Compare commits
No commits in common. "c8" and "c8-beta" have entirely different histories.
SOURCES
7-gcp-bundled.patchRHEL-32828-db2-fix-OCF_SUCESS-typo.patchRHEL-34137-aws-agents-use-curl_retry.patchRHEL-44923-aliyun-gcp-fix-bundled-urllib3-CVE-2024-37891.patchRHEL-50360-setuptools-fix-CVE-2024-6345.patchRHEL-61138-nfsserver-also-stop-rpc-statd-for-nfsv4_only.patchRHEL-69297-1-Filesystem-dont-kill-unrelated-processes.patchRHEL-69297-2-Filesystem-update-bsd-logic.patchRHEL-72956-1-openstack-cinder-volume-wait-for-volume-to-be-available.patchRHEL-72956-2-openstack-cinder-volume-fix-detach-not-working-during-start-action.patchRHEL-79823-portblock-fix-version-detection.patch
SPECS
@ -1,17 +1,6 @@
|
||||
diff --color -uNr a/heartbeat/gcp-pd-move.in b/heartbeat/gcp-pd-move.in
|
||||
--- a/heartbeat/gcp-pd-move.in 2024-07-22 10:59:42.170483160 +0200
|
||||
+++ b/heartbeat/gcp-pd-move.in 2024-07-22 11:01:51.455543850 +0200
|
||||
@@ -32,6 +32,7 @@
|
||||
from ocf import logger
|
||||
|
||||
try:
|
||||
+ sys.path.insert(0, '/usr/lib/resource-agents/bundled/gcp')
|
||||
import googleapiclient.discovery
|
||||
except ImportError:
|
||||
pass
|
||||
diff --color -uNr a/heartbeat/gcp-vpc-move-ip.in b/heartbeat/gcp-vpc-move-ip.in
|
||||
--- a/heartbeat/gcp-vpc-move-ip.in 2024-07-22 10:59:42.170483160 +0200
|
||||
+++ b/heartbeat/gcp-vpc-move-ip.in 2024-07-22 11:01:18.010752081 +0200
|
||||
--- a/heartbeat/gcp-vpc-move-ip.in 2022-06-16 09:45:21.419090782 +0200
|
||||
+++ b/heartbeat/gcp-vpc-move-ip.in 2022-06-16 10:11:22.978648598 +0200
|
||||
@@ -36,7 +36,7 @@
|
||||
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
|
||||
|
||||
@ -22,8 +11,8 @@ diff --color -uNr a/heartbeat/gcp-vpc-move-ip.in b/heartbeat/gcp-vpc-move-ip.in
|
||||
OCF_RESKEY_vpc_network_default="default"
|
||||
OCF_RESKEY_interface_default="eth0"
|
||||
diff --color -uNr a/heartbeat/gcp-vpc-move-route.in b/heartbeat/gcp-vpc-move-route.in
|
||||
--- a/heartbeat/gcp-vpc-move-route.in 2024-07-22 10:59:42.170483160 +0200
|
||||
+++ b/heartbeat/gcp-vpc-move-route.in 2024-07-22 11:01:18.011752105 +0200
|
||||
--- a/heartbeat/gcp-vpc-move-route.in 2022-06-16 09:45:21.420090788 +0200
|
||||
+++ b/heartbeat/gcp-vpc-move-route.in 2022-06-16 10:11:22.978648598 +0200
|
||||
@@ -45,6 +45,7 @@
|
||||
from ocf import *
|
||||
|
||||
@ -33,8 +22,8 @@ diff --color -uNr a/heartbeat/gcp-vpc-move-route.in b/heartbeat/gcp-vpc-move-rou
|
||||
import pyroute2
|
||||
try:
|
||||
diff --color -uNr a/heartbeat/gcp-vpc-move-vip.in b/heartbeat/gcp-vpc-move-vip.in
|
||||
--- a/heartbeat/gcp-vpc-move-vip.in 2024-07-22 10:59:42.170483160 +0200
|
||||
+++ b/heartbeat/gcp-vpc-move-vip.in 2024-07-22 11:01:18.012752128 +0200
|
||||
--- a/heartbeat/gcp-vpc-move-vip.in 2022-06-16 09:45:21.420090788 +0200
|
||||
+++ b/heartbeat/gcp-vpc-move-vip.in 2022-06-16 10:11:22.979648603 +0200
|
||||
@@ -29,6 +29,7 @@
|
||||
from ocf import *
|
||||
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
From a9c4aeb971e9f4963345d0e215b729def62dd27c Mon Sep 17 00:00:00 2001
|
||||
From: pepadelic <162310096+pepadelic@users.noreply.github.com>
|
||||
Date: Mon, 15 Apr 2024 13:52:54 +0200
|
||||
Subject: [PATCH] Update db2: fix OCF_SUCESS name in db2_notify
|
||||
|
||||
fix OCF_SUCESS to OCF_SUCCESS in db2_notify
|
||||
---
|
||||
heartbeat/db2 | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/heartbeat/db2 b/heartbeat/db2
|
||||
index 95447ab6cb..1cd66f15af 100755
|
||||
--- a/heartbeat/db2
|
||||
+++ b/heartbeat/db2
|
||||
@@ -848,7 +848,7 @@ db2_notify() {
|
||||
|
||||
# only interested in pre-start
|
||||
[ $OCF_RESKEY_CRM_meta_notify_type = pre \
|
||||
- -a $OCF_RESKEY_CRM_meta_notify_operation = start ] || return $OCF_SUCESS
|
||||
+ -a $OCF_RESKEY_CRM_meta_notify_operation = start ] || return $OCF_SUCCESS
|
||||
|
||||
# gets FIRST_ACTIVE_LOG
|
||||
db2_get_cfg $dblist || return $?
|
||||
@ -1,343 +0,0 @@
|
||||
From fc0657b936f6a58f741e33f851b22f82bc68bffa Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Tue, 6 Feb 2024 13:28:12 +0100
|
||||
Subject: [PATCH 1/2] ocf-shellfuncs: add curl_retry()
|
||||
|
||||
---
|
||||
heartbeat/ocf-shellfuncs.in | 34 ++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 34 insertions(+)
|
||||
|
||||
diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in
|
||||
index c5edb6f57..a69a9743d 100644
|
||||
--- a/heartbeat/ocf-shellfuncs.in
|
||||
+++ b/heartbeat/ocf-shellfuncs.in
|
||||
@@ -672,6 +672,40 @@ EOF
|
||||
systemctl daemon-reload
|
||||
}
|
||||
|
||||
+# usage: curl_retry RETRIES SLEEP ARGS URL
|
||||
+#
|
||||
+# Use --show-error in ARGS to log HTTP error code
|
||||
+#
|
||||
+# returns:
|
||||
+# 0 success
|
||||
+# exit:
|
||||
+# 1 fail
|
||||
+curl_retry()
|
||||
+{
|
||||
+ local retries=$1 sleep=$2 opts=$3 url=$4
|
||||
+ local tries=$(($retries + 1))
|
||||
+ local args="--fail $opts $url"
|
||||
+ local result rc
|
||||
+
|
||||
+ for try in $(seq $tries); do
|
||||
+ ocf_log debug "curl $args try $try of $tries"
|
||||
+ result=$(echo "$args" | xargs curl 2>&1)
|
||||
+ rc=$?
|
||||
+
|
||||
+ ocf_log debug "result: $result"
|
||||
+ [ $rc -eq 0 ] && break
|
||||
+ sleep $sleep
|
||||
+ done
|
||||
+
|
||||
+ if [ $rc -ne 0 ]; then
|
||||
+ ocf_exit_reason "curl $args failed $tries tries"
|
||||
+ exit $OCF_ERR_GENERIC
|
||||
+ fi
|
||||
+
|
||||
+ echo "$result"
|
||||
+ return $rc
|
||||
+}
|
||||
+
|
||||
# usage: crm_mon_no_validation args...
|
||||
# run crm_mon without any cib schema validation
|
||||
# This is useful when an agent runs in a bundle to avoid potential
|
||||
|
||||
From 80d330557319bdae9e45aad1279e435fc481d4e7 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Tue, 6 Feb 2024 13:28:25 +0100
|
||||
Subject: [PATCH 2/2] AWS agents: use curl_retry()
|
||||
|
||||
---
|
||||
heartbeat/aws-vpc-move-ip | 35 ++++++++++++++++++++++++++---------
|
||||
heartbeat/aws-vpc-route53.in | 27 +++++++++++++++++++++++++--
|
||||
heartbeat/awseip | 36 +++++++++++++++++++++++++++++++-----
|
||||
heartbeat/awsvip | 32 ++++++++++++++++++++++++++++----
|
||||
4 files changed, 110 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
|
||||
index 54806f6ea..6115e5ba8 100755
|
||||
--- a/heartbeat/aws-vpc-move-ip
|
||||
+++ b/heartbeat/aws-vpc-move-ip
|
||||
@@ -47,6 +47,8 @@ OCF_RESKEY_interface_default="eth0"
|
||||
OCF_RESKEY_iflabel_default=""
|
||||
OCF_RESKEY_monapi_default="false"
|
||||
OCF_RESKEY_lookup_type_default="InstanceId"
|
||||
+OCF_RESKEY_curl_retries_default="3"
|
||||
+OCF_RESKEY_curl_sleep_default="1"
|
||||
|
||||
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
|
||||
: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
|
||||
@@ -60,6 +62,8 @@ OCF_RESKEY_lookup_type_default="InstanceId"
|
||||
: ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}}
|
||||
: ${OCF_RESKEY_monapi=${OCF_RESKEY_monapi_default}}
|
||||
: ${OCF_RESKEY_lookup_type=${OCF_RESKEY_lookup_type_default}}
|
||||
+: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
|
||||
+: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
|
||||
#######################################################################
|
||||
|
||||
|
||||
@@ -194,6 +198,22 @@ Name of resource type to lookup in route table.
