Import from CS git

SOURCES/RHEL-81960-1-aws-agents-reuse-imds-token-until-it-expires.patch

@@ -0,0 +1,455 @@
+From 61cec34a754017537c61e79cd1212f2688c32429 Mon Sep 17 00:00:00 2001
+From: harshkiprofile <83770157+harshkiprofile@users.noreply.github.com>
+Date: Mon, 4 Nov 2024 12:19:10 +0530
+Subject: [PATCH 1/7] Introduce a new shell function to reuse IMDS token
+
+---
+ heartbeat/ocf-shellfuncs.in | 31 +++++++++++++++++++++++++++++++
+ 1 file changed, 31 insertions(+)
+
+diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in
+index 5c4bb3264..0c4632cf9 100644
+--- a/heartbeat/ocf-shellfuncs.in
++++ b/heartbeat/ocf-shellfuncs.in
+@@ -1111,3 +1111,34 @@ ocf_is_true "$OCF_TRACE_RA" && ocf_start_trace
+ if ocf_is_true "$HA_use_logd"; then
+ 	: ${HA_LOGD:=yes}
+ fi
++
++# File to store the token and timestamp
++TOKEN_FILE="/tmp/.imds_token"
++TOKEN_LIFETIME=21600  # Token lifetime in seconds (6 hours)
++TOKEN_EXPIRY_THRESHOLD=3600  # Renew token if less than 60 minutes (1 hour) remaining
++
++# Function to fetch a new token
++fetch_new_token() {
++    TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: $TOKEN_LIFETIME")
++    echo "$TOKEN $(date +%s)" > "$TOKEN_FILE"
++    echo "$TOKEN"
++}
++
++# Function to retrieve or renew the token
++get_token() {
++    if [[ -f "$TOKEN_FILE" ]]; then
++        read -r STORED_TOKEN STORED_TIMESTAMP < "$TOKEN_FILE"
++        CURRENT_TIME=$(date +%s)
++        ELAPSED_TIME=$((CURRENT_TIME - STORED_TIMESTAMP))
++
++        if (( ELAPSED_TIME < (TOKEN_LIFETIME - TOKEN_EXPIRY_THRESHOLD) )); then
++            # Token is still valid
++            echo "$STORED_TOKEN"
++            return
++        fi
++    fi
++    # Fetch a new token if not valid
++    fetch_new_token
++}
++
++
+
+From 00629fa44cb7a8dd1045fc8cad755e1d0c808476 Mon Sep 17 00:00:00 2001
+From: harshkiprofile <83770157+harshkiprofile@users.noreply.github.com>
+Date: Mon, 4 Nov 2024 12:21:18 +0530
+Subject: [PATCH 2/7] Utilize the get_token function to reuse the token
+
+---
+ heartbeat/aws-vpc-move-ip | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
+index 6115e5ba8..fbeb2ee64 100755
+--- a/heartbeat/aws-vpc-move-ip
++++ b/heartbeat/aws-vpc-move-ip
+@@ -270,7 +270,7 @@ ec2ip_validate() {
+ 		fi
+ 	fi
+ 
+-	TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
++	TOKEN=$(get_token)
+ 	[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+ 	EC2_INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
+ 	[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+
+From 36126cdcb90ad617ecfce03d986550907732aa4f Mon Sep 17 00:00:00 2001
+From: harshkiprofile <83770157+harshkiprofile@users.noreply.github.com>
+Date: Mon, 4 Nov 2024 12:22:16 +0530
+Subject: [PATCH 3/7] Utilize to get_token function to reuse the token
+
+---
+ heartbeat/awsvip | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/heartbeat/awsvip b/heartbeat/awsvip
+index f2b238a0f..ca19ac086 100755
+--- a/heartbeat/awsvip
++++ b/heartbeat/awsvip
+@@ -266,7 +266,7 @@ if [ -n "${OCF_RESKEY_region}" ]; then
+ 	AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
+ fi
+ SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}"
+-TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
++TOKEN=$(get_token)
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+ INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+
+From dcd0050df5ba94905bc71d38b05cbb93f5687b61 Mon Sep 17 00:00:00 2001
+From: harshkiprofile <beer18317@gmail.com>
+Date: Mon, 4 Nov 2024 20:05:33 +0530
+Subject: [PATCH 4/7] Move token renewal function to aws.sh for reuse in AWS
+ agent scripts
+
+---
+ heartbeat/Makefile.am        |  1 +
+ heartbeat/aws-vpc-move-ip    |  1 +
+ heartbeat/aws-vpc-route53.in |  3 ++-
+ heartbeat/aws.sh             | 46 ++++++++++++++++++++++++++++++++++++
+ heartbeat/awseip             |  3 ++-
+ heartbeat/awsvip             |  1 +
+ heartbeat/ocf-shellfuncs.in  | 33 +-------------------------
+ 7 files changed, 54 insertions(+), 34 deletions(-)
+ create mode 100644 heartbeat/aws.sh
+
+diff --git a/heartbeat/Makefile.am b/heartbeat/Makefile.am
+index 409847970..655740f14 100644
+--- a/heartbeat/Makefile.am
++++ b/heartbeat/Makefile.am
+@@ -218,6 +218,7 @@ ocfcommon_DATA		= ocf-shellfuncs 	\
+ 			  ocf-rarun		\
+ 			  ocf-distro		\
+ 			  apache-conf.sh 	\
++			  aws.sh            \
+ 			  http-mon.sh		\
+ 			  sapdb-nosha.sh	\
+ 			  sapdb.sh		\
+diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
+index fbeb2ee64..f4b0492f2 100755
