Compare commits
6 Commits
Author | SHA1 | Date | |
---|---|---|---|
8df5f7fd90 | |||
db8e1b2210 | |||
25392ed657 | |||
03e4bf727d | |||
192328a6ac | |||
940f47f4c7 |
3
.gitignore
vendored
3
.gitignore
vendored
@ -6,6 +6,7 @@ SOURCES/aliyun-python-sdk-vpc-3.0.2.tar.gz
|
||||
SOURCES/colorama-0.3.3.tar.gz
|
||||
SOURCES/google-cloud-sdk-360.0.0-linux-x86_64.tar.gz
|
||||
SOURCES/httplib2-0.20.4.tar.gz
|
||||
SOURCES/pycryptodome-3.6.4.tar.gz
|
||||
SOURCES/pycryptodome-3.20.0.tar.gz
|
||||
SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl
|
||||
SOURCES/pyroute2-0.4.13.tar.gz
|
||||
SOURCES/urllib3-1.26.18.tar.gz
|
@ -6,6 +6,7 @@ f14647a4d37a9a254c4e711b95a7654fc418e41e SOURCES/aliyun-python-sdk-vpc-3.0.2.tar
|
||||
0fe5bd8bca54dd71223778a1e0bcca9af324abb1 SOURCES/colorama-0.3.3.tar.gz
|
||||
81f039cf075e9c8b70d5af99c189296a9e031de3 SOURCES/google-cloud-sdk-360.0.0-linux-x86_64.tar.gz
|
||||
7caf4412d9473bf17352316249a8133fa70b7e37 SOURCES/httplib2-0.20.4.tar.gz
|
||||
326a73f58a62ebee00c11a12cfdd838b196e0e8e SOURCES/pycryptodome-3.6.4.tar.gz
|
||||
c55d177e9484d974c95078d4ae945f89ba2c7251 SOURCES/pycryptodome-3.20.0.tar.gz
|
||||
c8307f47e3b75a2d02af72982a2dfefa3f56e407 SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl
|
||||
147149db11104c06d405fd077dcd2aa1c345f109 SOURCES/pyroute2-0.4.13.tar.gz
|
||||
84e2852d8da1655373f7ce5e7d5d3e256b62b4e4 SOURCES/urllib3-1.26.18.tar.gz
|
||||
|
@ -1,6 +1,17 @@
|
||||
diff --color -uNr a/heartbeat/gcp-pd-move.in b/heartbeat/gcp-pd-move.in
|
||||
--- a/heartbeat/gcp-pd-move.in 2024-07-22 10:59:42.170483160 +0200
|
||||
+++ b/heartbeat/gcp-pd-move.in 2024-07-22 11:01:51.455543850 +0200
|
||||
@@ -32,6 +32,7 @@
|
||||
from ocf import logger
|
||||
|
||||
try:
|
||||
+ sys.path.insert(0, '/usr/lib/resource-agents/bundled/gcp')
|
||||
import googleapiclient.discovery
|
||||
except ImportError:
|
||||
pass
|
||||
diff --color -uNr a/heartbeat/gcp-vpc-move-ip.in b/heartbeat/gcp-vpc-move-ip.in
|
||||
--- a/heartbeat/gcp-vpc-move-ip.in 2022-06-16 09:45:21.419090782 +0200
|
||||
+++ b/heartbeat/gcp-vpc-move-ip.in 2022-06-16 10:11:22.978648598 +0200
|
||||
--- a/heartbeat/gcp-vpc-move-ip.in 2024-07-22 10:59:42.170483160 +0200
|
||||
+++ b/heartbeat/gcp-vpc-move-ip.in 2024-07-22 11:01:18.010752081 +0200
|
||||
@@ -36,7 +36,7 @@
|
||||
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
|
||||
|
||||
@ -11,8 +22,8 @@ diff --color -uNr a/heartbeat/gcp-vpc-move-ip.in b/heartbeat/gcp-vpc-move-ip.in
|
||||
OCF_RESKEY_vpc_network_default="default"
|
||||
OCF_RESKEY_interface_default="eth0"
|
||||
diff --color -uNr a/heartbeat/gcp-vpc-move-route.in b/heartbeat/gcp-vpc-move-route.in
|
||||
--- a/heartbeat/gcp-vpc-move-route.in 2022-06-16 09:45:21.420090788 +0200
|
||||
+++ b/heartbeat/gcp-vpc-move-route.in 2022-06-16 10:11:22.978648598 +0200
|
||||
--- a/heartbeat/gcp-vpc-move-route.in 2024-07-22 10:59:42.170483160 +0200
|
||||
+++ b/heartbeat/gcp-vpc-move-route.in 2024-07-22 11:01:18.011752105 +0200
|
||||
@@ -45,6 +45,7 @@
|
||||
from ocf import *
|
||||
|
||||
@ -22,8 +33,8 @@ diff --color -uNr a/heartbeat/gcp-vpc-move-route.in b/heartbeat/gcp-vpc-move-rou
|
||||
import pyroute2
|
||||
try:
|
||||
diff --color -uNr a/heartbeat/gcp-vpc-move-vip.in b/heartbeat/gcp-vpc-move-vip.in
|
||||
--- a/heartbeat/gcp-vpc-move-vip.in 2022-06-16 09:45:21.420090788 +0200
|
||||
+++ b/heartbeat/gcp-vpc-move-vip.in 2022-06-16 10:11:22.979648603 +0200
|
||||
--- a/heartbeat/gcp-vpc-move-vip.in 2024-07-22 10:59:42.170483160 +0200
|
||||
+++ b/heartbeat/gcp-vpc-move-vip.in 2024-07-22 11:01:18.012752128 +0200
|
||||
@@ -29,6 +29,7 @@
|
||||
from ocf import *
|
||||
|
||||
|
75
SOURCES/RHEL-15302-1-exportfs-make-fsid-optional.patch
Normal file
75
SOURCES/RHEL-15302-1-exportfs-make-fsid-optional.patch
Normal file
@ -0,0 +1,75 @@
|
||||
From b806487ca758fce838c988767556007ecf66a6e3 Mon Sep 17 00:00:00 2001
|
||||
From: Roger Zhou <zzhou@suse.com>
|
||||
Date: Mon, 10 Apr 2023 18:08:56 +0800
|
||||
Subject: [PATCH] exportfs: make the "fsid=" parameter optional
|
||||
|
||||
Based on feedback [1] from the kernel developer @neilbrown regarding the
|
||||
NFS clustering use case, it has been determined that the fsid= parameter
|
||||
is now considered optional and safe to omit.
|
||||
|
||||
[1] https://bugzilla.suse.com/show_bug.cgi?id=1201271#c49
|
||||
"""
|
||||
Since some time in 2007 NFS has used the UUID of a filesystem as the
|
||||
primary identifier for that filesystem, rather than using the device
|
||||
number. So from that time there should have been reduced need for the
|
||||
"fsid=" option. Probably there are some filesystems that this didn't
|
||||
work for. btrfs has been problematic at time, particularly when subvols
|
||||
are exported. But for quite some years this has all "just worked" at
|
||||
least for the major filesystems (ext4 xfs btrfs). [...] I would suggest
|
||||
getting rid of the use of fsid= altogether. [...] I'm confident that it
|
||||
was no longer an issue in SLE-12 and similarly not in SLE-15.
|
||||
"""
|
||||
---
|
||||
heartbeat/exportfs | 12 +++++++-----
|
||||
1 file changed, 7 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/heartbeat/exportfs b/heartbeat/exportfs
|
||||
index 2307a9e67b..435a19646b 100755
|
||||
--- a/heartbeat/exportfs
|
||||
+++ b/heartbeat/exportfs
|
||||
@@ -82,7 +82,7 @@ The directory or directories to export.
|
||||
<content type="string" />
|
||||
</parameter>
|
||||
|
||||
-<parameter name="fsid" unique="0" required="1">
|
||||
+<parameter name="fsid" unique="0" required="0">
|
||||
<longdesc lang="en">
|
||||
The fsid option to pass to exportfs. This can be a unique positive
|
||||
integer, a UUID (assuredly sans comma characters), or the special string
|
||||
@@ -185,6 +185,8 @@ exportfs_methods() {
|
||||
|
||||
reset_fsid() {
|
||||
CURRENT_FSID=$OCF_RESKEY_fsid
|
||||
+ [ -z "$CURRENT_FSID" ] && CURRENT_FSID=`echo "$OCF_RESKEY_options" | sed -n 's/.*fsid=\([^,]*\).*/\1/p'`
|
||||
+ echo $CURRENT_FSID
|
||||
}
|
||||
bump_fsid() {
|
||||
CURRENT_FSID=$((CURRENT_FSID+1))
|
||||
@@ -322,7 +324,7 @@ export_one() {
|
||||
if echo "$opts" | grep fsid >/dev/null; then
|
||||
#replace fsid in options list
|
||||
opts=`echo "$opts" | sed "s,fsid=[^,]*,fsid=$(get_fsid),g"`
|
||||
- else
|
||||
+ elif [ -n "$OCF_RESKEY_fsid" ]; then
|
||||
#tack the fsid option onto our options list.
|
||||
opts="${opts}${sep}fsid=$(get_fsid)"
|
||||
fi
|
||||
@@ -448,8 +450,8 @@ exportfs_validate_all ()
|
||||
ocf_exit_reason "$OCF_RESKEY_fsid cannot contain a comma"
|
||||
return $OCF_ERR_CONFIGURED
|
||||
fi
|
||||
- if [ $NUMDIRS -gt 1 ] &&
|
||||
- ! ocf_is_decimal "$OCF_RESKEY_fsid"; then
|
||||
+ if [ $NUMDIRS -gt 1 ] && [ -n "$(reset_fsid)" ] &&
|
||||
+ ! ocf_is_decimal "$(reset_fsid)"; then
|
||||
ocf_exit_reason "use integer fsid when exporting multiple directories"
|
||||
return $OCF_ERR_CONFIGURED
|
||||
fi
|
||||
@@ -485,6 +487,6 @@ done
|
||||
OCF_RESKEY_directory="${directories%% }"
|
||||
|
||||
NUMDIRS=`echo "$OCF_RESKEY_directory" | wc -w`
|
||||
-OCF_REQUIRED_PARAMS="directory fsid clientspec"
|
||||
+OCF_REQUIRED_PARAMS="directory clientspec"
|
||||
OCF_REQUIRED_BINARIES="exportfs"
|
||||
ocf_rarun $*
|
@ -0,0 +1,43 @@
|
||||
From 1d1481aa6d848efab4d398ad6e74d80b5b32549f Mon Sep 17 00:00:00 2001
|
||||
From: Valentin Vidic <vvidic@debian.org>
|
||||
Date: Wed, 1 Nov 2023 18:25:45 +0100
|
||||
Subject: [PATCH] exportfs: remove test for "fsid=" parameter
|
||||
|
||||
fsid parameter is now considered optional.
|
||||
---
|
||||
tools/ocft/exportfs | 5 -----
|
||||
tools/ocft/exportfs-multidir | 5 -----
|
||||
2 files changed, 10 deletions(-)
|
||||
|
||||
diff --git a/tools/ocft/exportfs b/tools/ocft/exportfs
|
||||
index 285a4b8ea0..1ec3d4c364 100644
|
||||
--- a/tools/ocft/exportfs
|
||||
+++ b/tools/ocft/exportfs
|
||||
@@ -28,11 +28,6 @@ CASE "check base env"
|
||||
Include prepare
|
||||
AgentRun start OCF_SUCCESS
|
||||
|
||||
-CASE "check base env: no 'OCF_RESKEY_fsid'"
|
||||
- Include prepare
|
||||
- Env OCF_RESKEY_fsid=
|
||||
- AgentRun start OCF_ERR_CONFIGURED
|
||||
-
|
||||
CASE "check base env: invalid 'OCF_RESKEY_directory'"
|
||||
Include prepare
|
||||
Env OCF_RESKEY_directory=/no_such
|
||||
diff --git a/tools/ocft/exportfs-multidir b/tools/ocft/exportfs-multidir
|
||||
index 00e41f0859..ac6d5c7f6a 100644
|
||||
--- a/tools/ocft/exportfs-multidir
|
||||
+++ b/tools/ocft/exportfs-multidir
|
||||
@@ -28,11 +28,6 @@ CASE "check base env"
|
||||
Include prepare
|
||||
AgentRun start OCF_SUCCESS
|
||||
|
||||
-CASE "check base env: no 'OCF_RESKEY_fsid'"
|
||||
- Include prepare
|
||||
- Env OCF_RESKEY_fsid=
|
||||
- AgentRun start OCF_ERR_CONFIGURED
|
||||
-
|
||||
CASE "check base env: invalid 'OCF_RESKEY_directory'"
|
||||
Include prepare
|
||||
Env OCF_RESKEY_directory=/no_such
|
45
SOURCES/RHEL-15305-1-findif.sh-fix-loopback-handling.patch
Normal file
45
SOURCES/RHEL-15305-1-findif.sh-fix-loopback-handling.patch
Normal file
@ -0,0 +1,45 @@
|
||||
From e4f84ae185b6943d1ff461d53c7f1b5295783086 Mon Sep 17 00:00:00 2001
|
||||
From: Valentin Vidic <vvidic@valentin-vidic.from.hr>
|
||||
Date: Wed, 1 Nov 2023 19:35:21 +0100
|
||||
Subject: [PATCH] findif.sh: fix loopback handling
|
||||
|
||||
tools/ocft/IPaddr2 fails the loopback test because of the missing
|
||||
table local parameter:
|
||||
|
||||
$ ip -o -f inet route list match 127.0.0.3 scope host
|
||||
|
||||
$ ip -o -f inet route list match 127.0.0.3 table local scope host
|
||||
local 127.0.0.0/8 dev lo proto kernel src 127.0.0.1
|
||||
|
||||
Also rename the function because it is called only in for the special
|
||||
loopback address case.
