- storage-mon: fix daemon mode bug that caused delayed initial score

- portblock: fix iptables version detection Resolves: RHEL-76038, RHEL-79819
2025-04-09 11:26:45 +02:00 · 2025-04-09 11:26:45 +02:00 · f4b27cebc5
commit f4b27cebc5
parent badd35cdf6
7 changed files with 676 additions and 1 deletions
--- a/RHEL-76038-1-storage-mon-remove-unused-variables.patch
+++ b/RHEL-76038-1-storage-mon-remove-unused-variables.patch
@ -0,0 +1,23 @@
+From a1e22c5c612f369bac0830588642560dcea92e7c Mon Sep 17 00:00:00 2001
+From: Fujii Masao <fujii@postgresql.org>
+Date: Sat, 9 Nov 2024 02:33:37 +0900
+Subject: [PATCH] Remove unused macro variables from storage_mon.c.
+
+---
+ tools/storage_mon.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/tools/storage_mon.c b/tools/storage_mon.c
+index f94268f6f..2519a9e72 100644
+--- a/tools/storage_mon.c
+++ b/tools/storage_mon.c
+@@ -33,9 +33,6 @@
+ #define DEFAULT_PIDFILE HA_VARRUNDIR "storage_mon.pid"
+ #define DEFAULT_ATTRNAME "#health-storage_mon"
+ #define SMON_GET_RESULT_COMMAND "get_check_value"
+-#define SMON_RESULT_OK "green"
+-#define SMON_RESULT_NG "red"
+-#define SMON_RESULT_COMMAND_ERROR "unknown command"
+ #define SMON_BUFF_1MEG 1048576
+ #define SMON_MAX_IPCSNAME 256
+ #define SMON_MAX_MSGSIZE 128
--- a/RHEL-76038-2-storage-mon-fix-daemon-mode-bug-that-caused-delayed-initial-score.patch
+++ b/RHEL-76038-2-storage-mon-fix-daemon-mode-bug-that-caused-delayed-initial-score.patch
@ -0,0 +1,79 @@
+From 46715c638829598d949dffab0898fe4c07074895 Mon Sep 17 00:00:00 2001
+From: Hideo Yamauchi <renayama19661014@ybb.ne.jp>
+Date: Thu, 21 Nov 2024 15:21:19 +0900
+Subject: [PATCH 1/2] High: storage-mon: Correct the timing of setting
+ notification values to storage-mon(RA) clients.
+
+---
+ tools/storage_mon.c | 17 ++++++++---------
+ 1 file changed, 8 insertions(+), 9 deletions(-)
+
+diff --git a/tools/storage_mon.c b/tools/storage_mon.c
+index 2519a9e72..27d2ff1d1 100644
+--- a/tools/storage_mon.c
+++ b/tools/storage_mon.c
+@@ -320,7 +320,14 @@ static int32_t sigchld_handler(int32_t sig, void *data)
+ 
+ 						finished_count++;
+ 						test_forks[index] = 0;
+-					
+
+						/* Update the result value for the client response once all checks have completed. */
+						if (device_count == finished_count) { 
+							response_final_score = final_score;
+							if (!daemon_check_first_all_devices) {
+								daemon_check_first_all_devices = TRUE;
+							}
+						}
+ 					}
+ 				}
+ 			} else {
+@@ -441,15 +448,7 @@ static int test_device_main(gpointer data)
+ 		if (is_child_runnning()) {
+ 			device_check = FALSE;
+ 		}
+-		
+-		if (device_count == finished_count && device_check) { 
+-			/* Update the result value for the client response once all checks have completed. */
+-			response_final_score = final_score;
+ 
+-			if (!daemon_check_first_all_devices) {
+-				daemon_check_first_all_devices = TRUE;
+-			}
+-		}
+ 	}
+ 
+ 	if (device_check) {
+
+From 1201390fb219d1b566c5d31463daacef60c31ab4 Mon Sep 17 00:00:00 2001
+From: Hideo Yamauchi <renayama19661014@ybb.ne.jp>
+Date: Thu, 21 Nov 2024 15:43:33 +0900
+Subject: [PATCH 2/2] Mid: storage-mon RA: Wait until monitor confirms the
+ startup pid according to the OCF resource specification.
