Linux-NFS Archive on lore.kernel.org
 help / color / Atom feed
From: Scott Mayhew <smayhew@redhat.com>
To: Indivar Nair <indivar.nair@techterra.in>
Cc: linux-nfs@vger.kernel.org
Subject: Re: rpc.statd dies because of pacemaker monitoring
Date: Fri, 12 Jul 2019 10:16:57 -0400
Message-ID: <20190712141657.GB4131@coeurl.usersys.redhat.com> (raw)
In-Reply-To: <CALuPYL0+VdUsjeFx70xJkJUxc8SOdsTzALeeHcfd33fx4E_iTg@mail.gmail.com>

On Fri, 12 Jul 2019, Indivar Nair wrote:

> Hi Scott,
> 
> Thanks a lot.
> Yes, it is a 10+ year old AD setup, which was migrated to Samba4AD
> (samba+named) a few years ago.
> It has lot of stale entries, and fwd - rev lookup mismatches.
> 
> Will start cleaning up DNS right away.
> 
> In the meantime, is there any way to increase the rpc ping timeout?

You could build the rpcinfo.c program from source (it's in the rpcbind
git tree) with a longer timeout.

> OR
> Is there any way to temporarily disable DNS lookups by lockd?

rpc.statd is doing the DNS lookups, and no there's not a way to disable it.
Doing so would probably make the reboot notifications less reliable, and
clients wouldn't know to reclaim locks, and the risk of data corruption
goes up.

You could prevent the DNS lookups from occurring by adding entries (properly
formatted... see the hosts(5) man page) for all your clients into the
/etc/hosts file on your NFS server nodes.  That's assuming that your nsswitch
configuration has "files" before "dns" for host lookups.  Depending on how
many clients you have, that might be the easiest option.

Another option might be to try adding a simple retry mechanism to the part
of the nfsserver resource agent that checks rpc.statd, something like:

diff --git a/heartbeat/nfsserver b/heartbeat/nfsserver
index bf59da98..c9dcc74e 100755
--- a/heartbeat/nfsserver
+++ b/heartbeat/nfsserver
@@ -334,8 +334,13 @@ nfsserver_systemd_monitor()
        fi
 