|
||||
---
|
||||
heartbeat/findif.sh | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh
|
||||
index 5f1c19ec3..7c766e6e0 100644
|
||||
--- a/heartbeat/findif.sh
|
||||
+++ b/heartbeat/findif.sh
|
||||
@@ -29,10 +29,10 @@ prefixcheck() {
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
-getnetworkinfo()
|
||||
+getloopbackinfo()
|
||||
{
|
||||
local line netinfo
|
||||
- ip -o -f inet route list match $OCF_RESKEY_ip table "${OCF_RESKEY_table:=main}" scope host | (while read line;
|
||||
+ ip -o -f inet route list match $OCF_RESKEY_ip table local scope host | (while read line;
|
||||
do
|
||||
netinfo=`echo $line | awk '{print $2}'`
|
||||
case $netinfo in
|
||||
@@ -222,7 +222,7 @@ findif()
|
||||
if [ $# = 0 ] ; then
|
||||
case $OCF_RESKEY_ip in
|
||||
127.*)
|
||||
- set -- `getnetworkinfo`
|
||||
+ set -- `getloopbackinfo`
|
||||
shift;;
|
||||
esac
|
||||
fi
|
@ -0,0 +1,20 @@
|
||||
--- a/heartbeat/findif.sh 2024-02-08 11:31:53.414257686 +0100
|
||||
+++ b/heartbeat/findif.sh 2023-11-02 10:20:12.150853167 +0100
|
||||
@@ -210,14 +210,14 @@
|
||||
fi
|
||||
findif_check_params $family || return $?
|
||||
|
||||
- if [ -n "$netmask" ] ; then
|
||||
+ if [ -n "$netmask" ]; then
|
||||
match=$match/$netmask
|
||||
fi
|
||||
if [ -n "$nic" ] ; then
|
||||
# NIC supports more than two.
|
||||
- set -- $(ip -o -f $family route list match $match $scope table "${OCF_RESKEY_table:=main}" | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
|
||||
+ set -- $(ip -o -f $family route list match $match $scope | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
|
||||
else
|
||||
- set -- $(ip -o -f $family route list match $match $scope table "${OCF_RESKEY_table:=main}" | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
|
||||
+ set -- $(ip -o -f $family route list match $match $scope | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
|
||||
fi
|
||||
if [ $# = 0 ] ; then
|
||||
case $OCF_RESKEY_ip in
|
@ -0,0 +1,555 @@
|
||||
From f45f76600a7e02c860566db7d1350dc3b09449c2 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Mon, 6 Nov 2023 15:49:44 +0100
|
||||
Subject: [PATCH] aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type
|
||||
parameter and AWS Policy based authentication type
|
||||
|
||||
---
|
||||
heartbeat/aws-vpc-move-ip | 43 +++++++++++++++++++----
|
||||
heartbeat/aws-vpc-route53.in | 47 ++++++++++++++++++++-----
|
||||
heartbeat/awseip | 68 +++++++++++++++++++++++++++---------
|
||||
heartbeat/awsvip | 60 ++++++++++++++++++++++++-------
|
||||
4 files changed, 173 insertions(+), 45 deletions(-)
|
||||
|
||||
diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
|
||||
index dee040300f..54806f6eaa 100755
|
||||
--- a/heartbeat/aws-vpc-move-ip
|
||||
+++ b/heartbeat/aws-vpc-move-ip
|
||||
@@ -36,6 +36,7 @@
|
||||
|
||||
# Defaults
|
||||
OCF_RESKEY_awscli_default="/usr/bin/aws"
|
||||
+OCF_RESKEY_auth_type_default="key"
|
||||
OCF_RESKEY_profile_default="default"
|
||||
OCF_RESKEY_region_default=""
|
||||
OCF_RESKEY_ip_default=""
|
||||
@@ -48,6 +49,7 @@ OCF_RESKEY_monapi_default="false"
|
||||
OCF_RESKEY_lookup_type_default="InstanceId"
|
||||
|
||||
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
|
||||
+: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
|
||||
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
|
||||
: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
|
||||
: ${OCF_RESKEY_ip=${OCF_RESKEY_ip_default}}
|
||||
@@ -58,8 +60,6 @@ OCF_RESKEY_lookup_type_default="InstanceId"
|
||||
: ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}}
|
||||
: ${OCF_RESKEY_monapi=${OCF_RESKEY_monapi_default}}
|
||||
: ${OCF_RESKEY_lookup_type=${OCF_RESKEY_lookup_type_default}}
|
||||
-
|
||||
-[ -n "$OCF_RESKEY_region" ] && region_opt="--region $OCF_RESKEY_region"
|
||||
#######################################################################
|
||||
|
||||
|
||||
@@ -83,6 +83,10 @@ cat <<END
|
||||
<longdesc lang="en">
|
||||
Resource Agent to move IP addresses within a VPC of the Amazon Webservices EC2
|
||||
by changing an entry in an specific routing table
|
||||
+
|
||||
+Credentials needs to be setup by running "aws configure", or by using AWS Policies.
|
||||
+
|
||||
+See https://aws.amazon.com/cli/ for more information about awscli.
|
||||
</longdesc>
|
||||
<shortdesc lang="en">Move IP within a VPC of the AWS EC2</shortdesc>
|
||||
|
||||
@@ -95,6 +99,15 @@ Path to command line tools for AWS
|
||||
<content type="string" default="${OCF_RESKEY_awscli_default}" />
|
||||
</parameter>
|
||||
|
||||
+<parameter name="auth_type">
|
||||
+<longdesc lang="en">
|
||||
+Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure",
|
||||
+or "role" to use AWS Policies.
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">Authentication type</shortdesc>
|
||||
+<content type="string" default="${OCF_RESKEY_auth_type_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
<parameter name="profile">
|
||||
<longdesc lang="en">
|
||||
Valid AWS CLI profile name (see ~/.aws/config and 'aws configure')
|
||||
@@ -198,7 +211,7 @@ END
|
||||
execute_cmd_as_role(){
|
||||
cmd=$1
|
||||
role=$2
|
||||
- output="$($OCF_RESKEY_awscli sts assume-role --role-arn $role --role-session-name AWSCLI-RouteTableUpdate --profile $OCF_RESKEY_profile $region_opt --output=text)"
|
||||
+ output="$($AWSCLI_CMD sts assume-role --role-arn $role --role-session-name AWSCLI-RouteTableUpdate --output=text)"
|
||||
export AWS_ACCESS_KEY_ID="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $5}')"
|
||||
export AWS_SECRET_ACCESS_KEY="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $7}')"
|
||||
export AWS_SESSION_TOKEN="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $8}')"
|
||||
@@ -220,11 +233,11 @@ ec2ip_set_address_param_compat(){
|
||||
}
|
||||
|
||||
ec2ip_validate() {
|
||||
- for cmd in $OCF_RESKEY_awscli ip curl; do
|
||||
+ for cmd in "$OCF_RESKEY_awscli" ip curl; do
|
||||
check_binary "$cmd"
|
||||
done
|
||||
|
||||
- if [ -z "$OCF_RESKEY_profile" ]; then
|
||||
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
|
||||
ocf_exit_reason "profile parameter not set"
|
||||
return $OCF_ERR_CONFIGURED
|
||||
fi
|
||||
@@ -262,7 +275,7 @@ ec2ip_monitor() {
|
||||
for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do
|
||||
ocf_log info "monitor: check routing table (API call) - $rtb"
|
||||
if [ -z "${OCF_RESKEY_routing_table_role}" ]; then
|
||||
- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type"
|
||||
+ cmd="$AWSCLI_CMD --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type"
|
||||
ocf_log debug "executing command: $cmd"
|
||||
ROUTE_TO_INSTANCE="$($cmd)"
|
||||
else
|
||||
@@ -368,7 +381,7 @@ ec2ip_get_and_configure() {
|
||||
EC2_NETWORK_INTERFACE_ID="$(ec2ip_get_instance_eni)"
|
||||
for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do
|
||||
if [ -z "${OCF_RESKEY_routing_table_role}" ]; then
|
||||
- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID"
|
||||
+ cmd="$AWSCLI_CMD --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID"
|
||||
ocf_log debug "executing command: $cmd"
|
||||
$cmd
|
||||
else
|
||||
@@ -475,6 +488,22 @@ if ! ocf_is_root; then
|
||||
exit $OCF_ERR_PERM
|
||||
fi
|
||||
|
||||
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
|
||||
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
|
||||
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
|
||||
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
|
||||
+ if [ -z "${OCF_RESKEY_region}" ]; then
|
||||
+ ocf_exit_reason "region needs to be set when using role-based authentication"
|
||||
+ exit $OCF_ERR_CONFIGURED
|
||||
+ fi
|
||||
+else
|
||||
+ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}"
|
||||
+ exit $OCF_ERR_CONFIGURED
|
||||
+fi
|
||||
+if [ -n "${OCF_RESKEY_region}" ]; then
|
||||
+ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
|
||||
+fi
|
||||
+
|
||||
ec2ip_set_address_param_compat
|
||||
|
||||
ec2ip_validate
|
||||
diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in
|
||||
index 22cbb35833..18ab157e8a 100644
|
||||
--- a/heartbeat/aws-vpc-route53.in
|
||||
+++ b/heartbeat/aws-vpc-route53.in
|
||||
@@ -46,24 +46,22 @@
|
||||
|
||||
# Defaults
|
||||
OCF_RESKEY_awscli_default="/usr/bin/aws"
|
||||
+OCF_RESKEY_auth_type_default="key"
|
||||
OCF_RESKEY_profile_default="default"
|
||||
+OCF_RESKEY_region_default=""
|
||||
OCF_RESKEY_hostedzoneid_default=""
|
||||
OCF_RESKEY_fullname_default=""
|
||||
OCF_RESKEY_ip_default="local"
|
||||
OCF_RESKEY_ttl_default=10
|
||||
|
||||
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
|
||||
+: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
|
||||
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
|
||||
+: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
|
||||
: ${OCF_RESKEY_hostedzoneid:=${OCF_RESKEY_hostedzoneid_default}}
|
||||
: ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}}
|
||||
: ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}}
|
||||
: ${OCF_RESKEY_ttl:=${OCF_RESKEY_ttl_default}}
|
||||
-#######################################################################
|
||||
-
|
||||
-
|
||||
-AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10"
|
||||
-#######################################################################
|
||||
-
|
||||
|
||||
usage() {
|
||||
cat <<-EOT
|
||||
@@ -123,6 +121,15 @@ Path to command line tools for AWS
|
||||
<content type="string" default="${OCF_RESKEY_awscli_default}" />
|
||||
</parameter>
|
||||
|
||||
+<parameter name="auth_type">
|
||||
+<longdesc lang="en">
|
||||
+Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure",
|
||||
+or "role" to use AWS Policies.
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">Authentication type</shortdesc>
|
||||
+<content type="string" default="${OCF_RESKEY_auth_type_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
<parameter name="profile">
|
||||
<longdesc lang="en">
|
||||
The name of the AWS CLI profile of the root account. This
|
||||
@@ -196,7 +203,7 @@ r53_validate() {
|
||||
|
||||
# Check for required binaries
|
||||
ocf_log debug "Checking for required binaries"
|
||||
- for command in curl dig; do
|
||||
+ for command in "${OCF_RESKEY_awscli}" curl dig; do
|
||||
check_binary "$command"
|
||||
done
|
||||
|
||||
@@ -216,7 +223,10 @@ r53_validate() {
|
||||
esac
|
||||
|
||||
# profile
|
||||
- [[ -z "$OCF_RESKEY_profile" ]] && ocf_log error "AWS CLI profile not set $OCF_RESKEY_profile!" && exit $OCF_ERR_CONFIGURED
|
||||
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
|
||||
+ ocf_exit_reason "profile parameter not set"
|
||||
+ return $OCF_ERR_CONFIGURED
|
||||
+ fi
|
||||
|
||||
# TTL
|
||||
[[ -z "$OCF_RESKEY_ttl" ]] && ocf_log error "TTL not set $OCF_RESKEY_ttl!" && exit $OCF_ERR_CONFIGURED
|
||||
@@ -417,7 +427,6 @@ _update_record() {
|
||||
}
|
||||
|
||||
###############################################################################
|
||||
-
|
||||
case $__OCF_ACTION in
|
||||
usage|help)
|
||||
usage
|
||||
@@ -427,6 +436,26 @@ case $__OCF_ACTION in
|
||||
metadata
|
||||
exit $OCF_SUCCESS
|
||||
;;
|
||||
+esac
|
||||
+
|
||||
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
|
||||
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
|
||||
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
|
||||
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
|
||||
+ if [ -z "${OCF_RESKEY_region}" ]; then
|
||||
+ ocf_exit_reason "region needs to be set when using role-based authentication"
|
||||
+ exit $OCF_ERR_CONFIGURED
|
||||
+ fi
|
||||
+else
|
||||
+ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}"
|
||||
+ exit $OCF_ERR_CONFIGURED
|
||||
+fi
|
||||
+if [ -n "${OCF_RESKEY_region}" ]; then
|
||||
+ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
|
||||
+fi
|
||||
+AWSCLI_CMD="$AWSCLI_CMD --cli-connect-timeout 10"
|
||||
+
|
||||
+case $__OCF_ACTION in
|
||||
start)
|
||||
r53_validate || exit $?
|
||||
r53_start
|
||||
diff --git a/heartbeat/awseip b/heartbeat/awseip
|
||||
index dc48460c85..49b0ca6155 100755
|
||||
--- a/heartbeat/awseip
|
||||
+++ b/heartbeat/awseip
|
||||
@@ -23,7 +23,8 @@
|
||||
#
|
||||
# Prerequisites:
|
||||
#
|
||||
-# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.)
|
||||
+# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.) or
|
||||
+# (AWSRole) Setup up relevant AWS Policies to allow agent related functions to be executed.
|
||||
# - a reserved secondary private IP address for EC2 instances high availability
|
||||
# - IAM user role with the following permissions:
|
||||
# * DescribeInstances
|
||||
@@ -44,11 +45,15 @@
|
||||
# Defaults
|
||||
#
|
||||
OCF_RESKEY_awscli_default="/usr/bin/aws"
|
||||
+OCF_RESKEY_auth_type_default="key"
|
||||
OCF_RESKEY_profile_default="default"
|
||||
+OCF_RESKEY_region_default=""
|
||||
OCF_RESKEY_api_delay_default="3"
|
||||
|
||||
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
|
||||
+: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
|
||||
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
|
||||
+: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
|
||||
: ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
|
||||
|
||||
meta_data() {
|
||||
@@ -63,7 +68,7 @@ Resource Agent for Amazon AWS Elastic IP Addresses.
|
||||
|
||||
It manages AWS Elastic IP Addresses with awscli.
|
||||
|
||||
-Credentials needs to be setup by running "aws configure".
|
||||
+Credentials needs to be setup by running "aws configure", or by using AWS Policies.
|
||||
|
||||
See https://aws.amazon.com/cli/ for more information about awscli.
|
||||
</longdesc>
|
||||
@@ -79,6 +84,15 @@ command line tools for aws services
|
||||
<content type="string" default="${OCF_RESKEY_awscli_default}" />
|
||||
</parameter>
|
||||
|
||||
+<parameter name="auth_type">
|
||||
+<longdesc lang="en">
|
||||
+Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure",
|
||||
+or "role" to use AWS Policies.
