Hi Hans,

Reviewed and tested the patch.

while testing in a upgraded cluster like  SC-1 (4.4) and SC-2 (4.5).
SC-2 is unable to join the cluster.

Aug 18 22:19:21 SLES-SLOT-2 osafimmd[14233]: NO IMMND coord at 2010f
Aug 18 22:19:21 SLES-SLOT-2 osafimmnd[14243]: NO NODE STATE-> 
IMM_NODE_W_AVAILABLE
Aug 18 22:19:22 SLES-SLOT-2 osafimmnd[14243]: NO SERVER STATE: 
IMM_SERVER_SYNC_PENDING --> IMM_SERVER_SYNC_CLIENT
Aug 18 22:19:22 SLES-SLOT-2 osafimmnd[14243]: NO NODE STATE-> 
IMM_NODE_FULLY_AVAILABLE 2462
Aug 18 22:19:22 SLES-SLOT-2 osafimmnd[14243]: NO RepositoryInitModeT is 
SA_IMM_INIT_FROM_FILE
Aug 18 22:19:22 SLES-SLOT-2 osafimmnd[14243]: ImmModel.cc:3475: 
accessControlEnabled: Assertion 'avi != immObject->mAttrValueMap.end()' 
failed.
Aug 18 22:19:22 SLES-SLOT-2 osafimmd[14233]: NO SBY: New Epoch for IMMND 
process at node 2010f old epoch: 2  new epoch:3
Aug 18 22:19:22 SLES-SLOT-2 osafimmd[14233]: NO IMMND coord at 2010f
Aug 18 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Timed-out for response 
from IMMND
Aug 18 22:27:21 SLES-SLOT-2 opensafd[14182]: ER
Aug 18 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Going for recovery
Aug 18 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Trying To RESPAWN 
/usr/lib64/opensaf/clc-cli/osaf-immnd attempt #1
Aug 18 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Sending SIGKILL to 
IMMND, pid=14238

The assert needs to removed as commented by andersBj.

Ack, when the  asserts are removed and pushed.

Thanks,
Neel.


