diff --git a/RHEL-85014-IPaddr2-add-link-status-DOWN-LOWERLAYERDOWN-check.patch b/RHEL-85014-IPaddr2-add-link-status-DOWN-LOWERLAYERDOWN-check.patch new file mode 100644 index 0000000..9a8ddb7 --- /dev/null +++ b/RHEL-85014-IPaddr2-add-link-status-DOWN-LOWERLAYERDOWN-check.patch @@ -0,0 +1,118 @@ +From 4a228f3d8212368124134c01f958ac43e32cec08 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 7 Apr 2025 09:19:37 +0200 +Subject: [PATCH] IPaddr2: add link status DOWN/LOWERLAYERDOWN check + +--- + heartbeat/IPaddr2 | 42 +++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 41 insertions(+), 1 deletion(-) + +diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 +index cf03e4426..230ac853c 100755 +--- a/heartbeat/IPaddr2 ++++ b/heartbeat/IPaddr2 +@@ -92,6 +92,19 @@ OCF_RESKEY_nodad_default=false + OCF_RESKEY_noprefixroute_default="false" + OCF_RESKEY_preferred_lft_default="forever" + OCF_RESKEY_network_namespace_default="" ++OCF_RESKEY_check_link_status_default="true" ++ ++# RHEL specific defaults ++if is_redhat_based; then ++ get_os_ver ++ ocf_version_cmp "$VER" "10.1" 2>/dev/null ++ ++ case "$?" in ++ # RHEL < 10.1 ++ 0) ++ OCF_RESKEY_check_link_status_default="false";; ++ esac ++fi + + : ${OCF_RESKEY_ip=${OCF_RESKEY_ip_default}} + : ${OCF_RESKEY_cidr_netmask=${OCF_RESKEY_cidr_netmask_default}} +@@ -116,6 +129,7 @@ OCF_RESKEY_network_namespace_default="" + : ${OCF_RESKEY_noprefixroute=${OCF_RESKEY_noprefixroute_default}} + : ${OCF_RESKEY_preferred_lft=${OCF_RESKEY_preferred_lft_default}} + : ${OCF_RESKEY_network_namespace=${OCF_RESKEY_network_namespace_default}} ++: ${OCF_RESKEY_check_link_status=${OCF_RESKEY_check_link_status_default}} + + ####################################################################### + +@@ -449,6 +463,14 @@ the namespace. + Network namespace to use + + ++ ++ ++ ++Consider the resource failed if the interface has status DOWN or LOWERLAYERDOWN. ++ ++Consider the resource failed if the interface has status DOWN or LOWERLAYERDOWN ++ ++ + + + +@@ -581,6 +603,9 @@ ip_init() { + elif [ "$__OCF_ACTION" = stop ]; then + ocf_log warn "[$FINDIF] failed" + exit $OCF_SUCCESS ++ elif [ "$__OCF_ACTION" = start ]; then ++ ocf_exit_reason "[$FINDIF] failed" ++ exit $OCF_ERR_INSTALLED + else + ocf_exit_reason "[$FINDIF] failed" + exit $rc +@@ -1002,6 +1027,12 @@ ip_served() { + return 0 + fi + ++ if ocf_is_true "$OCF_RESKEY_check_link_status" && $IP2UTIL -f $FAMILY addr show $cur_nic | \ ++ grep -q "[[:space:]]\(DOWN\|LOWERLAYERDOWN\)[[:space:]]"; then ++ echo "down" ++ return 0 ++ fi ++ + if [ -z "$IP_CIP" ]; then + for i in $cur_nic; do + # check address label +@@ -1073,6 +1104,11 @@ ip_start() { + exit $OCF_SUCCESS + fi + ++ if [ "$ip_status" = "down" ]; then ++ ocf_exit_reason "IP $OCF_RESKEY_ip available, but device has status $ip_status" ++ exit $OCF_ERR_INSTALLED ++ fi ++ + if [ "$ip_status" = "partial3" ]; then + ocf_exit_reason "IP $OCF_RESKEY_ip available, but label missing" + exit $OCF_ERR_GENERIC +@@ -1096,7 +1132,7 @@ ip_start() { + echo "+$IP_INC_NO" >$IP_CIP_FILE + fi + +- if [ "$ip_status" = "no" ]; then ++ if [ "$ip_status" != "ok" ]; then + if ocf_is_true ${OCF_RESKEY_lvs_support}; then + for i in `find_interface $OCF_RESKEY_ip 32`; do + case $i in +@@ -1213,6 +1249,7 @@ ip_monitor() { + # interface health maybe via a daemon like FailSafe etc... + + local ip_status=`ip_served` ++ ocf_log debug "monitor: $ip_status" + case $ip_status in + ok) + run_arp_sender refresh +@@ -1221,6 +1258,9 @@ ip_monitor() { + no) + exit $OCF_NOT_RUNNING + ;; ++ down) ++ exit $OCF_ERR_INSTALLED ++ ;; + *) + # Errors on this interface? + return $OCF_ERR_GENERIC diff --git a/RHEL-93680-IPaddr2-IPsrcaddr-avoid-duplicate-route-issues.patch