def create_transport_udp(generic_options, compression_options, crypto_options):
"""
Validate creating udp/udpu transport options
dict generic_options -- generic transport options
dict compression_options -- compression options
dict crypto_options -- crypto options
"""
# No need to support force:
# * values are either an enum or numbers with no range set - nothing to
# force
# * names are strictly set as we cannot risk the user overwrites some
# setting they should not to
# * changes to names and values in corosync are very rare
allowed_options = [
"ip_version",
"netmtu",
]
validators = [
validate.value_in("ip_version", constants.IP_VERSION_VALUES),
validate.value_positive_integer("netmtu"),
]
report_items = (validate.run_collection_of_option_validators(
generic_options, validators) + validate.names_in(
allowed_options, generic_options.keys(), "udp/udpu transport"))
if compression_options:
report_items.append(
reports.corosync_transport_unsupported_options(
"compression", "udp/udpu", ("knet", )))
if crypto_options:
report_items.append(
reports.corosync_transport_unsupported_options(
"crypto", "udp/udpu", ("knet", )))
return report_items
def validate_new(id_provider,
bundle_id,
container_type,
container_options,
network_options,
port_map,
storage_map,
force_options=False):
"""
Validate new bundle parameters, return list of report items
IdProvider id_provider -- elements' ids generator and uniqueness checker
string bundle_id -- id of the bundle
string container_type -- bundle container type
dict container_options -- container options
dict network_options -- network options
list of dict port_map -- list of port mapping options
list of dict storage_map -- list of storage mapping options
bool force_options -- return warnings instead of forceable errors
"""
return (validate.run_collection_of_option_validators(
{"id": bundle_id},
[
# with id_provider it validates that the id is available as well
validate.value_id("id", "bundle name", id_provider),
]) + validate_reset(id_provider, container_type, container_options,
network_options, port_map, storage_map,
force_options))
def __validate_quorum_device_update_heuristics(
self, heuristics_options, force_options=False
):
report_list = []
options_nonexec, options_exec = self.__split_heuristics_exec_options(
heuristics_options
)
validators = self.__get_heuristics_options_validators(
allow_empty_values=True, force_options=force_options
)
# no validation necessary for values of valid exec options - they are
# either empty (meaning they should be removed) or nonempty strings
exec_options_reports, dummy_valid_exec_options = (
self.__validate_heuristics_exec_option_names(options_exec)
)
report_list.extend(
validate.run_collection_of_option_validators(
heuristics_options, validators
)
+
self.__validate_heuristics_noexec_option_names(
options_nonexec, force_options=force_options
)
+
exec_options_reports
)
return report_list
def _validate_sbd_options(sbd_config,
allow_unknown_opts=False,
allow_invalid_option_values=False):
"""
Validate user SBD configuration. Options 'SBD_WATCHDOG_DEV' and 'SBD_OPTS'
are restricted. Returns list of ReportItem
sbd_config -- dictionary in format: <SBD config option>: <value>
allow_unknown_opts -- if True, accept also unknown options.
"""
validators = [
validate.value_nonnegative_integer("SBD_WATCHDOG_TIMEOUT"),
validate.value_in(
"SBD_TIMEOUT_ACTION",
TIMEOUT_ACTION_ALLOWED_VALUE_LIST,
code_to_allow_extra_values=report_codes.FORCE_OPTIONS,
extra_values_allowed=allow_invalid_option_values,
),
]
return (validate.names_in(
ALLOWED_SBD_OPTION_LIST,
sbd_config.keys(),
option_type=None,
banned_name_list=UNSUPPORTED_SBD_OPTION_LIST,
code_to_allow_extra_names=report_codes.FORCE_OPTIONS,
extra_names_allowed=allow_unknown_opts,
) + validate.run_collection_of_option_validators(sbd_config, validators))
def _validate_container(container_type,
container_options,
force_options=False):
if not container_type in GENERIC_CONTAINER_TYPES:
return [
reports.invalid_option_value(
"container type",
container_type,
GENERIC_CONTAINER_TYPES,
)
]
validators = [
validate.is_required("image", "container"),
validate.value_not_empty("image", "image name"),
validate.value_nonnegative_integer("masters"),
validate.value_nonnegative_integer("promoted-max"),
validate.mutually_exclusive(["masters", "promoted-max"], "container"),
validate.value_positive_integer("replicas"),
validate.value_positive_integer("replicas-per-host"),
]
deprecation_reports = []
if "masters" in container_options:
deprecation_reports.append(
reports.deprecated_option("masters", ["promoted-max"],
"container",
severity=ReportItemSeverity.WARNING))
return (validate.run_collection_of_option_validators(
container_options, validators) + deprecation_reports +
validate.names_in(GENERIC_CONTAINER_OPTIONS,
container_options.keys(), "container",
report_codes.FORCE_OPTIONS, force_options))
def _qdevice_add_heuristics_options(options, force_options=False):
"""
Validate quorum device heuristics options when adding a quorum device
dict options -- heuristics options
bool force_options -- turn forceable errors into warnings
"""
options_nonexec, options_exec = _split_heuristics_exec_options(options)
validators = _get_qdevice_heuristics_options_validators(
force_options=force_options
)
exec_options_reports, valid_exec_options = (
_validate_heuristics_exec_option_names(options_exec)
)
for option in valid_exec_options:
validators.append(
validate.value_not_empty(option, "a command to be run")
)
return (
validate.run_collection_of_option_validators(options, validators)
+
_validate_heuristics_noexec_option_names(
options_nonexec,
force_options=force_options
)
+
exec_options_reports
)
def initialize_block_devices(lib_env, device_list, option_dict):
"""
Initialize SBD devices in device_list with options_dict.
lib_env -- LibraryEnvironment
device_list -- list of strings
option_dict -- dictionary
"""
report_item_list = []
if not device_list:
report_item_list.append(reports.required_option_is_missing(["device"]))
supported_options = sbd.DEVICE_INITIALIZATION_OPTIONS_MAPPING.keys()
report_item_list += names_in(supported_options, option_dict.keys())
validator_list = [
value_nonnegative_integer(key)
for key in supported_options
]
report_item_list += run_collection_of_option_validators(
option_dict, validator_list
)
lib_env.report_processor.process_list(report_item_list)
sbd.initialize_block_devices(
lib_env.report_processor, lib_env.cmd_runner(), device_list, option_dict
)
def initialize_block_devices(lib_env, device_list, option_dict):
"""
Initialize SBD devices in device_list with options_dict.
lib_env -- LibraryEnvironment
device_list -- list of strings
option_dict -- dictionary
"""
report_item_list = []
if not device_list:
report_item_list.append(reports.required_option_is_missing(["device"]))
supported_options = sbd.DEVICE_INITIALIZATION_OPTIONS_MAPPING.keys()
report_item_list += names_in(supported_options, option_dict.keys())
validator_list = [
value_nonnegative_integer(key)
for key in supported_options
]
report_item_list += run_collection_of_option_validators(
option_dict, validator_list
)
lib_env.report_processor.process_list(report_item_list)
sbd.initialize_block_devices(
lib_env.report_processor, lib_env.cmd_runner(), device_list, option_dict
)
def _qdevice_update_model_net_options(options, node_ids, force_options=False):
"""
Validate quorum device model options when updating a quorum device
dict options -- model options
list node_ids -- list of existing node ids
bool force_options -- turn forceable errors into warnings
"""
allowed_options = (
_QDEVICE_NET_REQUIRED_OPTIONS + _QDEVICE_NET_OPTIONAL_OPTIONS
)
option_type = "quorum device model"
validators = _get_qdevice_model_net_options_validators(
node_ids,
allow_empty_values=True,
force_options=force_options
)
return (
validate.run_collection_of_option_validators(options, validators)
+
validate.names_in(
allowed_options,
options.keys(),
option_type,
**validate.allow_extra_names(
report_codes.FORCE_OPTIONS, force_options
)
)
)
def test_no_wrap(self):
validators = validate.wrap_with_empty_or_valid(self.validators,
wrap=False)
validators.append(validate.value_port_number("c"))
assert_report_item_list_equal(
validate.run_collection_of_option_validators(
{
"a": "",
"b": "",
"c": ""
}, validators), [
fixture.error(
report_codes.INVALID_OPTION_VALUE,
option_name="a",
option_value="",
allowed_values=["x", "y", "z"],
),
fixture.error(
report_codes.INVALID_OPTION_VALUE,
option_name="b",
option_value="",
allowed_values="0..9",
),
fixture.error(
report_codes.INVALID_OPTION_VALUE,
option_name="c",
option_value="",
allowed_values="a port number (1-65535)",
),
])
def test_no_wrap(self):
validators = validate.wrap_with_empty_or_valid(
self.validators, wrap=False
)
validators.append(validate.value_port_number("c"))
assert_report_item_list_equal(
validate.run_collection_of_option_validators(
{"a": "", "b": "", "c": ""},
validators
),
[
fixture.error(
report_codes.INVALID_OPTION_VALUE,
option_name="a",
option_value="",
allowed_values=["x", "y", "z"],
),
fixture.error(
report_codes.INVALID_OPTION_VALUE,
option_name="b",
option_value="",
allowed_values="0..9",
),
fixture.error(
report_codes.INVALID_OPTION_VALUE,
option_name="c",
option_value="",
allowed_values="a port number (1-65535)",
),
]
)
def _qdevice_update_heuristics_options(options, force_options=False):
"""
Validate quorum device heuristics options when updating a quorum device
dict options -- heuristics options
bool force_options -- turn forceable errors into warnings
"""
options_nonexec, options_exec = _split_heuristics_exec_options(options)
validators = _get_qdevice_heuristics_options_validators(
allow_empty_values=True,
force_options=force_options
)
