diff --git a/.gitignore b/.gitignore index a31cf26..5175038 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/ClusterLabs-resource-agents-e711383f.tar.gz +SOURCES/SAPHanaSR-2067519.tar.gz SOURCES/SAPHanaSR-ScaleOut-a77e8c6.tar.gz -SOURCES/SAPHanaSR-d1dde99.tar.gz SOURCES/aliyun-cli-2.1.10.tar.gz SOURCES/aliyun-python-sdk-core-2.8.5.tar.gz SOURCES/aliyun-python-sdk-ecs-4.9.3.tar.gz diff --git a/.resource-agents.metadata b/.resource-agents.metadata index ba66161..943736b 100644 --- a/.resource-agents.metadata +++ b/.resource-agents.metadata @@ -1,6 +1,6 @@ 0358e1cb7fe86b2105bd2646cbe86f3c0273844a SOURCES/ClusterLabs-resource-agents-e711383f.tar.gz +92409ca65e8f4e63d5c308368861fa67ced470f1 SOURCES/SAPHanaSR-2067519.tar.gz e5624e3028720d0d55ab3d598655a1938042e26c SOURCES/SAPHanaSR-ScaleOut-a77e8c6.tar.gz -442679403d1287835841d70c5bef208a330c2c11 SOURCES/SAPHanaSR-d1dde99.tar.gz 306e131d8908ca794276bfe3a0b55ccc3bbd482f SOURCES/aliyun-cli-2.1.10.tar.gz b68122ef53a0857d020529ff85d14f0e905c327f SOURCES/aliyun-python-sdk-core-2.8.5.tar.gz c2a98b9a1562d223a76514f05028488ca000c395 SOURCES/aliyun-python-sdk-ecs-4.9.3.tar.gz diff --git a/SOURCES/bz1528365-IPaddr2-1-sanitize-IPv6-IPs.patch b/SOURCES/bz1528365-IPaddr2-1-sanitize-IPv6-IPs.patch new file mode 100644 index 0000000..74d3628 --- /dev/null +++ b/SOURCES/bz1528365-IPaddr2-1-sanitize-IPv6-IPs.patch @@ -0,0 +1,47 @@ +From 8ecfa95fff384ed047fd804016abdbbdcdd96d27 Mon Sep 17 00:00:00 2001 +From: Keisuke MORI +Date: Wed, 11 Sep 2019 15:33:37 +0900 +Subject: [PATCH] Low: IPaddr2: fix to work properly with unsanitized IPv6 + addresses + +`ip route get` shows the sanitized address at $1 or $2 depending on +the address is already assigned to the node or not. +``` +[root@centos73-1 ~]# /sbin/ip route get 2001:db8:101::0001 +2001:db8:101::1 dev eth1 proto ra src 2001:db8:101:0:XXXX:XXXX:XXXX:XXXX metric 100 +[root@centos73-1 ~]# /sbin/ip addr add 2001:db8:101::0001/64 dev eth1 +[root@centos73-1 ~]# /sbin/ip route get 2001:db8:101::0001 +local 2001:db8:101::1 dev lo table local proto none src 2001:db8:101::1 metric 0 +``` + +It can not be sanitized if the address is unreachable and on the recent distributions +(probably depending on the iproute package version) +``` +[root@centos73-1 ~]# /sbin/ip route get 2001:db8:201::0001 +unreachable 2001:db8:201::1 dev lo table unspec proto kernel src 2001:db8:101:0:XXXX:XXXX:XXXX:XXXX metric 429496 +``` +``` +[root@rhel80-1 ~]# /sbin/ip route get 200:db8:201::0001 +RTNETLINK answers: Network is unreachable +``` +--- + heartbeat/IPaddr2 | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 +index 041ace3a2..4f28ddab6 100755 +--- a/heartbeat/IPaddr2 ++++ b/heartbeat/IPaddr2 +@@ -477,6 +477,12 @@ ip_init() { + fi + else + FAMILY=inet6 ++ # address sanitization defined in RFC5952 ++ SANITIZED_IP=$($IP2UTIL route get $OCF_RESKEY_ip | awk '$1~/:/ {print $1} $2~/:/ {print $2}') ++ if [ -n "$SANITIZED_IP" ]; then ++ OCF_RESKEY_ip="$SANITIZED_IP" ++ fi ++ + if ocf_is_true $OCF_RESKEY_lvs_support ;then + ocf_exit_reason "The IPv6 does not support lvs_support" + exit $OCF_ERR_CONFIGURED diff --git a/SOURCES/bz1528365-IPaddr2-2-return-empty-when-sanitation-fails.patch b/SOURCES/bz1528365-IPaddr2-2-return-empty-when-sanitation-fails.patch new file mode 100644 index 0000000..32f5e06 --- /dev/null +++ b/SOURCES/bz1528365-IPaddr2-2-return-empty-when-sanitation-fails.patch @@ -0,0 +1,22 @@ +From 7eff4e17641cc1463e61d772af16d17264477523 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 12 Sep 2019 12:51:54 +0200 +Subject: [PATCH] IPaddr2: IPv6 return empty string when sanitation fails + +--- + heartbeat/IPaddr2 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 +index 4f28ddab6..1d39ae514 100755 +--- a/heartbeat/IPaddr2 ++++ b/heartbeat/IPaddr2 +@@ -478,7 +478,7 @@ ip_init() { + else + FAMILY=inet6 + # address sanitization defined in RFC5952 +- SANITIZED_IP=$($IP2UTIL route get $OCF_RESKEY_ip | awk '$1~/:/ {print $1} $2~/:/ {print $2}') ++ SANITIZED_IP=$($IP2UTIL route get $OCF_RESKEY_ip 2> /dev/null | awk '$1~/:/ {print $1} $2~/:/ {print $2}') + if [ -n "$SANITIZED_IP" ]; then + OCF_RESKEY_ip="$SANITIZED_IP" + fi diff --git a/SOURCES/bz1582685-IPsrcaddr-1-add-destination-and-table-parameters.patch b/SOURCES/bz1582685-IPsrcaddr-1-add-destination-and-table-parameters.patch new file mode 100644 index 0000000..cb4fde4 --- /dev/null +++ b/SOURCES/bz1582685-IPsrcaddr-1-add-destination-and-table-parameters.patch @@ -0,0 +1,202 @@ +--- ClusterLabs-resource-agents-e711383f/heartbeat/IPsrcaddr 2019-08-15 16:02:10.055827624 +0200 ++++ /home/oalbrigt/src/resource-agents/heartbeat/IPsrcaddr 2019-08-15 15:45:50.690757838 +0200 +@@ -1,6 +1,6 @@ + #!