import resource-agents-4.1.1-90.el8_4.5

2021-06-29 10:06:10 -04:00 · 2021-06-29 10:06:10 -04:00 · 38115f9b72
parent daee4c1833
commit 38115f9b72
3 changed files with 230 additions and 1 deletions
--- a/SOURCES/bz1943093-aws-vpc-move-ip-add-ENI-lookup.patch
+++ b/SOURCES/bz1943093-aws-vpc-move-ip-add-ENI-lookup.patch
@ -0,0 +1,141 @@
+From b727fe4e2a0f4c88fca0ed9f90f57e570253c961 Mon Sep 17 00:00:00 2001
+From: Costas Tyfoxylos <costas.tyf@gmail.com>
+Date: Wed, 26 Aug 2020 15:18:00 +0300
+Subject: [PATCH 1/2] aws-vpc-move-ip: Implemented optional eni lookup instead
+ of the default instance id.
+
+In a shared network pattern where the cluster resides in shared subnets the instance ids of the nodes are not retrievable but the eni ids are and this optional feature gives transparent support in that situation.
+---
+ heartbeat/aws-vpc-move-ip | 41 +++++++++++++++++++++++++++++++--------
+ 1 file changed, 33 insertions(+), 8 deletions(-)
+
+diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
+index 1b540caec..bc82428e5 100755
+--- a/heartbeat/aws-vpc-move-ip
+++ b/heartbeat/aws-vpc-move-ip
+@@ -44,6 +44,7 @@ OCF_RESKEY_routing_table_default=""
+ OCF_RESKEY_routing_table_role_default=""
+ OCF_RESKEY_interface_default="eth0"
+ OCF_RESKEY_monapi_default="false"
+OCF_RESKEY_lookup_type_default="InstanceId"
+ 
+ : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+ : ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
+@@ -54,6 +55,7 @@ OCF_RESKEY_monapi_default="false"
+ : ${OCF_RESKEY_routing_table_role=${OCF_RESKEY_routing_table_role_default}}
+ : ${OCF_RESKEY_interface=${OCF_RESKEY_interface_default}}
+ : ${OCF_RESKEY_monapi=${OCF_RESKEY_monapi_default}}
+: ${OCF_RESKEY_lookup_type=${OCF_RESKEY_lookup_type_default}}
+ 
+ [ -n "$OCF_RESKEY_region" ] && region_opt="--region $OCF_RESKEY_region"
+ #######################################################################
+@@ -154,6 +156,17 @@ Enable enhanced monitoring using AWS API calls to check route table entry
+ <shortdesc lang="en">Enhanced Monitoring</shortdesc>
+ <content type="boolean" default="${OCF_RESKEY_monapi_default}" />
+ </parameter>
+
+<parameter name="lookup_type" required="0">
+<longdesc lang="en">
+Name of resource type to lookup in route table.
+"InstanceId"         : EC2 instance ID. (default)
+"NetworkInterfaceId" : ENI ID. (useful in shared VPC setups).
+</longdesc>
+<shortdesc lang="en">lookup type for route table resource</shortdesc>
+<content type="string" default="${OCF_RESKEY_lookup_type_default}" />
+</parameter>
+
+ </parameters>
+ 
+ <actions>
+@@ -187,7 +200,7 @@ execute_cmd_as_role(){
+ 
+ ec2ip_set_address_param_compat(){
+ 	# Include backward compatibility for the deprecated address parameter
+-	if [ -z  "$OCF_RESKEY_ip" ] && [ -n "$OCF_RESKEY_address" ]; then
+	if [ -z "$OCF_RESKEY_ip" ] && [ -n "$OCF_RESKEY_address" ]; then
+ 		OCF_RESKEY_ip="$OCF_RESKEY_address"
+ 	fi
+ }
+@@ -213,16 +226,24 @@ ec2ip_validate() {
+ }
+ 
+ ec2ip_monitor() {
+-        MON_RES=""
+	MON_RES=""
+	if [ "${OCF_RESKEY_lookup_type}" = "NetworkInterfaceId" ]; then
+		EC2_ID="$(ec2ip_get_instance_eni)"
+		RESOURCE_TYPE="interface"
+	else
+		EC2_ID="$EC2_INSTANCE_ID"
+		RESOURCE_TYPE="instance"
+	fi
+
+ 	if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ] || ocf_is_probe; then
+ 		for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do
