[Linux-HA] pgsql OCF resource agent and other questions

Dejan Muhamedagic dejanmm at fastmail.fm
Thu Feb 14 10:47:59 MST 2008 

On Thu, Feb 14, 2008 at 09:54:05AM -0700, Serge Dubrouski wrote:
> On Thu, Feb 14, 2008 at 9:48 AM, Dejan Muhamedagic <dejanmm at fastmail.fm> wrote:
> > Hi,
> >
> >
> >  On Thu, Feb 14, 2008 at 06:33:11AM -0700, Serge Dubrouski wrote:
> >  > On Thu, Feb 14, 2008 at 4:42 AM, Dejan Muhamedagic <dejanmm at fastmail.fm> wrote:
> >  > > Hi,
> >  > >
> >  > >
> >  > >  On Wed, Feb 13, 2008 at 08:47:42AM -0700, Serge Dubrouski wrote:
> >  > >
> >  > >  > The problem is that by default PG_DATA isn't readable by everybody,
> >  > >  > but OCF spec requires that "status" command should work for any user,
> >  > >  > also "stop" command should report service down for for stopped service
> >  > >  > for any user as well. That's why I have to use this double logic.
> >  > >
> >  > >  Is that really so? Which specification? At any rate, all resource
> >  > >  agents are run as user root by lrmd. The RA is of course free to
> >  > >  switch to another uid where appropriate.
> >  > >
> >  >
> >  > Just before 2.1.3 release I was told by Andrew that it had to work
> >  > that way so I had to modify pgsql status function. May be I
> >  > misuderstood something.
> >
> >  I think you did, unless Andrew can clarify further. The meta-data
> >  and usage must work as any user. The status/monitor sometimes
> >  definitely can't. Besides, as I said, all RAs are run as root by
> >  the cluster.
> 
> That's right. As far as I remember the main question was to report te
> correct status for a stopped resource. Old version of pgsql used to
> report OCF_ERROR instead of OCF_NOTRUNNING for non-root users, that
> was concidered incorrect.

I still don't understand why should that be considered incorrect
if all RAs (OCF or other) are run as root. For example, some RAs
depend on this to do a su(1) which shouldn't ask for password.
It'd be simply impossible to implement all RAs without the
premise that they are going to run as root.

> Anyway the patch thia I attached earlier solves the problem with
> several instances of PostgreSQL running on the same node. You probably
> should put it into Mercury, unless Hideo reports some other problem.

OK. I was also expecting a definite answer from him.

Thanks,

Dejan

> 
> Thanks.
> 
> Serge Dubrouski.
> _______________________________________________
> Linux-HA mailing list
> Linux-HA at lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems

More information about the Linux-HA mailing list