Compare commits

...

No commits in common. "imports/c8s/resource-agents-4.9.0-35.el8" and "c8" have entirely different histories.

34 changed files with 2833 additions and 177 deletions

3
.gitignore vendored
View File

@ -6,6 +6,7 @@ SOURCES/aliyun-python-sdk-vpc-3.0.2.tar.gz
SOURCES/colorama-0.3.3.tar.gz
SOURCES/google-cloud-sdk-360.0.0-linux-x86_64.tar.gz
SOURCES/httplib2-0.20.4.tar.gz
SOURCES/pycryptodome-3.6.4.tar.gz
SOURCES/pycryptodome-3.20.0.tar.gz
SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl
SOURCES/pyroute2-0.4.13.tar.gz
SOURCES/urllib3-1.26.18.tar.gz

View File

@ -6,6 +6,7 @@ f14647a4d37a9a254c4e711b95a7654fc418e41e SOURCES/aliyun-python-sdk-vpc-3.0.2.tar
0fe5bd8bca54dd71223778a1e0bcca9af324abb1 SOURCES/colorama-0.3.3.tar.gz
81f039cf075e9c8b70d5af99c189296a9e031de3 SOURCES/google-cloud-sdk-360.0.0-linux-x86_64.tar.gz
7caf4412d9473bf17352316249a8133fa70b7e37 SOURCES/httplib2-0.20.4.tar.gz
326a73f58a62ebee00c11a12cfdd838b196e0e8e SOURCES/pycryptodome-3.6.4.tar.gz
c55d177e9484d974c95078d4ae945f89ba2c7251 SOURCES/pycryptodome-3.20.0.tar.gz
c8307f47e3b75a2d02af72982a2dfefa3f56e407 SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl
147149db11104c06d405fd077dcd2aa1c345f109 SOURCES/pyroute2-0.4.13.tar.gz
84e2852d8da1655373f7ce5e7d5d3e256b62b4e4 SOURCES/urllib3-1.26.18.tar.gz

View File

@ -1,6 +1,17 @@
diff --color -uNr a/heartbeat/gcp-pd-move.in b/heartbeat/gcp-pd-move.in
--- a/heartbeat/gcp-pd-move.in 2024-07-22 10:59:42.170483160 +0200
+++ b/heartbeat/gcp-pd-move.in 2024-07-22 11:01:51.455543850 +0200
@@ -32,6 +32,7 @@
from ocf import logger
try:
+ sys.path.insert(0, '/usr/lib/resource-agents/bundled/gcp')
import googleapiclient.discovery
except ImportError:
pass
diff --color -uNr a/heartbeat/gcp-vpc-move-ip.in b/heartbeat/gcp-vpc-move-ip.in
--- a/heartbeat/gcp-vpc-move-ip.in 2022-06-16 09:45:21.419090782 +0200
+++ b/heartbeat/gcp-vpc-move-ip.in 2022-06-16 10:11:22.978648598 +0200
--- a/heartbeat/gcp-vpc-move-ip.in 2024-07-22 10:59:42.170483160 +0200
+++ b/heartbeat/gcp-vpc-move-ip.in 2024-07-22 11:01:18.010752081 +0200
@@ -36,7 +36,7 @@
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
@ -11,8 +22,8 @@ diff --color -uNr a/heartbeat/gcp-vpc-move-ip.in b/heartbeat/gcp-vpc-move-ip.in
OCF_RESKEY_vpc_network_default="default"
OCF_RESKEY_interface_default="eth0"
diff --color -uNr a/heartbeat/gcp-vpc-move-route.in b/heartbeat/gcp-vpc-move-route.in
--- a/heartbeat/gcp-vpc-move-route.in 2022-06-16 09:45:21.420090788 +0200
+++ b/heartbeat/gcp-vpc-move-route.in 2022-06-16 10:11:22.978648598 +0200
--- a/heartbeat/gcp-vpc-move-route.in 2024-07-22 10:59:42.170483160 +0200
+++ b/heartbeat/gcp-vpc-move-route.in 2024-07-22 11:01:18.011752105 +0200
@@ -45,6 +45,7 @@
from ocf import *
@ -22,8 +33,8 @@ diff --color -uNr a/heartbeat/gcp-vpc-move-route.in b/heartbeat/gcp-vpc-move-rou
import pyroute2
try:
diff --color -uNr a/heartbeat/gcp-vpc-move-vip.in b/heartbeat/gcp-vpc-move-vip.in
--- a/heartbeat/gcp-vpc-move-vip.in 2022-06-16 09:45:21.420090788 +0200
+++ b/heartbeat/gcp-vpc-move-vip.in 2022-06-16 10:11:22.979648603 +0200
--- a/heartbeat/gcp-vpc-move-vip.in 2024-07-22 10:59:42.170483160 +0200
+++ b/heartbeat/gcp-vpc-move-vip.in 2024-07-22 11:01:18.012752128 +0200
@@ -29,6 +29,7 @@
from ocf import *

View File

@ -0,0 +1,75 @@
From b806487ca758fce838c988767556007ecf66a6e3 Mon Sep 17 00:00:00 2001
From: Roger Zhou <zzhou@suse.com>
Date: Mon, 10 Apr 2023 18:08:56 +0800
Subject: [PATCH] exportfs: make the "fsid=" parameter optional
Based on feedback [1] from the kernel developer @neilbrown regarding the
NFS clustering use case, it has been determined that the fsid= parameter
is now considered optional and safe to omit.
[1] https://bugzilla.suse.com/show_bug.cgi?id=1201271#c49
"""
Since some time in 2007 NFS has used the UUID of a filesystem as the
primary identifier for that filesystem, rather than using the device
number. So from that time there should have been reduced need for the
"fsid=" option. Probably there are some filesystems that this didn't
work for. btrfs has been problematic at time, particularly when subvols
are exported. But for quite some years this has all "just worked" at
least for the major filesystems (ext4 xfs btrfs). [...] I would suggest
getting rid of the use of fsid= altogether. [...] I'm confident that it
was no longer an issue in SLE-12 and similarly not in SLE-15.
"""
---
heartbeat/exportfs | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/heartbeat/exportfs b/heartbeat/exportfs
index 2307a9e67b..435a19646b 100755
--- a/heartbeat/exportfs
+++ b/heartbeat/exportfs
@@ -82,7 +82,7 @@ The directory or directories to export.
<content type="string" />
</parameter>
-<parameter name="fsid" unique="0" required="1">
+<parameter name="fsid" unique="0" required="0">
<longdesc lang="en">
The fsid option to pass to exportfs. This can be a unique positive
integer, a UUID (assuredly sans comma characters), or the special string
@@ -185,6 +185,8 @@ exportfs_methods() {
reset_fsid() {
CURRENT_FSID=$OCF_RESKEY_fsid
+ [ -z "$CURRENT_FSID" ] && CURRENT_FSID=`echo "$OCF_RESKEY_options" | sed -n 's/.*fsid=\([^,]*\).*/\1/p'`
+ echo $CURRENT_FSID
}
bump_fsid() {
CURRENT_FSID=$((CURRENT_FSID+1))
@@ -322,7 +324,7 @@ export_one() {
if echo "$opts" | grep fsid >/dev/null; then
#replace fsid in options list
opts=`echo "$opts" | sed "s,fsid=[^,]*,fsid=$(get_fsid),g"`
- else
+ elif [ -n "$OCF_RESKEY_fsid" ]; then
#tack the fsid option onto our options list.
opts="${opts}${sep}fsid=$(get_fsid)"
fi
@@ -448,8 +450,8 @@ exportfs_validate_all ()
ocf_exit_reason "$OCF_RESKEY_fsid cannot contain a comma"
return $OCF_ERR_CONFIGURED
fi
- if [ $NUMDIRS -gt 1 ] &&
- ! ocf_is_decimal "$OCF_RESKEY_fsid"; then
+ if [ $NUMDIRS -gt 1 ] && [ -n "$(reset_fsid)" ] &&
+ ! ocf_is_decimal "$(reset_fsid)"; then
ocf_exit_reason "use integer fsid when exporting multiple directories"
return $OCF_ERR_CONFIGURED
fi
@@ -485,6 +487,6 @@ done
OCF_RESKEY_directory="${directories%% }"
NUMDIRS=`echo "$OCF_RESKEY_directory" | wc -w`
-OCF_REQUIRED_PARAMS="directory fsid clientspec"
+OCF_REQUIRED_PARAMS="directory clientspec"
OCF_REQUIRED_BINARIES="exportfs"
ocf_rarun $*

View File

@ -0,0 +1,43 @@
From 1d1481aa6d848efab4d398ad6e74d80b5b32549f Mon Sep 17 00:00:00 2001
From: Valentin Vidic <vvidic@debian.org>
Date: Wed, 1 Nov 2023 18:25:45 +0100
Subject: [PATCH] exportfs: remove test for "fsid=" parameter
fsid parameter is now considered optional.
---
tools/ocft/exportfs | 5 -----
tools/ocft/exportfs-multidir | 5 -----
2 files changed, 10 deletions(-)
diff --git a/tools/ocft/exportfs b/tools/ocft/exportfs
index 285a4b8ea0..1ec3d4c364 100644
--- a/tools/ocft/exportfs
+++ b/tools/ocft/exportfs
@@ -28,11 +28,6 @@ CASE "check base env"
Include prepare
AgentRun start OCF_SUCCESS
-CASE "check base env: no 'OCF_RESKEY_fsid'"
- Include prepare
- Env OCF_RESKEY_fsid=
- AgentRun start OCF_ERR_CONFIGURED
-
CASE "check base env: invalid 'OCF_RESKEY_directory'"
Include prepare
Env OCF_RESKEY_directory=/no_such
diff --git a/tools/ocft/exportfs-multidir b/tools/ocft/exportfs-multidir
index 00e41f0859..ac6d5c7f6a 100644
--- a/tools/ocft/exportfs-multidir
+++ b/tools/ocft/exportfs-multidir
@@ -28,11 +28,6 @@ CASE "check base env"
Include prepare
AgentRun start OCF_SUCCESS
-CASE "check base env: no 'OCF_RESKEY_fsid'"
- Include prepare
- Env OCF_RESKEY_fsid=
- AgentRun start OCF_ERR_CONFIGURED
-
CASE "check base env: invalid 'OCF_RESKEY_directory'"
Include prepare
Env OCF_RESKEY_directory=/no_such

View File

@ -0,0 +1,45 @@
From e4f84ae185b6943d1ff461d53c7f1b5295783086 Mon Sep 17 00:00:00 2001
From: Valentin Vidic <vvidic@valentin-vidic.from.hr>
Date: Wed, 1 Nov 2023 19:35:21 +0100
Subject: [PATCH] findif.sh: fix loopback handling
tools/ocft/IPaddr2 fails the loopback test because of the missing
table local parameter:
$ ip -o -f inet route list match 127.0.0.3 scope host
$ ip -o -f inet route list match 127.0.0.3 table local scope host
local 127.0.0.0/8 dev lo proto kernel src 127.0.0.1
Also rename the function because it is called only in for the special
loopback address case.
---
heartbeat/findif.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh
index 5f1c19ec3..7c766e6e0 100644
--- a/heartbeat/findif.sh
+++ b/heartbeat/findif.sh
@@ -29,10 +29,10 @@ prefixcheck() {
fi
return 0
}
-getnetworkinfo()
+getloopbackinfo()
{
local line netinfo
- ip -o -f inet route list match $OCF_RESKEY_ip table "${OCF_RESKEY_table:=main}" scope host | (while read line;
+ ip -o -f inet route list match $OCF_RESKEY_ip table local scope host | (while read line;
do
netinfo=`echo $line | awk '{print $2}'`
case $netinfo in
@@ -222,7 +222,7 @@ findif()
if [ $# = 0 ] ; then
case $OCF_RESKEY_ip in
127.*)
- set -- `getnetworkinfo`
+ set -- `getloopbackinfo`
shift;;
esac
fi

View File

@ -0,0 +1,20 @@
--- a/heartbeat/findif.sh 2024-02-08 11:31:53.414257686 +0100
+++ b/heartbeat/findif.sh 2023-11-02 10:20:12.150853167 +0100
@@ -210,14 +210,14 @@
fi
findif_check_params $family || return $?
- if [ -n "$netmask" ] ; then
+ if [ -n "$netmask" ]; then
match=$match/$netmask
fi
if [ -n "$nic" ] ; then
# NIC supports more than two.
- set -- $(ip -o -f $family route list match $match $scope table "${OCF_RESKEY_table:=main}" | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
+ set -- $(ip -o -f $family route list match $match $scope | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
else
- set -- $(ip -o -f $family route list match $match $scope table "${OCF_RESKEY_table:=main}" | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
+ set -- $(ip -o -f $family route list match $match $scope | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
fi
if [ $# = 0 ] ; then
case $OCF_RESKEY_ip in