        ocf_log debug "Status: rpc-statd"
-       rpcinfo -t localhost 100024 > /dev/null 2>&1
-       rc=$?
+       for i in `seq 1 3`; do
+               rpcinfo -t localhost 100024 >/dev/null 2>&1
+               rc=$?
+               if [ $rc -eq 0 ]; then
+                       break
+               fi
+       done
        if [ "$rc" -ne "0" ]; then
                ocf_exit_reason "rpc-statd is not running"
                return $OCF_NOT_RUNNING
> 
> Regards,
> 
> 
> Indivar Nair
> 
> On Thu, Jul 11, 2019 at 10:19 PM Scott Mayhew <smayhew@redhat.com> wrote:
> >
> > On Thu, 11 Jul 2019, Indivar Nair wrote:
> >
> > > Hi ...,
> > >
> > > I have a 2 node Pacemaker cluster built using CentOS 7.6.1810
> > > It serves files using NFS and Samba.
> > >
> > > Every 15 - 20 minutes, the rpc.statd service fails, and the whole NFS
> > > service is restarted.
> > > After investigation, it was found that the service fails after a few
> > > rounds of monitoring by Pacemaker.
> > > The Pacemaker's script runs the following command to check whether all
> > > the services are running -
> > > ---------------------------------------------------------------------------------------------------------------------------------------
> > >     rpcinfo > /dev/null 2>&1
> > >     rpcinfo -t localhost 100005 > /dev/null 2>&1
> > >     nfs_exec status nfs-idmapd > $fn 2>&1
> > >     rpcinfo -t localhost 100024 > /dev/null 2>&1
> >
> > I would check to make sure your DNS setup is working properly.
> > rpc.statd uses the canonical hostnames for comparison purposes whenever
> > it gets an SM_MON or SM_UNMON request from lockd and when it gets an
> > SM_NOTIFY from a rebooted NFS client.  That involves calls to
> > getaddrinfo() and getnameinfo() which in turn could result in requests
> > to a DNS server.  rpc.statd is single-threaded, so if it's blocked
> > waiting for one of those requests, then it's unable to respond to the
> > RPC ping (which has a timeout of 10 seconds) generated by the rpcinfo
> > program.
> >
> > I ran into a similar scenario in the past where a client was launching
> > multiple instances of rpc.statd.  When the client does a v3 mount it
> > does a similar RPC ping (with a more aggressive timeout) to see if
> > rpc.statd is running... if not then it calls out to
> > /usr/sbin/start-statd (which in the past simply called 'exec rpc.statd
> > --no-notify' but now has additional checks).  Likewise rpc.statd does
> > it's own RPC ping to make sure there's not one already running.  It
> > wound up that the user had a flakey DNS server and requests were taking
> > over 30 seconds to time out, thus thwarting all those additional checks,
> > and they wound up with multiple copies of rpc.statd running.
> >
> > You could be running into a similar scenario here and pacemaker could be
> > deciding that rpc.statd's not running when it's actually fine.
> >
> > -Scott
> >
> > > ---------------------------------------------------------------------------------------------------------------------------------------
> > > The script is scheduled to check every 20 seconds.
> > >
> > > This is the message we get in the logs -
> > > -------------------------------------------------------------------------------------------------------------------------------------
> > > Jul 09 07:33:56 virat-nd01 rpc.mountd[51641]: check_default: access by
> > > 127.0.0.1 ALLOWED
> > > Jul 09 07:33:56 virat-nd01 rpc.mountd[51641]: Received NULL request
> > > from 127.0.0.1
> > > Jul 09 07:33:56 virat-nd01 rpc.mountd[51641]: check_default: access by
> > > 127.0.0.1 ALLOWED (cached)
> > > Jul 09 07:33:56 virat-nd01 rpc.mountd[51641]: Received NULL request
> > > from 127.0.0.1
> > > Jul 09 07:33:56 virat-nd01 rpc.mountd[51641]: check_default: access by
> > > 127.0.0.1 ALLOWED (cached)
> > > Jul 09 07:33:56 virat-nd01 rpc.mountd[51641]: Received NULL request
> > > from 127.0.0.1
> > > -------------------------------------------------------------------------------------------------------------------------------------
> > >
> > > After 10 seconds, we get his message -
> > > -------------------------------------------------------------------------------------------------------------------------------------
> > > Jul 09 07:34:09 virat-nd01 nfsserver(virat-nfs-daemon)[54087]: ERROR:
> > > rpc-statd is not running
> > > -------------------------------------------------------------------------------------------------------------------------------------
> > > Once we get this error, the NFS service is automatically restarted.
> > >
> > > "ERROR: rpc-statd is not running" message is from the pacemaker's
> > > monitoring script.
> > > I have pasted that part of the script below.
> > >
> > > I disabled monitoring and everything is working fine, since then.
> > >
> > > I cant keep the cluster monitoring disabled forever.
> > >
> > > Kindly help.
> > >
> > > Regards,
> > >
> > >
> > > Indivar Nair
> > >
> > > Part of the pacemaker script that does the monitoring
> > > (/usr/lib/ocf/resources.d/heartbeat/nfsserver)
> > > =======================================================================
> > > nfsserver_systemd_monitor()
> > > {
> > >     local threads_num
> > >     local rc
> > >     local fn
> > >
> > >     ocf_log debug "Status: rpcbind"
> > >     rpcinfo > /dev/null 2>&1
> > >     rc=$?
> > >     if [ "$rc" -ne "0" ]; then
> > >         ocf_exit_reason "rpcbind is not running"
> > >         return $OCF_NOT_RUNNING
> > >     fi
> > >
> > >     ocf_log debug "Status: nfs-mountd"
> > >     rpcinfo -t localhost 100005 > /dev/null 2>&1
> > >     rc=$?
> > >     if [ "$rc" -ne "0" ]; then
> > >         ocf_exit_reason "nfs-mountd is not running"
> > >         return $OCF_NOT_RUNNING
> > >     fi
> > >
> > >     ocf_log debug "Status: nfs-idmapd"
> > >     fn=`mktemp`
> > >     nfs_exec status nfs-idmapd > $fn 2>&1
> > >     rc=$?
> > >     ocf_log debug "$(cat $fn)"
> > >     rm -f $fn
> > >     if [ "$rc" -ne "0" ]; then
> > >         ocf_exit_reason "nfs-idmapd is not running"
> > >         return $OCF_NOT_RUNNING
> > >     fi
> > >
> > >     ocf_log debug "Status: rpc-statd"
> > >     rpcinfo -t localhost 100024 > /dev/null 2>&1
> > >     rc=$?
> > >     if [ "$rc" -ne "0" ]; then
> > >         ocf_exit_reason "rpc-statd is not running"
> > >         return $OCF_NOT_RUNNING
> > >     fi
> > >
> > >     nfs_exec is-active nfs-server
> > >     rc=$?
> > >
> > >     # Now systemctl is-active can't detect the failure of kernel
> > > process like nfsd.
> > >     # So, if the return value of systemctl is-active is 0, check the
> > > threads number
> > >     # to make sure the process is running really.
> > >     # /proc/fs/nfsd/threads has the numbers of the nfsd threads.
> > >     if [ $rc -eq 0 ]; then
> > >         threads_num=`cat /proc/fs/nfsd/threads 2>/dev/null`
> > >         if [ $? -eq 0 ]; then
> > >             if [ $threads_num -gt 0 ]; then
> > >                 return $OCF_SUCCESS
> > >             else
> > >                 return 3
> > >             fi
> > >         else
> > >             return $OCF_ERR_GENERIC
> > >         fi
> > >     fi
> > >
> > >     return $rc
> > > }
> > > =======================================================================

  reply index

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-11  6:49 Indivar Nair
2019-07-11 16:49 ` Scott Mayhew
2019-07-12  5:00   ` Indivar Nair
2019-07-12 14:16     ` Scott Mayhew [this message]
2019-07-13 15:01       ` Indivar Nair

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190712141657.GB4131@coeurl.usersys.redhat.com \
    --to=smayhew@redhat.com \
    --cc=indivar.nair@techterra.in \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-NFS Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-nfs/0 linux-nfs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-nfs linux-nfs/ https://lore.kernel.org/linux-nfs \
		linux-nfs@vger.kernel.org linux-nfs@archiver.kernel.org
	public-inbox-index linux-nfs


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-nfs


AGPL code for this site: git clone https://public-inbox.org/ public-inbox