# No validation necessary for values of valid exec options - they are
# either empty (meaning they will be removed) or nonempty strings.
exec_options_reports, dummy_valid_exec_options = (
_validate_heuristics_exec_option_names(options_exec)
)
return (
validate.run_collection_of_option_validators(options, validators)
+
_validate_heuristics_noexec_option_names(
options_nonexec,
force_options=force_options
)
+
exec_options_reports
)
def _validate_storage_map_list(options_list, id_provider, force_options):
allowed_options = [
"id",
"options",
"source-dir",
"source-dir-root",
"target-dir",
]
source_dir_options = ["source-dir", "source-dir-root"]
validators = [
validate.value_id("id", "storage-map id", id_provider),
validate.is_required_some_of(source_dir_options, "storage-map"),
validate.mutually_exclusive(source_dir_options, "storage-map"),
validate.is_required("target-dir", "storage-map"),
]
report_list = []
for options in options_list:
report_list.extend(
validate.run_collection_of_option_validators(options, validators)
+
validate.names_in(
allowed_options,
options.keys(),
"storage-map",
report_codes.FORCE_OPTIONS,
force_options
)
)
return report_list
def _validate_port_map_list(options_list, id_provider, force_options):
allowed_options = [
"id",
"port",
"internal-port",
"range",
]
validators = [
validate.value_id("id", "port-map id", id_provider),
validate.depends_on_option("internal-port", "port", "port-map",
"port-map"),
validate.is_required_some_of(["port", "range"], "port-map"),
validate.mutually_exclusive(["port", "range"], "port-map"),
validate.value_port_number("port"),
validate.value_port_number("internal-port"),
validate.value_port_range(
"range",
code_to_allow_extra_values=report_codes.FORCE_OPTIONS,
allow_extra_values=force_options),
]
report_list = []
for options in options_list:
report_list.extend(
validate.run_collection_of_option_validators(options, validators) +
validate.names_in(allowed_options, options.keys(), "port-map",
report_codes.FORCE_OPTIONS, force_options))
return report_list
def _validate_container_docker_options_update(
docker_el, options, force_options
):
validators = [
# image is a mandatory attribute and cannot be removed
validate.value_not_empty("image", "image name"),
validate.value_empty_or_valid(
"masters",
validate.value_nonnegative_integer("masters")
),
validate.value_empty_or_valid(
"replicas",
validate.value_positive_integer("replicas")
),
validate.value_empty_or_valid(
"replicas-per-host",
validate.value_positive_integer("replicas-per-host")
),
]
return (
validate.run_collection_of_option_validators(options, validators)
+
validate.names_in(
# allow to remove options even if they are not allowed
_docker_options | _options_to_remove(options),
options.keys(),
"container",
report_codes.FORCE_OPTIONS,
force_options
)
)
def _validate_sbd_options(
sbd_config, allow_unknown_opts=False, allow_invalid_option_values=False
):
"""
Validate user SBD configuration. Options 'SBD_WATCHDOG_DEV' and 'SBD_OPTS'
are restricted. Returns list of ReportItem
sbd_config -- dictionary in format: <SBD config option>: <value>
allow_unknown_opts -- if True, accept also unknown options.
