From 6b73d045492a54f50bf32e34cbb7b0af5ab5bd50 Mon Sep 17 00:00:00 2001
From: Liran Rotenberg <lrotenbe@redhat.com>
Date: Tue, 5 Apr 2022 16:59:45 +0300
Subject: [PATCH] core: fix racing cluster fips settings

When we have a new cluster, the FIPS mode is defined by the first host
being added to that cluster. By default the value of it when unavailable
from the host is `false`. In case of new host deployment to that cluster
and reboot, we may not get the capabilities as expected and even when
the host is with FIPS set, it will still wrongly set the cluster with
`false`, making the host non-operational until the cluster is edited by
the user to be FIPS `true`.

The placement the engine handles the FIPS is moved to a place we can be
certain we already get the capabilities from the host. Therefore, we
will always set it with the right value of the first host in that new
cluster.

Since the value from the host is now used on cluster level and used
internally only, this information was removed from the host general tab
in the UI.

Change-Id: I3c21028e3bd0f882340afc13ab05911fb92ec90c
Bug-Url: https://bugzilla.redhat.com/2065543
Signed-off-by: Liran Rotenberg <lrotenbe@redhat.com>
---
 .../ovirt/engine/core/bll/InitVdsOnUpCommand.java  |  2 ++
 .../ovirt/engine/core/vdsbroker/VdsManager.java    |  3 ---
 .../core/vdsbroker/monitoring/HostMonitoring.java  |  1 -
 .../uicommonweb/models/hosts/HostGeneralModel.java | 14 --------------
 .../engine/ui/webadmin/ApplicationConstants.java   |  2 --
 .../main/view/tab/host/HostGeneralSubTabView.java  |  4 +---
 .../ui/webadmin/ApplicationConstants.properties    |  1 -
 7 files changed, 3 insertions(+), 24 deletions(-)

diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InitVdsOnUpCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InitVdsOnUpCommand.java
index b9aa4306646..81b4a4efac3 100644
--- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InitVdsOnUpCommand.java
+++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InitVdsOnUpCommand.java
@@ -206,6 +206,8 @@ private boolean initVirtResources() {
             processStoragePoolStatus();
             runUpdateMomPolicy(getCluster(), getVds());
             refreshHostDeviceList();
+            // Check FIPS compatibility
+            resourceManager.getEventListener().handleVdsFips(getVdsId());
         } else {
             Map<String, String> customLogValues = new HashMap<>();
             customLogValues.put("StoragePoolName", getStoragePoolName());
diff --git a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/VdsManager.java b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/VdsManager.java
index 54c4a35ae26..ebc299d4b91 100644
--- a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/VdsManager.java
+++ b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/VdsManager.java
@@ -650,9 +650,6 @@ private void handleRefreshCapabilitiesResponse(VDS vds, VDSReturnValue caps) {
 
                 // Always check VdsVersion
                 resourceManager.getEventListener().handleVdsVersion(vds.getId());
-
-                // Check FIPS compatibility
-                resourceManager.getEventListener().handleVdsFips(vds.getId());
             }
         }
     }
diff --git a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/monitoring/HostMonitoring.java b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/monitoring/HostMonitoring.java
index 53e88077efe..54c6c65d69a 100644
--- a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/monitoring/HostMonitoring.java
+++ b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/monitoring/HostMonitoring.java
@@ -449,7 +449,6 @@ public void afterRefreshTreatment() {
 
             if (refreshedCapabilities) {
                 getVdsEventListener().handleVdsVersion(vds.getId());
-                getVdsEventListener().handleVdsFips(vds.getId());
                 markIsSetNonOperationalExecuted();
             }
 
diff --git a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/hosts/HostGeneralModel.java b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/hosts/HostGeneralModel.java
index 17c1aa3b296..c2fd09682cb 100644
--- a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/hosts/HostGeneralModel.java
+++ b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/hosts/HostGeneralModel.java
@@ -1079,7 +1079,6 @@ private void updateProperties() {
 
         setKernelFeatures(formatKernelFeatures(vds.getKernelFeatures()));
         setvncEncryptionEnabled(vds.isVncEncryptionEnabled());
-        setFipsEnabled(vds.isFipsEnabled());
         setOvnConfigured(vds.isOvnConfigured());
     }
 
@@ -1254,19 +1253,6 @@ public void setvncEncryptionEnabled(boolean value) {
         }
     }
 
