http://sourceforge.net/p/opensaf/tickets/995
needs to be resolved first or #938 reverted... /Hans > -----Original Message----- > From: Anders Björnerstedt [mailto:anders.bjornerst...@ericsson.com] > Sent: den 19 augusti 2014 09:12 > To: Neelakanta Reddy; Hans Feldt; Zoran Milinkovic > Cc: opensaf-devel@lists.sourceforge.net > Subject: Re: [devel] [PATCH 0 of 1] Review Request for IMM access control > configurability #938 > > This is the assert I also commented on in code review. > It means you dont have the new config attribute that controlls enablement of > access controll for immsv. > > /AndersBj > > -----Original Message----- > From: Neelakanta Reddy [mailto:reddy.neelaka...@oracle.com] > Sent: den 19 augusti 2014 06:03 > To: Hans Feldt; Anders Björnerstedt; Zoran Milinkovic > Cc: opensaf-devel@lists.sourceforge.net > Subject: Re: [PATCH 0 of 1] Review Request for IMM access control > configurability #938 > > Hi Hans, > > Reviewed and tested the patch. > > while testing in a upgraded cluster like SC-1 (4.4) and SC-2 (4.5). > SC-2 is unable to join the cluster. > > Aug 18 22:19:21 SLES-SLOT-2 osafimmd[14233]: NO IMMND coord at 2010f Aug 18 > 22:19:21 SLES-SLOT-2 osafimmnd[14243]: NO NODE > STATE-> IMM_NODE_W_AVAILABLE Aug 18 22:19:22 SLES-SLOT-2 osafimmnd[14243]: NO > SERVER STATE: > IMM_SERVER_SYNC_PENDING --> IMM_SERVER_SYNC_CLIENT Aug 18 22:19:22 > SLES-SLOT-2 osafimmnd[14243]: NO NODE STATE-> > IMM_NODE_FULLY_AVAILABLE 2462 Aug 18 22:19:22 SLES-SLOT-2 osafimmnd[14243]: > NO RepositoryInitModeT is > SA_IMM_INIT_FROM_FILE Aug 18 22:19:22 SLES-SLOT-2 osafimmnd[14243]: > ImmModel.cc:3475: > accessControlEnabled: Assertion 'avi != immObject->mAttrValueMap.end()' > failed. > Aug 18 22:19:22 SLES-SLOT-2 osafimmd[14233]: NO SBY: New Epoch for IMMND > process at node 2010f old epoch: 2 new epoch:3 Aug > 18 22:19:22 SLES-SLOT-2 osafimmd[14233]: NO IMMND coord at 2010f Aug 18 > 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Timed-out for > response from IMMND Aug 18 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Aug 18 > 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Going for > recovery Aug 18 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Trying To RESPAWN > /usr/lib64/opensaf/clc-cli/osaf-immnd attempt #1 Aug > 18 22:27:21 SLES-SLOT-2 opensafd[14182]: ER Sending SIGKILL to IMMND, > pid=14238 > > The assert needs to removed as commented by andersBj. > > Ack, when the asserts are removed and pushed. > > Thanks, > Neel. > > > On Friday 15 August 2014 03:30 PM, Hans Feldt wrote: > > Summary: IMM access control configurability Review request for Trac > > Ticket(s): 938 Peer Reviewer(s): IMM devels Pull request to: <<LIST > > THE PERSON WITH PUSH ACCESS HERE>> Affected branch(es): 4.5/default > > Development branch: <<IF ANY GIVE THE REPO URL>> > > > > -------------------------------- > > Impacted area Impact y/n > > -------------------------------- > > Docs n > > Build system n > > RPM/packaging n > > Configuration files n > > Startup scripts n > > SAF services y > > OpenSAF services n > > Core libraries n > > Samples n > > Tests n > > Other n > > > > > > Comments (indicate scope for each "y" above): > > --------------------------------------------- > > > > changeset 2cae24150a872a6f0aed8beb00b6e33f217771cf > > Author: Hans Feldt <hans.fe...@ericsson.com> > > Date: Fri, 15 Aug 2014 11:53:39 +0200 > > > > immsv: add configurability of access control [#938] > > > > A new boolean attribute accessControlEnabled is added to the OpensafImm > > class. Its default value is OFF meaning no access control. This is to be > > backwards compatible for upgrade of existing systems. > > > > Access control is in runtime enabled with: immcfg -a > > accessControlEnabled=1 > > opensafImm=opensafImm,safApp=safImmService > > > > And disabled with: immcfg -a accessControlEnabled=0 > > opensafImm=opensafImm,safApp=safImmService > > > > An additional UNIX group that allows IMM access can be configured with > > the > > adminGroupName attribute in the OpensafImm class. For example: > > > > immcfg -a adminGroupName=osafimmadm > > opensafImm=opensafImm,safApp=safImmService > > > > > > Complete diffstat: > > ------------------ > > osaf/libs/common/immsv/include/immsv_api.h | 2 ++ > > osaf/services/saf/immsv/immloadd/imm_loader.cc | 23 > > +++++++++++++++++++++-- > > osaf/services/saf/immsv/immnd/ImmModel.cc | 65 > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > osaf/services/saf/immsv/immnd/ImmModel.hh | 2 ++ > > osaf/services/saf/immsv/immnd/immnd_cb.h | 1 - > > osaf/services/saf/immsv/immnd/immnd_evt.c | 34 > > ++++++++++++++++++++-------------- > > osaf/services/saf/immsv/immnd/immnd_init.h | 2 ++ > > osaf/services/saf/immsv/immnd/immnd_main.c | 2 -- > > samples/immsv/OpensafImm_Upgrade_4.5.xml | 13 +++++++++++++ > > 9 files changed, 125 insertions(+), 19 deletions(-) > > > > > > Testing Commands: > > ----------------- > > > > Build and start a default opensaf build (as non root) Run the > > following script: > > > > # test script for IMM access control and configurability # works on > > Ubuntu 14.04 where user has sudo access without password > > > > dn="opensafImm=opensafImm,safApp=safImmService" > > > > # by default access is allowed > > immlist $dn >& /dev/null || exit 1 > > > > # reconfigure to a group user not is member of id | grep whoopsie && > > exit 1 immcfg -a adminGroupName=whoopsie $dn || exit 1 immcfg -a > > accessControlEnabled=1 $dn || exit 1 > > > > # expect failure now > > immcfg -a accessControlEnabled=0 $dn && exit 1 > > > > # access as root is possible > > sudo immlist $dn >& /dev/null || exit 1 > > > > # configure access for group adm > > id | grep adm >& /dev/null || exit 1 > > sudo immcfg -a adminGroupName=adm $dn || exit 1 > > > > # check access for username opensaf > > sudo su -c immfind opensaf >& /dev/null || exit 1 > > > > # check access as member of group > > immcfg -a accessControlEnabled=0 $dn || exit 1 > > > > > > > > Testing, Expected Results: > > -------------------------- > > Opensaf starts, test script works > > > > > > Conditions of Submission: > > ------------------------- > > Ack from maintainers > > > > > > Arch Built Started Linux distro > > ------------------------------------------- > > mips n n > > mips64 n n > > x86 n n > > x86_64 y y Ubuntu 14.04 > > powerpc n n > > powerpc64 n n > > > > > > Reviewer Checklist: > > ------------------- > > [Submitters: make sure that your review doesn't trigger any > > checkmarks!] > > > > > > Your checkin has not passed review because (see checked entries): > > > > ___ Your RR template is generally incomplete; it has too many blank entries > > that need proper data filled in. > > > > ___ You have failed to nominate the proper persons for review and push. > > > > ___ Your patches do not have proper short+long header > > > > ___ You have grammar/spelling in your header that is unacceptable. > > > > ___ You have exceeded a sensible line length in your headers/comments/text. > > > > ___ You have failed to put in a proper Trac Ticket # into your commits. > > > > ___ You have incorrectly put/left internal data in your comments/files > > (i.e. internal bug tracking tool IDs, product names etc) > > > > ___ You have not given any evidence of testing beyond basic build tests. > > Demonstrate some level of runtime or other sanity testing. > > > > ___ You have ^M present in some of your files. These have to be removed. > > > > ___ You have needlessly changed whitespace or added whitespace crimes > > like trailing spaces, or spaces before tabs. > > > > ___ You have mixed real technical changes with whitespace and other > > cosmetic code cleanup changes. These have to be separate commits. > > > > ___ You need to refactor your submission into logical chunks; there is > > too much content into a single commit. > > > > ___ You have extraneous garbage in your review (merge commits etc) > > > > ___ You have giant attachments which should never have been sent; > > Instead you should place your content in a public tree to be pulled. > > > > ___ You have too many commits attached to an e-mail; resend as threaded > > commits, or place in a public tree for a pull. > > > > ___ You have resent this content multiple times without a clear indication > > of what has changed between each re-send. > > > > ___ You have failed to adequately and individually address all of the > > comments and change requests that were proposed in the initial review. > > > > ___ You have a misconfigured ~/.hgrc file (i.e. username, email etc) > > > > ___ Your computer have a badly configured date and time; confusing the > > the threaded patch review. > > > > ___ Your changes affect IPC mechanism, and you don't present any results > > for in-service upgradability test. > > > > ___ Your changes affect user manual and documentation, your patch series > > do not contain the patch that updates the Doxygen manual. > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Opensaf-devel mailing list > Opensaf-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/opensaf-devel ------------------------------------------------------------------------------ _______________________________________________ Opensaf-devel mailing list Opensaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opensaf-devel
