of a resource (all the cluster properties,
> utilization attributes, quorum settings) to be specified in a command as not
> specified settings get removed. This is difficult to use by people because
> for changing one little setting all the existing settings have to be
> repeated in a command just to keep them the same they already were (and
> prevent them to be deleted). On the other hand, it fits Michele's use case
> better.
> 
> The best way to implement this is to introduce new pcs command(s) to prevent
> confusion with existing update command(s) as their semantics (A vs. B) is
> very different.
> 
> Related question:
> Michele, when you update primitive resources, how do you delete attributes?
> Syntax for that is "pcs resource update attr_to_delete=", so you must know
> which attributes to delete and specify them with no values in the update
> command.

Well we cannot use the update command just yet due to this very BZ.

Right now the only workaround we managed to get to, is to dump the cluster cib, make a copy,
remove the resource from the copy and recreate it against the copy with potentially a different
set of storage-maps for the bundle. Then we crm_diff --cib -o cib.orig -n cib.new and
parse the diff. We only push back the cib.new file to the live CIB if we detect any changes
that are relevant to the resource we are considering for update.

We're increasing the priority of this because this will hit us harder than we initially thought.
Namely, in a composable HA scenario, we will briefly repush the CIB of puppet without the location constraints
because pcs resource remove foo-bundle will remove those too (to keep the XML schema validated)
and to work around this.

A new command is totally fine for us.
Comment 9 Ivan Devat 2019-01-21 16:10:51 UTC 
Created attachment 1522184 [details]
proposed fix

Basic test:
[kid76 ~] $ pcs cluster cib|grep 'id="B1"' -A2
      <bundle id="B1">
        <docker image="pcs:test"/>
      </bundle>
[kid76 ~] $ pcs resource bundle reset B1 container docker image=pcs:new
[kid76 ~] $ pcs cluster cib|grep 'id="B1"' -A2
      <bundle id="B1">
        <docker image="pcs:new"/>
      </bundle>
Comment 10 Ivan Devat 2019-03-21 09:59:49 UTC 
After Fix:

[kid76 ~] $ rpm -q pcs
pcs-0.9.167-1.el7.x86_64

[kid76 ~] $ pcs cluster cib|grep 'id="B1"' -A2
      <bundle id="B1">
        <docker image="pcs:test"/>
      </bundle>
[kid76 ~] $ pcs resource bundle reset B1 container docker image=pcs:new
[kid76 ~] $ pcs cluster cib|grep 'id="B1"' -A2
      <bundle id="B1">
        <docker image="pcs:new"/>
      </bundle>
Comment 20 errata-xmlrpc 2019-08-06 13:10:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2244
Note You need to log in before you can comment on or make changes to this bug.