View File

@ -0,0 +1,555 @@
From f45f76600a7e02c860566db7d1350dc3b09449c2 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Mon, 6 Nov 2023 15:49:44 +0100
Subject: [PATCH] aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type
parameter and AWS Policy based authentication type
---
heartbeat/aws-vpc-move-ip | 43 +++++++++++++++++++----
heartbeat/aws-vpc-route53.in | 47 ++++++++++++++++++++-----
heartbeat/awseip | 68 +++++++++++++++++++++++++++---------
heartbeat/awsvip | 60 ++++++++++++++++++++++++-------
4 files changed, 173 insertions(+), 45 deletions(-)
diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
index dee040300f..54806f6eaa 100755
--- a/heartbeat/aws-vpc-move-ip
+++ b/heartbeat/aws-vpc-move-ip
@@ -36,6 +36,7 @@
# Defaults
OCF_RESKEY_awscli_default="/usr/bin/aws"
+OCF_RESKEY_auth_type_default="key"
OCF_RESKEY_profile_default="default"
OCF_RESKEY_region_default=""
OCF_RESKEY_ip_default=""
@@ -48,6 +49,7 @@ OCF_RESKEY_monapi_default="false"
OCF_RESKEY_lookup_type_default="InstanceId"
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
: ${OCF_RESKEY_ip=${OCF_RESKEY_ip_default}}
@@ -58,8 +60,6 @@ OCF_RESKEY_lookup_type_default="InstanceId"
: ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}}
: ${OCF_RESKEY_monapi=${OCF_RESKEY_monapi_default}}
: ${OCF_RESKEY_lookup_type=${OCF_RESKEY_lookup_type_default}}
-
-[ -n "$OCF_RESKEY_region" ] && region_opt="--region $OCF_RESKEY_region"
#######################################################################
@@ -83,6 +83,10 @@ cat <<END
<longdesc lang="en">
Resource Agent to move IP addresses within a VPC of the Amazon Webservices EC2
by changing an entry in an specific routing table
+
+Credentials needs to be setup by running "aws configure", or by using AWS Policies.
+
+See https://aws.amazon.com/cli/ for more information about awscli.
</longdesc>
<shortdesc lang="en">Move IP within a VPC of the AWS EC2</shortdesc>
@@ -95,6 +99,15 @@ Path to command line tools for AWS
<content type="string" default="${OCF_RESKEY_awscli_default}" />
</parameter>
+<parameter name="auth_type">
+<longdesc lang="en">
+Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure",
+or "role" to use AWS Policies.
+</longdesc>
+<shortdesc lang="en">Authentication type</shortdesc>
+<content type="string" default="${OCF_RESKEY_auth_type_default}" />
+</parameter>
+
<parameter name="profile">
<longdesc lang="en">
Valid AWS CLI profile name (see ~/.aws/config and 'aws configure')
@@ -198,7 +211,7 @@ END
execute_cmd_as_role(){
cmd=$1
role=$2
- output="$($OCF_RESKEY_awscli sts assume-role --role-arn $role --role-session-name AWSCLI-RouteTableUpdate --profile $OCF_RESKEY_profile $region_opt --output=text)"
+ output="$($AWSCLI_CMD sts assume-role --role-arn $role --role-session-name AWSCLI-RouteTableUpdate --output=text)"
export AWS_ACCESS_KEY_ID="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $5}')"
export AWS_SECRET_ACCESS_KEY="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $7}')"
export AWS_SESSION_TOKEN="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $8}')"
@@ -220,11 +233,11 @@ ec2ip_set_address_param_compat(){
}
ec2ip_validate() {
- for cmd in $OCF_RESKEY_awscli ip curl; do
+ for cmd in "$OCF_RESKEY_awscli" ip curl; do
check_binary "$cmd"
done
- if [ -z "$OCF_RESKEY_profile" ]; then
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
ocf_exit_reason "profile parameter not set"
return $OCF_ERR_CONFIGURED
fi
@@ -262,7 +275,7 @@ ec2ip_monitor() {
for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do
ocf_log info "monitor: check routing table (API call) - $rtb"
if [ -z "${OCF_RESKEY_routing_table_role}" ]; then
- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type"
+ cmd="$AWSCLI_CMD --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type"
ocf_log debug "executing command: $cmd"
ROUTE_TO_INSTANCE="$($cmd)"
else
@@ -368,7 +381,7 @@ ec2ip_get_and_configure() {
EC2_NETWORK_INTERFACE_ID="$(ec2ip_get_instance_eni)"
for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do
if [ -z "${OCF_RESKEY_routing_table_role}" ]; then
- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID"
+ cmd="$AWSCLI_CMD --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID"
ocf_log debug "executing command: $cmd"
$cmd
else
@@ -475,6 +488,22 @@ if ! ocf_is_root; then
exit $OCF_ERR_PERM
fi
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
+ if [ -z "${OCF_RESKEY_region}" ]; then
+ ocf_exit_reason "region needs to be set when using role-based authentication"
+ exit $OCF_ERR_CONFIGURED
+ fi
+else
+ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}"
+ exit $OCF_ERR_CONFIGURED
+fi
+if [ -n "${OCF_RESKEY_region}" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
+fi
+
ec2ip_set_address_param_compat
ec2ip_validate
diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in
index 22cbb35833..18ab157e8a 100644
--- a/heartbeat/aws-vpc-route53.in
+++ b/heartbeat/aws-vpc-route53.in
@@ -46,24 +46,22 @@
# Defaults
OCF_RESKEY_awscli_default="/usr/bin/aws"
+OCF_RESKEY_auth_type_default="key"
OCF_RESKEY_profile_default="default"
+OCF_RESKEY_region_default=""
OCF_RESKEY_hostedzoneid_default=""
OCF_RESKEY_fullname_default=""
OCF_RESKEY_ip_default="local"
OCF_RESKEY_ttl_default=10
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
+: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
: ${OCF_RESKEY_hostedzoneid:=${OCF_RESKEY_hostedzoneid_default}}
: ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}}
: ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}}
: ${OCF_RESKEY_ttl:=${OCF_RESKEY_ttl_default}}
-#######################################################################
-
-
-AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10"
-#######################################################################
-
usage() {
cat <<-EOT
@@ -123,6 +121,15 @@ Path to command line tools for AWS
<content type="string" default="${OCF_RESKEY_awscli_default}" />
</parameter>
+<parameter name="auth_type">
+<longdesc lang="en">
+Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure",
+or "role" to use AWS Policies.
+</longdesc>
+<shortdesc lang="en">Authentication type</shortdesc>
+<content type="string" default="${OCF_RESKEY_auth_type_default}" />
+</parameter>
+
<parameter name="profile">
<longdesc lang="en">
The name of the AWS CLI profile of the root account. This
@@ -196,7 +203,7 @@ r53_validate() {
# Check for required binaries
ocf_log debug "Checking for required binaries"
- for command in curl dig; do
+ for command in "${OCF_RESKEY_awscli}" curl dig; do
check_binary "$command"
done
@@ -216,7 +223,10 @@ r53_validate() {
esac
# profile
- [[ -z "$OCF_RESKEY_profile" ]] && ocf_log error "AWS CLI profile not set $OCF_RESKEY_profile!" && exit $OCF_ERR_CONFIGURED
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
+ ocf_exit_reason "profile parameter not set"
+ return $OCF_ERR_CONFIGURED
+ fi
# TTL
[[ -z "$OCF_RESKEY_ttl" ]] && ocf_log error "TTL not set $OCF_RESKEY_ttl!" && exit $OCF_ERR_CONFIGURED
@@ -417,7 +427,6 @@ _update_record() {
}
###############################################################################
-
case $__OCF_ACTION in
usage|help)
usage
@@ -427,6 +436,26 @@ case $__OCF_ACTION in
metadata
exit $OCF_SUCCESS
;;
+esac
+
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
+ if [ -z "${OCF_RESKEY_region}" ]; then
+ ocf_exit_reason "region needs to be set when using role-based authentication"
+ exit $OCF_ERR_CONFIGURED
+ fi
+else
+ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}"
+ exit $OCF_ERR_CONFIGURED
+fi
+if [ -n "${OCF_RESKEY_region}" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
+fi
+AWSCLI_CMD="$AWSCLI_CMD --cli-connect-timeout 10"
+
+case $__OCF_ACTION in
start)
r53_validate || exit $?
r53_start
diff --git a/heartbeat/awseip b/heartbeat/awseip
index dc48460c85..49b0ca6155 100755
--- a/heartbeat/awseip
+++ b/heartbeat/awseip
@@ -23,7 +23,8 @@
#
# Prerequisites:
#
-# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.)
+# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.) or
+# (AWSRole) Setup up relevant AWS Policies to allow agent related functions to be executed.
# - a reserved secondary private IP address for EC2 instances high availability
# - IAM user role with the following permissions:
# * DescribeInstances
@@ -44,11 +45,15 @@
# Defaults
#
OCF_RESKEY_awscli_default="/usr/bin/aws"
+OCF_RESKEY_auth_type_default="key"
OCF_RESKEY_profile_default="default"
+OCF_RESKEY_region_default=""
OCF_RESKEY_api_delay_default="3"
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
+: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
: ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
meta_data() {
@@ -63,7 +68,7 @@ Resource Agent for Amazon AWS Elastic IP Addresses.
It manages AWS Elastic IP Addresses with awscli.
-Credentials needs to be setup by running "aws configure".
+Credentials needs to be setup by running "aws configure", or by using AWS Policies.
See https://aws.amazon.com/cli/ for more information about awscli.
</longdesc>
@@ -79,6 +84,15 @@ command line tools for aws services
<content type="string" default="${OCF_RESKEY_awscli_default}" />
</parameter>
+<parameter name="auth_type">
+<longdesc lang="en">
+Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure",
+or "role" to use AWS Policies.
+</longdesc>
+<shortdesc lang="en">Authentication type</shortdesc>
+<content type="string" default="${OCF_RESKEY_auth_type_default}" />
+</parameter>
+
<parameter name="profile">
<longdesc lang="en">
Valid AWS CLI profile name (see ~/.aws/config and 'aws configure')
@@ -111,6 +125,14 @@ predefined private ip address for ec2 instance
<content type="string" default="" />
</parameter>
+<parameter name="region" required="0">
+<longdesc lang="en">
+Region for AWS resource (required for role-based authentication)
+</longdesc>
+<shortdesc lang="en">Region</shortdesc>
+<content type="string" default="${OCF_RESKEY_region_default}" />
+</parameter>
+
<parameter name="api_delay" unique="0">
<longdesc lang="en">
a short delay between API calls, to avoid sending API too quick
@@ -157,13 +179,13 @@ awseip_start() {
NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN")
fi
done
- $AWSCLI --profile $OCF_RESKEY_profile ec2 associate-address \
+ $AWSCLI_CMD ec2 associate-address \
--network-interface-id ${NETWORK_ID} \
--allocation-id ${ALLOCATION_ID} \
--private-ip-address ${PRIVATE_IP_ADDRESS}
RET=$?
else
- $AWSCLI --profile $OCF_RESKEY_profile ec2 associate-address \
+ $AWSCLI_CMD ec2 associate-address \
--instance-id ${INSTANCE_ID} \
--allocation-id ${ALLOCATION_ID}
RET=$?
@@ -183,7 +205,7 @@ awseip_start() {
awseip_stop() {
awseip_monitor || return $OCF_SUCCESS
- ASSOCIATION_ID=$($AWSCLI --profile $OCF_RESKEY_profile --output json ec2 describe-addresses \
+ ASSOCIATION_ID=$($AWSCLI_CMD --output json ec2 describe-addresses \
--allocation-id ${ALLOCATION_ID} | grep -m 1 "AssociationId" | awk -F'"' '{print$4}')
if [ -z "${ASSOCIATION_ID}" ]; then
@@ -191,9 +213,7 @@ awseip_stop() {
return $OCF_NOT_RUNNING
fi
- $AWSCLI --profile ${OCF_RESKEY_profile} \
- ec2 disassociate-address \
- --association-id ${ASSOCIATION_ID}
+ $AWSCLI_CMD ec2 disassociate-address --association-id ${ASSOCIATION_ID}
RET=$?
# delay to avoid sending request too fast
@@ -208,7 +228,7 @@ awseip_stop() {
}
awseip_monitor() {
- $AWSCLI --profile $OCF_RESKEY_profile ec2 describe-instances --instance-id "${INSTANCE_ID}" | grep -q "${ELASTIC_IP}"
+ $AWSCLI_CMD ec2 describe-instances --instance-id "${INSTANCE_ID}" | grep -q "${ELASTIC_IP}"
RET=$?
if [ $RET -ne 0 ]; then
@@ -218,9 +238,9 @@ awseip_monitor() {
}
awseip_validate() {
- check_binary ${AWSCLI}
+ check_binary "${OCF_RESKEY_awscli}"
- if [ -z "$OCF_RESKEY_profile" ]; then
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
ocf_exit_reason "profile parameter not set"
return $OCF_ERR_CONFIGURED
fi
@@ -238,9 +258,27 @@ case $__OCF_ACTION in
meta_data
exit $OCF_SUCCESS
;;
-esac
+ usage|help)
+ awseip_usage
+ exit $OCF_SUCCESS
+ ;;
+esac
-AWSCLI="${OCF_RESKEY_awscli}"
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
+ if [ -z "${OCF_RESKEY_region}" ]; then
+ ocf_exit_reason "region needs to be set when using role-based authentication"
+ exit $OCF_ERR_CONFIGURED
+ fi
+else
+ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}"
+ exit $OCF_ERR_CONFIGURED
+fi
+if [ -n "${OCF_RESKEY_region}" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
+fi
ELASTIC_IP="${OCF_RESKEY_elastic_ip}"
ALLOCATION_ID="${OCF_RESKEY_allocation_id}"
PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}"
@@ -272,10 +310,6 @@ case $__OCF_ACTION in
validate|validate-all)
awseip_validate
;;
- usage|help)
- awseip_usage
- exit $OCF_SUCCESS
- ;;
*)
awseip_usage
exit $OCF_ERR_UNIMPLEMENTED
diff --git a/heartbeat/awsvip b/heartbeat/awsvip
index 037278e296..bdb4d68dd0 100755
--- a/heartbeat/awsvip
+++ b/heartbeat/awsvip
@@ -23,7 +23,8 @@
#
# Prerequisites:
#
-# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.)
+# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.) or
+# (AWSRole) Setup up relevant AWS Policies to allow agent related functions to be executed.
# - a reserved secondary private IP address for EC2 instances high availablity
# - IAM user role with the following permissions:
# * DescribeInstances
@@ -43,11 +44,15 @@
# Defaults
#
OCF_RESKEY_awscli_default="/usr/bin/aws"
+OCF_RESKEY_auth_type_default="key"
OCF_RESKEY_profile_default="default"
+OCF_RESKEY_region_default=""
OCF_RESKEY_api_delay_default="3"
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
+: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
: ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
meta_data() {
@@ -62,7 +67,7 @@ Resource Agent for Amazon AWS Secondary Private IP Addresses.
It manages AWS Secondary Private IP Addresses with awscli.
-Credentials needs to be setup by running "aws configure".
+Credentials needs to be setup by running "aws configure", or by using AWS Policies.
See https://aws.amazon.com/cli/ for more information about awscli.
</longdesc>
@@ -78,6 +83,15 @@ command line tools for aws services
<content type="string" default="${OCF_RESKEY_awscli_default}" />
</parameter>
+<parameter name="auth_type">
+<longdesc lang="en">
+Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure",
+or "role" to use AWS Policies.
+</longdesc>
+<shortdesc lang="en">Authentication type</shortdesc>
+<content type="string" default="${OCF_RESKEY_auth_type_default}" />
+</parameter>
+
<parameter name="profile">
<longdesc lang="en">
Valid AWS CLI profile name (see ~/.aws/config and 'aws configure')
@@ -94,6 +108,14 @@ reserved secondary private ip for ec2 instance
<content type="string" default="" />
</parameter>
+<parameter name="region" required="0">
+<longdesc lang="en">
+Region for AWS resource (required for role-based authentication)
+</longdesc>
+<shortdesc lang="en">Region</shortdesc>
+<content type="string" default="${OCF_RESKEY_region_default}" />
+</parameter>
+
<parameter name="api_delay" unique="0">
<longdesc lang="en">
a short delay between API calls, to avoid sending API too quick
@@ -131,7 +153,7 @@ END
awsvip_start() {
awsvip_monitor && return $OCF_SUCCESS
- $AWSCLI --profile $OCF_RESKEY_profile ec2 assign-private-ip-addresses \
+ $AWSCLI_CMD ec2 assign-private-ip-addresses \
--network-interface-id ${NETWORK_ID} \
--private-ip-addresses ${SECONDARY_PRIVATE_IP} \
--allow-reassignment
@@ -151,7 +173,7 @@ awsvip_start() {
awsvip_stop() {
awsvip_monitor || return $OCF_SUCCESS
- $AWSCLI --profile $OCF_RESKEY_profile ec2 unassign-private-ip-addresses \
+ $AWSCLI_CMD ec2 unassign-private-ip-addresses \
--network-interface-id ${NETWORK_ID} \
--private-ip-addresses ${SECONDARY_PRIVATE_IP}
RET=$?
@@ -168,7 +190,7 @@ awsvip_stop() {
}
awsvip_monitor() {
- $AWSCLI --profile ${OCF_RESKEY_profile} ec2 describe-instances \
+ $AWSCLI_CMD ec2 describe-instances \
--instance-id "${INSTANCE_ID}" \
--query 'Reservations[].Instances[].NetworkInterfaces[].PrivateIpAddresses[].PrivateIpAddress[]' \
--output text | \
@@ -182,9 +204,9 @@ awsvip_monitor() {
}
awsvip_validate() {
- check_binary ${AWSCLI}
+ check_binary "${OCF_RESKEY_awscli}"
- if [ -z "$OCF_RESKEY_profile" ]; then
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then
ocf_exit_reason "profile parameter not set"
return $OCF_ERR_CONFIGURED
fi
@@ -202,9 +224,27 @@ case $__OCF_ACTION in
meta_data
exit $OCF_SUCCESS
;;
+ usage|help)
+ awsvip_usage
+ exit $OCF_SUCCESS
+ ;;
esac
-AWSCLI="${OCF_RESKEY_awscli}"
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
+ if [ -z "${OCF_RESKEY_region}" ]; then
+ ocf_exit_reason "region needs to be set when using role-based authentication"
+ exit $OCF_ERR_CONFIGURED
+ fi
+else
+ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}"
+ exit $OCF_ERR_CONFIGURED
+fi
+if [ -n "${OCF_RESKEY_region}" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
+fi
SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}"
TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
@@ -236,10 +276,6 @@ case $__OCF_ACTION in
validate|validate-all)
awsvip_validate
;;
- usage|help)
- awsvip_usage
- exit $OCF_SUCCESS
- ;;
*)
awsvip_usage
exit $OCF_ERR_UNIMPLEMENTED

