<div dir="ltr"><div dir="ltr"><div style="color:rgb(80,0,80)">Hi,</div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)">(</div><div style="color:rgb(80,0,80)">I sent a similar question from an other acount 3 days ago, but: </div><div style="color:rgb(80,0,80)">- I do not see it on the list. Maybe I should not see my own email? So I created a new account</div><div style="color:rgb(80,0,80)">- I have additional infos (but no solution), so I rewrite the question</div><div style="color:rgb(80,0,80)">)<br></div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)">pacemaker cannot start drbd9 resources. As I see, root has very limited privileges in the drbd resource agent, when it run by the pacemaker. I downloaded the latest pacemaker this week, and I compiled drbd9 rpms also. I hope, You can help me, I do not find the cause of this behaviour. Please see the below test cases:</div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)">1. When I create Pacemaker DRBD resource I get errors<br></div><div style="color:rgb(80,0,80)"><div># pcs resource create DrbdDB ocf:linbit:drbd drbd_resource=drbd_db op monitor interval=60s meta notify=true</div><div># pcs resource master DrbdDBClone DrbdDB master-max=1 master-node-max=1 clone-node-max=1 notify=true</div><div># pcs constraint location DrbdDBClone prefers node1=INFINITY</div><div># pcs cluster stop --all; pcs cluster start --all; pcs status</div><br class="gmail-Apple-interchange-newline"></div><div style="color:rgb(80,0,80)">Failed Actions:</div><div style="color:rgb(80,0,80)">* DrbdDB_monitor_0 on node1 'not installed' (5): call=6, status=complete, exitreason='DRBD kernel (module) not available?',<br> last-rc-change='Thu May 23 09:54:09 2019', queued=0ms, exec=58ms<br></div><div style="color:rgb(80,0,80)">* DrbdDB_monitor_0 on node2 'not installed' (5): call=6, status=complete, exitreason='DRBD kernel (module) not available?',<br></div><div style="color:rgb(80,0,80)"> last-rc-change='Thu May 23 10:00:22 2019', queued=0ms, exec=71ms<br></div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)">2. when I try to start drbd_db by drbdadm directly, it works well:</div><div style="color:rgb(80,0,80)"><div># modprobe drbd #on each node</div><div># drbdadm up drbd_db #on each node</div><div># drbdadm primary drbd_db</div><div># drbdadm status </div><div>it shows drbd_db is UpToDate on each node</div></div><div style="color:rgb(80,0,80)">I also can promote and mount filesystem well</div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)"><div>3. When I use debug-start, it works fine (so the resource syntax sould be correct)</div><div># drbdadm status</div><div>No currently configured DRBD found.</div><div># pcs resource debug-start DrbdDBMaster</div><div>Error: unable to debug-start a master, try the master's resource: DrbdDB</div><div># pcs resource debug-start DrbdDB #on each node</div><div>Operation start for DrbdDB:0 (ocf:linbit:drbd) returned: 'ok' (0)</div><div># drbdadm status</div><div>it shows drbd_db is UpToDate on each node</div><div><br></div>4. Pacemaker handle other resources well . If I set auto_promote=yes, and I start (but not promote) the drbd_db by drbdadm, then pacemaker can create filesystem on it well, and also the appserver, database resources. </div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)">5. The strangest behaviour for me. Root have very limited privileges whitin the drbd resource agent. If I write this line to the srbd_start() method of /usr/lib/ocf/resource.d/linbit/drbd
</div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)">ocf_log err "lados " $(whoami) $( ls -l
/home/opc/tmp/modprobe2.trace ) $( do_cmd touch
/home/opc/tmp/modprobe2.trace )<br></div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)">I got theese messeges in log, when I start the cluster</div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)"><div class="gmail-moz-cite-prefix"># tail -f /var/log/cluster/corosync.log |
grep -A 8 -B 3 -i lados<br>
</div>
<div class="gmail-moz-cite-prefix"><br>
</div><div class="gmail-moz-cite-prefix">...</div>
<div class="gmail-moz-cite-prefix">May 21 15:35:12
drbd(DrbdDB)[31649]: ERROR: lados root<br>
May 21 15:35:12 [31309] node1 lrmd: notice:
operation_finished: DrbdDB_start_0:31649:stderr [ ls: cannot
access /home/opc/tmp/modprobe2.trace: Permission denied ]<br>
May 21 15:35:12 [31309] node1 lrmd: notice:
operation_finished: DrbdFra_start_0:31649:stderr [ touch:
cannot touch '/home/opc/tmp/modprobe2.trace': Permission denied ]<br>
</div></div><div style="color:rgb(80,0,80)">...</div><div style="color:rgb(80,0,80)">and also, when I try to strace the "modprobe -s drbd `$DRBDADM sh-mod-parms`" in drbd resource agent, I only see 1 line in the /root/modprobe2.trace. This meens for me:</div><div style="color:rgb(80,0,80)">- root cannot trace the calls in drbdadm (even if root can strace drbdadm outside of pacemaker well)</div><div style="color:rgb(80,0,80)">- root can write into files his own directory (/root/modprobe2.trace) </div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)">6. Opposit of previous test</div><div style="color:rgb(80,0,80)">root has these privileges outside from pacamaker</div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)"><div class="gmail-moz-cite-prefix"># sudo su -</div>
<div class="gmail-moz-cite-prefix"># touch
/home/opc/tmp/modprobe2.trace<br># ls -l /home/opc/tmp/modprobe2.trace<br>
-rw-r--r--. 1 root root 0 May 21 15:44
/home/opc/tmp/modprobe2.trace</div></div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)">Thanks: lados.</div><div style="color:rgb(80,0,80)"><br></div><div style="color:rgb(80,0,80)"><br></div></div></div>