"""
validators = [
validate.value_nonnegative_integer("SBD_WATCHDOG_TIMEOUT"),
validate.value_in(
"SBD_TIMEOUT_ACTION",
TIMEOUT_ACTION_ALLOWED_VALUE_LIST,
code_to_allow_extra_values=report_codes.FORCE_OPTIONS,
extra_values_allowed=allow_invalid_option_values,
),
]
return (
validate.names_in(
ALLOWED_SBD_OPTION_LIST,
sbd_config.keys(),
option_type=None,
banned_name_list=UNSUPPORTED_SBD_OPTION_LIST,
code_to_allow_extra_names=report_codes.FORCE_OPTIONS,
extra_names_allowed=allow_unknown_opts,
)
+
validate.run_collection_of_option_validators(sbd_config, validators)
)
def __validate_quorum_device_add_heuristics(
self, heuristics_options, force_options=False
):
report_list = []
options_nonexec, options_exec = self.__split_heuristics_exec_options(
heuristics_options
)
validators = self.__get_heuristics_options_validators(
force_options=force_options
)
exec_options_reports, valid_exec_options = (
self.__validate_heuristics_exec_option_names(options_exec)
)
for option in valid_exec_options:
validators.append(
validate.value_not_empty(option, "a command to be run")
)
report_list.extend(
validate.run_collection_of_option_validators(
heuristics_options, validators
)
+
self.__validate_heuristics_noexec_option_names(
options_nonexec, force_options=force_options
)
+
exec_options_reports
)
return report_list
def validate_set_as_guest(tree, nodes, node_name, options):
report_list = validate.names_in(
GUEST_OPTIONS,
options.keys(),
"guest",
)
validator_list = [
validate.value_time_interval("remote-connect-timeout"),
validate.value_port_number("remote-port"),
]
report_list.extend(
validate.run_collection_of_option_validators(options, validator_list))
report_list.extend(validate_conflicts(tree, nodes, node_name, options))
if not node_name.strip():
report_list.append(
reports.invalid_option_value(
"node name",
node_name,
"no empty value",
))
return report_list
def _validate_network_options_update(bundle_el, network_el, options,
force_options):
report_list = []
inner_primitive = get_inner_resource(bundle_el)
if (inner_primitive is not None and
not _is_pcmk_remote_acccessible_after_update(network_el, options)):
report_list.append(
reports.get_problem_creator(
report_codes.FORCE_OPTIONS,
force_options)(reports.resource_in_bundle_not_accessible,
bundle_el.get("id"), inner_primitive.get("id")))
validators = [
# TODO add validators for other keys (ip-range-start - IPv4)
validate.value_empty_or_valid(
"control-port",
validate.value_port_number("control-port"),
),
validate.value_empty_or_valid(
"host-netmask",
_value_host_netmask("host-netmask", force_options),
),
]
return (report_list +
validate.run_collection_of_option_validators(options, validators) +
validate.names_in(
# allow to remove options even if they are not allowed
_network_options | _options_to_remove(options),
options.keys(),
"network",
report_codes.FORCE_OPTIONS,
force_options))
def create_totem(options):
"""
Validate creating the "totem" section
dict options -- totem options
"""
# No need to support force:
# * values are either bool or numbers with no range set - nothing to force
# * names are strictly set as we cannot risk the user overwrites some
# setting they should not to
# * changes to names and values in corosync are very rare
allowed_options = [
"consensus",
"downcheck",
"fail_recv_const",
"heartbeat_failures_allowed",
"hold",
"join",
"max_messages",
"max_network_delay",
"merge",
"miss_count_const",
"send_join",
"seqno_unchanged_const",
"token",
"token_coefficient",
"token_retransmit",
"token_retransmits_before_loss_const",
"window_size",
]
validators = [
validate.value_nonnegative_integer("consensus"),
validate.value_nonnegative_integer("downcheck"),
validate.value_nonnegative_integer("fail_recv_const"),
validate.value_nonnegative_integer("heartbeat_failures_allowed"),
validate.value_nonnegative_integer("hold"),
validate.value_nonnegative_integer("join"),
validate.value_nonnegative_integer("max_messages"),
validate.value_nonnegative_integer("max_network_delay"),
validate.value_nonnegative_integer("merge"),
validate.value_nonnegative_integer("miss_count_const"),
validate.value_nonnegative_integer("send_join"),
validate.value_nonnegative_integer("seqno_unchanged_const"),
validate.value_nonnegative_integer("token"),
