|
 |
4c8e44 |
From 169d424cf88594f15e7e66baa705df6b727aa807 Mon Sep 17 00:00:00 2001
|
|
|
4c8e44 |
From: Ken Gaillot <kgaillot@redhat.com>
|
|
|
4c8e44 |
Date: Tue, 4 Jun 2019 16:24:16 -0500
|
|
|
4c8e44 |
Subject: [PATCH 1/4] Log: pacemaker-remoted: use different default log if pid
|
|
|
4c8e44 |
1
|
|
|
4c8e44 |
|
|
|
4c8e44 |
When pacemaker-remoted runs as pid 1 inside a container, there may not be a
|
|
|
4c8e44 |
/var/log/pacemaker directory. To get around this, use a default log of
|
|
|
4c8e44 |
/var/log/pcmk-init.log when running as pid 1.
|
|
|
4c8e44 |
|
|
|
4c8e44 |
This was chosen over alternatives (creating the /var/log/pacemaker directory,
|
|
|
4c8e44 |
or passing the log location as an environment variable when creating the
|
|
|
4c8e44 |
implicit container resource) because it both avoids forcing a restart of
|
|
|
4c8e44 |
active bundles due to configuration change (as well as preserving regression
|
|
|
4c8e44 |
test output) and allows users to configure an explicit log location via the
|
|
|
4c8e44 |
container image or the bundle's extra arguments.
|
|
|
4c8e44 |
---
|
|
|
4c8e44 |
daemons/execd/pacemaker-execd.c | 8 ++++++++
|
|
|
4c8e44 |
1 file changed, 8 insertions(+)
|
|
|
4c8e44 |
|
|
|
4c8e44 |
diff --git a/daemons/execd/pacemaker-execd.c b/daemons/execd/pacemaker-execd.c
|
|
|
4c8e44 |
index e2fdfca..cfa5500 100644
|
|
|
4c8e44 |
--- a/daemons/execd/pacemaker-execd.c
|
|
|
4c8e44 |
+++ b/daemons/execd/pacemaker-execd.c
|
|
|
4c8e44 |
@@ -429,6 +429,14 @@ static void spawn_pidone(int argc, char **argv, char **envp)
|
|
|
4c8e44 |
return;
|
|
|
4c8e44 |
}
|
|
|
4c8e44 |
|
|
|
4c8e44 |
+ /* Containers can be expected to have /var/log, but they may not have
|
|
|
4c8e44 |
+ * /var/log/pacemaker, so use a different default if no value has been
|
|
|
4c8e44 |
+ * explicitly configured in the container's environment.
|
|
|
4c8e44 |
+ */
|
|
|
4c8e44 |
+ if (daemon_option("logfile") == NULL) {
|
|
|
4c8e44 |
+ set_daemon_option("logfile", "/var/log/pcmk-init.log");
|
|
|
4c8e44 |
+ }
|
|
|
4c8e44 |
+
|
|
|
4c8e44 |
sigfillset(&set);
|
|
|
4c8e44 |
sigprocmask(SIG_BLOCK, &set, 0);
|
|
|
4c8e44 |
|
|
|
4c8e44 |
--
|
|
|
4c8e44 |
1.8.3.1
|
|
|
4c8e44 |
|
|
|
4c8e44 |
|
|
|
4c8e44 |
From 7e362387a092b5617b36a69961115f7703e4d801 Mon Sep 17 00:00:00 2001
|
|
|
4c8e44 |
From: Ken Gaillot <kgaillot@redhat.com>
|
|
|
4c8e44 |
Date: Fri, 17 May 2019 12:39:43 -0500
|
|
|
4c8e44 |
Subject: [PATCH 2/4] Refactor: libpe_status: add enum for bundle mount flags
|
|
|
4c8e44 |
|
|
|
4c8e44 |
More readable than 0 or 1
|
|
|
4c8e44 |
---
|
|
|
4c8e44 |
lib/pengine/bundle.c | 17 +++++++++--------
|
|
|
4c8e44 |
lib/pengine/variant.h | 9 ++++++++-
|
|
|
4c8e44 |
2 files changed, 17 insertions(+), 9 deletions(-)
|
|
|
4c8e44 |
|
|
|
4c8e44 |
diff --git a/lib/pengine/bundle.c b/lib/pengine/bundle.c
|
|
|
4c8e44 |
index 3b32f04..b223f03 100644
|
|
|
4c8e44 |
--- a/lib/pengine/bundle.c