View File

@ -0,0 +1,22 @@
From b23ba4eaefb500199c4845751f4c5545c81f42f1 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Mon, 20 Nov 2023 16:37:37 +0100
Subject: [PATCH 2/2] findif: also check that netmaskbits != EOS
---
tools/findif.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/findif.c b/tools/findif.c
index a25395fec..ab108a3c4 100644
--- a/tools/findif.c
+++ b/tools/findif.c
@@ -669,7 +669,7 @@ main(int argc, char ** argv) {
}
}
- if (netmaskbits) {
+ if (netmaskbits != NULL && *netmaskbits != EOS) {
best_netmask = netmask;
}else if (best_netmask == 0L) {
/*

View File

@ -0,0 +1,23 @@
From a9c4aeb971e9f4963345d0e215b729def62dd27c Mon Sep 17 00:00:00 2001
From: pepadelic <162310096+pepadelic@users.noreply.github.com>
Date: Mon, 15 Apr 2024 13:52:54 +0200
Subject: [PATCH] Update db2: fix OCF_SUCESS name in db2_notify
fix OCF_SUCESS to OCF_SUCCESS in db2_notify
---
heartbeat/db2 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/heartbeat/db2 b/heartbeat/db2
index 95447ab6cb..1cd66f15af 100755
--- a/heartbeat/db2
+++ b/heartbeat/db2
@@ -848,7 +848,7 @@ db2_notify() {
# only interested in pre-start
[ $OCF_RESKEY_CRM_meta_notify_type = pre \
- -a $OCF_RESKEY_CRM_meta_notify_operation = start ] || return $OCF_SUCESS
+ -a $OCF_RESKEY_CRM_meta_notify_operation = start ] || return $OCF_SUCCESS
# gets FIRST_ACTIVE_LOG
db2_get_cfg $dblist || return $?

View File

@ -0,0 +1,343 @@
From fc0657b936f6a58f741e33f851b22f82bc68bffa Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Tue, 6 Feb 2024 13:28:12 +0100
Subject: [PATCH 1/2] ocf-shellfuncs: add curl_retry()
---
heartbeat/ocf-shellfuncs.in | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in
index c5edb6f57..a69a9743d 100644
--- a/heartbeat/ocf-shellfuncs.in
+++ b/heartbeat/ocf-shellfuncs.in
@@ -672,6 +672,40 @@ EOF
systemctl daemon-reload
}
+# usage: curl_retry RETRIES SLEEP ARGS URL
+#
+# Use --show-error in ARGS to log HTTP error code
+#
+# returns:
+# 0 success
+# exit:
+# 1 fail
+curl_retry()
+{
+ local retries=$1 sleep=$2 opts=$3 url=$4
+ local tries=$(($retries + 1))
+ local args="--fail $opts $url"
+ local result rc
+
+ for try in $(seq $tries); do
+ ocf_log debug "curl $args try $try of $tries"
+ result=$(echo "$args" | xargs curl 2>&1)
+ rc=$?
+
+ ocf_log debug "result: $result"
+ [ $rc -eq 0 ] && break
+ sleep $sleep
+ done
+
+ if [ $rc -ne 0 ]; then
+ ocf_exit_reason "curl $args failed $tries tries"
+ exit $OCF_ERR_GENERIC
+ fi
+
+ echo "$result"
+ return $rc
+}
+
# usage: crm_mon_no_validation args...
# run crm_mon without any cib schema validation
# This is useful when an agent runs in a bundle to avoid potential
From 80d330557319bdae9e45aad1279e435fc481d4e7 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Tue, 6 Feb 2024 13:28:25 +0100
Subject: [PATCH 2/2] AWS agents: use curl_retry()
---
heartbeat/aws-vpc-move-ip | 35 ++++++++++++++++++++++++++---------
heartbeat/aws-vpc-route53.in | 27 +++++++++++++++++++++++++--
heartbeat/awseip | 36 +++++++++++++++++++++++++++++++-----
heartbeat/awsvip | 32 ++++++++++++++++++++++++++++----
4 files changed, 110 insertions(+), 20 deletions(-)
diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip
index 54806f6ea..6115e5ba8 100755
--- a/heartbeat/aws-vpc-move-ip
+++ b/heartbeat/aws-vpc-move-ip
@@ -47,6 +47,8 @@ OCF_RESKEY_interface_default="eth0"
OCF_RESKEY_iflabel_default=""
OCF_RESKEY_monapi_default="false"
OCF_RESKEY_lookup_type_default="InstanceId"
+OCF_RESKEY_curl_retries_default="3"
+OCF_RESKEY_curl_sleep_default="1"
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
@@ -60,6 +62,8 @@ OCF_RESKEY_lookup_type_default="InstanceId"
: ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}}
: ${OCF_RESKEY_monapi=${OCF_RESKEY_monapi_default}}
: ${OCF_RESKEY_lookup_type=${OCF_RESKEY_lookup_type_default}}
+: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
+: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
#######################################################################
@@ -194,6 +198,22 @@ Name of resource type to lookup in route table.
<content type="string" default="${OCF_RESKEY_lookup_type_default}" />
</parameter>
+<parameter name="curl_retries" unique="0">
+<longdesc lang="en">
+curl retries before failing
+</longdesc>
+<shortdesc lang="en">curl retries</shortdesc>
+<content type="integer" default="${OCF_RESKEY_curl_retries_default}" />
+</parameter>
+
+<parameter name="curl_sleep" unique="0">
+<longdesc lang="en">
+curl sleep between tries
+</longdesc>
+<shortdesc lang="en">curl sleep</shortdesc>
+<content type="integer" default="${OCF_RESKEY_curl_sleep_default}" />
+</parameter>
+
</parameters>
<actions>
@@ -250,8 +270,10 @@ ec2ip_validate() {
fi
fi
- TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
- EC2_INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
+ TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+ EC2_INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
if [ -z "${EC2_INSTANCE_ID}" ]; then
ocf_exit_reason "Instance ID not found. Is this a EC2 instance?"
@@ -365,14 +387,9 @@ ec2ip_get_instance_eni() {
fi
ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}"
- cmd="curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id -H \"X-aws-ec2-metadata-token: $TOKEN\""
- ocf_log debug "executing command: $cmd"
+ cmd="curl_retry \"$OCF_RESKEY_curl_retries\" \"$OCF_RESKEY_curl_sleep\" \"--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'\" \"http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id\""
EC2_NETWORK_INTERFACE_ID="$(eval $cmd)"
- rc=$?
- if [ $rc != 0 ]; then
- ocf_log warn "command failed, rc: $rc"
- return $OCF_ERR_GENERIC
- fi
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
ocf_log debug "network interface id associated MAC address ${MAC_ADDR}: ${EC2_NETWORK_INTERFACE_ID}"
echo $EC2_NETWORK_INTERFACE_ID
}
diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in
index 18ab157e8..eba2ed95c 100644
--- a/heartbeat/aws-vpc-route53.in
+++ b/heartbeat/aws-vpc-route53.in
@@ -53,6 +53,8 @@ OCF_RESKEY_hostedzoneid_default=""
OCF_RESKEY_fullname_default=""
OCF_RESKEY_ip_default="local"
OCF_RESKEY_ttl_default=10
+OCF_RESKEY_curl_retries_default="3"
+OCF_RESKEY_curl_sleep_default="1"
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
@@ -62,6 +64,8 @@ OCF_RESKEY_ttl_default=10
: ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}}
: ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}}
: ${OCF_RESKEY_ttl:=${OCF_RESKEY_ttl_default}}
+: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
+: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
usage() {
cat <<-EOT
@@ -185,6 +189,22 @@ Time to live for Route53 ARECORD
<shortdesc lang="en">ARECORD TTL</shortdesc>
<content type="string" default="${OCF_RESKEY_ttl_default}" />
</parameter>
+
+<parameter name="curl_retries" unique="0">
+<longdesc lang="en">
+curl retries before failing
+</longdesc>
+<shortdesc lang="en">curl retries</shortdesc>
+<content type="integer" default="${OCF_RESKEY_curl_retries_default}" />
+</parameter>
+
+<parameter name="curl_sleep" unique="0">
+<longdesc lang="en">
+curl sleep between tries
+</longdesc>
+<shortdesc lang="en">curl sleep</shortdesc>
+<content type="integer" default="${OCF_RESKEY_curl_sleep_default}" />
+</parameter>
</parameters>
<actions>
@@ -357,8 +377,11 @@ r53_monitor() {
_get_ip() {
case $OCF_RESKEY_ip in
local|public)
- TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
- IPADDRESS=$(curl -s http://169.254.169.254/latest/meta-data/${OCF_RESKEY_ip}-ipv4 -H "X-aws-ec2-metadata-token: $TOKEN");;
+ TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+ IPADDRESS=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/${OCF_RESKEY_ip}-ipv4")
+ [ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+ ;;
*.*.*.*)
IPADDRESS="${OCF_RESKEY_ip}";;
esac
diff --git a/heartbeat/awseip b/heartbeat/awseip
index 49b0ca615..ffb6223a1 100755
--- a/heartbeat/awseip
+++ b/heartbeat/awseip
@@ -49,12 +49,16 @@ OCF_RESKEY_auth_type_default="key"
OCF_RESKEY_profile_default="default"
OCF_RESKEY_region_default=""
OCF_RESKEY_api_delay_default="3"
+OCF_RESKEY_curl_retries_default="3"
+OCF_RESKEY_curl_sleep_default="1"
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
: ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
+: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
+: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
meta_data() {
cat <<END
@@ -141,6 +145,22 @@ a short delay between API calls, to avoid sending API too quick
<content type="integer" default="${OCF_RESKEY_api_delay_default}" />
</parameter>
+<parameter name="curl_retries" unique="0">
+<longdesc lang="en">
+curl retries before failing
+</longdesc>
+<shortdesc lang="en">curl retries</shortdesc>
+<content type="integer" default="${OCF_RESKEY_curl_retries_default}" />
+</parameter>
+
+<parameter name="curl_sleep" unique="0">
+<longdesc lang="en">
+curl sleep between tries
+</longdesc>
+<shortdesc lang="en">curl sleep</shortdesc>
+<content type="integer" default="${OCF_RESKEY_curl_sleep_default}" />
+</parameter>
+
</parameters>
<actions>
@@ -171,14 +191,18 @@ awseip_start() {
awseip_monitor && return $OCF_SUCCESS
if [ -n "${PRIVATE_IP_ADDRESS}" ]; then
- NETWORK_INTERFACES_MACS=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/ -H "X-aws-ec2-metadata-token: $TOKEN")
+ NETWORK_INTERFACES_MACS=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "-s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/network/interfaces/macs/")
for MAC in ${NETWORK_INTERFACES_MACS}; do
- curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/local-ipv4s -H "X-aws-ec2-metadata-token: $TOKEN" |
+ curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "-s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC%/*}/local-ipv4s" |
grep -q "^${PRIVATE_IP_ADDRESS}$"
if [ $? -eq 0 ]; then
- NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN")
+ NETWORK_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "-s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC%/*}/interface-id")
fi
done
+ if [ -z "$NETWORK_ID" ]; then
+ ocf_exit_reason "Could not find network interface for private_ip_address: $PRIVATE_IP_ADDRESS"
+ exit $OCF_ERR_GENERIC
+ fi
$AWSCLI_CMD ec2 associate-address \
--network-interface-id ${NETWORK_ID} \
--allocation-id ${ALLOCATION_ID} \
@@ -282,8 +306,10 @@ fi
ELASTIC_IP="${OCF_RESKEY_elastic_ip}"
ALLOCATION_ID="${OCF_RESKEY_allocation_id}"
PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}"
-TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
-INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
+TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
case $__OCF_ACTION in
start)
diff --git a/heartbeat/awsvip b/heartbeat/awsvip
index bdb4d68dd..f2b238a0f 100755
--- a/heartbeat/awsvip
+++ b/heartbeat/awsvip
@@ -48,12 +48,16 @@ OCF_RESKEY_auth_type_default="key"
OCF_RESKEY_profile_default="default"
OCF_RESKEY_region_default=""
OCF_RESKEY_api_delay_default="3"
+OCF_RESKEY_curl_retries_default="3"
+OCF_RESKEY_curl_sleep_default="1"
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
: ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
+: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}}
+: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}}
meta_data() {
cat <<END
@@ -124,6 +128,22 @@ a short delay between API calls, to avoid sending API too quick
<content type="integer" default="${OCF_RESKEY_api_delay_default}" />
</parameter>
+<parameter name="curl_retries" unique="0">
+<longdesc lang="en">
+curl retries before failing
+</longdesc>
+<shortdesc lang="en">curl retries</shortdesc>
+<content type="integer" default="${OCF_RESKEY_curl_retries_default}" />
+</parameter>
+
+<parameter name="curl_sleep" unique="0">
+<longdesc lang="en">
+curl sleep between tries
+</longdesc>
+<shortdesc lang="en">curl sleep</shortdesc>
+<content type="integer" default="${OCF_RESKEY_curl_sleep_default}" />
+</parameter>
+
</parameters>
<actions>
@@ -246,10 +266,14 @@ if [ -n "${OCF_RESKEY_region}" ]; then
AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
fi
SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}"
-TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
-INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
-MAC_ADDRESS=$(curl -s http://169.254.169.254/latest/meta-data/mac -H "X-aws-ec2-metadata-token: $TOKEN")
-NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDRESS}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN")
+TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token")
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id")
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+MAC_ADDRESS=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/mac")
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
+NETWORK_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDRESS}/interface-id")
+[ $? -ne 0 ] && exit $OCF_ERR_GENERIC
case $__OCF_ACTION in
start)

View File

@ -0,0 +1,48 @@
From accff72ecc2f6cf5a76d9570198a93ac7c90270e Mon Sep 17 00:00:00 2001
From: Quentin Pradet <quentin.pradet@gmail.com>
Date: Mon, 17 Jun 2024 11:09:06 +0400
Subject: [PATCH] Merge pull request from GHSA-34jh-p97f-mpxf
* Strip Proxy-Authorization header on redirects
* Fix test_retry_default_remove_headers_on_redirect
* Set release date
---
CHANGES.rst | 5 +++++
src/urllib3/util/retry.py | 4 +++-
test/test_retry.py | 6 ++++-
test/with_dummyserver/test_poolmanager.py | 27 ++++++++++++++++++++---
4 files changed, 37 insertions(+), 5 deletions(-)
diff --git a/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py b/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py
index 7a76a4a6ad..0456cceba4 100644
--- a/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py
+++ b/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3/util/retry.py
@@ -189,7 +189,9 @@ class Retry:
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
#: Default headers to be used for ``remove_headers_on_redirect``
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
+ ["Cookie", "Authorization", "Proxy-Authorization"]
+ )
#: Default maximum backoff time.
DEFAULT_BACKOFF_MAX = 120
diff --git a/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py b/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py
index 7a76a4a6ad..0456cceba4 100644
--- a/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py
+++ b/gcp/google-cloud-sdk/lib/third_party/urllib3/util/retry.py
@@ -189,7 +189,9 @@ class Retry:
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
#: Default headers to be used for ``remove_headers_on_redirect``
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
+ ["Cookie", "Authorization", "Proxy-Authorization"]
+ )
#: Default maximum backoff time.
DEFAULT_BACKOFF_MAX = 120