validate.value_nonnegative_integer("token_coefficient"),
validate.value_nonnegative_integer("token_retransmit"),
validate.value_nonnegative_integer(
"token_retransmits_before_loss_const"
),
validate.value_nonnegative_integer("window_size"),
]
report_items = (
validate.run_collection_of_option_validators(options, validators)
+
validate.names_in(allowed_options, options.keys(), "totem")
)
return report_items
def _validate_network_options_new(options, force_options):
validators = [
# TODO add validators for other keys (ip-range-start - IPv4)
validate.value_port_number("control-port"),
_value_host_netmask("host-netmask", force_options),
]
return (validate.run_collection_of_option_validators(options, validators) +
validate.names_in(_network_options, options.keys(), "network",
report_codes.FORCE_OPTIONS, force_options))
def test_collect_all_errors_from_specifications(self):
specification = [
lambda option_dict: ["A{0}".format(option_dict["x"])],
lambda option_dict: ["B"],
]
self.assertEqual(["Ay", "B"],
validate.run_collection_of_option_validators(
{"x": "y"}, specification))
def _validate_generic_container_options_update(docker_el, options,
force_options):
validators = [
# image is a mandatory attribute and cannot be removed
validate.value_not_empty("image", "image name"),
validate.value_empty_or_valid(
"masters", validate.value_nonnegative_integer("masters")),
validate.value_empty_or_valid(
"promoted-max",
validate.value_nonnegative_integer("promoted-max")),
validate.value_empty_or_valid(
"replicas", validate.value_positive_integer("replicas")),
validate.value_empty_or_valid(
"replicas-per-host",
validate.value_positive_integer("replicas-per-host")),
]
# CIB does not allow both to be set. Deleting both is not a problem,
# though. Deleting one while setting another also works and is further
# checked bellow.
if not (options.get("masters", "") == ""
or options.get("promoted-max", "") == ""):
validators.append(
validate.mutually_exclusive(["masters", "promoted-max"],
"container"))
deprecation_reports = []
if options.get("masters"):
# If the user wants to delete the masters option, do not report it is
# deprecated. They may be removing it because they just found out it is
# deprecated.
deprecation_reports.append(
reports.deprecated_option("masters", ["promoted-max"],
"container",
severity=ReportItemSeverity.WARNING))
# Do not allow to set masters if promoted-max is set unless promoted-max is
# going to be removed now. Do the same check also the other way around. CIB
# only allows one of them to be set.
if (options.get("masters") and docker_el.get("promoted-max")
and options.get("promoted-max") != ""):
deprecation_reports.append(
reports.prerequisite_option_must_not_be_set(
"masters", "promoted-max", "container", "container"))
if (options.get("promoted-max") and docker_el.get("masters")
and options.get("masters") != ""):
deprecation_reports.append(
reports.prerequisite_option_must_not_be_set(
"promoted-max", "masters", "container", "container"))
return (validate.run_collection_of_option_validators(options, validators) +
deprecation_reports + validate.names_in(
# allow to remove options even if they are not allowed
_generic_container_options | _options_to_remove(options),
options.keys(),
"container",
report_codes.FORCE_OPTIONS,
force_options))
def _validate_container_docker_options_new(options, force_options):
validators = [
validate.is_required("image", "container"),
validate.value_not_empty("image", "image name"),
validate.value_nonnegative_integer("masters"),
validate.value_positive_integer("replicas"),
validate.value_positive_integer("replicas-per-host"),
]
return (validate.run_collection_of_option_validators(options, validators) +
validate.names_in(_docker_options, options.keys(), "container",
report_codes.FORCE_OPTIONS, force_options))
def test_collect_all_errors_from_specifications(self):
specification = [
lambda option_dict: ["A{0}".format(option_dict["x"])],
lambda option_dict: ["B"],
]
self.assertEqual(
["Ay", "B"],
validate.run_collection_of_option_validators(
{"x": "y"},
specification
)
)
def create_link_list_udp(link_list):
"""
Validate creating udp/udpu link (interface) list options
iterable link_list -- list of link options
"""
if not link_list:
