[ClusterLabs] Finding attributes of a past resource agent invocation

Jan Pokorný jpokorny at redhat.com
Wed Mar 4 06:02:50 EST 2020

Hi Feri,

just to this one...

On 03/03/20 15:22 +0100, wferi at niif.hu wrote:
> Is there a way to find out what attributes were passed to the OCF
> agent in that fateful invocation?

AFAIK, not possible after-the-fact, unless you add TRACE_RA=1 as
another (real) parameter to the agent and it happens to respond
to it (very likely with standard agents from resource-agents project).
And even then, logs generated like that will likely get lost when
the node is fenced (depends on path/mount particulars).

I think that not exposing such details about invocation directly
at pacemaker logging level is by design ... safer than to leave
the cat out of the bag.  Consider that any incidents reported are
promptly followed with soliciting the logs, and making the
authentication tokens, password and other secrets leaked this
way would be bad for general reputation, wouldn't it?

(this was also part of the reasoning behind CVE-2019-3885)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.clusterlabs.org/pipermail/users/attachments/20200304/819665dd/attachment-0001.sig>

More information about the Users mailing list