/bin/sh + # +-# Description: IPsrcaddr - Preferred source address modification ++# Description: IPsrcaddr - Preferred source(/dest) address modification + # + # Author: John Sutton + # Support: users@clusterlabs.org +@@ -11,7 +11,7 @@ + # + # This script manages the preferred source address associated with + # packets which originate on the localhost and are routed through the +-# default route. By default, i.e. without the use of this script or ++# matching route. By default, i.e. without the use of this script or + # similar, these packets will carry the IP of the primary i.e. the + # non-aliased interface. This can be a nuisance if you need to ensure + # that such packets carry the same IP irrespective of which host in +@@ -27,7 +27,7 @@ + # + # NOTES: + # +-# 1) There must be one and not more than 1 default route! Mainly because ++# 1) There must be one and not more than 1 matching route! Mainly because + # I can't see why you should have more than one. And if there is more + # than one, we would have to box clever to find out which one is to be + # modified, or we would have to pass its identity as an argument. +@@ -54,16 +54,25 @@ + . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs + + # Defaults ++OCF_RESKEY_ipaddress_default="" ++OCF_RESKEY_cidr_netmask_default="" ++OCF_RESKEY_destination_default="0.0.0.0/0" + OCF_RESKEY_proto_default="" ++OCF_RESKEY_table_default="" + ++: ${OCF_RESKEY_ipaddress=${OCF_RESKEY_ipaddress_default}} ++: ${OCF_RESKEY_cidr_netmask=${OCF_RESKEY_cidr_netmask_default}} ++: ${OCF_RESKEY_destination=${OCF_RESKEY_destination_default}} + : ${OCF_RESKEY_proto=${OCF_RESKEY_proto_default}} ++: ${OCF_RESKEY_table=${OCF_RESKEY_table_default}} + ####################################################################### + + [ -z "$OCF_RESKEY_proto" ] && PROTO="" || PROTO="proto $OCF_RESKEY_proto" ++[ -z "$OCF_RESKEY_table" ] && TABLE="" || TABLE="table $OCF_RESKEY_table" + + USAGE="usage: $0 {start|stop|status|monitor|validate-all|meta-data}"; + +- CMDSHOW="$IP2UTIL route show to exact 0.0.0.0/0" ++ CMDSHOW="$IP2UTIL route show $TABLE to exact $OCF_RESKEY_destination" + CMDCHANGE="$IP2UTIL route change to " + + SYSTYPE="`uname -s`" +@@ -91,7 +100,7 @@ + The IP address. + + IP address +- ++ + + + +@@ -100,7 +109,15 @@ + dotted quad notation 255.255.255.0). + + Netmask +- ++ ++ ++ ++ ++ ++The destination IP/subnet for the route (default: $OCF_RESKEY_destination_default) ++ ++Destination IP/subnet ++ + + + +@@ -108,7 +125,17 @@ + Proto to match when finding network. E.g. "kernel". + + Proto +- ++ ++ ++ ++ ++ ++Table to modify. E.g. "local". ++ ++The table has to have a route matching the "destination" parameter. ++ ++Table ++ + + + +@@ -151,21 +178,22 @@ + export OCF_RESKEY_ip=$OCF_RESKEY_ipaddress + + srca_read() { +- # Capture the default route - doublequotes prevent word splitting... +- DEFROUTE="`$CMDSHOW`" || errorexit "command '$CMDSHOW' failed" +- +- # ... so we can make sure there is only 1 default route +- [ 1 -eq `echo "$DEFROUTE" | wc -l` ] || \ +- errorexit "more than 1 default route exists" ++ # Capture matching route - doublequotes prevent word splitting... ++ ROUTE="`$CMDSHOW`" || errorexit "command '$CMDSHOW' failed" + +- # But there might still be no default route +- [ -z "$DEFROUTE" ] && errorexit "no default route exists" ++ # ... so we can make sure there is only 1 matching route ++ [ 1 -eq `echo "$ROUTE" | wc -l` ] || \ ++ errorexit "more than 1 matching route exists" ++ ++ # But there might still be no matching route ++ [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] && [ -z "$ROUTE" ] && \ ++ ! ocf_is_probe && errorexit "no matching route exists" + + # Sed out the source ip address if it exists +- SRCIP=`echo $DEFROUTE | sed -n "s/$MATCHROUTE/\3/p"` ++ SRCIP=`echo $ROUTE | sed -n "s/$MATCHROUTE/\3/p"` + + # and what remains after stripping out the source ip address clause +- ROUTE_WO_SRC=`echo $DEFROUTE | sed "s/$MATCHROUTE/\1\5/"` ++ ROUTE_WO_SRC=`echo $ROUTE | sed "s/$MATCHROUTE/\1\5/"` + + [ -z "$SRCIP" ] && return 1 + [ $SRCIP = $1 ] && return 0 +@@ -185,11 +213,13 @@ + rc=$OCF_SUCCESS + ocf_log info "The ip route has been already set.($NETWORK, $INTERFACE, $ROUTE_WO_SRC)" + else +- $IP2UTIL route replace $NETWORK dev $INTERFACE src $1 || \ +- errorexit "command 'ip route replace $NETWORK dev $INTERFACE src $1' failed" ++ $IP2UTIL route replace $TABLE $NETWORK dev $INTERFACE src $1 || \ ++ errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE src $1' failed" + +- $CMDCHANGE $ROUTE_WO_SRC src $1 || \ +- errorexit "command '$CMDCHANGE $ROUTE_WO_SRC src $1' failed" ++ if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] ;then ++ $CMDCHANGE $ROUTE_WO_SRC src $1 || \ ++ errorexit "command '$CMDCHANGE $ROUTE_WO_SRC src $1' failed" ++ fi + rc=$? + fi + +@@ -201,7 +231,7 @@ + # If one exists but it's not the same as the one specified, that's + # an error. Maybe that's the wrong behaviour because if this fails + # then when IPaddr releases the associated interface (if there is one) +-# your default route will also get dropped ;-( ++# your matching route will also get dropped ;-( + # The exit code should conform to LSB exit codes. + # + +@@ -217,11 +247,13 @@ + + [ $rc = 2 ] && errorexit "The address you specified