|
|
|
4c8e44 |
+++ b/lib/pengine/bundle.c
|
|
|
4c8e44 |
@@ -228,7 +228,7 @@ create_docker_resource(pe_resource_t *parent, pe__bundle_variant_data_t *data,
|
|
|
4c8e44 |
for(GListPtr pIter = data->mounts; pIter != NULL; pIter = pIter->next) {
|
|
|
4c8e44 |
pe__bundle_mount_t *mount = pIter->data;
|
|
|
4c8e44 |
|
|
|
4c8e44 |
- if(mount->flags) {
|
|
|
4c8e44 |
+ if (is_set(mount->flags, pe__bundle_mount_subdir)) {
|
|
|
4c8e44 |
char *source = crm_strdup_printf(
|
|
|
4c8e44 |
"%s/%s-%d", mount->source, data->prefix, replica->offset);
|
|
|
4c8e44 |
|
|
|
4c8e44 |
@@ -396,7 +396,7 @@ create_podman_resource(pe_resource_t *parent, pe__bundle_variant_data_t *data,
|
|
|
4c8e44 |
for(GListPtr pIter = data->mounts; pIter != NULL; pIter = pIter->next) {
|
|
|
4c8e44 |
pe__bundle_mount_t *mount = pIter->data;
|
|
|
4c8e44 |
|
|
|
4c8e44 |
- if(mount->flags) {
|
|
|
4c8e44 |
+ if (is_set(mount->flags, pe__bundle_mount_subdir)) {
|
|
|
4c8e44 |
char *source = crm_strdup_printf(
|
|
|
4c8e44 |
"%s/%s-%d", mount->source, data->prefix, replica->offset);
|
|
|
4c8e44 |
|
|
|
4c8e44 |
@@ -562,7 +562,7 @@ create_rkt_resource(pe_resource_t *parent, pe__bundle_variant_data_t *data,
|
|
|
4c8e44 |
for(GListPtr pIter = data->mounts; pIter != NULL; pIter = pIter->next) {
|
|
|
4c8e44 |
pe__bundle_mount_t *mount = pIter->data;
|
|
|
4c8e44 |
|
|
|
4c8e44 |
- if(mount->flags) {
|
|
|
4c8e44 |
+ if (is_set(mount->flags, pe__bundle_mount_subdir)) {
|
|
|
4c8e44 |
char *source = crm_strdup_printf(
|
|
|
4c8e44 |
"%s/%s-%d", mount->source, data->prefix, replica->offset);
|
|
|
4c8e44 |
|
|
|
4c8e44 |
@@ -894,7 +894,7 @@ create_container(pe_resource_t *parent, pe__bundle_variant_data_t *data,
|
|
|
4c8e44 |
|
|
|
4c8e44 |
static void
|
|
|
4c8e44 |
mount_add(pe__bundle_variant_data_t *bundle_data, const char *source,
|
|
|
4c8e44 |
- const char *target, const char *options, int flags)
|
|
|
4c8e44 |
+ const char *target, const char *options, uint32_t flags)
|
|
|
4c8e44 |
{
|
|
|
4c8e44 |
pe__bundle_mount_t *mount = calloc(1, sizeof(pe__bundle_mount_t));
|
|
|
4c8e44 |
|
|
|
4c8e44 |
@@ -1142,11 +1142,11 @@ pe__unpack_bundle(pe_resource_t *rsc, pe_working_set_t *data_set)
|
|
|
4c8e44 |
const char *source = crm_element_value(xml_child, "source-dir");
|
|
|
4c8e44 |
const char *target = crm_element_value(xml_child, "target-dir");
|
|
|
4c8e44 |
const char *options = crm_element_value(xml_child, "options");
|
|
|
4c8e44 |
- int flags = 0;
|
|
|
4c8e44 |
+ int flags = pe__bundle_mount_none;
|
|
|
4c8e44 |
|
|
|
4c8e44 |
if (source == NULL) {
|
|
|
4c8e44 |
source = crm_element_value(xml_child, "source-dir-root");
|
|
|
4c8e44 |
- flags = 1;
|
|
|
4c8e44 |
+ set_bit(flags, pe__bundle_mount_subdir);
|
|
|
4c8e44 |
}
|
|
|
4c8e44 |
|
|
|
4c8e44 |
if (source && target) {
|
|
|
4c8e44 |
@@ -1251,9 +1251,10 @@ pe__unpack_bundle(pe_resource_t *rsc, pe_working_set_t *data_set)
|
|
|
4c8e44 |
* reasonable.