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">Authentication type</shortdesc>
|
||||
+<content type="string" default="${OCF_RESKEY_auth_type_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
<parameter name="profile">
|
||||
<longdesc lang="en">
|
||||
Valid AWS CLI profile name (see ~/.aws/config and 'aws configure')
|
||||
@@ -111,6 +125,14 @@ predefined private ip address for ec2 instance
|
||||
<content type="string" default="" />
|
||||
</parameter>
|
||||
|
||||
+<parameter name="region" required="0">
|
||||
+<longdesc lang="en">
|
||||
+Region for AWS resource (required for role-based authentication)
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">Region</shortdesc>
|
||||
+<content type="string" default="${OCF_RESKEY_region_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
<parameter name="api_delay" unique="0">
|
||||
<longdesc lang="en">
|
||||
a short delay between API calls, to avoid sending API too quick
|
||||
@@ -157,13 +179,13 @@ awseip_start() {
|
||||
NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
fi
|
||||
done
|
||||
- $AWSCLI --profile $OCF_RESKEY_profile ec2 associate-address \
|
||||
+ $AWSCLI_CMD ec2 associate-address \
|
||||
--network-interface-id ${NETWORK_ID} \
|
||||
--allocation-id ${ALLOCATION_ID} \
|
||||
--private-ip-address ${PRIVATE_IP_ADDRESS}
|
||||
RET=$?
|
||||
else
|
||||
- $AWSCLI --profile $OCF_RESKEY_profile ec2 associate-address \
|
||||
+ $AWSCLI_CMD ec2 associate-address \
|
||||
--instance-id ${INSTANCE_ID} \
|
||||
--allocation-id ${ALLOCATION_ID}
|
||||
RET=$?
|
||||
@@ -183,7 +205,7 @@ awseip_start() {
|
||||
awseip_stop() {
|
||||
awseip_monitor || return $OCF_SUCCESS
|
||||
|
||||
- ASSOCIATION_ID=$($AWSCLI --profile $OCF_RESKEY_profile --output json ec2 describe-addresses \
|
||||
+ ASSOCIATION_ID=$($AWSCLI_CMD --output json ec2 describe-addresses \
|
||||
--allocation-id ${ALLOCATION_ID} | grep -m 1 "AssociationId" | awk -F'"' '{print$4}')
|
||||
|
||||
if [ -z "${ASSOCIATION_ID}" ]; then
|
||||
@@ -191,9 +213,7 @@ awseip_stop() {
|
||||
return $OCF_NOT_RUNNING
|
||||
fi
|
||||
|
||||
- $AWSCLI --profile ${OCF_RESKEY_profile} \
|
||||
- ec2 disassociate-address \
|
||||
- --association-id ${ASSOCIATION_ID}
|
||||
+ $AWSCLI_CMD ec2 disassociate-address --association-id ${ASSOCIATION_ID}
|
||||
RET=$?
|
||||
|
||||
# delay to avoid sending request too fast
|
||||
@@ -208,7 +228,7 @@ awseip_stop() {
|
||||
}
|
||||
|
||||
awseip_monitor() {
|
||||
- $AWSCLI --profile $OCF_RESKEY_profile ec2 describe-instances --instance-id "${INSTANCE_ID}" | grep -q "${ELASTIC_IP}"
|
||||
+ $AWSCLI_CMD ec2 describe-instances --instance-id "${INSTANCE_ID}" | grep -q "${ELASTIC_IP}"
|
||||
RET=$?
|
||||
|
||||
if [ $RET -ne 0 ]; then
|
||||
@@ -218,9 +238,9 @@ awseip_monitor() {
|
||||
}
|
||||
|
||||
awseip_validate() {
|
||||
- check_binary ${AWSCLI}
|
||||
+ check_binary "${OCF_RESKEY_awscli}"
|
||||
|
||||
- if [ -z "$OCF_RESKEY_profile" ]; then
|
||||
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
|
||||
ocf_exit_reason "profile parameter not set"
|
||||
return $OCF_ERR_CONFIGURED
|
||||
fi
|
||||
@@ -238,9 +258,27 @@ case $__OCF_ACTION in
|
||||
meta_data
|
||||
exit $OCF_SUCCESS
|
||||
;;
|
||||
-esac
|
||||
+ usage|help)
|
||||
+ awseip_usage
|
||||
+ exit $OCF_SUCCESS
|
||||
+ ;;
|
||||
+esac
|
||||
|
||||
-AWSCLI="${OCF_RESKEY_awscli}"
|
||||
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
|
||||
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
|
||||
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
|
||||
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
|
||||
+ if [ -z "${OCF_RESKEY_region}" ]; then
|
||||
+ ocf_exit_reason "region needs to be set when using role-based authentication"
|
||||
+ exit $OCF_ERR_CONFIGURED
|
||||
+ fi
|
||||
+else
|
||||
+ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}"
|
||||
+ exit $OCF_ERR_CONFIGURED
|
||||
+fi
|
||||
+if [ -n "${OCF_RESKEY_region}" ]; then
|
||||
+ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
|
||||
+fi
|
||||
ELASTIC_IP="${OCF_RESKEY_elastic_ip}"
|
||||
ALLOCATION_ID="${OCF_RESKEY_allocation_id}"
|
||||
PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}"
|
||||
@@ -272,10 +310,6 @@ case $__OCF_ACTION in
|
||||
validate|validate-all)
|
||||
awseip_validate
|
||||
;;
|
||||
- usage|help)
|
||||
- awseip_usage
|
||||
- exit $OCF_SUCCESS
|
||||
- ;;
|
||||
*)
|
||||
awseip_usage
|
||||
exit $OCF_ERR_UNIMPLEMENTED
|
||||
diff --git a/heartbeat/awsvip b/heartbeat/awsvip
|
||||
index 037278e296..bdb4d68dd0 100755
|
||||
--- a/heartbeat/awsvip
|
||||
+++ b/heartbeat/awsvip
|
||||
@@ -23,7 +23,8 @@
|
||||
#
|
||||
# Prerequisites:
|
||||
#
|
||||
-# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.)
|
||||
+# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.) or
|
||||
+# (AWSRole) Setup up relevant AWS Policies to allow agent related functions to be executed.
|
||||
# - a reserved secondary private IP address for EC2 instances high availablity
|
||||
# - IAM user role with the following permissions:
|
||||
# * DescribeInstances
|
||||
@@ -43,11 +44,15 @@
|
||||
# Defaults
|
||||
#
|
||||
OCF_RESKEY_awscli_default="/usr/bin/aws"
|
||||
+OCF_RESKEY_auth_type_default="key"
|
||||
OCF_RESKEY_profile_default="default"
|
||||
+OCF_RESKEY_region_default=""
|
||||
OCF_RESKEY_api_delay_default="3"
|
||||
|
||||
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
|
||||
+: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
|
||||
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
|
||||
+: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
|
||||
: ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
|
||||
|
||||
meta_data() {
|
||||
@@ -62,7 +67,7 @@ Resource Agent for Amazon AWS Secondary Private IP Addresses.
|
||||
|
||||
It manages AWS Secondary Private IP Addresses with awscli.
|
||||
|
||||
-Credentials needs to be setup by running "aws configure".
|
||||
+Credentials needs to be setup by running "aws configure", or by using AWS Policies.
|
||||
|
||||
See https://aws.amazon.com/cli/ for more information about awscli.
|
||||
</longdesc>
|
||||
@@ -78,6 +83,15 @@ command line tools for aws services
|
||||
<content type="string" default="${OCF_RESKEY_awscli_default}" />
|
||||
</parameter>
|
||||
|
||||
+<parameter name="auth_type">
|
||||
+<longdesc lang="en">
|
||||
+Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure",
|
||||
+or "role" to use AWS Policies.
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">Authentication type</shortdesc>
|
||||
+<content type="string" default="${OCF_RESKEY_auth_type_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
<parameter name="profile">
|
||||
<longdesc lang="en">
|
||||
Valid AWS CLI profile name (see ~/.aws/config and 'aws configure')
|
||||
@@ -94,6 +108,14 @@ reserved secondary private ip for ec2 instance
|
||||
<content type="string" default="" />
|
||||
</parameter>
|
||||
|
||||
+<parameter name="region" required="0">
|
||||
+<longdesc lang="en">
|
||||
+Region for AWS resource (required for role-based authentication)
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">Region</shortdesc>
|
||||
+<content type="string" default="${OCF_RESKEY_region_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
<parameter name="api_delay" unique="0">
|
||||
<longdesc lang="en">
|
||||
a short delay between API calls, to avoid sending API too quick
|
||||
@@ -131,7 +153,7 @@ END
|
||||
awsvip_start() {
|
||||
awsvip_monitor && return $OCF_SUCCESS
|
||||
|
||||
- $AWSCLI --profile $OCF_RESKEY_profile ec2 assign-private-ip-addresses \
|
||||
+ $AWSCLI_CMD ec2 assign-private-ip-addresses \
|
||||
--network-interface-id ${NETWORK_ID} \
|
||||
--private-ip-addresses ${SECONDARY_PRIVATE_IP} \
|
||||
--allow-reassignment
|
||||
@@ -151,7 +173,7 @@ awsvip_start() {
|
||||
awsvip_stop() {
|
||||
awsvip_monitor || return $OCF_SUCCESS
|
||||
|
||||
- $AWSCLI --profile $OCF_RESKEY_profile ec2 unassign-private-ip-addresses \
|
||||
+ $AWSCLI_CMD ec2 unassign-private-ip-addresses \
|
||||
--network-interface-id ${NETWORK_ID} \
|
||||
--private-ip-addresses ${SECONDARY_PRIVATE_IP}
|
||||
RET=$?
|
||||
@@ -168,7 +190,7 @@ awsvip_stop() {
|
||||
}
|
||||
|
||||
awsvip_monitor() {
|
||||
- $AWSCLI --profile ${OCF_RESKEY_profile} ec2 describe-instances \
|
||||
+ $AWSCLI_CMD ec2 describe-instances \
|
||||
--instance-id "${INSTANCE_ID}" \
|
||||
--query 'Reservations[].Instances[].NetworkInterfaces[].PrivateIpAddresses[].PrivateIpAddress[]' \
|
||||
--output text | \
|
||||
@@ -182,9 +204,9 @@ awsvip_monitor() {
|
||||
}
|
||||
|
||||
awsvip_validate() {
|
||||
- check_binary ${AWSCLI}
|
||||
+ check_binary "${OCF_RESKEY_awscli}"
|
||||
|
||||
- if [ -z "$OCF_RESKEY_profile" ]; then
|
||||
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
|
||||
ocf_exit_reason "profile parameter not set"
|
||||
return $OCF_ERR_CONFIGURED
|
||||
fi
|
||||
@@ -202,9 +224,27 @@ case $__OCF_ACTION in
|
||||
meta_data
|
||||
exit $OCF_SUCCESS
|
||||
;;
|
||||
+ usage|help)
|
||||
+ awsvip_usage
|
||||
+ exit $OCF_SUCCESS
|
||||
+ ;;
|
||||
esac
|
||||
|
||||
-AWSCLI="${OCF_RESKEY_awscli}"
|
||||
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
|
||||
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
|
||||
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
|
||||
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
|
||||
+ if [ -z "${OCF_RESKEY_region}" ]; then
|
||||
+ ocf_exit_reason "region needs to be set when using role-based authentication"
|
||||
+ exit $OCF_ERR_CONFIGURED
|
||||
+ fi
|
||||
+else
|
||||
+ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}"
|
||||
+ exit $OCF_ERR_CONFIGURED
|
||||
+fi
|
||||
+if [ -n "${OCF_RESKEY_region}" ]; then
|
||||
+ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
|
||||
+fi
|
||||
SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}"
|
||||
TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
@@ -236,10 +276,6 @@ case $__OCF_ACTION in
|
||||
validate|validate-all)
|
||||
awsvip_validate
|
||||
;;
|
||||
- usage|help)
|
||||
- awsvip_usage
|
||||
- exit $OCF_SUCCESS
|
||||
- ;;
|
||||
*)
|
||||
awsvip_usage
|
||||
exit $OCF_ERR_UNIMPLEMENTED
|
22
SOURCES/RHEL-17083-findif-EOS-fix.patch
Normal file
22
SOURCES/RHEL-17083-findif-EOS-fix.patch
Normal file
@ -0,0 +1,22 @@
|
||||
From b23ba4eaefb500199c4845751f4c5545c81f42f1 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Mon, 20 Nov 2023 16:37:37 +0100
|
||||
Subject: [PATCH 2/2] findif: also check that netmaskbits != EOS
|
||||
|
||||
---
|
||||
tools/findif.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tools/findif.c b/tools/findif.c
|
||||
index a25395fec..ab108a3c4 100644
|
||||
--- a/tools/findif.c
|
||||
+++ b/tools/findif.c
|
||||
@@ -669,7 +669,7 @@ main(int argc, char ** argv) {
|
||||
}
|
||||
}
|
||||
|
||||
- if (netmaskbits) {
|
||||
+ if (netmaskbits != NULL && *netmaskbits != EOS) {
|
||||
best_netmask = netmask;
|
||||
}else if (best_netmask == 0L) {
|
||||
/*
|
23
SOURCES/RHEL-32828-db2-fix-OCF_SUCESS-typo.patch
Normal file
23
SOURCES/RHEL-32828-db2-fix-OCF_SUCESS-typo.patch
Normal file
@ -0,0 +1,23 @@
|
||||
From a9c4aeb971e9f4963345d0e215b729def62dd27c Mon Sep 17 00:00:00 2001
|
||||
From: pepadelic <162310096+pepadelic@users.noreply.github.com>
|
||||
Date: Mon, 15 Apr 2024 13:52:54 +0200
|
||||
Subject: [PATCH] Update db2: fix OCF_SUCESS name in db2_notify
|
||||
|
||||
fix OCF_SUCESS to OCF_SUCCESS in db2_notify
|
||||
---
|
||||
heartbeat/db2 | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/heartbeat/db2 b/heartbeat/db2
|
||||
index 95447ab6cb..1cd66f15af 100755
|
||||
--- a/heartbeat/db2
|
||||
+++ b/heartbeat/db2
|
||||
@@ -848,7 +848,7 @@ db2_notify() {
|
||||
|
||||
# only interested in pre-start
|
||||
[ $OCF_RESKEY_CRM_meta_notify_type = pre \
|
||||
- -a $OCF_RESKEY_CRM_meta_notify_operation = start ] || return $OCF_SUCESS
|
||||
+ -a $OCF_RESKEY_CRM_meta_notify_operation = start ] || return $OCF_SUCCESS
|
||||
|
||||
# gets FIRST_ACTIVE_LOG
|
||||
db2_get_cfg $dblist || return $?