+--- a/heartbeat/aws-vpc-move-ip
++++ b/heartbeat/aws-vpc-move-ip
+@@ -33,6 +33,7 @@
+ 
+ : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
+ . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
++. ${OCF_FUNCTIONS_DIR}/aws.sh
+ 
+ # Defaults
+ OCF_RESKEY_awscli_default="/usr/bin/aws"
+diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in
+index eba2ed95c..f7e756782 100644
+--- a/heartbeat/aws-vpc-route53.in
++++ b/heartbeat/aws-vpc-route53.in
+@@ -43,6 +43,7 @@
+ 
+ : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
+ . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
++. ${OCF_FUNCTIONS_DIR}/aws.sh
+ 
+ # Defaults
+ OCF_RESKEY_awscli_default="/usr/bin/aws"
+@@ -377,7 +378,7 @@ r53_monitor() {
+ _get_ip() {
+ 	case $OCF_RESKEY_ip in
+ 		local|public)
+-			TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
++			TOKEN=$(get_token)
+ 			[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+ 			IPADDRESS=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/${OCF_RESKEY_ip}-ipv4")
+ 			[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+diff --git a/heartbeat/aws.sh b/heartbeat/aws.sh
+new file mode 100644
+index 000000000..fc557109c
+--- /dev/null
++++ b/heartbeat/aws.sh
+@@ -0,0 +1,46 @@
++#!/bin/sh
++#
++#
++#   AWS Helper Scripts
++#
++#
++
++: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
++. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
++
++# Defaults
++OCF_RESKEY_curl_retries_default="3"
++OCF_RESKEY_curl_sleep_default="1"
++
++: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
++: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
++
++# Function to enable reusable IMDS token retrieval for efficient repeated access 
++# File to store the token and timestamp
++TOKEN_FILE="/tmp/.imds_token"
++TOKEN_LIFETIME=21600  # Token lifetime in seconds (6 hours)
++TOKEN_EXPIRY_THRESHOLD=3600  # Renew token if less than 60 minutes (1 hour) remaining
++
++# Function to fetch a new token
++fetch_new_token() {
++    TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: $TOKEN_LIFETIME'" "http://169.254.169.254/latest/api/token")
++    echo "$TOKEN $(date +%s)" > "$TOKEN_FILE"
++    echo "$TOKEN"
++}
++
++# Function to retrieve or renew the token
++get_token() {
++    if [ -f "$TOKEN_FILE" ]; then
++        read -r STORED_TOKEN STORED_TIMESTAMP < "$TOKEN_FILE"
++        CURRENT_TIME=$(date +%s)
++        ELAPSED_TIME=$((CURRENT_TIME - STORED_TIMESTAMP))
++
++        if (( ELAPSED_TIME < (TOKEN_LIFETIME - TOKEN_EXPIRY_THRESHOLD) )); then
++            # Token is still valid
++            echo "$STORED_TOKEN"
++            return
++        fi
++    fi
++    # Fetch a new token if not valid
++    fetch_new_token
++}
+\ No newline at end of file
+diff --git a/heartbeat/awseip b/heartbeat/awseip
+index ffb6223a1..049c2e566 100755
+--- a/heartbeat/awseip
++++ b/heartbeat/awseip
+@@ -38,6 +38,7 @@
+ 
+ : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
+ . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
++. ${OCF_FUNCTIONS_DIR}/aws.sh
+ 
+ #######################################################################
+ 
+@@ -306,7 +307,7 @@ fi
+ ELASTIC_IP="${OCF_RESKEY_elastic_ip}"
+ ALLOCATION_ID="${OCF_RESKEY_allocation_id}"
+ PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}"
+-TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
++TOKEN=$(get_token)
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+ INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+diff --git a/heartbeat/awsvip b/heartbeat/awsvip
+index ca19ac086..de67981d8 100755
+--- a/heartbeat/awsvip
++++ b/heartbeat/awsvip
+@@ -37,6 +37,7 @@
+ 
+ : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
+ . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
++. ${OCF_FUNCTIONS_DIR}/aws.sh
+ 
+ #######################################################################
+ 
+diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in
+index 0c4632cf9..922c6ea45 100644
+--- a/heartbeat/ocf-shellfuncs.in
++++ b/heartbeat/ocf-shellfuncs.in
+@@ -1110,35 +1110,4 @@ ocf_is_true "$OCF_TRACE_RA" && ocf_start_trace
+ # pacemaker sets HA_use_logd, some others use HA_LOGD :/
+ if ocf_is_true "$HA_use_logd"; then
+ 	: ${HA_LOGD:=yes}
+-fi
+-
+-# File to store the token and timestamp
+-TOKEN_FILE="/tmp/.imds_token"
+-TOKEN_LIFETIME=21600  # Token lifetime in seconds (6 hours)
+-TOKEN_EXPIRY_THRESHOLD=3600  # Renew token if less than 60 minutes (1 hour) remaining
+-
+-# Function to fetch a new token
+-fetch_new_token() {