+
+---
+ heartbeat/storage-mon.in | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/heartbeat/storage-mon.in b/heartbeat/storage-mon.in
+index 284dec30f..7c9943d4f 100644
+--- a/heartbeat/storage-mon.in
+++ b/heartbeat/storage-mon.in
+@@ -325,6 +325,17 @@ storage-mon_start() {
+ 		if [ "$?" -ne 0 ]; then
+ 			return $OCF_ERR_GENERIC
+ 		fi
+
+		#Wait until monitor confirms the startup pid according to the ocf resource specification.	
+		while true; do
+			storage-mon_monitor pid_check_only
+			rc="$?"
+			if [ $rc -eq $OCF_SUCCESS ]; then
+				break
+			fi
+			sleep 1
+			ocf_log debug "storage-mon daemon still hasn't started yet. Waiting..."
+		done
+ 	fi
+ }
+ 
--- a/RHEL-76038-3-storage-mon-only-use-underscores-in-functions.patch
+++ b/RHEL-76038-3-storage-mon-only-use-underscores-in-functions.patch
@ -0,0 +1,148 @@
+From b72b329a45c058fda720c6739f881b9597fc8b30 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Thu, 23 Jan 2025 16:18:20 +0100
+Subject: [PATCH] storage-mon: replace dashes with underscores in functions
+
+Dashes in function names produce "`storage-mon_usage': not a valid identifier"
+error when run with sh -x.
+---
+ heartbeat/storage-mon.in | 44 ++++++++++++++++++++--------------------
+ 1 file changed, 22 insertions(+), 22 deletions(-)
+
+diff --git a/heartbeat/storage-mon.in b/heartbeat/storage-mon.in
+index 7c9943d4f..5edb96979 100644
+--- a/heartbeat/storage-mon.in
+++ b/heartbeat/storage-mon.in
+@@ -152,7 +152,7 @@ END
+ 
+ #######################################################################
+ 
+-storage-mon_usage() {
+storage_mon_usage() {
+ 	cat <<END
+ usage: $0 {start|stop|monitor|validate-all|meta-data}
+ 
+@@ -161,7 +161,7 @@ END
+ 	return $1
+ }
+ 
+-storage-mon_init() {
+storage_mon_init() {
+ 	#Test for presence of storage_mon helper
+ 	if [ ! -x "$STORAGEMON" ] ; then
+ 		ocf_log err "${STORAGEMON} not installed."
+@@ -205,7 +205,7 @@ storage-mon_init() {
+ 	fi
+ }
+ 
+-storage-mon_update_attribute() {
+storage_mon_update_attribute() {
+ 
+ 	while :
+ 	do
+@@ -224,9 +224,9 @@ storage-mon_update_attribute() {
+ 	return $OCF_SUCCESS
+ }
+ 
+-storage-mon_monitor() {
+storage_mon_monitor() {
+ 	if ! ocf_is_true "$OCF_RESKEY_daemonize"; then
+-		storage-mon_init
+		storage_mon_init
+ 
+ 		# Monitor _MUST!_ differentiate correctly between running
+ 		# (SUCCESS), failed (ERROR) or _cleanly_ stopped (NOT RUNNING).
+@@ -252,7 +252,7 @@ storage-mon_monitor() {
+ 			status="green"
+ 		fi
+ 
+-		storage-mon_update_attribute $status
+		storage_mon_update_attribute $status
+ 		return "$?"
+ 	else
+ 		ocf_pidfile_status "${PIDFILE}" > /dev/null 2>&1
+@@ -298,20 +298,20 @@ storage-mon_monitor() {
+ 			esac
+ 		done
+ 
+-		storage-mon_update_attribute $status
+		storage_mon_update_attribute $status
+ 		return "$?"
+ 	fi	
+ }
+ 
+-storage-mon_start() {
+storage_mon_start() {
+ 	if ! ocf_is_true "$OCF_RESKEY_daemonize"; then
+-		storage-mon_monitor
+		storage_mon_monitor
+ 		if [ $? -eq $OCF_SUCCESS ]; then
+ 			return $OCF_SUCCESS
+ 		fi
+ 		touch "${OCF_RESKEY_state_file}"
+ 	else
+-		storage-mon_init
+		storage_mon_init
+ 		# generate command line
+ 		cmdline=""
+ 		for DRIVE in ${OCF_RESKEY_drives}; do
+@@ -328,7 +328,7 @@ storage-mon_start() {
+ 
+ 		#Wait until monitor confirms the startup pid according to the ocf resource specification.	
