[DRBD-user] DRBD/ELrepo on CentOS 8 - reporting bugs
Jan Kasprzak
kas at fi.muni.cz
Tue Aug 18 13:49:40 CEST 2020
Hello,
TL;DR: where can I report problems with DRBD/ELrepo packages for CentOS 8?
I have several DRBD disks running for 10+ years now, and I want to upgrade
some of them to CentOS 8. So I deployed a two-node testing cluster with
fresh C8 systems, and now I want to run drbd on it. I have ran into the
following problems so far:
1) after reboot, drbd does not start, because it cannot load the kernel
modules. It might be a SELinux policy, or it is possible to make the system
load the modules unconditionally:
# cat <<EOF >/etc/modules-load.d/drbd.conf
drbd
drbd_transport_tcp
EOF
2) the drbd systemd service file /lib/systemd/system/drbd.service
from drbd-utils-9.13.1-1.el8.x86_64 tries to call
"/usr/sbin/drbdadm sh-b-pri all", but drbdadm from
the same package apparently does not support the "sh-b-pri" command:
# /usr/sbin/drbdadm sh-b-pri all
drbdadm: Unknown command 'sh-b-pri'
The drbd.service file contains the following section:
[Service]
Type=oneshot
RemainAfterExit=yes
# load config
ExecStart=/usr/sbin/drbdadm adjust all
# user interruptible version of wait-connect all
ExecStart=/usr/sbin/drbdadm wait-con-int
# become primary if configured
ExecStart=/usr/sbin/drbdadm sh-b-pri all
# disconnect and detach all resources
ExecStop=/usr/sbin/drbdadm down all
I have commented out all three ExecStart lines and replaced them with
ExecStart=/usr/sbin/drbdadm up all
but I am not sure whether this is the correct solution.
Also, it might be better to have per-volume systemd units handled
by a wild-card drbd at .service file.
3) SELinux prohibits drbdadm from operating on its netlink socket.
I have added the following to the policy, but I don't know whether
to report this as a targeted policy bug or what.
# yum -y install selinux-policy-devel
# cat <<EOF > drbdlocal.te
module drbdlocal 1.0;
require {
type drbd_t;
class netlink_generic_socket all_netlink_generic_socket_perms;
}
allow drbd_t self:netlink_generic_socket all_netlink_generic_socket_perms;
EOF
# make -f /usr/share/selinux/devel/Makefile drbdlocal.pp
# semodule -i drbdlocal.pp
Does anybody use drbd on CentOS 8 with SElinux enabled?
Thanks,
-Yenya
--
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| http://www.fi.muni.cz/~kas/ GPG: 4096R/A45477D5 |
We all agree on the necessity of compromise. We just can't agree on
when it's necessary to compromise. --Larry Wall
More information about the drbd-user
mailing list