+-    TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: $TOKEN_LIFETIME")
+-    echo "$TOKEN $(date +%s)" > "$TOKEN_FILE"
+-    echo "$TOKEN"
+-}
+-
+-# Function to retrieve or renew the token
+-get_token() {
+-    if [[ -f "$TOKEN_FILE" ]]; then
+-        read -r STORED_TOKEN STORED_TIMESTAMP < "$TOKEN_FILE"
+-        CURRENT_TIME=$(date +%s)
+-        ELAPSED_TIME=$((CURRENT_TIME - STORED_TIMESTAMP))
+-
+-        if (( ELAPSED_TIME < (TOKEN_LIFETIME - TOKEN_EXPIRY_THRESHOLD) )); then
+-            # Token is still valid
+-            echo "$STORED_TOKEN"
+-            return
+-        fi
+-    fi
+-    # Fetch a new token if not valid
+-    fetch_new_token
+-}
+-
+-
++fi
+\ No newline at end of file
+
+From 9f7be201923c8eab1b121f2067ed74a69841cf8a Mon Sep 17 00:00:00 2001
+From: harshkiprofile <beer18317@gmail.com>
+Date: Tue, 5 Nov 2024 19:12:34 +0530
+Subject: [PATCH 5/7] Refactor to use common temp path and update shell syntax
+
+---
+ heartbeat/Makefile.am | 2 +-
+ heartbeat/aws.sh      | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/heartbeat/Makefile.am b/heartbeat/Makefile.am
+index 655740f14..8352f3a3d 100644
+--- a/heartbeat/Makefile.am
++++ b/heartbeat/Makefile.am
+@@ -218,7 +218,7 @@ ocfcommon_DATA		= ocf-shellfuncs 	\
+ 			  ocf-rarun		\
+ 			  ocf-distro		\
+ 			  apache-conf.sh 	\
+-			  aws.sh            \
++			  aws.sh		\
+ 			  http-mon.sh		\
+ 			  sapdb-nosha.sh	\
+ 			  sapdb.sh		\
+diff --git a/heartbeat/aws.sh b/heartbeat/aws.sh
+index fc557109c..c77f93b91 100644
+--- a/heartbeat/aws.sh
++++ b/heartbeat/aws.sh
+@@ -17,7 +17,7 @@ OCF_RESKEY_curl_sleep_default="1"
+ 
+ # Function to enable reusable IMDS token retrieval for efficient repeated access 
+ # File to store the token and timestamp
+-TOKEN_FILE="/tmp/.imds_token"
++TOKEN_FILE="${HA_RSCTMP}/.aws_imds_token"
+ TOKEN_LIFETIME=21600  # Token lifetime in seconds (6 hours)
+ TOKEN_EXPIRY_THRESHOLD=3600  # Renew token if less than 60 minutes (1 hour) remaining
+ 
+@@ -35,7 +35,7 @@ get_token() {
+         CURRENT_TIME=$(date +%s)
+         ELAPSED_TIME=$((CURRENT_TIME - STORED_TIMESTAMP))
+ 
+-        if (( ELAPSED_TIME < (TOKEN_LIFETIME - TOKEN_EXPIRY_THRESHOLD) )); then
++        if [ "$ELAPSED_TIME" -lt "$((TOKEN_LIFETIME - TOKEN_EXPIRY_THRESHOLD))" ]; then
+             # Token is still valid
+             echo "$STORED_TOKEN"
+             return
+
+From 4f61048064d1df3bebdb5c1441cf0020f213c01b Mon Sep 17 00:00:00 2001
+From: harshkiprofile <beer18317@gmail.com>
+Date: Tue, 5 Nov 2024 19:30:15 +0530
+Subject: [PATCH 6/7] Consolidate curl_retry and curl_sleep variable to a
+ single location in aws.sh
+
+---
+ heartbeat/aws-vpc-move-ip    | 4 ----
+ heartbeat/aws-vpc-route53.in | 4 ----
+ heartbeat/awseip             | 4 ----
+ heartbeat/awsvip             | 4 ----
+ 4 files changed, 16 deletions(-)
+
+diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
+index f4b0492f2..3aa9ceb02 100755
+--- a/heartbeat/aws-vpc-move-ip
++++ b/heartbeat/aws-vpc-move-ip
+@@ -48,8 +48,6 @@ OCF_RESKEY_interface_default="eth0"
+ OCF_RESKEY_iflabel_default=""
+ OCF_RESKEY_monapi_default="false"
+ OCF_RESKEY_lookup_type_default="InstanceId"
+-OCF_RESKEY_curl_retries_default="3"
+-OCF_RESKEY_curl_sleep_default="1"
+ 
+ : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+ : ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
+@@ -63,8 +61,6 @@ OCF_RESKEY_curl_sleep_default="1"
+ : ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}}
+ : ${OCF_RESKEY_monapi=${OCF_RESKEY_monapi_default}}
+ : ${OCF_RESKEY_lookup_type=${OCF_RESKEY_lookup_type_default}}
+-: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
+-: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
+ #######################################################################
+ 
+ 
+diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in
+index f7e756782..85c8de3c1 100644
+--- a/heartbeat/aws-vpc-route53.in
++++ b/heartbeat/aws-vpc-route53.in
+@@ -54,8 +54,6 @@ OCF_RESKEY_hostedzoneid_default=""
+ OCF_RESKEY_fullname_default=""
+ OCF_RESKEY_ip_default="local"
+ OCF_RESKEY_ttl_default=10
+-OCF_RESKEY_curl_retries_default="3"
+-OCF_RESKEY_curl_sleep_default="1"
+ 
+ : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+ : ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
+@@ -65,8 +63,6 @@ OCF_RESKEY_curl_sleep_default="1"
+ : ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}}
+ : ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}}
