[pve-devel] [PATCH manager] HA: Add a warning/info message for HA setups < 3 votes fix: #1228

Thomas Lamprecht t.lamprecht at proxmox.com
Fri Mar 3 19:50:59 CET 2017


Hi,

Am 03.03.2017 um 14:57 schrieb Caspar Smit:
> Hi dev team,
>
> This commit introduces a permission denied screen when not logged in as
> 'root at pam' and clicking on Datacenter->HA->Resources->Add (or Edit)
>

Yes, I actually ran into this too not long ago and I have an initial
fix lying around on my dev machine.
The problem is that we have an initial new API endpoint for the Cluster
Config which hasn't set any explicit rights ye, so it defaults to root at pam

> After clicking the permission denied screen away, you can still add/edit
> the HA resource so it has no use at all.
>

Yes it's is more of a cosmetic issue, the permission check of the HA resource
edit/add itself *works* what does not work is the API call to get the cluster
config (used for this warning), if you are not root.
So you only get a info message if you are root :)

I haven't sent any patch yet because I was unsure what permission I should use,
initially I chose Sys.Audit on cluster level for the Config GET'er methods as
in the HA stack (PUT, POST and such would need Sys.Modify respectively).
But it somehow didn't seem to fit really. An idea was adding a new Cluster.Modify
Cluster.Audit and eventually Cluster.HA permission.

If we add functionality to manage the Cluster more and more through API and
webUI, like adding nodes, creating cluster..., it could be justified.

Thanks for the report here anyway, reminded me to fix this already :)

cheers,
Thomas

> Kind regards,
> Caspar Smit
>
>
> 2016-12-29 12:04 GMT+01:00 Emmanuel Kasper <e.kasper at proxmox.com>:
>
>> ---
>>  www/manager6/ha/ResourceEdit.js | 37 ++++++++++++++++++++++++++++++
>> ++++++-
>>  1 file changed, 36 insertions(+), 1 deletion(-)
>>
>> diff --git a/www/manager6/ha/ResourceEdit.js b/www/manager6/ha/
>> ResourceEdit.js
>> index 4dc7474..06dda10 100644
>> --- a/www/manager6/ha/ResourceEdit.js
>> +++ b/www/manager6/ha/ResourceEdit.js
>> @@ -22,6 +22,7 @@ Ext.define('PVE.ha.VMResourceInputPanel', {
>>
>>      initComponent : function() {
>>         var me = this;
>> +       var MIN_QUORUM_VOTES = 3;
>>
>>         var disabledHint = Ext.createWidget({
>>             xtype: 'displayfield', //submitValue is false, so we don't get
>> submitted
>> @@ -31,6 +32,39 @@ Ext.define('PVE.ha.VMResourceInputPanel', {
>>             hidden: true
>>         });
>>
>> +       var fewVotesHint = Ext.createWidget({
>> +           itemId: 'fewVotesHint',
>> +           xtype: 'displayfield',
>> +           userCls: 'pve-hint',
>> +           updateValue: function(votes) {
>> +               var me = this;
>> +               me.setValue(gettext('You need at least three quorum votes
>> for a reliable HA cluster. ' +
>> +               'See the online help for details. Current votes: ') +
>> votes);
>> +           },
>> +           hidden: true
>> +       });
>> +
>> +       PVE.Utils.API2Request({
>> +           url: '/cluster/config/nodes',
>> +           method: 'GET',
>> +           failure: function(response) {
>> +               Ext.Msg.alert(gettext('Error'), response.htmlStatus);
>> +           },
>> +           success: function(response) {
>> +               var nodes = response.result.data;
>> +               var votes = 0;
>> +               Ext.Array.forEach(nodes, function(node) {
>> +                   var vote = parseInt(node.quorum_votes, 10); // parse
>> as base 10
>> +                   votes += vote || 0; // parseInt might return NaN,
>> which is false
>> +               });
>> +
>> +               if (votes < MIN_QUORUM_VOTES) {
>> +                   fewVotesHint.updateValue(votes);
>> +                   fewVotesHint.setVisible(true);
>> +               }
>> +           }
>> +       });
>> +
>>         me.column1 = [
>>             {
>>                 xtype: me.vmid ? 'displayfield' : 'pveGuestIDSelector',
>> @@ -100,7 +134,8 @@ Ext.define('PVE.ha.VMResourceInputPanel', {
>>                 xtype: 'textfield',
>>                 name: 'comment',
>>                 fieldLabel: gettext('Comment')
>> -           }
>> +           },
>> +           fewVotesHint
>>         ];
>>
>>         me.callParent();
>> --
>> 2.1.4
>>
>>
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>




More information about the pve-devel mailing list