On Thu, Feb 14, 2008 at 09:54:05AM -0700, Serge Dubrouski wrote: > On Thu, Feb 14, 2008 at 9:48 AM, Dejan Muhamedagic <[EMAIL PROTECTED]> wrote: > > Hi, > > > > > > On Thu, Feb 14, 2008 at 06:33:11AM -0700, Serge Dubrouski wrote: > > > On Thu, Feb 14, 2008 at 4:42 AM, Dejan Muhamedagic <[EMAIL PROTECTED]> > > wrote: > > > > Hi, > > > > > > > > > > > > On Wed, Feb 13, 2008 at 08:47:42AM -0700, Serge Dubrouski wrote: > > > > > > > > > The problem is that by default PG_DATA isn't readable by everybody, > > > > > but OCF spec requires that "status" command should work for any > > user, > > > > > also "stop" command should report service down for for stopped > > service > > > > > for any user as well. That's why I have to use this double logic. > > > > > > > > Is that really so? Which specification? At any rate, all resource > > > > agents are run as user root by lrmd. The RA is of course free to > > > > switch to another uid where appropriate. > > > > > > > > > > Just before 2.1.3 release I was told by Andrew that it had to work > > > that way so I had to modify pgsql status function. May be I > > > misuderstood something. > > > > I think you did, unless Andrew can clarify further. The meta-data > > and usage must work as any user. The status/monitor sometimes > > definitely can't. Besides, as I said, all RAs are run as root by > > the cluster. > > That's right. As far as I remember the main question was to report te > correct status for a stopped resource. Old version of pgsql used to > report OCF_ERROR instead of OCF_NOTRUNNING for non-root users, that > was concidered incorrect.
I still don't understand why should that be considered incorrect if all RAs (OCF or other) are run as root. For example, some RAs depend on this to do a su(1) which shouldn't ask for password. It'd be simply impossible to implement all RAs without the premise that they are going to run as root. > Anyway the patch thia I attached earlier solves the problem with > several instances of PostgreSQL running on the same node. You probably > should put it into Mercury, unless Hideo reports some other problem. OK. I was also expecting a definite answer from him. Thanks, Dejan > > Thanks. > > Serge Dubrouski. > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