View File

@ -0,0 +1,201 @@
--- a/setuptools/package_index.py 1980-01-01 09:00:00.000000000 +0100
+++ b/setuptools/package_index.py 2024-07-25 10:11:40.537307665 +0200
@@ -1,5 +1,6 @@
"""PyPI and direct package downloading"""
import sys
+import subprocess
import os
import re
import shutil
@@ -563,7 +564,7 @@
scheme = URL_SCHEME(spec)
if scheme:
# It's a url, download it to tmpdir
- found = self._download_url(scheme.group(1), spec, tmpdir)
+ found = self._download_url(spec, tmpdir)
base, fragment = egg_info_for_url(spec)
if base.endswith('.py'):
found = self.gen_setup(found, fragment, tmpdir)
@@ -775,7 +776,7 @@
raise DistutilsError("Download error for %s: %s"
% (url, v))
- def _download_url(self, scheme, url, tmpdir):
+ def _download_url(self, url, tmpdir):
# Determine download filename
#
name, fragment = egg_info_for_url(url)
@@ -790,19 +791,59 @@
filename = os.path.join(tmpdir, name)
- # Download the file
- #
- if scheme == 'svn' or scheme.startswith('svn+'):
- return self._download_svn(url, filename)
- elif scheme == 'git' or scheme.startswith('git+'):
- return self._download_git(url, filename)
- elif scheme.startswith('hg+'):
- return self._download_hg(url, filename)
- elif scheme == 'file':
- return urllib.request.url2pathname(urllib.parse.urlparse(url)[2])
- else:
- self.url_ok(url, True) # raises error if not allowed
- return self._attempt_download(url, filename)
+ return self._download_vcs(url, filename) or self._download_other(url, filename)
+
+ @staticmethod
+ def _resolve_vcs(url):
+ """
+ >>> rvcs = PackageIndex._resolve_vcs
+ >>> rvcs('git+http://foo/bar')
+ 'git'
+ >>> rvcs('hg+https://foo/bar')
+ 'hg'
+ >>> rvcs('git:myhost')
+ 'git'
+ >>> rvcs('hg:myhost')
+ >>> rvcs('http://foo/bar')
+ """
+ scheme = urllib.parse.urlsplit(url).scheme
+ pre, sep, post = scheme.partition('+')
+ # svn and git have their own protocol; hg does not
+ allowed = set(['svn', 'git'] + ['hg'] * bool(sep))
+ return next(iter({pre} & allowed), None)
+
+ def _download_vcs(self, url, spec_filename):
+ vcs = self._resolve_vcs(url)
+ if not vcs:
+ return
+ if vcs == 'svn':
+ raise DistutilsError(
+ f"Invalid config, SVN download is not supported: {url}"
+ )
+
+ filename, _, _ = spec_filename.partition('#')
+ url, rev = self._vcs_split_rev_from_url(url)
+
+ self.info(f"Doing {vcs} clone from {url} to {filename}")
+ subprocess.check_call([vcs, 'clone', '--quiet', url, filename])
+
+ co_commands = dict(
+ git=[vcs, '-C', filename, 'checkout', '--quiet', rev],
+ hg=[vcs, '--cwd', filename, 'up', '-C', '-r', rev, '-q'],
+ )
+ if rev is not None:
+ self.info(f"Checking out {rev}")
+ subprocess.check_call(co_commands[vcs])
+
+ return filename
+
+ def _download_other(self, url, filename):
+ scheme = urllib.parse.urlsplit(url).scheme
+ if scheme == 'file': # pragma: no cover
+ return urllib.request.url2pathname(urllib.parse.urlparse(url).path)
+ # raise error if not allowed
+ self.url_ok(url, True)
+ return self._attempt_download(url, filename)
def scan_url(self, url):
self.process_url(url, True)
@@ -829,76 +870,37 @@
os.unlink(filename)
raise DistutilsError("Unexpected HTML page found at " + url)
- def _download_svn(self, url, filename):
- url = url.split('#', 1)[0] # remove any fragment for svn's sake
- creds = ''
- if url.lower().startswith('svn:') and '@' in url:
- scheme, netloc, path, p, q, f = urllib.parse.urlparse(url)
- if not netloc and path.startswith('//') and '/' in path[2:]:
- netloc, path = path[2:].split('/', 1)
- auth, host = splituser(netloc)
- if auth:
- if ':' in auth:
- user, pw = auth.split(':', 1)
- creds = " --username=%s --password=%s" % (user, pw)
- else:
- creds = " --username=" + auth
- netloc = host
- parts = scheme, netloc, url, p, q, f
- url = urllib.parse.urlunparse(parts)
- self.info("Doing subversion checkout from %s to %s", url, filename)
- os.system("svn checkout%s -q %s %s" % (creds, url, filename))
- return filename
-
@staticmethod
- def _vcs_split_rev_from_url(url, pop_prefix=False):
- scheme, netloc, path, query, frag = urllib.parse.urlsplit(url)
-
- scheme = scheme.split('+', 1)[-1]
-
- # Some fragment identification fails
- path = path.split('#', 1)[0]
-
- rev = None
- if '@' in path:
- path, rev = path.rsplit('@', 1)
-
- # Also, discard fragment
- url = urllib.parse.urlunsplit((scheme, netloc, path, query, ''))
-
- return url, rev
-
- def _download_git(self, url, filename):
- filename = filename.split('#', 1)[0]
- url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True)
-
- self.info("Doing git clone from %s to %s", url, filename)
- os.system("git clone --quiet %s %s" % (url, filename))
+ def _vcs_split_rev_from_url(url):
+ """
+ Given a possible VCS URL, return a clean URL and resolved revision if any.
- if rev is not None:
- self.info("Checking out %s", rev)
- os.system("(cd %s && git checkout --quiet %s)" % (
- filename,
- rev,
- ))
+ >>> vsrfu = PackageIndex._vcs_split_rev_from_url
+ >>> vsrfu('git+https://github.com/pypa/setuptools@v69.0.0#egg-info=setuptools')
+ ('https://github.com/pypa/setuptools', 'v69.0.0')
+ >>> vsrfu('git+https://github.com/pypa/setuptools#egg-info=setuptools')
+ ('https://github.com/pypa/setuptools', None)
+ >>> vsrfu('http://foo/bar')
+ ('http://foo/bar', None)
+ """
+ parts = urllib.parse.urlsplit(url)
- return filename
+ clean_scheme = parts.scheme.split('+', 1)[-1]
- def _download_hg(self, url, filename):
- filename = filename.split('#', 1)[0]
- url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True)
+ # Some fragment identification fails
+ no_fragment_path, _, _ = parts.path.partition('#')
- self.info("Doing hg clone from %s to %s", url, filename)
- os.system("hg clone --quiet %s %s" % (url, filename))
+ pre, sep, post = no_fragment_path.rpartition('@')
+ clean_path, rev = (pre, post) if sep else (post, None)
- if rev is not None:
- self.info("Updating to %s", rev)
- os.system("(cd %s && hg up -C -r %s >&-)" % (
- filename,
- rev,
- ))
+ resolved = parts._replace(
+ scheme=clean_scheme,
+ path=clean_path,
+ # discard the fragment
+ fragment='',
+ ).geturl()
- return filename
+ return resolved, rev
def debug(self, msg, *args):
log.debug(msg, *args)

View File

@ -0,0 +1,38 @@
From 38eaf00bc81af7530c56eba282918762a47a9326 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Thu, 19 Sep 2024 13:01:53 +0200
Subject: [PATCH] nfsserver: also stop rpc-statd for nfsv4_only to avoid stop
failing in some cases
E.g. nfs_no_notify=true nfsv4_only=true nfs_shared_infodir=/nfsmq/nfsinfo would cause a "Failed to unmount a bind mount" error
---
heartbeat/nfsserver | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/heartbeat/nfsserver b/heartbeat/nfsserver
index 5793d7a70..fd9268afc 100755
--- a/heartbeat/nfsserver
+++ b/heartbeat/nfsserver
@@ -947,15 +947,13 @@ nfsserver_stop ()
sleep 1
done
- if ! ocf_is_true "$OCF_RESKEY_nfsv4_only"; then
- nfs_exec stop rpc-statd > /dev/null 2>&1
- ocf_log info "Stop: rpc-statd"
- rpcinfo -t localhost 100024 > /dev/null 2>&1
- rc=$?
- if [ "$rc" -eq "0" ]; then
- ocf_exit_reason "Failed to stop rpc-statd"
- return $OCF_ERR_GENERIC
- fi
+ nfs_exec stop rpc-statd > /dev/null 2>&1
+ ocf_log info "Stop: rpc-statd"
+ rpcinfo -t localhost 100024 > /dev/null 2>&1
+ rc=$?
+ if [ "$rc" -eq "0" ]; then
+ ocf_exit_reason "Failed to stop rpc-statd"
+ return $OCF_ERR_GENERIC
fi
nfs_exec stop nfs-idmapd > /dev/null 2>&1

View File

@ -0,0 +1,68 @@
From fcceb714085836de9db4493b527e94d85dd72626 Mon Sep 17 00:00:00 2001
From: ut002970 <liuxingwei@uniontech.com>
Date: Wed, 6 Sep 2023 15:27:05 +0800
Subject: [PATCH 1/3] modify error message
---
heartbeat/mysql-common.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/heartbeat/mysql-common.sh b/heartbeat/mysql-common.sh
index 8104019b03..a93acc4c60 100755
--- a/heartbeat/mysql-common.sh
+++ b/heartbeat/mysql-common.sh
@@ -254,7 +254,7 @@ mysql_common_start()
while [ $start_wait = 1 ]; do
if ! ps $pid > /dev/null 2>&1; then
wait $pid
- ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), please check your installation"
+ ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), please check your installation, log message you can check $OCF_RESKEY_log"
return $OCF_ERR_GENERIC
fi
mysql_common_status info
From 8f9b344cd5b3cb96ea0f94b7ab0306da2234ac00 Mon Sep 17 00:00:00 2001
From: ut002970 <liuxingwei@uniontech.com>
Date: Wed, 6 Sep 2023 15:56:24 +0800
Subject: [PATCH 2/3] modify error message
---
heartbeat/mysql-common.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/heartbeat/mysql-common.sh b/heartbeat/mysql-common.sh
index a93acc4c60..d5b2286737 100755
--- a/heartbeat/mysql-common.sh
+++ b/heartbeat/mysql-common.sh
@@ -254,7 +254,7 @@ mysql_common_start()
while [ $start_wait = 1 ]; do
if ! ps $pid > /dev/null 2>&1; then
wait $pid
- ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), please check your installation, log message you can check $OCF_RESKEY_log"
+ ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), Check $OCF_RESKEY_log for details"
return $OCF_ERR_GENERIC
fi
mysql_common_status info
From a292b3c552bf3f2beea5f73e0d171546c0a1273c Mon Sep 17 00:00:00 2001
From: ut002970 <liuxingwei@uniontech.com>
Date: Wed, 6 Sep 2023 16:10:48 +0800
Subject: [PATCH 3/3] modify error message
---
heartbeat/mysql-common.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/heartbeat/mysql-common.sh b/heartbeat/mysql-common.sh
index d5b2286737..d6b4e3cdf4 100755
--- a/heartbeat/mysql-common.sh
+++ b/heartbeat/mysql-common.sh
@@ -254,7 +254,7 @@ mysql_common_start()
while [ $start_wait = 1 ]; do
if ! ps $pid > /dev/null 2>&1; then
wait $pid
- ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), Check $OCF_RESKEY_log for details"
+ ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?). Check $OCF_RESKEY_log for details"
return $OCF_ERR_GENERIC
fi
mysql_common_status info

View File

@ -0,0 +1,70 @@
From 706b48fd93a75a582c538013aea1418b6ed69dd0 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Thu, 9 Mar 2023 15:57:59 +0100
Subject: [PATCH] mysql: promotable fixes to avoid nodes getting bounced around
by setting -v 1/-v 2, and added OCF_CHECK_LEVEL=10 for promotable resources
to be able to distinguish between promoted and not
---
heartbeat/mysql | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/heartbeat/mysql b/heartbeat/mysql
index 9ab49ab20e..29ed427319 100755
--- a/heartbeat/mysql
+++ b/heartbeat/mysql
@@ -757,6 +757,10 @@ mysql_monitor() {
status_loglevel="info"
fi
+ if ocf_is_ms; then
+ OCF_CHECK_LEVEL=10
+ fi
+
mysql_common_status $status_loglevel
rc=$?
@@ -777,7 +781,13 @@ mysql_monitor() {
return $rc
fi
- if [ $OCF_CHECK_LEVEL -gt 0 -a -n "$OCF_RESKEY_test_table" ]; then
+ if [ $OCF_CHECK_LEVEL -eq 10 ]; then
+ if [ -z "$OCF_RESKEY_test_table" ]; then
+ ocf_exit_reason "test_table not set"
+ return $OCF_ERR_CONFIGURED
+
+ fi
+
# Check if this instance is configured as a slave, and if so
# check slave status
if is_slave; then
@@ -795,18 +805,16 @@ mysql_monitor() {
ocf_exit_reason "Failed to select from $test_table";
return $OCF_ERR_GENERIC;
fi
- else
- # In case no exnteded tests are enabled and we are in master/slave mode _always_ set the master score to 1 if we reached this point
- ocf_is_ms && $CRM_MASTER -v 1
fi
if ocf_is_ms && ! get_read_only; then
ocf_log debug "MySQL monitor succeeded (master)";
# Always set master score for the master
- $CRM_MASTER -v 2
+ $CRM_MASTER -v $((${OCF_RESKEY_max_slave_lag}+1))
return $OCF_RUNNING_MASTER
else
ocf_log debug "MySQL monitor succeeded";
+ ocf_is_ms && $CRM_MASTER -v 1
return $OCF_SUCCESS
fi
}
@@ -873,7 +881,6 @@ mysql_start() {
# preference set by the administrator. We choose a low
# greater-than-zero preference.
$CRM_MASTER -v 1
-
fi
# Initial monitor action

View File

@ -0,0 +1,32 @@
From 34483f8029ea9ab25220cfee71d53adaf5aacaa0 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Wed, 14 Jun 2023 14:37:01 +0200
Subject: [PATCH] mysql: fix promotion_score bouncing between ~3600 and 1 on
demoted nodes
---
heartbeat/mysql | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/heartbeat/mysql b/heartbeat/mysql
index 29ed42731..1df2fc0f2 100755
--- a/heartbeat/mysql
+++ b/heartbeat/mysql
@@ -517,17 +517,6 @@ check_slave() {
exit $OCF_ERR_INSTALLED
fi
- elif ocf_is_ms; then
- # Even if we're not set to evict lagging slaves, we can
- # still use the seconds behind master value to set our
- # master preference.
- local master_pref
- master_pref=$((${OCF_RESKEY_max_slave_lag}-${secs_behind}))
- if [ $master_pref -lt 0 ]; then
- # Sanitize a below-zero preference to just zero
- master_pref=0
- fi
- $CRM_MASTER -v $master_pref
fi
# is the slave ok to have a VIP on it