|
343
SOURCES/RHEL-34137-aws-agents-use-curl_retry.patch
Normal file
343
SOURCES/RHEL-34137-aws-agents-use-curl_retry.patch
Normal file
@ -0,0 +1,343 @@
|
||||
From fc0657b936f6a58f741e33f851b22f82bc68bffa Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Tue, 6 Feb 2024 13:28:12 +0100
|
||||
Subject: [PATCH 1/2] ocf-shellfuncs: add curl_retry()
|
||||
|
||||
---
|
||||
heartbeat/ocf-shellfuncs.in | 34 ++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 34 insertions(+)
|
||||
|
||||
diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in
|
||||
index c5edb6f57..a69a9743d 100644
|
||||
--- a/heartbeat/ocf-shellfuncs.in
|
||||
+++ b/heartbeat/ocf-shellfuncs.in
|
||||
@@ -672,6 +672,40 @@ EOF
|
||||
systemctl daemon-reload
|
||||
}
|
||||
|
||||
+# usage: curl_retry RETRIES SLEEP ARGS URL
|
||||
+#
|
||||
+# Use --show-error in ARGS to log HTTP error code
|
||||
+#
|
||||
+# returns:
|
||||
+# 0 success
|
||||
+# exit:
|
||||
+# 1 fail
|
||||
+curl_retry()
|
||||
+{
|
||||
+ local retries=$1 sleep=$2 opts=$3 url=$4
|
||||
+ local tries=$(($retries + 1))
|
||||
+ local args="--fail $opts $url"
|
||||
+ local result rc
|
||||
+
|
||||
+ for try in $(seq $tries); do
|
||||
+ ocf_log debug "curl $args try $try of $tries"
|
||||
+ result=$(echo "$args" | xargs curl 2>&1)
|
||||
+ rc=$?
|
||||
+
|
||||
+ ocf_log debug "result: $result"
|
||||
+ [ $rc -eq 0 ] && break
|
||||
+ sleep $sleep
|
||||
+ done
|
||||
+
|
||||
+ if [ $rc -ne 0 ]; then
|
||||
+ ocf_exit_reason "curl $args failed $tries tries"
|
||||
+ exit $OCF_ERR_GENERIC
|
||||
+ fi
|
||||
+
|
||||
+ echo "$result"
|
||||
+ return $rc
|
||||
+}
|
||||
+
|
||||
# usage: crm_mon_no_validation args...
|
||||
# run crm_mon without any cib schema validation
|
||||
# This is useful when an agent runs in a bundle to avoid potential
|
||||
|
||||
From 80d330557319bdae9e45aad1279e435fc481d4e7 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Tue, 6 Feb 2024 13:28:25 +0100
|
||||
Subject: [PATCH 2/2] AWS agents: use curl_retry()
|
||||
|
||||
---
|
||||
heartbeat/aws-vpc-move-ip | 35 ++++++++++++++++++++++++++---------
|
||||
heartbeat/aws-vpc-route53.in | 27 +++++++++++++++++++++++++--
|
||||
heartbeat/awseip | 36 +++++++++++++++++++++++++++++++-----
|
||||
heartbeat/awsvip | 32 ++++++++++++++++++++++++++++----
|
||||
4 files changed, 110 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
|
||||
index 54806f6ea..6115e5ba8 100755
|
||||
--- a/heartbeat/aws-vpc-move-ip
|
||||
+++ b/heartbeat/aws-vpc-move-ip
|
||||
@@ -47,6 +47,8 @@ OCF_RESKEY_interface_default="eth0"
|
||||
OCF_RESKEY_iflabel_default=""
|
||||
OCF_RESKEY_monapi_default="false"
|
||||
OCF_RESKEY_lookup_type_default="InstanceId"
|
||||
+OCF_RESKEY_curl_retries_default="3"
|
||||
+OCF_RESKEY_curl_sleep_default="1"
|
||||
|
||||
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
|
||||
: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
|
||||
@@ -60,6 +62,8 @@ OCF_RESKEY_lookup_type_default="InstanceId"
|
||||
: ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}}
|
||||
: ${OCF_RESKEY_monapi=${OCF_RESKEY_monapi_default}}
|
||||
: ${OCF_RESKEY_lookup_type=${OCF_RESKEY_lookup_type_default}}
|
||||
+: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
|
||||
+: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
|
||||
#######################################################################
|
||||
|
||||
|
||||
@@ -194,6 +198,22 @@ Name of resource type to lookup in route table.
|
||||
<content type="string" default="${OCF_RESKEY_lookup_type_default}" />
|
||||
</parameter>
|
||||
|
||||
+<parameter name="curl_retries" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl retries before failing
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl retries</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_retries_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
+<parameter name="curl_sleep" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl sleep between tries
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl sleep</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_sleep_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
</parameters>
|
||||
|
||||
<actions>
|
||||
@@ -250,8 +270,10 @@ ec2ip_validate() {
|
||||
fi
|
||||
fi
|
||||
|
||||
- TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||
- EC2_INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
+ TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
|
||||
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+ EC2_INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
|
||||
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
|
||||
if [ -z "${EC2_INSTANCE_ID}" ]; then
|
||||
ocf_exit_reason "Instance ID not found. Is this a EC2 instance?"
|
||||
@@ -365,14 +387,9 @@ ec2ip_get_instance_eni() {
|
||||
fi
|
||||
ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}"
|
||||
|
||||
- cmd="curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id -H \"X-aws-ec2-metadata-token: $TOKEN\""
|
||||
- ocf_log debug "executing command: $cmd"
|
||||
+ cmd="curl_retry \"$OCF_RESKEY_curl_retries\" \"$OCF_RESKEY_curl_sleep\" \"--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'\" \"http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id\""
|
||||
EC2_NETWORK_INTERFACE_ID="$(eval $cmd)"
|
||||
- rc=$?
|
||||
- if [ $rc != 0 ]; then
|
||||
- ocf_log warn "command failed, rc: $rc"
|
||||
- return $OCF_ERR_GENERIC
|
||||
- fi
|
||||
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
ocf_log debug "network interface id associated MAC address ${MAC_ADDR}: ${EC2_NETWORK_INTERFACE_ID}"
|
||||
echo $EC2_NETWORK_INTERFACE_ID
|
||||
}
|
||||
diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in
|
||||
index 18ab157e8..eba2ed95c 100644
|
||||
--- a/heartbeat/aws-vpc-route53.in
|
||||
+++ b/heartbeat/aws-vpc-route53.in
|
||||
@@ -53,6 +53,8 @@ OCF_RESKEY_hostedzoneid_default=""
|
||||
OCF_RESKEY_fullname_default=""
|
||||
OCF_RESKEY_ip_default="local"
|
||||
OCF_RESKEY_ttl_default=10
|
||||
+OCF_RESKEY_curl_retries_default="3"
|
||||
+OCF_RESKEY_curl_sleep_default="1"
|
||||
|
||||
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
|
||||
: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
|
||||
@@ -62,6 +64,8 @@ OCF_RESKEY_ttl_default=10
|
||||
: ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}}
|
||||
: ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}}
|
||||
: ${OCF_RESKEY_ttl:=${OCF_RESKEY_ttl_default}}
|
||||
+: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
|
||||
+: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
|
||||
|
||||
usage() {
|
||||
cat <<-EOT
|
||||
@@ -185,6 +189,22 @@ Time to live for Route53 ARECORD
|
||||
<shortdesc lang="en">ARECORD TTL</shortdesc>
|
||||
<content type="string" default="${OCF_RESKEY_ttl_default}" />
|
||||
</parameter>
|
||||
+
|
||||
+<parameter name="curl_retries" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl retries before failing
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl retries</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_retries_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
+<parameter name="curl_sleep" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl sleep between tries
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl sleep</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_sleep_default}" />
|
||||
+</parameter>
|
||||
</parameters>
|
||||
|
||||
<actions>
|
||||
@@ -357,8 +377,11 @@ r53_monitor() {
|
||||
_get_ip() {
|
||||
case $OCF_RESKEY_ip in
|
||||
local|public)
|
||||
- TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||
- IPADDRESS=$(curl -s http://169.254.169.254/latest/meta-data/${OCF_RESKEY_ip}-ipv4 -H "X-aws-ec2-metadata-token: $TOKEN");;
|
||||
+ TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
|
||||
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+ IPADDRESS=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/${OCF_RESKEY_ip}-ipv4")
|
||||
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+ ;;
|
||||
*.*.*.*)
|
||||
IPADDRESS="${OCF_RESKEY_ip}";;
|
||||
esac
|
||||
diff --git a/heartbeat/awseip b/heartbeat/awseip
|
||||
index 49b0ca615..ffb6223a1 100755
|
||||
--- a/heartbeat/awseip
|
||||
+++ b/heartbeat/awseip
|
||||
@@ -49,12 +49,16 @@ OCF_RESKEY_auth_type_default="key"
|
||||
OCF_RESKEY_profile_default="default"
|
||||
OCF_RESKEY_region_default=""
|
||||
OCF_RESKEY_api_delay_default="3"
|
||||
+OCF_RESKEY_curl_retries_default="3"
|
||||
+OCF_RESKEY_curl_sleep_default="1"
|
||||
|
||||
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
|
||||
: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
|
||||
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
|
||||
: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
|
||||
: ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
|
||||
+: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
|
||||
+: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
|
||||
|
||||
meta_data() {
|
||||
cat <<END
|
||||
@@ -141,6 +145,22 @@ a short delay between API calls, to avoid sending API too quick
|
||||
<content type="integer" default="${OCF_RESKEY_api_delay_default}" />
|
||||
</parameter>
|
||||
|
||||
+<parameter name="curl_retries" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl retries before failing
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl retries</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_retries_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
+<parameter name="curl_sleep" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl sleep between tries
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl sleep</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_sleep_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
</parameters>
|
||||
|
||||
<actions>
|
||||
@@ -171,14 +191,18 @@ awseip_start() {
|
||||
awseip_monitor && return $OCF_SUCCESS
|
||||
|
||||
if [ -n "${PRIVATE_IP_ADDRESS}" ]; then
|
||||
- NETWORK_INTERFACES_MACS=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/ -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
+ NETWORK_INTERFACES_MACS=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "-s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/network/interfaces/macs/")
|
||||
for MAC in ${NETWORK_INTERFACES_MACS}; do
|
||||
- curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/local-ipv4s -H "X-aws-ec2-metadata-token: $TOKEN" |
|
||||
+ curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "-s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC%/*}/local-ipv4s" |
|
||||
grep -q "^${PRIVATE_IP_ADDRESS}$"
|
||||
if [ $? -eq 0 ]; then
|
||||
- NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
+ NETWORK_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "-s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC%/*}/interface-id")
|
||||
fi
|
||||
done
|
||||
+ if [ -z "$NETWORK_ID" ]; then
|
||||
+ ocf_exit_reason "Could not find network interface for private_ip_address: $PRIVATE_IP_ADDRESS"
|
||||
+ exit $OCF_ERR_GENERIC
|
||||
+ fi
|
||||
$AWSCLI_CMD ec2 associate-address \
|
||||
--network-interface-id ${NETWORK_ID} \
|
||||
--allocation-id ${ALLOCATION_ID} \
|
||||
@@ -282,8 +306,10 @@ fi
|
||||
ELASTIC_IP="${OCF_RESKEY_elastic_ip}"
|
||||
ALLOCATION_ID="${OCF_RESKEY_allocation_id}"
|
||||
PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}"
|
||||
-TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||
-INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
+TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
|
||||
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
|
||||
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
|
||||
case $__OCF_ACTION in
|
||||
start)
|
||||
diff --git a/heartbeat/awsvip b/heartbeat/awsvip
|
||||
index bdb4d68dd..f2b238a0f 100755
|
||||
--- a/heartbeat/awsvip
|
||||
+++ b/heartbeat/awsvip
|
||||
@@ -48,12 +48,16 @@ OCF_RESKEY_auth_type_default="key"
|
||||
OCF_RESKEY_profile_default="default"
|
||||
OCF_RESKEY_region_default=""
|
||||
OCF_RESKEY_api_delay_default="3"
|
||||
+OCF_RESKEY_curl_retries_default="3"
|
||||
+OCF_RESKEY_curl_sleep_default="1"
|
||||
|
||||
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
|
||||
: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
|
||||
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
|
||||
: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
|
||||
: ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
|
||||
+: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
|
||||
+: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
|
||||
|
||||
meta_data() {
|
||||
cat <<END
|
||||
@@ -124,6 +128,22 @@ a short delay between API calls, to avoid sending API too quick
|
||||
<content type="integer" default="${OCF_RESKEY_api_delay_default}" />
|
||||
</parameter>
|
||||
|
||||
+<parameter name="curl_retries" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl retries before failing
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl retries</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_retries_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
+<parameter name="curl_sleep" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl sleep between tries
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl sleep</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_sleep_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
</parameters>
|
||||
|
||||
<actions>
|
||||
@@ -246,10 +266,14 @@ if [ -n "${OCF_RESKEY_region}" ]; then
|
||||
AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
|
||||
fi
|
||||
SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}"
|
||||
-TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||
-INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
-MAC_ADDRESS=$(curl -s http://169.254.169.254/latest/meta-data/mac -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
-NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDRESS}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
+TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
|
||||
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
|
||||
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+MAC_ADDRESS=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/mac")
|
||||
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+NETWORK_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDRESS}/interface-id")
|
||||
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
|
||||
case $__OCF_ACTION in
|
||||
start)
|
@ -0,0 +1,48 @@
|
||||
From accff72ecc2f6cf5a76d9570198a93ac7c90270e Mon Sep 17 00:00:00 2001
|
||||
From: Quentin Pradet <quentin.pradet@gmail.com>
|
||||
Date: Mon, 17 Jun 2024 11:09:06 +0400
|
||||
Subject: [PATCH] Merge pull request from GHSA-34jh-p97f-mpxf
|
||||
|
||||
* Strip Proxy-Authorization header on redirects
|
||||
|
||||
* Fix test_retry_default_remove_headers_on_redirect
|
||||
|
||||
* Set release date
|
||||
---
|
||||
CHANGES.rst | 5 +++++
|
||||
src/urllib3/util/retry.py | 4 +++-
|
||||
test/test_retry.py | 6 ++++-
|
||||
test/with_dummyserver/test_poolmanager.py | 27 ++++++++++++++++++++---
|
||||
4 files changed, 37 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py b/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py
|
||||
index 7a76a4a6ad..0456cceba4 100644
|
||||
--- a/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py
|
||||
+++ b/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py
|
||||
@@ -189,7 +189,9 @@ class Retry:
|
||||
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
||||
|
||||
#: Default headers to be used for ``remove_headers_on_redirect``
|
||||
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
||||
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
|
||||
+ ["Cookie", "Authorization", "Proxy-Authorization"]
|
||||
+ )
|
||||
|
||||
#: Default maximum backoff time.