to stop does not match the preferred source address" + +- $IP2UTIL route replace $NETWORK dev $INTERFACE || \ +- errorexit "command 'ip route replace $NETWORK dev $INTERFACE' failed" ++ $IP2UTIL route replace $TABLE $NETWORK dev $INTERFACE || \ ++ errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE' failed" + +- $CMDCHANGE $ROUTE_WO_SRC || \ +- errorexit "command '$CMDCHANGE $ROUTE_WO_SRC' failed" ++ if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] ;then ++ $CMDCHANGE $ROUTE_WO_SRC || \ ++ errorexit "command '$CMDCHANGE $ROUTE_WO_SRC' failed" ++ fi + + return $? + } +@@ -406,6 +438,10 @@ + return $OCF_ERR_CONFIGURED + fi + ++ if ! echo "$OCF_RESKEY_destination" | grep -q "/"; then ++ return $OCF_ERR_CONFIGURED ++ fi ++ + + if ! [ "x$SYSTYPE" = "xLinux" ]; then + # checks after this point are only relevant for linux. +@@ -486,7 +522,11 @@ + } + + INTERFACE=`echo $findif_out | awk '{print $1}'` +-NETWORK=`$IP2UTIL route list dev $INTERFACE scope link $PROTO match $ipaddress|grep -m 1 -o '^[^ ]*'` ++if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] ;then ++ NETWORK=`$IP2UTIL route list dev $INTERFACE scope link $PROTO match $ipaddress|grep -m 1 -o '^[^ ]*'` ++else ++ NETWORK="$OCF_RESKEY_destination" ++fi + + case $1 in + start) srca_start $ipaddress diff --git a/SOURCES/bz1582685-IPsrcaddr-2-local-rule-destination-fixes.patch b/SOURCES/bz1582685-IPsrcaddr-2-local-rule-destination-fixes.patch new file mode 100644 index 0000000..cca64cb --- /dev/null +++ b/SOURCES/bz1582685-IPsrcaddr-2-local-rule-destination-fixes.patch @@ -0,0 +1,42 @@ +From 0e73d3f474d08779b64ed99fb3f80c1e806ff1b7 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 28 Nov 2019 16:11:51 +0100 +Subject: [PATCH] IPsrcaddr: fixes to replace local rule if using local table, + and set src back to primary for device on stop + +--- + heartbeat/IPsrcaddr | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr +index d80b72165..f9085f082 100755 +--- a/heartbeat/IPsrcaddr ++++ b/heartbeat/IPsrcaddr +@@ -75,6 +75,10 @@ USAGE="usage: $0 {start|stop|status|monitor|validate-all|meta-data}"; + CMDSHOW="$IP2UTIL route show $TABLE to exact $OCF_RESKEY_destination" + CMDCHANGE="$IP2UTIL route change to " + ++if [ "$OCF_RESKEY_table" = "local" ]; then ++ TABLE="$TABLE local" ++fi ++ + SYSTYPE="`uname -s`" + + usage() { +@@ -247,8 +251,14 @@ srca_stop() { + + [ $rc = 2 ] && errorexit "The address you specified to stop does not match the preferred source address" + +- $IP2UTIL route replace $TABLE $NETWORK dev $INTERFACE || \ +- errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE' failed" ++ OPTS="" ++ if [ "$OCF_RESKEY_destination" != "0.0.0.0/0" ] ;then ++ PRIMARY_IP="$($IP2UTIL -4 -o addr show dev eth0 primary | awk '{split($4,a,"/");print a[1]}')" ++ OPTS="proto kernel scope host src $PRIMARY_IP" ++ fi ++ ++ $IP2UTIL route replace $TABLE $NETWORK dev $INTERFACE $OPTS || \ ++ errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE $OPTS' failed" + + if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] ;then + $CMDCHANGE $ROUTE_WO_SRC || \ diff --git a/SOURCES/bz1582685-IPsrcaddr-3-fix-probe-issues.patch b/SOURCES/bz1582685-IPsrcaddr-3-fix-probe-issues.patch new file mode 100644 index 0000000..b9f8e7e --- /dev/null +++ b/SOURCES/bz1582685-IPsrcaddr-3-fix-probe-issues.patch @@ -0,0 +1,45 @@ +From 7afc581f6cd8fc37c3e14ece12fb16d31f1886f9 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 10 Jan 2020 14:35:56 +0100 +Subject: [PATCH] IPsrcaddr: fixes to avoid failing during probe + +--- + heartbeat/IPsrcaddr | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr +index f9085f082..0ef8b391f 100755 +--- a/heartbeat/IPsrcaddr ++++ b/heartbeat/IPsrcaddr +@@ -75,6 +75,10 @@ USAGE="usage: $0 {start|stop|status|monitor|validate-all|meta-data}"; + CMDSHOW="$IP2UTIL route show $TABLE to exact $OCF_RESKEY_destination" + CMDCHANGE="$IP2UTIL route change to " + ++if [ "$OCF_RESKEY_destination" != "0.0.0.0/0" ]; then ++ CMDSHOW="$CMDSHOW src $OCF_RESKEY_ipaddress" ++fi ++ + if [ "$OCF_RESKEY_table" = "local" ]; then + TABLE="$TABLE local" + fi +@@ -183,7 +187,7 @@ export OCF_RESKEY_ip=$OCF_RESKEY_ipaddress + + srca_read() { + # Capture matching route - doublequotes prevent word splitting... +- ROUTE="`$CMDSHOW`" || errorexit "command '$CMDSHOW' failed" ++ ROUTE="`$CMDSHOW 2> /dev/null`" || errorexit "command '$CMDSHOW' failed" + + # ... so we can make sure there is only 1 matching route + [ 1 -eq `echo "$ROUTE" | wc -l` ] || \ +@@ -199,6 +203,11 @@ srca_read() { + # and what remains after stripping out the source ip address clause + ROUTE_WO_SRC=`echo $ROUTE | sed "s/$MATCHROUTE/\1\5/"` + ++ # using "src " only returns output if there's a match ++ if [ "$OCF_RESKEY_destination" != "0.0.0.0/0" ]; then ++ [ -z "$ROUTE" ] && return 1 || return 0 ++ fi ++ + [ -z "$SRCIP" ] && return 1 + [ $SRCIP = $1 ] && return 0 + return 2 diff --git a/SOURCES/bz1582685-IPsrcaddr-4-fix-hardcoded-device.patch