|
 |
b94b9d |
From 2462caf264c487810805c40a546a4dc3f953c340 Mon Sep 17 00:00:00 2001
|
|
|
b94b9d |
From: Michele Baldessari <michele@acksyn.org>
|
|
|
b94b9d |
Date: Wed, 3 Oct 2018 18:07:31 +0200
|
|
|
b94b9d |
Subject: [PATCH] Do not use the absolute path in redis' pidof calls
|
|
|
b94b9d |
|
|
|
b94b9d |
The reason for this is that newer kernels (we saw this on a 4.18 kernel)
|
|
|
b94b9d |
can limit access to /proc/<pid>/{cwd,exe,root} and so pidof will fail to
|
|
|
b94b9d |
identify the process when using the full path names.
|
|
|
b94b9d |
This access limitation happens even with the root user:
|
|
|
b94b9d |
()[root@ra1 /]$ ls -l /proc/32/ |grep redis-server
|
|
|
b94b9d |
ls: cannot read symbolic link '/proc/32/cwd': Permission denied
|
|
|
b94b9d |
ls: cannot read symbolic link '/proc/32/root': Permission denied
|
|
|
b94b9d |
ls: cannot read symbolic link '/proc/32/exe': Permission denied
|
|
|
b94b9d |
|
|
|
b94b9d |
For this reason the 'pidof /usr/bin/redis-server' calls will fail
|
|
|
b94b9d |
when running inside containers that have this kernel protection
|
|
|
b94b9d |
mechanism.
|
|
|
b94b9d |
|
|
|
b94b9d |
We tested this change and successfuly obtained a running redis cluster:
|
|
|
b94b9d |
podman container set: redis-bundle [192.168.222.1:5000/redis:latest]
|
|
|
b94b9d |
Replica[0]
|
|
|
b94b9d |
redis-bundle-podman-0 (ocf::heartbeat:podman): Started ra1
|
|
|
b94b9d |
redis-bundle-0 (ocf::pacemaker:remote): Started ra1
|
|
|
b94b9d |
redis (ocf::heartbeat:redis): Master redis-bundle-0
|
|
|
b94b9d |
Replica[1]
|
|
|
b94b9d |
redis-bundle-podman-1 (ocf::heartbeat:podman): Started ra2
|
|
|
b94b9d |
redis-bundle-1 (ocf::pacemaker:remote): Started ra2
|
|
|
b94b9d |
redis (ocf::heartbeat:redis): Slave redis-bundle-1
|
|
|
b94b9d |
Replica[2]
|
|
|
b94b9d |
redis-bundle-podman-2 (ocf::heartbeat:podman): Started ra3
|
|
|
b94b9d |
redis-bundle-2 (ocf::pacemaker:remote): Started ra3
|
|
|
b94b9d |
redis (ocf::heartbeat:redis): Slave redis-bundle-2
|
|
|
b94b9d |
|
|
|
b94b9d |
Signed-off-By: Damien Ciabrini <dciabrin@redhat.com>
|
|
|
b94b9d |
Signed-off-by: Michele Baldessari <michele@acksyn.org>
|
|
|
b94b9d |
---
|
|
|
b94b9d |
heartbeat/redis.in | 4 ++--
|
|
|
b94b9d |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
b94b9d |
|
|
|
b94b9d |
diff --git a/heartbeat/redis.in b/heartbeat/redis.in
|
|
|
b94b9d |
index ddc62d8a7..1dff067e9 100644
|
|
|
b94b9d |
--- a/heartbeat/redis.in
|
|
|
b94b9d |
+++ b/heartbeat/redis.in
|
|
|
b94b9d |
@@ -316,7 +316,7 @@ simple_status() {
|
|
|
b94b9d |
fi
|
|
|
b94b9d |
|
|
|
b94b9d |
pid="$(<"$REDIS_PIDFILE")"
|
|
|
b94b9d |
- pidof "$REDIS_SERVER" | grep -q "\<$pid\>" || return $OCF_NOT_RUNNING
|
|
|
b94b9d |
+ pidof $(basename "$REDIS_SERVER") | grep -q "\<$pid\>" || return $OCF_NOT_RUNNING
|
|
|
b94b9d |
|
|
|
b94b9d |
ocf_log debug "monitor: redis-server running under pid $pid"
|
|
|
b94b9d |
|
|
|
b94b9d |
@@ -465,7 +465,7 @@ redis_start() {
|
|
|
b94b9d |
break
|
|
|
b94b9d |
elif (( info[loading] == 1 )); then
|
|
|
b94b9d |
sleep "${info[loading_eta_seconds]}"
|
|
|
b94b9d |
- elif pidof "$REDIS_SERVER" >/dev/null; then
|
|
|
b94b9d |
+ elif pidof $(basename "$REDIS_SERVER") >/dev/null; then
|
|
|
b94b9d |
# unknown error, but the process still exists.
|
|
|
b94b9d |
# This check is mainly because redis daemonizes before it starts listening, causing `redis-cli` to fail
|
|
|
b94b9d |
# See https://github.com/antirez/redis/issues/2368
|