Fuel for OpenStack

Nailgun doesn't verify cluster settings that it has gotten

Bug #1567394 reported by Alexander Kurenyshev
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Committed
Critical
Arthur Svechnikov
Fuel for OpenStack 10.0
Mitaka
Fix Released
Critical
Arthur Svechnikov
Fuel for OpenStack 9.0
Newton
Fix Released
Critical
Arthur Svechnikov
Fuel for OpenStack 10.0

Bug Description

Nailgun shouldn't fully rely on checkers implemented on UI side. It should check for concurrent settings for incompatibility itself.

Steps to reproduce:
1) Install master
2) Create cluster
3) Download settings from cli:
fuel settings --env 1 --download
4) Make a concurrent change inside downloaded settings, for ex.: set storage.volumes_block_device == true
This option has restrictions: settings:storage.volumes_ceph.value == true. Do NOT set it to false.
5) Upload an updated settings back to nailgun:
fuel settings --env 1 --upload --dir /root

Actual result:
settings has applied successfully without any warnings or errors.

Expected result:
there are an error message with a list of incompatibility settings.

Also one can check UI, there is a funny situation when you can't change settings because they are locked one by other. (see screenshot)

Fuel used:
[root@nailgun ~]# shotgun2 short-report
cat /etc/fuel_build_id:
 142
cat /etc/fuel_build_number:
 142
cat /etc/fuel_release:
 9.0
cat /etc/fuel_openstack_version:
 mitaka-9.0
rpm -qa | egrep 'fuel|astute|network-checker|nailgun|packetary|shotgun':
 fuel-library9.0-9.0.0-1.mos8252.noarch
 fuel-agent-9.0.0-1.mos272.noarch
 nailgun-mcagents-9.0.0-1.mos732.noarch
 fuel-misc-9.0.0-1.mos8252.noarch
 shotgun-9.0.0-1.mos87.noarch
 python-packetary-9.0.0-1.mos129.noarch
 fuel-bootstrap-cli-9.0.0-1.mos272.noarch
 fuel-provisioning-scripts-9.0.0-1.mos8610.noarch
 fuel-mirror-9.0.0-1.mos129.noarch
 fuel-openstack-metadata-9.0.0-1.mos8610.noarch
 fuel-notify-9.0.0-1.mos8252.noarch
 fuel-ostf-9.0.0-1.mos920.noarch
 fuel-setup-9.0.0-1.mos6324.noarch
 python-fuelclient-9.0.0-1.mos301.noarch
 network-checker-9.0.0-1.mos72.x86_64
 fuel-9.0.0-1.mos6324.noarch
 fuel-utils-9.0.0-1.mos8252.noarch
 fuel-nailgun-9.0.0-1.mos8610.noarch
 fuel-release-9.0.0-1.mos6324.noarch
 rubygem-astute-9.0.0-1.mos732.noarch
 fuelmenu-9.0.0-1.mos263.noarch
 fuel-ui-9.0.0-1.mos2635.noarch
 fuel-migrate-9.0.0-1.mos8252.noarch

Revision history for this message
Alexander Kurenyshev (akurenyshev) wrote :
Oleksiy Molchanov (omolchanov)
Changed in fuel:
status: New → Confirmed
Revision history for this message
Alexander Kislitsky (akislitsky) wrote :

@Alexander, this is a tech-debt feature, not a critical bug.
All settings validation should be performed by the API, not by the UI.

Changed in fuel:
importance: Critical → Medium
tags: added: feature tech-debt
Revision history for this message
Nastya Urlapova (aurlapova) wrote :

@Alexander K. we really need this functionality for Unclock Settings Tab feature testing, as you know we use api in tests. But actually only UI has restrictions for cluster conditions, so we want to see the same checks in backend part.

Changed in fuel:
importance: Medium → High
importance: High → Critical
tags: removed: feature tech-debt
Revision history for this message
Nastya Urlapova (aurlapova) wrote :

I've deleted the tech-debt tag.

