- IPaddr2/IPsrcaddr: fix to avoid duplicate route issues

- IPaddr2: add link status DOWN/LOWERLAYERDOWN check Resolves: RHEL-93680, RHEL-85014
2025-06-17 11:18:08 +02:00 · 2025-06-17 11:18:08 +02:00 · 0968f74b41
commit 0968f74b41
parent 0d07899660
3 changed files with 166 additions and 1 deletions
--- a/RHEL-85014-IPaddr2-add-link-status-DOWN-LOWERLAYERDOWN-check.patch
+++ b/RHEL-85014-IPaddr2-add-link-status-DOWN-LOWERLAYERDOWN-check.patch
@ -0,0 +1,118 @@
+From 4a228f3d8212368124134c01f958ac43e32cec08 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Mon, 7 Apr 2025 09:19:37 +0200
+Subject: [PATCH] IPaddr2: add link status DOWN/LOWERLAYERDOWN check
+
+---
+ heartbeat/IPaddr2 | 42 +++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 41 insertions(+), 1 deletion(-)
+
+diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2
+index cf03e4426..230ac853c 100755
+--- a/heartbeat/IPaddr2
+++ b/heartbeat/IPaddr2
+@@ -92,6 +92,19 @@ OCF_RESKEY_nodad_default=false
+ OCF_RESKEY_noprefixroute_default="false"
+ OCF_RESKEY_preferred_lft_default="forever"
+ OCF_RESKEY_network_namespace_default=""
+OCF_RESKEY_check_link_status_default="true"
+
+# RHEL specific defaults
+if is_redhat_based; then
+	get_os_ver
+	ocf_version_cmp "$VER" "10.1" 2>/dev/null
+
+	case "$?" in
+		# RHEL < 10.1
+		0)
+			OCF_RESKEY_check_link_status_default="false";;
+	esac
+fi
+ 
+ : ${OCF_RESKEY_ip=${OCF_RESKEY_ip_default}}
+ : ${OCF_RESKEY_cidr_netmask=${OCF_RESKEY_cidr_netmask_default}}
+@@ -116,6 +129,7 @@ OCF_RESKEY_network_namespace_default=""
+ : ${OCF_RESKEY_noprefixroute=${OCF_RESKEY_noprefixroute_default}}
+ : ${OCF_RESKEY_preferred_lft=${OCF_RESKEY_preferred_lft_default}}
+ : ${OCF_RESKEY_network_namespace=${OCF_RESKEY_network_namespace_default}}
+: ${OCF_RESKEY_check_link_status=${OCF_RESKEY_check_link_status_default}}
+ 
+ #######################################################################
+ 
+@@ -449,6 +463,14 @@ the namespace.
+ <shortdesc lang="en">Network namespace to use</shortdesc>
+ <content type="string" default="${OCF_RESKEY_network_namespace_default}"/>
+ </parameter>
+
+<parameter name="check_link_status">
+<longdesc lang="en">
+Consider the resource failed if the interface has status DOWN or LOWERLAYERDOWN.
+</longdesc>
+<shortdesc lang="en">Consider the resource failed if the interface has status DOWN or LOWERLAYERDOWN</shortdesc>
+<content type="string" default="${OCF_RESKEY_check_link_status_default}"/>
+</parameter>
+ </parameters>
+ 
+ <actions>
+@@ -581,6 +603,9 @@ ip_init() {
+ 		elif [ "$__OCF_ACTION" = stop ]; then
+ 			ocf_log warn "[$FINDIF] failed"
+ 			exit $OCF_SUCCESS
+		elif [ "$__OCF_ACTION" = start ]; then
+			ocf_exit_reason "[$FINDIF] failed"
+			exit $OCF_ERR_INSTALLED
+ 		else
+ 			ocf_exit_reason "[$FINDIF] failed"
+ 			exit $rc
+@@ -1002,6 +1027,12 @@ ip_served() {
+ 		return 0
+ 	fi
+ 
+	if ocf_is_true "$OCF_RESKEY_check_link_status" && $IP2UTIL -f $FAMILY addr show $cur_nic | \
+	    grep -q "[[:space:]]\(DOWN\|LOWERLAYERDOWN\)[[:space:]]"; then
+		echo "down"
+		return 0
+	fi
+
+ 	if [ -z "$IP_CIP" ]; then
+ 		for i in $cur_nic; do
+ 			# check address label
+@@ -1073,6 +1104,11 @@ ip_start() {
+ 		exit $OCF_SUCCESS
+ 	fi
+ 
+	if [ "$ip_status" = "down" ]; then
+		ocf_exit_reason "IP $OCF_RESKEY_ip available, but device has status $ip_status"
+		exit $OCF_ERR_INSTALLED
+	fi
+
+ 	if [ "$ip_status" = "partial3" ]; then
+ 		ocf_exit_reason "IP $OCF_RESKEY_ip available, but label missing"
+ 		exit $OCF_ERR_GENERIC
+@@ -1096,7 +1132,7 @@ ip_start() {
+ 		echo "+$IP_INC_NO" >$IP_CIP_FILE
+ 	fi
+ 
+-	if [ "$ip_status" = "no" ]; then
+	if [ "$ip_status" != "ok" ]; then
+ 		if ocf_is_true ${OCF_RESKEY_lvs_support}; then
+ 			for i in `find_interface $OCF_RESKEY_ip 32`; do
+ 				case $i in
+@@ -1213,6 +1249,7 @@ ip_monitor() {
+ 	# interface health maybe via a daemon like FailSafe etc...
+ 
+ 	local ip_status=`ip_served`
+	ocf_log debug "monitor:  $ip_status"
