Bug 708722 - log permission errors starting pacemaker
log permission errors starting pacemaker
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pacemaker (Show other bugs)
6.1
Unspecified Unspecified
low Severity low
: rc
: ---
Assigned To: Andrew Beekhof
Cluster QE
: TechPreview
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-05-29 00:51 EDT by digimer
Modified: 2016-04-26 12:07 EDT (History)
3 users (show)

See Also:
Fixed In Version: pacemaker-1.1.5-7.el6
Doc Type: Technology Preview
Doc Text:
Prior to this update, when the pacemaker daemon did not have permission to write to the /var/log/cluster/corosync.log file, it wrote the following error to the system log: attrd: Cannot append to /var/log/cluster/corosync.log: Permission denied This update applies a patch to ensure that when such an error occurs, Pacemaker logs this problem on startup and no longer tries to access this file.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-12-06 11:50:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description digimer 2011-05-29 00:51:14 EDT
Description of problem:

When starting the pacemaker daemon with the stock logging options, errors are printed into syslog saying that it was not possible to append to /var/log/cluster/corosync.log. Despite this warning, the log file is actually written to.

Example:

May 28 14:45:02 an-node02 attrd: Cannot append to /var/log/cluster/corosync.log: Permission denied

This is because /var/log/cluster is owned by root:root with the mode 0700. Changing the mode to 0770 removes this problem.

Version-Release number of selected component (if applicable):

pacemaker-1.1.5-5.el6.x86_64

How reproducible:

100% (two separate nodes had the same problem)

Steps to Reproduce:
1. Install pacemaker and corosync. Set corosync's config as per beekhof's "cluster from scratch".
2. Start corosync, then start pacemaker.
3. Check contents of /var/log/messages. Errors will be apparent.
  
Actual results:

Errors in syslog.

Expected results:

No errors in syslog.

Additional info:
Comment 4 Andrew Beekhof 2011-07-11 22:40:16 EDT
0710 seems to be sufficient.
I'm reluctant to change permissions on a directory like that though.
Especially since the user can configure any location for the log file.

I think instead the controlling daemon (pacemakerd) should log an error and not instruct children to use that log file.
Comment 5 Andrew Beekhof 2011-07-11 23:23:21 EDT
Fixed in:
   http://hg.clusterlabs.org/pacemaker/devel/rev/cab5da91c060
Comment 7 digimer 2011-08-08 19:42:41 EDT
Following that link returns;

00manifest.i@cab5da91c060: no match found
Comment 9 Lon Hohberger 2011-09-28 16:47:01 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Pacemaker continues to be a Technology Preview in Red Hat Enterprise Linux 6.2
Comment 10 Jaroslav Kortus 2011-10-17 10:14:19 EDT
http://hg.clusterlabs.org/pacemaker/devel/rev/a326e60c23d7ab7b566316deca71c2481aa3fc96 seems to be the correct link to relevant patch
Comment 12 Jaromir Hradilek 2011-10-26 05:30:59 EDT
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1,5 @@
-Pacemaker continues to be a Technology Preview in Red Hat Enterprise Linux 6.2+Prior to this update, when the pacemaker daemon did not have permission to write to the /var/log/cluster/corosync.log file, it wrote the following error to the system log:
+
+    attrd: Cannot append to /var/log/cluster/corosync.log: Permission denied
+
+This update applies a patch to ensure that when such an error occurs, Pacemaker logs this problem on startup and no longer tries to access this file.
Comment 14 errata-xmlrpc 2011-12-06 11:50:34 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1669.html

Note You need to log in before you can comment on or make changes to this bug.