From 07f095e2453351a364cc1edb6bc1128a244a4013 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 06 2018 18:38:21 +0000
Subject: import resource-agents-3.9.5-105.el7_4.11


---

diff --git a/SOURCES/bz1535394-NovaEvacuate-add-support-for-keystone-v3-authentication.patch b/SOURCES/bz1535394-NovaEvacuate-add-support-for-keystone-v3-authentication.patch
new file mode 100644
index 0000000..43ad9fe
--- /dev/null
+++ b/SOURCES/bz1535394-NovaEvacuate-add-support-for-keystone-v3-authentication.patch
@@ -0,0 +1,55 @@
+From 121ec00c8ea0f2e8b0c6336bd78fcb58b0bd490c Mon Sep 17 00:00:00 2001
+From: Andrew Beekhof <andrew@beekhof.net>
+Date: Mon, 27 Nov 2017 13:35:18 +1100
+Subject: [PATCH] NovaEvacuate: Additional parameters for v3 keywstone
+ authentication
+
+Change-Id: I22d2733b17e5a6098b66c4644879b2e1255dbff5
+---
+ heartbeat/NovaEvacuate | 26 +++++++++++++++++++++++++-
+ 1 file changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/heartbeat/NovaEvacuate b/heartbeat/NovaEvacuate
+index b6dadce..ba19ca4 100644
+--- a/heartbeat/NovaEvacuate
++++ b/heartbeat/NovaEvacuate
+@@ -65,7 +65,23 @@ Password for connecting to keystone in admin context
+ Tenant name for connecting to keystone in admin context.
+ Note that with Keystone V3 tenant names are only unique within a domain.
+ </longdesc>
+-<shortdesc lang="en">Tenant name</shortdesc>
++<shortdesc lang="en">Keystone v2 Tenant or v3 Project Name</shortdesc>
++<content type="string" default="" />
++</parameter>
++
++<parameter name="user_domain" unique="0" required="1">
++<longdesc lang="en">
++User's domain name. Used when authenticating to Keystone.
++</longdesc>
++<shortdesc lang="en">Keystone v3 User Domain</shortdesc>
++<content type="string" default="" />
++</parameter>
++
++<parameter name="project_domain" unique="0" required="1">
++<longdesc lang="en">
++Domain name containing project. Used when authenticating to Keystone.
++</longdesc>
++<shortdesc lang="en">Keystone v3 Project Domain</shortdesc>
+ <content type="string" default="" />
+ </parameter>
+ 
+@@ -289,6 +305,14 @@ evacuate_validate() {
+ 
+     fence_options="${fence_options} -t ${OCF_RESKEY_tenant_name}"
+ 
++    if [ -n "${OCF_RESKEY_user_domain}" ]; then
++        fence_options="${fence_options} -u ${OCF_RESKEY_user_domain}"
++    fi
++
++    if [ -n "${OCF_RESKEY_project_domain}" ]; then
++        fence_options="${fence_options} -P ${OCF_RESKEY_project_domain}"
++    fi
++
+     if [ -n "${OCF_RESKEY_region_name}" ]; then
+         fence_options="${fence_options} \
+             --region-name ${OCF_RESKEY_region_name}"
diff --git a/SOURCES/bz1537444-sap_redhat_cluster_connector-fix-unknown-gvi-function.patch b/SOURCES/bz1537444-sap_redhat_cluster_connector-fix-unknown-gvi-function.patch
new file mode 100644
index 0000000..b661edc
--- /dev/null
+++ b/SOURCES/bz1537444-sap_redhat_cluster_connector-fix-unknown-gvi-function.patch
@@ -0,0 +1,106 @@
+diff -uNr a/sap_redhat_cluster_connector-6353d27/sap_redhat_cluster_connector b/sap_redhat_cluster_connector-6353d27/sap_redhat_cluster_connector
+--- a/sap_redhat_cluster_connector-6353d27/sap_redhat_cluster_connector	2018-01-23 10:15:48.167424070 +0100
++++ b/sap_redhat_cluster_connector-6353d27/sap_redhat_cluster_connector	2018-01-22 10:19:06.001422855 +0100
+@@ -41,6 +41,11 @@
+ my $logident = "sap_redhat_cluster_connector";
+ my $logoptions = "pid";
+ my $logfacility = "LOG_USER";
++my $protocolVersion=1;
++my $haProd="RHEL HA add-on";
++my $haProdSAP="sap_redhat_cluster_connector";
++my $haProdDoc="https://access.redhat.com/solutions/963123";
++
+ #
+ # open syslog
+ #