# It is not mandatory to set link options. If an empty link list is
# provided, everything is fine and we have nothing to validate.
return []
allowed_options = [
"bindnetaddr",
"broadcast",
"mcastaddr",
"mcastport",
"ttl",
]
validators = [
validate.value_ip_address("bindnetaddr"),
validate.value_in("broadcast", ("0", "1")),
validate.value_ip_address("mcastaddr"),
validate.value_port_number("mcastport"),
validate.value_integer_in_range("ttl", 0, 255),
]
options = link_list[0]
report_items = (
validate.run_collection_of_option_validators(options, validators)
+
validate.names_in(allowed_options, options.keys(), "link")
)
# default values taken from `man corosync.conf`
if options.get("broadcast", "0") == "1" and "mcastaddr" in options:
report_items.append(
reports.prerequisite_option_must_be_disabled(
"mcastaddr",
"broadcast",
option_type="link",
prerequisite_type="link"
)
)
link_count = len(link_list)
if link_count > constants.LINKS_UDP_MAX:
report_items.append(
reports.corosync_too_many_links(
link_count,
constants.LINKS_UDP_MAX,
"udp/udpu"
)
)
return report_items
def validate_new(
id_provider, bundle_id, container_type, container_options, network_options,
port_map, storage_map, force_options=False
):
"""
Validate new bundle parameters, return list of report items
IdProvider id_provider -- elements' ids generator and uniqueness checker
string bundle_id -- id of the bundle
string container_type -- bundle container type
dict container_options -- container options
dict network_options -- network options
list of dict port_map -- list of port mapping options
list of dict storage_map -- list of storage mapping options
bool force_options -- return warnings instead of forceable errors
"""
report_list = []
report_list.extend(
validate.run_collection_of_option_validators(
{"id": bundle_id},
[
# with id_provider it validates that the id is available as well
validate.value_id("id", "bundle name", id_provider),
]
)
)
aux_reports = _validate_container_type(container_type)
report_list.extend(aux_reports)
if not ReportListAnalyzer(aux_reports).error_list:
report_list.extend(
# TODO call the proper function once more container_types are
# supported by pacemaker
_validate_container_docker_options_new(
container_options,
force_options
)
)
report_list.extend(
_validate_network_options_new(network_options, force_options)
)
report_list.extend(
_validate_port_map_list(port_map, id_provider, force_options)
)
report_list.extend(
_validate_storage_map_list(storage_map, id_provider, force_options)
)
return report_list
def _qdevice_update_generic_options(options, force_options=False):
"""
Validate quorum device generic options when updating a quorum device
dict options -- generic options
bool force_options -- turn forceable errors into warnings
"""
validators = _get_qdevice_generic_options_validators(
allow_empty_values=True, force_options=force_options)
report_items = validate.run_collection_of_option_validators(
options, validators)
report_items.extend(
_validate_qdevice_generic_options_names(options,
force_options=force_options))
return report_items
def _validate_quorum_options(options, has_qdevice, allow_empty_values):
validators = _get_quorum_options_validators(allow_empty_values)
report_items = (
validate.run_collection_of_option_validators(options, validators) +
validate.names_in(constants.QUORUM_OPTIONS, options.keys(), "quorum"))
if has_qdevice:
qdevice_incompatible_options = [
name for name in options
if name in constants.QUORUM_OPTIONS_INCOMPATIBLE_WITH_QDEVICE
]
if qdevice_incompatible_options:
report_items.append(
reports.corosync_options_incompatible_with_qdevice(
qdevice_incompatible_options))
return report_items
def add_quorum_device(
model, model_options, generic_options, heuristics_options, node_ids,
force_model=False, force_options=False
):
"""
Validate adding a quorum device
string model -- quorum device model
dict model_options -- model specific options
dict generic_options -- generic quorum device options
dict heuristics_options -- heuristics options
list node_ids -- list of existing node ids
bool force_model -- continue even if the model is not valid
bool force_options -- turn forceable errors into warnings
"""
report_items = []
model_validators = {
"net": lambda: _qdevice_add_model_net_options(
model_options,
node_ids,
force_options
),
}
if model in model_validators:
report_items += model_validators[model]()
else:
report_items += validate.run_collection_of_option_validators(
{"model": model},
[
validate.value_in(
"model",
list(model_validators.keys()),
**validate.allow_extra_values(
report_codes.FORCE_QDEVICE_MODEL, force_model
)
)
]
)
return (
report_items
+
_qdevice_add_generic_options(generic_options, force_options)
+
_qdevice_add_heuristics_options(heuristics_options, force_options)
)
def validate_operation(operation, options_validator_list):
"""
Return a list with reports (ReportItems) about problems inside
operation.
