Fix racing cluster FIPS settings #235
Conversation
liranr23
requested review from
ahadas,
bennyz,
emesika,
mwperina,
michalskrivanek,
oliel,
sgratch and
didib
as code owners
|
/ost |
There was a problem hiding this comment.
this change moves the handling of the FIPS mode to a better place - that's good
but the issue it fixes reveals that we don't set the initial value correctly, it's less visible because it is mostly used internally but I see that we also display it in the host general tab - now that we enforce the same FIPS mode across the cluster, it doesn't make much sense. how about removing it from there?
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InitVdsOnUpCommand.java
Outdated
Show resolved
Hide resolved
liranr23
force-pushed
the
cluster_fips_init
branch
from
8c1be71
to
0e347b3
Compare
Yes, now it's on cluster level and used internally. There is no point of having it exposed. |
|
The FE looks good, just update the commit message with the explanation why the field has been removed from host view. |
When we have a new cluster, the FIPS mode is defined by the first host being added to that cluster. By default the value of it when unavailable from the host is `false`. In case of new host deployment to that cluster and reboot, we may not get the capabilities as expected and even when the host is with FIPS set, it will still wrongly set the cluster with `false`, making the host non-operational until the cluster is edited by the user to be FIPS `true`. The placement the engine handles the FIPS is moved to a place we can be certain we already get the capabilities from the host. Therefore, we will always set it with the right value of the first host in that new cluster. Since the value from the host is now used on cluster level and used internally only, this information was removed from the host general tab in the UI. Change-Id: I3c21028e3bd0f882340afc13ab05911fb92ec90c Bug-Url: https://bugzilla.redhat.com/2065543 Signed-off-by: Liran Rotenberg <lrotenbe@redhat.com>
|
/ost |
liranr23
force-pushed
the
cluster_fips_init
branch
from
0e347b3
to
6b73d04
Compare
|
lgtm. wait with ost test for build to finish |
|
/ost |
When we have a new cluster, the FIPS mode is defined by the first host
being added to that cluster. By default the value of it when unavailable
from the host is
false. In case of new host deployment to that clusterand reboot, we may not get the capabilities as expected and even when
the host is with FIPS set, it will still wrongly set the cluster with
false, making the host non-operational until the cluster is edited bythe user to be FIPS
true.The placement the engine handles the FIPS is moved to a place we can be
certain we already get the capabilities from the host. Therefore, we
will always set it with the right value of the first host in that new
cluster.
Change-Id: I3c21028e3bd0f882340afc13ab05911fb92ec90c
Bug-Url: https://bugzilla.redhat.com/2065543
Signed-off-by: Liran Rotenberg lrotenbe@redhat.com