|
|
|
4c8e44 |
*/
|
|
|
4c8e44 |
mount_add(bundle_data, DEFAULT_REMOTE_KEY_LOCATION,
|
|
|
4c8e44 |
- DEFAULT_REMOTE_KEY_LOCATION, NULL, 0);
|
|
|
4c8e44 |
+ DEFAULT_REMOTE_KEY_LOCATION, NULL, pe__bundle_mount_none);
|
|
|
4c8e44 |
|
|
|
4c8e44 |
- mount_add(bundle_data, CRM_BUNDLE_DIR, "/var/log", NULL, 1);
|
|
|
4c8e44 |
+ mount_add(bundle_data, CRM_BUNDLE_DIR, "/var/log", NULL,
|
|
|
4c8e44 |
+ pe__bundle_mount_subdir);
|
|
|
4c8e44 |
|
|
|
4c8e44 |
port = calloc(1, sizeof(pe__bundle_port_t));
|
|
|
4c8e44 |
if(bundle_data->control_port) {
|
|
|
4c8e44 |
diff --git a/lib/pengine/variant.h b/lib/pengine/variant.h
|
|
|
4c8e44 |
index f46aa11..7f77eef 100644
|
|
|
4c8e44 |
--- a/lib/pengine/variant.h
|
|
|
4c8e44 |
+++ b/lib/pengine/variant.h
|
|
|
4c8e44 |
@@ -51,11 +51,18 @@ typedef struct {
|
|
|
4c8e44 |
pe_resource_t *remote;
|
|
|
4c8e44 |
} pe__bundle_replica_t;
|
|
|
4c8e44 |
|
|
|
4c8e44 |
+enum pe__bundle_mount_flags {
|
|
|
4c8e44 |
+ pe__bundle_mount_none = 0x00,
|
|
|
4c8e44 |
+
|
|
|
4c8e44 |
+ // mount instance-specific subdirectory rather than source directly
|
|
|
4c8e44 |
+ pe__bundle_mount_subdir = 0x01
|
|
|
4c8e44 |
+};
|
|
|
4c8e44 |
+
|
|
|
4c8e44 |
typedef struct {
|
|
|
4c8e44 |
char *source;
|
|
|
4c8e44 |
char *target;
|
|
|
4c8e44 |
char *options;
|
|
|
4c8e44 |
- int flags;
|
|
|
4c8e44 |
+ uint32_t flags; // bitmask of pe__bundle_mount_flags
|
|
|
4c8e44 |
} pe__bundle_mount_t;
|
|
|
4c8e44 |
|
|
|
4c8e44 |
typedef struct {
|
|
|
4c8e44 |
--
|
|
|
4c8e44 |
1.8.3.1
|
|
|
4c8e44 |
|
|
|
4c8e44 |
|
|
|
4c8e44 |
From 87eac95868930ffda4d964c2b6bd9960b6893cc9 Mon Sep 17 00:00:00 2001
|
|
|
4c8e44 |
From: Ken Gaillot <kgaillot@redhat.com>
|
|
|
4c8e44 |
Date: Fri, 17 May 2019 14:13:54 -0500
|
|
|
4c8e44 |
Subject: [PATCH 3/4] Fix: controller: don't check join status after remote
|
|
|
4c8e44 |
node appears
|
|
|
4c8e44 |
|
|
|
4c8e44 |
Only cluster nodes have join state
|
|
|
4c8e44 |
---
|
|
|
4c8e44 |
daemons/controld/controld_callbacks.c | 2 +-
|
|
|
4c8e44 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
4c8e44 |
|
|
|
4c8e44 |
diff --git a/daemons/controld/controld_callbacks.c b/daemons/controld/controld_callbacks.c
|
|
|
4c8e44 |
index 06ffb9d..3ce7470 100644
|
|
|
4c8e44 |
--- a/daemons/controld/controld_callbacks.c
|
|
|
4c8e44 |
+++ b/daemons/controld/controld_callbacks.c
|
|
|
4c8e44 |
@@ -228,7 +228,7 @@ peer_update_callback(enum crm_status_type type, crm_node_t * node, const void *d
|
|
|
4c8e44 |
crm_trace("Alive=%d, appeared=%d, down=%d",
|
|
|
4c8e44 |
alive, appeared, (down? down->id : -1));
|
|
|
4c8e44 |
|
|
|
4c8e44 |
- if (appeared && (alive > 0)) {
|
|
|
4c8e44 |
+ if (appeared && (alive > 0) && !is_remote) {
|
|
|
4c8e44 |
register_fsa_input_before(C_FSA_INTERNAL, I_NODE_JOIN, NULL);
|
|
|
4c8e44 |
}
|
|
|
4c8e44 |