View File

@ -0,0 +1,84 @@
From 4d87bcfe5df8a1e40ee945e095ac9e7cca147ec4 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Wed, 29 Jun 2022 10:26:25 +0200
Subject: [PATCH] IPaddr2/IPsrcaddr: add/modify table parameter to be able to
find interface while using policy based routing
---
heartbeat/IPaddr2 | 12 ++++++++++++
heartbeat/IPsrcaddr | 5 ++++-
heartbeat/findif.sh | 2 +-
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2
index 97a7431a2..e8384c586 100755
--- a/heartbeat/IPaddr2
+++ b/heartbeat/IPaddr2
@@ -73,6 +73,7 @@ OCF_RESKEY_ip_default=""
OCF_RESKEY_cidr_netmask_default=""
OCF_RESKEY_broadcast_default=""
OCF_RESKEY_iflabel_default=""
+OCF_RESKEY_table_default=""
OCF_RESKEY_cidr_netmask_default=""
OCF_RESKEY_lvs_support_default=false
OCF_RESKEY_lvs_ipv6_addrlabel_default=false
@@ -97,6 +98,7 @@ OCF_RESKEY_network_namespace_default=""
: ${OCF_RESKEY_cidr_netmask=${OCF_RESKEY_cidr_netmask_default}}
: ${OCF_RESKEY_broadcast=${OCF_RESKEY_broadcast_default}}
: ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}}
+: ${OCF_RESKEY_table=${OCF_RESKEY_table_default}}
: ${OCF_RESKEY_lvs_support=${OCF_RESKEY_lvs_support_default}}
: ${OCF_RESKEY_lvs_ipv6_addrlabel=${OCF_RESKEY_lvs_ipv6_addrlabel_default}}
: ${OCF_RESKEY_lvs_ipv6_addrlabel_value=${OCF_RESKEY_lvs_ipv6_addrlabel_value_default}}
@@ -239,6 +241,16 @@ If a label is specified in nic name, this parameter has no effect.
<content type="string" default="${OCF_RESKEY_iflabel_default}"/>
</parameter>
+<parameter name="table">
+<longdesc lang="en">
+Table to use to lookup which interface to use for the IP.
+
+This can be used for policy based routing. See man ip-rule(8).
+</longdesc>
+<shortdesc lang="en">Table</shortdesc>
+<content type="string" default="${OCF_RESKEY_table_default}" />
+</parameter>
+
<parameter name="lvs_support">
<longdesc lang="en">
Enable support for LVS Direct Routing configurations. In case a IP
diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr
index 1bd41a930..cf106cc34 100755
--- a/heartbeat/IPsrcaddr
+++ b/heartbeat/IPsrcaddr
@@ -155,13 +155,16 @@ Metric. Only needed if incorrect metric value is used.
<parameter name="table">
<longdesc lang="en">
-Table to modify. E.g. "local".
+Table to modify and use for interface lookup. E.g. "local".
The table has to have a route matching the "destination" parameter.
+
+This can be used for policy based routing. See man ip-rule(8).
</longdesc>
<shortdesc lang="en">Table</shortdesc>
<content type="string" default="${OCF_RESKEY_table_default}" />
</parameter>
+
</parameters>
<actions>
diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh
index 66bc6d56a..1a40cc9a4 100644
--- a/heartbeat/findif.sh
+++ b/heartbeat/findif.sh
@@ -32,7 +32,7 @@ prefixcheck() {
getnetworkinfo()
{
local line netinfo
- ip -o -f inet route list match $OCF_RESKEY_ip table local scope host | (while read line;
+ ip -o -f inet route list match $OCF_RESKEY_ip table "${OCF_RESKEY_table=local}" scope host | (while read line;
do
netinfo=`echo $line | awk '{print $2}'`
case $netinfo in

View File

@ -0,0 +1,35 @@
From da9e8e691f39494e14f8f11173b6ab6433384396 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Tue, 20 Jun 2023 14:19:23 +0200
Subject: [PATCH] findif.sh: fix table parameter so it uses main table by
default
---
heartbeat/findif.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh
index 1a40cc9a4b..6c04c98c19 100644
--- a/heartbeat/findif.sh
+++ b/heartbeat/findif.sh
@@ -32,7 +32,7 @@ prefixcheck() {
getnetworkinfo()
{
local line netinfo
- ip -o -f inet route list match $OCF_RESKEY_ip table "${OCF_RESKEY_table=local}" scope host | (while read line;
+ ip -o -f inet route list match $OCF_RESKEY_ip table "${OCF_RESKEY_table:=main}" scope host | (while read line;
do
netinfo=`echo $line | awk '{print $2}'`
case $netinfo in
@@ -215,9 +215,9 @@ findif()
fi
if [ -n "$nic" ] ; then
# NIC supports more than two.
- set -- $(ip -o -f $family route list match $match $scope | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
+ set -- $(ip -o -f $family route list match $match $scope table "${OCF_RESKEY_table:=main}" | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
else
- set -- $(ip -o -f $family route list match $match $scope | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
+ set -- $(ip -o -f $family route list match $match $scope table "${OCF_RESKEY_table:=main}" | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}')
fi
if [ $# = 0 ] ; then
case $OCF_RESKEY_ip in

View File

@ -0,0 +1,42 @@
From 2695888c983df331b0fee407a5c69c493a360313 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Wed, 30 Nov 2022 12:07:05 +0100
Subject: [PATCH] lvmlockd: add "use_lvmlockd = 1" if it's commented out or
missing
---
heartbeat/lvmlockd | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/heartbeat/lvmlockd b/heartbeat/lvmlockd
index dc7bd2d7e..f4b299f28 100755
--- a/heartbeat/lvmlockd
+++ b/heartbeat/lvmlockd
@@ -180,14 +180,23 @@ setup_lvm_config()
lock_type=$(echo "$out" | cut -d'=' -f2)
if [ -z "$use_lvmlockd" ]; then
- ocf_exit_reason "\"use_lvmlockd\" not set in /etc/lvm/lvm.conf ..."
- exit $OCF_ERR_CONFIGURED
- fi
+ ocf_log info "adding \"use_lvmlockd=1\" to /etc/lvm/lvm.conf ..."
+ cat >> /etc/lvm/lvm.conf << EOF
+
+global {
+ use_lvmlockd = 1
+}
+EOF
- if [ -n "$use_lvmlockd" ] && [ "$use_lvmlockd" != 1 ] ; then
+ if [ $? -ne 0 ]; then
+ ocf_exit_reason "unable to add \"use_lvmlockd=1\" to /etc/lvm/lvm.conf ..."
+ exit $OCF_ERR_CONFIGURED
+ fi
+ elif [ "$use_lvmlockd" != 1 ] ; then
ocf_log info "setting \"use_lvmlockd=1\" in /etc/lvm/lvm.conf ..."
sed -i 's,^[[:blank:]]*use_lvmlockd[[:blank:]]*=.*,\ \ \ \ use_lvmlockd = 1,g' /etc/lvm/lvm.conf
fi
+
if [ -n "$lock_type" ] ; then
# locking_type was removed from config in v2.03
ocf_version_cmp "$(lvmconfig --version | awk '/LVM ver/ {sub(/\(.*/, "", $3); print $3}')" "2.03"

View File

@ -0,0 +1,24 @@
From e7a748d35fe56f2be727ecae1885a2f1366f41bf Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Wed, 15 Mar 2023 13:03:07 +0100
Subject: [PATCH] ethmonitor: dont log "Interface does not exist" for
monitor-action
---
heartbeat/ethmonitor | 3 +++
1 file changed, 3 insertions(+)
diff --git a/heartbeat/ethmonitor b/heartbeat/ethmonitor
index 451738a0b5..f9c9ef4bdd 100755
--- a/heartbeat/ethmonitor
+++ b/heartbeat/ethmonitor
@@ -271,6 +271,9 @@ if_init() {
validate-all)
ocf_exit_reason "Interface $NIC does not exist"
exit $OCF_ERR_CONFIGURED;;
+ monitor)
+ ocf_log debug "Interface $NIC does not exist"
+ ;;
*)
## It might be a bond interface which is temporarily not available, therefore we want to continue here
ocf_log warn "Interface $NIC does not exist"

View File

@ -0,0 +1,137 @@
From bf89ad06d5da5c05533c80a37a37c8dbbcd123aa Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Thu, 8 Dec 2022 15:40:07 +0100
Subject: [PATCH] galera/mpathpersist/sg_persist/IPsrcaddr: only check notify
and promotable when OCF_CHECK_LEVEL=10
Pacemaker has started running validate-all action before creating the
resource. It doesnt provide notify/promotable settings while doing so,
so this patch moves these checks to OCF_CHECK_LEVEL 10 and runs the
validate action at OCF_CHECK_LEVEL 10 in the start-action.
---
heartbeat/IPsrcaddr | 13 ++++++++-----
heartbeat/galera.in | 9 ++++++---
heartbeat/mpathpersist.in | 13 +++++++++----
heartbeat/sg_persist.in | 13 +++++++++----
4 files changed, 32 insertions(+), 16 deletions(-)
diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr
index 1bd41a930..66e2ad8cd 100755
--- a/heartbeat/IPsrcaddr
+++ b/heartbeat/IPsrcaddr
@@ -510,11 +510,13 @@ srca_validate_all() {
fi
# We should serve this IP address of course
- if ip_status "$ipaddress"; then
- :
- else
- ocf_exit_reason "We are not serving [$ipaddress], hence can not make it a preferred source address"
- return $OCF_ERR_INSTALLED
+ if [ "$OCF_CHECK_LEVEL" -eq 10 ]; then
+ if ip_status "$ipaddress"; then
+ :
+ else
+ ocf_exit_reason "We are not serving [$ipaddress], hence can not make it a preferred source address"
+ return $OCF_ERR_INSTALLED
+ fi
fi
return $OCF_SUCCESS
}
@@ -540,6 +542,7 @@ esac
ipaddress="$OCF_RESKEY_ipaddress"
+[ "$__OCF_ACTION" != "validate-all" ] && OCF_CHECK_LEVEL=10
srca_validate_all
rc=$?
if [ $rc -ne $OCF_SUCCESS ]; then
diff --git a/heartbeat/galera.in b/heartbeat/galera.in
index cd2fee7c0..6aed3e4b6 100755
--- a/heartbeat/galera.in
+++ b/heartbeat/galera.in
@@ -1015,9 +1015,11 @@ galera_stop()
galera_validate()
{
- if ! ocf_is_ms; then
- ocf_exit_reason "Galera must be configured as a multistate Master/Slave resource."
- return $OCF_ERR_CONFIGURED
+ if [ "$OCF_CHECK_LEVEL" -eq 10 ]; then
+ if ! ocf_is_ms; then
+ ocf_exit_reason "Galera must be configured as a multistate Master/Slave resource."
+ return $OCF_ERR_CONFIGURED
+ fi
fi
if [ -z "$OCF_RESKEY_wsrep_cluster_address" ]; then
@@ -1035,6 +1037,7 @@ case "$1" in
exit $OCF_SUCCESS;;
esac
+[ "$__OCF_ACTION" = "start" ] && OCF_CHECK_LEVEL=10
galera_validate
rc=$?
LSB_STATUS_STOPPED=3
diff --git a/heartbeat/mpathpersist.in b/heartbeat/mpathpersist.in
index 0e2c2a4a0..8a46b9930 100644
--- a/heartbeat/mpathpersist.in
+++ b/heartbeat/mpathpersist.in
@@ -630,10 +630,11 @@ mpathpersist_action_notify() {
}
mpathpersist_action_validate_all () {
-
- if [ "$OCF_RESKEY_CRM_meta_master_max" != "1" ] && [ "$RESERVATION_TYPE" != "7" ] && [ "$RESERVATION_TYPE" != "8" ]; then
- ocf_log err "Master options misconfigured."
- exit $OCF_ERR_CONFIGURED
+ if [ "$OCF_CHECK_LEVEL" -eq 10 ]; then
+ if [ "$OCF_RESKEY_CRM_meta_master_max" != "1" ] && [ "$RESERVATION_TYPE" != "7" ] && [ "$RESERVATION_TYPE" != "8" ]; then
+ ocf_log err "Master options misconfigured."
+ exit $OCF_ERR_CONFIGURED
+ fi
fi
return $OCF_SUCCESS
@@ -659,6 +660,10 @@ case $ACTION in
start|promote|monitor|stop|demote)
ocf_log debug "$RESOURCE: starting action \"$ACTION\""
mpathpersist_init
+ if [ "$__OCF_ACTION" = "start" ]; then
+ OCF_CHECK_LEVEL=10
+ mpathpersist_action_validate_all
+ fi
mpathpersist_action_$ACTION
exit $?
;;
diff --git a/heartbeat/sg_persist.in b/heartbeat/sg_persist.in
index 16048ea6f..620c02f4a 100644
--- a/heartbeat/sg_persist.in
+++ b/heartbeat/sg_persist.in
@@ -643,10 +643,11 @@ sg_persist_action_notify() {
}
sg_persist_action_validate_all () {
-
- if [ "$OCF_RESKEY_CRM_meta_master_max" != "1" ] && [ "$RESERVATION_TYPE" != "7" ] && [ "$RESERVATION_TYPE" != "8" ]; then
- ocf_log err "Master options misconfigured."
- exit $OCF_ERR_CONFIGURED
+ if [ "$OCF_CHECK_LEVEL" -eq 10 ]; then
+ if [ "$OCF_RESKEY_CRM_meta_master_max" != "1" ] && [ "$RESERVATION_TYPE" != "7" ] && [ "$RESERVATION_TYPE" != "8" ]; then
+ ocf_log err "Master options misconfigured."
+ exit $OCF_ERR_CONFIGURED
+ fi
fi
return $OCF_SUCCESS
@@ -672,6 +673,10 @@ case $ACTION in
start|promote|monitor|stop|demote)
ocf_log debug "$RESOURCE: starting action \"$ACTION\""
sg_persist_init
+ if [ "$__OCF_ACTION" = "start" ]; then
+ OCF_CHECK_LEVEL=10
+ sg_persist_action_validate_all
+ fi
sg_persist_action_$ACTION
exit $?
;;

View File

@ -0,0 +1,49 @@
From 21666c5c842b8a6028699ee78db75a1d7134fad0 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Wed, 4 Jan 2023 10:39:16 +0100
Subject: [PATCH 1/2] Filesystem: remove validate-all mountpoint warning as it
is auto-created during start-action if it doesnt exist
---
heartbeat/Filesystem | 4 ----
1 file changed, 4 deletions(-)
diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem
index 44270ad98..65088029e 100755
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -851,10 +851,6 @@ Filesystem_monitor()
#
Filesystem_validate_all()
{
- if [ -n "$MOUNTPOINT" ] && [ ! -d "$MOUNTPOINT" ]; then
- ocf_log warn "Mountpoint $MOUNTPOINT does not exist"
- fi
-
# Check if the $FSTYPE is workable
# NOTE: Without inserting the $FSTYPE module, this step may be imprecise
# TODO: This is Linux specific crap.
From 8a7f40b6ab93d8d39230d864ab06a57ff48d6f1f Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Thu, 5 Jan 2023 13:09:48 +0100
Subject: [PATCH 2/2] CTDB: change public_addresses validate-all warning to
info
---
heartbeat/CTDB.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in
index 46f56cfac..b4af66bc1 100755
--- a/heartbeat/CTDB.in
+++ b/heartbeat/CTDB.in
@@ -940,7 +940,7 @@ ctdb_validate() {
fi
if [ -f "${OCF_RESKEY_ctdb_config_dir}/public_addresses" ]; then
- ocf_log warn "CTDB file '${OCF_RESKEY_ctdb_config_dir}/public_addresses' exists - CTDB will try to manage IP failover!"
+ ocf_log info "CTDB file '${OCF_RESKEY_ctdb_config_dir}/public_addresses' exists - CTDB will try to manage IP failover!"
fi
if [ ! -f "$OCF_RESKEY_ctdb_config_dir/nodes" ]; then

