[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ha-dev
Subject:    Re: [Linux-ha-dev] ulimit in ocf scripts
From:       Lars Marowsky-Bree <lmb () suse ! de>
Date:       2010-01-15 18:25:12
Message-ID: 20100115182512.GC24614 () suse ! de
[Download RAW message or body]

On 2010-01-13T11:31:01, "Raoul Bhatia [IPAX]" <r.bhatia@ipax.at> wrote:

> i am talking about elevated (or even reduced) limits which are enforced
> by the os, for example no. of open files/locks/pipes, scheduling
> priority, cpu time, maybe core file size, etc. (see man ulimit, man
> bash or similar).
> 
> this could aid in preventing a resource from running crazy, granting
> additional rights for specific resource (e.g. specify a different
> nofile limit for apache/postfix/squid/mysql) or help with debugging
> certain resources (e.g. changes to core file size).

All of these are sort-of pointless, at least if seen from a security
perspective - as the RA gets executed as root, it could reset them. So
no need to do this in the LRM, unless you really want to ;-)

They are also not "meta" attributes, at least not if the current meaning
is to remain coherent: right now, meta attributes influence how the PE
treats the resource, and this has nothing to do with that. Also, the
limits need a restart of the resource to take effect, which seems to
suggest meta attributes aren't appropriate.

Another place to implement processing of common resource parameters is
of course the common .ocf-shellfuncs code, and introduce
"ulimit-(soft|hard)-*" resource/instance parameters there. A RA where
this clashes with existing parameters could flip this off via a special
var before that file is sourced.

But I don't really like the idea of making them meta attributes,
somehow.

On the other hand, this could be processed by LRM then too. (For RAs
that aren't shell.)

Just food for thought ;-)


Regards,
    Lars

-- 
Architect Storage/HA, OPS Engineering, Novell, Inc.
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde

_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic