portblock: monitor needs to also check state file of inverse action #2108
Conversation
promoted action=unblock was missing save_tcp_connection
To be used for "no rule, action=unblock, no state file"
lge
force-pushed
the
portblock-monitor-check-both-pseudo-state-files
branch
from
0cfef41 to
8d4386c
Compare
The expected usage of this agent is to pair a "block" with an "unblock", and order startup and configuration of some service between these. The established idiom is to have two separate instances with inverse actions. To "reliably" report the status of "block" during a monitor action, it is not sufficient to check the existence of the blocking rule. It is also insufficient to rely on the pseudo resource state file of this instance only. To know our actual expectation, we need to check the state file of the "inverse" instance as well. Because we don't know the OCF_RESOURCE_INSTANCE value of the other instance, we override the state file name for both instances to something derived from our parameters. This should give use the same "global state" view as the "promotion score" does for the promotable clone variant of this agent.
lge
force-pushed
the
portblock-monitor-check-both-pseudo-state-files
branch
from
8d4386c to
801a02d
Compare
| OCF_RESKEY_tickle_dir_default="" | ||
| OCF_RESKEY_sync_script_default="" | ||
|
|
||
| if ocf_is_ms; then |
There was a problem hiding this comment.
This will make the metadata suggest it's not running the rule check by default, so I think we should move this down to where you define state_file_base and modify OCF_RESKEY_status_check instead of the default.
|
We could even change the semantics a bit, if we wanted to: up to now, the rule was only active if "block" was started, but "unblock" was not yet started. With "promotable", I think you changed that to "rule present unless unblock promoted", so rule even present after stop. If we change the two-instance variant to #!/bin/bash
state_str=(ALLOW BLOCK);
for state in "" b "ub" "u b" "b u" u; do
rm -f block unblock;
for action in $state; do
case $action in
u) touch unblock;;
b) touch block;;
# "ambiguous" highly unlikely: both exist, identical timestamps
ub | bu) touch block unblock;;
esac;
sleep 0.1; # so we don't get accidentally get identical timestamps
done;
printf "%4s: should %s\n" "$state" "${state_str[$(test unblock -nt block && echo 0 || echo 1)]}";
donegives Though that may again violate expectations of existing setups (no rule present if both instances stopped). Pre-calculating the expectation like that could also simplify the status function. |
|
It would be nice if it has no rule when it's stopped even when action=unblock. The important thing is that it starts & demotes to the opposite of the specified action, and promotes to the specified action. And monitor checks for that result. |
2 participants
portblock: derive state file from parameters instead of instance
The expected usage of this agent is to pair a "block" with an "unblock", and order startup and configuration of some service between these.
The established idiom is to have two separate instances with inverse actions.
To "reliably" report the status of "block" during a monitor action, it is not sufficient to check the existence of the blocking rule.
It is also insufficient to rely on the pseudo resource state file of this instance only.
To know our actual expectation, we need to check the state file of the "inverse" instance as well.
Because we don't know the OCF_RESOURCE_INSTANCE value of the other instance, we override the state file name for both instances to something derived from our parameters.
This should give use the same "global state" view as the "promotion score" does for the promotable clone variant of this agent.
Fixes regression introduced with 344beb1 status_check=rule (and set that as default), which breaks existing setups requiring user interaction. See also #2099. Alternative to #2107.
Also: add save_tcp_connection to monnitor for promoted action=unblock instance