Page MenuHomeClusterLabs Projects
Create Task
Maniphest T882

Fix handling of XSL transform failures
Open, HighPublic
Actions

Assigned To
waltdisgrace
Authored By
kgaillot
Sep 25 2024, 3:16 PM
Tags
  • Restricted Project
  • Restricted Project
  • Restricted Project
Referenced Files
None
Subscribers
kgaillot

Description

Set CIB_file to a CIB that requires a transform, for example:

cat >needs-transform.xml <<EOF
<cib crm_feature_set="3.19.5" validate-with="pacemaker-1.3" epoch="2" num_updates="0" admin_epoch="0">
  <configuration>
    <crm_config>
      <cluster_property_set id="cib-bootstrap-options">
        <nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="false"/>
      </cluster_property_set>
    </crm_config>
    <nodes/>
    <resources/>
    <constraints/>
    <rsc_defaults>
      <meta_attributes id="build-resource-defaults">
        <nvpair id="build-resource-stickiness" name="resource-stickiness" value="1"/>
      </meta_attributes>
    </rsc_defaults>
    <acls>
      <acl_role id="acl-role"/>
      <acl_user id="acl-user">
        <role_ref id="acl-role"/>
      </acl_user>
    </acls>
  </configuration>
  <status/>
</cib>
EOF
cp needs-transform.xml test-cib.xml
export CIB_file=test-cib.xml

In normal operation, crm_verify -x $CIB_file will succeed with no errors, and cibadmin --upgrade --force will transform acl_user to acl_target and role_ref to role.

Starting with the original (not upgraded) XML again, temporarily make the required XSL unavailable, for example:

cp needs-transform.xml test-cib.xml
mv /usr/share/pacemaker/upgrade-1.3.xsl{,.bak}

In this case, crm_verify and cibadmin should give suitable error messages. Currently, crm_verify segfaults, and cibadmin exits success but does nothing.

Event Timeline

kgaillot triaged this task as High priority.Sep 25 2024, 3:16 PM
kgaillot created this task.
kgaillot created this object with edit policy "Restricted Project (Project)".
kgaillot updated the task description. (Show Details)Sep 25 2024, 4:14 PM
waltdisgrace added a comment.EditedOct 21 2024, 4:21 PM

The output of crm_verify with /usr/share/pacemaker/upgrade-1.3-0.xsl moved to /tmp appears to contain suitable error messages. So did that part of this bug get fixed?

[root@pcmk-1 ~]# crm_verify -x $CIB_file
Relax-NG validity error : Extra element acls in interleave
Entity: line 16: element acls: Relax-NG validity error : Element configuration failed to validate content
Cannot upgrade configuration (claiming pacemaker-1.3 schema) to at least pacemaker-3.0 because it would not upgrade past pacemaker-1.3
The cluster will NOT be able to use this configuration.
Please manually update the configuration to conform to the pacemaker-3.10 syntax.
Errors found during check: config not valid
-V may provide more details
kgaillot added a comment.Oct 21 2024, 4:50 PM
In T882#14340, @waltdisgrace wrote:

The output of crm_verify with /usr/share/pacemaker/upgrade-1.3-0.xsl moved to /tmp appears to contain suitable error messages. So did that part of this bug get fixed?

[root@pcmk-1 ~]# crm_verify -x $CIB_file
Relax-NG validity error : Extra element acls in interleave
Entity: line 16: element acls: Relax-NG validity error : Element configuration failed to validate content
Cannot upgrade configuration (claiming pacemaker-1.3 schema) to at least pacemaker-3.0 because it would not upgrade past pacemaker-1.3
The cluster will NOT be able to use this configuration.
Please manually update the configuration to conform to the pacemaker-3.10 syntax.
Errors found during check: config not valid
-V may provide more details

Cool :) Yep, crm_verify is not segfaulting on main, just 2.1, which we can ignore.

Interestingly, renaming the file instead of moving to /tmp changes the error slightly:

error
xsltParseStylesheetFile : cannot parse /var/lib/pacemaker/schemas/upgrade-1.3-0.xsl.bak.xsl
(log_assertion_as) 	error: apply_transformation: Triggered fatal assertion at schemas.c:940 : xslt != NULL
(apply_upgrade) 	error: XSL transform upgrade-1.3-0.xsl.bak failed, aborting upgrade
(xml_log) 	error: Extra element acls in interleave
(xml_log) 	error: Element configuration failed to validate content
Cannot upgrade configuration (claiming pacemaker-1.3 schema) to at least pacemaker-4.0 because it does not validate with any schema from pacemaker-1.3 to the latest
The cluster will NOT be able to use this configuration.
Please manually update the configuration to conform to the pacemaker-4.0 syntax.
Configuration invalid (with errors) (-V may provide more detail)

It looks like the sscanf() in load_transforms_from_dir() will catch files with extra stuff beyond the .xsl. We could use %n at the end to get the number of bytes parsed, then add the file only if the character at that position is \0.