From cb460115e263d8a775746183b09f3b8dcb0b722d Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Fri, 31 Oct 2025 09:07:26 +0100
Subject: [PATCH] - nfsserver: add ability to set e.g.
 "pipefs-directory=/run/nfs/rpc_pipefs"   in /etc/nfs.conf to avoid issues
 with non-clustered Kerberized mounts

  Resolves: RHEL-109486
---
 ...port-non-clustered-kerberized-mounts.patch | 92 +++++++++++++++++++
 resource-agents.spec                          | 10 +-
 2 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 RHEL-109486-nfsserver-support-non-clustered-kerberized-mounts.patch

diff --git a/RHEL-109486-nfsserver-support-non-clustered-kerberized-mounts.patch b/RHEL-109486-nfsserver-support-non-clustered-kerberized-mounts.patch
new file mode 100644
index 0000000..a88052d
--- /dev/null
+++ b/RHEL-109486-nfsserver-support-non-clustered-kerberized-mounts.patch
@@ -0,0 +1,92 @@
+From a4fd26a37b20e86e7c188b45d40e31d240f3decf Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Thu, 14 Aug 2025 09:33:17 +0200
+Subject: [PATCH] nfsserver: add ability to set e.g.
+ "pipefs-directory=/run/nfs/rpc_pipefs" in /etc/nfs.conf to avoid issues with
+ non-clustered Kerberized mounts
+
+---
+ heartbeat/nfsserver | 28 +++++++++++++++++-----------
+ 1 file changed, 17 insertions(+), 11 deletions(-)
+
+diff --git a/heartbeat/nfsserver b/heartbeat/nfsserver
+index 5b02924a9..83f4bac51 100755
+--- a/heartbeat/nfsserver
++++ b/heartbeat/nfsserver
+@@ -264,7 +264,7 @@ set_exec_mode()
+ 	##
+ 	# If the user defined an init script, It must exist for us to continue
+ 	##
+-	if [ -n "$OCF_RESKEY_nfs_init_script" ]; then
++	if [ $systemd_running -ne 0 ] && [ -n "$OCF_RESKEY_nfs_init_script" ]; then
+ 		# check_binary will exit the process if init script does not exist
+ 		check_binary ${OCF_RESKEY_nfs_init_script}
+ 		EXEC_MODE=1
+@@ -274,7 +274,7 @@ set_exec_mode()
+ 	##
+ 	# Check to see if the default init script exists, if so we'll use that.
+ 	##
+-	if which $DEFAULT_INIT_SCRIPT > /dev/null 2>&1; then
++	if [ $systemd_running -ne 0 ] && which $DEFAULT_INIT_SCRIPT > /dev/null 2>&1; then
+ 		OCF_RESKEY_nfs_init_script=$DEFAULT_INIT_SCRIPT
+ 		EXEC_MODE=1
+ 		return 0
+@@ -780,7 +780,7 @@ nfsserver_start ()
+ 	# the uts namespace is useless in that case.
+ 	# If systemd is running, mangle the nfs-server.service unit,
+ 	# independent of the "EXEC_MODE" we detected.
+-	if $systemd_is_running ; then
++	if [ $systemd_running -eq 0 ]; then
+ 		if [ -z "$OCF_RESKEY_nfs_server_scope" ] ; then
+ 			remove_unshare_uts_dropins
+ 		else
+@@ -789,7 +789,9 @@ nfsserver_start ()
+ 	fi
+ 
+ 	if ! `mount | grep -q " on $OCF_RESKEY_rpcpipefs_dir "`; then
+-		mount -t rpc_pipefs sunrpc $OCF_RESKEY_rpcpipefs_dir
++		if [ $systemd_running -ne 0 ] || { [ $systemd_running -eq 0 ] && systemctl -q is-enabled var-lib-nfs-rpc_pipefs.mount ;}; then
++			mount -t rpc_pipefs sunrpc $OCF_RESKEY_rpcpipefs_dir
++		fi
+ 	fi
+ 
+ 	# remove the sm-notify pid so sm-notify will be allowed to run again without requiring a reboot.
+@@ -1003,11 +1005,15 @@ nfsserver_stop ()
+ 		fi
+ 	fi
+ 
+-	# systemd
+-	case $EXEC_MODE in
+-            [23]) nfs_exec stop rpc-gssd > /dev/null 2>&1
+-		  ocf_log info "Stop: rpc-gssd"
+-	esac
++
++	if mount | grep -q " on $OCF_RESKEY_rpcpipefs_dir "; then
++		# systemd
++		case $EXEC_MODE in
++			[23])
++				nfs_exec stop rpc-gssd > /dev/null 2>&1
++				ocf_log info "Stop: rpc-gssd"
++		esac
++	fi
+ 
+ 	unbind_tree
+ 	rc=$?
+@@ -1017,7 +1023,7 @@ nfsserver_stop ()
+ 		ocf_log info "NFS server stopped"
+ 	fi
+ 
+-	if $systemd_is_running; then
++	if [ $systemd_running -eq 0 ]; then
+ 		remove_unshare_uts_dropins
+ 	fi
+ 
+@@ -1057,7 +1063,7 @@ nfsserver_validate ()
+ }
+ 
+ nfsserver_validate
+-systemd_is_running && systemd_is_running=true || systemd_is_running=false
++systemd_is_running; systemd_running=$?
+ 
+ case $__OCF_ACTION in
+ 	start)      nfsserver_start
diff --git a/resource-agents.spec b/resource-agents.spec
index 3b7ead4..582c999 100644
--- a/resource-agents.spec
+++ b/resource-agents.spec
@@ -45,7 +45,7 @@
 Name:		resource-agents
 Summary:	Open Source HA Reusable Cluster Resource Scripts
 Version:	4.16.0
-Release:	35%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
+Release:	36%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
 License:	GPL-2.0-or-later AND LGPL-2.1-or-later
 URL:		https://github.com/ClusterLabs/resource-agents
 Source0:	%{upstream_prefix}-%{upstream_version}.tar.gz
@@ -96,6 +96,7 @@ Patch43:	RHEL-124206-podman-etcd-compute-dynamic-revision-bump-from-maxRaftIndex
 Patch44:	RHEL-102255-RHEL-102319-2-db2-fix-variable-name.patch
 Patch45:	RHEL-92707-MailTo-add-s-nail-support-for-multiple-recipients.patch
 Patch46:	RHEL-124881-oracle-improve-monpassword-description.patch
+Patch47:	RHEL-109486-nfsserver-support-non-clustered-kerberized-mounts.patch
 
 # bundled ha-cloud-support libs
 Patch500:	ha-cloud-support-aliyun.patch
@@ -313,6 +314,7 @@ exit 1
 %patch -p1 -P 44
 %patch -p1 -P 45
 %patch -p1 -P 46
+%patch -p1 -P 47
 
 # bundled ha-cloud-support libs
 %patch -p1 -P 500
@@ -645,6 +647,12 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents
 %{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm
 
 %changelog
+* Fri Oct 31 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.16.0-36
+- nfsserver: add ability to set e.g. "pipefs-directory=/run/nfs/rpc_pipefs"
+  in /etc/nfs.conf to avoid issues with non-clustered Kerberized mounts
+
+  Resolves: RHEL-109486
+
 * Wed Oct 29 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.16.0-35
 - MailTo: add s-nail support for multiple recipients
 - oracle: improve monpassword description