|
||||
<content type="string" default="${OCF_RESKEY_lookup_type_default}" />
|
||||
</parameter>
|
||||
|
||||
+<parameter name="curl_retries" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl retries before failing
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl retries</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_retries_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
+<parameter name="curl_sleep" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl sleep between tries
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl sleep</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_sleep_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
</parameters>
|
||||
|
||||
<actions>
|
||||
@@ -250,8 +270,10 @@ ec2ip_validate() {
|
||||
fi
|
||||
fi
|
||||
|
||||
- TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||
- EC2_INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
+ TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
|
||||
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+ EC2_INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
|
||||
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
|
||||
if [ -z "${EC2_INSTANCE_ID}" ]; then
|
||||
ocf_exit_reason "Instance ID not found. Is this a EC2 instance?"
|
||||
@@ -365,14 +387,9 @@ ec2ip_get_instance_eni() {
|
||||
fi
|
||||
ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}"
|
||||
|
||||
- cmd="curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id -H \"X-aws-ec2-metadata-token: $TOKEN\""
|
||||
- ocf_log debug "executing command: $cmd"
|
||||
+ cmd="curl_retry \"$OCF_RESKEY_curl_retries\" \"$OCF_RESKEY_curl_sleep\" \"--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'\" \"http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id\""
|
||||
EC2_NETWORK_INTERFACE_ID="$(eval $cmd)"
|
||||
- rc=$?
|
||||
- if [ $rc != 0 ]; then
|
||||
- ocf_log warn "command failed, rc: $rc"
|
||||
- return $OCF_ERR_GENERIC
|
||||
- fi
|
||||
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
ocf_log debug "network interface id associated MAC address ${MAC_ADDR}: ${EC2_NETWORK_INTERFACE_ID}"
|
||||
echo $EC2_NETWORK_INTERFACE_ID
|
||||
}
|
||||
diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in
|
||||
index 18ab157e8..eba2ed95c 100644
|
||||
--- a/heartbeat/aws-vpc-route53.in
|
||||
+++ b/heartbeat/aws-vpc-route53.in
|
||||
@@ -53,6 +53,8 @@ OCF_RESKEY_hostedzoneid_default=""
|
||||
OCF_RESKEY_fullname_default=""
|
||||
OCF_RESKEY_ip_default="local"
|
||||
OCF_RESKEY_ttl_default=10
|
||||
+OCF_RESKEY_curl_retries_default="3"
|
||||
+OCF_RESKEY_curl_sleep_default="1"
|
||||
|
||||
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
|
||||
: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
|
||||
@@ -62,6 +64,8 @@ OCF_RESKEY_ttl_default=10
|
||||
: ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}}
|
||||
: ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}}
|
||||
: ${OCF_RESKEY_ttl:=${OCF_RESKEY_ttl_default}}
|
||||
+: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
|
||||
+: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
|
||||
|
||||
usage() {
|
||||
cat <<-EOT
|
||||
@@ -185,6 +189,22 @@ Time to live for Route53 ARECORD
|
||||
<shortdesc lang="en">ARECORD TTL</shortdesc>
|
||||
<content type="string" default="${OCF_RESKEY_ttl_default}" />
|
||||
</parameter>
|
||||
+
|
||||
+<parameter name="curl_retries" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl retries before failing
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl retries</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_retries_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
+<parameter name="curl_sleep" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl sleep between tries
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl sleep</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_sleep_default}" />
|
||||
+</parameter>
|
||||
</parameters>
|
||||
|
||||
<actions>
|
||||
@@ -357,8 +377,11 @@ r53_monitor() {
|
||||
_get_ip() {
|
||||
case $OCF_RESKEY_ip in
|
||||
local|public)
|
||||
- TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||
- IPADDRESS=$(curl -s http://169.254.169.254/latest/meta-data/${OCF_RESKEY_ip}-ipv4 -H "X-aws-ec2-metadata-token: $TOKEN");;
|
||||
+ TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
|
||||
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+ IPADDRESS=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/${OCF_RESKEY_ip}-ipv4")
|
||||
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+ ;;
|
||||
*.*.*.*)
|
||||
IPADDRESS="${OCF_RESKEY_ip}";;
|
||||
esac
|
||||
diff --git a/heartbeat/awseip b/heartbeat/awseip
|
||||
index 49b0ca615..ffb6223a1 100755
|
||||
--- a/heartbeat/awseip
|
||||
+++ b/heartbeat/awseip
|
||||
@@ -49,12 +49,16 @@ OCF_RESKEY_auth_type_default="key"
|
||||
OCF_RESKEY_profile_default="default"
|
||||
OCF_RESKEY_region_default=""
|
||||
OCF_RESKEY_api_delay_default="3"
|
||||
+OCF_RESKEY_curl_retries_default="3"
|
||||
+OCF_RESKEY_curl_sleep_default="1"
|
||||
|
||||
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
|
||||
: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
|
||||
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
|
||||
: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
|
||||
: ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
|
||||
+: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
|
||||
+: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
|
||||
|
||||
meta_data() {
|
||||
cat <<END
|
||||
@@ -141,6 +145,22 @@ a short delay between API calls, to avoid sending API too quick
|
||||
<content type="integer" default="${OCF_RESKEY_api_delay_default}" />
|
||||
</parameter>
|
||||
|
||||
+<parameter name="curl_retries" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl retries before failing
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl retries</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_retries_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
+<parameter name="curl_sleep" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl sleep between tries
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl sleep</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_sleep_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
</parameters>
|
||||
|
||||
<actions>
|
||||
@@ -171,14 +191,18 @@ awseip_start() {
|
||||
awseip_monitor && return $OCF_SUCCESS
|
||||
|
||||
if [ -n "${PRIVATE_IP_ADDRESS}" ]; then
|
||||
- NETWORK_INTERFACES_MACS=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/ -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
+ NETWORK_INTERFACES_MACS=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "-s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/network/interfaces/macs/")
|
||||
for MAC in ${NETWORK_INTERFACES_MACS}; do
|
||||
- curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/local-ipv4s -H "X-aws-ec2-metadata-token: $TOKEN" |
|
||||
+ curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "-s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC%/*}/local-ipv4s" |
|
||||
grep -q "^${PRIVATE_IP_ADDRESS}$"
|
||||
if [ $? -eq 0 ]; then
|
||||
- NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
+ NETWORK_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "-s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC%/*}/interface-id")