b/SOURCES/bz1582685-IPsrcaddr-4-fix-hardcoded-device.patch new file mode 100644 index 0000000..e0e1d04 --- /dev/null +++ b/SOURCES/bz1582685-IPsrcaddr-4-fix-hardcoded-device.patch @@ -0,0 +1,23 @@ +From 5f0d15ad70098510a3782d6fd18d6eacfb51b0cf Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 16 Jan 2020 14:59:26 +0100 +Subject: [PATCH] IPsrcaddr: remove hardcoded device when using destination + parameter + +--- + heartbeat/IPsrcaddr | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr +index 0ef8b391f..7cdc3a9fe 100755 +--- a/heartbeat/IPsrcaddr ++++ b/heartbeat/IPsrcaddr +@@ -262,7 +262,7 @@ srca_stop() { + + OPTS="" + if [ "$OCF_RESKEY_destination" != "0.0.0.0/0" ] ;then +- PRIMARY_IP="$($IP2UTIL -4 -o addr show dev eth0 primary | awk '{split($4,a,"/");print a[1]}')" ++ PRIMARY_IP="$($IP2UTIL -4 -o addr show dev $INTERFACE primary | awk '{split($4,a,"/");print a[1]}')" + OPTS="proto kernel scope host src $PRIMARY_IP" + fi + diff --git a/SOURCES/bz1598969-1-iSCSITarget-create-iqn-when-it-doesnt-exist.patch b/SOURCES/bz1598969-1-iSCSITarget-create-iqn-when-it-doesnt-exist.patch new file mode 100644 index 0000000..d50b231 --- /dev/null +++ b/SOURCES/bz1598969-1-iSCSITarget-create-iqn-when-it-doesnt-exist.patch @@ -0,0 +1,31 @@ +From 9273b83edf6ee72a59511f307e168813ca3d31fd Mon Sep 17 00:00:00 2001 +From: colttt +Date: Fri, 12 Oct 2018 15:29:48 +0200 +Subject: [PATCH] possible fix for #1026 + +add an if-condition and remove an useless 'targetcli create' +--- + heartbeat/iSCSITarget.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/iSCSITarget.in b/heartbeat/iSCSITarget.in +index e49a79016..9128fdc55 100644 +--- a/heartbeat/iSCSITarget.in ++++ b/heartbeat/iSCSITarget.in +@@ -340,13 +340,13 @@ iSCSITarget_start() { + ocf_take_lock $TARGETLOCKFILE + ocf_release_lock_on_exit $TARGETLOCKFILE + ocf_run targetcli /iscsi set global auto_add_default_portal=false || exit $OCF_ERR_GENERIC +- ocf_run targetcli /iscsi create ${OCF_RESKEY_iqn} || exit $OCF_ERR_GENERIC ++ if ! [ -d /sys/kernel/config/target/iscsi/${OCF_RESKEY_iqn} ] ; then ++ ocf_run targetcli /iscsi create ${OCF_RESKEY_iqn} || exit $OCF_ERR_GENERIC ++ fi + for portal in ${OCF_RESKEY_portals}; do + if [ $portal != ${OCF_RESKEY_portals_default} ] ; then + IFS=':' read -a sep_portal <<< "$portal" + ocf_run targetcli /iscsi/${OCF_RESKEY_iqn}/tpg1/portals create "${sep_portal[0]}" "${sep_portal[1]}" || exit $OCF_ERR_GENERIC +- else +- ocf_run targetcli /iscsi create ${OCF_RESKEY_iqn} || exit $OCF_ERR_GENERIC + fi + done + # in lio, we can set target parameters by manipulating diff --git a/SOURCES/bz1598969-2-iSCSILogicalUnit-create-acls-fix.patch b/SOURCES/bz1598969-2-iSCSILogicalUnit-create-acls-fix.patch new file mode 100644 index 0000000..a349e46 --- /dev/null +++ b/SOURCES/bz1598969-2-iSCSILogicalUnit-create-acls-fix.patch @@ -0,0 +1,24 @@ +From 0d53e80957a00016418080967892337b1b13f99d Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 30 Jul 2019 11:23:07 +0200 +Subject: [PATCH] iSCSILogicalUnit: only create acls if it doesnt exist + +--- + heartbeat/iSCSILogicalUnit.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/iSCSILogicalUnit.in b/heartbeat/iSCSILogicalUnit.in +index 0fe85b593..02045d754 100644 +--- a/heartbeat/iSCSILogicalUnit.in ++++ b/heartbeat/iSCSILogicalUnit.in +@@ -420,8 +420,8 @@ iSCSILogicalUnit_start() { + + if [ -n "${OCF_RESKEY_allowed_initiators}" ]; then + for initiator in ${OCF_RESKEY_allowed_initiators}; do +- ocf_run targetcli /iscsi/${OCF_RESKEY_target_iqn}/tpg1/acls create ${initiator} add_mapped_luns=False || exit $OCF_ERR_GENERIC +- ocf_run targetcli /iscsi/${OCF_RESKEY_target_iqn}/tpg1/acls/${initiator} create ${OCF_RESKEY_lun} ${OCF_RESKEY_lun} || exit $OCF_ERR_GENERIC ++ [ -d "/sys/kernel/config/target/iscsi/${OCF_RESKEY_target_iqn}/tpgt_1/acls" ] || ocf_run targetcli /iscsi/${OCF_RESKEY_target_iqn}/tpg1/acls create ${initiator} add_mapped_luns=False || exit $OCF_ERR_GENERIC ++ [ -d "/sys/kernel/config/target/iscsi/${OCF_RESKEY_target_iqn}/tpgt_1/acls/${initiator}" ] || ocf_run targetcli /iscsi/${OCF_RESKEY_target_iqn}/tpg1/acls/${initiator} create ${OCF_RESKEY_lun} ${OCF_RESKEY_lun} || exit $OCF_ERR_GENERIC + done + fi + diff --git a/SOURCES/bz1598969-iSCSILogicalUnit-create-iqn-when-it-doesnt-exist.patch b/SOURCES/bz1598969-iSCSILogicalUnit-create-iqn-when-it-doesnt-exist.patch deleted file mode 100644 index d50b231..0000000 --- a/SOURCES/bz1598969-iSCSILogicalUnit-create-iqn-when-it-doesnt-exist.