Nailgun doesn't verify cluster settings that it has gotten

Bug #1567394 reported by Alexander Kurenyshev on 2016-04-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Critical
Arthur Svechnikov
Mitaka
Critical
Arthur Svechnikov
Newton
Critical
Arthur Svechnikov

Bug Description

Nailgun shouldn't fully rely on checkers implemented on UI side. It should check for concurrent settings for incompatibility itself.

Steps to reproduce:
1) Install master
2) Create cluster
3) Download settings from cli:
fuel settings --env 1 --download
4) Make a concurrent change inside downloaded settings, for ex.: set storage.volumes_block_device == true
This option has restrictions: settings:storage.volumes_ceph.value == true. Do NOT set it to false.
5) Upload an updated settings back to nailgun:
fuel settings --env 1 --upload --dir /root

Actual result:
settings has applied successfully without any warnings or errors.

Expected result:
there are an error message with a list of incompatibility settings.

Also one can check UI, there is a funny situation when you can't change settings because they are locked one by other. (see screenshot)

Fuel used:
[root@nailgun ~]# shotgun2 short-report
cat /etc/fuel_build_id:
 142
cat /etc/fuel_build_number:
 142
cat /etc/fuel_release:
 9.0
cat /etc/fuel_openstack_version:
 mitaka-9.0
rpm -qa | egrep 'fuel|astute|network-checker|nailgun|packetary|shotgun':
 fuel-library9.0-9.0.0-1.mos8252.noarch
 fuel-agent-9.0.0-1.mos272.noarch
 nailgun-mcagents-9.0.0-1.mos732.noarch
 fuel-misc-9.0.0-1.mos8252.noarch
 shotgun-9.0.0-1.mos87.noarch
 python-packetary-9.0.0-1.mos129.noarch
 fuel-bootstrap-cli-9.0.0-1.mos272.noarch
 fuel-provisioning-scripts-9.0.0-1.mos8610.noarch
 fuel-mirror-9.0.0-1.mos129.noarch
 fuel-openstack-metadata-9.0.0-1.mos8610.noarch
 fuel-notify-9.0.0-1.mos8252.noarch
 fuel-ostf-9.0.0-1.mos920.noarch
 fuel-setup-9.0.0-1.mos6324.noarch
 python-fuelclient-9.0.0-1.mos301.noarch
 network-checker-9.0.0-1.mos72.x86_64
 fuel-9.0.0-1.mos6324.noarch
 fuel-utils-9.0.0-1.mos8252.noarch
 fuel-nailgun-9.0.0-1.mos8610.noarch
 fuel-release-9.0.0-1.mos6324.noarch
 rubygem-astute-9.0.0-1.mos732.noarch
 fuelmenu-9.0.0-1.mos263.noarch
 fuel-ui-9.0.0-1.mos2635.noarch
 fuel-migrate-9.0.0-1.mos8252.noarch

Changed in fuel:
status: New → Confirmed

@Alexander, this is a tech-debt feature, not a critical bug.
All settings validation should be performed by the API, not by the UI.

Changed in fuel:
importance: Critical → Medium
tags: added: feature tech-debt
Nastya Urlapova (aurlapova) wrote :

@Alexander K. we really need this functionality for Unclock Settings Tab feature testing, as you know we use api in tests. But actually only UI has restrictions for cluster conditions, so we want to see the same checks in backend part.

Changed in fuel:
importance: Medium → High
importance: High → Critical
tags: removed: feature tech-debt
Nastya Urlapova (aurlapova) wrote :

I've deleted the tech-debt tag.

Changed in fuel:
assignee: Fuel Python Team (fuel-python) → Arthur Svechnikov (asvechnikov)

We already have a code for VMWare restrictions [0]. We could re-use this approach for other settings.

[0] https://github.com/openstack/fuel-web/blob/master/nailgun/nailgun/task/task.py

Fix proposed to branch: master
Review: https://review.openstack.org/304529

Changed in fuel:
status: Confirmed → In Progress
Dmitry Klenov (dklenov) on 2016-04-15
tags: added: tricky

Reviewed: https://review.openstack.org/304529
Committed: https://git.openstack.org/cgit/openstack/fuel-web/commit/?id=7e3fe2c308918f4f8abc42ad7d1584b4e4afadfc
Submitter: Jenkins
Branch: master

commit 7e3fe2c308918f4f8abc42ad7d1584b4e4afadfc
Author: Artur Svechnikov <email address hidden>
Date: Tue Apr 12 14:23:24 2016 +0300

    Validate attributes restrictions

    Since Nailgun contains attributes restriction
    mechanism it's possible to verify attributes
    restrictions. This commit applies restrictions
    checks into validation for both node attributes
    and cluster attributes.

    Change-Id: I269da9a7a7df5fea336c07784b37d6ced1641993
    Closes-Bug: #1567394

Changed in fuel:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/307860
Committed: https://git.openstack.org/cgit/openstack/fuel-web/commit/?id=f3217aa07aa0fd4b206ef409e968be2856157291
Submitter: Jenkins
Branch: stable/mitaka

commit f3217aa07aa0fd4b206ef409e968be2856157291
Author: Artur Svechnikov <email address hidden>
Date: Tue Apr 12 14:23:24 2016 +0300

    Validate attributes restrictions

    Since Nailgun contains attributes restriction
    mechanism it's possible to verify attributes
    restrictions. This commit applies restrictions
    checks into validation for both node attributes
    and cluster attributes.

    Change-Id: I269da9a7a7df5fea336c07784b37d6ced1641993
    Closes-Bug: #1567394
    (cherry picked from commit 7e3fe2c308918f4f8abc42ad7d1584b4e4afadfc)

Ksenia Svechnikova (kdemina) wrote :

Verify on 9.0 -250 http://paste.openstack.org/show/495521/

We can see error message when we apply Ceph RBD for volumes (Cinder), while there is no cinder role:

[root@nailgun ~]# fuel settings --env 1 --upload --dir /root
400 Client Error: Bad Request for url: http://10.109.0.2:8000/api/v1/clusters/1/attributes (Some restrictions didn't pass verification: ["Validation failed for attribute 'Ceph RBD for volumes (Cinder)': restriction with action='disable' and condition='settings:storage.volumes_lvm.value == true or settings:storage.volumes_block_device.value == true' failed due to attribute value='True'", "Validation failed for attribute 'Cinder LVM over iSCSI for volumes': restriction with action='disable' and condition='settings:storage.volumes_ceph.value == true' failed due to attribute value='True'"])
[root@nailgun ~]#

Ksenia Svechnikova (kdemina) wrote :

Verify on ISO 9.0 - 250 http://paste.openstack.org/show/495521/

After uploading yaml with new restricted parameters we got an error 400:

[root@nailgun ~]# fuel settings --env 1 --upload --dir /root
400 Client Error: Bad Request for url: http://10.109.0.2:8000/api/v1/clusters/1/attributes (Some restrictions didn't pass verification: ["Validation failed for attribute 'Ceph RBD for volumes (Cinder)': restriction with action='disable' and condition='settings:storage.volumes_lvm.value == true or settings:storage.volumes_block_device.value == true' failed due to attribute value='True'", "Validation failed for attribute 'Cinder LVM over iSCSI for volumes': restriction with action='disable' and condition='settings:storage.volumes_ceph.value == true' failed due to attribute value='True'"])
[root@nailgun ~]#

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers