Hide Forgot
Description of problem: Chapter 2. Starting the Broker Running multiple brokers on a single machine now contains the description that multiple brokers can be ran on single machine as part of bug 651618. The subchapter should warn about SELinux caveats of this approach. Running the MRG/M broker as service (service qpidd start) runs the qpidd proces under correct SELinux context root:system_r:initrc_t while running qpidd process manually as shown in the 'Running multiple brokers on a single machine' subchapter causes that all brokers are ran under different SELinux context (root:system_r:unconfined_t:SystemLow-SystemHigh). This fact does not have so much impact when multiple brokers on single machine are standalone, but in case of clustered configuration there might be seen qpidd hangs / start-up problems because SELinux will block some broker functionality as qpidd SELinux rules expect qpidd process ran under different context. Version-Release number of selected component (if applicable): MRG/M IG Revision 4-6 (on docs stage atm) How reproducible: N/A (100%) Steps to Reproduce: 1. Look at Chapter 2. Starting the Broker subchapter 'Running multiple brokers on a single machine' Actual results: The current description does not highlight the pitfalls of such approach. Expected results: The current description should highlight the pitfalls of such approach. Additional info (this terminal transcript showing the SELinux contexts): [root@dhcp-26-233 bz667428]# ps -Z $(pidof qpidd) LABEL PID TTY STAT TIME COMMAND root:system_r:initrc_t 5610 ? Ssl 0:00 /usr/sbin/qpidd --data-dir /var/lib/qpidd --daemon [root@dhcp-26-233 bz667428]# qpidd -p 0 --data-dir=/tmp/dd -d 2011-02-10 11:04:17 info Loaded Module: /usr/lib64/qpid/daemon/cluster.so 2011-02-10 11:04:18 info Loaded Module: /usr/lib64/qpid/daemon/xml.so 2011-02-10 11:04:18 info Loaded Module: /usr/lib64/qpid/daemon/acl.so 2011-02-10 11:04:18 info Loaded Module: /usr/lib64/qpid/daemon/ssl.so 2011-02-10 11:04:18 info Loaded Module: /usr/lib64/qpid/daemon/watchdog.so 2011-02-10 11:04:18 info Loaded Module: /usr/lib64/qpid/daemon/replication_exchange.so 2011-02-10 11:04:18 info Loaded Module: /usr/lib64/qpid/daemon/msgstore.so 2011-02-10 11:04:18 info Loaded Module: /usr/lib64/qpid/daemon/replicating_listener.so 53157 [root@dhcp-26-233 bz667428]# ps -Z $(pidof qpidd) LABEL PID TTY STAT TIME COMMAND root:system_r:initrc_t 5610 ? Ssl 0:00 /usr/sbin/qpidd --data-dir /var/lib/qpidd --daemon root:system_r:unconfined_t:SystemLow-SystemHigh 5646 ? Ssl 0:00 qpidd -p 0 --data-dir=/tmp/dd -d
I propose following tunings: -In clustered machine configurations running the <command>qpidd -p 0</command> command may result in hangs or start-up issues due to SELinux blocking broker functionality. This is caused by &RHM; SELinux rules expecting the process to be run under the same SELinux context. +In clustered machine configurations running the <command>qpidd -p 0</command> command may result in hangs or start-up issues due to SELinux blocking broker functionality. This is caused by &RHM; SELinux rules expecting the process to be run under correct SELinux context. Following line is incorrect (so remove): -Running multiple brokers on a single standalone machine should not result in this issue. Proposed change: +Running MRG/M cluster on multiple machines where each machine executes single instance of MRG/M clustered broker started via service (service qpidd start) should not result in this issue. -> ASSIGNED
The requested documentation was included in Messaging_Installation_Guide v 5-2. -> VERIFIED