+ 		while true; do
+-			storage-mon_monitor pid_check_only
+			storage_mon_monitor pid_check_only
+ 			rc="$?"
+ 			if [ $rc -eq $OCF_SUCCESS ]; then
+ 				break
+@@ -339,8 +339,8 @@ storage-mon_start() {
+ 	fi
+ }
+ 
+-storage-mon_stop() {
+-	storage-mon_monitor
+storage_mon_stop() {
+	storage_mon_monitor
+ 	rc=$?
+ 
+ 	if ! ocf_is_true "$OCF_RESKEY_daemonize"; then
+@@ -363,7 +363,7 @@ storage-mon_stop() {
+ 		fi
+ 
+ 		while true; do
+-			storage-mon_monitor pid_check_only
+			storage_mon_monitor pid_check_only
+ 			rc="$?"
+ 			case "$rc" in
+ 				$OCF_SUCCESS)
+@@ -379,8 +379,8 @@ storage-mon_stop() {
+ 	return $OCF_SUCCESS
+ }
+ 
+-storage-mon_validate() {
+-	storage-mon_init
+storage_mon_validate() {
+	storage_mon_init
+ 
+ 	if ! ocf_is_true "$OCF_RESKEY_daemonize"; then
+ 		# Is the state directory writable?
+@@ -396,13 +396,13 @@ storage-mon_validate() {
+ }
+ 
+ case "$__OCF_ACTION" in
+-	start)		storage-mon_start;;
+-	stop)		storage-mon_stop;;
+-	monitor)	storage-mon_monitor;;
+-	validate-all)	storage-mon_validate;;
+	start)		storage_mon_start;;
+	stop)		storage_mon_stop;;
+	monitor)	storage_mon_monitor;;
+	validate-all)	storage_mon_validate;;
+ 	meta-data)	meta_data;;
+-	usage|help)	storage-mon_usage $OCF_SUCCESS;;
+-	*)		storage-mon_usage $OCF_ERR_UNIMPLEMENTED;;
+	usage|help)	storage_mon_usage $OCF_SUCCESS;;
+	*)		storage_mon_usage $OCF_ERR_UNIMPLEMENTED;;
+ esac
+ rc=$?
+ ocf_log debug "${OCF_RESOURCE_INSTANCE} $__OCF_ACTION : $rc"
--- a/RHEL-76038-4-storage-mon-check-if-daemon-is-already-running.patch
+++ b/RHEL-76038-4-storage-mon-check-if-daemon-is-already-running.patch
@ -0,0 +1,25 @@
+From c6f520344e830a7c946b2222f9f251be038b1b28 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Fri, 24 Jan 2025 10:01:30 +0100
+Subject: [PATCH] storage-mon: check if daemon is already running during
+ start-action
+
+---
+ heartbeat/storage-mon.in | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/heartbeat/storage-mon.in b/heartbeat/storage-mon.in
+index 5edb96979..00e42f68d 100644
+--- a/heartbeat/storage-mon.in
+++ b/heartbeat/storage-mon.in
+@@ -311,6 +311,10 @@ storage_mon_start() {
+ 		fi
+ 		touch "${OCF_RESKEY_state_file}"
+ 	else
+		storage_mon_monitor pid_check_only
+		if [ $? -eq $OCF_SUCCESS ]; then
+			return $OCF_SUCCESS
+		fi
+ 		storage_mon_init
+ 		# generate command line
+ 		cmdline=""
--- a/RHEL-76038-5-storage-mon-log-storage_mon-is-already-running-in-start-action.patch
+++ b/RHEL-76038-5-storage-mon-log-storage_mon-is-already-running-in-start-action.patch
@ -0,0 +1,22 @@
+From de51a1705ce761f1fb5f1b2294cfc1153af70c1c Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Mon, 27 Jan 2025 09:54:06 +0100
+Subject: [PATCH] storage-mon: log "storage_mon is already running" in
+ start-action
+
+---
