[DRBD-user] DRBD/ELrepo on CentOS 8 - reporting bugs

Jan Kasprzak kas at fi.muni.cz
Tue Aug 18 13:49:40 CEST 2020 

	Hello,

TL;DR: where can I report problems with DRBD/ELrepo packages for CentOS 8?

I have several DRBD disks running for 10+ years now, and I want to upgrade
some of them to CentOS 8. So I deployed a two-node testing cluster with
fresh C8 systems, and now I want to run drbd on it. I have ran into the
following problems so far:

1) after reboot, drbd does not start, because it cannot load the kernel
modules. It might be a SELinux policy, or it is possible to make the system
load the modules unconditionally:

# cat <<EOF >/etc/modules-load.d/drbd.conf
drbd
drbd_transport_tcp
EOF

2) the drbd systemd service file /lib/systemd/system/drbd.service
from drbd-utils-9.13.1-1.el8.x86_64 tries to call
"/usr/sbin/drbdadm sh-b-pri all", but drbdadm from
the same package apparently does not support the "sh-b-pri" command:

# /usr/sbin/drbdadm sh-b-pri all
drbdadm: Unknown command 'sh-b-pri'

The drbd.service file contains the following section:

[Service]
Type=oneshot
RemainAfterExit=yes

# load config
ExecStart=/usr/sbin/drbdadm adjust all
# user interruptible version of wait-connect all
ExecStart=/usr/sbin/drbdadm wait-con-int
# become primary if configured
ExecStart=/usr/sbin/drbdadm sh-b-pri all
# disconnect and detach all resources
ExecStop=/usr/sbin/drbdadm down all

I have commented out all three ExecStart lines and replaced them with

ExecStart=/usr/sbin/drbdadm up all

but I am not sure whether this is the correct solution.

Also, it might be better to have per-volume systemd units handled
by a wild-card drbd at .service file.

3) SELinux prohibits drbdadm from operating on its netlink socket.
I have added the following to the policy, but I don't know whether
to report this as a targeted policy bug or what.

# yum -y install selinux-policy-devel
# cat <<EOF > drbdlocal.te
module drbdlocal 1.0;

require {
        type drbd_t;
        class netlink_generic_socket all_netlink_generic_socket_perms;
}

allow drbd_t self:netlink_generic_socket all_netlink_generic_socket_perms;
EOF

# make -f /usr/share/selinux/devel/Makefile drbdlocal.pp
# semodule -i drbdlocal.pp

Does anybody use drbd on CentOS 8 with SElinux enabled?

Thanks,

-Yenya

-- 
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| http://www.fi.muni.cz/~kas/                         GPG: 4096R/A45477D5 |
    We all agree on the necessity of compromise. We just can't agree on
    when it's necessary to compromise.                     --Larry Wall

More information about the drbd-user mailing list