On Mon, Jan 24, 2011 at 06:13:04PM +0100, alexander.kra...@basf.com wrote:
> Dejan Muhamedagic schrieb am 24.01.2011 16:48:19:
> > Hi,
> >
> > On Mon, Jan 24, 2011 at 10:21:11AM +0100, Alexander Krauth wrote:
> > > # HG changeset patch
> > > # User Alexander Krauth <li...@sap.com>
> > > # Date 1295860568 -3600
> > > # Node ID 4f7a4a2e18ef5e79e9b444273d8a0ff556b40e43
> > > # Parent f9bb7dc26c80aaae2711a1b66e1af7a92d33bbc6
> > > Low: SAPInstance,SAPDatabase: Allow blanks in path of userexit script
> >
> > Why do you want to allow whitespace here? That doesn't really
> > add much in terms of flexibility.
>
> I'd understand the point of Lars, like this.
>
> > > diff -r f9bb7dc26c80 -r 4f7a4a2e18ef heartbeat/SAPDatabase
> > > --- a/heartbeat/SAPDatabase Wed Jan 19 18:42:22 2011 +0100
> > > +++ b/heartbeat/SAPDatabase Mon Jan 24 10:16:08 2011 +0100
> > > @@ -541,7 +541,7 @@
> > > if [ -x "$VALUE" ]
> >
> > If there's whitespace in VALUE, then this test will fail.
>
> Only if, the whitespaces are used for parameters. Having them in the path
> or filename - it will work.
>
> alex@ncc1701d:~> if [ -x "/home/alex/whitespace path/xyz" ];then
> "/home/alex/whitespace path/xyz"; fi
> xyz running
OK. Though I can't recall seeing that kind of a file name used
for a script. I guess even SAP wouldn't pick such a name. But,
everything's possible.
> > > then
> > > ocf_log info "Calling userexit ${NAME} with customer script
> file ${VALUE}"
> > > - $VALUE >/dev/null 2>&1
> > > + "$VALUE" >/dev/null 2>&1
> > > ocf_log info "Exiting userexit ${NAME} with customer script
> file ${VALUE}, returncode: $?"
> > > else
> > > ocf_log warn "Attribute ${NAME} is set to ${VALUE}, but this
> file is not executable"
> > > diff -r f9bb7dc26c80 -r 4f7a4a2e18ef heartbeat/SAPInstance
> > > --- a/heartbeat/SAPInstance Wed Jan 19 18:42:22 2011 +0100
> > > +++ b/heartbeat/SAPInstance Mon Jan 24 10:16:08 2011 +0100
> > > @@ -448,7 +448,7 @@
> > > if have_binary "$VALUE"
> >
> > And this one too.
> >
> > As Lars suggested, I'd opt for test -x "$VALUE" in both places
> > and not allow anything apart from the script in it. The script
> > could be invoked with some useful parameters such as SID or
> > whatever may be of interest.
>
> I would be strict with the meta-data:
> <parameter name="PRE_START_USEREXIT" unique="1" required="0">
> <longdesc lang="en">The full qualified path where to find a script or
> program which should be executed before this resource gets
> started.</longdesc>
>
> It does not say you are allowed to use parameters for the script.
>
> So IMHO this is the best solution, because it allows at least parameters
> that start with " -":
>
> if have_binary "$VALUE"; then
> "$VALUE"
> fi
>
> Correct me, if I'm totally far out !
No, you're not, it's just that I'd expect people running their
clusters not to try to shoot themselves in the foot. We're not
talking about random user input here, but part of cluster
configuration which is completely under control of the system
administrator. So, all this is mostly waste of time ;-)
> So changing SAPdatabase to 'if have_binary "$VALUE"' also ?
Whichever. We can also leave it as it is.
Thanks,
Dejan
> > Thanks,
> >
> > Dejan
>
> Thanks,
> Alex
>
>
> _______________________________________________________
> Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
> Home Page: http://linux-ha.org/
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