+ heartbeat/storage-mon.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/heartbeat/storage-mon.in b/heartbeat/storage-mon.in
+index 00e42f68d..d60db4ad4 100644
+--- a/heartbeat/storage-mon.in
+++ b/heartbeat/storage-mon.in
+@@ -313,6 +313,7 @@ storage_mon_start() {
+ 	else
+ 		storage_mon_monitor pid_check_only
+ 		if [ $? -eq $OCF_SUCCESS ]; then
+			ocf_log info "storage_mon is already running. PID=`cat $PIDFILE`"
+ 			return $OCF_SUCCESS
+ 		fi
+ 		storage_mon_init
--- a/RHEL-79819-portblock-fix-version-detection.patch
+++ b/RHEL-79819-portblock-fix-version-detection.patch
@ -0,0 +1,360 @@
+--- a/heartbeat/portblock	2021-11-03 10:12:01.000000000 +0100
+++ b/heartbeat/portblock	2025-02-20 14:09:44.546869740 +0100
+@@ -25,6 +25,7 @@
+ # Defaults
+ OCF_RESKEY_protocol_default=""
+ OCF_RESKEY_portno_default=""
+OCF_RESKEY_direction_default="in"
+ OCF_RESKEY_action_default=""
+ OCF_RESKEY_ip_default="0.0.0.0/0"
+ OCF_RESKEY_reset_local_on_unblock_stop_default="false"
+@@ -33,6 +34,7 @@
+ 
+ : ${OCF_RESKEY_protocol=${OCF_RESKEY_protocol_default}}
+ : ${OCF_RESKEY_portno=${OCF_RESKEY_portno_default}}
+: ${OCF_RESKEY_direction=${OCF_RESKEY_direction_default}}
+ : ${OCF_RESKEY_action=${OCF_RESKEY_action_default}}
+ : ${OCF_RESKEY_ip=${OCF_RESKEY_ip_default}}
+ : ${OCF_RESKEY_reset_local_on_unblock_stop=${OCF_RESKEY_reset_local_on_unblock_stop_default}}
+@@ -217,6 +219,18 @@
+ <shortdesc lang="en">Connection state file synchronization script</shortdesc>
+ <content type="string" default="${OCF_RESKEY_sync_script_default}" />
+ </parameter>
+
+<parameter name="direction" unique="0" required="0">
+<longdesc lang="en">
+Whether to block incoming or outgoing traffic. Can be either "in",
+"out", or "both".
+If "in" is used, the incoming ports are blocked on the INPUT chain.
+If "out" is used, the outgoing ports are blocked on the OUTPUT chain.
+If "both" is used, both the incoming and outgoing ports are blocked.
+</longdesc>
+<shortdesc lang="en">Whether to block incoming or outgoing traffic, or both</shortdesc>
+<content type="string" default="${OCF_RESKEY_direction_default}" />
+</parameter>
+ </parameters>
+ 
+ <actions>
+@@ -240,19 +254,34 @@
+ #	and disable us -- but we're still in some sense active...
+ #
+ 
+-#active_grep_pat {udp|tcp} portno,portno
+#active_grep_pat {udp|tcp} portno,portno ip {d|s}
+# d = look for destination ports
+# s = look for source ports
+ active_grep_pat()
+ {
+   w="[ 	][ 	]*"
+   any="0\\.0\\.0\\.0/0"
+-  echo "^DROP${w}${1}${w}--${w}${any}${w}${3}${w}multiport${w}dports${w}${2}\>"
+  src=$any dst=$3
+  if [ "$4" = "s" ]; then
+    local src=$3
+    local dst=$any
+  fi
+  # iptables 1.8.9 briefly broke the output format, returning the
+  # numeric protocol value instead of a string. Support both variants.