+ 	case $ip_status in
+ 	ok)
+ 		run_arp_sender refresh
+@@ -1221,6 +1258,9 @@ ip_monitor() {
+ 	no)
+ 		exit $OCF_NOT_RUNNING
+ 		;;
+	down)
+		exit $OCF_ERR_INSTALLED
+		;;
+ 	*)
+ 		# Errors on this interface?
+ 		return $OCF_ERR_GENERIC
--- a/RHEL-93680-IPaddr2-IPsrcaddr-avoid-duplicate-route-issues.patch
+++ b/RHEL-93680-IPaddr2-IPsrcaddr-avoid-duplicate-route-issues.patch
@ -0,0 +1,37 @@
+From d0d2a0ff92dd23ee36cb57324c1eeaa3daed65bc Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Tue, 4 Feb 2025 16:13:27 +0100
+Subject: [PATCH] findif.sh: fix to avoid duplicate route issues
+
+---
+ heartbeat/findif.sh | 14 +++++---------
+ 1 file changed, 5 insertions(+), 9 deletions(-)
+
+diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh
+index 2ae91e958..6fb47110c 100644
+--- a/heartbeat/findif.sh
+++ b/heartbeat/findif.sh
+@@ -217,18 +217,14 @@ findif()
+   fi
+   if [ -n "$nic" ] ; then
+     # NIC supports more than two.
+-    routematch=$(ip -o -f $family route list match $match $proto $scope | grep -v "^\(unreachable\|prohibit\|blackhole\)" | grep "dev $nic " | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr)
+    routematch=$(ip -o -f $family route list match $match $proto $scope | grep "dev $nic " | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr)
+   else
+-    routematch=$(ip -o -f $family route list match $match $proto $scope | grep -v "^\(unreachable\|prohibit\|blackhole\)" | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr)
+-  fi
+-  if [ "$family" = "inet6" ]; then
+-    routematch=$(echo "$routematch" | grep -v "^default")
+    routematch=$(ip -o -f $family route list match $match $proto $scope | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr)
+   fi
+ 
+-  if [ $(echo "$routematch" | wc -l) -gt 1 ]; then
+-    ocf_exit_reason "More than 1 routes match $match. Unable to decide which route to use."
+-    return $OCF_ERR_GENERIC
+-  fi
+  # ignore matches from unrelated tables, and sort by metric to get the route with the lowest metric
+  routematch=$(echo "$routematch" | awk '!/^(default|unreachable|prohibit|blackhole)/{match($0, /metric ([^ ]+)/, arr); print arr[1], $0}' | sort -k 1n -u | cut -d" " -f 2- | head -1)
+
+   set -- $routematch
+   if [ $# = 0 ] ; then
+     case $OCF_RESKEY_ip in
--- a/resource-agents.spec
+++ b/resource-agents.spec
@ -45,7 +45,7 @@
 Name:		resource-agents
 Summary:	Open Source HA Reusable Cluster Resource Scripts
 Version:	4.16.0
-Release:	16%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
+Release:	17%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
 License:	GPL-2.0-or-later AND LGPL-2.1-or-later
 URL:		https://github.com/ClusterLabs/resource-agents
 Source0:	%{upstream_prefix}-%{upstream_version}.tar.gz
@ -75,6 +75,8 @@ Patch22:	RHEL-88538-Filesystem-avoid-chance-of-getting-the-wrong-bind-mount.patc
 Patch23:	RHEL-88431-1-podman-etcd-new-ra.patch
 Patch24:	RHEL-88431-2-podman-etcd-remove-unused-actions-from-metadata.patch
 Patch25:	RHEL-88431-3-podman-etcd-fix-listen-peer-urls-binding.patch
+Patch26:	RHEL-93680-IPaddr2-IPsrcaddr-avoid-duplicate-route-issues.patch
+Patch27:	RHEL-85014-IPaddr2-add-link-status-DOWN-LOWERLAYERDOWN-check.patch

 # bundled ha-cloud-support libs
 Patch500:	ha-cloud-support-aliyun.patch
@ -259,6 +261,8 @@ exit 1
 %patch -p1 -P 23 -F1
 %patch -p1 -P 24
 %patch -p1 -P 25
+%patch -p1 -P 26
+%patch -p1 -P 27

 # bundled ha-cloud-support libs
 %patch -p1 -P 500
@ -589,6 +593,12 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents
 %{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm

 %changelog
+* Tue Jun 17 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.16.0-17
+- IPaddr2/IPsrcaddr: fix to avoid duplicate route issues
+- IPaddr2: add link status DOWN/LOWERLAYERDOWN check
+
+  Resolves: RHEL-93680, RHEL-85014
+
 * Tue May 20 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.16.0-16
 - podman-etcd: new resource agent