RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1665404 - pcs should check that values of unique resource attributes are unique
Summary: pcs should check that values of unique resource attributes are unique
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: pcs
Version: 8.0
Hardware: Unspecified
OS: Linux
high
high
Target Milestone: rc
: 8.1
Assignee: Ondrej Mular
QA Contact: cluster-qe@redhat.com
URL:
Whiteboard:
Depends On: 1682129
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-01-11 09:53 UTC by Tomas Jelinek
Modified: 2020-11-14 14:11 UTC (History)
8 users (show)

Fixed In Version: pcs-0.10.1-6.el8
Doc Type: Enhancement
Doc Text:
Feature: Add check for uniqueness of instance attributes (marked as unique in a resource agent metadata) of a particular resource agent across the cluster configuration. Reason: It may be possible that resources with such misconfiguration will not start up properly. Result: Pcs now checks for such misconfiguration when creating/updating resources and informs the user about it.
Clone Of: 1389140
Environment:
Last Closed: 2019-11-05 20:39:38 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2019:3311 0 None None None 2019-11-05 20:39:48 UTC

Description Tomas Jelinek 2019-01-11 09:53:16 UTC 
+++ This bug was initially created as a clone of Bug #1389140 +++

Description of problem:
Pacemaker ip resource does not give error when two resources are created with same ipaddress. Also both the resources are started.

Version-Release number of selected component (if applicable):

resource-agents-3.9.5-54.el7_2.10.x86_64


How reproducible:

Create two IP resources with different name and with same ipaddress.

Steps to Reproduce:
1. 

Resource: app-ip (class=ocf provider=heartbeat type=IPaddr2)
   Attributes: ip=10.8.210.60 cidr_netmask=24             <----      SAME IP 
   Operations: start interval=0s timeout=20s (dom-prdvip-start-interval-0s)
               stop interval=0s timeout=20s (dom-prdvip-stop-interval-0s)
               monitor interval=10s timeout=20s (dom-prdvip-monitor-interval-10s)


Resource: db-ip (class=ocf provider=heartbeat type=IPaddr2)
   Attributes: ip=10.8.210.60 cidr_netmask=24             <-------- SAME IP
   Operations: start interval=0s timeout=20s (dom-nfsip-start-interval-0s)
               stop interval=0s timeout=20s (dom-nfsip-stop-interval-0s)
               monitor interval=10s timeout=20s (dom-nfsip-monitor-interval-10s)

2.

3.

Actual results:

Both resources show as started.
app-ip (ocf::heartbeat:IPaddr2):       Started test1.example.com
db-ip  (ocf::heartbeat:IPaddr2):       Started test1.example.com

Expected results:

It should give an error when resource is created or when the resource is started 

Additional info:

--- Additional comment from Ken Gaillot on 2018-07-10 23:04:59 CEST ---

Reassigning to pcs as it isn't practical to do this in pacemaker.

When creating a resource, pcs should read the agent's meta-data, and ensure that the specified parameters satisfy the new "unique" criteria.
Comment 1 Ondrej Mular 2019-01-14 07:29:30 UTC 
Upstream patch:
https://github.com/ClusterLabs/pcs/commit/a5028f663a7bf0142a7573afab5e045fc0f4249e
Comment 5 Ondrej Mular 2019-05-02 12:03:14 UTC 
After fix:
[root@rhel81-node1 ~]# rpm -q pcs
pcs-0.10.1-6.el8.x86_64

[root@rhel81-node1 ~]# pcs resource describe ocf:pacemaker:Dummy | grep unique
  state (unique): Location to store the resource state in.
  passwd (unique): Fake password field
  op_sleep (unique): Number of seconds to sleep during operations. This can be
  envfile (unique): If this is set, the environment will be dumped to this file
[root@rhel81-node1 ~]# pcs resource create R1 ocf:pacemaker:Dummy state=1 --no-default-ops
[root@rhel81-node1 ~]# pcs resource create R2 ocf:pacemaker:Dummy state=1 --no-default-ops
Error: Value '1' of option 'state' is not unique across 'ocf:pacemaker:Dummy' resources. Following resources are configured with the same value of the instance attribute: 'R1', use --force to override
[root@rhel81-node1 ~]# echo $?
1
[root@rhel81-node1 ~]# pcs resource create R2 ocf:pacemaker:Dummy state=1 --no-default-ops --force
Warning: Value '1' of option 'state' is not unique across 'ocf:pacemaker:Dummy' resources. Following resources are configured with the same value of the instance attribute: 'R1'
[root@rhel81-node1 ~]# echo $?
0
[root@rhel81-node1 ~]# pcs resource config R1 R2
 Resource: R1 (class=ocf provider=pacemaker type=Dummy)
  Attributes: state=1
  Operations: monitor interval=10s timeout=20s (R1-monitor-interval-10s)
 Resource: R2 (class=ocf provider=pacemaker type=Dummy)
  Attributes: state=1
  Operations: monitor interval=10s timeout=20s (R2-monitor-interval-10s)
Comment 7 Michal Mazourek 2019-07-24 13:03:41 UTC 
BEFORE FIX:
===========