+ 			ocf_log info "monitor: check routing table (API call) - $rtb"
+ 			if [[ -z "${OCF_RESKEY_routing_table_role}" ]]; then
+-				cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].InstanceId"
+				cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type"
+ 				ocf_log debug "executing command: $cmd"
+ 				ROUTE_TO_INSTANCE="$($cmd)"
+ 			else
+-				cmd="$OCF_RESKEY_awscli $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].InstanceId"
+				cmd="$OCF_RESKEY_awscli $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type"
+ 				ROUTE_TO_INSTANCE="$(execute_cmd_as_role "$cmd" $OCF_RESKEY_routing_table_role)"
+ 			fi
+ 			ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}"
+@@ -230,8 +251,8 @@ ec2ip_monitor() {
+ 				ROUTE_TO_INSTANCE="<unknown>"
+ 			fi
+ 
+-			if [ "$EC2_INSTANCE_ID" != "$ROUTE_TO_INSTANCE" ]; then 
+-				ocf_log warn "not routed to this instance ($EC2_INSTANCE_ID) but to instance $ROUTE_TO_INSTANCE on $rtb"
+			if [ "$EC2_ID" != "$ROUTE_TO_INSTANCE" ]; then
+				ocf_log warn "not routed to this $RESOURCE_TYPE ($EC2_ID) but to $RESOURCE_TYPE $ROUTE_TO_INSTANCE on $rtb"
+ 				MON_RES="$MON_RES $rtb"
+ 			fi
+ 			sleep 1
+@@ -275,7 +296,7 @@ ec2ip_drop() {
+ 	return $OCF_SUCCESS
+ }
+ 
+-ec2ip_get_and_configure() {
+ec2ip_get_instance_eni() {
+ 	MAC_FILE="/sys/class/net/${OCF_RESKEY_interface}/address"
+ 	if [ -f $MAC_FILE ]; then
+ 		cmd="cat ${MAC_FILE}"
+@@ -300,7 +321,11 @@ ec2ip_get_and_configure() {
+ 		return $OCF_ERR_GENERIC
+ 	fi
+ 	ocf_log debug "network interface id associated MAC address ${MAC_ADDR}: ${EC2_NETWORK_INTERFACE_ID}"
+	echo $EC2_NETWORK_INTERFACE_ID
+}
+ 
+ec2ip_get_and_configure() {
+	EC2_NETWORK_INTERFACE_ID="$(ec2ip_get_instance_eni)"
+ 	for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do
+ 		if [ -z "${OCF_RESKEY_routing_table_role}" ]; then
+ 			cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID"
+
+From f4c8daae098dd33bdd5136ca4846eb505110e006 Mon Sep 17 00:00:00 2001
+From: Sander Botman <sbotman@schubergphilis.com>
+Date: Fri, 28 Aug 2020 22:01:03 +0200
+Subject: [PATCH 2/2] aws-vpc-move-ip: Fix the region option
+
+---
+ heartbeat/aws-vpc-move-ip | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
+index bc82428e5..a5b28ad92 100755
+--- a/heartbeat/aws-vpc-move-ip
+++ b/heartbeat/aws-vpc-move-ip
+@@ -243,7 +243,7 @@ ec2ip_monitor() {
+ 				ocf_log debug "executing command: $cmd"
+ 				ROUTE_TO_INSTANCE="$($cmd)"
+ 			else
+-				cmd="$OCF_RESKEY_awscli $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type"
+				cmd="$OCF_RESKEY_awscli $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type"
+ 				ROUTE_TO_INSTANCE="$(execute_cmd_as_role "$cmd" $OCF_RESKEY_routing_table_role)"
+ 			fi
+ 			ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}"
--- a/SOURCES/bz1973035-podman-fix-container-creation-race.patch
+++ b/SOURCES/bz1973035-podman-fix-container-creation-race.patch
@ -0,0 +1,74 @@
+From 7850aea1600389beb16c7aad40bba1b76ae694c4 Mon Sep 17 00:00:00 2001
+From: Damien Ciabrini <dciabrin@redhat.com>
+Date: Tue, 15 Jun 2021 20:03:20 +0200
+Subject: [PATCH] podman: workaround race during container creation
+
+podman and OCI runtime have a race that sometimes causes
+a container to fail to be created and run [1] if the
+cgroup to be used is not available yet. When that happens,
+try to recreate it until it succeeds or the start
+timeout is reached.