|
||||
fi
|
||||
done
|
||||
+ if [ -z "$NETWORK_ID" ]; then
|
||||
+ ocf_exit_reason "Could not find network interface for private_ip_address: $PRIVATE_IP_ADDRESS"
|
||||
+ exit $OCF_ERR_GENERIC
|
||||
+ fi
|
||||
$AWSCLI_CMD ec2 associate-address \
|
||||
--network-interface-id ${NETWORK_ID} \
|
||||
--allocation-id ${ALLOCATION_ID} \
|
||||
@@ -282,8 +306,10 @@ fi
|
||||
ELASTIC_IP="${OCF_RESKEY_elastic_ip}"
|
||||
ALLOCATION_ID="${OCF_RESKEY_allocation_id}"
|
||||
PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}"
|
||||
-TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||
-INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
+TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
|
||||
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
|
||||
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
|
||||
case $__OCF_ACTION in
|
||||
start)
|
||||
diff --git a/heartbeat/awsvip b/heartbeat/awsvip
|
||||
index bdb4d68dd..f2b238a0f 100755
|
||||
--- a/heartbeat/awsvip
|
||||
+++ b/heartbeat/awsvip
|
||||
@@ -48,12 +48,16 @@ OCF_RESKEY_auth_type_default="key"
|
||||
OCF_RESKEY_profile_default="default"
|
||||
OCF_RESKEY_region_default=""
|
||||
OCF_RESKEY_api_delay_default="3"
|
||||
+OCF_RESKEY_curl_retries_default="3"
|
||||
+OCF_RESKEY_curl_sleep_default="1"
|
||||
|
||||
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
|
||||
: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
|
||||
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
|
||||
: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
|
||||
: ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
|
||||
+: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
|
||||
+: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
|
||||
|
||||
meta_data() {
|
||||
cat <<END
|
||||
@@ -124,6 +128,22 @@ a short delay between API calls, to avoid sending API too quick
|
||||
<content type="integer" default="${OCF_RESKEY_api_delay_default}" />
|
||||
</parameter>
|
||||
|
||||
+<parameter name="curl_retries" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl retries before failing
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl retries</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_retries_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
+<parameter name="curl_sleep" unique="0">
|
||||
+<longdesc lang="en">
|
||||
+curl sleep between tries
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">curl sleep</shortdesc>
|
||||
+<content type="integer" default="${OCF_RESKEY_curl_sleep_default}" />
|
||||
+</parameter>
|
||||
+
|
||||
</parameters>
|
||||
|
||||
<actions>
|
||||
@@ -246,10 +266,14 @@ if [ -n "${OCF_RESKEY_region}" ]; then
|
||||
AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
|
||||
fi
|
||||
SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}"
|
||||
-TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||
-INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
-MAC_ADDRESS=$(curl -s http://169.254.169.254/latest/meta-data/mac -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
-NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDRESS}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN")
|
||||
+TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
|
||||
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
|
||||
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+MAC_ADDRESS=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/mac")
|
||||
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
+NETWORK_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDRESS}/interface-id")
|
||||
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
|
||||
|
||||
case $__OCF_ACTION in
|
||||
start)
|
||||
@ -1,48 +0,0 @@
|
||||
From accff72ecc2f6cf5a76d9570198a93ac7c90270e Mon Sep 17 00:00:00 2001
|
||||
From: Quentin Pradet <quentin.pradet@gmail.com>
|
||||
Date: Mon, 17 Jun 2024 11:09:06 +0400
|
||||
Subject: [PATCH] Merge pull request from GHSA-34jh-p97f-mpxf
|
||||
|
||||
* Strip Proxy-Authorization header on redirects
|
||||
|
||||
* Fix test_retry_default_remove_headers_on_redirect
|
||||
|
||||
* Set release date
|
||||
---
|
||||
CHANGES.rst | 5 +++++
|
||||
src/urllib3/util/retry.py | 4 +++-
|
||||
test/test_retry.py | 6 ++++-
|
||||
test/with_dummyserver/test_poolmanager.py | 27 ++++++++++++++++++++---
|
||||
4 files changed, 37 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py b/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py
|
||||
index 7a76a4a6ad..0456cceba4 100644
|
||||
--- a/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py
|
||||
+++ b/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py
|
||||
@@ -189,7 +189,9 @@ class Retry:
|
||||
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
||||
|
||||
#: Default headers to be used for ``remove_headers_on_redirect``
|
||||
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
||||
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
|
||||
+ ["Cookie", "Authorization", "Proxy-Authorization"]
|
||||
+ )
|
||||
|
||||
#: Default maximum backoff time.
|
||||
DEFAULT_BACKOFF_MAX = 120
|
||||
|
||||
diff --git a/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py b/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py
|
||||
index 7a76a4a6ad..0456cceba4 100644
|
||||
--- a/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py
|
||||
+++ b/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py
|
||||
@@ -189,7 +189,9 @@ class Retry:
|
||||
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
||||
|
||||
#: Default headers to be used for ``remove_headers_on_redirect``
|
||||
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
||||
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
|
||||
+ ["Cookie", "Authorization", "Proxy-Authorization"]
|
||||
+ )
|
||||
|
||||
#: Default maximum backoff time.
|
||||
DEFAULT_BACKOFF_MAX = 120
|
||||
@ -1,201 +0,0 @@
|
||||
--- a/setuptools/package_index.py 1980-01-01 09:00:00.000000000 +0100
|
||||
+++ b/setuptools/package_index.py 2024-07-25 10:11:40.537307665 +0200
|
||||
@@ -1,5 +1,6 @@
|
||||
"""PyPI and direct package downloading"""
|
||||
import sys
|
||||
+import subprocess
|
||||
import os
|
||||
import re
|
||||
import shutil
|
||||
@@ -563,7 +564,7 @@
|
||||
scheme = URL_SCHEME(spec)
|
||||
if scheme:
|
||||
# It's a url, download it to tmpdir
|
||||
- found = self._download_url(scheme.group(1), spec, tmpdir)
|
||||
+ found = self._download_url(spec, tmpdir)
|
||||
base, fragment = egg_info_for_url(spec)
|
||||
if base.endswith('.py'):
|
||||
found = self.gen_setup(found, fragment, tmpdir)
|
||||
@@ -775,7 +776,7 @@
|
||||
raise DistutilsError("Download error for %s: %s"
|
||||
% (url, v))
|
||||
|
||||
- def _download_url(self, scheme, url, tmpdir):
|
||||
+ def _download_url(self, url, tmpdir):
|
||||
# Determine download filename
|
||||
#
|
||||
name, fragment = egg_info_for_url(url)
|
||||
@@ -790,19 +791,59 @@
|
||||
|
||||
filename = os.path.join(tmpdir, name)
|
||||
|
||||
- # Download the file
|
||||
- #
|
||||
- if scheme == 'svn' or scheme.startswith('svn+'):
|
||||
- return self._download_svn(url, filename)
|
||||
- elif scheme == 'git' or scheme.startswith('git+'):
|
||||
- return self._download_git(url, filename)
|
||||
- elif scheme.startswith('hg+'):
|
||||
- return self._download_hg(url, filename)
|
||||