[root@virt-141 ~]# rpm -q pcs
pcs-0.10.1-4.el8_0.3.x86_64

> No keyword 'unique' within resource options description 

[root@virt-141 ~]# pcs resource describe ocf:heartbeat:IPaddr2 | grep '(unique)'
[root@virt-141 ~]# echo $?
1

> Creating two IP resources with different name and same ip address

[root@virt-141 ~]# pcs resource create app-ip ocf:heartbeat:IPaddr2 ip=10.37.165.40 cidr_netmask=22
[root@virt-141 ~]# pcs resource create db-ip ocf:heartbeat:IPaddr2 ip=10.37.165.40 cidr_netmask=22
[root@virt-141 ~]# echo $?
0
[root@virt-141 ~]# pcs resource
 Clone Set: locking-clone [locking]
     Started: [ virt-141 virt-142 virt-143 ]
 app-ip	(ocf::heartbeat:IPaddr2):	Started virt-141
 db-ip	(ocf::heartbeat:IPaddr2):	Started virt-142

> It is possible to set non-unique value across instances of same resource

AFTER FIX:
==========

[root@virt-045 ~]# rpm -q pcs
pcs-0.10.2-3.el8.x86_64

[root@virt-045 ~]# pcs resource describe ocf:heartbeat:IPaddr2 | grep '(unique)'
  ip (required) (unique): The IPv4 (dotted quad notation) or IPv6 address (colon

[root@virt-045 ~]# pcs resource create app-ip ocf:heartbeat:IPaddr2 ip=10.37.165.40 cidr_netmask=22
[root@virt-045 ~]# pcs resource create db-ip ocf:heartbeat:IPaddr2 ip=10.37.165.40 cidr_netmask=22
Error: Value '10.37.165.40' of option 'ip' is not unique across 'ocf:heartbeat:IPaddr2' resources. Following resources are configured with the same value of the instance attribute: 'app-ip', use --force to override
[root@virt-045 ~]# echo $?
1
[root@virt-045 ~]# pcs resource
 Clone Set: locking-clone [locking]
     Started: [ virt-045 virt-046 virt-049 ]
 app-ip	(ocf::heartbeat:IPaddr2):	Started virt-045

> Cannot set value which is not unique across resource instances

[root@virt-045 ~]# pcs resource create db-ip ocf:heartbeat:IPaddr2 ip=10.37.165.40 cidr_netmask=22 --force
Warning: Value '10.37.165.40' of option 'ip' is not unique across 'ocf:heartbeat:IPaddr2' resources. Following resources are configured with the same value of the instance attribute: 'app-ip'
[root@virt-045 ~]# echo $?
0
[root@virt-045 ~]# pcs resource
 Clone Set: locking-clone [locking]
     Started: [ virt-045 virt-046 virt-049 ]
 app-ip	(ocf::heartbeat:IPaddr2):	Started virt-045
 db-ip	(ocf::heartbeat:IPaddr2):	Started virt-046

> Option --force works

[root@virt-045 ~]# pcs resource delete db-ip
Attempting to stop: db-ip... Stopped
[root@virt-045 ~]# pcs resource create db-ip ocf:heartbeat:IPaddr2 ip=10.37.165.41 cidr_netmask=22
[root@virt-045 ~]# pcs resource update db-ip ip=10.37.165.40
Error: Value '10.37.165.40' of option 'ip' is not unique across 'ocf:heartbeat:IPaddr2' resources. Following resources are configured with the same value of the instance attribute: 'app-ip', use --force to override

> Trying to set value which is not unique across resource instances through update is not possible as well

[root@virt-045 ~]# pcs resource describe ocf:pacemaker:Dummy | grep '(unique)'
  state (unique): Location to store the resource state in.
  passwd (unique): Fake password field
  op_sleep (unique): Number of seconds to sleep during operations. This can be
  envfile (unique): If this is set, the environment will be dumped to this file

> The same procedure were tested with all of the unique resource options of Dummy (state, passwd, op_sleep, envfile)

Marking as VERIFIED in pcs-0.10.2-3.el8
Comment 9 errata-xmlrpc 2019-11-05 20:39:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:3311
Note You need to log in before you can comment on or make changes to this bug.