+@@ -54,9 +59,10 @@
+       where cmd could be:  
+       help 
+       init
+-      cpa --res RES --act ACT 
+-      lsr --out FILE --sid SID --ino INO | --dbhost HOST --dbtype TYPE
++      gvi --out FILE
++      cpa --res RES --act ACT
+       fra --res RES --act ACT  [ --nod NODE ]
++      lsr --out FILE --sid SID --ino INO | --dbhost HOST --dbtype TYPE
+       lsn --out FILE --res RES
+ ";
+ }
+@@ -110,7 +116,7 @@
+ 
+ sub fire_resource_action {
+ 	my ($rsc, $act, $nod) = ("", "", "");
+-	($rsc, $act, $nod) = @_;
++	my ($rsc, $act, $nod) = @_;
+ 	my $rc=0;
+         my $sysconfig = "/etc/sysconfig/sap_redhat_cluster_connector";
+ 	$nowstring = localtime;
+@@ -349,10 +355,6 @@
+ 	printf "%s : lsn()\n", $nowstring;
+ 	# TODO: check implemented action
+ 	###############################################################################################
+-	###############################################################################################
+-	###############################################################################################
+-	###############################################################################################
+-	###############################################################################################
+ 	#
+ 	# 1. GET HOSTNAME WHERE FUNCTION WAS CALLED
+ 	#
+@@ -452,6 +454,26 @@
+ 	return $rc;
+ }
+ 
++sub get_version_info($)
++{
++	my ($outfile, $resource) = @_;
++	my $rc=0;
++	$nowstring = localtime;
++	printf "%s : gvi()\n", $nowstring;
++	if ( $outfile ne "" ) {
++		#HASCRIPTCO-VERS
++		##HAPROD
++		##HAPROD-SAP
++		##HAPROD-DOC
++		open OUTFILE, ">$outfile";
++		syslog("LOG_INFO", "gvi result: %s\n%s\n%s\n%s\n", $protocolVersion, $haProd, $haProdSAP, $haProdDoc);
++		printf OUTFILE "%s\n%s\n%s\n%s\n", $protocolVersion, $haProd, $haProdSAP, $haProdDoc;
++		close OUTFILE;
++	} else {
++		printf "%s\n%s\n%s\n%s\n", $protocolVersion, $haProd, $haProdSAP, $haProdDoc;
++	}
++	return $rc;
++}
+ 
+ #
+ # "main"
+@@ -492,7 +514,6 @@
+ 	syslog("LOG_INFO", "lsr call (out=%s,sid=%s,ino=%s)", $out, $sid, $ino);
+ 	$return_code=list_sap_resources($out, $sid, $ino);
+ 	
+-
+  } elsif ( $cmd eq "fra" ) {
+ 	open($DEBUG, ">>$logident" . ".log");
+ 	*STDOUT=*$DEBUG;
+@@ -518,6 +539,14 @@
+ 	syslog("LOG_INFO", "lsn call (out=%s,res=%s)", $out, $res);
+ 	$return_code=list_sap_nodes($out, $res);
+ 
++ } elsif ( $cmd eq "gvi" ) {
++	open($DEBUG, ">>$logident" . ".log");
++	*STDOUT=*$DEBUG;
++	$result = GetOptions ("out=s" => \$out,
++		) &&
++	checkavail(($out)) || paramproblem();
++	syslog("LOG_INFO", "gvi call (out=%s)", $out);
++	$return_code=get_version_info($out);
+ 
+  } else  {
+ 	open($DEBUG, ">>$logident" . ".log");
+@@ -530,7 +559,6 @@
+  	paramproblem()
+  }
+ 	
+- syslog("LOG_INFO", "TEST END");
+ closelog();
+ exit $return_code;
+ #
diff --git a/SOURCES/bz1544483-redis-add-support-for-tunneling-replication-traffic.patch b/SOURCES/bz1544483-redis-add-support-for-tunneling-replication-traffic.patch
new file mode 100644
index 0000000..fa11895
--- /dev/null
+++ b/SOURCES/bz1544483-redis-add-support-for-tunneling-replication-traffic.patch
@@ -0,0 +1,160 @@
+From 273963331bd303f595e820ca6da17cd63f5514db Mon Sep 17 00:00:00 2001
+From: Damien Ciabrini <dciabrin@redhat.com>
+Date: Sat, 2 Dec 2017 11:53:56 +0100
+Subject: [PATCH] redis: add support for tunneling replication traffic
+
+Add parameters in the resource agent to assign specific redis port to
+each pacemaker node. When redis slave wants to connect to a redis
+master, it will instead connect to a tunnel host, on the port assigned
+to the targeted redis master.
