Bug 601153 - [apache] Failed configuration update doesn't return gracefully
Summary: [apache] Failed configuration update doesn't return gracefully
Alias: None
Product: RHQ Project
Classification: Other
Component: Plugins
Version: 3.0.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: John Sanda
QA Contact: Corey Welton
Depends On:
Blocks: jon-sprint11-bugs
TreeView+ depends on / blocked
Reported: 2010-06-07 10:54 UTC by Lukas Krejci
Modified: 2010-08-12 16:53 UTC (History)
1 user (show)

Fixed In Version: 2.4
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-08-12 16:53:46 UTC

Attachments (Terms of Use)

Description Lukas Krejci 2010-06-07 10:54:18 UTC
Description of problem:

I tried to update apache configuration with insufficient privileges of the user running the agent. The agent.log contained an error message:

2010-06-07 12:36:20,363 ERROR [ResourceContainer.invoker.nonDaemon-1] (org.rhq.plugins.apache.ApacheDirectoryComponent)- Augeas failed to save configuration Error open_augnew
message Permission denied

That appeared straight after the attempt but the server UI still reported the configuration update "in progress" and failed it only after a timeout of 1 minute.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Run agent as unprivileged user
2. try to update some apache configuration
Actual results:
The configuration update fails only after timeout, giving the timeout as the reason for the failure, when in fact the error is that the agent doesn't have enough privileges to perform the update.

Expected results:
Correct failure message associated with the config update attempt.

Comment 1 Lukas Krejci 2010-06-07 11:51:51 UTC
Correction of description:

This specifically happened when trying to update a directory resource. I'm not sure how other resource types behave.

Comment 2 John Sanda 2010-07-06 18:17:35 UTC
The underlying problem is a TransientObjectException which is getting thrown in ConfigurationManagerBean.completeResourceConfigurationUpdate at line 1245-ish on the call to,

failedConfiguration = entityManager.merge(failedConfiguration);

I came across http://opensource.atlassian.com/projects/hibernate/browse/HHH-2612 which gave me a some additional insight into a possible cause, and HHH-2612 does in fact appear to be involved. I tried setting the Ip property that is nested inside the Listen list property. Looking at the failedConfiguration object in the debugger I discovered that the parent Configuration object referenced by the Listen property had an id of zero which effectively means that the property has a non-existent FK reference.

It should be noted that the failedConfiguration object is the configuration sent across the wire from the agent as part of the ConfigurationUpdateResponse. It could be the case that the parent reference is getting mangled before the configuration is sent down to the agent in which case this would be a server-side bug. If however the parent reference is getting mangled on the agent side, then the problem points to the apache plugin.

Comment 3 John Sanda 2010-07-06 18:37:55 UTC
I have confirmed that the parent reference is getting mangled on the agent side so it seems that the issue is in the apache plugin or in the plugin container service, ConfigurationManager.

Comment 4 John Sanda 2010-07-06 19:31:59 UTC
The parent configuration reference is to a transient instance in ApacheServerComponent.updateResourceConfiguration at line 330 which is,

mapping.updateAugeas(tree.getRootNode(), report.getConfiguration(), resourceConfigDef);

I need to investigate the augeas code a bit to see what is going on there. Given that a collection with a cascade style of delete_orphan cannot reference a non-existent (i.e., transient) parent, we might want to consider managing the association between parent and children in these situations. In the case of Configuration and Property objects, when a Property is added to the Configuration we would set the parent reference on the Property at the time.

Comment 5 John Sanda 2010-07-06 19:49:33 UTC
A slight correction. Configuration.put(Property p) already sets the parent reference on the Property object; however, Configuration.remove(String name) does not unset the parent reference.

Comment 6 John Sanda 2010-07-06 20:45:52 UTC
Modifying apache plugin so that the parent reference of the Property objects is not changed to a transient Configuration object. The correct update error should be getting reported now.

commit hash: 308cd90c3151705727d172864a6262073043c151

Comment 7 Corey Welton 2010-07-16 18:57:09 UTC
QA Verified.  When trying to commit a config change w/ a non privileged user, I get a failure with following error:

net.augeas.AugeasException: Failed to save configuration: Error open_augnewmessage Permission deniedError open_augnewmessage Permission denied at org.rhq.plugins.apache.ApacheServerComponent.updateResourceConfiguration(ApacheServerComponent.java:340)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)at java.lang.reflect.Method.invoke(Method.java:616)at org.rhq.core.pc.inventory.ResourceContainer$ComponentInvocationThread.call(ResourceContainer.java:525)at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)at java.util.concurrent.FutureTask.run(FutureTask.java:166)at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)at java.lang.Thread.run(Thread.java:636)Caused by: net.augeas.AugeasException: save failedat net.augeas.Augeas.processLastCall(Unknown Source)at net.augeas.Augeas.save(Unknown Source)at org.rhq.augeas.tree.impl.AbstractAugeasTree.save(AbstractAugeasTree.java:155)at org.rhq.plugins.apache.ApacheServerComponent.updateResourceConfiguration(ApacheServerComponent.java:331)... 10 more

Comment 8 Corey Welton 2010-08-12 16:53:46 UTC
Mass-closure of verified bugs against JON.

Note You need to log in before you can comment on or make changes to this bug.