-    private boolean fipsEnabled;
-
-    public boolean isFipsEnabled() {
-        return fipsEnabled;
-    }
-
-    public void setFipsEnabled(boolean value) {
-        if (fipsEnabled != value) {
-            fipsEnabled = value;
-            onPropertyChanged(new PropertyChangedEventArgs("fipsEnabled")); //$NON-NLS-1$
-        }
-    }
-
     private String hostName;
 
     public void setHostName(String hostName) {
diff --git a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/ApplicationConstants.java b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/ApplicationConstants.java
index a42fb81bf7b..6a773fc66f7 100644
--- a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/ApplicationConstants.java
+++ b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/ApplicationConstants.java
@@ -3557,8 +3557,6 @@ public interface ApplicationConstants extends CommonApplicationConstants {
 
     String vncEncryptionLabel();
 
-    String fipsEnabledLabel();
-
     String ovnConfiguredLabel();
 
     String vdsmName();
diff --git a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/host/HostGeneralSubTabView.java b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/host/HostGeneralSubTabView.java
index f44df55eded..686e130a31e 100644
--- a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/host/HostGeneralSubTabView.java
+++ b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/host/HostGeneralSubTabView.java
@@ -85,7 +85,6 @@ interface ViewIdHandler extends ElementIdHandler<HostGeneralSubTabView> {
     StringValueLabel clusterCompatibilityVersion = new StringValueLabel();
     StringValueLabel hugePages = new StringValueLabel();
     BooleanTextBoxLabel vncEncryptionEnabled = new BooleanTextBoxLabel(constants.enabled(), constants.disabled());
-    BooleanTextBoxLabel fipsEnabled = new BooleanTextBoxLabel(constants.enabled(), constants.disabled());
     BooleanTextBoxLabel ovnConfigured = new BooleanTextBoxLabel(constants.yes(), constants.no());
 
     MemorySizeTextBoxLabel<Integer> physicalMemory = new MemorySizeTextBoxLabel<>();
@@ -212,7 +211,7 @@ private void generateSoftwareFormPanel() {
         boolean glusterSupported = ApplicationModeHelper.isModeSupported(ApplicationMode.GlusterOnly);
 
         // Build a form using the FormBuilder
-        softwareFormBuilder = new FormBuilder(softwareFormPanel, 1, 15);
+        softwareFormBuilder = new FormBuilder(softwareFormPanel, 1, 14);
         softwareFormBuilder.setRelativeColumnWidth(0, 12);
         softwareFormBuilder.addFormItem(new FormItem(constants.osVersionHostGeneral(), oS, 0).withAutoPlacement(), 2, 10);
         softwareFormBuilder.addFormItem(new FormItem(constants.osPrettyName(), osPrettyName, 0).withAutoPlacement(), 2, 10);
@@ -239,7 +238,6 @@ private void generateSoftwareFormPanel() {
         softwareFormBuilder.addFormItem(new FormItem(constants.kernelFeatures(), kernelFeatures, 0, true)
                 .withAutoPlacement(), 2, 10);
         softwareFormBuilder.addFormItem(new FormItem(constants.vncEncryptionLabel(), vncEncryptionEnabled, 0).withAutoPlacement(), 2, 10);
-        softwareFormBuilder.addFormItem(new FormItem(constants.fipsEnabledLabel(), fipsEnabled, 0).withAutoPlacement(), 2, 10);
         softwareFormBuilder.addFormItem(new FormItem(constants.ovnConfiguredLabel(), ovnConfigured, 0).withAutoPlacement(), 2, 10);
     }
 
diff --git a/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/webadmin/ApplicationConstants.properties b/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/webadmin/ApplicationConstants.properties
index dd8dedf7b88..054fc8f9b24 100644
--- a/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/webadmin/ApplicationConstants.properties
+++ b/frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/webadmin/ApplicationConstants.properties
@@ -1777,7 +1777,6 @@ notifDoNotDisturbNextLogin=until Next Log In
 vncEncryptionEnabled=Enable VNC Encryption
 vncEncryptionEnabledHelpMessage=Enabling VNC Encryption will enforce VNC communication over TLS (using X509Vnc VeNCrypt)
 vncEncryptionLabel=VNC Encryption
-fipsEnabledLabel=FIPS mode enabled
 ovnConfiguredLabel=OVN configured
 vdsmName=VDSM Name
 portSecurityEnabledLabel=Network Port Security