Hello, TL;DR: where can I report problems with DRBD/ELrepo packages for CentOS 8?
I have several DRBD disks running for 10+ years now, and I want to upgrade some of them to CentOS 8. So I deployed a two-node testing cluster with fresh C8 systems, and now I want to run drbd on it. I have ran into the following problems so far: 1) after reboot, drbd does not start, because it cannot load the kernel modules. It might be a SELinux policy, or it is possible to make the system load the modules unconditionally: # cat <<EOF >/etc/modules-load.d/drbd.conf drbd drbd_transport_tcp EOF 2) the drbd systemd service file /lib/systemd/system/drbd.service from drbd-utils-9.13.1-1.el8.x86_64 tries to call "/usr/sbin/drbdadm sh-b-pri all", but drbdadm from the same package apparently does not support the "sh-b-pri" command: # /usr/sbin/drbdadm sh-b-pri all drbdadm: Unknown command 'sh-b-pri' The drbd.service file contains the following section: [Service] Type=oneshot RemainAfterExit=yes # load config ExecStart=/usr/sbin/drbdadm adjust all # user interruptible version of wait-connect all ExecStart=/usr/sbin/drbdadm wait-con-int # become primary if configured ExecStart=/usr/sbin/drbdadm sh-b-pri all # disconnect and detach all resources ExecStop=/usr/sbin/drbdadm down all I have commented out all three ExecStart lines and replaced them with ExecStart=/usr/sbin/drbdadm up all but I am not sure whether this is the correct solution. Also, it might be better to have per-volume systemd units handled by a wild-card [email protected] file. 3) SELinux prohibits drbdadm from operating on its netlink socket. I have added the following to the policy, but I don't know whether to report this as a targeted policy bug or what. # yum -y install selinux-policy-devel # cat <<EOF > drbdlocal.te module drbdlocal 1.0; require { type drbd_t; class netlink_generic_socket all_netlink_generic_socket_perms; } allow drbd_t self:netlink_generic_socket all_netlink_generic_socket_perms; EOF # make -f /usr/share/selinux/devel/Makefile drbdlocal.pp # semodule -i drbdlocal.pp Does anybody use drbd on CentOS 8 with SElinux enabled? Thanks, -Yenya -- | Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> | | http://www.fi.muni.cz/~kas/ GPG: 4096R/A45477D5 | We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise. --Larry Wall _______________________________________________ Star us on GITHUB: https://github.com/LINBIT drbd-user mailing list [email protected] https://lists.linbit.com/mailman/listinfo/drbd-user