+ : ${OCF_RESKEY_ttl:=${OCF_RESKEY_ttl_default}}
+-: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
+-: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
+ 
+ usage() {
+ 	cat <<-EOT
+diff --git a/heartbeat/awseip b/heartbeat/awseip
+index 049c2e566..4b1c3bc6a 100755
+--- a/heartbeat/awseip
++++ b/heartbeat/awseip
+@@ -50,16 +50,12 @@ OCF_RESKEY_auth_type_default="key"
+ OCF_RESKEY_profile_default="default"
+ OCF_RESKEY_region_default=""
+ OCF_RESKEY_api_delay_default="3"
+-OCF_RESKEY_curl_retries_default="3"
+-OCF_RESKEY_curl_sleep_default="1"
+ 
+ : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+ : ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
+ : ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
+ : ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
+ : ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
+-: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
+-: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
+ 
+ meta_data() {
+     cat <<END
+diff --git a/heartbeat/awsvip b/heartbeat/awsvip
+index de67981d8..8c71e7fac 100755
+--- a/heartbeat/awsvip
++++ b/heartbeat/awsvip
+@@ -49,16 +49,12 @@ OCF_RESKEY_auth_type_default="key"
+ OCF_RESKEY_profile_default="default"
+ OCF_RESKEY_region_default=""
+ OCF_RESKEY_api_delay_default="3"
+-OCF_RESKEY_curl_retries_default="3"
+-OCF_RESKEY_curl_sleep_default="1"
+ 
+ : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+ : ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
+ : ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
+ : ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
+ : ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
+-: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
+-: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
+ 
+ meta_data() {
+     cat <<END
+
+From d451c5c595b08685f84ec85da96ae9cb4fc076fe Mon Sep 17 00:00:00 2001
+From: harshkiprofile <beer18317@gmail.com>
+Date: Tue, 5 Nov 2024 20:50:24 +0530
+Subject: [PATCH 7/7] aws.sh needs to added to be symlinkstargets in
+ doc/man/Makefile.am
+
+---
+ doc/man/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
+index ef7639bff..447f5cba3 100644
+--- a/doc/man/Makefile.am
++++ b/doc/man/Makefile.am
+@@ -42,7 +42,7 @@ radir			= $(abs_top_builddir)/heartbeat
+ # required for out-of-tree build
+ symlinkstargets		= \
+ 			  ocf-distro ocf.py ocf-rarun ocf-returncodes \
+-			  findif.sh apache-conf.sh http-mon.sh mysql-common.sh \
++			  findif.sh apache-conf.sh aws.sh http-mon.sh mysql-common.sh \
+ 			  nfsserver-redhat.sh ora-common.sh
+ 
+ preptree:

SOURCES/RHEL-81960-2-aws-agents-reuse-imds-token-improvements.patch

@@ -0,0 +1,161 @@
+From cc5ffa5e599c974c426e93faa821b342e96b916d Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Mon, 11 Nov 2024 12:46:27 +0100
+Subject: [PATCH 1/2] aws.sh: chmod 600 $TOKEN_FILE, add get_instance_id() with
+ DMI support, and use get_instance_id() in AWS agents
+
+---
+ heartbeat/aws-vpc-move-ip |  2 +-
+ heartbeat/aws.sh          | 30 +++++++++++++++++++++++++++---
+ heartbeat/awseip          |  2 +-
+ heartbeat/awsvip          |  2 +-
+ 4 files changed, 30 insertions(+), 6 deletions(-)
+
+diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
+index 3aa9ceb02..09ae68b57 100755
+--- a/heartbeat/aws-vpc-move-ip
++++ b/heartbeat/aws-vpc-move-ip
+@@ -269,7 +269,7 @@ ec2ip_validate() {
+ 
+ 	TOKEN=$(get_token)
+ 	[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+-	EC2_INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
++	EC2_INSTANCE_ID=$(get_instance_id)
+ 	[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+ 
+ 	if [ -z "${EC2_INSTANCE_ID}" ]; then
+diff --git a/heartbeat/aws.sh b/heartbeat/aws.sh
+index c77f93b91..9cd343c16 100644
+--- a/heartbeat/aws.sh
++++ b/heartbeat/aws.sh
+@@ -9,8 +9,8 @@
+ . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
+ 
+ # Defaults
+-OCF_RESKEY_curl_retries_default="3"
+-OCF_RESKEY_curl_sleep_default="1"
++OCF_RESKEY_curl_retries_default="4"
++OCF_RESKEY_curl_sleep_default="3"
+ 
+ : ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
+ : ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
+@@ -20,11 +20,13 @@ OCF_RESKEY_curl_sleep_default="1"
+ TOKEN_FILE="${HA_RSCTMP}/.aws_imds_token"
+ TOKEN_LIFETIME=21600  # Token lifetime in seconds (6 hours)
+ TOKEN_EXPIRY_THRESHOLD=3600  # Renew token if less than 60 minutes (1 hour) remaining
++DMI_FILE="/sys/devices/virtual/dmi/id/board_asset_tag" # Only supported on nitro-based instances.
+ 
+ # Function to fetch a new token
+ fetch_new_token() {
+     TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: $TOKEN_LIFETIME'" "http://169.254.169.254/latest/api/token")
+     echo "$TOKEN $(date +%s)" > "$TOKEN_FILE"
++    chmod 600 "$TOKEN_FILE"
+     echo "$TOKEN"
+ }
+ 
+@@ -43,4 +45,26 @@ get_token() {
+     fi
+     # Fetch a new token if not valid
+     fetch_new_token
+-}
+\ No newline at end of file
++}
++
++get_instance_id() {
++    local INSTANCE_ID
++
++    # Try to get the EC2 instance ID from DMI first before falling back to IMDS.
++    ocf_log debug "EC2: Attempt to get EC2 Instance ID from local file."
++    if [ -r "$DMI_FILE" ] && [ -s "$DMI_FILE" ]; then
++        INSTANCE_ID="$(cat "$DMI_FILE")"
++        case "$INSTANCE_ID" in
++            i-0*) echo "$INSTANCE_ID"; return "$OCF_SUCCESS" ;;
++        esac
++    fi
++
++    INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
++    if [ $? -ne 0 ]; then
++        ocf_exit_reason "Failed to get EC2 Instance ID"
++        exit $OCF_ERR_GENERIC
++    fi
++
++    echo "$INSTANCE_ID"
++    return "$OCF_SUCCESS"
++}
+diff --git a/heartbeat/awseip b/heartbeat/awseip
+index 4b1c3bc6a..7f38376dc 100755
+--- a/heartbeat/awseip
++++ b/heartbeat/awseip
+@@ -305,7 +305,7 @@ ALLOCATION_ID="${OCF_RESKEY_allocation_id}"
+ PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}"
+ TOKEN=$(get_token)
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+-INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
++INSTANCE_ID=$(get_instance_id)
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+ 
+ case $__OCF_ACTION in
+diff --git a/heartbeat/awsvip b/heartbeat/awsvip
+index 8c71e7fac..0856ac5e4 100755
+--- a/heartbeat/awsvip
++++ b/heartbeat/awsvip
+@@ -265,7 +265,7 @@ fi
+ SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}"
+ TOKEN=$(get_token)
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+-INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
++INSTANCE_ID=$(get_instance_id)
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+ MAC_ADDRESS=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/mac")
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+
+From b8d3ecc6a8ce4baf4b28d02978dd573728ccf5fa Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Mon, 18 Nov 2024 11:10:42 +0100
+Subject: [PATCH 2/2] aws.sh/ocf-shellfuncs: add ability to fresh token if it's
+ invalid
+
+---
+ heartbeat/aws.sh            |  1 +
+ heartbeat/ocf-shellfuncs.in | 11 ++++++++++-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/heartbeat/aws.sh b/heartbeat/aws.sh
+index 9cd343c16..64f2e13a7 100644
+--- a/heartbeat/aws.sh
++++ b/heartbeat/aws.sh
+@@ -18,6 +18,7 @@ OCF_RESKEY_curl_sleep_default="3"
+ # Function to enable reusable IMDS token retrieval for efficient repeated access 
+ # File to store the token and timestamp
+ TOKEN_FILE="${HA_RSCTMP}/.aws_imds_token"
++TOKEN_FUNC="fetch_new_token"  # Used by curl_retry() if saved token is invalid
+ TOKEN_LIFETIME=21600  # Token lifetime in seconds (6 hours)
+ TOKEN_EXPIRY_THRESHOLD=3600  # Renew token if less than 60 minutes (1 hour) remaining
+ DMI_FILE="/sys/devices/virtual/dmi/id/board_asset_tag" # Only supported on nitro-based instances.
+diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in
+index 922c6ea45..8e51fa3c8 100644
+--- a/heartbeat/ocf-shellfuncs.in
++++ b/heartbeat/ocf-shellfuncs.in
+@@ -697,6 +697,15 @@ curl_retry()
+ 
+ 		ocf_log debug "result: $result"
+ 		[ $rc -eq 0 ] && break
++		if [ -n "$TOKEN" ] && [ -n "$TOKEN_FILE" ] && \
++		   [ -f "$TOKEN_FILE" ] && [ -n "$TOKEN_FUNC" ] && \
++		   echo "$result" | grep -q "The requested URL returned error: 401$"; then
++			local OLD_TOKEN="$TOKEN"
++			ocf_log err "Token invalid. Getting new token."