View File

@ -0,0 +1,68 @@
--- a/heartbeat/pgsqlms 2023-01-04 14:42:36.093258702 +0100
+++ b/heartbeat/pgsqlms 2023-01-04 14:40:52.403994545 +0100
@@ -66,6 +66,7 @@
my $maxlag = $ENV{'OCF_RESKEY_maxlag'} || $maxlag_default;
my $recovery_tpl = $ENV{'OCF_RESKEY_recovery_template'}
|| "$pgdata/recovery.conf.pcmk";
+my $ocf_check_level = $ENV{'OCF_CHECK_LEVEL'} || 0;
# PostgreSQL commands path
@@ -1304,26 +1305,28 @@
return $OCF_ERR_INSTALLED;
}
- # check notify=true
- $ans = qx{ $CRM_RESOURCE --resource "$OCF_RESOURCE_INSTANCE" \\
- --meta --get-parameter notify 2>/dev/null };
- chomp $ans;
- unless ( lc($ans) =~ /^true$|^on$|^yes$|^y$|^1$/ ) {
- ocf_exit_reason(
- 'You must set meta parameter notify=true for your master resource'
- );
- return $OCF_ERR_INSTALLED;
- }
+ if ( $ocf_check_level == 10 ) {
+ # check notify=true
+ $ans = qx{ $CRM_RESOURCE --resource "$OCF_RESOURCE_INSTANCE" \\
+ --meta --get-parameter notify 2>/dev/null };
+ chomp $ans;
+ unless ( lc($ans) =~ /^true$|^on$|^yes$|^y$|^1$/ ) {
+ ocf_exit_reason(
+ 'You must set meta parameter notify=true for your "master" resource'
+ );
+ return $OCF_ERR_INSTALLED;
+ }
- # check master-max=1
- unless (
- defined $ENV{'OCF_RESKEY_CRM_meta_master_max'}
- and $ENV{'OCF_RESKEY_CRM_meta_master_max'} eq '1'
- ) {
- ocf_exit_reason(
- 'You must set meta parameter master-max=1 for your master resource'
- );
- return $OCF_ERR_INSTALLED;
+ # check master-max=1
+ unless (
+ defined $ENV{'OCF_RESKEY_CRM_meta_master_max'}
+ and $ENV{'OCF_RESKEY_CRM_meta_master_max'} eq '1'
+ ) {
+ ocf_exit_reason(
+ 'You must set meta parameter master-max=1 for your "master" resource'
+ );
+ return $OCF_ERR_INSTALLED;
+ }
}
if ( $PGVERNUM >= $PGVER_12 ) {
@@ -2242,6 +2245,9 @@
# Set current node name.
$nodename = ocf_local_nodename();
+if ( $__OCF_ACTION ne 'validate-all' ) {
+ $ocf_check_level = 10;
+}
$exit_code = pgsql_validate_all();
exit $exit_code if $exit_code != $OCF_SUCCESS or $__OCF_ACTION eq 'validate-all';

View File

@ -0,0 +1,187 @@
From 81f9e1a04dfd2274ccb906310b4f191485e342ab Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Wed, 11 Jan 2023 13:22:24 +0100
Subject: [PATCH 1/2] exportfs: move testdir() to start-action to avoid failing
during resource creation (validate-all) and make it create the directory if
it doesnt exist
---
heartbeat/exportfs | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/heartbeat/exportfs b/heartbeat/exportfs
index c10777fa9..2307a9e67 100755
--- a/heartbeat/exportfs
+++ b/heartbeat/exportfs
@@ -301,6 +301,16 @@ exportfs_monitor ()
fi
}
+testdir() {
+ if [ ! -d $1 ]; then
+ mkdir -p "$1"
+ if [ $? -ne 0 ]; then
+ ocf_exit_reason "Unable to create directory $1"
+ return 1
+ fi
+ fi
+ return 0
+}
export_one() {
local dir=$1
local opts sep
@@ -331,6 +341,10 @@ export_one() {
}
exportfs_start ()
{
+ if ! forall testdir; then
+ return $OCF_ERR_INSTALLED
+ fi
+
if exportfs_monitor; then
ocf_log debug "already exported"
return $OCF_SUCCESS
@@ -428,14 +442,6 @@ exportfs_stop ()
fi
}
-testdir() {
- if [ ! -d $1 ]; then
- ocf_is_probe ||
- ocf_log err "$1 does not exist or is not a directory"
- return 1
- fi
- return 0
-}
exportfs_validate_all ()
{
if echo "$OCF_RESKEY_fsid" | grep -q -F ','; then
@@ -447,9 +453,6 @@ exportfs_validate_all ()
ocf_exit_reason "use integer fsid when exporting multiple directories"
return $OCF_ERR_CONFIGURED
fi
- if ! forall testdir; then
- return $OCF_ERR_INSTALLED
- fi
}
for dir in $OCF_RESKEY_directory; do
@@ -466,7 +469,7 @@ for dir in $OCF_RESKEY_directory; do
fi
else
case "$__OCF_ACTION" in
- stop|monitor)
+ stop|monitor|validate-all)
canonicalized_dir="$dir"
ocf_log debug "$dir does not exist"
;;
From 8ee41af82cda35149f8e0cfede6a8ddef3e221e1 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Wed, 11 Jan 2023 13:25:57 +0100
Subject: [PATCH 2/2] pgsql: dont run promotable and file checks that could be
on shared storage during validate-all action
---
heartbeat/pgsql | 53 +++++++++++++++++++++++++++++--------------------
1 file changed, 32 insertions(+), 21 deletions(-)
diff --git a/heartbeat/pgsql b/heartbeat/pgsql
index aa8a13a84..532063ac5 100755
--- a/heartbeat/pgsql
+++ b/heartbeat/pgsql
@@ -1835,7 +1835,7 @@ check_config() {
if [ ! -f "$1" ]; then
if ocf_is_probe; then
- ocf_log info "Configuration file is $1 not readable during probe."
+ ocf_log info "Unable to read $1 during probe."
rc=1
else
ocf_exit_reason "Configuration file $1 doesn't exist"
@@ -1846,8 +1846,7 @@ check_config() {
return $rc
}
-# Validate most critical parameters
-pgsql_validate_all() {
+validate_ocf_check_level_10() {
local version
local check_config_rc
local rep_mode_string
@@ -1883,12 +1882,6 @@ pgsql_validate_all() {
fi
fi
- getent passwd $OCF_RESKEY_pgdba >/dev/null 2>&1
- if [ ! $? -eq 0 ]; then
- ocf_exit_reason "User $OCF_RESKEY_pgdba doesn't exist";
- return $OCF_ERR_INSTALLED;
- fi
-
if ocf_is_probe; then
ocf_log info "Don't check $OCF_RESKEY_pgdata during probe"
else
@@ -1898,18 +1891,6 @@ pgsql_validate_all() {
fi
fi
- if [ -n "$OCF_RESKEY_monitor_user" -a ! -n "$OCF_RESKEY_monitor_password" ]
- then
- ocf_exit_reason "monitor password can't be empty"
- return $OCF_ERR_CONFIGURED
- fi
-
- if [ ! -n "$OCF_RESKEY_monitor_user" -a -n "$OCF_RESKEY_monitor_password" ]
- then
- ocf_exit_reason "monitor_user has to be set if monitor_password is set"
- return $OCF_ERR_CONFIGURED
- fi
-
if is_replication || [ "$OCF_RESKEY_rep_mode" = "slave" ]; then
if [ `printf "$version\n9.1" | sort -n | head -1` != "9.1" ]; then
ocf_exit_reason "Replication mode needs PostgreSQL 9.1 or higher."
@@ -2027,6 +2008,35 @@ pgsql_validate_all() {
return $OCF_SUCCESS
}
+# Validate most critical parameters
+pgsql_validate_all() {
+ local rc
+
+ getent passwd $OCF_RESKEY_pgdba >/dev/null 2>&1
+ if [ ! $? -eq 0 ]; then
+ ocf_exit_reason "User $OCF_RESKEY_pgdba doesn't exist";
+ return $OCF_ERR_INSTALLED;
+ fi
+
+ if [ -n "$OCF_RESKEY_monitor_user" ] && [ -z "$OCF_RESKEY_monitor_password" ]; then
+ ocf_exit_reason "monitor password can't be empty"
+ return $OCF_ERR_CONFIGURED
+ fi
+
+ if [ -z "$OCF_RESKEY_monitor_user" ] && [ -n "$OCF_RESKEY_monitor_password" ]; then
+ ocf_exit_reason "monitor_user has to be set if monitor_password is set"
+ return $OCF_ERR_CONFIGURED
+ fi
+
+ if [ "$OCF_CHECK_LEVEL" -eq 10 ]; then
+ validate_ocf_check_level_10
+ rc=$?
+ [ $rc -ne "$OCF_SUCCESS" ] && exit $rc
+ fi
+
+ return $OCF_SUCCESS
+}
+
#
# Check if we need to create a log file
@@ -2163,6 +2173,7 @@ case "$1" in
exit $OCF_SUCCESS;;
esac
+[ "$__OCF_ACTION" != "validate-all" ] && OCF_CHECK_LEVEL=10
pgsql_validate_all
rc=$?

View File

@ -0,0 +1,23 @@
--- ClusterLabs-resource-agents-fd0720f7/heartbeat/pgsqlms 2023-01-16 10:54:30.897188238 +0100
+++ pgsqlms 2023-01-10 14:21:19.281286242 +0100
@@ -1351,12 +1351,14 @@
return $OCF_ERR_ARGS;
}
- $guc = qx{ $POSTGRES -C primary_conninfo -D "$pgdata" $start_opts};
- unless ($guc =~ /\bapplication_name='?$nodename'?\b/) {
- ocf_exit_reason(
- q{Parameter "primary_conninfo" MUST contain 'application_name=%s'. }.
- q{It is currently set to '%s'}, $nodename, $guc );
- return $OCF_ERR_ARGS;
+ if ( $ocf_check_level == 10 ) {
+ $guc = qx{ $POSTGRES -C primary_conninfo -D "$pgdata" $start_opts};
+ unless ($guc =~ /\bapplication_name='?$nodename'?\b/) {
+ ocf_exit_reason(
+ q{Parameter "primary_conninfo" MUST contain 'application_name=%s'. }.
+ q{It is currently set to '%s'}, $nodename, $guc );
+ return $OCF_ERR_ARGS;
+ }
}
}
else {

View File

@ -0,0 +1,54 @@
From 81bb58b05d2ddabd17fe31af39f0e857e61db3c9 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Tue, 28 Mar 2023 16:53:45 +0200
Subject: [PATCH] azure-events*: fix for no "Transition Summary" for Pacemaker
2.1+
---
heartbeat/azure-events-az.in | 8 ++++----
heartbeat/azure-events.in | 6 +++---
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/heartbeat/azure-events-az.in b/heartbeat/azure-events-az.in
index 59d0953061..67c02c6422 100644
--- a/heartbeat/azure-events-az.in
+++ b/heartbeat/azure-events-az.in
@@ -311,10 +311,10 @@ class clusterHelper:
summary = clusterHelper._exec("crm_simulate", "-Ls")
if not summary:
ocf.logger.warning("transitionSummary: could not load transition summary")
- return False
+ return ""
if summary.find("Transition Summary:") < 0:
- ocf.logger.warning("transitionSummary: received unexpected transition summary: %s" % summary)
- return False
+ ocf.logger.debug("transitionSummary: no transactions: %s" % summary)
+ return ""
summary = summary.split("Transition Summary:")[1]
ret = summary.split("\n").pop(0)
@@ -768,4 +768,4 @@ def main():
agent.run()
if __name__ == '__main__':
- main()
\ No newline at end of file
+ main()
diff --git a/heartbeat/azure-events.in b/heartbeat/azure-events.in
index 66e129060a..5ad658df93 100644
--- a/heartbeat/azure-events.in
+++ b/heartbeat/azure-events.in
@@ -310,10 +310,10 @@ class clusterHelper:
summary = clusterHelper._exec("crm_simulate", "-Ls")
if not summary:
ocf.logger.warning("transitionSummary: could not load transition summary")
- return False
+ return ""
if summary.find("Transition Summary:") < 0:
- ocf.logger.warning("transitionSummary: received unexpected transition summary: %s" % summary)
- return False
+ ocf.logger.debug("transitionSummary: no transactions: %s" % summary)
+ return ""
summary = summary.split("Transition Summary:")[1]
ret = summary.split("\n").pop(0)

View File

@ -0,0 +1,77 @@
From ff53e5c8d6867e580506d132fba6fcf6aa46b804 Mon Sep 17 00:00:00 2001
From: Peter Varkoly <varkoly@suse.com>
Date: Sat, 29 Apr 2023 08:09:11 +0200
Subject: [PATCH] Use -LS instead of -Ls as parameter to get the Transition
Summary
---
heartbeat/azure-events-az.in | 9 +++++----
heartbeat/azure-events.in | 9 +++++----
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/heartbeat/azure-events-az.in b/heartbeat/azure-events-az.in
index 67c02c642..46d4d1f3d 100644
--- a/heartbeat/azure-events-az.in
+++ b/heartbeat/azure-events-az.in
@@ -298,7 +298,7 @@ class clusterHelper:
Get the current Pacemaker transition summary (used to check if all resources are stopped when putting a node standby)
"""
# <tniek> Is a global crm_simulate "too much"? Or would it be sufficient it there are no planned transitions for a particular node?
- # # crm_simulate -Ls
+ # # crm_simulate -LS
# Transition Summary:
# * Promote rsc_SAPHana_HN1_HDB03:0 (Slave -> Master hsr3-db1)
# * Stop rsc_SAPHana_HN1_HDB03:1 (hsr3-db0)
@@ -308,15 +308,16 @@ class clusterHelper:
# Transition Summary:
ocf.logger.debug("transitionSummary: begin")
- summary = clusterHelper._exec("crm_simulate", "-Ls")
+ summary = clusterHelper._exec("crm_simulate", "-LS")
if not summary:
ocf.logger.warning("transitionSummary: could not load transition summary")
return ""
if summary.find("Transition Summary:") < 0:
ocf.logger.debug("transitionSummary: no transactions: %s" % summary)
return ""
- summary = summary.split("Transition Summary:")[1]
- ret = summary.split("\n").pop(0)
+ j=summary.find('Transition Summary:') + len('Transition Summary:')
+ l=summary.lower().find('executing cluster transition:')
+ ret = list(filter(str.strip, summary[j:l].split("\n")))
ocf.logger.debug("transitionSummary: finished; return = %s" % str(ret))
return ret
diff --git a/heartbeat/azure-events.in b/heartbeat/azure-events.in
index 5ad658df9..90acaba62 100644
--- a/heartbeat/azure-events.in
+++ b/heartbeat/azure-events.in
@@ -297,7 +297,7 @@ class clusterHelper:
Get the current Pacemaker transition summary (used to check if all resources are stopped when putting a node standby)
"""
# <tniek> Is a global crm_simulate "too much"? Or would it be sufficient it there are no planned transitions for a particular node?
- # # crm_simulate -Ls
+ # # crm_simulate -LS
# Transition Summary:
# * Promote rsc_SAPHana_HN1_HDB03:0 (Slave -> Master hsr3-db1)
# * Stop rsc_SAPHana_HN1_HDB03:1 (hsr3-db0)
@@ -307,15 +307,16 @@ class clusterHelper:
# Transition Summary:
ocf.logger.debug("transitionSummary: begin")
- summary = clusterHelper._exec("crm_simulate", "-Ls")
+ summary = clusterHelper._exec("crm_simulate", "-LS")
if not summary:
ocf.logger.warning("transitionSummary: could not load transition summary")
return ""
if summary.find("Transition Summary:") < 0:
ocf.logger.debug("transitionSummary: no transactions: %s" % summary)
return ""
- summary = summary.split("Transition Summary:")[1]
- ret = summary.split("\n").pop(0)
+ j=summary.find('Transition Summary:') + len('Transition Summary:')
+ l=summary.lower().find('executing cluster transition:')
+ ret = list(filter(str.strip, summary[j:l].split("\n")))
ocf.logger.debug("transitionSummary: finished; return = %s" % str(ret))
return ret