|
|
|
4c8e44 |
--
|
|
|
4c8e44 |
1.8.3.1
|
|
|
4c8e44 |
|
|
|
4c8e44 |
|
|
|
4c8e44 |
From 5755b63850a17cd91bca28e83c39119378fe1887 Mon Sep 17 00:00:00 2001
|
|
|
4c8e44 |
From: Ken Gaillot <kgaillot@redhat.com>
|
|
|
4c8e44 |
Date: Sat, 18 May 2019 21:59:00 -0500
|
|
|
4c8e44 |
Subject: [PATCH 4/4] Doc: Pacemaker Explained: document effect of SELinux on
|
|
|
4c8e44 |
bundle storage
|
|
|
4c8e44 |
|
|
|
4c8e44 |
---
|
|
|
4c8e44 |
doc/Pacemaker_Explained/en-US/Ch-Advanced-Resources.txt | 15 ++++++++++++---
|
|
|
4c8e44 |
1 file changed, 12 insertions(+), 3 deletions(-)
|
|
|
4c8e44 |
|
|
|
4c8e44 |
diff --git a/doc/Pacemaker_Explained/en-US/Ch-Advanced-Resources.txt b/doc/Pacemaker_Explained/en-US/Ch-Advanced-Resources.txt
|
|
|
4c8e44 |
index e431626..4a181df 100644
|
|
|
4c8e44 |
--- a/doc/Pacemaker_Explained/en-US/Ch-Advanced-Resources.txt
|
|
|
4c8e44 |
+++ b/doc/Pacemaker_Explained/en-US/Ch-Advanced-Resources.txt
|
|
|
4c8e44 |
@@ -999,11 +999,11 @@ association with Docker, Inc. is implied.]
|
|
|
4c8e44 |
|
|
|
4c8e44 |
source-dir="/srv/html"
|
|
|
4c8e44 |
target-dir="/var/www/html"
|
|
|
4c8e44 |
- options="rw"/>
|
|
|
4c8e44 |
+ options="rw,Z"/>
|
|
|
4c8e44 |
|
|
|
4c8e44 |
source-dir-root="/var/log/pacemaker/bundles"
|
|
|
4c8e44 |
target-dir="/etc/httpd/logs"
|
|
|
4c8e44 |
- options="rw"/>
|
|
|
4c8e44 |
+ options="rw,Z"/>
|
|
|
4c8e44 |
</storage>
|
|
|
4c8e44 |
<primitive class="ocf" id="httpd" provider="heartbeat" type="apache"/>
|
|
|
4c8e44 |
</bundle>
|
|
|
4c8e44 |
@@ -1293,7 +1293,8 @@ indexterm:[bundle,storage,storage-mapping]
|
|
|
4c8e44 |
|
|
|
4c8e44 |
|options
|
|
|
4c8e44 |
|
|
|
|
4c8e44 |
-|File system mount options to use when mapping the storage
|
|
|
4c8e44 |
+|A comma-separated list of file system mount options to use when mapping the
|
|
|
4c8e44 |
+ storage
|
|
|
4c8e44 |
indexterm:[options,storage-mapping]
|
|
|
4c8e44 |
indexterm:[storage-mapping,Property,options]
|
|
|
4c8e44 |
|
|
|
4c8e44 |
@@ -1322,6 +1323,14 @@ The +PCMK_authkey_location+ environment variable must not be set to anything
|
|
|
4c8e44 |
other than the default of `/etc/pacemaker/authkey` on any node in the cluster.
|
|
|
4c8e44 |
====
|
|
|
4c8e44 |
|
|
|
4c8e44 |
+[IMPORTANT]
|
|
|
4c8e44 |
+====
|
|
|
4c8e44 |
+If SELinux is used in enforcing mode on the host, you must ensure the container
|
|
|
4c8e44 |
+is allowed to use any storage you mount into it. For Docker and podman bundles,
|
|
|
4c8e44 |
+adding "Z" to the mount options will create a container-specific label for the
|
|
|
4c8e44 |
+mount that allows the container access.
|
|
|
4c8e44 |
+====
|
|
|
4c8e44 |
+
|
|
|
4c8e44 |
=== Bundle Primitive ===
|
|
|
4c8e44 |
|
|
|
4c8e44 |
A bundle may optionally contain one +<primitive>+ resource
|
|
|
4c8e44 |
--
|
|
|
4c8e44 |
1.8.3.1
|
|
|
4c8e44 |
|