Bug 221869 - Adding an existing cluster via luci - unauthenticated node accepted as cluster member - cannot be deleted via luci
Adding an existing cluster via luci - unauthenticated node accepted as cluste...
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: conga (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jim Parsons
Corey Marthaler
Depends On:
  Show dependency treegraph
Reported: 2007-01-08 12:01 EST by Len DiMaggio
Modified: 2009-04-16 18:33 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-01-08 12:36:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Screenshot 1 of 5 (122.68 KB, image/png)
2007-01-08 12:06 EST, Len DiMaggio
no flags Details
Screenshot 2 of 5 (132.72 KB, image/png)
2007-01-08 12:07 EST, Len DiMaggio
no flags Details
Screenshot 3 of 5 (153.10 KB, image/png)
2007-01-08 12:22 EST, Len DiMaggio
no flags Details
Screenshot 4 of 5 (116.14 KB, image/png)
2007-01-08 12:31 EST, Len DiMaggio
no flags Details
Screenshot 5 of 5 (127.38 KB, image/png)
2007-01-08 12:47 EST, Len DiMaggio
no flags Details

  None (edit)
Description Len DiMaggio 2007-01-08 12:01:02 EST
Description of problem:
Adding an existing cluster via luci - unauthenticated node accepted as cluster
member - cannot be deleted via luci

See the steps below and screen shot-attachments for the sequence of actions.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create a multiple node cluster outside of luci. For my testing, I used a
5-node cluster (tng3-1.lab.msp.redhat.com thru tng3-5)
2. Start up the ricci service on all nodes, also start up the luci service on
one node (in my case, tng3-5)
3. Access luci, select 'add an existing cluster'
4. Intentionally specify an invalid password for one of the nodes to cause an
authentication error (in my case, node tng3-2)
5. luci reports the authentication failure, but adds the cluster to its cluster
list. (see screenshot attachment #1 [details])
6. The unauthenticated node is listed in the cluster's node list (see screenshot
attachment #2 [details]) - but it's display does not list the cluster daemons (see
screenshot 3)
7. Luci correctly reports that the node is not authenticated if the user
attempts to retrieve a log from the node (see screenshot attachment #4 [details])
8. But the user cannot delete the node from the cluster via luci as luci cannot
authenticate to the node (see screenshot #5)
9. The user can clear up the situation by deleting the unauthenticated node from
the 'manage systems' menu, and then re-adding it, this time with the correct

Actual results:
See the screenshots.

Expected results:
I would have expected luci to not add the cluster to its list if all the nodes
were up, but failed to authenticate.

Or, is this really a usability issue? The luci web app does not include an
explicit "reauthenticate" option - instead, the user deletes and adds back the
unthenticated node. But - if the node is unauthenticated, should it really
appear in the system list at all?

Additional info:
See the screenshots.
Comment 1 Len DiMaggio 2007-01-08 12:06:01 EST
Created attachment 145078 [details]
Screenshot 1 of 5
Comment 2 Len DiMaggio 2007-01-08 12:07:14 EST
Created attachment 145080 [details]
Screenshot 2 of 5
Comment 3 Len DiMaggio 2007-01-08 12:22:51 EST
Created attachment 145081 [details]
Screenshot 3 of 5
Comment 4 Len DiMaggio 2007-01-08 12:31:28 EST
Created attachment 145082 [details]
Screenshot 4 of 5
Comment 5 Ryan McCabe 2007-01-08 12:36:14 EST
I think everything here is working as expected. Luci needs to be able to add
existing clusters with nodes that are either down or where ricci is not working
correctly (or else one down or misbehaving node would prevent management of the
whole cluster by Luci). Nodes that are not properly authenticated will not be
fully functional as far as Luci is concerned, but they may be perfectly
functional cluster members.

In the latest scratch build of Luci, there is a checkbox option "add this
cluster as-is" with the note that any nodes that are not authenticated will need
to be authenticated later via the reauthenticate functionality in the manage
systems section.

I think there may also be some confusion regarding the authenticate
functionality provided in the manage systems page. The purpose of this is only
to reauthenticate to systems that either could not be propertly authenticated
upon addition or systems that may have been reimaged causing their SSL certs to
either change or be lost. In the latest scratch build, the header was changed
from "Authenticate to ..." to "Reauthenticate to ..." to try to make this more
clear. No systems are actually added to Luci using this form; it's strictly for
reauthentication when something has gone wrong.

Could you try this again using the lastest scratch build and re-open the bug if
you think something is still wrong?
Comment 6 Len DiMaggio 2007-01-08 12:47:06 EST
Created attachment 145084 [details]
Screenshot 5 of 5
Comment 7 Len DiMaggio 2007-01-08 13:13:11 EST
I think that the two changes that you mention:

   -> Title "add cluster as is"
   -> Title "reauthenticate" 

Will help avoid user confusion. But, how does a user re-authenticate a node?
Which tab/menu/selection? Thanks!
Comment 8 Len DiMaggio 2007-01-08 13:14:23 EST
P.S. Here's a related problem:  

Note You need to log in before you can comment on or make changes to this bug.