Bug 708722 - log permission errors starting pacemaker
Summary: log permission errors starting pacemaker
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pacemaker
Version: 6.1
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Andrew Beekhof
QA Contact: Cluster QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-29 04:51 UTC by Madison Kelly
Modified: 2016-04-26 16:07 UTC (History)
3 users (show)

Fixed In Version: pacemaker-1.1.5-7.el6
Doc Type: Technology Preview
Doc Text:
Prior to this update, when the pacemaker daemon did not have permission to write to the /var/log/cluster/corosync.log file, it wrote the following error to the system log: attrd: Cannot append to /var/log/cluster/corosync.log: Permission denied This update applies a patch to ensure that when such an error occurs, Pacemaker logs this problem on startup and no longer tries to access this file.
Clone Of:
Environment:
Last Closed: 2011-12-06 16:50:34 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1669 0 normal SHIPPED_LIVE pacemaker bug fix and enhancement update 2011-12-06 00:50:15 UTC

Description Madison Kelly 2011-05-29 04:51:14 UTC 
Description of problem:

When starting the pacemaker daemon with the stock logging options, errors are printed into syslog saying that it was not possible to append to /var/log/cluster/corosync.log. Despite this warning, the log file is actually written to.

Example:

May 28 14:45:02 an-node02 attrd: Cannot append to /var/log/cluster/corosync.log: Permission denied

This is because /var/log/cluster is owned by root:root with the mode 0700. Changing the mode to 0770 removes this problem.

Version-Release number of selected component (if applicable):

pacemaker-1.1.5-5.el6.x86_64

How reproducible:

100% (two separate nodes had the same problem)

Steps to Reproduce:
1. Install pacemaker and corosync. Set corosync's config as per beekhof's "cluster from scratch".
2. Start corosync, then start pacemaker.
3. Check contents of /var/log/messages. Errors will be apparent.
  
Actual results:

Errors in syslog.

Expected results:

No errors in syslog.

Additional info:
Comment 4 Andrew Beekhof 2011-07-12 02:40:16 UTC 
0710 seems to be sufficient.
I'm reluctant to change permissions on a directory like that though.
Especially since the user can configure any location for the log file.

I think instead the controlling daemon (pacemakerd) should log an error and not instruct children to use that log file.
Comment 5 Andrew Beekhof 2011-07-12 03:23:21 UTC 
Fixed in:
   http://hg.clusterlabs.org/pacemaker/devel/rev/cab5da91c060
Comment 7 Madison Kelly 2011-08-08 23:42:41 UTC 
Following that link returns;

00manifest.i@cab5da91c060: no match found
Comment 9 Lon Hohberger 2011-09-28 20:47:01 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Pacemaker continues to be a Technology Preview in Red Hat Enterprise Linux 6.2
Comment 10 Jaroslav Kortus 2011-10-17 14:14:19 UTC 
http://hg.clusterlabs.org/pacemaker/devel/rev/a326e60c23d7ab7b566316deca71c2481aa3fc96 seems to be the correct link to relevant patch
Comment 12 Jaromir Hradilek 2011-10-26 09:30:59 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1,5 @@
-Pacemaker continues to be a Technology Preview in Red Hat Enterprise Linux 6.2+Prior to this update, when the pacemaker daemon did not have permission to write to the /var/log/cluster/corosync.log file, it wrote the following error to the system log:
+
+    attrd: Cannot append to /var/log/cluster/corosync.log: Permission denied
+
+This update applies a patch to ensure that when such an error occurs, Pacemaker logs this problem on startup and no longer tries to access this file.
Comment 14 errata-xmlrpc 2011-12-06 16:50:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1669.html
Note You need to log in before you can comment on or make changes to this bug.