|
||||
DEFAULT_BACKOFF_MAX = 120
|
||||
|
||||
diff --git a/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py b/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py
|
||||
index 7a76a4a6ad..0456cceba4 100644
|
||||
--- a/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py
|
||||
+++ b/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py
|
||||
@@ -189,7 +189,9 @@ class Retry:
|
||||
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
||||
|
||||
#: Default headers to be used for ``remove_headers_on_redirect``
|
||||
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
||||
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
|
||||
+ ["Cookie", "Authorization", "Proxy-Authorization"]
|
||||
+ )
|
||||
|
||||
#: Default maximum backoff time.
|
||||
DEFAULT_BACKOFF_MAX = 120
|
201
SOURCES/RHEL-50360-setuptools-fix-CVE-2024-6345.patch
Normal file
201
SOURCES/RHEL-50360-setuptools-fix-CVE-2024-6345.patch
Normal file
@ -0,0 +1,201 @@
|
||||
--- a/setuptools/package_index.py 1980-01-01 09:00:00.000000000 +0100
|
||||
+++ b/setuptools/package_index.py 2024-07-25 10:11:40.537307665 +0200
|
||||
@@ -1,5 +1,6 @@
|
||||
"""PyPI and direct package downloading"""
|
||||
import sys
|
||||
+import subprocess
|
||||
import os
|
||||
import re
|
||||
import shutil
|
||||
@@ -563,7 +564,7 @@
|
||||
scheme = URL_SCHEME(spec)
|
||||
if scheme:
|
||||
# It's a url, download it to tmpdir
|
||||
- found = self._download_url(scheme.group(1), spec, tmpdir)
|
||||
+ found = self._download_url(spec, tmpdir)
|
||||
base, fragment = egg_info_for_url(spec)
|
||||
if base.endswith('.py'):
|
||||
found = self.gen_setup(found, fragment, tmpdir)
|
||||
@@ -775,7 +776,7 @@
|
||||
raise DistutilsError("Download error for %s: %s"
|
||||
% (url, v))
|
||||
|
||||
- def _download_url(self, scheme, url, tmpdir):
|
||||
+ def _download_url(self, url, tmpdir):
|
||||
# Determine download filename
|
||||
#
|
||||
name, fragment = egg_info_for_url(url)
|
||||
@@ -790,19 +791,59 @@
|
||||
|
||||
filename = os.path.join(tmpdir, name)
|
||||
|
||||
- # Download the file
|
||||
- #
|
||||
- if scheme == 'svn' or scheme.startswith('svn+'):
|
||||
- return self._download_svn(url, filename)
|
||||
- elif scheme == 'git' or scheme.startswith('git+'):
|
||||
- return self._download_git(url, filename)
|
||||
- elif scheme.startswith('hg+'):
|
||||
- return self._download_hg(url, filename)
|
||||
- elif scheme == 'file':
|
||||
- return urllib.request.url2pathname(urllib.parse.urlparse(url)[2])
|
||||
- else:
|
||||
- self.url_ok(url, True) # raises error if not allowed
|
||||
- return self._attempt_download(url, filename)
|
||||
+ return self._download_vcs(url, filename) or self._download_other(url, filename)
|
||||
+
|
||||
+ @staticmethod
|
||||
+ def _resolve_vcs(url):
|
||||
+ """
|
||||
+ >>> rvcs = PackageIndex._resolve_vcs
|
||||
+ >>> rvcs('git+http://foo/bar')
|
||||
+ 'git'
|
||||
+ >>> rvcs('hg+https://foo/bar')
|
||||
+ 'hg'
|
||||
+ >>> rvcs('git:myhost')
|
||||
+ 'git'
|
||||
+ >>> rvcs('hg:myhost')
|
||||
+ >>> rvcs('http://foo/bar')
|
||||
+ """
|
||||
+ scheme = urllib.parse.urlsplit(url).scheme
|
||||
+ pre, sep, post = scheme.partition('+')
|
||||
+ # svn and git have their own protocol; hg does not
|
||||
+ allowed = set(['svn', 'git'] + ['hg'] * bool(sep))
|
||||
+ return next(iter({pre} & allowed), None)
|
||||
+
|
||||
+ def _download_vcs(self, url, spec_filename):
|
||||
+ vcs = self._resolve_vcs(url)
|
||||
+ if not vcs:
|
||||
+ return
|
||||
+ if vcs == 'svn':
|
||||
+ raise DistutilsError(
|
||||
+ f"Invalid config, SVN download is not supported: {url}"
|
||||
+ )
|
||||
+
|
||||
+ filename, _, _ = spec_filename.partition('#')
|
||||
+ url, rev = self._vcs_split_rev_from_url(url)
|
||||
+
|
||||
+ self.info(f"Doing {vcs} clone from {url} to {filename}")
|
||||
+ subprocess.check_call([vcs, 'clone', '--quiet', url, filename])
|
||||
+
|
||||
+ co_commands = dict(
|
||||
+ git=[vcs, '-C', filename, 'checkout', '--quiet', rev],
|
||||
+ hg=[vcs, '--cwd', filename, 'up', '-C', '-r', rev, '-q'],
|
||||
+ )
|
||||
+ if rev is not None:
|
||||
+ self.info(f"Checking out {rev}")
|
||||
+ subprocess.check_call(co_commands[vcs])
|
||||
+
|
||||
+ return filename
|
||||
+
|
||||
+ def _download_other(self, url, filename):
|
||||
+ scheme = urllib.parse.urlsplit(url).scheme
|
||||
+ if scheme == 'file': # pragma: no cover
|
||||
+ return urllib.request.url2pathname(urllib.parse.urlparse(url).path)
|
||||
+ # raise error if not allowed
|
||||
+ self.url_ok(url, True)
|
||||
+ return self._attempt_download(url, filename)
|
||||
|
||||
def scan_url(self, url):
|
||||
self.process_url(url, True)
|
||||
@@ -829,76 +870,37 @@
|
||||
os.unlink(filename)
|
||||
raise DistutilsError("Unexpected HTML page found at " + url)
|
||||
|
||||
- def _download_svn(self, url, filename):
|
||||
- url = url.split('#', 1)[0] # remove any fragment for svn's sake
|
||||
- creds = ''
|
||||
- if url.lower().startswith('svn:') and '@' in url:
|
||||
- scheme, netloc, path, p, q, f = urllib.parse.urlparse(url)
|
||||
- if not netloc and path.startswith('//') and '/' in path[2:]:
|
||||
- netloc, path = path[2:].split('/', 1)
|
||||
- auth, host = splituser(netloc)
|
||||
- if auth:
|
||||
- if ':' in auth:
|
||||
- user, pw = auth.split(':', 1)
|
||||
- creds = " --username=%s --password=%s" % (user, pw)
|
||||
- else:
|
||||
- creds = " --username=" + auth
|
||||
- netloc = host
|
||||
- parts = scheme, netloc, url, p, q, f
|
||||
- url = urllib.parse.urlunparse(parts)
|
||||
- self.info("Doing subversion checkout from %s to %s", url, filename)
|
||||
- os.system("svn checkout%s -q %s %s" % (creds, url, filename))
|
||||
- return filename
|
||||
-
|
||||
@staticmethod
|
||||
- def _vcs_split_rev_from_url(url, pop_prefix=False):
|
||||
- scheme, netloc, path, query, frag = urllib.parse.urlsplit(url)
|
||||
-
|
||||
- scheme = scheme.split('+', 1)[-1]
|
||||
-
|
||||
- # Some fragment identification fails
|
||||
- path = path.split('#', 1)[0]
|
||||
-
|
||||
- rev = None
|
||||
- if '@' in path:
|
||||
- path, rev = path.rsplit('@', 1)
|
||||
-
|
||||
- # Also, discard fragment
|
||||
- url = urllib.parse.urlunsplit((scheme, netloc, path, query, ''))
|
||||
-
|
||||
- return url, rev
|
||||
-
|
||||
- def _download_git(self, url, filename):
|
||||
- filename = filename.split('#', 1)[0]
|
||||
- url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True)
|
||||
-
|
||||
- self.info("Doing git clone from %s to %s", url, filename)
|
||||
- os.system("git clone --quiet %s %s" % (url, filename))
|
||||
+ def _vcs_split_rev_from_url(url):
|
||||
+ """
|
||||
+ Given a possible VCS URL, return a clean URL and resolved revision if any.
|
||||
|
||||
- if rev is not None:
|
||||
- self.info("Checking out %s", rev)
|
||||
- os.system("(cd %s && git checkout --quiet %s)" % (
|
||||
- filename,
|
||||
- rev,
|
||||
- ))
|
||||
+ >>> vsrfu = PackageIndex._vcs_split_rev_from_url
|
||||
+ >>> vsrfu('git+https://github.com/pypa/setuptools@v69.0.0#egg-info=setuptools')
|
||||
+ ('https://github.com/pypa/setuptools', 'v69.0.0')
|
||||
+ >>> vsrfu('git+https://github.com/pypa/setuptools#egg-info=setuptools')
|
||||
+ ('https://github.com/pypa/setuptools', None)
|
||||
+ >>> vsrfu('http://foo/bar')
|
||||
+ ('http://foo/bar', None)
|
||||
+ """
|
||||
+ parts = urllib.parse.urlsplit(url)
|
||||
|
||||
- return filename
|
||||
+ clean_scheme = parts.scheme.split('+', 1)[-1]
|
||||
|
||||
- def _download_hg(self, url, filename):
|
||||
- filename = filename.split('#', 1)[0]
|
||||
- url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True)
|
||||
+ # Some fragment identification fails
|
||||
+ no_fragment_path, _, _ = parts.path.partition('#')
|
||||
|
||||
- self.info("Doing hg clone from %s to %s", url, filename)
|
||||
- os.system("hg clone --quiet %s %s" % (url, filename))
|
||||
+ pre, sep, post = no_fragment_path.rpartition('@')
|
||||
+ clean_path, rev = (pre, post) if sep else (post, None)
|
||||
|
||||
- if rev is not None:
|
||||
- self.info("Updating to %s", rev)
|
||||
- os.system("(cd %s && hg up -C -r %s >&-)" % (
|
||||
- filename,
|
||||
- rev,
|
||||
- ))
|
||||
+ resolved = parts._replace(
|
||||
+ scheme=clean_scheme,
|
||||
+ path=clean_path,
|
||||
+ # discard the fragment
|
||||
+ fragment='',
|
||||
+ ).geturl()
|
||||
|
||||
- return filename
|
||||
+ return resolved, rev
|
||||
|
||||
def debug(self, msg, *args):
|
||||
log.debug(msg, *args)
|
@ -0,0 +1,38 @@
|
||||
From 38eaf00bc81af7530c56eba282918762a47a9326 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Thu, 19 Sep 2024 13:01:53 +0200
|
||||
Subject: [PATCH] nfsserver: also stop rpc-statd for nfsv4_only to avoid stop
|
||||
failing in some cases
|
||||
|
||||
E.g. nfs_no_notify=true nfsv4_only=true nfs_shared_infodir=/nfsmq/nfsinfo would cause a "Failed to unmount a bind mount" error
|
||||
---
|
||||
heartbeat/nfsserver | 16 +++++++---------
|
||||
1 file changed, 7 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/heartbeat/nfsserver b/heartbeat/nfsserver
|
||||
index 5793d7a70..fd9268afc 100755
|
||||
--- a/heartbeat/nfsserver
|
||||
+++ b/heartbeat/nfsserver
|
||||
@@ -947,15 +947,13 @@ nfsserver_stop ()
|
||||
sleep 1
|
||||
done
|
||||
|
||||
- if ! ocf_is_true "$OCF_RESKEY_nfsv4_only"; then
|
||||
- nfs_exec stop rpc-statd > /dev/null 2>&1
|
||||
- ocf_log info "Stop: rpc-statd"
|
||||
- rpcinfo -t localhost 100024 > /dev/null 2>&1
|
||||
- rc=$?