- elif scheme == 'file':
|
||||
- return urllib.request.url2pathname(urllib.parse.urlparse(url)[2])
|
||||
- else:
|
||||
- self.url_ok(url, True) # raises error if not allowed
|
||||
- return self._attempt_download(url, filename)
|
||||
+ return self._download_vcs(url, filename) or self._download_other(url, filename)
|
||||
+
|
||||
+ @staticmethod
|
||||
+ def _resolve_vcs(url):
|
||||
+ """
|
||||
+ >>> rvcs = PackageIndex._resolve_vcs
|
||||
+ >>> rvcs('git+http://foo/bar')
|
||||
+ 'git'
|
||||
+ >>> rvcs('hg+https://foo/bar')
|
||||
+ 'hg'
|
||||
+ >>> rvcs('git:myhost')
|
||||
+ 'git'
|
||||
+ >>> rvcs('hg:myhost')
|
||||
+ >>> rvcs('http://foo/bar')
|
||||
+ """
|
||||
+ scheme = urllib.parse.urlsplit(url).scheme
|
||||
+ pre, sep, post = scheme.partition('+')
|
||||
+ # svn and git have their own protocol; hg does not
|
||||
+ allowed = set(['svn', 'git'] + ['hg'] * bool(sep))
|
||||
+ return next(iter({pre} & allowed), None)
|
||||
+
|
||||
+ def _download_vcs(self, url, spec_filename):
|
||||
+ vcs = self._resolve_vcs(url)
|
||||
+ if not vcs:
|
||||
+ return
|
||||
+ if vcs == 'svn':
|
||||
+ raise DistutilsError(
|
||||
+ f"Invalid config, SVN download is not supported: {url}"
|
||||
+ )
|
||||
+
|
||||
+ filename, _, _ = spec_filename.partition('#')
|
||||
+ url, rev = self._vcs_split_rev_from_url(url)
|
||||
+
|
||||
+ self.info(f"Doing {vcs} clone from {url} to {filename}")
|
||||
+ subprocess.check_call([vcs, 'clone', '--quiet', url, filename])
|
||||
+
|
||||
+ co_commands = dict(
|
||||
+ git=[vcs, '-C', filename, 'checkout', '--quiet', rev],
|
||||
+ hg=[vcs, '--cwd', filename, 'up', '-C', '-r', rev, '-q'],
|
||||
+ )
|
||||
+ if rev is not None:
|
||||
+ self.info(f"Checking out {rev}")
|
||||
+ subprocess.check_call(co_commands[vcs])
|
||||
+
|
||||
+ return filename
|
||||
+
|
||||
+ def _download_other(self, url, filename):
|
||||
+ scheme = urllib.parse.urlsplit(url).scheme
|
||||
+ if scheme == 'file': # pragma: no cover
|
||||
+ return urllib.request.url2pathname(urllib.parse.urlparse(url).path)
|
||||
+ # raise error if not allowed
|
||||
+ self.url_ok(url, True)
|
||||
+ return self._attempt_download(url, filename)
|
||||
|
||||
def scan_url(self, url):
|
||||
self.process_url(url, True)
|
||||
@@ -829,76 +870,37 @@
|
||||
os.unlink(filename)
|
||||
raise DistutilsError("Unexpected HTML page found at " + url)
|
||||
|
||||
- def _download_svn(self, url, filename):
|
||||
- url = url.split('#', 1)[0] # remove any fragment for svn's sake
|
||||
- creds = ''
|
||||
- if url.lower().startswith('svn:') and '@' in url:
|
||||
- scheme, netloc, path, p, q, f = urllib.parse.urlparse(url)
|
||||
- if not netloc and path.startswith('//') and '/' in path[2:]:
|
||||
- netloc, path = path[2:].split('/', 1)
|
||||
- auth, host = splituser(netloc)
|
||||
- if auth:
|
||||
- if ':' in auth:
|
||||
- user, pw = auth.split(':', 1)
|
||||
- creds = " --username=%s --password=%s" % (user, pw)
|
||||
- else:
|
||||
- creds = " --username=" + auth
|
||||
- netloc = host
|
||||
- parts = scheme, netloc, url, p, q, f
|
||||
- url = urllib.parse.urlunparse(parts)
|
||||
- self.info("Doing subversion checkout from %s to %s", url, filename)
|
||||
- os.system("svn checkout%s -q %s %s" % (creds, url, filename))
|
||||
- return filename
|
||||
-
|
||||
@staticmethod
|
||||
- def _vcs_split_rev_from_url(url, pop_prefix=False):
|
||||
- scheme, netloc, path, query, frag = urllib.parse.urlsplit(url)
|
||||
-
|
||||
- scheme = scheme.split('+', 1)[-1]
|
||||
-
|
||||
- # Some fragment identification fails
|
||||
- path = path.split('#', 1)[0]
|
||||
-
|
||||
- rev = None
|
||||
- if '@' in path:
|
||||
- path, rev = path.rsplit('@', 1)
|
||||
-
|
||||
- # Also, discard fragment
|
||||
- url = urllib.parse.urlunsplit((scheme, netloc, path, query, ''))
|
||||
-
|
||||
- return url, rev
|
||||
-
|
||||
- def _download_git(self, url, filename):
|
||||
- filename = filename.split('#', 1)[0]
|
||||
- url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True)
|
||||
-
|
||||
- self.info("Doing git clone from %s to %s", url, filename)
|
||||
- os.system("git clone --quiet %s %s" % (url, filename))
|
||||
+ def _vcs_split_rev_from_url(url):
|
||||
+ """
|
||||
+ Given a possible VCS URL, return a clean URL and resolved revision if any.
|
||||
|
||||
- if rev is not None:
|
||||
- self.info("Checking out %s", rev)
|
||||
- os.system("(cd %s && git checkout --quiet %s)" % (
|
||||
- filename,
|
||||
- rev,
|
||||
- ))
|
||||
+ >>> vsrfu = PackageIndex._vcs_split_rev_from_url
|
||||
+ >>> vsrfu('git+https://github.com/pypa/setuptools@v69.0.0#egg-info=setuptools')
|
||||
+ ('https://github.com/pypa/setuptools', 'v69.0.0')
|
||||
+ >>> vsrfu('git+https://github.com/pypa/setuptools#egg-info=setuptools')
|
||||
+ ('https://github.com/pypa/setuptools', None)
|
||||
+ >>> vsrfu('http://foo/bar')
|
||||
+ ('http://foo/bar', None)
|
||||
+ """
|
||||
+ parts = urllib.parse.urlsplit(url)
|
||||
|
||||
- return filename
|
||||
+ clean_scheme = parts.scheme.split('+', 1)[-1]
|
||||
|
||||
- def _download_hg(self, url, filename):
|
||||
- filename = filename.split('#', 1)[0]
|
||||
- url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True)
|
||||
+ # Some fragment identification fails
|
||||
+ no_fragment_path, _, _ = parts.path.partition('#')
|
||||
|
||||
- self.info("Doing hg clone from %s to %s", url, filename)
|
||||
- os.system("hg clone --quiet %s %s" % (url, filename))
|
||||
+ pre, sep, post = no_fragment_path.rpartition('@')
|
||||
+ clean_path, rev = (pre, post) if sep else (post, None)
|
||||
|
||||
- if rev is not None:
|
||||
- self.info("Updating to %s", rev)
|
||||
- os.system("(cd %s && hg up -C -r %s >&-)" % (
|
||||
- filename,
|
||||
- rev,
|
||||
- ))
|
||||
+ resolved = parts._replace(
|
||||
+ scheme=clean_scheme,
|
||||
+ path=clean_path,
|
||||
+ # discard the fragment
|
||||
+ fragment='',
|
||||
+ ).geturl()
|
||||
|
||||
- return filename
|
||||
+ return resolved, rev
|
||||
|
||||
def debug(self, msg, *args):
|
||||
log.debug(msg, *args)
|
||||
@ -1,38 +0,0 @@
|
||||
From 38eaf00bc81af7530c56eba282918762a47a9326 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Thu, 19 Sep 2024 13:01:53 +0200
|
||||
Subject: [PATCH] nfsserver: also stop rpc-statd for nfsv4_only to avoid stop
|
||||
failing in some cases
|
||||
|
||||
E.g. nfs_no_notify=true nfsv4_only=true nfs_shared_infodir=/nfsmq/nfsinfo would cause a "Failed to unmount a bind mount" error
|
||||
---
|
||||
heartbeat/nfsserver | 16 +++++++---------
|
||||
1 file changed, 7 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/heartbeat/nfsserver b/heartbeat/nfsserver
|
||||
index 5793d7a70..fd9268afc 100755
|
||||
--- a/heartbeat/nfsserver
|
||||
+++ b/heartbeat/nfsserver
|
||||
@@ -947,15 +947,13 @@ nfsserver_stop ()
|
||||
sleep 1
|
||||
done
|
||||
|
||||
- if ! ocf_is_true "$OCF_RESKEY_nfsv4_only"; then
|
||||
- nfs_exec stop rpc-statd > /dev/null 2>&1
|
||||
- ocf_log info "Stop: rpc-statd"
|
||||
- rpcinfo -t localhost 100024 > /dev/null 2>&1
|
||||
- rc=$?
|
||||
- if [ "$rc" -eq "0" ]; then
|
||||
- ocf_exit_reason "Failed to stop rpc-statd"
|
||||
- return $OCF_ERR_GENERIC
|
||||
- fi
|
||||
+ nfs_exec stop rpc-statd > /dev/null 2>&1
|
||||
+ ocf_log info "Stop: rpc-statd"
|
||||
+ rpcinfo -t localhost 100024 > /dev/null 2>&1
|
||||
+ rc=$?
