From f7389ac6f67804f20393951462a59a0b505dfe03 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Tue, 21 Jul 2020 16:41:18 -0500
Subject: [PATCH] Fix: executor: only send executor notifications to executor
clients
This bug has existed since Pacemaker Remote was first implemented, but was
hidden until crm_node -l/-p was recently modified to go through controller IPC,
because other command-line IPC API clients either fire-and-forget IPC requests
or merely count replies, rather than parse the content of replies.
Previously, when the executor sent notifications of results, it broadcast the
notification to all IPC clients. Normally this behavior makes sense, but for
the executor in particular, it may be running as pacemaker-remoted, in which
case its IPC clients include not only clients that connected to the executor
IPC, but clients that connected via proxy to other IPC APIs on the cluster node
hosting the remote connection.
With crm_node -l/-p, this meant that it was possible for an executor API
notification to arrive while crm_node was waiting for a controller IPC reply.
It would not find the information it needed and would report a protocol
violation error.
The fix is to send executor notifications only to executor clients.
---
daemons/execd/execd_commands.c | 9 +++++++++
daemons/execd/remoted_proxy.c | 5 +++++
include/crm/common/ipc_internal.h | 5 +++--
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/daemons/execd/execd_commands.c b/daemons/execd/execd_commands.c
index aaf2976..685fcc7 100644
--- a/daemons/execd/execd_commands.c
+++ b/daemons/execd/execd_commands.c
@@ -507,6 +507,15 @@ send_client_notify(gpointer key, gpointer value, gpointer user_data)
crm_trace("Skipping notification to client without name");
return;
}
+ if (is_set(client->flags, pcmk__client_to_proxy)) {
+ /* We only want to notify clients of the executor IPC API. If we are
+ * running as Pacemaker Remote, we may have clients proxied to other
+ * IPC services in the cluster, so skip those.
+ */
+ crm_trace("Skipping executor API notification to %s IPC client",
+ client->name);
+ return;
+ }
rc = lrmd_server_send_notify(client, update_msg);
if (rc == pcmk_rc_ok) {
diff --git a/daemons/execd/remoted_proxy.c b/daemons/execd/remoted_proxy.c
index dda7eed..5c58de4 100644
--- a/daemons/execd/remoted_proxy.c
+++ b/daemons/execd/remoted_proxy.c
@@ -88,6 +88,11 @@ ipc_proxy_accept(qb_ipcs_connection_t * c, uid_t uid, gid_t gid, const char *ipc
client->userdata = strdup(ipc_proxy->id);
client->name = crm_strdup_printf("proxy-%s-%d-%.8s", ipc_channel, client->pid, client->id);
+ /* Allow remote executor to distinguish between proxied local clients and
+ * actual executor API clients
+ */
+ set_bit(client->flags, pcmk__client_to_proxy);
+
g_hash_table_insert(ipc_clients, client->id, client);
msg = create_xml_node(NULL, T_LRMD_IPC_PROXY);
diff --git a/include/crm/common/ipc_internal.h b/include/crm/common/ipc_internal.h
index 6a1fcf3..91b3435 100644
--- a/include/crm/common/ipc_internal.h
+++ b/include/crm/common/ipc_internal.h
@@ -121,8 +121,9 @@ struct pcmk__remote_s {
};
enum pcmk__client_flags {
- pcmk__client_proxied = 0x00001, /* ipc_proxy code only */
- pcmk__client_privileged = 0x00002, /* root or cluster user */
+ pcmk__client_proxied = (1 << 0), // Remote client behind proxy
+ pcmk__client_privileged = (1 << 1), // root or cluster user
+ pcmk__client_to_proxy = (1 << 2), // Local client to be proxied
};
struct pcmk__client_s {
--
1.8.3.1