On Friday 15 August 2014 03:30 PM, Hans Feldt wrote:
> Summary: IMM access control configurability
> Review request for Trac Ticket(s): 938
> Peer Reviewer(s): IMM devels
> Pull request to: <<LIST THE PERSON WITH PUSH ACCESS HERE>>
> Affected branch(es): 4.5/default
> Development branch: <<IF ANY GIVE THE REPO URL>>
>
> --------------------------------
> Impacted area       Impact y/n
> --------------------------------
>   Docs                    n
>   Build system            n
>   RPM/packaging           n
>   Configuration files     n
>   Startup scripts         n
>   SAF services            y
>   OpenSAF services        n
>   Core libraries          n
>   Samples                 n
>   Tests                   n
>   Other                   n
>
>
> Comments (indicate scope for each "y" above):
> ---------------------------------------------
>
> changeset 2cae24150a872a6f0aed8beb00b6e33f217771cf
> Author:       Hans Feldt <hans.fe...@ericsson.com>
> Date: Fri, 15 Aug 2014 11:53:39 +0200
>
>       immsv: add configurability of access control [#938]
>
>       A new boolean attribute accessControlEnabled is added to the OpensafImm
>       class. Its default value is OFF meaning no access control. This is to be
>       backwards compatible for upgrade of existing systems.
>
>       Access control is in runtime enabled with: immcfg -a 
> accessControlEnabled=1
>       opensafImm=opensafImm,safApp=safImmService
>
>       And disabled with: immcfg -a accessControlEnabled=0
>       opensafImm=opensafImm,safApp=safImmService
>
>       An additional UNIX group that allows IMM access can be configured with 
> the
>       adminGroupName attribute in the OpensafImm class. For example:
>
>       immcfg -a adminGroupName=osafimmadm
>       opensafImm=opensafImm,safApp=safImmService
>
>
> Complete diffstat:
> ------------------
>   osaf/libs/common/immsv/include/immsv_api.h     |   2 ++
>   osaf/services/saf/immsv/immloadd/imm_loader.cc |  23 +++++++++++++++++++++--
>   osaf/services/saf/immsv/immnd/ImmModel.cc      |  65 
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>   osaf/services/saf/immsv/immnd/ImmModel.hh      |   2 ++
>   osaf/services/saf/immsv/immnd/immnd_cb.h       |   1 -
>   osaf/services/saf/immsv/immnd/immnd_evt.c      |  34 
> ++++++++++++++++++++--------------
>   osaf/services/saf/immsv/immnd/immnd_init.h     |   2 ++
>   osaf/services/saf/immsv/immnd/immnd_main.c     |   2 --
>   samples/immsv/OpensafImm_Upgrade_4.5.xml       |  13 +++++++++++++
>   9 files changed, 125 insertions(+), 19 deletions(-)
>
>
> Testing Commands:
> -----------------
>
> Build and start a default opensaf build (as non root)
> Run the following script:
>
> # test script for IMM access control and configurability
> # works on Ubuntu 14.04 where user has sudo access without password
>
> dn="opensafImm=opensafImm,safApp=safImmService"
>
> # by default access is allowed
> immlist $dn >& /dev/null || exit 1
>
> # reconfigure to a group user not is member of
> id | grep whoopsie && exit 1
> immcfg -a adminGroupName=whoopsie $dn || exit 1
> immcfg -a accessControlEnabled=1 $dn || exit 1
>
> # expect failure now
> immcfg -a accessControlEnabled=0 $dn && exit 1
>
> # access as root is possible
> sudo immlist $dn >& /dev/null || exit 1
>
> # configure access for group adm
> id | grep adm >& /dev/null || exit 1
> sudo immcfg -a adminGroupName=adm $dn || exit 1
>
> # check access for username opensaf
> sudo su -c immfind opensaf >& /dev/null || exit 1
>
> # check access as member of group
> immcfg -a accessControlEnabled=0 $dn || exit 1
>
>
>
> Testing, Expected Results:
> --------------------------
>   Opensaf starts, test script works
>
>
> Conditions of Submission:
> -------------------------
>   Ack from maintainers
>
>
> Arch      Built     Started    Linux distro
> -------------------------------------------
> mips        n          n
> mips64      n          n
> x86         n          n
> x86_64      y          y        Ubuntu 14.04
> powerpc     n          n
> powerpc64   n          n
>
>
> Reviewer Checklist:
> -------------------
> [Submitters: make sure that your review doesn't trigger any checkmarks!]
>
>
> Your checkin has not passed review because (see checked entries):
>
> ___ Your RR template is generally incomplete; it has too many blank entries
>      that need proper data filled in.
>
> ___ You have failed to nominate the proper persons for review and push.
>
> ___ Your patches do not have proper short+long header
>
> ___ You have grammar/spelling in your header that is unacceptable.
>
> ___ You have exceeded a sensible line length in your headers/comments/text.
>
> ___ You have failed to put in a proper Trac Ticket # into your commits.
>
> ___ You have incorrectly put/left internal data in your comments/files
>      (i.e. internal bug tracking tool IDs, product names etc)
>
> ___ You have not given any evidence of testing beyond basic build tests.
>      Demonstrate some level of runtime or other sanity testing.
>
> ___ You have ^M present in some of your files. These have to be removed.
>
> ___ You have needlessly changed whitespace or added whitespace crimes
>      like trailing spaces, or spaces before tabs.
>
> ___ You have mixed real technical changes with whitespace and other
>      cosmetic code cleanup changes. These have to be separate commits.
>
> ___ You need to refactor your submission into logical chunks; there is
>      too much content into a single commit.
>
> ___ You have extraneous garbage in your review (merge commits etc)
>
> ___ You have giant attachments which should never have been sent;
>      Instead you should place your content in a public tree to be pulled.
>
> ___ You have too many commits attached to an e-mail; resend as threaded
>      commits, or place in a public tree for a pull.
>
> ___ You have resent this content multiple times without a clear indication
>      of what has changed between each re-send.
>
> ___ You have failed to adequately and individually address all of the
>      comments and change requests that were proposed in the initial review.
>
> ___ You have a misconfigured ~/.hgrc file (i.e. username, email etc)
>
> ___ Your computer have a badly configured date and time; confusing the
>      the threaded patch review.
>
> ___ Your changes affect IPC mechanism, and you don't present any results
>      for in-service upgradability test.
>
> ___ Your changes affect user manual and documentation, your patch series
>      do not contain the patch that updates the Doxygen manual.
>


------------------------------------------------------------------------------
_______________________________________________
Opensaf-devel mailing list
Opensaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-devel

Reply via email to