|
||||
+ if [ "$rc" -eq "0" ]; then
|
||||
+ ocf_exit_reason "Failed to stop rpc-statd"
|
||||
+ return $OCF_ERR_GENERIC
|
||||
fi
|
||||
|
||||
nfs_exec stop nfs-idmapd > /dev/null 2>&1
|
||||
@ -1,22 +0,0 @@
|
||||
From 4b09b3e467a7f8076bbf20f5b027efecf16303e7 Mon Sep 17 00:00:00 2001
|
||||
From: Gianluca Piccolo <gianluca.piccolo@wuerth-phoenix.com>
|
||||
Date: Thu, 6 Jun 2024 17:34:41 +0200
|
||||
Subject: [PATCH] Fix #1944
|
||||
|
||||
---
|
||||
heartbeat/Filesystem | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem
|
||||
index a445349b9..59b6c1b51 100755
|
||||
--- a/heartbeat/Filesystem
|
||||
+++ b/heartbeat/Filesystem
|
||||
@@ -664,7 +664,7 @@ get_pids()
|
||||
if [ "X${HOSTOS}" = "XOpenBSD" ];then
|
||||
fstat | grep $dir | awk '{print $3}'
|
||||
else
|
||||
- $FUSER -m $dir 2>/dev/null
|
||||
+ $FUSER -Mm $dir 2>/dev/null
|
||||
fi
|
||||
elif [ "$FORCE_UNMOUNT" = "safe" ]; then
|
||||
procs=$(find /proc/[0-9]*/ -type l -lname "${dir}/*" -or -lname "${dir}" 2>/dev/null | awk -F/ '{print $3}')
|
||||
@ -1,26 +0,0 @@
|
||||
From c9ba6ac66ee27a70c69e1156f17aa6beac277bc5 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Fri, 7 Jun 2024 14:23:28 +0200
|
||||
Subject: [PATCH] Filesystem: use fuser -c on FreeBSD, as -m and -M are used
|
||||
for other functionality
|
||||
|
||||
---
|
||||
heartbeat/Filesystem | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem
|
||||
index 59b6c1b51..88fe2e2eb 100755
|
||||
--- a/heartbeat/Filesystem
|
||||
+++ b/heartbeat/Filesystem
|
||||
@@ -661,8 +661,10 @@ get_pids()
|
||||
fi
|
||||
|
||||
if ocf_is_true "$FORCE_UNMOUNT"; then
|
||||
- if [ "X${HOSTOS}" = "XOpenBSD" ];then
|
||||
+ if [ "X${HOSTOS}" = "XOpenBSD" ]; then
|
||||
fstat | grep $dir | awk '{print $3}'
|
||||
+ elif [ "X${HOSTOS}" = "XFreeBSD" ]; then
|
||||
+ $FUSER -c $dir 2>/dev/null
|
||||
else
|
||||
$FUSER -Mm $dir 2>/dev/null
|
||||
fi
|
||||
@ -1,63 +0,0 @@
|
||||
From 71bc76dc4fa57726e80d0ddcc0bdcfe708af8763 Mon Sep 17 00:00:00 2001
|
||||
From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
|
||||
Date: Thu, 5 Dec 2024 11:02:40 +0100
|
||||
Subject: [PATCH] openstack-cinder-volume: wait for volume to be available
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
monitor the vol till it´s attached to the host and avoid a race between
|
||||
openstack APIs receiving the request and completing the operation.
|
||||
|
||||
Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
|
||||
---
|
||||
heartbeat/openstack-cinder-volume | 29 ++++++++++++++++++-----------
|
||||
1 file changed, 18 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/heartbeat/openstack-cinder-volume b/heartbeat/openstack-cinder-volume
|
||||
index 116442c41b..2b64d4d887 100755
|
||||
--- a/heartbeat/openstack-cinder-volume
|
||||
+++ b/heartbeat/openstack-cinder-volume
|
||||
@@ -141,17 +141,19 @@ osvol_monitor() {
|
||||
|
||||
node_id=$(_get_node_id)
|
||||
|
||||
- if [ "$__OCF_ACTION" = "monitor" ] && ocf_is_true $OCF_RESKEY_volume_local_check ; then
|
||||
- #
|
||||
- # Is the volue attached?
|
||||
- # We check the local devices
|
||||
- #
|
||||
- short_volume_id=$(echo $OCF_RESKEY_volume_id | awk '{print substr($0, 0, 20)}')
|
||||
- if lsblk /dev/disk/by-id/virtio-$short_volume_id 1>/dev/null 2>&1; then
|
||||
- return $OCF_SUCCESS
|
||||
- else
|
||||
- ocf_log warn "$OCF_RESKEY_volume_id is not attached to instance $node_id"
|
||||
- return $OCF_NOT_RUNNING
|
||||
+ if ocf_is_true $OCF_RESKEY_volume_local_check ; then
|
||||
+ if [ "$__OCF_ACTION" = "monitor" ] || [ "$__OCF_ACTION" = "start" ] ; then
|
||||
+ #
|
||||
+ # Is the volue attached?
|
||||
+ # We check the local devices
|
||||
+ #
|
||||
+ short_volume_id=$(echo $OCF_RESKEY_volume_id | awk '{print substr($0, 0, 20)}')
|
||||
+ if lsblk /dev/disk/by-id/virtio-$short_volume_id 1>/dev/null 2>&1; then
|
||||
+ return $OCF_SUCCESS
|
||||
+ else
|
||||
+ ocf_log warn "$OCF_RESKEY_volume_id is not attached to instance $node_id"
|
||||
+ return $OCF_NOT_RUNNING
|
||||
+ fi
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -247,6 +249,11 @@ osvol_start() {
|
||||
return $OCF_ERR_GENERIC
|
||||
fi
|
||||
|
||||
+ while ! osvol_monitor; do
|
||||
+ ocf_log info "Waiting for cinder volume $OCF_RESKEY_volume_id to appear on $node_id"
|
||||
+ sleep 1
|
||||
+ done
|
||||
+
|
||||
return $OCF_SUCCESS
|
||||
}
|
||||
|
||||
@ -1,44 +0,0 @@
|
||||
From d89b3fb29033c3a60eb0896033af5981c7b9f64a Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Fri, 10 Jan 2025 11:39:48 +0100
|
||||
Subject: [PATCH] openstack-cinder-volume: fix detach not working during
|
||||
start-action after #2000
|
||||
|
||||
---
|
||||
heartbeat/openstack-cinder-volume | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/heartbeat/openstack-cinder-volume b/heartbeat/openstack-cinder-volume
|
||||
index 2b64d4d88..5bb1acddd 100755
|
||||
--- a/heartbeat/openstack-cinder-volume
|
||||
+++ b/heartbeat/openstack-cinder-volume
|
||||
@@ -142,9 +142,9 @@ osvol_monitor() {
|
||||
node_id=$(_get_node_id)
|
||||
|
||||
if ocf_is_true $OCF_RESKEY_volume_local_check ; then
|
||||
- if [ "$__OCF_ACTION" = "monitor" ] || [ "$__OCF_ACTION" = "start" ] ; then
|
||||
+ if [ "$__OCF_ACTION" = "monitor" ] || [ "$1" = "quick" ]; then
|
||||
#
|
||||
- # Is the volue attached?
|
||||
+ # Is the volume attached?
|
||||
# We check the local devices
|
||||
#
|
||||
short_volume_id=$(echo $OCF_RESKEY_volume_id | awk '{print substr($0, 0, 20)}')
|
||||
@@ -158,7 +158,7 @@ osvol_monitor() {
|
||||
fi
|
||||
|
||||
#
|
||||
- # Is the volue attached?
|
||||
+ # Is the volume attached?
|
||||
# We use the API
|
||||
#
|
||||
result=$(run_openstackcli "volume show \
|
||||
@@ -249,7 +249,7 @@ osvol_start() {
|
||||
return $OCF_ERR_GENERIC
|
||||
fi
|
||||
|
||||
- while ! osvol_monitor; do
|
||||
+ while ! osvol_monitor quick; do
|
||||
ocf_log info "Waiting for cinder volume $OCF_RESKEY_volume_id to appear on $node_id"
|
||||
sleep 1
|
||||
done
|
||||
@ -1,448 +0,0 @@
|
||||
--- a/heartbeat/portblock 2025-02-20 14:54:18.047134471 +0100
|
||||
+++ b/heartbeat/portblock 2025-02-20 14:09:44.546869740 +0100
|
||||
@@ -25,6 +25,7 @@
|
||||
# Defaults
|
||||
OCF_RESKEY_protocol_default=""
|
||||
OCF_RESKEY_portno_default=""
|
||||
+OCF_RESKEY_direction_default="in"
|
||||
OCF_RESKEY_action_default=""
|
||||
OCF_RESKEY_ip_default="0.0.0.0/0"
|
||||
OCF_RESKEY_reset_local_on_unblock_stop_default="false"
|
||||
@@ -33,6 +34,7 @@
|
||||
|
||||
: ${OCF_RESKEY_protocol=${OCF_RESKEY_protocol_default}}
|
||||
: ${OCF_RESKEY_portno=${OCF_RESKEY_portno_default}}
|
||||
+: ${OCF_RESKEY_direction=${OCF_RESKEY_direction_default}}
|
||||
: ${OCF_RESKEY_action=${OCF_RESKEY_action_default}}
|
||||
: ${OCF_RESKEY_ip=${OCF_RESKEY_ip_default}}
|
||||
: ${OCF_RESKEY_reset_local_on_unblock_stop=${OCF_RESKEY_reset_local_on_unblock_stop_default}}
|
||||
@@ -217,6 +219,18 @@
|
||||
<shortdesc lang="en">Connection state file synchronization script</shortdesc>
|
||||
<content type="string" default="${OCF_RESKEY_sync_script_default}" />
|
||||
</parameter>
|
||||
+
|
||||
+<parameter name="direction" unique="0" required="0">
|
||||
+<longdesc lang="en">
|
||||
+Whether to block incoming or outgoing traffic. Can be either "in",
|
||||
+"out", or "both".
|
||||
+If "in" is used, the incoming ports are blocked on the INPUT chain.
|
||||
+If "out" is used, the outgoing ports are blocked on the OUTPUT chain.
