[ClusterLabs] Failed to retrieve meta-data for custom ocf resource

Jan Pokorný jpokorny at redhat.com
Thu Sep 29 16:20:51 UTC 2016


On 28/09/16 16:55 -0500, Ken Gaillot wrote:
> On 09/28/2016 04:04 PM, Christopher Harvey wrote:
>> My corosync/pacemaker logs are seeing a bunch of messages like the
>> following:
>> 
>> Sep 22 14:50:36 [1346] node-132-60       crmd:     info:
>> action_synced_wait:     Managed MsgBB-Active_meta-data_0 process 15613
>> exited with rc=4

Another possibility is that "execvp" call, i.e., means to run this very
agent, failed at a fundemental level (could also be due to kernel's
security modules like SELinux, seccomp, etc. as already mentioned).

Do other agents work flawlessly for you?

> This is the (unmodified) exit status of the process, so the resource
> agent must be returning "4" for some reason. Normally, that is used to
> indicate "insufficient privileges".
> 
>> Sep 22 14:50:36 [1346] node-132-60       crmd:    error:
>> generic_get_metadata:   Failed to retrieve meta-data for
>> ocf:acme:MsgBB-Active
>> Sep 22 14:50:36 [1346] node-132-60       crmd:  warning:
>> get_rsc_metadata:       No metadata found for MsgBB-Active::ocf:acme:
>> Input/output error (-5)
>> Sep 22 14:50:36 [1346] node-132-60       crmd:    error:
>> build_operation_update: No metadata for acme::ocf:MsgBB-Active
>> Sep 22 14:50:36 [1346] node-132-60       crmd:   notice:
>> process_lrm_event:      Operation MsgBB-Active_start_0: ok
>> (node=node-132-60, call=25, rc=0, cib-update=27, confirmed=true)
>> 
>> I am able to run the meta-data command on the command line:
> 
> I would suspect that your user account has some privileges that the lrmd
> user (typically hacluster:haclient) doesn't have. Try "su - hacluster"
> first and see if it's any different. Maybe directory or file
> permissions, or SELinux?

In fact lrmd (along with stonithd) is an exception in the daemons'
conglomerate as it runs as root:root, so as to portably handle
execution of the resources that, naturally and in general, require
execution with as high (here: inherited), privileges.

-- 
Jan (Poki)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.clusterlabs.org/pipermail/users/attachments/20160929/4b6dddb0/attachment-0002.sig>


More information about the Users mailing list