Do not use the absolute path in redis' pidof calls
2462caf264c4
Actions

Description

Do not use the absolute path in redis' pidof calls

The reason for this is that newer kernels (we saw this on a 4.18 kernel)
can limit access to /proc/<pid>/{cwd,exe,root} and so pidof will fail to
identify the process when using the full path names.
This access limitation happens even with the root user:
()[root@ra1 /]$ ls -l /proc/32/ |grep redis-server
ls: cannot read symbolic link '/proc/32/cwd': Permission denied
ls: cannot read symbolic link '/proc/32/root': Permission denied
ls: cannot read symbolic link '/proc/32/exe': Permission denied

For this reason the 'pidof /usr/bin/redis-server' calls will fail
when running inside containers that have this kernel protection
mechanism.

We tested this change and successfuly obtained a running redis cluster:
podman container set: redis-bundle [192.168.222.1:5000/redis:latest]

Replica[0]
   redis-bundle-podman-0     (ocf::heartbeat:podman):        Started ra1
   redis-bundle-0    (ocf::pacemaker:remote):        Started ra1
   redis     (ocf::heartbeat:redis): Master redis-bundle-0
Replica[1]
   redis-bundle-podman-1     (ocf::heartbeat:podman):        Started ra2
   redis-bundle-1    (ocf::pacemaker:remote):        Started ra2
   redis     (ocf::heartbeat:redis): Slave redis-bundle-1
Replica[2]
   redis-bundle-podman-2     (ocf::heartbeat:podman):        Started ra3
   redis-bundle-2    (ocf::pacemaker:remote):        Started ra3
   redis     (ocf::heartbeat:redis): Slave redis-bundle-2

Signed-off-By: Damien Ciabrini <dciabrin@redhat.com>
Signed-off-by: Michele Baldessari <michele@acksyn.org>

Details

Provenance

Michele Baldessari <michele@acksyn.org>

Authored on Oct 3 2018, 12:07 PM

Parents

rR046fb9d180c6: Merge pull request #1210 from HideoYamauchi/apache_change

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (1)

Path

Size

heartbeat/

redis.in

rR2462caf264c4

View Options