++			TOKEN=$($TOKEN_FUNC)
++			[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
++			args=$(echo "$args" | sed "s/$OLD_TOKEN/$TOKEN/")
++		fi
+ 		sleep $sleep
+ 	done
+ 
+@@ -1110,4 +1119,4 @@ ocf_is_true "$OCF_TRACE_RA" && ocf_start_trace
+ # pacemaker sets HA_use_logd, some others use HA_LOGD :/
+ if ocf_is_true "$HA_use_logd"; then
+ 	: ${HA_LOGD:=yes}
+-fi
+\ No newline at end of file
++fi

SOURCES/RHEL-85048-tomcat-fix-CATALINA_PID-not-set-and-parameter-defaults.patch

@@ -0,0 +1,72 @@
+From f6a5f38405a93ab88e887aa657ee79593d1a4485 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Wed, 26 Mar 2025 09:48:06 +0100
+Subject: [PATCH 1/2] tomcat: fix CATALINA_PID not set issue
+
+---
+ heartbeat/tomcat | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/heartbeat/tomcat b/heartbeat/tomcat
+index fa2715140b..6d47980296 100755
+--- a/heartbeat/tomcat
++++ b/heartbeat/tomcat
+@@ -695,10 +695,12 @@ CATALINA_BASE="${OCF_RESKEY_catalina_base-${OCF_RESKEY_catalina_home}}"
+ CATALINA_OUT="${OCF_RESKEY_catalina_out}"
+ 
+ CATALINA_PID=$OCF_RESKEY_catalina_pid
+-if [ -z "$CATALINA_PID" ] && [ "$__OCF_ACTION" = "start" ]; then
+-	mkdir -p "${HA_RSCTMP}/${TOMCAT_NAME}_tomcatstate/"
+-	if [ "${RESOURCE_TOMCAT_USER}" != "root" ]; then
+-		chown ${RESOURCE_TOMCAT_USER} "${HA_RSCTMP}/${TOMCAT_NAME}_tomcatstate/"
++if [ -z "$CATALINA_PID" ]; then
++	if [ "$__OCF_ACTION" = "start" ]; then
++		mkdir -p "${HA_RSCTMP}/${TOMCAT_NAME}_tomcatstate/"
++		if [ "${RESOURCE_TOMCAT_USER}" != "root" ]; then
++			chown ${RESOURCE_TOMCAT_USER} "${HA_RSCTMP}/${TOMCAT_NAME}_tomcatstate/"
++		fi
+ 	fi
+ 	CATALINA_PID="${HA_RSCTMP}/${TOMCAT_NAME}_tomcatstate/catalina.pid"
+ fi
+
+From b0da375699ebfa544e6e4a13eae554af3e7d65c9 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Fri, 28 Mar 2025 10:50:17 +0100
+Subject: [PATCH 2/2] tomcat: fix catalina_base and catalina_out parameter
+ defaults
+
+---
+ heartbeat/tomcat | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/heartbeat/tomcat b/heartbeat/tomcat
+index 6d47980296..1e8f216384 100755
+--- a/heartbeat/tomcat
++++ b/heartbeat/tomcat
+@@ -650,7 +650,6 @@ OCF_RESKEY_statusurl_default="http://127.0.0.1:8080"
+ OCF_RESKEY_max_stop_time_default=""
+ OCF_RESKEY_java_home_default=""
+ OCF_RESKEY_java_opts_default=""
+-OCF_RESKEY_catalina_out_default="${OCF_RESKEY_catalina_base-${OCF_RESKEY_catalina_home}}/logs/catalina.out"
+ OCF_RESKEY_catalina_pid_default=""
+ OCF_RESKEY_tomcat_start_script_default="${TOMCAT_START_SCRIPT}"
+ OCF_RESKEY_tomcat_start_opts_default=""
+@@ -670,7 +669,6 @@ OCF_RESKEY_logging_manager_default=""
+ : ${OCF_RESKEY_max_stop_time=${OCF_RESKEY_max_stop_time_default}}
+ : ${OCF_RESKEY_java_home=${OCF_RESKEY_java_home_default}}
+ : ${OCF_RESKEY_java_opts=${OCF_RESKEY_java_opts_default}}
+-: ${OCF_RESKEY_catalina_out=${OCF_RESKEY_catalina_out_default}}
+ : ${OCF_RESKEY_catalina_pid=${OCF_RESKEY_catalina_pid_default}}
+ : ${OCF_RESKEY_tomcat_start_script=${OCF_RESKEY_tomcat_start_script_default}}
+ : ${OCF_RESKEY_tomcat_start_opts=${OCF_RESKEY_tomcat_start_opts_default}}
+@@ -691,7 +689,9 @@ RESOURCE_STATUSURL="${OCF_RESKEY_statusurl}"
+ JAVA_HOME="${OCF_RESKEY_java_home}"
+ JAVA_OPTS="${OCF_RESKEY_java_opts}"
+ CATALINA_HOME="${OCF_RESKEY_catalina_home}"
+-CATALINA_BASE="${OCF_RESKEY_catalina_base-${OCF_RESKEY_catalina_home}}"
++CATALINA_BASE="${OCF_RESKEY_catalina_base:-${OCF_RESKEY_catalina_home}}"
++OCF_RESKEY_catalina_out_default="${OCF_RESKEY_catalina_base:-${OCF_RESKEY_catalina_home}}/logs/catalina.out"
++: ${OCF_RESKEY_catalina_out=${OCF_RESKEY_catalina_out_default}}
+ CATALINA_OUT="${OCF_RESKEY_catalina_out}"
+ 
+ CATALINA_PID=$OCF_RESKEY_catalina_pid

SOURCES/RHEL-91257-Filesystem-add-support-for-aznfs.patch

@@ -0,0 +1,171 @@
+From 3bffa541f7bf66e143f14e51551fc91dfebec86c Mon Sep 17 00:00:00 2001
+From: Tobias Schug <happytobi@tscoding.de>
+Date: Mon, 28 Oct 2024 09:14:41 +0100
+Subject: [PATCH] Add azure aznfs filesystem support
+
+---
+ heartbeat/Filesystem | 37 ++++++++++++++++++++-----------------
+ 1 file changed, 20 insertions(+), 17 deletions(-)
+
+diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem
+index 3405e2c26..b48bee142 100755
+--- a/heartbeat/Filesystem
++++ b/heartbeat/Filesystem
+@@ -2,7 +2,7 @@
+ #
+ # Support:      users@clusterlabs.org
+ # License:      GNU General Public License (GPL)
+-# 
++#
+ # Filesystem
+ #      Description: Manages a Filesystem on a shared storage medium.