dict operation contains attributes of operation
"""
report_list = validate.names_in(
ATTRIBUTES,
operation.keys(),
"resource operation",
)
report_list.extend(
validate.run_collection_of_option_validators(operation,
options_validator_list))
return report_list
def validate_operation(operation, options_validator_list):
"""
Return a list with reports (ReportItems) about problems inside
operation.
dict operation contains attributes of operation
"""
report_list = validate.names_in(
ATTRIBUTES,
operation.keys(),
"resource operation",
)
report_list.extend(validate.run_collection_of_option_validators(
operation,
options_validator_list
))
return report_list
def _validate_generic_container_options_new(options, force_options):
validators = [
validate.is_required("image", "container"),
validate.value_not_empty("image", "image name"),
validate.value_nonnegative_integer("masters"),
validate.value_nonnegative_integer("promoted-max"),
validate.mutually_exclusive(["masters", "promoted-max"], "container"),
validate.value_positive_integer("replicas"),
validate.value_positive_integer("replicas-per-host"),
]
deprecation_reports = []
if "masters" in options:
deprecation_reports.append(
reports.deprecated_option("masters", ["promoted-max"],
"container",
severity=ReportItemSeverity.WARNING))
return (validate.run_collection_of_option_validators(options, validators) +
deprecation_reports + validate.names_in(
_generic_container_options, options.keys(), "container",
report_codes.FORCE_OPTIONS, force_options))
def _validate_network_options_update(network_el, options, force_options):
validators = [
# TODO add validators for other keys (ip-range-start - IPv4)
validate.value_empty_or_valid(
"control-port",
validate.value_port_number("control-port"),
),
validate.value_empty_or_valid(
"host-netmask",
_value_host_netmask("host-netmask", force_options),
),
]
return (validate.run_collection_of_option_validators(options, validators) +
validate.names_in(
# allow to remove options even if they are not allowed
_network_options | _options_to_remove(options),
options.keys(),
"network",
report_codes.FORCE_OPTIONS,
force_options))
def create_transport_knet(generic_options, compression_options, crypto_options):
"""
Validate creating knet transport options
dict generic_options -- generic transport options
dict compression_options -- compression options
dict crypto_options -- crypto options
"""
# No need to support force:
# * values are either an enum or numbers with no range set - nothing to force
# * names are strictly set as we cannot risk the user overwrites some
# setting they should not to
# * changes to names and values in corosync are very rare
generic_allowed = [
"ip_version", # It tells knet which IP to prefer.
"knet_pmtud_interval",
"link_mode",
]
generic_validators = [
validate.value_in("ip_version", ("ipv4", "ipv6")),
validate.value_nonnegative_integer("knet_pmtud_interval"),
validate.value_in("link_mode", ("active", "passive", "rr")),
]
compression_allowed = [
"level",
"model",
"threshold",
]
compression_validators = [
validate.value_nonnegative_integer("level"),
validate.value_not_empty(
"model",
"a compression model e.g. zlib, lz4 or bzip2"
),
validate.value_nonnegative_integer("threshold"),
]
crypto_type = "crypto"
crypto_allowed = [
"cipher",
"hash",
"model",
]
crypto_validators = [
validate.value_in(
"cipher",
("none", "aes256", "aes192", "aes128", "3des")
),
validate.value_in(
"hash",
("none", "md5", "sha1", "sha256", "sha384", "sha512")
),
validate.value_in("model", ("nss", "openssl")),
]
report_items = (
validate.run_collection_of_option_validators(
generic_options,
generic_validators
)
+
validate.names_in(
generic_allowed,
generic_options.keys(),
"knet transport"
)
+
validate.run_collection_of_option_validators(
compression_options,
compression_validators
)
+
validate.names_in(
compression_allowed,
compression_options.keys(),
"compression"
)
+
validate.run_collection_of_option_validators(
crypto_options,
crypto_validators
)
+
validate.names_in(
crypto_allowed,
crypto_options.keys(),
crypto_type
)
)
if (
# default values taken from `man corosync.conf`
crypto_options.get("cipher", "aes256") != "none"
and
crypto_options.get("hash", "sha1") == "none"
):
report_items.append(
reports.prerequisite_option_must_be_enabled_as_well(
"cipher",
"hash",
option_type="crypto",
prerequisite_type="crypto"
)
)
return report_items