+  if [ "$1" = "tcp" ]; then
+    local prot="(tcp|6)"
+  else
+    local prot="(udp|17)"
+  fi
+  echo "^DROP${w}${prot}${w}--${w}${src}${w}${dst}${w}multiport${w}${4}ports${w}${2}$"
+ }
+ 
+-#chain_isactive  {udp|tcp} portno,portno ip
+#chain_isactive  {udp|tcp} portno,portno ip chain
+ chain_isactive()
+ {
+-  PAT=`active_grep_pat "$1" "$2" "$3"`
+-  $IPTABLES $wait -n -L INPUT | grep "$PAT" >/dev/null
+  [ "$4" = "OUTPUT" ] && ds="s" || ds="d"
+  PAT=$(active_grep_pat "$1" "$2" "$3" "$ds")
+  $IPTABLES $wait -n -L "$4" | grep -qE "$PAT"
+ }
+ 
+ # netstat -tn and ss -Htn, split on whitespace and colon,
+@@ -299,7 +328,6 @@
+ tickle_remote()
+ {
+ 	[ -z "$OCF_RESKEY_tickle_dir" ] && return
+-	echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
+ 	f=$OCF_RESKEY_tickle_dir/$OCF_RESKEY_ip
+ 	[ -r $f ] || return
+ 	$TICKLETCP -n 3 < $f
+@@ -331,112 +359,140 @@
+ 
+ SayActive()
+ {
+-  echo "$CMD DROP rule for INPUT chain [$*]  is running (OK)"
+  ocf_log debug "$CMD DROP rule [$*]  is running (OK)"
+ }
+ 
+ SayConsideredActive()
+ {
+-  echo "$CMD DROP rule for INPUT chain [$*] considered to be running (OK)"
+  ocf_log debug "$CMD DROP rule [$*] considered to be running (OK)"
+ }
+ 
+ SayInactive()
+ {
+-  echo "$CMD DROP rule for INPUT chain [$*] is inactive"
+  ocf_log debug "$CMD DROP rule [$*] is inactive"
+ }
+ 
+-#IptablesStatus  {udp|tcp} portno,portno ip {block|unblock}
+#IptablesStatus  {udp|tcp} portno,portno ip {in|out|both} {block|unblock}
+ IptablesStatus() {
+-    local rc
+-    rc=$OCF_ERR_GENERIC
+-    activewords="$CMD $1 $2 is running (OK)"
+-    if chain_isactive "$1" "$2" "$3"; then
+-	case $4 in
+-	    block)	
+-		SayActive $*
+-		rc=$OCF_SUCCESS
+-		;;
+-	    *)
+- 		SayInactive $*
+-		rc=$OCF_NOT_RUNNING
+-		;;
+-	esac
+-    else
+-	case $4 in
+-	    block)
+-		if ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" status; then
+-		    SayConsideredActive $*
+-		    rc=$OCF_SUCCESS
+-		else
+-		    SayInactive $*
+-		    rc=$OCF_NOT_RUNNING
+-		fi
+-		;;
+-	    
+-	    *)
+-		if ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" status; then
+-			SayActive $*
+-			#This is only run on real monitor events.
+-			save_tcp_connections
+-			rc=$OCF_SUCCESS
+-		else
+-			SayInactive $*
+-			rc=$OCF_NOT_RUNNING
+-		fi
+-		;;
+-	esac
+-    fi      
+-    
+-    return $rc
+  local rc
+  rc=$OCF_ERR_GENERIC
+  is_active=0
+  if [ "$4" = "in" ] || [ "$4" = "both" ]; then
+    chain_isactive "$1" "$2" "$3" INPUT
+    is_active=$?
+  fi
+  if [ "$4" = "out" ] || [ "$4" = "both" ]; then
+    chain_isactive "$1" "$2" "$3" OUTPUT
+    r=$?
+    [ $r -gt $is_active ] && is_active=$r
+  fi
+  if [ $is_active -eq 0 ]; then
+    case $5 in
+      block)
+        SayActive $*
+        rc=$OCF_SUCCESS
+        ;;
+      *)
+        SayInactive $*
+        rc=$OCF_NOT_RUNNING
+        ;;
+    esac
+  else
+    case $5 in
+      block)
+        if ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" status; then
+          SayConsideredActive $*
+          rc=$OCF_SUCCESS
+        else
+          SayInactive $*
+          rc=$OCF_NOT_RUNNING
+        fi
+        ;;
+      *)
+        if ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" status; then
+          SayActive $*
+          #This is only run on real monitor events.
