Created attachment 632859 [details] Example cluster.conf +++ This bug was initially created as a clone of Bug #869695 +++ Created attachment 632838 [details] Example cluster.conf > Description of problem: SAP instances started by SAPInstance cluster resource agent inherit limits on system resources (e.g. max # of open file descriptors) for root user. SAP instances need higher limits on the maximum number of open files (ulimit -n), the maximum stack size (ulimit -s) and the maximum size of data segments (ulimit -d). Those limits can not be applied by PAM due to the way that SAP processes are started by cluster, see "Additional info" below. > Version-Release number of selected component (if applicable): rgmanager-2.0.52-28.el5_8.5 > How reproducible: Always. > Steps to Reproduce: 1. Configure a clustered SAP instance (see attached cluster.conf example). 2. Start the clustered service that includes the SAP instance (clusvcadm -e). 3. Observe current resource limits of the instance processes: # ps -ef | grep jepadm |grep -v grep jepadm 6032 1 0 Oct23 ? 00:00:18 /usr/sap/JEP/ASCS00/exe/sapstartsrv pf=/sapmnt/JEP/profile/JEP_ASCS00_jep-ascs -D -u jepadm jepadm 6307 1 0 Oct23 ? 00:00:00 sapstart pf=/sapmnt/JEP/profile/JEP_ASCS00_jep-ascs jepadm 6322 6307 0 Oct23 ? 00:00:01 ms.sapJEP_ASCS00 pf=/usr/sap/JEP/SYS/profile/JEP_ASCS00_jep-ascs jepadm 6323 6307 0 Oct23 ? 00:00:23 en.sapJEP_ASCS00 pf=/usr/sap/JEP/SYS/profile/JEP_ASCS00_jep-ascs > Actual results: # for i in 6032 6307 6322 6323 ; do echo "$i:"; cat /proc/$i/limits | egrep "open|data|stack"; done 6032: Max data size unlimited unlimited bytes Max stack size 10485760 unlimited bytes Max open files 1024 4096 files 6307: Max data size unlimited unlimited bytes Max stack size 10485760 unlimited bytes Max open files 1024 4096 files 6322: Max data size unlimited unlimited bytes Max stack size 10485760 unlimited bytes Max open files 1024 4096 files 6323: Max data size unlimited unlimited bytes Max stack size 10485760 unlimited bytes Max open files 1024 4096 files > Expected results: Limits specified in /usr/sap/sapservices are taken into account by SAPInstance RA: # for i in 6032 6307 6322 6323 ; do echo "$i:"; cat /proc/$i/limits | egrep "open|data|stack"; done 6032: Max data size unlimited unlimited bytes Max stack size 268435456 268435456 bytes Max open files 65536 65536 files 6307: Max data size unlimited unlimited bytes Max stack size 268435456 268435456 bytes Max open files 65536 65536 files 6322: Max data size unlimited unlimited bytes Max stack size 268435456 268435456 bytes Max open files 65536 65536 files 6323: Max data size unlimited unlimited bytes Max stack size 268435456 268435456 bytes Max open files 65536 65536 files > Additional info: Currently the following sequence of events occurs when rgmanager starts a SAP Instance: - rgmanager starts SAPInstance RA as root. - SAPInstance starts sapstartsrv as root with the account username as a parameter ('-u'): 195 $SAPSTARTSRV pf=$SAPSTARTPROFILE -D -u $sidadm ^ - sapstartsrv process starts as root and drops privileges by calling setgid() and setuid() (and then clones into new processes). - SAPInstance calls sapcontrol to start the instance: 270 output=`$SAPCONTROL -nr $InstanceNr -function Start` - sapcontrol instructs sapstartsrv to start SAP instance as described in [1]. Due to this sequence of events: - PAM limits configured in /etc/security/limits.conf as described in SAP note 1496410 are not applied to processes started by rgmanager/SAPInstance RA. - limits configured in /usr/sap/sapservices as described in SAP note 1437105 are not applied either since instances are not started by /etc/init.d/sapinit but by rgmanager/SAPInstance RA instead. SAPInstance RA should take limits configured in /usr/sap/sapservices into account. If no limits are specified in /usr/sap/sapservices then safe default limits should be applied. [1] http://help.sap.com/saphelp_nw73ehp1/helpdata/en/b3/903925c34a45e28a2861b59c3c5623/content.htm --- Additional comment from jentrena on 2012-10-24 16:12:02 BST --- Created attachment 632842 [details] Example /usr/sap/sapservices --- Additional comment from jentrena on 2012-10-24 16:13:03 BST --- Created attachment 632844 [details] SAP note 1437105 --- Additional comment from jentrena on 2012-10-24 16:13:58 BST --- Created attachment 632846 [details] SAP note 1496410 --- Additional comment from pm-rhel on 2012-10-24 16:15:18 BST --- Since this bug report was entered in bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
Created attachment 632860 [details] Example /usr/sap/sapservices
Applied patch from upstream resources.git that resolved bug #869695
s/resources/resource-agents/
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1316.html