+
+This makes it possible for redis replication traffic to go through
+pre-existing tunnels. This can be used to encrypt such traffic.
+---
+ heartbeat/redis | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 86 insertions(+), 3 deletions(-)
+
+diff --git a/heartbeat/redis b/heartbeat/redis
+index fcd8c234..d9e29e2c 100755
+--- a/heartbeat/redis
++++ b/heartbeat/redis
+@@ -38,6 +38,7 @@
+ : ${OCF_RESKEY_pidfile_name:=redis-server.pid}
+ : ${OCF_RESKEY_socket_name:=redis.sock}
+ : ${OCF_RESKEY_port:=6379}
++: ${OCF_RESKEY_tunnel_host:=127.0.0.1}
+ 
+ if [ -z "$OCF_RESKEY_config" ]; then
+ 	if [ -f "/etc/redis.conf" ]; then
+@@ -156,6 +157,39 @@ Port for replication client to connect to on remote server
+ <content type="string" default="${OCF_RESKEY_port}"/>
+ </parameter>
+ 
++<parameter name="tunnel_host" unique="0" required="0">
++<longdesc lang="en">
++When replication traffic is tunnelled, this is the host to target
++to forward outgoing traffic to the redis master. The resource
++agent configures the redis slave to target the master via
++tunnel_host:tunnel_port.
++
++Note that in order to enable replication traffic tunneling,
++parameter {tunnel_port_map} must be populated.
++</longdesc>
++<shortdesc lang="en">Tunnel host for replication traffic</shortdesc>
++<content type="string" default="${OCF_RESKEY_tunnel_host}"/>
++</parameter>
++
++<parameter name="tunnel_port_map" unique="0" required="0">
++<longdesc lang="en">
++A mapping of pacemaker node names to redis port number.
++
++To be used when redis servers need to tunnel replication traffic.
++On every node where the redis resource is running, the redis server
++listens to a different port. Each redis server can access its peers
++for replication traffic via a tunnel accessible at {tunnel_host}:port.
++
++The mapping the form of:
++pcmk1-name:port-for-redis1;pcmk2-name:port-for-redis2;pcmk3-name:port-for-redis3
++
++where the redis resource started on node pcmk1-name would listen on
++port port-for-redis1
++</longdesc>
++<shortdesc lang="en">Mapping of Redis server name to redis port</shortdesc>
++<content type="string" default=""/>
++</parameter>
++
+ <parameter name="wait_last_known_master" unique="0" required="0">
+ <longdesc lang="en">
+ During redis cluster bootstrap, wait for the last known master to be
+@@ -291,6 +325,8 @@ simple_status() {
+ 
+ function monitor() {
+ 	local res
++	local master_name
++	local last_known_master_port
+ 
+ 	simple_status
+ 	res=$?