+          save_tcp_connections
+          rc=$OCF_SUCCESS
+        else
+          SayInactive $*
+          rc=$OCF_NOT_RUNNING
+        fi
+        ;;
+    esac
+  fi
+  return $rc
+ }
+ 
+-#IptablesBLOCK  {udp|tcp} portno,portno ip
+-IptablesBLOCK()
+#DoIptables  {-I|-D} {udp|tcp} portno,portno ip chain
+DoIptables()
+ {
+-  local rc=0
+-  local try_reset=false
+-  if	[ "$1/$4/$__OCF_ACTION" = tcp/unblock/stop ] &&
+-	ocf_is_true $reset_local_on_unblock_stop
+-  then
+-	try_reset=true
+-  fi
+-  if
+-    chain_isactive "$1" "$2" "$3"
+-  then
+-    : OK -- chain already active
+  op=$1 proto=$2 ports=$3 ip=$4 chain=$5
+  active=0; chain_isactive "$proto" "$ports" "$ip" "$chain" && active=1
+  want_active=0; [ "$op" = "-I" ] && want_active=1
+  ocf_log debug "active: $active want_active: $want_active"
+  if [ $active -eq $want_active ] ; then
+    : Chain already in desired state
+   else
+-    if $try_reset ; then
+-      $IPTABLES $wait -I OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
+-      tickle_local
+    [ "$chain" = "OUTPUT" ] && ds="s" || ds="d"
+    $IPTABLES $wait "$op" "$chain" -p "$proto" -${ds} "$ip" -m multiport --${ds}ports "$ports" -j DROP
+  fi
+}
+
+#IptablesBLOCK  {udp|tcp} portno,portno ip {in|out|both} {block|unblock}
+IptablesBLOCK()
+{
+  local rc_in=0
+  local rc_out=0
+  if [ "$4" = "in" ] || [ "$4" = "both" ]; then
+    local try_reset=false
+    if	[ "$1/$5/$__OCF_ACTION" = tcp/unblock/stop ] &&
+    ocf_is_true $reset_local_on_unblock_stop
+    then
+      try_reset=true
+     fi
+-    $IPTABLES $wait -I INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
+-    rc=$?
+-    if $try_reset ; then
+-      $IPTABLES $wait -D OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
+    if
+      chain_isactive "$1" "$2" "$3" INPUT
+    then
+      : OK -- chain already active
+    else
+      if $try_reset ; then
+        $IPTABLES $wait -I OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
+        tickle_local
+      fi
+      $IPTABLES $wait -I INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
+      rc_in=$?
+      if $try_reset ; then
+        $IPTABLES $wait -D OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
+      fi
+     fi
+   fi
+  if [ "$4" = "out" ] || [ "$4" = "both" ]; then
+    DoIptables -I "$1" "$2" "$3" OUTPUT
+    rc_out=$?
+  fi
+ 
+-  return $rc
+  [ $rc_in -gt $rc_out ] && return $rc_in || return $rc_out
+ }
+ 
+-#IptablesUNBLOCK  {udp|tcp} portno,portno ip
+#IptablesUNBLOCK  {udp|tcp} portno,portno ip {in|out|both}
+ IptablesUNBLOCK()
+ {
+-  if
+-    chain_isactive "$1" "$2" "$3"
+-  then
+-    $IPTABLES $wait -D INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
+-  else
+-    : Chain Not active
+  if [ "$4" = "in" ] || [ "$4" = "both" ]; then
+    DoIptables -D "$1" "$2" "$3" INPUT
+  fi
+  if [ "$4" = "out" ] || [ "$4" = "both" ]; then
+    DoIptables -D "$1" "$2" "$3" OUTPUT
+   fi
+ 
+   return $?
+ }
+ 
+-#IptablesStart  {udp|tcp} portno,portno ip {block|unblock}
+#IptablesStart  {udp|tcp} portno,portno ip {in|out|both} {block|unblock}
+ IptablesStart()
+ {
+   ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" start
+-  case $4 in
+  case $5 in
+     block)	IptablesBLOCK "$@";;
+     unblock)
+ 		IptablesUNBLOCK "$@"
+@@ -451,11 +507,11 @@
+   return $?
