Description of problem: In previous version (rgmanager-1.9.38-0) it wasn't necessary to be root to invoke clustat. Now, clustat hangs when invoked by non-root user, looping over a bind call that fails with permission denied error. strace shows: rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 nanosleep({3, 0}, {3, 0}) = 0 socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = 4 setsockopt(4, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 bind(4, {sa_family=AF_INET6, sin6_port=htons(988), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EACCES (Permission denied) close(4) = 0 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 4 bind(4, {sa_family=AF_INET, sin_port=htons(902), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EACCES (Permission denied) close(4) = 0 socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = 4 setsockopt(4, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 bind(4, {sa_family=AF_INET6, sin6_port=htons(987), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EACCES (Permission denied) close(4) = 0 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 4 bind(4, {sa_family=AF_INET, sin_port=htons(903), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EACCES (Permission denied) close(4) = 0 rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 nanosleep({3, 0}, {3, 0}) = 0 socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = 4 setsockopt(4, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 bind(4, {sa_family=AF_INET6, sin6_port=htons(986), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EACCES (Permission denied) close(4) = 0 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 4 bind(4, {sa_family=AF_INET, sin_port=htons(904), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EACCES (Permission denied) close(4) = 0 ... Version-Release number of selected component (if applicable): rgmanager-1.9.39-0 How reproducible: Steps to Reproduce: 1. Run /usr/sbin/clustat as a non-root user.
Connecting to ccs requires root privileges (as the configuration may contain privileged information). Thus, clustat requires root privileges. chmod +s /usr/sbin/clustat ...will allow non-root users to use clustat. I will change it so that root privileges are not *required*, but you will lose some functionality. What it does currently (hangs) is certainly not correct behavior.
Created attachment 120604 [details] Fixed behavior
I confirm the patch works. However, running as non-root shows every member is Local, and XML output shows state="1" in <node> element, while root invocation shows non-Local and state="0" for non-local hosts. Is this the lack of functionality you referred to?
Actually, it seems like a bug that non-root invocation thinks every node is local. Node names are hostnames and any user can see what the local host is called. In fact, "cman_tool status" (which any user can run) has a Node name line that identifies the local node.
You are correct, it should only display *one* local node. The lack of functionality is that all "down" nodes will be absent from the output.
Created attachment 120622 [details] Fixed behavior, try #2 This adds all the info that a regular clustat would display for a given node to the XML output.
Thanks, the second patch works: [user@node1 ~]$ /usr/sbin/clustat Member Status: Quorate Member Name Status ------ ---- ------ node2.domain.com Online, rgmanager node3.domain.com Online, rgmanager node1.domain.com Online, Local, rgmanager Service Name Owner (Last) State ------- ---- ----- ------ ----- svc1.domain.com node1.domain.com started svc2.domain.com node2.domain.com started [user@node1 ~]$ /usr/sbin/clustat -x <?xml version="1.0"?> <clustat version="4.1"> <quorum quorate="1" groupmember="1"/> <nodes> <node name="node2.domain.com" state="1" local="0" estranged="0" rgmanager="1" nodeid="0x0000000000000003"/> <node name="node3.domain.com" state="1" local="0" estranged="0" rgmanager="1" nodeid="0x0000000000000002"/> <node name="node1.domain.com" state="1" local="1" estranged="0" rgmanager="1" nodeid="0x0000000000000001"/> </nodes> <groups> <group name="svc1.domain.com" state="112" state_str="started" owner="node1.domain.com" last_owner="node1.domain.com" restarts="0"/> <group name="svc2.domain.com" state="112" state_str="started" owner="node2.domain.com" last_owner="node3.domain.com" restarts="0"/> </groups> </clustat>
Regarding the lack of functionality to show down nodes when invoked as non-root, note "cman_tool nodes" can return the data correctly. (You can therefore argue clustat's inability to do the same is not a big deal...)
If CMAN is reporting nodes as down when we do a get-members query, clustat will show the nodes as down. If it only returns currently active members, then it will not show the nodes :) Yeah, not a big deal.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0173.html