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 9273b83edf6ee72a59511f307e168813ca3d31fd Mon Sep 17 00:00:00 2001 -From: colttt -Date: Fri, 12 Oct 2018 15:29:48 +0200 -Subject: [PATCH] possible fix for #1026 - -add an if-condition and remove an useless 'targetcli create' ---- - heartbeat/iSCSITarget.in | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/heartbeat/iSCSITarget.in b/heartbeat/iSCSITarget.in -index e49a79016..9128fdc55 100644 ---- a/heartbeat/iSCSITarget.in -+++ b/heartbeat/iSCSITarget.in -@@ -340,13 +340,13 @@ iSCSITarget_start() { - ocf_take_lock $TARGETLOCKFILE - ocf_release_lock_on_exit $TARGETLOCKFILE - ocf_run targetcli /iscsi set global auto_add_default_portal=false || exit $OCF_ERR_GENERIC -- ocf_run targetcli /iscsi create ${OCF_RESKEY_iqn} || exit $OCF_ERR_GENERIC -+ if ! [ -d /sys/kernel/config/target/iscsi/${OCF_RESKEY_iqn} ] ; then -+ ocf_run targetcli /iscsi create ${OCF_RESKEY_iqn} || exit $OCF_ERR_GENERIC -+ fi - for portal in ${OCF_RESKEY_portals}; do - if [ $portal != ${OCF_RESKEY_portals_default} ] ; then - IFS=':' read -a sep_portal <<< "$portal" - ocf_run targetcli /iscsi/${OCF_RESKEY_iqn}/tpg1/portals create "${sep_portal[0]}" "${sep_portal[1]}" || exit $OCF_ERR_GENERIC -- else -- ocf_run targetcli /iscsi create ${OCF_RESKEY_iqn} || exit $OCF_ERR_GENERIC - fi - done - # in lio, we can set target parameters by manipulating diff --git a/SOURCES/bz1642067-SAPHanaTopology-make-multi-instance-aware.patch b/SOURCES/bz1642067-SAPHanaTopology-make-multi-instance-aware.patch new file mode 100644 index 0000000..c4fbd7c --- /dev/null +++ b/SOURCES/bz1642067-SAPHanaTopology-make-multi-instance-aware.patch @@ -0,0 +1,49 @@ +From d43d8af650ee9ed175ebd4fdfc15ac2767734a8d Mon Sep 17 00:00:00 2001 +From: Fabian Herschel +Date: Wed, 25 Jul 2018 12:30:32 +0200 +Subject: [PATCH] ra/SAPHanaTopology: bsc#1016691 "SAPHanaSR: Status file of + SAPHanaTopology is not multi instance aware (MCOS)" + +--- + SAPHana/ra/SAPHanaTopology | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/SAPHanaSR-2067519/SAPHana/ra/SAPHanaTopology b/SAPHanaSR-2067519/SAPHana/ra/SAPHanaTopology +index 1e2f301..20d2593 100755 +--- a/SAPHanaSR-2067519/SAPHana/ra/SAPHanaTopology ++++ b/SAPHanaSR-2067519/SAPHana/ra/SAPHanaTopology +@@ -28,7 +28,7 @@ + ####################################################################### + # + # Initialization: +-SAPHanaVersion="0.152.21" ++SAPHanaVersion="0.152.22" + timeB=$(date '+%s') + + : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} +@@ -736,15 +736,17 @@ function sht_start() { + # sht_stop: Stop the SAP HANA Topology Resource + # + function sht_stop() { +- super_ocf_log info "FLOW $FUNCNAME ($*)" +- local output="" +- local rc=0 +- +- rm $HA_RSCTMP/SAPHana/SAPTopologyON.${SID} +- rc=$OCF_SUCCESS ++ super_ocf_log info "FLOW $FUNCNAME ($*)" ++ local output="" ++ local rc=0 ++ if [ -f $HA_RSCTMP/SAPHana/SAPTopologyON ]; then ++ rm $HA_RSCTMP/SAPHana/SAPTopologyON ++ fi ++ rm $HA_RSCTMP/SAPHana/SAPTopologyON.${SID} ++ rc=$OCF_SUCCESS + +- super_ocf_log info "FLOW $FUNCNAME rc=$rc" +- return $rc ++ super_ocf_log info "FLOW $FUNCNAME rc=$rc" ++ return $rc + } + + diff --git a/SOURCES/bz1695041-LVM-activate-return-NOT_RUNNING-rejoin-cluster.patch b/SOURCES/bz1695041-LVM-activate-return-NOT_RUNNING-rejoin-cluster.patch new file mode 100644 index 0000000..05e00fb --- /dev/null +++ b/SOURCES/bz1695041-LVM-activate-return-NOT_RUNNING-rejoin-cluster.patch @@ -0,0 +1,82 @@ +From 4ee9a7026d7ed15b0b5cd26f06a21d04fc05d14e Mon Sep 17 00:00:00 2001 +From: Roger Zhou +Date: Mon, 1 Apr 2019 22:57:26 +0800 +Subject: [PATCH 1/2] LVM-activate: return OCF_NOT_RUNNING on initial probe + +In the use case of lvm on top of cluster md/raid. When the fenced node +rejoins to the cluster, Pacemaker will run the monitor action for the +probe operation. At that time, LVM PV and VG won't exist before cluster +md/raid get assembled, and the probe should return $OCF_NOT_RUNNING +instead of $OCF_ERR_CONFIGURED. + +Signed-off-by: Roger Zhou +--- + heartbeat/LVM-activate | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/heartbeat/LVM-activate b/heartbeat/LVM-activate +index 3c462c75c..91ac05c34 100755 +--- a/heartbeat/LVM-activate ++++ b/heartbeat/LVM-activate +@@ -329,6 +329,7 @@ lvmlockd_check() + # Good: lvmlockd is running, and clvmd is not running + if ! pgrep lvmlockd >/dev/null 2>&1 ; then + if ocf_is_probe; then ++ ocf_log info "initial probe: lvmlockd is not running yet." + exit $OCF_NOT_RUNNING + fi + +@@ -481,6 +482,11 @@ lvm_validate() { + exit $OCF_SUCCESS + fi + ++ if ocf_is_probe; then ++ ocf_log info "initial probe: VG [${VG}] is not found on any block device yet." ++ exit $OCF_NOT_RUNNING ++ fi ++ + ocf_exit_reason "Volume group[${VG}] doesn't exist, or not visible on this node!" + exit $OCF_ERR_CONFIGURED + fi + +From df2f58c400b1f6f239f9e1c1fdf6ce0875639b43 Mon Sep 17 00:00:00 2001 +From: Roger Zhou +Date: Mon, 1 Apr 2019 23:02:54 +0800 +Subject: [PATCH 2/2] LVM-activate: align dmsetup report command to standard + +Namely to change 'vgname/lvname' to 'vg_name/lv_name'. The dmsetup +report command follows lvm2 selection criteria field name standard. +- dmsetup v1.02.86 (lvm2 v2_02_107) - 23rd June 2014 + "Add dmsetup -S/--select to define selection criteria" +- dmsetup info -c -S help + +Signed-off-by: Roger Zhou +--- + heartbeat/LVM-activate | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/LVM-activate b/heartbeat/LVM-activate +index 91ac05c34..730d9a09d 100755 +--- a/heartbeat/LVM-activate ++++ b/heartbeat/LVM-activate +@@ -707,7 +707,7 @@ tagging_deactivate() { + # method: + # + # lv_count=$(vgs --foreign -o lv_count --noheadings ${VG} 2>/dev/null | tr -d '[:blank:]') +-# dm_count=$(dmsetup --noheadings info -c -S "vgname=${VG}" 2>/dev/null | grep -c "${VG}-") ++# dm_count=$(dmsetup --noheadings info -c -S "vg_name=${VG}" 2>/dev/null | grep -c "${VG}-") + # test $lv_count -eq $dm_count + # + # It works, but we cannot afford to use LVM command in lvm_status. LVM command is expensive +@@ -730,9 +730,9 @@ lvm_status() { + if [ -n "${LV}" ]; then + # dmsetup ls? It cannot accept device name. It's + # too heavy to list all DM devices. +- dm_count=$(dmsetup info --noheadings --noflush -c -S "vgname=${VG} && lvname=${LV}" | grep -c -v '^No devices found') ++ dm_count=$(dmsetup info --noheadings --noflush -c -S "vg_name=${VG} && lv_name=${LV}" | grep -c -v '^No devices found') + else +- dm_count=$(dmsetup info --noheadings --noflush -c -S "vgname=${VG}" | grep -c -v '^No devices found') ++ dm_count=$(dmsetup info --noheadings --noflush -c -S "vg_name=${VG}" | grep -c -v '^No devices found') + fi + + if [ $dm_count -eq 0 ]; then diff --git a/SOURCES/bz1716418-dhcpd-keep-selinux-context.patch b/SOURCES/bz1716418-dhcpd-keep-selinux-context.patch new file mode 100644 index 0000000..82a46c1 --- /dev/null +++ b/SOURCES/bz1716418-dhcpd-keep-selinux-context.patch @@ -0,0 +1,28 @@ +From c8c073ed81884128b0b3955fb0b0bd23661044a2 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Wed, 12 Jun 2019 12:45:08 +0200 +Subject: [PATCH] dhcpd: keep SELinux context + +--- + heartbeat/dhcpd | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/dhcpd b/heartbeat/dhcpd +index 8b2d8b695..46027b39b 100755 +--- a/heartbeat/dhcpd ++++ b/heartbeat/dhcpd +@@ -337,12 +337,12 @@ dhcpd_initialize_chroot() { + done | sort -u` + for i in $cplibs ; do + if [ -s "$i" ]; then +- cp -pL "$i" "${OCF_RESKEY_chrooted_path}/$libdir/" || ++ cp -aL "$i" "${OCF_RESKEY_chrooted_path}/$libdir/" || + { ocf_exit_reason "could not copy $i to chroot jail"; return $OCF_ERR_GENERIC; } + fi + done + +- return $OCF_SUCCESS ++ return $OCF_SUCCESS + } + + # Initialize a non-chroot environment diff --git a/SOURCES/bz1719443-CTDB-1-fixes.patch b/SOURCES/bz1719443-CTDB-1-fixes.patch new file mode 100644 index 0000000..813bf81 --- /dev/null +++ b/SOURCES/bz1719443-CTDB-1-fixes.patch @@ -0,0 +1,131 @@ +From 8c61f2019d11781b737251b5cf839437b25fc53f Mon Sep 17 00:00:00 2001 +From: David Disseldorp +Date: Wed, 25 Jul 2018 23:15:10 +0200 +Subject: [PATCH 1/3] CTDB: fix incorrect db corruption reports (bsc#1101668) + +If a database was disconnected during an active transaction, then +tdbdump may fail with e.g.: +> /usr/bin/tdbdump /var/lib/ctdb/persistent/secrets.tdb.1 +Failed to open /var/lib/ctdb/persistent/secrets.tdb.1 +tdb(/var/lib/ctdb/persistent/secrets.tdb.1): FATAL: +tdb_transaction_recover: attempt to recover read only database + +This does *not* indicate corruption, only that tdbdump, which opens the +database readonly, isn't able to perform recovery. + +Using tdbtool check, instead of tdbdump, passes: +> tdbtool /var/lib/ctdb/persistent/secrets.tdb.1 check +tdb_transaction_recover: recovered 2146304 byte database +Database integrity is OK and has 2 records. + +Drop the tdbdump checks, and instead rely on the core ctdb event script, +which performs the same checks with tdbtool. + +Signed-off-by: David Disseldorp +--- + heartbeat/CTDB.in | 18 ++++-------------- + 1 file changed, 4 insertions(+), 14 deletions(-) + +diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in +index 1456ea32b..28e58cea0 100755 +--- a/heartbeat/CTDB.in ++++ b/heartbeat/CTDB.in +@@ -392,6 +392,8 @@ enable_event_scripts() { + local event_dir + event_dir=$OCF_RESKEY_ctdb_config_dir/events.d + ++ chmod u+x "$event_dir/00.ctdb" # core database health check ++ + if [ -f "${OCF_RESKEY_ctdb_config_dir}/public_addresses" ]; then + chmod u+x "$event_dir/10.interface" + else +@@ -563,17 +565,6 @@ ctdb_start() { + rv=$? + [ $rv -ne 0 ] && return $rv + +- # Die if databases are corrupted +- persistent_db_dir="${OCF_RESKEY_ctdb_dbdir}/persistent" +- mkdir -p $persistent_db_dir 2>/dev/null +- for pdbase in $persistent_db_dir/*.tdb.