|
||||
+If "both" is used, both the incoming and outgoing ports are blocked.
|
||||
+</longdesc>
|
||||
+<shortdesc lang="en">Whether to block incoming or outgoing traffic, or both</shortdesc>
|
||||
+<content type="string" default="${OCF_RESKEY_direction_default}" />
|
||||
+</parameter>
|
||||
</parameters>
|
||||
|
||||
<actions>
|
||||
@@ -240,36 +254,73 @@
|
||||
# and disable us -- but we're still in some sense active...
|
||||
#
|
||||
|
||||
-#active_grep_pat {udp|tcp} portno,portno
|
||||
+#active_grep_pat {udp|tcp} portno,portno ip {d|s}
|
||||
+# d = look for destination ports
|
||||
+# s = look for source ports
|
||||
active_grep_pat()
|
||||
{
|
||||
w="[ ][ ]*"
|
||||
any="0\\.0\\.0\\.0/0"
|
||||
- echo "^DROP${w}${1}${w}--${w}${any}${w}${3}${w}multiport${w}dports${w}${2}\>"
|
||||
+ src=$any dst=$3
|
||||
+ if [ "$4" = "s" ]; then
|
||||
+ local src=$3
|
||||
+ local dst=$any
|
||||
+ fi
|
||||
+ # iptables 1.8.9 briefly broke the output format, returning the
|
||||
+ # numeric protocol value instead of a string. Support both variants.
|
||||
+ if [ "$1" = "tcp" ]; then
|
||||
+ local prot="(tcp|6)"
|
||||
+ else
|
||||
+ local prot="(udp|17)"
|
||||
+ fi
|
||||
+ echo "^DROP${w}${prot}${w}--${w}${src}${w}${dst}${w}multiport${w}${4}ports${w}${2}$"
|
||||
}
|
||||
|
||||
-#chain_isactive {udp|tcp} portno,portno ip
|
||||
+#chain_isactive {udp|tcp} portno,portno ip chain
|
||||
chain_isactive()
|
||||
{
|
||||
- PAT=`active_grep_pat "$1" "$2" "$3"`
|
||||
- $IPTABLES $wait -n -L INPUT | grep "$PAT" >/dev/null
|
||||
+ [ "$4" = "OUTPUT" ] && ds="s" || ds="d"
|
||||
+ PAT=$(active_grep_pat "$1" "$2" "$3" "$ds")
|
||||
+ $IPTABLES $wait -n -L "$4" | grep -qE "$PAT"
|
||||
+}
|
||||
+
|
||||
+# netstat -tn and ss -Htn, split on whitespace and colon,
|
||||
+# look very similar:
|
||||
+# tcp 0 0 10.43.55.1 675 10.43.9.8 2049 ESTABLISHED
|
||||
+# ESTAB 0 0 10.43.55.1 675 10.43.9.8 2049
|
||||
+# so we can write one awk script for both
|
||||
+get_established_tcp_connections()
|
||||
+{
|
||||
+ local columns
|
||||
+ if [ -z "$1" ] ; then
|
||||
+ columns='$4,$5, $6,$7'
|
||||
+ else
|
||||
+ # swap local and remote for "tickle_local"
|
||||
+ columns='$6,$7, $4,$5'
|
||||
+ fi
|
||||
+ $ss_or_netstat | awk -F '[:[:space:]]+' '
|
||||
+ ( $8 == "ESTABLISHED" || $1 == "ESTAB" ) && $4 == "'$OCF_RESKEY_ip'" \
|
||||
+ {printf "%s:%s\t%s:%s\n", '"$columns"'}'
|
||||
}
|
||||
|
||||
save_tcp_connections()
|
||||
{
|
||||
[ -z "$OCF_RESKEY_tickle_dir" ] && return
|
||||
statefile=$OCF_RESKEY_tickle_dir/$OCF_RESKEY_ip
|
||||
+ # If we have _no_ sync script, we probably have a shared
|
||||
+ # (or replicated) directory, and need to fsync, or we might
|
||||
+ # end up with the just truncated file after failover, exactly
|
||||
+ # when we need it.
|
||||
+ #
|
||||
+ # If we _do_ have a sync script, it is not that important whether
|
||||
+ # the local state file is fsync'ed or not, the sync script is
|
||||
+ # responsible to "atomically" communicate the state to the peer(s).
|
||||
if [ -z "$OCF_RESKEY_sync_script" ]; then
|
||||
- netstat -tn |awk -F '[:[:space:]]+' '
|
||||
- $8 == "ESTABLISHED" && $4 == "'$OCF_RESKEY_ip'" \
|
||||
- {printf "%s:%s\t%s:%s\n", $4,$5, $6,$7}' |
|
||||
- dd of="$statefile".new conv=fsync status=none &&
|
||||
- mv "$statefile".new "$statefile"
|
||||
+ get_established_tcp_connections |
|
||||
+ dd of="$statefile".new conv=fsync status=none &&
|
||||
+ mv "$statefile".new "$statefile"
|
||||
else
|
||||
- netstat -tn |awk -F '[:[:space:]]+' '
|
||||
- $8 == "ESTABLISHED" && $4 == "'$OCF_RESKEY_ip'" \
|
||||
- {printf "%s:%s\t%s:%s\n", $4,$5, $6,$7}' \
|
||||
- > $statefile
|
||||
+ get_established_tcp_connections > $statefile
|
||||
$OCF_RESKEY_sync_script $statefile > /dev/null 2>&1 &
|
||||
fi
|
||||
}
|
||||
@@ -277,7 +328,6 @@
|
||||
tickle_remote()
|
||||
{
|
||||
[ -z "$OCF_RESKEY_tickle_dir" ] && return
|
||||
- echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
|
||||
f=$OCF_RESKEY_tickle_dir/$OCF_RESKEY_ip
|
||||
[ -r $f ] || return
|
||||
$TICKLETCP -n 3 < $f
|
||||
@@ -289,11 +339,6 @@
|
||||
f=$OCF_RESKEY_tickle_dir/$OCF_RESKEY_ip
|
||||
[ -r $f ] || return
|
||||
|
||||
- checkcmd="netstat -tn"
|
||||
- if ! have_binary "netstat"; then
|
||||
- checkcmd="ss -Htn"
|
||||
- fi
|
||||
-
|
||||
# swap "local" and "remote" address,
|
||||
# so we tickle ourselves.
|
||||
# We set up a REJECT with tcp-reset before we do so, so we get rid of
|
||||
@@ -302,122 +347,152 @@
|
||||
# the way if we switch-over and then switch-back in quick succession.
|
||||
local i
|
||||
awk '{ print $2, $1; }' $f | $TICKLETCP
|
||||
- $checkcmd | grep -Fw $OCF_RESKEY_ip || return
|
||||
+ $ss_or_netstat | grep -Fw $OCF_RESKEY_ip || return
|
||||
for i in 0.1 0.5 1 2 4 ; do
|
||||
sleep $i
|
||||
- awk '{ print $2, $1; }' $f | $TICKLETCP
|
||||
- $checkcmd | grep -Fw $OCF_RESKEY_ip || break
|
||||
+ # now kill what is currently in the list,
|
||||
+ # not what was recorded during last monitor
|
||||
+ get_established_tcp_connections swap | $TICKLETCP
|
||||
+ $ss_or_netstat | grep -Fw $OCF_RESKEY_ip || break
|
||||
done
|
||||
}
|
||||
|
||||
SayActive()
|
||||
{
|
||||
- echo "$CMD DROP rule for INPUT chain [$*] is running (OK)"
|
||||
+ ocf_log debug "$CMD DROP rule [$*] is running (OK)"
|
||||
}
|
||||
|
||||
SayConsideredActive()
|
||||
{
|
||||
- echo "$CMD DROP rule for INPUT chain [$*] considered to be running (OK)"
|
||||
+ ocf_log debug "$CMD DROP rule [$*] considered to be running (OK)"
|
||||
}
|
||||
|
||||
SayInactive()
|
||||
{
|
||||
- echo "$CMD DROP rule for INPUT chain [$*] is inactive"
|
||||
+ ocf_log debug "$CMD DROP rule [$*] is inactive"
|
||||
}
|
||||
|
||||
-#IptablesStatus {udp|tcp} portno,portno ip {block|unblock}
|
||||
+#IptablesStatus {udp|tcp} portno,portno ip {in|out|both} {block|unblock}
|
||||
IptablesStatus() {
|
||||
- local rc
|
||||
- rc=$OCF_ERR_GENERIC
|
||||
- activewords="$CMD $1 $2 is running (OK)"
|
||||
- if chain_isactive "$1" "$2" "$3"; then
|
||||
- case $4 in
|
||||
- block)
|
||||
- SayActive $*
|
||||
- rc=$OCF_SUCCESS
|
||||
- ;;
|
||||
- *)
|
||||
- SayInactive $*
|
||||
- rc=$OCF_NOT_RUNNING
|
||||
- ;;
|
||||
- esac
|
||||
- else
|
||||
- case $4 in
|
||||
- block)
|
||||
- if ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" status; then
|
||||
- SayConsideredActive $*
|
||||
- rc=$OCF_SUCCESS
|
||||
- else
|
||||
- SayInactive $*
|
||||
- rc=$OCF_NOT_RUNNING
|
||||
- fi
|
||||
- ;;
|
||||
-
|
||||
- *)
|
||||
- if ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" status; then
|
||||
- SayActive $*
|
||||
- #This is only run on real monitor events.