+@@ -334,14 +370,48 @@ redis_monitor() {
+ 				return $OCF_ERR_GENERIC
+ 			fi
+ 			if [[ "${info[master_host]}" != "$(last_known_master)" ]]; then
+-				ocf_log err "monitor: Slave mode current master does not match running master. current=${info[master_host]}, running=$(last_known_master)"
+-				return $OCF_ERR_GENERIC
++				if [ -n "${OCF_RESKEY_tunnel_port_map}" ]; then
++					master_name=$(port_to_redis_node ${info[master_port]})
++					last_known_master_port=$(redis_node_to_port $(last_known_master))
++					if [[ "${info[master_host]}" != "${OCF_RESKEY_tunnel_host}" ]] ||
++					   [[  "${info[master_port]}" != "${last_known_master_port}" ]]; then
++						ocf_log err "monitor: Slave mode current tunnelled connection to redis server does not match running master. tunnelled='${info[master_host]}:${info[master_port]} (${master_name})', running='$(last_known_master)'"
++						return $OCF_ERR_GENERIC
++					fi
++				else
++					ocf_log err "monitor: Slave mode current master does not match running master. current=${info[master_host]}, running=$(last_known_master)"
++					return $OCF_ERR_GENERIC
++				fi
+ 			fi
+ 		fi
+ 	fi
+ 	return $OCF_SUCCESS
+ }
+ 
++redis_node_to_port()
++{
++	local node=$1
++	echo "$OCF_RESKEY_tunnel_port_map" | tr ';' '\n' | tr -d ' ' | sed 's/:/ /' | awk -F' ' '$1=="'"$node"'" {print $2;exit}'
++}
++
++port_to_redis_node()
++{
++	local port=$1
++	echo "$OCF_RESKEY_tunnel_port_map" | tr ';' '\n' | tr -d ' ' | sed 's/:/ /' | awk -F' ' '$2=="'"$port"'" {print $1;exit}'
++}
++
++get_tunnel_port_from_master()
++{
++	local master_name=$1
++	crm_attribute --node "$master_name" -l forever --name ${INSTANCE_ATTR_NAME}-tunnel-port --query -q 2>/dev/null
++}
++
++get_master_from_tunnel_port()
++{
++	local master_name=$1
++	crm_attribute --node "$master_name" -l forever --name ${INSTANCE_ATTR_NAME}-tunnel-port --query -q 2>/dev/null
++}
++
+ function check_dump_file()
+ {
+ 	if ! have_binary "$REDIS_CHECK_DUMP"; then
+@@ -479,6 +549,7 @@ redis_promote() {
+ function demote() {
+ 	local master_host
+ 	local master_port
++	local tunnel_port
+ 
+ 	# client kill is only supported in Redis 2.8.12 or greater
+ 	version=$(redis_client -v | awk '{print $NF}')
+@@ -512,7 +583,19 @@ redis_demote() {
+ 		master_host="no-such-master"
+ 	fi
+ 
+-	ocf_log info "demote: Setting master to '$master_host'"
++	if [ -n "${OCF_RESKEY_tunnel_port_map}" ]; then
++		# master_host can be the special marker "no-such-master"
++		# while a master is being selected. In this case, no
++		# tunnel port is returned, but this is not fatal.
++		tunnel_port=$(redis_node_to_port "$master_host")
++		if [ -n "$tunnel_port" ]; then
++			ocf_log info "demote: Setting master to '$master_host' via local tunnel '${OCF_RESKEY_tunnel_host}' on port '$tunnel_port'"
++			master_host="${OCF_RESKEY_tunnel_host}"
++			master_port="$tunnel_port"
++		fi
++	else
++		ocf_log info "demote: Setting master to '$master_host'"
++	fi
+ 
+ 	redis_client slaveof "$master_host" "$master_port"
+ 
+-- 
+2.14.3
+
diff --git a/SOURCES/bz1547142-galera-fix-temp-logfile-rights.patch b/SOURCES/bz1547142-galera-fix-temp-logfile-rights.patch
new file mode 100644
index 0000000..dd5090e
--- /dev/null
+++ b/SOURCES/bz1547142-galera-fix-temp-logfile-rights.patch
@@ -0,0 +1,28 @@
+From 2754db9d03995e944a53e364f304bc7b0b24d75d Mon Sep 17 00:00:00 2001
+From: Damien Ciabrini <dciabrin@redhat.com>
+Date: Thu, 2 Mar 2017 18:41:50 +0100
+Subject: [PATCH] galera: fix permission of temporary log file for mariadb
+ 10.1.21+
+
+Since MariaDB/server@8fcdd6b0ecbb966f4479856efe93a963a7a422f7,
+mysqld_safe relies on a helper subprocess to write into log files.