+
+[1] https://bugzilla.redhat.com/show_bug.cgi?id=1972209
+---
+ heartbeat/podman | 32 ++++++++++++++++++++++++++++++--
+ 1 file changed, 30 insertions(+), 2 deletions(-)
+
+diff --git a/heartbeat/podman b/heartbeat/podman
+index 5b707f3f5..034dfff76 100755
+--- a/heartbeat/podman
+++ b/heartbeat/podman
+@@ -358,8 +358,18 @@ run_new_container()
+ 	local rc
+ 	
+ 	ocf_log info "running container $CONTAINER for the first time"
+-	ocf_run podman run $opts $image $cmd
+	out=$(podman run $opts $image $cmd 2>&1)
+ 	rc=$?
+
+	if [ -n "$out" ]; then
+		out="$(echo "$out" | tr -s ' \t\r\n' ' ')"
+		if [ $rc -eq 0 ]; then
+			ocf_log info "$out"
+		else
+			ocf_log err "$out"
+		fi
+	fi
+
+ 	if [ $rc -eq 125 ]; then
+ 		# If an internal podman error occurred, it might be because
+ 		# the internal storage layer still references an old container
+@@ -370,6 +380,24 @@ run_new_container()
+ 		ocf_run podman rm --storage $CONTAINER
+ 		ocf_run podman run $opts $image $cmd
+ 		rc=$?
+	elif [ $rc -eq 127 ]; then
+		# rhbz#1972209: podman 3.0.x seems to be hit by a race
+		# where the cgroup is not yet set up properly when the OCI
+		# runtime configures the container. If that happens, recreate
+		# the container as long as we get the same error code or
+		# until start timeout preempts us.
+		while [ $rc -eq 127 ] && (echo "$out" | grep -q "cgroup.*scope not found") ; do
+			ocf_log warn "Internal podman error while assigning cgroup. Retrying."
+			# Arbitrary sleep to prevent consuming all CPU while looping
+			sleep 1
+			podman rm -f "$CONTAINER"
+			out=$(podman run $opts $image $cmd 2>&1)
+			rc=$?
+		done
+		# Log the created container ID if it succeeded
+		if  [ $rc -eq 0 ]; then
+			ocf_log info "$out"
+		fi
+ 	fi
+ 	
+ 	return $rc
+@@ -422,7 +450,7 @@ podman_start()
+ 	fi
+ 
+ 	if [ $rc -ne 0 ]; then
+-		ocf_exit_reason "podman failed to launch container"
+		ocf_exit_reason "podman failed to launch container (rc: $rc)"
+ 		return $OCF_ERR_GENERIC
+ 	fi
+ 
--- a/SPECS/resource-agents.spec
+++ b/SPECS/resource-agents.spec
@ -70,7 +70,7 @@
 Name:		resource-agents
 Summary:	Open Source HA Reusable Cluster Resource Scripts
 Version:	4.1.1
-Release:	90%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
+Release:	90%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.5
 License:	GPLv2+ and LGPLv2+
 URL:		https://github.com/ClusterLabs/resource-agents
 %if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel}
@ -268,6 +268,8 @@ Patch176:	bz1913932-3-gcp-vpc-move-route-make-vpc_network-optional.patch
 Patch177:	bz1937142-azure-lb-redirect-to-avoid-nc-dying-EPIPE-error.patch
 Patch178:	bz1940363-1-galera-redis-use-output-as.patch
 Patch179:	bz1940363-2-bundle-disable-validate-with.patch
+Patch180:	bz1943093-aws-vpc-move-ip-add-ENI-lookup.patch
+Patch181:	bz1973035-podman-fix-container-creation-race.patch

 # bundle patches
 Patch1000:	7-gcp-bundled.patch
@ -603,6 +605,8 @@ exit 1
 %patch177 -p1
 %patch178 -p1
 %patch179 -p1
+%patch180 -p1 -F2
+%patch181 -p1

 chmod 755 heartbeat/nova-compute-wait
 chmod 755 heartbeat/NovaEvacuate
@ -1166,6 +1170,16 @@ ccs_update_schema > /dev/null 2>&1 ||:
 %endif

 %changelog
+* Thu Jun 17 2021 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.1.1-90.5
+- podman: fix possible race during container creation
+
+  Resolves: rhbz#1973035
+
+* Wed Apr 14 2021 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.1.1-90.2
+- aws-vpc-move-ip: add ENI lookup
+
+  Resolves: rhbz#1943093
+
 * Mon Mar 22 2021 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.1.1-90
 - galera/rabbitmq-cluster/redis: run crm_mon without validation when
  running in bundle