Hi Hans, Reviewed and tested the patch.
while testing in a upgraded cluster like SC-1 (4.4) and SC-2 (4.5). SC-2 is unable to join the cluster. Aug 18 22:19:21 SLES-SLOT-2 osafimmd[14233]: NO IMMND coord at 2010f Aug 18 22:19:21 SLES-SLOT-2 osafimmnd[14243]: NO NODE STATE-> IMM_NODE_W_AVAILABLE Aug 18 22:19:22 SLES-SLOT-2 osafimmnd[14243]: NO SERVER STATE: IMM_SERVER_SYNC_PENDING --> IMM_SERVER_SYNC_CLIENT Aug 18 22:19:22 SLES-SLOT-2 osafimmnd[14243]: NO NODE STATE-> IMM_NODE_FULLY_AVAILABLE 2462 Aug 18 22:19:22 SLES-SLOT-2 osafimmnd[14243]: NO RepositoryInitModeT is SA_IMM_INIT_FROM_FILE Aug 18 22:19:22 SLES-SLOT-2 osafimmnd[14243]: ImmModel.cc:3475: accessControlEnabled: Assertion 'avi != immObject->mAttrValueMap.end()' failed. Aug 18 22:19:22 SLES-SLOT-2 osafimmd[14233]: NO SBY: New Epoch for IMMND process at node 2010f old epoch: 2 new epoch:3 Aug 18 22:19:22 SLES-SLOT-2 osafimmd[14233]: NO IMMND coord at 2010f Aug 18 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Timed-out for response from IMMND Aug 18 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Aug 18 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Going for recovery Aug 18 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Trying To RESPAWN /usr/lib64/opensaf/clc-cli/osaf-immnd attempt #1 Aug 18 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Sending SIGKILL to IMMND, pid=14238 The assert needs to removed as commented by andersBj. Ack, when the asserts are removed and pushed. Thanks, Neel. On Friday 15 August 2014 03:30 PM, Hans Feldt wrote: > Summary: IMM access control configurability > Review request for Trac Ticket(s): 938 > Peer Reviewer(s): IMM devels > Pull request to: <<LIST THE PERSON WITH PUSH ACCESS HERE>> > Affected branch(es): 4.5/default > Development branch: <<IF ANY GIVE THE REPO URL>> > > -------------------------------- > Impacted area Impact y/n > -------------------------------- > Docs n > Build system n > RPM/packaging n > Configuration files n > Startup scripts n > SAF services y > OpenSAF services n > Core libraries n > Samples n > Tests n > Other n > > > Comments (indicate scope for each "y" above): > --------------------------------------------- > > changeset 2cae24150a872a6f0aed8beb00b6e33f217771cf > Author: Hans Feldt <hans.fe...@ericsson.com> > Date: Fri, 15 Aug 2014 11:53:39 +0200 > > immsv: add configurability of access control [#938] > > A new boolean attribute accessControlEnabled is added to the OpensafImm > class. Its default value is OFF meaning no access control. This is to be > backwards compatible for upgrade of existing systems. > > Access control is in runtime enabled with: immcfg -a > accessControlEnabled=1 > opensafImm=opensafImm,safApp=safImmService > > And disabled with: immcfg -a accessControlEnabled=0 > opensafImm=opensafImm,safApp=safImmService > > An additional UNIX group that allows IMM access can be configured with > the > adminGroupName attribute in the OpensafImm class. For example: > > immcfg -a adminGroupName=osafimmadm > opensafImm=opensafImm,safApp=safImmService > > > Complete diffstat: > ------------------ > osaf/libs/common/immsv/include/immsv_api.h | 2 ++ > osaf/services/saf/immsv/immloadd/imm_loader.cc | 23 +++++++++++++++++++++-- > osaf/services/saf/immsv/immnd/ImmModel.cc | 65 > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > osaf/services/saf/immsv/immnd/ImmModel.hh | 2 ++ > osaf/services/saf/immsv/immnd/immnd_cb.h | 1 - > osaf/services/saf/immsv/immnd/immnd_evt.c | 34 > ++++++++++++++++++++-------------- > osaf/services/saf/immsv/immnd/immnd_init.h | 2 ++ > osaf/services/saf/immsv/immnd/immnd_main.c | 2 -- > samples/immsv/OpensafImm_Upgrade_4.5.xml | 13 +++++++++++++ > 9 files changed, 125 insertions(+), 19 deletions(-) > > > Testing Commands: > ----------------- > > Build and start a default opensaf build (as non root) > Run the following script: > > # test script