+ #  Original Author: Eric Z. Ayers (eric.ayers@compgen.com)
+@@ -142,7 +142,7 @@ meta_data() {
+ 
+ <longdesc lang="en">
+ Resource script for Filesystem. It manages a Filesystem on a
+-shared storage medium. 
++shared storage medium.
+ 
+ The standard monitor operation of depth 0 (also known as probe)
+ checks if the filesystem is mounted. If you want deeper tests,
+@@ -260,7 +260,7 @@ currently accessing the mount directory.
+ "true"  : Kill processes accessing mount point
+ "safe"  : Kill processes accessing mount point using methods that
+           avoid functions that could potentially block during process
+-          detection 
++          detection
+ "false" : Do not kill any processes.
+ 
+ The 'safe' option uses shell logic to walk the /procs/ directory
+@@ -373,7 +373,7 @@ determine_blockdevice() {
+ 	# Get the current real device name, if possible.
+ 	# (specified devname could be -L or -U...)
+ 	case "$FSTYPE" in
+-	nfs4|nfs|efs|smbfs|cifs|glusterfs|ceph|tmpfs|overlay|overlayfs|rozofs|zfs|cvfs|none|lustre)
++	nfs4|nfs|aznfs|efs|smbfs|cifs|glusterfs|ceph|tmpfs|overlay|overlayfs|rozofs|zfs|cvfs|none|lustre)
+ 		: ;;
+ 	*)
+ 		match_string="${TAB}${CANONICALIZED_MOUNTPOINT}${TAB}"
+@@ -455,7 +455,7 @@ is_fsck_needed() {
+ 		no)    false;;
+ 		""|auto)
+ 		case "$FSTYPE" in
+-			ext4|ext4dev|ext3|reiserfs|reiser4|nss|xfs|jfs|vfat|fat|nfs4|nfs|efs|cifs|smbfs|ocfs2|gfs2|none|lustre|glusterfs|ceph|tmpfs|overlay|overlayfs|rozofs|zfs|cvfs)
++			ext4|ext4dev|ext3|reiserfs|reiser4|nss|xfs|jfs|vfat|fat|nfs4|nfs|aznfs|efs|cifs|smbfs|ocfs2|gfs2|none|lustre|glusterfs|ceph|tmpfs|overlay|overlayfs|rozofs|zfs|cvfs)
+ 			false;;
+ 			*)
+ 			true;;
+@@ -478,7 +478,7 @@ fstype_supported()
+ 	fi
+ 
+ 	if [ -z "$FSTYPE" -o "$FSTYPE" = none ]; then
+-		: No FSTYPE specified, rely on the system has the right file-system support already 
++		: No FSTYPE specified, rely on the system has the right file-system support already
+ 		return $OCF_SUCCESS
+ 	fi
+ 
+@@ -487,6 +487,7 @@ fstype_supported()
+ 	case "$FSTYPE" in
+ 		fuse.*|glusterfs|rozofs) support="fuse";;
+ 		efs) check_binary "mount.efs"; support="nfs4";;
++		aznfs) check_binary "mount.aznfs"; support="nfs4";;
+ 	esac
+ 
+ 	if [ "$support" != "$FSTYPE" ]; then
+@@ -530,7 +531,7 @@ fstype_supported()
+ # node on the shared storage, and is not visible yet. Then try
+ # partprobe to refresh /dev/disk/by-{label,uuid}/* up to date.
+ #
+-# DEVICE can be /dev/xxx, -U, -L 
++# DEVICE can be /dev/xxx, -U, -L
+ #
+ trigger_udev_rules_if_needed()
+ {
+@@ -545,12 +546,12 @@ trigger_udev_rules_if_needed()
+ 		fi
+ 	else
+ 		tmp="$(echo $DEVICE|awk '{$1=""; print substr($0,2)}')"
+-		case "$DEVICE" in 
+-		-U*|--uuid*) 
+-			tmp="/dev/disk/by-uuid/$tmp" 
++		case "$DEVICE" in
++		-U*|--uuid*)
++			tmp="/dev/disk/by-uuid/$tmp"
+ 			;;
+ 		-L*|--label*)
+-			tmp="/dev/disk/by-label/$tmp" 
++			tmp="/dev/disk/by-label/$tmp"
+ 			;;
+ 		*)
+ 			# bind mount?
+@@ -595,7 +596,7 @@ Filesystem_start()
+ 
+ 	fstype_supported || exit $OCF_ERR_INSTALLED
+ 
+-	# Check the filesystem & auto repair.  
++	# Check the filesystem & auto repair.
+ 	# NOTE: Some filesystem types don't need this step...  Please modify
+ 	#       accordingly
+ 
+@@ -697,7 +698,7 @@ signal_processes() {
+ 	local sig=$2
+ 	local pids pid
+ 	# fuser returns a non-zero return code if none of the
+-	# specified files is accessed or in case of a fatal 
++	# specified files is accessed or in case of a fatal
+ 	# error.
