[ClusterLabs] Antw: Re: Q: HA_RSCTMP in SLES11 SP4 at first start after reboot

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Tue Aug 14 04:47:21 EDT 2018

>>> Jan Pokorný <jpokorny at redhat.com> schrieb am 14.08.2018 um 10:15 in
<20180814081513.GA21998 at redhat.com>:
> On 14/08/18 08:01 +0200, Ulrich Windl wrote:
>>>>> Vladislav Bogdanov <bubble at hoster-ok.com> schrieb am 13.08.2018 um
>>>>> in Nachricht <35541484-1f3e-e5f6-5938-cf17e12184f3 at hoster-ok.com>:
>>>> 10.08.2018 19:52, Ulrich Windl wrote:
>>>> A simple question: One of my RAs uses $HA_RSCTMP in SLES11 SP4, and it 
>>> reports the following problem:
>>>>   WARNING: Unwritable HA_RSCTMP directory /var/run/resource‑agents ‑
>>>> /tmp
>>> Just make sure you avoid using that code in 'meta‑data' action handler 
>>> (it is run by crmd which runs under hacluster user to obtain and cache 
>>> agent meta‑data and I bet that message is from that run).
>> This is a very plausible explanation. However I wonder whether it should
>> documented more clearly in the RA writers guide (or corresponding
> Perhaps it would be wise to clearly instruct authors of resource agents
> to never cast any side effects when plain meta-data query is invoked
> -- such a bad style (also as exercised with the stated snippet if
> placed directly at the file-level scope of the script) generates
> recurring problems, especially when such "always fired" code decides
> to talk back to resource manager unconditionally(!):
> https://bugs.clusterlabs.org/show_bug.cgi?id=5357#c16 


I wonder: Whatever the recommendations will be, it seems wise to me if those
expectations are reflected in ocf-tester. The version I have (ocf-tester,v 1.2
2006/08/14) does not use different users calling the individual methods, so
this type of problem wasn't detected.

And: Using user "nobody" for tests is a bad idea IMHO, because no user is
expected to be "nobody". Maybe a parameter to specify some non-priviledged user
would be the better thing to do; maybe defaulting to "hacluster"...


>> The other thing is whether a group "hacluster" and a "chgrp hacluster
>> $HA_RSCTMP; chmod g+rwx $HA_RSCTMP" would be a good idea (assuming crmd is

> run
>> as hacluster:hacluster then).
> Tentative plan is to delegate fetching meta-data for the purpose of
> caching them also into lrmd/pacemaker-execd, which would close this
> hole once for all.
>> The other thing would be messing with "setfacl -m u:hacluster:rwx 
> Nonportable.
> -- 
> Nazdar,
> Jan (Poki)

More information about the Users mailing list