Page MenuHomeClusterLabs Projects
Create Task
Maniphest T747

Check for binary changes before respawning failed subdaemons
Open, WishlistPublic
Actions

Description

If pacemakerd needs to respawn a failed subdaemon, and the pacemaker software has been updated since pacemakerd started, it will start a newer version of the subdaemon than itself (and likely other subdaemons).

Possible solutions:

  • Do an initial handshake that includes the Pacemaker version and exit fatally (or do a full restart of Pacemaker) if mismatched.
  • At pacemakerd startup, check subdaemon binaries in some fashion (hash or file characteristics) and exit fatally (or restart) if mismatched when respawn is needed.

Event Timeline

kgaillot triaged this task as Wishlist priority.Jan 10 2024, 5:53 PM
kgaillot created this task.
kgaillot created this object with edit policy "Restricted Project (Project)".
clumens added a subscriber: clumens.Wed, Aug 13, 10:41 AM

This is a little overdesigned, but the first thing that occurs to me would be:

  • Have gcc add an ELF note to the subdaemon binaries. This would probably take the form of a string that's the build stamp. There are already a couple notes added to binaries when they're compiled in Fedora, but they're not useful for our purposes. For example, eu-readelf -a /bin/ls shows a .note.gnu.build-id and a .note.package. The former is unique to the binary, and the latter is Fedora specific. Our note would could be BUILD_VERSION and it would be the same across all subdaemons.
  • When pacemakerd starts, it uses libelf to read itself and extract the note, storing it either in some global state or other long-lived struct.
  • When pacemakerd goes to respawn a subdaemon, it uses libelf to read the subdaemon and extracts the note there too. If the note is present and does not match what pacemakerd is expecting, log an error and stop. Otherwise (the note matches the expected, or one of pacemakerd or the subdaemon is missing the note), proceed with the respawn.

We can use the __attribute__((section(".note.pacemaker"))) gcc attribute to do this. clang supports this attribute too. There's plenty of example code out there for adding notes and using libelf. One thing to be careful with is that sometimes notes get stripped out at packaging time.

clumens merged a task: Restricted Maniphest Task.Fri, Aug 15, 4:21 PM