View File

@ -0,0 +1,23 @@
From b02b06c437b1d8cb1dcfe8ace47c2efc4a0e476c Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Thu, 30 Mar 2023 14:44:41 +0200
Subject: [PATCH] Filesystem: fail if AWS efs-utils not installed when
fstype=efs
---
heartbeat/Filesystem | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem
index 65088029ec..50c68f115b 100755
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -456,7 +456,7 @@ fstype_supported()
# System (EFS)
case "$FSTYPE" in
fuse.*|glusterfs|rozofs) support="fuse";;
- efs) support="nfs4";;
+ efs) check_binary "mount.efs"; support="nfs4";;
esac
if [ "$support" != "$FSTYPE" ]; then

View File

@ -0,0 +1,125 @@
From 48ed6e6d6510f42743e4463970e27f05637e4982 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Tue, 4 Jul 2023 14:40:19 +0200
Subject: [PATCH] Filesystem: improve stop-action and allow setting term/kill
signals and signal_delay for large filesystems
---
heartbeat/Filesystem | 80 ++++++++++++++++++++++++++++++++++++++------
1 file changed, 70 insertions(+), 10 deletions(-)
diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem
index 65a9dffb5..fe608ebfd 100755
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -71,6 +71,9 @@ OCF_RESKEY_run_fsck_default="auto"
OCF_RESKEY_fast_stop_default="no"
OCF_RESKEY_force_clones_default="false"
OCF_RESKEY_force_unmount_default="true"
+OCF_RESKEY_term_signals_default="TERM"
+OCF_RESKEY_kill_signals_default="KILL"
+OCF_RESKEY_signal_delay_default="1"
# RHEL specific defaults
if is_redhat_based; then
@@ -104,6 +107,9 @@ if [ -z "${OCF_RESKEY_fast_stop}" ]; then
fi
: ${OCF_RESKEY_force_clones=${OCF_RESKEY_force_clones_default}}
: ${OCF_RESKEY_force_unmount=${OCF_RESKEY_force_unmount_default}}
+: ${OCF_RESKEY_term_signals=${OCF_RESKEY_term_signals_default}}
+: ${OCF_RESKEY_kill_signals=${OCF_RESKEY_kill_signals_default}}
+: ${OCF_RESKEY_signal_delay=${OCF_RESKEY_signal_delay_default}}
# Variables used by multiple methods
HOSTOS=$(uname)
@@ -266,6 +272,30 @@ block if unresponsive nfs mounts are in use on the system.
<content type="boolean" default="${OCF_RESKEY_force_unmount_default}" />
</parameter>
+<parameter name="term_signals">
+<longdesc lang="en">
+Signals (names or numbers, whitespace separated) to send processes during graceful termination phase in stop-action.
+</longdesc>
+<shortdesc lang="en">Signals (names or numbers, whitespace separated) to send processes during graceful termination phase in stop-action</shortdesc>
+<content type="boolean" default="${OCF_RESKEY_term_signals_default}" />
+</parameter>
+
+<parameter name="kill_signals">
+<longdesc lang="en">
+Signals (names or numbers, whitespace separated) to send processes during forceful killing phase in stop-action.
+</longdesc>
+<shortdesc lang="en">Signals (names or numbers, whitespace separated) to send processes during forceful killing phase in stop-action</shortdesc>
+<content type="boolean" default="${OCF_RESKEY_kill_signals_default}" />
+</parameter>
+
+<parameter name="signal_delay">
+<longdesc lang="en">
+How many seconds to wait after sending term/kill signals to processes in stop-action.
+</longdesc>
+<shortdesc lang="en">How many seconds to wait after sending term/kill signals to processes in stop-action</shortdesc>
+<content type="boolean" default="${OCF_RESKEY_kill_signal_delay}" />
+</parameter>
+
</parameters>
<actions>
@@ -663,19 +693,49 @@ try_umount() {
}
return $OCF_ERR_GENERIC
}
-fs_stop() {
- local SUB="$1" timeout=$2 sig cnt
- for sig in TERM KILL; do
- cnt=$((timeout/2)) # try half time with TERM
- while [ $cnt -gt 0 ]; do
- try_umount "$SUB" &&
- return $OCF_SUCCESS
- ocf_exit_reason "Couldn't unmount $SUB; trying cleanup with $sig"
+timeout_child() {
+ local pid="$1" timeout="$2" killer ret
+
+ # start job in the background that will KILL the given process after timeout expires
+ sleep $timeout && kill -s KILL $pid &
+ killer=$!
+
+ # block until the child process either exits on its own or gets killed by the above killer pipeline
+ wait $pid
+ ret=$?
+
+ # ret would be 127 + child exit code if the timeout expired
+ [ $ret -lt 128 ] && kill -s KILL $killer
+ return $ret
+}
+fs_stop_loop() {
+ local SUB="$1" signals="$2" sig
+ while true; do
+ for sig in $signals; do
signal_processes "$SUB" $sig
- cnt=$((cnt-1))
- sleep 1
done
+ sleep $OCF_RESKEY_signal_delay
+ try_umount "$SUB" && return $OCF_SUCCESS
done
+}
+fs_stop() {
+ local SUB="$1" timeout=$2 grace_time ret
+ grace_time=$((timeout/2))
+
+ # try gracefully terminating processes for up to half of the configured timeout
+ fs_stop_loop "$SUB" "$OCF_RESKEY_term_signals" &
+ timeout_child $! $grace_time
+ ret=$?
+ [ $ret -eq $OCF_SUCCESS ] && return $ret
+
+ # try killing them for the rest of the timeout
+ fs_stop_loop "$SUB" "$OCF_RESKEY_kill_signals" &
+ timeout_child $! $grace_time
+ ret=$?
+ [ $ret -eq $OCF_SUCCESS ] && return $ret
+
+ # timeout expired
+ ocf_exit_reason "Couldn't unmount $SUB within given timeout"
return $OCF_ERR_GENERIC
}

View File

@ -0,0 +1,49 @@
From 7056635f3f94c1bcaaa5ed5563dc3b0e9f6749e0 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Tue, 18 Jul 2023 14:12:27 +0200
Subject: [PATCH] Filesystem: dont use boolean type for non-boolean parameters
---
heartbeat/Filesystem | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem
index ee55a4843..b9aae8d50 100755
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -269,7 +269,7 @@ fuser cli tool. fuser is known to perform operations that can potentially
block if unresponsive nfs mounts are in use on the system.
</longdesc>
<shortdesc lang="en">Kill processes before unmount</shortdesc>
-<content type="boolean" default="${OCF_RESKEY_force_unmount_default}" />
+<content type="string" default="${OCF_RESKEY_force_unmount_default}" />
</parameter>
<parameter name="term_signals">
@@ -277,7 +277,7 @@ block if unresponsive nfs mounts are in use on the system.
Signals (names or numbers, whitespace separated) to send processes during graceful termination phase in stop-action.
</longdesc>
<shortdesc lang="en">Signals (names or numbers, whitespace separated) to send processes during graceful termination phase in stop-action</shortdesc>
-<content type="boolean" default="${OCF_RESKEY_term_signals_default}" />
+<content type="string" default="${OCF_RESKEY_term_signals_default}" />
</parameter>
<parameter name="kill_signals">
@@ -285,7 +285,7 @@ Signals (names or numbers, whitespace separated) to send processes during gracef
Signals (names or numbers, whitespace separated) to send processes during forceful killing phase in stop-action.
</longdesc>
<shortdesc lang="en">Signals (names or numbers, whitespace separated) to send processes during forceful killing phase in stop-action</shortdesc>
-<content type="boolean" default="${OCF_RESKEY_kill_signals_default}" />
+<content type="string" default="${OCF_RESKEY_kill_signals_default}" />
</parameter>
<parameter name="signal_delay">
@@ -293,7 +293,7 @@ Signals (names or numbers, whitespace separated) to send processes during forcef
How many seconds to wait after sending term/kill signals to processes in stop-action.
</longdesc>
<shortdesc lang="en">How many seconds to wait after sending term/kill signals to processes in stop-action</shortdesc>
-<content type="boolean" default="${OCF_RESKEY_kill_signal_delay}" />
+<content type="string" default="${OCF_RESKEY_kill_signal_delay}" />
</parameter>
</parameters>

View File

@ -0,0 +1,23 @@
From f779fad52e5f515ca81218da6098398bdecac286 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Thu, 20 Jul 2023 10:18:12 +0200
Subject: [PATCH] Filesystem: fix incorrect variable name for signal_delay
default in metadata
---
heartbeat/Filesystem | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem
index b9aae8d50..066562891 100755
--- a/heartbeat/Filesystem
+++ b/heartbeat/Filesystem
@@ -293,7 +293,7 @@ Signals (names or numbers, whitespace separated) to send processes during forcef
How many seconds to wait after sending term/kill signals to processes in stop-action.
</longdesc>
<shortdesc lang="en">How many seconds to wait after sending term/kill signals to processes in stop-action</shortdesc>
-<content type="string" default="${OCF_RESKEY_kill_signal_delay}" />
+<content type="string" default="${OCF_RESKEY_signal_delay_default}" />
</parameter>
</parameters>

View File

@ -590,116 +590,3 @@ diff -uNr a/bundled/aliyun/colorama/demos/demo07.py b/bundled/aliyun/colorama/de
if __name__ == '__main__':
diff -uNr a/bundled/aliyun/pycryptodome/Doc/conf.py b/bundled/aliyun/pycryptodome/Doc/conf.py
--- a/bundled/aliyun/pycryptodome/Doc/conf.py 2018-07-10 21:32:46.000000000 +0200
+++ b/bundled/aliyun/pycryptodome/Doc/conf.py 2018-10-08 12:08:11.122188094 +0200
@@ -15,7 +15,7 @@
# Modules to document with autodoc are in another directory
sys.path.insert(0, os.path.abspath('../lib'))
-print sys.path
+print(sys.path)
# Mock existance of native modules
from Crypto.Util import _raw_api
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/Math/Primality.py b/bundled/aliyun/pycryptodome/lib/Crypto/Math/Primality.py
--- a/bundled/aliyun/pycryptodome/lib/Crypto/Math/Primality.py 2018-07-10 21:32:46.000000000 +0200
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/Math/Primality.py 2018-10-08 12:08:11.123188075 +0200
@@ -302,7 +302,7 @@
randfunc = kwargs.pop("randfunc", None)
prime_filter = kwargs.pop("prime_filter", lambda x: True)
if kwargs:
- print "Unknown parameters:", kwargs.keys()
+ print("Unknown parameters:", kwargs.keys())
if exact_bits is None:
raise ValueError("Missing exact_bits parameter")
@@ -341,7 +341,7 @@
exact_bits = kwargs.pop("exact_bits", None)
randfunc = kwargs.pop("randfunc", None)
if kwargs:
- print "Unknown parameters:", kwargs.keys()
+ print("Unknown parameters:", kwargs.keys())
if randfunc is None:
randfunc = Random.new().read
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/PublicKey/ECC.py b/bundled/aliyun/pycryptodome/lib/Crypto/PublicKey/ECC.py
--- a/bundled/aliyun/pycryptodome/lib/Crypto/PublicKey/ECC.py 2018-07-10 21:32:46.000000000 +0200
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/PublicKey/ECC.py 2018-10-08 12:08:11.124188057 +0200
@@ -912,4 +912,4 @@
count = 30
for x in xrange(count):
_ = point * d
- print (time.time() - start) / count * 1000, "ms"
+ print((time.time() - start) / count * 1000, "ms")
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_AES.py b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_AES.py
--- a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_AES.py 2018-07-10 21:32:46.000000000 +0200
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_AES.py 2018-10-08 12:08:11.124188057 +0200
@@ -1276,7 +1276,7 @@
tests += make_block_tests(AES, "AESNI", test_data, {'use_aesni': True})
tests += [ TestMultipleBlocks(True) ]
else:
- print "Skipping AESNI tests"
+ print("Skipping AESNI tests")
return tests
if __name__ == '__main__':
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_GCM.py b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_GCM.py
--- a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_GCM.py 2018-07-10 21:32:46.000000000 +0200
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_GCM.py 2018-10-08 12:08:11.125188038 +0200
@@ -894,7 +894,7 @@
if config.get('slow_tests'):
tests += list_test_cases(NISTTestVectorsGCM_no_clmul)
else:
- print "Skipping test of PCLMULDQD in AES GCM"
+ print("Skipping test of PCLMULDQD in AES GCM")
return tests
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_pkcs1_15.py b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_pkcs1_15.py
--- a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_pkcs1_15.py 2018-07-10 21:32:46.000000000 +0200
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/Cipher/test_pkcs1_15.py 2018-10-08 12:08:11.125188038 +0200
@@ -39,7 +39,7 @@
"""Convert a text string with bytes in hex form to a byte string"""
clean = b(rws(t))
if len(clean)%2 == 1:
- print clean
+ print(clean)
raise ValueError("Even number of characters expected")
return a2b_hex(clean)
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/__main__.py b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/__main__.py
--- a/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/__main__.py 2018-07-10 21:32:46.000000000 +0200
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/SelfTest/__main__.py 2018-10-08 12:08:11.126188020 +0200
@@ -25,11 +25,11 @@
slow_tests = not "--skip-slow-tests" in sys.argv
if not slow_tests:
- print "Skipping slow tests"
+ print("Skipping slow tests")
wycheproof_warnings = "--wycheproof-warnings" in sys.argv
if wycheproof_warnings:
- print "Printing Wycheproof warnings"
+ print("Printing Wycheproof warnings")
config = {'slow_tests' : slow_tests, 'wycheproof_warnings' : wycheproof_warnings }
SelfTest.run(stream=sys.stdout, verbosity=1, config=config)
diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/Util/RFC1751.py b/bundled/aliyun/pycryptodome/lib/Crypto/Util/RFC1751.py
--- a/bundled/aliyun/pycryptodome/lib/Crypto/Util/RFC1751.py 2018-07-10 21:32:46.000000000 +0200
+++ b/bundled/aliyun/pycryptodome/lib/Crypto/Util/RFC1751.py 2018-10-08 12:08:11.126188020 +0200
@@ -369,13 +369,13 @@
]
for key, words in data:
- print 'Trying key', key
+ print('Trying key', key)
key=binascii.a2b_hex(key)
w2=key_to_english(key)
if w2!=words:
- print 'key_to_english fails on key', repr(key), ', producing', str(w2)
+ print('key_to_english fails on key', repr(key), ', producing', str(w2))
k2=english_to_key(words)
if k2!=key:
- print 'english_to_key fails on key', repr(key), ', producing', repr(k2)
+ print('english_to_key fails on key', repr(key), ', producing', repr(k2))