Arthur Svechnikov (asvechnikov)
Changed in fuel:
assignee: Fuel Python Team (fuel-python) → Arthur Svechnikov (asvechnikov)
Revision history for this message
Alexander Kurenyshev (akurenyshev) wrote :

We already have a code for VMWare restrictions [0]. We could re-use this approach for other settings.

[0] https://github.com/openstack/fuel-web/blob/master/nailgun/nailgun/task/task.py

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-web (master)

Fix proposed to branch: master
Review: https://review.openstack.org/304529

Changed in fuel:
status: Confirmed → In Progress
Dmitry Klenov (dklenov)
tags: added: tricky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-web (master)

Reviewed: https://review.openstack.org/304529
Committed: https://git.openstack.org/cgit/openstack/fuel-web/commit/?id=7e3fe2c308918f4f8abc42ad7d1584b4e4afadfc
Submitter: Jenkins
Branch: master

commit 7e3fe2c308918f4f8abc42ad7d1584b4e4afadfc
Author: Artur Svechnikov <email address hidden>
Date: Tue Apr 12 14:23:24 2016 +0300

    Validate attributes restrictions

    Since Nailgun contains attributes restriction
    mechanism it's possible to verify attributes
    restrictions. This commit applies restrictions
    checks into validation for both node attributes
    and cluster attributes.

    Change-Id: I269da9a7a7df5fea336c07784b37d6ced1641993
    Closes-Bug: #1567394

Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-web (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/307860

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-web (stable/mitaka)

Reviewed: https://review.openstack.org/307860
Committed: https://git.openstack.org/cgit/openstack/fuel-web/commit/?id=f3217aa07aa0fd4b206ef409e968be2856157291
Submitter: Jenkins
Branch: stable/mitaka

commit f3217aa07aa0fd4b206ef409e968be2856157291
Author: Artur Svechnikov <email address hidden>
Date: Tue Apr 12 14:23:24 2016 +0300

    Validate attributes restrictions

    Since Nailgun contains attributes restriction
    mechanism it's possible to verify attributes
    restrictions. This commit applies restrictions
    checks into validation for both node attributes
    and cluster attributes.

    Change-Id: I269da9a7a7df5fea336c07784b37d6ced1641993
    Closes-Bug: #1567394
    (cherry picked from commit 7e3fe2c308918f4f8abc42ad7d1584b4e4afadfc)

Revision history for this message
Ksenia Svechnikova (kdemina) wrote :

Verify on 9.0 -250 http://paste.openstack.org/show/495521/

We can see error message when we apply Ceph RBD for volumes (Cinder), while there is no cinder role:

[root@nailgun ~]# fuel settings --env 1 --upload --dir /root
400 Client Error: Bad Request for url: http://10.109.0.2:8000/api/v1/clusters/1/attributes (Some restrictions didn't pass verification: ["Validation failed for attribute 'Ceph RBD for volumes (Cinder)': restriction with action='disable' and condition='settings:storage.volumes_lvm.value == true or settings:storage.volumes_block_device.value == true' failed due to attribute value='True'", "Validation failed for attribute 'Cinder LVM over iSCSI for volumes': restriction with action='disable' and condition='settings:storage.volumes_ceph.value == true' failed due to attribute value='True'"])
[root@nailgun ~]#

Revision history for this message
Ksenia Svechnikova (kdemina) wrote :

Verify on ISO 9.0 - 250 http://paste.openstack.org/show/495521/

After uploading yaml with new restricted parameters we got an error 400:

[root@nailgun ~]# fuel settings --env 1 --upload --dir /root
400 Client Error: Bad Request for url: http://10.109.0.2:8000/api/v1/clusters/1/attributes (Some restrictions didn't pass verification: ["Validation failed for attribute 'Ceph RBD for volumes (Cinder)': restriction with action='disable' and condition='settings:storage.volumes_lvm.value == true or settings:storage.volumes_block_device.value == true' failed due to attribute value='True'", "Validation failed for attribute 'Cinder LVM over iSCSI for volumes': restriction with action='disable' and condition='settings:storage.volumes_ceph.value == true' failed due to attribute value='True'"])
[root@nailgun ~]#

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.