Linux-NFS Archive on lore.kernel.org
 help / color / Atom feed
From: Indivar Nair <indivar.nair@techterra.in>
To: Scott Mayhew <smayhew@redhat.com>
Cc: linux-nfs@vger.kernel.org
Subject: Re: rpc.statd dies because of pacemaker monitoring
Date: Fri, 12 Jul 2019 10:30:20 +0530
Message-ID: <CALuPYL0+VdUsjeFx70xJkJUxc8SOdsTzALeeHcfd33fx4E_iTg@mail.gmail.com> (raw)
In-Reply-To: <20190711164937.GA4131@coeurl.usersys.redhat.com>

Hi Scott,

Thanks a lot.
Yes, it is a 10+ year old AD setup, which was migrated to Samba4AD
(samba+named) a few years ago.
It has lot of stale entries, and fwd - rev lookup mismatches.

Will start cleaning up DNS right away.

In the meantime, is there any way to increase the rpc ping timeout?
OR
Is there any way to temporarily disable DNS lookups by lockd?

Regards,


Indivar Nair

On Thu, Jul 11, 2019 at 10:19 PM Scott Mayhew <smayhew@redhat.com> wrote:
>
> On Thu, 11 Jul 2019, Indivar Nair wrote:
>
> > Hi ...,
> >
> > I have a 2 node Pacemaker cluster built using CentOS 7.6.1810
> > It serves files using NFS and Samba.
> >
> > Every 15 - 20 minutes, the rpc.statd service fails, and the whole NFS
> > service is restarted.
> > After investigation, it was found that the service fails after a few
> > rounds of monitoring by Pacemaker.
> > The Pacemaker's script runs the following command to check whether all
> > the services are running -
> > ---------------------------------------------------------------------------------------------------------------------------------------
> >     rpcinfo > /dev/null 2>&1
> >     rpcinfo -t localhost 100005 > /dev/null 2>&1
> >     nfs_exec status nfs-idmapd > $fn 2>&1
> >     rpcinfo -t localhost 100024 > /dev/null 2>&1
>
> I would check to make sure your DNS setup is working properly.
> rpc.statd uses the canonical hostnames for comparison purposes whenever
> it gets an SM_MON or SM_UNMON request from lockd and when it gets an
> SM_NOTIFY from a rebooted NFS client.  That involves calls to
> getaddrinfo() and getnameinfo() which in turn could result in requests
> to a DNS server.  rpc.statd is single-threaded, so if it's blocked
> waiting for one of those requests, then it's unable to respond to the
> RPC ping (which has a timeout of 10 seconds) generated by the rpcinfo
> program.
>
> I ran into a similar scenario in the past where a client was launching
> multiple instances of rpc.statd.  When the client does a v3 mount it
> does a similar RPC ping (with a more aggressive timeout) to see if
> rpc.statd is running... if not then it calls out to
> /usr/sbin/start-statd (which in the past simply called 'exec rpc.statd
> --no-notify' but now has additional checks).  Likewise rpc.statd does
> it's own RPC ping to make sure there's not one already running.  It
> wound up that the user had a flakey DNS server and requests were taking
> over 30 seconds to time out, thus thwarting all those additional checks,
> and they wound up with multiple copies of rpc.statd running.
>
> You could be running into a similar scenario here and pacemaker could be
> deciding that rpc.statd's not running when it's actually fine.
>
> -Scott
>
> > ---------------------------------------------------------------------------------------------------------------------------------------
> > The script is scheduled to check every 20 seconds.
> >
> > This is the message we get in the logs -
> > -------------------------------------------------------------------------------------------------------------------------------------
> > Jul 09 07:33:56 virat-nd01 rpc.mountd[51641]: check_default: access by
> > 127.0.0.1 ALLOWED
> > Jul 09 07:33:56 virat-nd01 rpc.mountd[51641]: Received NULL request
> > from 127.0.0.1
> > Jul 09 07:33:56 virat-nd01 rpc.mountd[51641]: check_default: access by
> > 127.0.0.1 ALLOWED (cached)
> > Jul 09 07:33:56 virat-nd01 rpc.mountd[51641]: Received NULL request
> > from 127.0.0.1
> > Jul 09 07:33:56 virat-nd01 rpc.mountd[51641]: check_default: access by
> > 127.0.0.1 ALLOWED (cached)
> > Jul 09 07:33:56 virat-nd01 rpc.mountd[51641]: Received NULL request