View File

@ -43,7 +43,7 @@
%global colorama_dir %{bundled_lib_dir}/aliyun/%{colorama}
# python-pycryptodome bundle
%global pycryptodome pycryptodome
%global pycryptodome_version 3.6.4
%global pycryptodome_version 3.20.0
%global pycryptodome_dir %{bundled_lib_dir}/aliyun/%{pycryptodome}
# python-aliyun-sdk-core bundle
%global aliyunsdkcore aliyun-python-sdk-core
@ -61,6 +61,10 @@
%global aliyuncli aliyun-cli
%global aliyuncli_version 2.1.10
%global aliyuncli_dir %{bundled_lib_dir}/aliyun/%{aliyuncli}
## fix CVEs
# urllib3 bundle
%global urllib3 urllib3
%global urllib3_version 1.26.18
# determine the ras-set to process based on configure invokation
%bcond_with rgmanager
@ -69,7 +73,7 @@
Name: resource-agents
Summary: Open Source HA Reusable Cluster Resource Scripts
Version: 4.9.0
Release: 35%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}
Release: 54%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.5
License: GPLv2+ and LGPLv2+
URL: https://github.com/ClusterLabs/resource-agents
%if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel}
@ -88,6 +92,7 @@ Source7: %{aliyunsdkcore}-%{aliyunsdkcore_version}.tar.gz
Source8: %{aliyunsdkecs}-%{aliyunsdkecs_version}.tar.gz
Source9: %{aliyunsdkvpc}-%{aliyunsdkvpc_version}.tar.gz
Source10: %{aliyuncli}-%{aliyuncli_version}.tar.gz
Source11: %{urllib3}-%{urllib3_version}.tar.gz
Patch0: nova-compute-wait-NovaEvacuate.patch
Patch1: bz1872754-pgsqlms-new-ra.patch
Patch2: bz1995178-storage-mon-fix-typo.patch
@ -131,6 +136,33 @@ Patch39: bz2141836-vdo-vol-dont-fail-probe-action.patch
Patch40: bz2049319-Filesystem-add-support-for-Amazon-EFS.patch
Patch41: bz2127117-nfsserver-nfsv4_only-parameter.patch
Patch42: bz2139131-mysql-common-return-error-if-kill-fails.patch
Patch43: bz2157873-1-all-ras-validate-all-OCF_CHECK_LEVEL-10.patch
Patch44: bz2157873-2-Filesystem-CTDB-validate-all-improvements.patch
Patch45: bz2157873-3-pgsqlms-validate-all-OCF_CHECK_LEVEL-10.patch
Patch46: bz2157873-4-exportfs-pgsql-validate-all-fixes.patch
Patch47: bz2157873-5-pgsqlms-alidate-all-OCF_CHECK_LEVEL-10.patch
Patch48: bz2040110-IPaddr2-IPsrcaddr-1-support-policy-based-routing.patch
Patch49: bz2149970-lvmlockd-add-use_lvmlockd-if-missing.patch
Patch50: bz2154727-ethmonitor-dont-log-iface-doesnt-exist-monitor.patch
Patch51: bz2039692-mysql-1-replication-fixes.patch
Patch52: bz2181019-azure-events-1-fix-no-transition-summary.patch
Patch53: bz2181019-azure-events-2-improve-logic.patch
Patch54: bz2183152-Filesystem-fail-efs-utils-not-installed.patch
Patch55: bz2039692-mysql-2-fix-demoted-score-bounce.patch
Patch56: bz2040110-IPaddr2-IPsrcaddr-2-fix-table-parameter.patch
Patch57: bz2189243-Filesystem-1-improve-stop-action.patch
Patch58: bz2189243-Filesystem-2-fix-incorrect-parameter-types.patch
Patch59: bz2189243-Filesystem-3-fix-signal_delay-default-value.patch
Patch60: bz1904465-mysql-common-improve-error-message.patch
Patch61: RHEL-15302-1-exportfs-make-fsid-optional.patch
Patch62: RHEL-15302-2-ocft-exportfs-remove-fsid-required-test.patch
Patch63: RHEL-15305-1-findif.sh-fix-loopback-handling.patch
Patch64: RHEL-16248-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-auth_type-role.patch
Patch65: RHEL-17083-findif-EOS-fix.patch
Patch66: RHEL-15305-2-findif.sh-dont-use-table-parameter.patch
Patch67: RHEL-34137-aws-agents-use-curl_retry.patch
Patch68: RHEL-32828-db2-fix-OCF_SUCESS-typo.patch
Patch69: RHEL-61138-nfsserver-also-stop-rpc-statd-for-nfsv4_only.patch
# bundle patches
Patch1000: 7-gcp-bundled.patch
@ -143,6 +175,8 @@ Patch1006: python3-syntax-fixes.patch
Patch1007: aliyuncli-python3-fixes.patch
Patch1008: bz1935422-python-pygments-fix-CVE-2021-20270.patch
Patch1009: bz1943464-python-pygments-fix-CVE-2021-27291.patch
Patch1010: RHEL-44923-aliyun-gcp-fix-bundled-urllib3-CVE-2024-37891.patch
Patch1011: RHEL-50360-setuptools-fix-CVE-2024-6345.patch
Obsoletes: heartbeat-resources <= %{version}
Provides: heartbeat-resources = %{version}
@ -237,6 +271,8 @@ Provides: bundled(python-aliyun-sdk-ecs) = %{aliyunsdkecs_version}
Provides: bundled(python-aliyun-sdk-vpc) = %{aliyunsdkvpc_version}
# aliyuncli bundle
Provides: bundled(aliyuncli) = %{aliyuncli_version}
# urllib3 bundle
Provides: bundled(python-urllib3) = %{urllib3_version}
%description aliyun
Alibaba Cloud (Aliyun) resource agents allows Alibaba Cloud
@ -276,7 +312,7 @@ Provides: bundled(python-pyparsing) = 2.1.10
Provides: bundled(python-requests) = 2.10.0
Provides: bundled(python-six) = 1.11.0
Provides: bundled(python-uritemplate) = 3.0.0
Provides: bundled(python-urllib3) = 1.15.1
Provides: bundled(python-urllib3) = %{urllib3_version}
Provides: bundled(python-websocket) = 0.47.0
Provides: bundled(python-yaml) = 3.12
# python-pyroute2 bundle
@ -310,49 +346,76 @@ databases to be managed in a cluster environment.
exit 1
%endif
%setup -q -n %{upstream_prefix}-%{upstream_version}
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
%patch36 -p1
%patch37 -p1
%patch38 -p1
%patch39 -p1
%patch40 -p1
%patch41 -p1
%patch42 -p1
%patch -p1 -P 0
%patch -p1 -P 1
%patch -p1 -P 2
%patch -p1 -P 3
%patch -p1 -P 4
%patch -p1 -P 5
%patch -p1 -P 6
%patch -p1 -P 7
%patch -p1 -P 8
%patch -p1 -P 9
%patch -p1 -P 10
%patch -p1 -P 11
%patch -p1 -P 12
%patch -p1 -P 13
%patch -p1 -P 14
%patch -p1 -P 15
%patch -p1 -P 16
%patch -p1 -P 17
%patch -p1 -P 18
%patch -p1 -P 19
%patch -p1 -P 20
%patch -p1 -P 21
%patch -p1 -P 22
%patch -p1 -P 23
%patch -p1 -P 24
%patch -p1 -P 25
%patch -p1 -P 26
%patch -p1 -P 27
%patch -p1 -P 28
%patch -p1 -P 29
%patch -p1 -P 30
%patch -p1 -P 31
%patch -p1 -P 32
%patch -p1 -P 33
%patch -p1 -P 34
%patch -p1 -P 35
%patch -p1 -P 36
%patch -p1 -P 37
%patch -p1 -P 38
%patch -p1 -P 39
%patch -p1 -P 40
%patch -p1 -P 41
%patch -p1 -P 42
%patch -p1 -P 43
%patch -p1 -P 44
%patch -p1 -P 45
%patch -p1 -P 46
%patch -p1 -P 47
%patch -p1 -P 48
%patch -p1 -P 49
%patch -p1 -P 50
%patch -p1 -P 51
%patch -p1 -P 52
%patch -p1 -P 53
%patch -p1 -P 54
%patch -p1 -P 55
%patch -p1 -P 56
%patch -p1 -P 57
%patch -p1 -P 58
%patch -p1 -P 59
%patch -p1 -P 60
%patch -p1 -P 61
%patch -p1 -P 62
%patch -p1 -P 63
%patch -p1 -P 64
%patch -p1 -P 65
%patch -p1 -P 66
%patch -p1 -P 67 -F1
%patch -p1 -P 68
%patch -p1 -P 69
chmod 755 heartbeat/nova-compute-wait
chmod 755 heartbeat/NovaEvacuate
@ -366,15 +429,15 @@ mkdir -p %{bundled_lib_dir}/aliyun
%ifarch x86_64
tar -xzf %SOURCE1 -C %{bundled_lib_dir}/gcp
# gcp*: append bundled-directory to search path, gcloud-ra
%patch1000 -p1
%patch -p1 -P 1000
# replace python-rsa with python-cryptography
%patch1001 -p1
%patch -p1 -P 1001
# gcloud support info
%patch1002 -p1
%patch -p1 -P 1002
# configure: skip bundled gcp lib checks
%patch1003 -p1 -F1
%patch -p1 -P 1003 -F1
# gcloud remove python 2 detection
%patch1004 -p1
%patch -p1 -P 1004
# rename gcloud
mv %{googlecloudsdk_dir}/bin/gcloud %{googlecloudsdk_dir}/bin/gcloud-ra
# keep googleapiclient
@ -481,16 +544,16 @@ mv %{bundled_lib_dir}/aliyun/%{aliyuncli}-%{aliyuncli_version} %{aliyuncli_dir}
cp %{aliyuncli_dir}/README.rst %{aliyuncli}_README.rst
cp %{aliyuncli_dir}/LICENSE %{aliyuncli}_LICENSE
# aliyun*: use bundled libraries
%patch1005 -p1
%patch -p1 -P 1005
# aliyun Python 3 fixes
%patch1006 -p1
%patch1007 -p1
%patch -p1 -P 1006
%patch -p1 -P 1007
# fix CVE's in python-pygments
pushd %{googlecloudsdk_dir}/lib/third_party
%patch1008 -p1 -F2
%patch1009 -p1 -F2
%patch -p1 -P 1008 -F2
%patch -p1 -P 1009 -F2
popd
%endif
@ -587,6 +650,9 @@ make install DESTDIR=%{buildroot}
# google-cloud-sdk bundle
%ifarch x86_64
pushd %{googlecloudsdk_dir}
# fix urllib3 CVEs
rm -rf lib/third_party/urllib3
%{__python3} -m pip install --target lib/third_party --no-index --find-links %{_sourcedir} urllib3
mkdir -p %{buildroot}/usr/lib/%{name}/%{googlecloudsdk_dir}
cp -a bin data lib %{buildroot}/usr/lib/%{name}/%{googlecloudsdk_dir}
mkdir %{buildroot}/%{_bindir}
@ -615,6 +681,9 @@ popd
# python-aliyun-sdk-core bundle
pushd %{aliyunsdkcore_dir}
%{__python3} setup.py install -O1 --skip-build --root %{buildroot} --install-lib /usr/lib/%{name}/%{bundled_lib_dir}/aliyun
# fix urllib3 CVEs
rm -rf %{buildroot}/usr/lib/%{name}/%{bundled_lib_dir}/aliyun/aliyunsdkcore/vendored/requests/packages/urllib3
%{__python3} -m pip install --target %{buildroot}/usr/lib/%{name}/%{bundled_lib_dir}/aliyun/aliyunsdkcore/vendored/requests/packages --no-index --find-links %{_sourcedir} urllib3
popd
# python-aliyun-sdk-ecs bundle
@ -635,6 +704,14 @@ mv %{buildroot}/%{_bindir}/aliyuncli %{buildroot}/%{_bindir}/aliyuncli-ra
# aliyun_completer / aliyun_zsh_complete.sh
rm %{buildroot}/%{_bindir}/aliyun_*
popd
# regular patch doesnt work in build-section
pushd %{buildroot}/usr/lib/%{name}/%{bundled_lib_dir}
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1010}
popd
pushd %{buildroot}/usr/lib/%{name}/%{bundled_lib_dir}/gcp/google-cloud-sdk/lib/third_party
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1011}
popd
%endif
## tree fixup
@ -928,6 +1005,102 @@ ccs_update_schema > /dev/null 2>&1 ||:
%{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm
%changelog
* Tue Oct 1 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.5
- nfsserver: also stop rpc-statd for nfsv4_only to avoid stop failing
in some cases
Resolves: RHEL-61138
* Thu Jul 25 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.4
- bundled setuptools: fix CVE-2024-6345
Resolves: RHEL-50360
* Tue Jul 23 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.3
- gcp-pd-move: fix TLS_VERSION_1 issue
Resolves: RHEL-50041
* Wed Jun 26 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.2
- bundled urllib3: fix CVE-2024-37891
Resolves: RHEL-44923
* Thu May 30 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54.1
- AWS agents: retry failed metadata requests to avoid instantly
failing when there is a hiccup in the network or metadata service
- db2: fix OCF_SUCESS typo
Resolves: RHEL-34137, RHEL-32828
* Thu Feb 8 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-54
- findif.sh: fix loopback IP handling
Resolves: RHEL-15305
* Wed Jan 24 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-53
- bundled urllib3: fix CVE-2023-45803
- bundled pycryptodome: fix CVE-2023-52323
Resolves: RHEL-22431, RHEL-20916
* Tue Nov 21 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-52
- findif: also check that netmaskbits != EOS
Resolves: RHEL-17083
* Fri Nov 17 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-51
- aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type parameter
and AWS Policy based authentication type
Resolves: RHEL-16248
* Thu Nov 2 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-49
- exportfs: make "fsid" parameter optional
Resolves: RHEL-15302
* Wed Sep 6 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-48
- mysql-common: improve error message
Resolves: rhbz#1904465
* Thu Jul 20 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-47
- Filesystem: improve stop-action and allow setting term/kill signals
and signal_delay for large filesystems
Resolves: rhbz#2189243
* Wed Jun 21 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-44
- IPaddr2/IPsrcaddr: support policy-based routing
Resolves: rhbz#2040110
* Wed Jun 14 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-43
- mysql: fix replication issues
Resolves: rhbz#2039692
* Mon May 1 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-42
- azure-events*: fix for no "Transition Summary" for Pacemaker 2.1+
- Filesystem: fail if AWS efs-utils not installed when fstype=efs
Resolves: rhbz#2181019
Resolves: rhbz#2183152
* Wed Mar 22 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-41
- lvmlockd: add "use_lvmlockd = 1" if it's commented out or missing
- ethmonitor: dont log "Interface does not exist" for monitor-action
Resolves: rhbz#2149970
Resolves: rhbz#2154727
* Tue Jan 17 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-40
- all agents: dont check notify/promotable settings during
validate-action
Resolves: rhbz#2157873
* Thu Nov 24 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.9.0-35
- mysql-common: return error in stop-action if kill fails to stop
the process, so the node can get fenced