b/RHEL-93680-IPaddr2-IPsrcaddr-avoid-duplicate-route-issues.patch new file mode 100644 index 0000000..4397747 --- /dev/null +++ b/RHEL-93680-IPaddr2-IPsrcaddr-avoid-duplicate-route-issues.patch @@ -0,0 +1,37 @@ +From d0d2a0ff92dd23ee36cb57324c1eeaa3daed65bc Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 4 Feb 2025 16:13:27 +0100 +Subject: [PATCH] findif.sh: fix to avoid duplicate route issues + +--- + heartbeat/findif.sh | 14 +++++--------- + 1 file changed, 5 insertions(+), 9 deletions(-) + +diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh +index 2ae91e958..6fb47110c 100644 +--- a/heartbeat/findif.sh ++++ b/heartbeat/findif.sh +@@ -217,18 +217,14 @@ findif() + fi + if [ -n "$nic" ] ; then + # NIC supports more than two. +- routematch=$(ip -o -f $family route list match $match $proto $scope | grep -v "^\(unreachable\|prohibit\|blackhole\)" | grep "dev $nic " | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr) ++ routematch=$(ip -o -f $family route list match $match $proto $scope | grep "dev $nic " | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr) + else +- routematch=$(ip -o -f $family route list match $match $proto $scope | grep -v "^\(unreachable\|prohibit\|blackhole\)" | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr) +- fi +- if [ "$family" = "inet6" ]; then +- routematch=$(echo "$routematch" | grep -v "^default") ++ routematch=$(ip -o -f $family route list match $match $proto $scope | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr) + fi + +- if [ $(echo "$routematch" | wc -l) -gt 1 ]; then +- ocf_exit_reason "More than 1 routes match $match. Unable to decide which route to use." +- return $OCF_ERR_GENERIC +- fi ++ # ignore matches from unrelated tables, and sort by metric to get the route with the lowest metric ++ routematch=$(echo "$routematch" | awk '!/^(default|unreachable|prohibit|blackhole)/{match($0, /metric ([^ ]+)/, arr); print arr[1], $0}' | sort -k 1n -u | cut -d" " -f 2- | head -1) ++ + set -- $routematch + if [ $# = 0 ] ; then + case $OCF_RESKEY_ip in diff --git a/resource-agents.spec b/resource-agents.spec index 440b3ac..9c02e14 100644 --- a/resource-agents.spec +++ b/resource-agents.spec @@ -45,7 +45,7 @@ Name: resource-agents Summary: Open Source HA Reusable Cluster Resource Scripts Version: 4.16.0 -Release: 16%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist} +Release: 17%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist} License: GPL-2.0-or-later AND LGPL-2.1-or-later URL: https://github.com/ClusterLabs/resource-agents Source0: %{upstream_prefix}-%{upstream_version}.tar.gz @@ -75,6 +75,8 @@ Patch22: RHEL-88538-Filesystem-avoid-chance-of-getting-the-wrong-bind-mount.patc Patch23: RHEL-88431-1-podman-etcd-new-ra.patch Patch24: RHEL-88431-2-podman-etcd-remove-unused-actions-from-metadata.patch Patch25: RHEL-88431-3-podman-etcd-fix-listen-peer-urls-binding.patch +Patch26: RHEL-93680-IPaddr2-IPsrcaddr-avoid-duplicate-route-issues.patch +Patch27: RHEL-85014-IPaddr2-add-link-status-DOWN-LOWERLAYERDOWN-check.patch # bundled ha-cloud-support libs Patch500: ha-cloud-support-aliyun.patch @@ -259,6 +261,8 @@ exit 1 %patch -p1 -P 23 -F1 %patch -p1 -P 24 %patch -p1 -P 25 +%patch -p1 -P 26 +%patch -p1 -P 27 # bundled ha-cloud-support libs %patch -p1 -P 500 @@ -589,6 +593,12 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents %{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm %changelog +* Tue Jun 17 2025 Oyvind Albrigtsen - 4.16.0-17 +- IPaddr2/IPsrcaddr: fix to avoid duplicate route issues +- IPaddr2: add link status DOWN/LOWERLAYERDOWN check + + Resolves: RHEL-93680, RHEL-85014 + * Tue May 20 2025 Oyvind Albrigtsen - 4.16.0-16 - podman-etcd: new resource agent