+ }
+ 
+-#IptablesStop  {udp|tcp} portno,portno ip {block|unblock}
+#IptablesStop  {udp|tcp} portno,portno ip {in|out|both} {block|unblock}
+ IptablesStop()
+ {
+   ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" stop
+-  case $4 in
+  case $5 in
+     block)	IptablesUNBLOCK "$@";;
+     unblock)
+ 		save_tcp_connections
+@@ -473,7 +529,7 @@
+ CheckPort() {
+ #	Examples of valid port: "1080", "1", "0080"
+ #	Examples of invalid port: "1080bad", "0", "0000", ""
+-  echo $1 |egrep -qx '[0-9]+(:[0-9]+)?(,[0-9]+(:[0-9]+)?)*'
+  echo $1 | $EGREP -qx '[0-9]+(:[0-9]+)?(,[0-9]+(:[0-9]+)?)*'
+ }
+ 
+ IptablesValidateAll()
+@@ -562,7 +618,7 @@
+ fi 
+ 
+ # iptables v1.4.20+ is required to use -w (wait)
+-version=$(iptables -V | awk -F ' v' '{print $NF}')
+version=$(iptables -V | grep -oE '[0-9]+[\.0-9]+')
+ ocf_version_cmp "$version" "1.4.19.1"
+ if [ "$?" -eq "2" ]; then
+     wait="-w"
+@@ -572,6 +628,7 @@
+ 
+ protocol=$OCF_RESKEY_protocol
+ portno=$OCF_RESKEY_portno
+direction=$OCF_RESKEY_direction
+ action=$OCF_RESKEY_action
+ ip=$OCF_RESKEY_ip
+ reset_local_on_unblock_stop=$OCF_RESKEY_reset_local_on_unblock_stop
+@@ -592,15 +649,15 @@
+ 
+ case $1 in
+   start)	
+-			IptablesStart $protocol $portno $ip $action 
+			IptablesStart $protocol $portno $ip $direction $action
+ 			;;
+ 
+   stop)		
+-			IptablesStop $protocol $portno $ip $action
+			IptablesStop $protocol $portno $ip $direction $action
+ 			;;
+ 
+   status|monitor)	
+-			IptablesStatus $protocol $portno $ip $action
+			IptablesStatus $protocol $portno $ip $direction $action
+ 			;;
+ 
+   validate-all)
--- a/resource-agents.spec
+++ b/resource-agents.spec
@ -45,7 +45,7 @@
 Name:		resource-agents
 Summary:	Open Source HA Reusable Cluster Resource Scripts
 Version:	4.10.0
-Release:	72%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
+Release:	73%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
 License:	GPLv2+ and LGPLv2+
 URL:		https://github.com/ClusterLabs/resource-agents
 Source0:	%{upstream_prefix}-%{upstream_version}.tar.gz
@ -149,6 +149,12 @@ Patch96: 	RHEL-68739-awsvip-add-interface-parameter.patch
 Patch97:	RHEL-69734-1-openstack-cinder-volume-wait-for-volume-to-be-available.patch
 Patch98:	RHEL-69734-2-openstack-cinder-volume-fix-detach-not-working-during-start-action.patch
 Patch99:	RHEL-85056-tomcat-fix-CATALINA_PID-not-set-and-parameter-defaults.patch
+Patch100: 	RHEL-76038-1-storage-mon-remove-unused-variables.patch
+Patch101: 	RHEL-76038-2-storage-mon-fix-daemon-mode-bug-that-caused-delayed-initial-score.patch
+Patch102: 	RHEL-76038-3-storage-mon-only-use-underscores-in-functions.patch
+Patch103:	RHEL-76038-4-storage-mon-check-if-daemon-is-already-running.patch
+Patch104:	RHEL-76038-5-storage-mon-log-storage_mon-is-already-running-in-start-action.patch
+Patch105:	RHEL-79819-portblock-fix-version-detection.patch

 # bundled ha-cloud-support libs
 Patch500:	ha-cloud-support-aliyun.patch
@ -372,6 +378,12 @@ exit 1
 %patch -p1 -P 97
 %patch -p1 -P 98
 %patch -p1 -P 99
+%patch -p1 -P 100
+%patch -p1 -P 101
+%patch -p1 -P 102
+%patch -p1 -P 103
+%patch -p1 -P 104
+%patch -p1 -P 105

 # bundled ha-cloud-support libs
 %patch -p1 -P 500
@ -701,6 +713,12 @@ rm -rf %{buildroot}/usr/share/doc/resource-agents
 %{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm

 %changelog
+* Wed Apr  9 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-73
+- storage-mon: fix daemon mode bug that caused delayed initial score
+- portblock: fix iptables version detection
+
+  Resolves: RHEL-76038, RHEL-79819
+
 * Tue Apr  1 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-72
 - tomcat: fix CATALINA_PID not set, and catalina_base and catalina_out
  parameter defaults