+This new logging mechanism expects log file to be writable by the
+user configured to run mysqld.
+
+Fix the generation of temporary log file accordingly.
+---
+ heartbeat/galera | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/heartbeat/galera b/heartbeat/galera
+index 0cab9a464..decbaa257 100755
+--- a/heartbeat/galera
++++ b/heartbeat/galera
+@@ -520,6 +520,7 @@ detect_last_commit()
+     last_commit="$(cat ${OCF_RESKEY_datadir}/grastate.dat | sed -n 's/^seqno.\s*\(.*\)\s*$/\1/p')"
+     if [ -z "$last_commit" ] || [ "$last_commit" = "-1" ]; then
+         local tmp=$(mktemp)
++        chown $OCF_RESKEY_user:$OCF_RESKEY_group $tmp
+ 
+         # if we pass here because grastate.dat doesn't exist,
+         # try not to bootstrap from this node if possible
diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec
index 11dd861..871b89d 100644
--- a/SPECS/resource-agents.spec
+++ b/SPECS/resource-agents.spec
@@ -48,7 +48,7 @@
 Name:		resource-agents
 Summary:	Open Source HA Reusable Cluster Resource Scripts
 Version:	3.9.5
-Release:	105%{?dist}.6
+Release:	105%{?dist}.11
 License:	GPLv2+, LGPLv2+ and ASL 2.0
 URL:		https://github.com/ClusterLabs/resource-agents
 %if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel}
@@ -241,6 +241,10 @@ Patch180:	bz1497076-NovaEvacuate-Instance-HA-OSP12.patch
 Patch181:	bz1512586-galera-recover-from-empty-gvwstate.dat.patch
 Patch182:	bz1521019-db2-fix-hadr-promote-when-master-failed.patch
 Patch183:	bz1524454-ocf_attribute_target-fallback-fix.patch
+Patch184:	bz1535394-NovaEvacuate-add-support-for-keystone-v3-authentication.patch
+Patch185:	bz1537444-sap_redhat_cluster_connector-fix-unknown-gvi-function.patch
+Patch186:	bz1544483-redis-add-support-for-tunneling-replication-traffic.patch
+Patch187:	bz1547142-galera-fix-temp-logfile-rights.patch
 
 Obsoletes:	heartbeat-resources <= %{version}
 Provides:	heartbeat-resources = %{version}
@@ -539,6 +543,10 @@ exit 1
 %patch181 -p1
 %patch182 -p1
 %patch183 -p1
+%patch184 -p1
+%patch185 -p1
+#%patch186 -p1
+%patch187 -p1
 
 %build
 if [ ! -f configure ]; then
@@ -802,6 +810,21 @@ ccs_update_schema > /dev/null 2>&1 ||:
 %endif
 
 %changelog
+* Tue Feb 27 2018 Oyvind Albrigtsen <oalbrigt@redhat.com> - 3.9.5-105.11
+- galera: fix temp logfile rights to support MySQL 10.1.21+
+
+  Resolves: rhbz#1547142
+
+* Tue Jan 23 2018 Oyvind Albrigtsen <oalbrigt@redhat.com> - 3.9.5-105.8
+- sap_redhat_cluster_connector: fix unknown gvi function
+
+  Resolves: rhbz#1537444
+
+* Wed Jan 17 2018 Oyvind Albrigtsen <oalbrigt@redhat.com> - 3.9.5-105.7
+- NovaEvacuate: add support for keystone v3 authentication
+
+  Resolves: rhbz#1535394
+
 * Mon Dec 11 2017 Oyvind Albrigtsen <oalbrigt@redhat.com> - 3.9.5-105.6
 - ocf_attribute_target: add fallback for Pacemaker versions without
   bundle support