|
||||
- if [ "$rc" -eq "0" ]; then
|
||||
- ocf_exit_reason "Failed to stop rpc-statd"
|
||||
- return $OCF_ERR_GENERIC
|
||||
- fi
|
||||
+ nfs_exec stop rpc-statd > /dev/null 2>&1
|
||||
+ ocf_log info "Stop: rpc-statd"
|
||||
+ rpcinfo -t localhost 100024 > /dev/null 2>&1
|
||||
+ rc=$?
|
||||
+ if [ "$rc" -eq "0" ]; then
|
||||
+ ocf_exit_reason "Failed to stop rpc-statd"
|
||||
+ return $OCF_ERR_GENERIC
|
||||
fi
|
||||
|
||||
nfs_exec stop nfs-idmapd > /dev/null 2>&1
|
68
SOURCES/bz1904465-mysql-common-improve-error-message.patch
Normal file
68
SOURCES/bz1904465-mysql-common-improve-error-message.patch
Normal file
@ -0,0 +1,68 @@
|
||||
From fcceb714085836de9db4493b527e94d85dd72626 Mon Sep 17 00:00:00 2001
|
||||
From: ut002970 <liuxingwei@uniontech.com>
|
||||
Date: Wed, 6 Sep 2023 15:27:05 +0800
|
||||
Subject: [PATCH 1/3] modify error message
|
||||
|
||||
---
|
||||
heartbeat/mysql-common.sh | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/heartbeat/mysql-common.sh b/heartbeat/mysql-common.sh
|
||||
index 8104019b03..a93acc4c60 100755
|
||||
--- a/heartbeat/mysql-common.sh
|
||||
+++ b/heartbeat/mysql-common.sh
|
||||
@@ -254,7 +254,7 @@ mysql_common_start()
|
||||
while [ $start_wait = 1 ]; do
|
||||
if ! ps $pid > /dev/null 2>&1; then
|
||||
wait $pid
|
||||
- ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), please check your installation"
|
||||
+ ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), please check your installation, log message you can check $OCF_RESKEY_log"
|
||||
return $OCF_ERR_GENERIC
|
||||
fi
|
||||
mysql_common_status info
|
||||
|
||||
From 8f9b344cd5b3cb96ea0f94b7ab0306da2234ac00 Mon Sep 17 00:00:00 2001
|
||||
From: ut002970 <liuxingwei@uniontech.com>
|
||||
Date: Wed, 6 Sep 2023 15:56:24 +0800
|
||||
Subject: [PATCH 2/3] modify error message
|
||||
|
||||
---
|
||||
heartbeat/mysql-common.sh | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/heartbeat/mysql-common.sh b/heartbeat/mysql-common.sh
|
||||
index a93acc4c60..d5b2286737 100755
|
||||
--- a/heartbeat/mysql-common.sh
|
||||
+++ b/heartbeat/mysql-common.sh
|
||||
@@ -254,7 +254,7 @@ mysql_common_start()
|
||||
while [ $start_wait = 1 ]; do
|
||||
if ! ps $pid > /dev/null 2>&1; then
|
||||
wait $pid
|
||||
- ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), please check your installation, log message you can check $OCF_RESKEY_log"
|
||||
+ ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), Check $OCF_RESKEY_log for details"
|
||||
return $OCF_ERR_GENERIC
|
||||
fi
|
||||
mysql_common_status info
|
||||
|
||||
From a292b3c552bf3f2beea5f73e0d171546c0a1273c Mon Sep 17 00:00:00 2001
|
||||
From: ut002970 <liuxingwei@uniontech.com>
|
||||
Date: Wed, 6 Sep 2023 16:10:48 +0800
|
||||
Subject: [PATCH 3/3] modify error message
|
||||
|
||||
---
|
||||
heartbeat/mysql-common.sh | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/heartbeat/mysql-common.sh b/heartbeat/mysql-common.sh
|
||||
index d5b2286737..d6b4e3cdf4 100755
|
||||
--- a/heartbeat/mysql-common.sh
|
||||
+++ b/heartbeat/mysql-common.sh
|
||||
@@ -254,7 +254,7 @@ mysql_common_start()
|
||||
while [ $start_wait = 1 ]; do
|
||||
if ! ps $pid > /dev/null 2>&1; then
|
||||
wait $pid
|
||||
- ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), Check $OCF_RESKEY_log for details"
|
||||
+ ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?). Check $OCF_RESKEY_log for details"
|
||||
return $OCF_ERR_GENERIC
|
||||
fi
|
||||
mysql_common_status info
|
@ -1,54 +0,0 @@
|
||||
From 81bb58b05d2ddabd17fe31af39f0e857e61db3c9 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Tue, 28 Mar 2023 16:53:45 +0200
|
||||
Subject: [PATCH] azure-events*: fix for no "Transition Summary" for Pacemaker
|
||||
2.1+
|
||||
|
||||
---
|
||||
heartbeat/azure-events-az.in | 8 ++++----
|
||||
heartbeat/azure-events.in | 6 +++---
|
||||
2 files changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/heartbeat/azure-events-az.in b/heartbeat/azure-events-az.in
|
||||
index 59d0953061..67c02c6422 100644
|
||||
--- a/heartbeat/azure-events-az.in
|
||||
+++ b/heartbeat/azure-events-az.in
|
||||
@@ -311,10 +311,10 @@ class clusterHelper:
|
||||
summary = clusterHelper._exec("crm_simulate", "-Ls")
|
||||
if not summary:
|
||||
ocf.logger.warning("transitionSummary: could not load transition summary")
|
||||
- return False
|
||||
+ return ""
|
||||
if summary.find("Transition Summary:") < 0:
|
||||
- ocf.logger.warning("transitionSummary: received unexpected transition summary: %s" % summary)
|
||||
- return False
|
||||
+ ocf.logger.debug("transitionSummary: no transactions: %s" % summary)
|
||||
+ return ""
|
||||
summary = summary.split("Transition Summary:")[1]
|
||||
ret = summary.split("\n").pop(0)
|
||||
|
||||
@@ -768,4 +768,4 @@ def main():
|
||||
agent.run()
|
||||
|
||||
if __name__ == '__main__':
|
||||
- main()
|
||||
\ No newline at end of file
|
||||
+ main()
|
||||
diff --git a/heartbeat/azure-events.in b/heartbeat/azure-events.in
|
||||
index 66e129060a..5ad658df93 100644
|
||||
--- a/heartbeat/azure-events.in
|
||||
+++ b/heartbeat/azure-events.in
|
||||
@@ -310,10 +310,10 @@ class clusterHelper:
|
||||
summary = clusterHelper._exec("crm_simulate", "-Ls")
|
||||
if not summary:
|
||||
ocf.logger.warning("transitionSummary: could not load transition summary")
|
||||
- return False
|
||||
+ return ""
|
||||
if summary.find("Transition Summary:") < 0:
|
||||
- ocf.logger.warning("transitionSummary: received unexpected transition summary: %s" % summary)
|
||||
- return False
|
||||
+ ocf.logger.debug("transitionSummary: no transactions: %s" % summary)
|
||||
+ return ""
|
||||
summary = summary.split("Transition Summary:")[1]
|
||||
ret = summary.split("\n").pop(0)
|
||||
|
@ -1,77 +0,0 @@
|
||||
From ff53e5c8d6867e580506d132fba6fcf6aa46b804 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Varkoly <varkoly@suse.com>
|
||||
Date: Sat, 29 Apr 2023 08:09:11 +0200
|
||||
Subject: [PATCH] Use -LS instead of -Ls as parameter to get the Transition
|
||||
Summary
|
||||
|
||||
---
|
||||
heartbeat/azure-events-az.in | 9 +++++----
|
||||
heartbeat/azure-events.in | 9 +++++----
|
||||
2 files changed, 10 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/heartbeat/azure-events-az.in b/heartbeat/azure-events-az.in
|
||||
index 67c02c642..46d4d1f3d 100644
|
||||
--- a/heartbeat/azure-events-az.in
|
||||
+++ b/heartbeat/azure-events-az.in
|
||||
@@ -298,7 +298,7 @@ class clusterHelper:
|
||||
Get the current Pacemaker transition summary (used to check if all resources are stopped when putting a node standby)
|
||||
"""
|
||||
# <tniek> Is a global crm_simulate "too much"? Or would it be sufficient it there are no planned transitions for a particular node?
|
||||
- # # crm_simulate -Ls
|
||||
+ # # crm_simulate -LS
|
||||
# Transition Summary:
|
||||
# * Promote rsc_SAPHana_HN1_HDB03:0 (Slave -> Master hsr3-db1)
|
||||
# * Stop rsc_SAPHana_HN1_HDB03:1 (hsr3-db0)
|
||||
@@ -308,15 +308,16 @@ class clusterHelper:
|
||||
# Transition Summary:
|
||||
ocf.logger.debug("transitionSummary: begin")
|
||||
|
||||
- summary = clusterHelper._exec("crm_simulate", "-Ls")
|
||||
+ summary = clusterHelper._exec("crm_simulate", "-LS")
|
||||
if not summary:
|
||||
ocf.logger.warning("transitionSummary: could not load transition summary")
|
||||
return ""
|
||||
if summary.find("Transition Summary:") < 0:
|
||||
ocf.logger.debug("transitionSummary: no transactions: %s" % summary)
|
||||
return ""
|
||||
- summary = summary.split("Transition Summary:")[1]
|
||||
- ret = summary.split("\n").pop(0)
|
||||
+ j=summary.find('Transition Summary:') + len('Transition Summary:')
|
||||
+ l=summary.lower().find('executing cluster transition:')
|
||||
+ ret = list(filter(str.strip, summary[j:l].split("\n")))
|
||||
|
||||
ocf.logger.debug("transitionSummary: finished; return = %s" % str(ret))
|
||||
return ret
|
||||
diff --git a/heartbeat/azure-events.in b/heartbeat/azure-events.in
|
||||
index 5ad658df9..90acaba62 100644
|
||||
--- a/heartbeat/azure-events.in
|
||||
+++ b/heartbeat/azure-events.in
|
||||
@@ -297,7 +297,7 @@ class clusterHelper:
|
||||
Get the current Pacemaker transition summary (used to check if all resources are stopped when putting a node standby)
|
||||
"""
|
||||
# <tniek> Is a global crm_simulate "too much"? Or would it be sufficient it there are no planned transitions for a particular node?
|
||||
- # # crm_simulate -Ls
|
||||
+ # # crm_simulate -LS
|
||||
# Transition Summary:
|
||||
# * Promote rsc_SAPHana_HN1_HDB03:0 (Slave -> Master hsr3-db1)
|
||||
# * Stop rsc_SAPHana_HN1_HDB03:1 (hsr3-db0)
|
||||
@@ -307,15 +307,16 @@ class clusterHelper:
|
||||
# Transition Summary:
|
||||
ocf.logger.debug("transitionSummary: begin")
|
||||
|
||||
- summary = clusterHelper._exec("crm_simulate", "-Ls")
|
||||
+ summary = clusterHelper._exec("crm_simulate", "-LS")
|
||||
if not summary:
|
||||
ocf.logger.warning("transitionSummary: could not load transition summary")
|
||||
return ""
|
||||
if summary.find("Transition Summary:") < 0:
|
||||
ocf.logger.debug("transitionSummary: no transactions: %s" % summary)
|
||||
return ""
|
||||
- summary = summary.split("Transition Summary:")[1]
|
||||
- ret = summary.split("\n").pop(0)
|
||||
+ j=summary.find('Transition Summary:') + len('Transition Summary:')
|
||||
+ l=summary.lower().find('executing cluster transition:')
|
||||
+ ret = list(filter(str.strip, summary[j:l].split("\n")))
|
||||
|
||||
ocf.logger.debug("transitionSummary: finished; return = %s" % str(ret))
|
||||
return ret
|
@ -1,79 +0,0 @@
|
||||
From cf2fd2a9cf06dc2e915f2fb5dbcc5e09e907a6df Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Thu, 5 Oct 2023 11:53:18 +0200
|
||||
Subject: [PATCH] findif.sh: dont use table parameter as it returns no netmask
|
||||
(tested with main/local/custom tables)
|
||||
|
||||
---
|
||||
heartbeat/IPaddr2 | 12 ------------
|
||||
heartbeat/findif.sh | 8 ++++----
|
||||
2 files changed, 4 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2
|
||||
index e8384c5866..97a7431a24 100755
|
||||
--- a/heartbeat/IPaddr2
|
||||
+++ b/heartbeat/IPaddr2
|
||||
@@ -73,7 +73,6 @@ OCF_RESKEY_ip_default=""
|
||||
OCF_RESKEY_cidr_netmask_default=""
|
||||
OCF_RESKEY_broadcast_default=""
|
||||
OCF_RESKEY_iflabel_default=""
|
||||
-OCF_RESKEY_table_default=""
|
||||
OCF_RESKEY_cidr_netmask_default=""
|
||||
OCF_RESKEY_lvs_support_default=false
|
||||
OCF_RESKEY_lvs_ipv6_addrlabel_default=false
|
||||
@@ -98,7 +97,6 @@ OCF_RESKEY_network_namespace_default=""
|
||||
: ${OCF_RESKEY_cidr_netmask=${OCF_RESKEY_cidr_netmask_default}}
|
||||
: ${OCF_RESKEY_broadcast=${OCF_RESKEY_broadcast_default}}
|
||||
: ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}}
|
||||
-: ${OCF_RESKEY_table=${OCF_RESKEY_table_default}}
|
||||
: ${OCF_RESKEY_lvs_support=${OCF_RESKEY_lvs_support_default}}
|
||||
: ${OCF_RESKEY_lvs_ipv6_addrlabel=${OCF_RESKEY_lvs_ipv6_addrlabel_default}}
|
||||
: ${OCF_RESKEY_lvs_ipv6_addrlabel_value=${OCF_RESKEY_lvs_ipv6_addrlabel_value_default}}
|
||||
@@ -241,16 +239,6 @@ If a label is specified in nic name, this parameter has no effect.