|
||||
- save_tcp_connections
|
||||
- rc=$OCF_SUCCESS
|
||||
- else
|
||||
- SayInactive $*
|
||||
- rc=$OCF_NOT_RUNNING
|
||||
- fi
|
||||
- ;;
|
||||
- esac
|
||||
- fi
|
||||
-
|
||||
- return $rc
|
||||
+ local rc
|
||||
+ rc=$OCF_ERR_GENERIC
|
||||
+ is_active=0
|
||||
+ if [ "$4" = "in" ] || [ "$4" = "both" ]; then
|
||||
+ chain_isactive "$1" "$2" "$3" INPUT
|
||||
+ is_active=$?
|
||||
+ fi
|
||||
+ if [ "$4" = "out" ] || [ "$4" = "both" ]; then
|
||||
+ chain_isactive "$1" "$2" "$3" OUTPUT
|
||||
+ r=$?
|
||||
+ [ $r -gt $is_active ] && is_active=$r
|
||||
+ fi
|
||||
+ if [ $is_active -eq 0 ]; then
|
||||
+ case $5 in
|
||||
+ block)
|
||||
+ SayActive $*
|
||||
+ rc=$OCF_SUCCESS
|
||||
+ ;;
|
||||
+ *)
|
||||
+ SayInactive $*
|
||||
+ rc=$OCF_NOT_RUNNING
|
||||
+ ;;
|
||||
+ esac
|
||||
+ else
|
||||
+ case $5 in
|
||||
+ block)
|
||||
+ if ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" status; then
|
||||
+ SayConsideredActive $*
|
||||
+ rc=$OCF_SUCCESS
|
||||
+ else
|
||||
+ SayInactive $*
|
||||
+ rc=$OCF_NOT_RUNNING
|
||||
+ fi
|
||||
+ ;;
|
||||
+ *)
|
||||
+ if ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" status; then
|
||||
+ SayActive $*
|
||||
+ #This is only run on real monitor events.
|
||||
+ save_tcp_connections
|
||||
+ rc=$OCF_SUCCESS
|
||||
+ else
|
||||
+ SayInactive $*
|
||||
+ rc=$OCF_NOT_RUNNING
|
||||
+ fi
|
||||
+ ;;
|
||||
+ esac
|
||||
+ fi
|
||||
+ return $rc
|
||||
}
|
||||
|
||||
-#IptablesBLOCK {udp|tcp} portno,portno ip
|
||||
-IptablesBLOCK()
|
||||
+#DoIptables {-I|-D} {udp|tcp} portno,portno ip chain
|
||||
+DoIptables()
|
||||
{
|
||||
- local rc=0
|
||||
- local try_reset=false
|
||||
- if [ "$1/$4/$__OCF_ACTION" = tcp/unblock/stop ] &&
|
||||
- ocf_is_true $reset_local_on_unblock_stop
|
||||
- then
|
||||
- try_reset=true
|
||||
- fi
|
||||
- if
|
||||
- chain_isactive "$1" "$2" "$3"
|
||||
- then
|
||||
- : OK -- chain already active
|
||||
+ op=$1 proto=$2 ports=$3 ip=$4 chain=$5
|
||||
+ active=0; chain_isactive "$proto" "$ports" "$ip" "$chain" && active=1
|
||||
+ want_active=0; [ "$op" = "-I" ] && want_active=1
|
||||
+ ocf_log debug "active: $active want_active: $want_active"
|
||||
+ if [ $active -eq $want_active ] ; then
|
||||
+ : Chain already in desired state
|
||||
else
|
||||
- if $try_reset ; then
|
||||
- $IPTABLES $wait -I OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
|
||||
- tickle_local
|
||||
+ [ "$chain" = "OUTPUT" ] && ds="s" || ds="d"
|
||||
+ $IPTABLES $wait "$op" "$chain" -p "$proto" -${ds} "$ip" -m multiport --${ds}ports "$ports" -j DROP
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+#IptablesBLOCK {udp|tcp} portno,portno ip {in|out|both} {block|unblock}
|
||||
+IptablesBLOCK()
|
||||
+{
|
||||
+ local rc_in=0
|
||||
+ local rc_out=0
|
||||
+ if [ "$4" = "in" ] || [ "$4" = "both" ]; then
|
||||
+ local try_reset=false
|
||||
+ if [ "$1/$5/$__OCF_ACTION" = tcp/unblock/stop ] &&
|
||||
+ ocf_is_true $reset_local_on_unblock_stop
|
||||
+ then
|
||||
+ try_reset=true
|
||||
fi
|
||||
- $IPTABLES $wait -I INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
|
||||
- rc=$?
|
||||
- if $try_reset ; then
|
||||
- $IPTABLES $wait -D OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
|
||||
+ if
|
||||
+ chain_isactive "$1" "$2" "$3" INPUT
|
||||
+ then
|
||||
+ : OK -- chain already active
|
||||
+ else
|
||||
+ if $try_reset ; then
|
||||
+ $IPTABLES $wait -I OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
|
||||
+ tickle_local
|
||||
+ fi
|
||||
+ $IPTABLES $wait -I INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
|
||||
+ rc_in=$?
|
||||
+ if $try_reset ; then
|
||||
+ $IPTABLES $wait -D OUTPUT -p "$1" -s "$3" -m multiport --sports "$2" -j REJECT --reject-with tcp-reset
|
||||
+ fi
|
||||
fi
|
||||
fi
|
||||
+ if [ "$4" = "out" ] || [ "$4" = "both" ]; then
|
||||
+ DoIptables -I "$1" "$2" "$3" OUTPUT
|
||||
+ rc_out=$?
|
||||
+ fi
|
||||
|
||||
- return $rc
|
||||
+ [ $rc_in -gt $rc_out ] && return $rc_in || return $rc_out
|
||||
}
|
||||
|
||||
-#IptablesUNBLOCK {udp|tcp} portno,portno ip
|
||||
+#IptablesUNBLOCK {udp|tcp} portno,portno ip {in|out|both}
|
||||
IptablesUNBLOCK()
|
||||
{
|
||||
- if
|
||||
- chain_isactive "$1" "$2" "$3"
|
||||
- then
|
||||
- $IPTABLES $wait -D INPUT -p "$1" -d "$3" -m multiport --dports "$2" -j DROP
|
||||
- else
|
||||
- : Chain Not active
|
||||
+ if [ "$4" = "in" ] || [ "$4" = "both" ]; then
|
||||
+ DoIptables -D "$1" "$2" "$3" INPUT
|
||||
+ fi
|
||||
+ if [ "$4" = "out" ] || [ "$4" = "both" ]; then
|
||||
+ DoIptables -D "$1" "$2" "$3" OUTPUT
|
||||
fi
|
||||
|
||||
return $?
|
||||
}
|
||||
|
||||
-#IptablesStart {udp|tcp} portno,portno ip {block|unblock}
|
||||
+#IptablesStart {udp|tcp} portno,portno ip {in|out|both} {block|unblock}
|
||||
IptablesStart()
|
||||
{
|
||||
ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" start
|
||||
- case $4 in
|
||||
+ case $5 in
|
||||
block) IptablesBLOCK "$@";;
|
||||
unblock)
|
||||
IptablesUNBLOCK "$@"
|
||||
@@ -432,11 +507,11 @@
|
||||
return $?