for IMM access control and configurability > # works on Ubuntu 14.04 where user has sudo access without password > > dn="opensafImm=opensafImm,safApp=safImmService" > > # by default access is allowed > immlist $dn >& /dev/null || exit 1 > > # reconfigure to a group user not is member of > id | grep whoopsie && exit 1 > immcfg -a adminGroupName=whoopsie $dn || exit 1 > immcfg -a accessControlEnabled=1 $dn || exit 1 > > # expect failure now > immcfg -a accessControlEnabled=0 $dn && exit 1 > > # access as root is possible > sudo immlist $dn >& /dev/null || exit 1 > > # configure access for group adm > id | grep adm >& /dev/null || exit 1 > sudo immcfg -a adminGroupName=adm $dn || exit 1 > > # check access for username opensaf > sudo su -c immfind opensaf >& /dev/null || exit 1 > > # check access as member of group > immcfg -a accessControlEnabled=0 $dn || exit 1 > > > > Testing, Expected Results: > -------------------------- > Opensaf starts, test script works > > > Conditions of Submission: > ------------------------- > Ack from maintainers > > > Arch Built Started Linux distro > ------------------------------------------- > mips n n > mips64 n n > x86 n n > x86_64 y y Ubuntu 14.04 > powerpc n n > powerpc64 n n > > > Reviewer Checklist: > ------------------- > [Submitters: make sure that your review doesn't trigger any checkmarks!] > > > Your checkin has not passed review because (see checked entries): > > ___ Your RR template is generally incomplete; it has too many blank entries > that need proper data filled in. > > ___ You have failed to nominate the proper persons for review and push. > > ___ Your patches do not have proper short+long header > > ___ You have grammar/spelling in your header that is unacceptable. > > ___ You have exceeded a sensible line length in your headers/comments/text. > > ___ You have failed to put in a proper Trac Ticket # into your commits. > > ___ You have incorrectly put/left internal data in your comments/files > (i.e. internal bug tracking tool IDs, product names etc) > > ___ You have not given any evidence of testing beyond basic build tests. > Demonstrate some level of runtime or other sanity testing. > > ___ You have ^M present in some of your files. These have to be removed. > > ___ You have needlessly changed whitespace or added whitespace crimes > like trailing spaces, or spaces before tabs. > > ___ You have mixed real technical changes with whitespace and other > cosmetic code cleanup changes. These have to be separate commits. > > ___ You need to refactor your submission into logical chunks; there is > too much content into a single commit. > > ___ You have extraneous garbage in your review (merge commits etc) > > ___ You have giant attachments which should never have been sent; > Instead you should place your content in a public tree to be pulled. > > ___ You have too many commits attached to an e-mail; resend as threaded > commits, or place in a public tree for a pull. > > ___ You have resent this content multiple times without a clear indication > of what has changed between each re-send. > > ___ You have failed to adequately and individually address all of the > comments and change requests that were proposed in the initial review. > > ___ You have a misconfigured ~/.hgrc file (i.e. username, email etc) > > ___ Your computer have a badly configured date and time; confusing the > the threaded patch review. > > ___ Your changes affect IPC mechanism, and you don't present any results > for in-service upgradability test. > > ___ Your changes affect user manual and documentation, your patch series > do not contain the patch that updates the Doxygen manual. > ------------------------------------------------------------------------------ _______________________________________________ Opensaf-devel mailing list Opensaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opensaf-devel