|
||||
<content type="string" default="${OCF_RESKEY_iflabel_default}"/>
|
||||
</parameter>
|
||||
|
||||
-<parameter name="table">
|
||||
-<longdesc lang="en">
|
||||
-Table to use to lookup which interface to use for the IP.
|
||||
-
|
||||
-This can be used for policy based routing. See man ip-rule(8).
|
||||
-</longdesc>
|
||||
-<shortdesc lang="en">Table</shortdesc>
|
||||
-<content type="string" default="${OCF_RESKEY_table_default}" />
|
||||
-</parameter>
|
||||
-
|
||||
<parameter name="lvs_support">
|
||||
<longdesc lang="en">
|
||||
Enable support for LVS Direct Routing configurations. In case a IP
|
||||
diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh
|
||||
index 6c04c98c19..5f1c19ec3c 100644
|
||||
--- a/heartbeat/findif.sh
|
||||
+++ b/heartbeat/findif.sh
|
||||
@@ -32,7 +32,7 @@ prefixcheck() {
|
||||
getnetworkinfo()
|
||||
{
|
||||
local line netinfo
|
||||
- ip -o -f inet route list match $OCF_RESKEY_ip table "${OCF_RESKEY_table:=main}" scope host | (while read line;
|
||||
+ ip -o -f inet route list match $OCF_RESKEY_ip scope host | (while read line;
|
||||
do
|
||||
netinfo=`echo $line | awk '{print $2}'`
|
||||
case $netinfo in
|
||||
@@ -210,14 +210,14 @@ findif()
|
||||
fi
|
||||
findif_check_params $family || return $?
|
||||
|
||||
- if [ -n "$netmask" ] ; then
|
||||
+ if [ -n "$netmask" ]; then
|
||||
match=$match/$netmask
|
||||
fi
|
||||
if [ -n "$nic" ] ; then
|
||||
# NIC supports more than two.
|
||||
- set -- $(ip -o -f $family route list match $match $scope table "${OCF_RESKEY_table:=main}" | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
|
||||
+ set -- $(ip -o -f $family route list match $match $scope | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
|
||||
else
|
||||
- set -- $(ip -o -f $family route list match $match $scope table "${OCF_RESKEY_table:=main}" | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
|
||||
+ set -- $(ip -o -f $family route list match $match $scope | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
|
||||
fi
|
||||
if [ $# = 0 ] ; then
|
||||
case $OCF_RESKEY_ip in
|
@ -590,116 +590,3 @@ diff -uNr a/bundled/aliyun/colorama/demos/demo07.py b/bundled/aliyun/colorama/de
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
diff -uNr a/bundled/aliyun/pycryptodome/Doc/conf.py b/bundled/aliyun/pycryptodome/Doc/conf.py
|
||||
--- a/bundled/aliyun/pycryptodome/Doc/conf.py 2018-07-10 21:32:46.000000000 +0200
|
||||
+++ b/bundled/aliyun/pycryptodome/Doc/conf.py 2018-10-08 12:08:11.122188094 +0200
|
||||
@@ -15,7 +15,7 @@
|
||||
|
||||
# Modules to document with autodoc are in another directory
|
||||
sys.path.insert(0, os.path.abspath('../lib'))
|
||||
-print sys.path
|
||||
+print(sys.path)
|
||||
|
||||
# Mock existance of native modules
|
||||
from Crypto.Util import _raw_api
|
||||
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/Math/Primality.py b/bundled/aliyun/pycryptodome/lib/Crypto/Math/Primality.py
|
||||
--- a/bundled/aliyun/pycryptodome/lib/Crypto/Math/Primality.py 2018-07-10 21:32:46.000000000 +0200
|
||||
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/Math/Primality.py 2018-10-08 12:08:11.123188075 +0200
|
||||
@@ -302,7 +302,7 @@
|
||||
randfunc = kwargs.pop("randfunc", None)
|
||||
prime_filter = kwargs.pop("prime_filter", lambda x: True)
|
||||
if kwargs:
|
||||
- print "Unknown parameters:", kwargs.keys()
|
||||
+ print("Unknown parameters:", kwargs.keys())
|
||||
|
||||
if exact_bits is None:
|
||||
raise ValueError("Missing exact_bits parameter")
|
||||
@@ -341,7 +341,7 @@
|
||||
exact_bits = kwargs.pop("exact_bits", None)
|
||||
randfunc = kwargs.pop("randfunc", None)
|
||||
if kwargs:
|
||||
- print "Unknown parameters:", kwargs.keys()
|
||||
+ print("Unknown parameters:", kwargs.keys())
|
||||
|
||||
if randfunc is None:
|
||||
randfunc = Random.new().read
|
||||
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/PublicKey/ECC.py b/bundled/aliyun/pycryptodome/lib/Crypto/PublicKey/ECC.py
|
||||
--- a/bundled/aliyun/pycryptodome/lib/Crypto/PublicKey/ECC.py 2018-07-10 21:32:46.000000000 +0200
|
||||
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/PublicKey/ECC.py 2018-10-08 12:08:11.124188057 +0200
|
||||
@@ -912,4 +912,4 @@
|
||||
count = 30
|
||||
for x in xrange(count):
|
||||
_ = point * d
|
||||
- print (time.time() - start) / count * 1000, "ms"
|
||||
+ print((time.time() - start) / count * 1000, "ms")
|
||||
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_AES.py b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_AES.py
|
||||
--- a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_AES.py 2018-07-10 21:32:46.000000000 +0200
|
||||
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_AES.py 2018-10-08 12:08:11.124188057 +0200
|
||||
@@ -1276,7 +1276,7 @@
|
||||
tests += make_block_tests(AES, "AESNI", test_data, {'use_aesni': True})
|
||||
tests += [ TestMultipleBlocks(True) ]
|
||||
else:
|
||||
- print "Skipping AESNI tests"
|
||||
+ print("Skipping AESNI tests")
|
||||
return tests
|
||||
|
||||
if __name__ == '__main__':
|
||||
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_GCM.py b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_GCM.py
|
||||
--- a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_GCM.py 2018-07-10 21:32:46.000000000 +0200
|
||||
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_GCM.py 2018-10-08 12:08:11.125188038 +0200
|
||||
@@ -894,7 +894,7 @@
|
||||
if config.get('slow_tests'):
|
||||
tests += list_test_cases(NISTTestVectorsGCM_no_clmul)
|
||||
else:
|
||||
- print "Skipping test of PCLMULDQD in AES GCM"
|
||||
+ print("Skipping test of PCLMULDQD in AES GCM")
|
||||
|
||||
return tests
|
||||
|
||||
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_pkcs1_15.py b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_pkcs1_15.py
|
||||
--- a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_pkcs1_15.py 2018-07-10 21:32:46.000000000 +0200
|
||||
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_pkcs1_15.py 2018-10-08 12:08:11.125188038 +0200
|
||||
@@ -39,7 +39,7 @@
|
||||
"""Convert a text string with bytes in hex form to a byte string"""
|
||||
clean = b(rws(t))
|
||||
if len(clean)%2 == 1:
|
||||
- print clean
|
||||
+ print(clean)
|
||||
raise ValueError("Even number of characters expected")
|
||||
return a2b_hex(clean)
|
||||
|
||||
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/__main__.py b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/__main__.py
|
||||
--- a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/__main__.py 2018-07-10 21:32:46.000000000 +0200
|
||||
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/__main__.py 2018-10-08 12:08:11.126188020 +0200
|
||||
@@ -25,11 +25,11 @@
|
||||
|
||||
slow_tests = not "--skip-slow-tests" in sys.argv
|
||||
if not slow_tests:
|
||||
- print "Skipping slow tests"
|
||||
+ print("Skipping slow tests")
|
||||
|
||||
wycheproof_warnings = "--wycheproof-warnings" in sys.argv
|
||||
if wycheproof_warnings:
|
||||
- print "Printing Wycheproof warnings"
|
||||
+ print("Printing Wycheproof warnings")
|
||||
|
||||
config = {'slow_tests' : slow_tests, 'wycheproof_warnings' : wycheproof_warnings }
|
||||
SelfTest.run(stream=sys.stdout, verbosity=1, config=config)
|
||||
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/Util/RFC1751.py b/bundled/aliyun/pycryptodome/lib/Crypto/Util/RFC1751.py
|
||||
--- a/bundled/aliyun/pycryptodome/lib/Crypto/Util/RFC1751.py 2018-07-10 21:32:46.000000000 +0200
|
||||
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/Util/RFC1751.py 2018-10-08 12:08:11.126188020 +0200
|
||||
@@ -369,13 +369,13 @@
|
||||
]
|
||||
|
||||
for key, words in data:
|
||||
- print 'Trying key', key
|
||||
+ print('Trying key', key)
|
||||
key=binascii.a2b_hex(key)
|
||||
w2=key_to_english(key)
|
||||
if w2!=words:
|
||||
- print 'key_to_english fails on key', repr(key), ', producing', str(w2)
|
||||
+ print('key_to_english fails on key', repr(key), ', producing', str(w2))
|
||||
k2=english_to_key(words)
|
||||
if k2!=key:
|
||||
- print 'english_to_key fails on key', repr(key), ', producing', repr(k2)
|
||||
+ print('english_to_key fails on key', repr(key), ', producing', repr(k2))
|
||||
|
@ -43,7 +43,7 @@
|
||||
%global colorama_dir %{bundled_lib_dir}/aliyun/%{colorama}
|
||||
# python-pycryptodome bundle
|
||||
%global pycryptodome pycryptodome
|
||||
%global pycryptodome_version 3.6.4
|
||||
%global pycryptodome_version 3.20.0
|
||||
%global pycryptodome_dir %{bundled_lib_dir}/aliyun/%{pycryptodome}
|
||||
# python-aliyun-sdk-core bundle
|
||||
%global aliyunsdkcore aliyun-python-sdk-core
|
||||
@ -61,6 +61,10 @@
|
||||
%global aliyuncli aliyun-cli
|
||||
%global aliyuncli_version 2.1.10
|
||||
%global aliyuncli_dir %{bundled_lib_dir}/aliyun/%{aliyuncli}
|
||||
## fix CVEs
|
||||
# urllib3 bundle
|
||||
%global urllib3 urllib3
|
||||
%global urllib3_version 1.26.18
|
||||
|
||||
# determine the ras-set to process based on configure invokation
|
||||
%bcond_with rgmanager
|
||||
@ -69,7 +73,7 @@
|
||||
Name: resource-agents
|
||||
Summary: Open Source HA Reusable Cluster Resource Scripts
|
||||
Version: 4.9.0
|
||||
Release: 48%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.alma.1
|
||||
Release: 54%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.5
|
||||
License: GPLv2+ and LGPLv2+
|
||||
URL: https://github.com/ClusterLabs/resource-agents
|
||||
%if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel}
|
||||
@ -88,6 +92,7 @@ Source7: %{aliyunsdkcore}-%{aliyunsdkcore_version}.tar.gz
|
||||
Source8: %{aliyunsdkecs}-%{aliyunsdkecs_version}.tar.gz
|
||||
Source9: %{aliyunsdkvpc}-%{aliyunsdkvpc_version}.tar.gz
|
||||
Source10: %{aliyuncli}-%{aliyuncli_version}.tar.gz
|
||||
Source11: %{urllib3}-%{urllib3_version}.tar.gz
|
||||
Patch0: nova-compute-wait-NovaEvacuate.patch
|
||||
Patch1: bz1872754-pgsqlms-new-ra.patch
|
||||
Patch2: bz1995178-storage-mon-fix-typo.patch
|
||||
@ -148,10 +153,16 @@ Patch56: bz2040110-IPaddr2-IPsrcaddr-2-fix-table-parameter.patch
|
||||
Patch57: bz2189243-Filesystem-1-improve-stop-action.patch
|
||||
Patch58: bz2189243-Filesystem-2-fix-incorrect-parameter-types.patch
|
||||
Patch59: bz2189243-Filesystem-3-fix-signal_delay-default-value.patch
|
||||
|
||||
# Patches were taken from:
|
||||
# https://github.com/ClusterLabs/resource-agents/commit/cf2fd2a9cf06dc2e915f2fb5dbcc5e09e907a6df
|
||||
Patch60: findif-dont-use-table-parameter-as-it-returns-no-netmask.patch
|
||||
Patch60: bz1904465-mysql-common-improve-error-message.patch
|
||||
Patch61: RHEL-15302-1-exportfs-make-fsid-optional.patch
|
||||
Patch62: RHEL-15302-2-ocft-exportfs-remove-fsid-required-test.patch
|
||||
Patch63: RHEL-15305-1-findif.sh-fix-loopback-handling.patch
|
||||
Patch64: RHEL-16248-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-auth_type-role.patch
|
||||
Patch65: RHEL-17083-findif-EOS-fix.patch
|
||||
Patch66: RHEL-15305-2-findif.sh-dont-use-table-parameter.patch
|
||||
Patch67: RHEL-34137-aws-agents-use-curl_retry.patch
|
||||
Patch68: RHEL-32828-db2-fix-OCF_SUCESS-typo.patch
|
||||
Patch69: RHEL-61138-nfsserver-also-stop-rpc-statd-for-nfsv4_only.patch
|
||||
|
||||
# bundle patches
|
||||
Patch1000: 7-gcp-bundled.patch
|
||||
@ -164,6 +175,8 @@ Patch1006: python3-syntax-fixes.patch
|
||||
Patch1007: aliyuncli-python3-fixes.patch
|
||||
Patch1008: bz1935422-python-pygments-fix-CVE-2021-20270.patch
|
||||
Patch1009: bz1943464-python-pygments-fix-CVE-2021-27291.patch
|
||||
Patch1010: RHEL-44923-aliyun-gcp-fix-bundled-urllib3-CVE-2024-37891.patch
|
||||
Patch1011: RHEL-50360-setuptools-fix-CVE-2024-6345.patch
|
||||
|
||||
Obsoletes: heartbeat-resources <= %{version}
|
||||
Provides: heartbeat-resources = %{version}
|
||||
@ -258,6 +271,8 @@ Provides: bundled(python-aliyun-sdk-ecs) = %{aliyunsdkecs_version}
|
||||
Provides: bundled(python-aliyun-sdk-vpc) = %{aliyunsdkvpc_version}
|
||||
# aliyuncli bundle
|
||||
Provides: bundled(aliyuncli) = %{aliyuncli_version}
|
||||
# urllib3 bundle
|
||||
Provides: bundled(python-urllib3) = %{urllib3_version}
|
||||
|
||||
%description aliyun
|
||||
Alibaba Cloud (Aliyun) resource agents allows Alibaba Cloud
|
||||
@ -297,7 +312,7 @@ Provides: bundled(python-pyparsing) = 2.1.10
|
||||
Provides: bundled(python-requests) = 2.10.0
|
||||
Provides: bundled(python-six) = 1.11.0
|
||||
Provides: bundled(python-uritemplate) = 3.0.0
|
||||
Provides: bundled(python-urllib3) = 1.15.1
|
||||
Provides: bundled(python-urllib3) = %{urllib3_version}
|
||||
Provides: bundled(python-websocket) = 0.47.0
|
||||
Provides: bundled(python-yaml) = 3.12
|
||||
# python-pyroute2 bundle
|
||||
@ -331,67 +346,76 @@ databases to be managed in a cluster environment.
