[Pacemaker] Occasional nonsensical resource agent errors, redux

Ken Gaillot kjgaillo at gleim.com
Mon Nov 3 17:36:40 CET 2014


On 11/03/2014 09:26 AM, Dejan Muhamedagic wrote:
> On Mon, Nov 03, 2014 at 08:46:00AM +0300, Andrei Borzenkov wrote:
>> В Mon, 3 Nov 2014 13:32:45 +1100
>> Andrew Beekhof <andrew at beekhof.net> пишет:
>>
>>>
>>>> On 1 Nov 2014, at 11:03 pm, Patrick Kane <pmk at wawd.com> wrote:
>>>>
>>>> Hi all:
>>>>
>>>> In July, list member Ken Gaillot reported occasional nonsensical resource agent errors using Pacemaker (http://oss.clusterlabs.org/pipermail/pacemaker/2014-July/022231.html).
>>>>
>>>> We're seeing similar issues with our install.  We have a 2 node corosync/pacemaker failover configuration that is using the ocf:heartbeat:IPaddr2 resource agent extensively.  About once a week, we'll get an error like this, out of the blue:
>>>>
>>>>    Nov  1 05:23:57 lb02 IPaddr2(anon_ip)[32312]: ERROR: Setup problem: couldn't find command: ip
>>>>
>>>> It goes without saying that the ip command hasn't gone anywhere and all the paths are configured correctly.
>>>>
>>>> We're currently running 1.1.10-14.el6_5.3-368c726 under CentOS 6 x86_64 inside of a xen container.
>>>>
>>>> Any thoughts from folks on what might be happening or how we can get additional debug information to help figure out what's triggering this?
>>>
>>> its pretty much in the hands of the agent.
>>
>> Actually the message seems to be output by check_binary() function
>> which is part of framework.
>
> Someone complained in the IRC about this issue (another resource
> agent though, I think Xen) and they said that which(1) was not
> able to find the program. I'd suggest to do strace (or ltrace)
> of which(1) at that point (it's in ocf-shellfuncs).
>
> The which(1) utility is a simple tool: it splits the PATH
> environment variable and stats the program name appended to each
> of the paths. PATH somehow corrupted or filesystem misbehaving?
> My guess is that it's the former.
>
> BTW, was there an upgrade of some kind before this started
> happening?

I was hoping to have something useful before posting another update, but 
since it's come up again, here's what we've found so far:

* The most common manifestation is the "couldn't find command" error. In 
various instances it "couldn't find" xm, ip or awk. However, we've seen 
two other variations:

   lrmd: [3363]: info: RA output: (pan:monitor:stderr) en-destroy: bad 
variable name

and

   lrmd: [2145]: info: RA output: (ldap-ip:monitor:stderr) 
/usr/lib/ocf/resource.d//heartbeat/IPaddr2: 1: 
/usr/lib/ocf/resource.d//heartbeat/IPaddr2: : Permission denied

The RA in the first case does not use the string "en-destroy" at all; it 
does call a command "xen-destroy". That, to me, is a strong suggestion 
of memory corruption somewhere, whether in the RA, the shell, lrmd or a 
library used by one of those.

* I have not found any bugs in the RA or its included files.

* I tried setting "debug: on" in corosync.conf, but that did not give 
any additional useful information. The resource agent error is still the 
first unusual message in the sequence. Here is an example, giving one 
successful monitor run and then an occurrence of the issue (the nodes 
are a pair of Xen dom0s including pisces, running two Xen domU resources 
pan and nemesis):

Sep 13 20:16:56 pisces lrmd: [3509]: debug: rsc:pan monitor[21] (pid 372)
Sep 13 20:16:56 pisces lrmd: [372]: debug: perform_ra_op: resetting 
scheduler class to SCHED_OTHER
Sep 13 20:16:56 pisces lrmd: [3509]: debug: rsc:nemesis monitor[32] (pid 
409)
Sep 13 20:16:56 pisces lrmd: [409]: debug: perform_ra_op: resetting 
scheduler class to SCHED_OTHER
Sep 13 20:16:56 pisces lrmd: [3509]: info: operation monitor[21] on pan 
for client 3512: pid 372 exited with return code 0
Sep 13 20:16:57 pisces lrmd: [3509]: info: operation monitor[32] on 
nemesis for client 3512: pid 409 exited with return code 0
Sep 13 20:17:06 pisces lrmd: [3509]: debug: rsc:pan monitor[21] (pid 455)
Sep 13 20:17:06 pisces lrmd: [455]: debug: perform_ra_op: resetting 
scheduler class to SCHED_OTHER
Sep 13 20:17:07 pisces lrmd: [3509]: info: RA output: 
(pan:monitor:stderr) /usr/lib/ocf/resource.d//heartbeat/Xen: 71: local:
Sep 13 20:17:07 pisces lrmd: [3509]: info: RA output: 
(pan:monitor:stderr) en-destroy: bad variable name
Sep 13 20:17:07 pisces lrmd: [3509]: info: RA output: (pan:monitor:stderr)
Sep 13 20:17:07 pisces lrmd: [3509]: info: operation monitor[21] on pan 
for client 3512: pid 455 exited with return code 2

* I tried reverting several security updates applied in the month or so 
before we first saw the issue. Reverting the Debian kernel packages to 
3.2.57-3 and then 3.2.54-2 did not help, nor did reverting libxml2 to 
libxml2 2.8.0+dfsg1-7+nmu2. None of the other updates from that time 
look like they could have any effect.

* Regarding libxml2, I did find that Debian had backported an upstream 
patch into its 2.8.0+dfsg1-7+nmu3 that introduced a memory corruption 
bug, which upstream later corrected (the bug never made it into an 
upstream release, but Debian had backported a specific changeset). I 
submitted that as Debian Bug #765770 which was just fixed last week. I 
haven't had a chance to apply that to the affected servers yet, but as 
mentioned above, reverting to the libxml2 before the introduced bug did 
not fix the issue.

* I have not found a way to intentionally reproduce the issue. :-( We 
have had 10 occurrences across 3 two-node clusters in five months. Some 
of the nodes have had only one occurrence during that time, but one pair 
gets the most of them. With the time between occurrences, it's hard to 
do something like strace on lrmd, though that's probably a good way 
forward, scripting something to deal with the output reasonably.

* There does not seem to be any correlation with how long the node has 
been up. Checking RAM usage of corosync and lrmd on all nodes over about 
two weeks shows little to no change, so I don't suspect a leak. Most of 
our errors have occurred in the Xen RA, but probably only because that's 
the RA we use most; we've also seen it in IPaddr2.

* My next idea would be to compile/install the latest versions of at 
least pacemaker and the resource agents. However I am in the middle of 
changing jobs, and unfortunately do not have much time left for this. My 
new job will have plenty of time to spend on pacemaker ;-) so I may be 
able to give updates later. Debian's "jessie" release freezes this week, 
so I'm hoping that I will have time to at least get a test cluster up 
running the somewhat newer versions in that (pacemaker 1.1.10, corosync 
1.4.6).

-- Ken Gaillot <kjgaillo at gleim.com>
Network Operations Center, Gleim Publications



More information about the Pacemaker mailing list