Bug 601153 - [apache] Failed configuration update doesn't return gracefully
[apache] Failed configuration update doesn't return gracefully
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: Plugins (Show other bugs)
3.0.0
All Linux
low Severity medium (vote)
: ---
: ---
Assigned To: John Sanda
Corey Welton
:
Depends On:
Blocks: jon-sprint11-bugs
  Show dependency treegraph
 
Reported: 2010-06-07 06:54 EDT by Lukas Krejci
Modified: 2010-08-12 12:53 EDT (History)
1 user (show)

See Also:
Fixed In Version: 2.4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
JON-2.4.0.Beta1
Last Closed: 2010-08-12 12:53:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lukas Krejci 2010-06-07 06:54:18 EDT
Description of problem:

I tried to update apache configuration with insufficient privileges of the user running the agent. The agent.log contained an error message:

2010-06-07 12:36:20,363 ERROR [ResourceContainer.invoker.nonDaemon-1] (org.rhq.plugins.apache.ApacheDirectoryComponent)- Augeas failed to save configuration Error open_augnew
message Permission denied

That appeared straight after the attempt but the server UI still reported the configuration update "in progress" and failed it only after a timeout of 1 minute.

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. Run agent as unprivileged user
2. try to update some apache configuration
  
Actual results:
The configuration update fails only after timeout, giving the timeout as the reason for the failure, when in fact the error is that the agent doesn't have enough privileges to perform the update.

Expected results:
Correct failure message associated with the config update attempt.
Comment 1 Lukas Krejci 2010-06-07 07:51:51 EDT
Correction of description:

This specifically happened when trying to update a directory resource. I'm not sure how other resource types behave.
Comment 2 John Sanda 2010-07-06 14:17:35 EDT
The underlying problem is a TransientObjectException which is getting thrown in ConfigurationManagerBean.completeResourceConfigurationUpdate at line 1245-ish on the call to,

failedConfiguration = entityManager.merge(failedConfiguration);

I came across http://opensource.atlassian.com/projects/hibernate/browse/HHH-2612 which gave me a some additional insight into a possible cause, and HHH-2612 does in fact appear to be involved. I tried setting the Ip property that is nested inside the Listen list property. Looking at the failedConfiguration object in the debugger I discovered that the parent Configuration object referenced by the Listen property had an id of zero which effectively means that the property has a non-existent FK reference.

It should be noted that the failedConfiguration object is the configuration sent across the wire from the agent as part of the ConfigurationUpdateResponse. It could be the case that the parent reference is getting mangled before the configuration is sent down to the agent in which case this would be a server-side bug. If however the parent reference is getting mangled on the agent side, then the problem points to the apache plugin.
Comment 3 John Sanda 2010-07-06 14:37:55 EDT
I have confirmed that the parent reference is getting mangled on the agent side so it seems that the issue is in the apache plugin or in the plugin container service, ConfigurationManager.
Comment 4 John Sanda 2010-07-06 15:31:59 EDT
The parent configuration reference is to a transient instance in ApacheServerComponent.updateResourceConfiguration at line 330 which is,

mapping.updateAugeas(tree.getRootNode(), report.getConfiguration(), resourceConfigDef);

I need to investigate the augeas code a bit to see what is going on there. Given that a collection with a cascade style of delete_orphan cannot reference a non-existent (i.e., transient) parent, we might want to consider managing the association between parent and children in these situations. In the case of Configuration and Property objects, when a Property is added to the Configuration we would set the parent reference on the Property at the time.
Comment 5 John Sanda 2010-07-06 15:49:33 EDT
A slight correction. Configuration.put(Property p) already sets the parent reference on the Property object; however, Configuration.remove(String name) does not unset the parent reference.
Comment 6 John Sanda 2010-07-06 16:45:52 EDT
Modifying apache plugin so that the parent reference of the Property objects is not changed to a transient Configuration object. The correct update error should be getting reported now.

commit hash: 308cd90c3151705727d172864a6262073043c151
Comment 7 Corey Welton 2010-07-16 14:57:09 EDT
QA Verified.  When trying to commit a config change w/ a non privileged user, I get a failure with following error:


net.augeas.AugeasException: Failed to save configuration: Error open_augnewmessage Permission deniedError open_augnewmessage Permission denied at org.rhq.plugins.apache.ApacheServerComponent.updateResourceConfiguration(ApacheServerComponent.java:340)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)at java.lang.reflect.Method.invoke(Method.java:616)at org.rhq.core.pc.inventory.ResourceContainer$ComponentInvocationThread.call(ResourceContainer.java:525)at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)at java.util.concurrent.FutureTask.run(FutureTask.java:166)at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)at java.lang.Thread.run(Thread.java:636)Caused by: net.augeas.AugeasException: save failedat net.augeas.Augeas.processLastCall(Unknown Source)at net.augeas.Augeas.save(Unknown Source)at org.rhq.augeas.tree.impl.AbstractAugeasTree.save(AbstractAugeasTree.java:155)at org.rhq.plugins.apache.ApacheServerComponent.updateResourceConfiguration(ApacheServerComponent.java:331)... 10 more
Comment 8 Corey Welton 2010-08-12 12:53:46 EDT
Mass-closure of verified bugs against JON.

Note You need to log in before you can comment on or make changes to this bug.