search

kostiantyn-nemchenko / ansible-role-patroni

:elephant: Ansible Role for Patroni
https://galaxy.ansible.com/kostiantyn-nemchenko/patroni
MIT License
68 stars 44 forks source link

Watchdog device does not get correct permissions on initial deployment #69

Closed kristjankullerkann closed 4 years ago

kristjankullerkann commented 4 years ago

Hello

This is happening on Ubuntu 18.04

I noticed that patroni systemd service logs the following warning on initial deployment:

Nov 05 07:05:15 node01 patroni[18221]: 2019-11-05 07:05:15,494 WARNING: Could not activate Linux watchdog device: "Can't open watchdog device: [Errno 13] Permission denied: '/dev/watchdog'"

This comes from the fact that /dev/watchdog is not owned by postgres:postgres (though it should).

If goes away after node reboot, for which ever reason (/dev/watchdog is now owned by postgres:postgres).

Investigated this a bit and noticed that the following one liner does not work as expected (I suspect specifing multiple ExecStart in patroni-watchdog.service work in similar fashion):

root@node01:~# modprobe softdog; chown postgres:postgres /dev/watchdog
root@node01:~# ls -l /dev/watchdog
crw------- 1 root root 10, 130 Nov  5 07:10 /dev/watchdog

In the same time, adding sleep 1 does whats expected (same goes for patroni-watchdog.service when adding ExecStart=/bin/sleep 1 between modprobe and chown):

root@node01:~# modprobe softdog; sleep 1; chown postgres:postgres /dev/watchdog
root@node01:~# ls -l /dev/watchdog
crw------- 1 postgres postgres 10, 130 Nov  5 07:11 /dev/watchdog

I personally don't like adding sleep, so I worked around it by defining udev rule as /etc/udev/rules.d/60-watchdog.rules:

KERNEL=="watchdog", OWNER="postgres", GROUP="postgres", MODE="0600"

Which solution would you prefer?

kostiantyn-nemchenko commented 4 years ago

Hi @litewhatever Thank you for reporting this. I also hit into permissions issue on Ubuntu 18.04 some time ago. Setting 1 second delay is fragile. Personally I prefer defining a udev rule. If you have time and passion - feel free to implement a PR. Otherwise, I will try to fix the issue soon.

kostiantyn-nemchenko commented 4 years ago

Due to some reason I cannot reproduce this issue on the latest Ubuntu 18.04 vagrant box. Will spend some time testing the issue and your PR thoroughly.

kostiantyn-nemchenko commented 4 years ago

Closed by #72