|
||||
}
|
||||
|
||||
-#IptablesStop {udp|tcp} portno,portno ip {block|unblock}
|
||||
+#IptablesStop {udp|tcp} portno,portno ip {in|out|both} {block|unblock}
|
||||
IptablesStop()
|
||||
{
|
||||
ha_pseudo_resource "${OCF_RESOURCE_INSTANCE}" stop
|
||||
- case $4 in
|
||||
+ case $5 in
|
||||
block) IptablesUNBLOCK "$@";;
|
||||
unblock)
|
||||
save_tcp_connections
|
||||
@@ -454,7 +529,7 @@
|
||||
CheckPort() {
|
||||
# Examples of valid port: "1080", "1", "0080"
|
||||
# Examples of invalid port: "1080bad", "0", "0000", ""
|
||||
- echo $1 |egrep -qx '[0-9]+(:[0-9]+)?(,[0-9]+(:[0-9]+)?)*'
|
||||
+ echo $1 | $EGREP -qx '[0-9]+(:[0-9]+)?(,[0-9]+(:[0-9]+)?)*'
|
||||
}
|
||||
|
||||
IptablesValidateAll()
|
||||
@@ -543,7 +618,7 @@
|
||||
fi
|
||||
|
||||
# iptables v1.4.20+ is required to use -w (wait)
|
||||
-version=$(iptables -V | awk -F ' v' '{print $NF}')
|
||||
+version=$(iptables -V | grep -oE '[0-9]+[\.0-9]+')
|
||||
ocf_version_cmp "$version" "1.4.19.1"
|
||||
if [ "$?" -eq "2" ]; then
|
||||
wait="-w"
|
||||
@@ -553,21 +628,36 @@
|
||||
|
||||
protocol=$OCF_RESKEY_protocol
|
||||
portno=$OCF_RESKEY_portno
|
||||
+direction=$OCF_RESKEY_direction
|
||||
action=$OCF_RESKEY_action
|
||||
ip=$OCF_RESKEY_ip
|
||||
reset_local_on_unblock_stop=$OCF_RESKEY_reset_local_on_unblock_stop
|
||||
|
||||
+
|
||||
+# If "tickle" is enabled, we need to record the list of currently established
|
||||
+# connections during monitor. Use ss where available, and netstat otherwise.
|
||||
+if [ -n "$OCF_RESKEY_tickle_dir" ] ; then
|
||||
+ if have_binary ss ; then
|
||||
+ ss_or_netstat="ss -Htn"
|
||||
+ elif have_binary netstat ; then
|
||||
+ ss_or_netstat="netstat -tn"
|
||||
+ else
|
||||
+ ocf_log err "Neither ss nor netstat found, but needed to record estblished connections."
|
||||
+ exit $OCF_ERR_INSTALLED
|
||||
+ fi
|
||||
+fi
|
||||
+
|
||||
case $1 in
|
||||
start)
|
||||
- IptablesStart $protocol $portno $ip $action
|
||||
+ IptablesStart $protocol $portno $ip $direction $action
|
||||
;;
|
||||
|
||||
stop)
|
||||
- IptablesStop $protocol $portno $ip $action
|
||||
+ IptablesStop $protocol $portno $ip $direction $action
|
||||
;;
|
||||
|
||||
status|monitor)
|
||||
- IptablesStatus $protocol $portno $ip $action
|
||||
+ IptablesStatus $protocol $portno $ip $direction $action
|
||||
;;
|
||||
|
||||
validate-all)
|
||||
@ -73,7 +73,7 @@
|
||||
Name: resource-agents
|
||||
Summary: Open Source HA Reusable Cluster Resource Scripts
|
||||
Version: 4.9.0
|
||||
Release: 54%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.10
|
||||
Release: 54%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
|
||||
License: GPLv2+ and LGPLv2+
|
||||
URL: https://github.com/ClusterLabs/resource-agents
|
||||
%if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel}
|
||||
@ -160,14 +160,6 @@ Patch63: RHEL-15305-1-findif.sh-fix-loopback-handling.patch
|
||||
Patch64: RHEL-16248-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-auth_type-role.patch
|
||||
Patch65: RHEL-17083-findif-EOS-fix.patch
|
||||
Patch66: RHEL-15305-2-findif.sh-dont-use-table-parameter.patch
|
||||
Patch67: RHEL-34137-aws-agents-use-curl_retry.patch
|
||||
Patch68: RHEL-32828-db2-fix-OCF_SUCESS-typo.patch
|
||||
Patch69: RHEL-61138-nfsserver-also-stop-rpc-statd-for-nfsv4_only.patch
|
||||
Patch70: RHEL-69297-1-Filesystem-dont-kill-unrelated-processes.patch
|
||||
Patch71: RHEL-69297-2-Filesystem-update-bsd-logic.patch
|
||||
Patch72: RHEL-72956-1-openstack-cinder-volume-wait-for-volume-to-be-available.patch
|
||||
Patch73: RHEL-72956-2-openstack-cinder-volume-fix-detach-not-working-during-start-action.patch
|
||||
Patch74: RHEL-79823-portblock-fix-version-detection.patch
|
||||
|
||||
# bundle patches
|
||||
Patch1000: 7-gcp-bundled.patch
|
||||
@ -180,8 +172,6 @@ Patch1006: python3-syntax-fixes.patch
|
||||
Patch1007: aliyuncli-python3-fixes.patch
|
||||
Patch1008: bz1935422-python-pygments-fix-CVE-2021-20270.patch
|
||||
Patch1009: bz1943464-python-pygments-fix-CVE-2021-27291.patch
|
||||
Patch1010: RHEL-44923-aliyun-gcp-fix-bundled-urllib3-CVE-2024-37891.patch
|
||||
Patch1011: RHEL-50360-setuptools-fix-CVE-2024-6345.patch
|
||||
|
||||
Obsoletes: heartbeat-resources <= %{version}
|
||||
Provides: heartbeat-resources = %{version}
|
||||
@ -418,14 +408,6 @@ exit 1
|
||||
%patch -p1 -P 64
|
||||
%patch -p1 -P 65
|
||||
%patch -p1 -P 66
|
||||
%patch -p1 -P 67 -F1
|
||||
%patch -p1 -P 68
|
||||
%patch -p1 -P 69
|
||||
%patch -p1 -P 70
|
||||
%patch -p1 -P 71
|
||||
%patch -p1 -P 72
|
||||
%patch -p1 -P 73
|
||||
%patch -p1 -P 74
|
||||
|
||||
chmod 755 heartbeat/nova-compute-wait
|
||||
chmod 755 heartbeat/NovaEvacuate
|
||||
@ -714,14 +696,6 @@ mv %{buildroot}/%{_bindir}/aliyuncli %{buildroot}/%{_bindir}/aliyuncli-ra
|
||||
# aliyun_completer / aliyun_zsh_complete.sh
|
||||
rm %{buildroot}/%{_bindir}/aliyun_*
|
||||
popd
|
||||
|
||||
# regular patch doesnt work in build-section
|
||||
pushd %{buildroot}/usr/lib/%{name}/%{bundled_lib_dir}
|
||||
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1010}
|
||||
popd
|
||||
pushd %{buildroot}/usr/lib/%{name}/%{bundled_lib_dir}/gcp/google-cloud-sdk/lib/third_party
|
||||
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1011}
|
||||
popd
|
||||
%endif
|
||||
|
||||
## tree fixup
|
||||
@ -1015,49 +989,6 @@ ccs_update_schema > /dev/null 2>&1 ||:
|
||||
%{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm
|
||||
|
||||
%changelog
|
||||
* Thu Feb 20 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.10
|
||||
- portblock: fix iptables version detection
|
||||
|
||||
Resolves: RHEL-79823
|
||||
|
||||
* Fri Jan 10 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.8
|
||||
- openstack-cinder-volume: wait for volume to be available
|
||||
|
||||
Resolves: RHEL-72956
|
||||
|
||||
* Wed Nov 27 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.6
|
||||
- Filesystem: dont kill unrelated processes during stop-action
|
||||
|
||||
Resolves: RHEL-69297
|
||||
|
||||
* Tue Oct 1 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.5
|
||||
- nfsserver: also stop rpc-statd for nfsv4_only to avoid stop failing
|
||||
in some cases
|
||||
|
||||
Resolves: RHEL-61138
|
||||
|
||||
* Thu Jul 25 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.4
|
||||
- bundled setuptools: fix CVE-2024-6345
|
||||
|
||||
Resolves: RHEL-50360
|
||||
|
||||
* Tue Jul 23 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.3
|
||||
- gcp-pd-move: fix TLS_VERSION_1 issue
|
||||
|
||||
Resolves: RHEL-50041
|
||||
|
||||
* Wed Jun 26 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.2
|
||||
- bundled urllib3: fix CVE-2024-37891
|
||||
|
||||
Resolves: RHEL-44923
|
||||
|
||||
* Thu May 30 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.1
|
||||
- AWS agents: retry failed metadata requests to avoid instantly
|
||||
failing when there is a hiccup in the network or metadata service
|
||||
- db2: fix OCF_SUCESS typo
|
||||
|
||||
Resolves: RHEL-34137, RHEL-32828
|
||||
|
||||
* Thu Feb 8 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54
|
||||
- findif.sh: fix loopback IP handling
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user