[ClusterLabs] Antw: Re: Q: HA_RSCTMP in SLES11 SP4 at first start after reboot
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Tue Aug 14 04:47:21 EDT 2018
>>> Jan Pokorný <jpokorny at redhat.com> schrieb am 14.08.2018 um 10:15 in
Nachricht
<20180814081513.GA21998 at redhat.com>:
> On 14/08/18 08:01 +0200, Ulrich Windl wrote:
>>>>> Vladislav Bogdanov <bubble at hoster-ok.com> schrieb am 13.08.2018 um
17:13
>>>>> in Nachricht <35541484-1f3e-e5f6-5938-cf17e12184f3 at hoster-ok.com>:
>>>> 10.08.2018 19:52, Ulrich Windl wrote:
>>>>
>>>> A simple question: One of my RAs uses $HA_RSCTMP in SLES11 SP4, and it
>>> reports the following problem:
>>>> WARNING: Unwritable HA_RSCTMP directory /var/run/resource‑agents ‑
using
>>>> /tmp
>>>
>>> Just make sure you avoid using that code in 'meta‑data' action handler
>>> (it is run by crmd which runs under hacluster user to obtain and cache
>>> agent meta‑data and I bet that message is from that run).
>>
>> This is a very plausible explanation. However I wonder whether it should
be
>> documented more clearly in the RA writers guide (or corresponding
document).
>
> Perhaps it would be wise to clearly instruct authors of resource agents
> to never cast any side effects when plain meta-data query is invoked
> -- such a bad style (also as exercised with the stated snippet if
> placed directly at the file-level scope of the script) generates
> recurring problems, especially when such "always fired" code decides
> to talk back to resource manager unconditionally(!):
>
> https://bugs.clusterlabs.org/show_bug.cgi?id=5357#c16
Hi!
I wonder: Whatever the recommendations will be, it seems wise to me if those
expectations are reflected in ocf-tester. The version I have (ocf-tester,v 1.2
2006/08/14) does not use different users calling the individual methods, so
this type of problem wasn't detected.
And: Using user "nobody" for tests is a bad idea IMHO, because no user is
expected to be "nobody". Maybe a parameter to specify some non-priviledged user
would be the better thing to do; maybe defaulting to "hacluster"...
Regards,
Ulrich
>
>> The other thing is whether a group "hacluster" and a "chgrp hacluster
>> $HA_RSCTMP; chmod g+rwx $HA_RSCTMP" would be a good idea (assuming crmd is
> run
>> as hacluster:hacluster then).
>
> Tentative plan is to delegate fetching meta-data for the purpose of
> caching them also into lrmd/pacemaker-execd, which would close this
> hole once for all.
>
>> The other thing would be messing with "setfacl -m u:hacluster:rwx
> $HA_RSCTMP"
>
> Nonportable.
>
> --
> Nazdar,
> Jan (Poki)
More information about the Users
mailing list