Opened 50 years ago

Last modified 9 years ago

#885 new defect

IZ553: Ignored options in managed host install using user preferences

Reported by: torsten Owned by:
Priority: low Milestone:
Component: hedeby Version: 1.0
Severity: Keywords: cli
Cc:

Description

[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=553]

        Issue #:      553          Platform:     All         Reporter: torsten (torsten)
       Component:     hedeby          OS:        All
     Subcomponent:    cli          Version:      1.0            CC:    None defined
        Status:       NEW          Priority:     P4
      Resolution:                 Issue type:    DEFECT
                               Target milestone: 1.0u5next
      Assigned to:    adoerr (adoerr)
      QA Contact:     adoerr
          URL:
       * Summary:     Ignored options in managed host install using user preferences
   Status whiteboard:
      Attachments:


     Issue 553 blocks:
   Votes for issue 553:     Vote for this issue


   Opened: Wed Aug 6 05:43:00 -0700 2008 
------------------------


   Description:

   When installing a managed host with user preferences, the values of the -cs_url
   and -au options are silently ignored:

   master% ./sdmadm -s sdmtb -p user install_master_host -ca_admin_mail
   "admin@master" -ca_state "a" -ca_country "aa" -ca_location "a" -ca_org_unit "a"
   -ca_org "a" -au sdmadmin -cs_port 31203 -l /tmp/spool -sge_root /tmp/sge-root
   The SDM will be installed under the following license.
   [...]
   Do you agree with the terms of the license ? (Y/N) y
   The License has been accepted by the user.
   A configuration for system, "sdmtb", has been added
   WARNING: chown can not be executed (non root mode)

   thorondor% sdmadm -s sdmtb -p user suj
   jvm         host   result  message
   ------------------------------------------------------------
   cs_vm       master STARTED
   executor_vm master STARTED
   rp_vm       master STARTED

   thorondor% scp /tmp/spool/security/users/sdmadmin.keystore  managed:/tmp
   thorondor% scp /tmp/spool/security/ca/ca_top/cacert.pem managed:/tmp


   managed% ./sdmadm -s sdmtb -p user -keystore /tmp/sdmadmin.keystore -cacert
   /tmp/cacert.pem install_managed_host -au XXX -l /tmp/spool -cs_url XXXXX:11111
   WARNING: Host XXXXX is not resolvable
   A configuration for system, "sdmtb", has been added
   WARNING: chown can not be executed (non root mode)
   CA certificate updated in /tmp/spool/security/ca/ca_top/cacert.pem

   managed% ./sdmadm -s sdmtb -p user suj
   jvm         host    result  message
   -------------------------------------------------------
   executor_vm managed STARTED
   managed% netstat | grep 11111
   managed% netstat | grep 31203
   managed.48350           master.31203      49232      0 66608      0 TIME_WAIT
   managed.48354           master.31203      49232      0 66608      0 ESTABLISHED

   Instead of the given hostname:port, the correct cs hostname:port (out of the
   user bootstrap configuration) is used. The warning about unresolvable host only
   comes up, if the host is really unresolvable, not if you specify an existing -
   but wrong - host.

   The admin username (-au) is completely ignored.


   Evaluation:

   This is a minor issue, as the correct values for the specified system are taken
   out of the user preference bootstrap dir (which should be shared/synced between
   the systems). The user might be surprised that everything worked in spite of
   entering wrong data.


   Suggested Fix / Work Around:

   While installing with user preferences, the -au and -cs_url option should not be
   required or at least if they are given, the consistency with the values from the
   bootstrap configuration should be secured. In case of a mismatch, a warning
   should be emitted.

   No work around needed as the system behaves correctly.


   Analysis:

   1) ignored -cs_url option
   In AddSystemCommand.execute there has to be an additional test if installing
   managed host in user preference mode. This should happen after formally checking
   the cs_url (below line 152). The "real" cs_url has to be determined from the
   user preferences and compared to the cs_url from the command line. If there is a
   mismatch, a warning has to be issued: "Ignoring -cs_url <value> value given on
   the command line in favor of value read from bootstrap directory: <correct-value>".

   2) ignored -au option
   This case is more complicated. The -au option in the managed host install is
   only used for changing the owner of the installed files (which fails as non-root
   anyway). The keystore, that is aquired from the cs service on the master host,
   is the keystore of the sdm admin user ON THE MASTER - the command line option
   value is irrelevant there. This is inconsistent and buggy.

   The use case that master host admin user and managed host admin user are not the
   same is reasonable and should work - how to accomplish that (creating the
   necessary certificates on master host, etc.), needs to be documented as part of
   resolving this issue.

   The suggested fix is to add the admin_user as a parameter to the
   RemoteInstSecurityCommand constructor. The admin_user needs to be passed into
   and used in the PreCommand and StoreAdminUserKeystoreCommand methods of this
   class. As a consequence, the method signature of the createRemoteInstCommand
   method in SecurityModule and DefaultSecurityModule have to be adjusted, too. All
   callers of these methods must be changed as well.



   How to test:

   Write testsuite installation tests that checks whether the correct warnings are
   emitted, and that the given command line values are ignored in favor of the
   correct ones from the user preferences bootstrap directory.


   ETC:

   3 PD
               ------- Additional comments from adoerr Wed Aug 20 07:43:23 -0700 2008 -------
   New target milestone.
               ------- Additional comments from torsten Fri Nov 27 00:40:09 -0700 2009 -------
   changed milestone to 1.0u5next

Change History (0)

Note: See TracTickets for help on using tickets.