> > from 127.0.0.1
> > -------------------------------------------------------------------------------------------------------------------------------------
> >
> > After 10 seconds, we get his message -
> > -------------------------------------------------------------------------------------------------------------------------------------
> > Jul 09 07:34:09 virat-nd01 nfsserver(virat-nfs-daemon)[54087]: ERROR:
> > rpc-statd is not running
> > -------------------------------------------------------------------------------------------------------------------------------------
> > Once we get this error, the NFS service is automatically restarted.
> >
> > "ERROR: rpc-statd is not running" message is from the pacemaker's
> > monitoring script.
> > I have pasted that part of the script below.
> >
> > I disabled monitoring and everything is working fine, since then.
> >
> > I cant keep the cluster monitoring disabled forever.
> >
> > Kindly help.
> >
> > Regards,
> >
> >
> > Indivar Nair
> >
> > Part of the pacemaker script that does the monitoring
> > (/usr/lib/ocf/resources.d/heartbeat/nfsserver)
> > =======================================================================
> > nfsserver_systemd_monitor()
> > {
> >     local threads_num
> >     local rc
> >     local fn
> >
> >     ocf_log debug "Status: rpcbind"
> >     rpcinfo > /dev/null 2>&1
> >     rc=$?
> >     if [ "$rc" -ne "0" ]; then
> >         ocf_exit_reason "rpcbind is not running"
> >         return $OCF_NOT_RUNNING
> >     fi
> >
> >     ocf_log debug "Status: nfs-mountd"
> >     rpcinfo -t localhost 100005 > /dev/null 2>&1
> >     rc=$?
> >     if [ "$rc" -ne "0" ]; then
> >         ocf_exit_reason "nfs-mountd is not running"
> >         return $OCF_NOT_RUNNING
> >     fi
> >
> >     ocf_log debug "Status: nfs-idmapd"
> >     fn=`mktemp`
> >     nfs_exec status nfs-idmapd > $fn 2>&1
> >     rc=$?
> >     ocf_log debug "$(cat $fn)"
> >     rm -f $fn
> >     if [ "$rc" -ne "0" ]; then
> >         ocf_exit_reason "nfs-idmapd is not running"
> >         return $OCF_NOT_RUNNING
> >     fi
> >
> >     ocf_log debug "Status: rpc-statd"
> >     rpcinfo -t localhost 100024 > /dev/null 2>&1
> >     rc=$?
> >     if [ "$rc" -ne "0" ]; then
> >         ocf_exit_reason "rpc-statd is not running"
> >         return $OCF_NOT_RUNNING
> >     fi
> >
> >     nfs_exec is-active nfs-server
> >     rc=$?
> >
> >     # Now systemctl is-active can't detect the failure of kernel
> > process like nfsd.
> >     # So, if the return value of systemctl is-active is 0, check the
> > threads number
> >     # to make sure the process is running really.
> >     # /proc/fs/nfsd/threads has the numbers of the nfsd threads.
> >     if [ $rc -eq 0 ]; then
> >         threads_num=`cat /proc/fs/nfsd/threads 2>/dev/null`
> >         if [ $? -eq 0 ]; then
> >             if [ $threads_num -gt 0 ]; then
> >                 return $OCF_SUCCESS
> >             else
> >                 return 3
> >             fi
> >         else
> >             return $OCF_ERR_GENERIC
> >         fi
> >     fi
> >
> >     return $rc
> > }
> > =======================================================================

  reply index

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-11  6:49 Indivar Nair
2019-07-11 16:49 ` Scott Mayhew
2019-07-12  5:00   ` Indivar Nair [this message]
2019-07-12 14:16     ` Scott Mayhew
2019-07-13 15:01       ` Indivar Nair

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALuPYL0+VdUsjeFx70xJkJUxc8SOdsTzALeeHcfd33fx4E_iTg@mail.gmail.com \
    --to=indivar.nair@techterra.in \
    --cc=linux-nfs@vger.kernel.org \
    --cc=smayhew@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-NFS Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-nfs/0 linux-nfs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-nfs linux-nfs/ https://lore.kernel.org/linux-nfs \
		linux-nfs@vger.kernel.org linux-nfs@archiver.kernel.org
	public-inbox-index linux-nfs


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-nfs


AGPL code for this site: git clone https://public-inbox.org/ public-inbox