+ 	pids=$(get_pids "$dir")
+ 	if [ -z "$pids" ]; then
+@@ -745,6 +746,7 @@ fs_stop_loop() {
+ 		try_umount "$force_arg" "$SUB" && return $OCF_SUCCESS
+ 	done
+ }
++
+ fs_stop() {
+ 	local SUB="$1" timeout=$2 grace_time ret
+ 	grace_time=$((timeout/2))
+@@ -797,7 +799,7 @@ Filesystem_stop()
+ 
+ 		# For networked filesystems, there's merit in trying -f:
+ 		case "$FSTYPE" in
+-		nfs4|nfs|efs|cifs|smbfs) umount_force="-f" ;;
++		nfs4|nfs|aznfs|efs|cifs|smbfs) umount_force="-f" ;;
+ 		esac
+ 
+ 		# Umount all sub-filesystems mounted under $MOUNTPOINT/ too.
+@@ -942,6 +944,7 @@ Filesystem_monitor_20()
+ 	fi
+ 	return $OCF_SUCCESS
+ }
++
+ Filesystem_monitor()
+ {
+ 	Filesystem_status
+@@ -1016,7 +1019,7 @@ set_blockdevice_var() {
+ 
+ 	# these are definitely not block devices
+ 	case "$FSTYPE" in
+-	nfs4|nfs|efs|smbfs|cifs|none|glusterfs|ceph|tmpfs|overlay|overlayfs|rozofs|zfs|cvfs|lustre) return;;
++	nfs4|nfs|aznfs|efs|smbfs|cifs|none|glusterfs|ceph|tmpfs|overlay|overlayfs|rozofs|zfs|cvfs|lustre) return;;
+ 	esac
+ 
+ 	if $(is_option "loop"); then
+@@ -1098,7 +1101,7 @@ set_blockdevice_var
+ if [ -z "$OCF_RESKEY_directory" ]; then
+ 	if [ X$OP = "Xstart" -o $blockdevice = "no" ]; then
+ 		ocf_exit_reason "Please specify the directory"
+-		exit $OCF_ERR_CONFIGURED 
++		exit $OCF_ERR_CONFIGURED
+ 	fi
+ else
+ 	MOUNTPOINT="$(echo "$OCF_RESKEY_directory" | sed 's/\/*$//')"
+@@ -1166,7 +1169,7 @@ is_option "ro" &&
+ 	CLUSTERSAFE=2
+ 
+ case "$FSTYPE" in
+-nfs4|nfs|efs|smbfs|cifs|none|gfs2|glusterfs|ceph|ocfs2|overlay|overlayfs|tmpfs|cvfs|lustre)
++nfs4|nfs|aznfs|efs|smbfs|cifs|none|gfs2|glusterfs|ceph|ocfs2|overlay|overlayfs|tmpfs|cvfs|lustre)
+ 	CLUSTERSAFE=1 # this is kind of safe too
+ 	systemd_drop_in "99-Filesystem-remote" "After" "remote-fs.target"
+ 	;;

SPECS/resource-agents.spec

@@ -73,7 +73,7 @@
 Name:		resource-agents
 Summary:	Open Source HA Reusable Cluster Resource Scripts
 Version:	4.9.0
-Release:	54%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.10
+Release:	54%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.13
 License:	GPLv2+ and LGPLv2+
 URL:		https://github.com/ClusterLabs/resource-agents
 %if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel}
@@ -168,6 +168,10 @@ Patch71:	RHEL-69297-2-Filesystem-update-bsd-logic.patch
 Patch72:	RHEL-72956-1-openstack-cinder-volume-wait-for-volume-to-be-available.patch
 Patch73:	RHEL-72956-2-openstack-cinder-volume-fix-detach-not-working-during-start-action.patch
 Patch74:	RHEL-79823-portblock-fix-version-detection.patch
+Patch75: 	RHEL-81960-1-aws-agents-reuse-imds-token-until-it-expires.patch
+Patch76: 	RHEL-81960-2-aws-agents-reuse-imds-token-improvements.patch
+Patch77: 	RHEL-85048-tomcat-fix-CATALINA_PID-not-set-and-parameter-defaults.patch
+Patch78:	RHEL-91257-Filesystem-add-support-for-aznfs.patch
 
 # bundle patches
 Patch1000:	7-gcp-bundled.patch
@@ -426,6 +430,10 @@ exit 1
 %patch -p1 -P 72
 %patch -p1 -P 73
 %patch -p1 -P 74
+%patch -p1 -P 75
+%patch -p1 -P 76
+%patch -p1 -P 77
+%patch -p1 -P 78 -F2
 
 chmod 755 heartbeat/nova-compute-wait
 chmod 755 heartbeat/NovaEvacuate
@@ -1015,6 +1023,22 @@ ccs_update_schema > /dev/null 2>&1 ||:
 %{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm
 
 %changelog
+* Wed May 14 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.13
+- Filesystem: add support for aznfs
+
+  Resolves: RHEL-91257
+
+* Fri Mar 28 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.12
+- tomcat: fix CATALINA_PID not set, and catalina_base and catalina_out
+  parameter defaults
+
+  Resolves: RHEL-85048
+
+* Tue Mar  4 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.11
+- AWS agents: reuse IMDS token until it expires
+
+  Resolves: RHEL-81960
+
 * Thu Feb 20 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.10
 - portblock: fix iptables version detection