|
||||
exit 1
|
||||
%endif
|
||||
%setup -q -n %{upstream_prefix}-%{upstream_version}
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
%patch20 -p1
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
%patch23 -p1
|
||||
%patch24 -p1
|
||||
%patch25 -p1
|
||||
%patch26 -p1
|
||||
%patch27 -p1
|
||||
%patch28 -p1
|
||||
%patch29 -p1
|
||||
%patch30 -p1
|
||||
%patch31 -p1
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
%patch34 -p1
|
||||
%patch35 -p1
|
||||
%patch36 -p1
|
||||
%patch37 -p1
|
||||
%patch38 -p1
|
||||
%patch39 -p1
|
||||
%patch40 -p1
|
||||
%patch41 -p1
|
||||
%patch42 -p1
|
||||
%patch43 -p1
|
||||
%patch44 -p1
|
||||
%patch45 -p1
|
||||
%patch46 -p1
|
||||
%patch47 -p1
|
||||
%patch48 -p1
|
||||
%patch49 -p1
|
||||
%patch50 -p1
|
||||
%patch51 -p1
|
||||
%patch52 -p1
|
||||
%patch53 -p1
|
||||
%patch54 -p1
|
||||
%patch55 -p1
|
||||
%patch56 -p1
|
||||
%patch57 -p1
|
||||
%patch58 -p1
|
||||
%patch59 -p1
|
||||
%patch60 -p1
|
||||
%patch -p1 -P 0
|
||||
%patch -p1 -P 1
|
||||
%patch -p1 -P 2
|
||||
%patch -p1 -P 3
|
||||
%patch -p1 -P 4
|
||||
%patch -p1 -P 5
|
||||
%patch -p1 -P 6
|
||||
%patch -p1 -P 7
|
||||
%patch -p1 -P 8
|
||||
%patch -p1 -P 9
|
||||
%patch -p1 -P 10
|
||||
%patch -p1 -P 11
|
||||
%patch -p1 -P 12
|
||||
%patch -p1 -P 13
|
||||
%patch -p1 -P 14
|
||||
%patch -p1 -P 15
|
||||
%patch -p1 -P 16
|
||||
%patch -p1 -P 17
|
||||
%patch -p1 -P 18
|
||||
%patch -p1 -P 19
|
||||
%patch -p1 -P 20
|
||||
%patch -p1 -P 21
|
||||
%patch -p1 -P 22
|
||||
%patch -p1 -P 23
|
||||
%patch -p1 -P 24
|
||||
%patch -p1 -P 25
|
||||
%patch -p1 -P 26
|
||||
%patch -p1 -P 27
|
||||
%patch -p1 -P 28
|
||||
%patch -p1 -P 29
|
||||
%patch -p1 -P 30
|
||||
%patch -p1 -P 31
|
||||
%patch -p1 -P 32
|
||||
%patch -p1 -P 33
|
||||
%patch -p1 -P 34
|
||||
%patch -p1 -P 35
|
||||
%patch -p1 -P 36
|
||||
%patch -p1 -P 37
|
||||
%patch -p1 -P 38
|
||||
%patch -p1 -P 39
|
||||
%patch -p1 -P 40
|
||||
%patch -p1 -P 41
|
||||
%patch -p1 -P 42
|
||||
%patch -p1 -P 43
|
||||
%patch -p1 -P 44
|
||||
%patch -p1 -P 45
|
||||
%patch -p1 -P 46
|
||||
%patch -p1 -P 47
|
||||
%patch -p1 -P 48
|
||||
%patch -p1 -P 49
|
||||
%patch -p1 -P 50
|
||||
%patch -p1 -P 51
|
||||
%patch -p1 -P 52
|
||||
%patch -p1 -P 53
|
||||
%patch -p1 -P 54
|
||||
%patch -p1 -P 55
|
||||
%patch -p1 -P 56
|
||||
%patch -p1 -P 57
|
||||
%patch -p1 -P 58
|
||||
%patch -p1 -P 59
|
||||
%patch -p1 -P 60
|
||||
%patch -p1 -P 61
|
||||
%patch -p1 -P 62
|
||||
%patch -p1 -P 63
|
||||
%patch -p1 -P 64
|
||||
%patch -p1 -P 65
|
||||
%patch -p1 -P 66
|
||||
%patch -p1 -P 67 -F1
|
||||
%patch -p1 -P 68
|
||||
%patch -p1 -P 69
|
||||
|
||||
chmod 755 heartbeat/nova-compute-wait
|
||||
chmod 755 heartbeat/NovaEvacuate
|
||||
@ -405,15 +429,15 @@ mkdir -p %{bundled_lib_dir}/aliyun
|
||||
%ifarch x86_64
|
||||
tar -xzf %SOURCE1 -C %{bundled_lib_dir}/gcp
|
||||
# gcp*: append bundled-directory to search path, gcloud-ra
|
||||
%patch1000 -p1
|
||||
%patch -p1 -P 1000
|
||||
# replace python-rsa with python-cryptography
|
||||
%patch1001 -p1
|
||||
%patch -p1 -P 1001
|
||||
# gcloud support info
|
||||
%patch1002 -p1
|
||||
%patch -p1 -P 1002
|
||||
# configure: skip bundled gcp lib checks
|
||||
%patch1003 -p1 -F1
|
||||
%patch -p1 -P 1003 -F1
|
||||
# gcloud remove python 2 detection
|
||||
%patch1004 -p1
|
||||
%patch -p1 -P 1004
|
||||
# rename gcloud
|
||||
mv %{googlecloudsdk_dir}/bin/gcloud %{googlecloudsdk_dir}/bin/gcloud-ra
|
||||
# keep googleapiclient
|
||||
@ -520,16 +544,16 @@ mv %{bundled_lib_dir}/aliyun/%{aliyuncli}-%{aliyuncli_version} %{aliyuncli_dir}
|
||||
cp %{aliyuncli_dir}/README.rst %{aliyuncli}_README.rst
|
||||
cp %{aliyuncli_dir}/LICENSE %{aliyuncli}_LICENSE
|
||||
# aliyun*: use bundled libraries
|
||||
%patch1005 -p1
|
||||
%patch -p1 -P 1005
|
||||
|
||||
# aliyun Python 3 fixes
|
||||
%patch1006 -p1
|
||||
%patch1007 -p1
|
||||
%patch -p1 -P 1006
|
||||
%patch -p1 -P 1007
|
||||
|
||||
# fix CVE's in python-pygments
|
||||
pushd %{googlecloudsdk_dir}/lib/third_party
|
||||
%patch1008 -p1 -F2
|
||||
%patch1009 -p1 -F2
|
||||
%patch -p1 -P 1008 -F2
|
||||
%patch -p1 -P 1009 -F2
|
||||
popd
|
||||
%endif
|
||||
|
||||
@ -626,6 +650,9 @@ make install DESTDIR=%{buildroot}
|
||||
# google-cloud-sdk bundle
|
||||
%ifarch x86_64
|
||||
pushd %{googlecloudsdk_dir}
|
||||
# fix urllib3 CVEs
|
||||
rm -rf lib/third_party/urllib3
|
||||
%{__python3} -m pip install --target lib/third_party --no-index --find-links %{_sourcedir} urllib3
|
||||
mkdir -p %{buildroot}/usr/lib/%{name}/%{googlecloudsdk_dir}
|
||||
cp -a bin data lib %{buildroot}/usr/lib/%{name}/%{googlecloudsdk_dir}
|
||||
mkdir %{buildroot}/%{_bindir}
|
||||
@ -654,6 +681,9 @@ popd
|
||||
# python-aliyun-sdk-core bundle
|
||||
pushd %{aliyunsdkcore_dir}
|
||||
%{__python3} setup.py install -O1 --skip-build --root %{buildroot} --install-lib /usr/lib/%{name}/%{bundled_lib_dir}/aliyun
|
||||
# fix urllib3 CVEs
|
||||
rm -rf %{buildroot}/usr/lib/%{name}/%{bundled_lib_dir}/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3
|
||||
%{__python3} -m pip install --target %{buildroot}/usr/lib/%{name}/%{bundled_lib_dir}/aliyun/aliyunsdkcore/vendored/requests/packages --no-index --find-links %{_sourcedir} urllib3
|
||||
popd
|
||||
|
||||
# python-aliyun-sdk-ecs bundle
|
||||
@ -674,6 +704,14 @@ mv %{buildroot}/%{_bindir}/aliyuncli %{buildroot}/%{_bindir}/aliyuncli-ra
|
||||
# aliyun_completer / aliyun_zsh_complete.sh
|
||||
rm %{buildroot}/%{_bindir}/aliyun_*
|
||||
popd
|
||||
|
||||
# regular patch doesnt work in build-section
|
||||
pushd %{buildroot}/usr/lib/%{name}/%{bundled_lib_dir}
|
||||
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1010}
|
||||
popd
|
||||
pushd %{buildroot}/usr/lib/%{name}/%{bundled_lib_dir}/gcp/google-cloud-sdk/lib/third_party
|
||||
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1011}
|
||||
popd
|
||||
%endif
|
||||
|
||||
## tree fixup
|
||||
@ -967,8 +1005,65 @@ ccs_update_schema > /dev/null 2>&1 ||:
|
||||
%{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm
|
||||
|
||||
%changelog
|
||||
* Tue Nov 14 2023 Eduard Abdullin <eabdullin@almalinux.org> - 4.9.0-48.alma.1
|
||||
- findif.sh: dont use table parameter as it returns no netmask
|
||||
* Tue Oct 1 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.5
|
||||
- nfsserver: also stop rpc-statd for nfsv4_only to avoid stop failing
|
||||
in some cases
|
||||
|
||||
Resolves: RHEL-61138
|
||||
|
||||
* Thu Jul 25 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.4
|
||||
- bundled setuptools: fix CVE-2024-6345
|
||||
|
||||
Resolves: RHEL-50360
|
||||
|
||||
* Tue Jul 23 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.3
|
||||
- gcp-pd-move: fix TLS_VERSION_1 issue
|
||||
|
||||
Resolves: RHEL-50041
|
||||
|
||||
* Wed Jun 26 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.2
|
||||
- bundled urllib3: fix CVE-2024-37891
|
||||
|
||||
Resolves: RHEL-44923
|
||||
|
||||
* Thu May 30 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.1
|
||||
- AWS agents: retry failed metadata requests to avoid instantly
|
||||
failing when there is a hiccup in the network or metadata service
|
||||
- db2: fix OCF_SUCESS typo
|
||||
|
||||
Resolves: RHEL-34137, RHEL-32828
|
||||
|
||||
* Thu Feb 8 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54
|
||||
- findif.sh: fix loopback IP handling
|
||||
|
||||
Resolves: RHEL-15305
|
||||
|
||||
* Wed Jan 24 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-53
|
||||
- bundled urllib3: fix CVE-2023-45803
|
||||
- bundled pycryptodome: fix CVE-2023-52323
|
||||
|
||||
Resolves: RHEL-22431, RHEL-20916
|
||||
|
||||
* Tue Nov 21 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-52
|
||||
- findif: also check that netmaskbits != EOS
|
||||
|
||||
Resolves: RHEL-17083
|
||||
|
||||
* Fri Nov 17 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-51
|
||||
- aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type parameter
|
||||
and AWS Policy based authentication type
|
||||
|
||||
Resolves: RHEL-16248
|
||||
|
||||
* Thu Nov 2 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-49
|
||||
- exportfs: make "fsid" parameter optional
|
||||
|
||||
Resolves: RHEL-15302
|
||||
|
||||
* Wed Sep 6 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-48
|
||||
- mysql-common: improve error message
|
||||
|
||||
Resolves: rhbz#1904465
|
||||
|
||||
* Thu Jul 20 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-47
|
||||
- Filesystem: improve stop-action and allow setting term/kill signals
|
||||
|
Loading…
Reference in New Issue
Block a user