[0-9]; do +- [ -f "$pdbase" ] || break +- /usr/bin/tdbdump "$pdbase" >/dev/null 2>/dev/null || { +- ocf_exit_reason "Persistent database $pdbase is corrupted! CTDB will not start." +- return $OCF_ERR_GENERIC +- } +- done +- + # Add necessary configuration to smb.conf + init_smb_conf + if [ $? -ne 0 ]; then +@@ -737,9 +728,8 @@ ctdb_monitor() { + + + ctdb_validate() { +- # Required binaries (full path to tdbdump is intentional, as that's +- # what's used in ctdb_start, which was lifted from the init script) +- for binary in pkill /usr/bin/tdbdump; do ++ # Required binaries ++ for binary in pkill; do + check_binary $binary + done + + +From 1ff4ce7cbe58b5309f00ac1bbe124c562b6dcaf6 Mon Sep 17 00:00:00 2001 +From: David Disseldorp +Date: Fri, 27 Jul 2018 16:02:26 +0200 +Subject: [PATCH 2/3] CTDB: explicitly use bash shell + +Upcoming recovery lock substring processing is bash specific. + +Signed-off-by: David Disseldorp +--- + configure.ac | 1 + + heartbeat/CTDB.in | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in +index 7d87a4ef7..f9b5c564f 100755 +--- a/heartbeat/CTDB.in ++++ b/heartbeat/CTDB.in +@@ -134,8 +134,8 @@ For more information see http://linux-ha.org/wiki/CTDB_(resource_agent) + + + +-The location of a shared lock file, common across all nodes. +-This must be on shared storage, e.g.: /shared-fs/samba/ctdb.lock ++The location of a shared lock file or helper binary, common across all nodes. ++See CTDB documentation for details. + + CTDB shared lock file + +@@ -757,13 +757,24 @@ ctdb_validate() { + return $OCF_ERR_CONFIGURED + fi + +- lock_dir=$(dirname "$OCF_RESKEY_ctdb_recovery_lock") +- touch "$lock_dir/$$" 2>/dev/null +- if [ $? != 0 ]; then +- ocf_exit_reason "Directory for lock file '$OCF_RESKEY_ctdb_recovery_lock' does not exist, or is not writable." +- return $OCF_ERR_ARGS ++ if [ "${OCF_RESKEY_ctdb_recovery_lock:0:1}" == '!' ]; then ++ # '!' prefix means recovery lock is handled via a helper binary ++ binary="${OCF_RESKEY_ctdb_recovery_lock:1}" ++ binary="${binary%% *}" # trim any parameters ++ if [ -z "$binary" ]; then ++ ocf_exit_reason "ctdb_recovery_lock invalid helper" ++ return $OCF_ERR_CONFIGURED ++ fi ++ check_binary "${binary}" ++ else ++ lock_dir=$(dirname "$OCF_RESKEY_ctdb_recovery_lock") ++ touch "$lock_dir/$$" 2>/dev/null ++ if [ $? != 0 ]; then ++ ocf_exit_reason "Directory for lock file '$OCF_RESKEY_ctdb_recovery_lock' does not exist, or is not writable." ++ return $OCF_ERR_ARGS ++ fi ++ rm "$lock_dir/$$" + fi +- rm "$lock_dir/$$" + + return $OCF_SUCCESS + } diff --git a/SOURCES/bz1719443-CTDB-2-add-v4.9-support.patch b/SOURCES/bz1719443-CTDB-2-add-v4.9-support.patch new file mode 100644 index 0000000..a3332ef --- /dev/null +++ b/SOURCES/bz1719443-CTDB-2-add-v4.9-support.patch @@ -0,0 +1,452 @@ +From 30b9f55325d2acfba27aa6859c7360e10b7201d7 Mon Sep 17 00:00:00 2001 +From: David Disseldorp +Date: Wed, 5 Jun 2019 00:41:13 +0200 +Subject: [PATCH 1/3] CTDB: support Samba 4.9+ + +With Samba 4.9+, all ctdbd parameters have moved to config files. +Generate a new /etc/ctdb/ctdb.conf file during ctdb startup, based on RA +configuration. + +Event scripts in Samba 4.9+ are also no longer enabled/disabled based on +file mode. Use the "ctdb event script enable/disable" helpers, which now +work without a running ctdbd. + +Fixes: https://github.com/ClusterLabs/resource-agents/issues/1196 +Signed-off-by: David Disseldorp +Signed-off-by: Noel Power +Signed-off-by: Amitay Isaacs +--- + heartbeat/CTDB.in | 214 ++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 167 insertions(+), 47 deletions(-) + +diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in +index 4dd646896..79a2f97e7 100755 +--- a/heartbeat/CTDB.in ++++ b/heartbeat/CTDB.in +@@ -143,6 +143,10 @@ OCF_RESKEY_smb_fileid_algorithm_default="" + + ####################################################################### + ++ctdb_version() { ++ $OCF_RESKEY_ctdb_binary version | awk '{print $NF}' | sed "s/[-\.]\?[[:alpha:]].*//" ++} ++ + meta_data() { + cat < +@@ -256,7 +260,7 @@ host any public ip addresses. + + The directory containing various CTDB configuration files. + The "nodes" and "notify.sh" scripts are expected to be +-in this directory, as is the "events.d" subdirectory. ++in this directory. + + CTDB config file directory + +@@ -282,8 +286,10 @@ Full path to the CTDB cluster daemon binary. + + Full path to the domain socket that ctdbd will create, used for + local clients to attach and communicate with the ctdb daemon. ++With CTDB 4.9.0 and later the socket path is hardcoded at build ++time, so this parameter is ignored. + +-CTDB socket location ++CTDB socket location (ignored with CTDB 4.9+) + + + +@@ -421,16 +427,28 @@ invoke_ctdb() { + timeout=$((OCF_RESKEY_CRM_meta_timeout/1000)) + timelimit=$((OCF_RESKEY_CRM_meta_timeout/1000)) + fi +- $OCF_RESKEY_ctdb_binary --socket="$OCF_RESKEY_ctdb_socket" \ +- -t $timeout -T $timelimit \ +- "$@" ++ ++ local vers=$(ctdb_version) ++ ocf_version_cmp "$vers" "4.9.0" ++ ++ # if version < 4.9.0 specify '--socket' otherwise it's ++ # a compiled option ++ if [ "$?" -eq "0" ]; then ++ $OCF_RESKEY_ctdb_binary --socket="$OCF_RESKEY_ctdb_socket" \ ++ -t $timeout -T $timelimit \ ++ "$@" ++ else ++ $OCF_RESKEY_ctdb_binary \ ++ -t $timeout -T $timelimit \ ++ "$@" ++ fi + } + + # Enable any event scripts that are explicitly required. + # Any others will ultimately be invoked or not based on how they ship + # with CTDB, but will generally have no effect, beacuase the relevant + # CTDB_MANAGES_* options won't be set in /etc/sysconfig/ctdb. +-enable_event_scripts() { ++enable_event_scripts_chmod() { + local event_dir + event_dir=$OCF_RESKEY_ctdb_config_dir/events.d + +@@ -454,6 +472,36 @@ enable_event_scripts() { + fi + } + ++enable_event_scripts_symlink() { ++ # event scripts are symlinked once enabled, with the link source in... ++ mkdir -p "$OCF_RESKEY_ctdb_config_dir/events/legacy" 2>/dev/null ++ ++ invoke_ctdb event script enable legacy 00.ctdb ++ ++ if [ -f "${OCF_RESKEY_ctdb_config_dir}/public_addresses" ]; then ++ invoke_ctdb event script enable legacy 10.interface ++ else ++ invoke_ctdb event script disable legacy 10.interface ++ fi ++ if [ -f "${OCF_RESKEY_ctdb_config_dir}/static-routes" ]; then ++ invoke_ctdb event script enable legacy 11.routing ++ else ++ invoke_ctdb event script disable legacy 11.routing ++ fi ++ ++ if ocf_is_true "$OCF_RESKEY_ctdb_manages_winbind"; then ++ invoke_ctdb event script enable legacy 49.winbind ++ else ++ invoke_ctdb event script disable legacy 49.winbind ++ fi ++ ++ if ocf_is_true "$OCF_RESKEY_ctdb_manages_samba"; then ++ invoke_ctdb event script enable legacy 50.samba ++ else ++ invoke_ctdb event script disable legacy 50.samba ++ fi ++} ++ + # This function has no effect (currently no way to set CTDB_SET_*) + # but remains here in case we need it in future. + set_ctdb_variables() { +@@ -556,6 +604,46 @@ append_ctdb_sysconfig() { + [ -n "$2" ] && echo "$1=$2" >> "$CTDB_SYSCONFIG" + } + ++generate_ctdb_config() { ++ local ctdb_config="$OCF_RESKEY_ctdb_config_dir/ctdb.conf" ++ ++ # Backup existing config if we're not already using an auto-generated one ++ grep -qa '# CTDB-RA: Auto-generated' $ctdb_config || cp -p $ctdb_config ${ctdb_config}.ctdb-ra-orig ++ if [ $? -ne 0 ]; then ++ ocf_log warn "Unable to backup $ctdb_config to ${ctdb_config}.ctdb-ra-orig" ++ fi ++ ++ local log_option="file:$OCF_RESKEY_ctdb_logfile" ++ if [ "$OCF_RESKEY_ctdb_logfile" = "syslog" ]; then ++ log_option="syslog" ++ fi ++ ++ local start_as_disabled="false" ++ ocf_is_true "$OCF_RESKEY_ctdb_start_as_disabled" && start_as_disabled="true" ++ ++ local dbdir_volatile="$OCF_RESKEY_ctdb_dbdir/volatile" ++ [ -d "$dbdir_volatile" ] || mkdir -p "$dbdir_volatile" 2>/dev/null ++ local dbdir_persistent="$OCF_RESKEY_ctdb_dbdir/persistent" ++ [ -d "$dbdir_persistent" ] || mkdir -p "$dbdir_persistent" 2>/dev/null ++ local dbdir_state="$OCF_RESKEY_ctdb_dbdir/state" ++ [ -d "$dbdir_state" ] || mkdir -p "$dbdir_state" 2>/dev/null ++ ++cat >$ctdb_config </dev/null + +- # public addresses file (should not be present, but need to set for correctness if it is) +- local pub_addr_option +- pub_addr_option="" +- [ -f "${OCF_RESKEY_ctdb_config_dir}/public_addresses" ] && \ +- pub_addr_option="--public-addresses=${OCF_RESKEY_ctdb_config_dir}/public_addresses" +- # start as disabled +- local start_as_disabled +- start_as_disabled="--start-as-disabled" +- ocf_is_true "$OCF_RESKEY_ctdb_start_as_disabled" || start_as_disabled="" +- + # set nofile ulimit for ctdbd process + if [ -n "$OCF_RESKEY_ctdb_max_open_files" ]; then + ulimit -n "$OCF_RESKEY_ctdb_max_open_files" + fi + + # Start her up +- "$OCF_RESKEY_ctdbd_binary" \ +- --reclock="$OCF_RESKEY_ctdb_recovery_lock" \ +- --nlist="$OCF_RESKEY_ctdb_config_dir/nodes" \ +- --socket="$OCF_RESKEY_ctdb_socket" \ +- --dbdir="$OCF_RESKEY_ctdb_dbdir" \ +- --dbdir-persistent="$OCF_RESKEY_ctdb_dbdir/persistent" \ +- --event-script-dir="$OCF_RESKEY_ctdb_config_dir/events.d" \ +- --notification-script="$OCF_RESKEY_ctdb_config_dir/notify.sh" \ +- --transport=tcp \ +- $start_as_disabled $log_option $pub_addr_option \ +- -d "$OCF_RESKEY_ctdb_debuglevel" ++ invoke_ctdbd "$version" ++ + if [ $? -ne 0 ]; then + # cleanup smb.conf + cleanup_smb_conf +@@ -688,7 +808,7 @@ ctdb_start() { + if [ $? -ne 0 ]; then + # CTDB will be running, kill it before returning + ctdb_stop +- ocf_exit_reason "Can't invoke $OCF_RESKEY_ctdb_binary --socket=$OCF_RESKEY_ctdb_socket status" ++ ocf_exit_reason "Can't invoke $OCF_RESKEY_ctdb_binary status" + return $OCF_ERR_GENERIC + fi + if ! echo "$status" | grep -qs 'UNHEALTHY (THIS'; then +@@ -725,7 +845,7 @@ ctdb_stop() { + [ $count -gt 10 ] && { + ocf_log info "killing ctdbd " + pkill -9 -f "$OCF_RESKEY_ctdbd_binary" +- pkill -9 -f "${OCF_RESKEY_ctdb_config_dir}/events.d/" ++ pkill -9 -f "${OCF_RESKEY_ctdb_config_dir}/events" + } + done + + +From b4753b7cb46045bb9e7ed5e3a0a20f6104264b12 Mon Sep 17 00:00:00 2001 +From: David Disseldorp +Date: Wed, 10 Jul 2019 17:11:50 +0200 +Subject: [PATCH 2/3] CTDB: generate script.options file for 4.9+ + +Event scripts in CTDB 4.9+ ignore sysconfig configuration and instead +parse parameters in ctdb_config_dir/script.options . + +Signed-off-by: David Disseldorp +--- + heartbeat/CTDB.in | 35 ++++++++++++++++++++++++++++++----- + 1 file changed, 30 insertions(+), 5 deletions(-) + +diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in +index 79a2f97e7..0906f3da9 100755 +--- a/heartbeat/CTDB.in ++++ b/heartbeat/CTDB.in +@@ -242,6 +242,7 @@ If the amount of free memory drops below this value the node will + become unhealthy and ctdb and all managed services will be shutdown. + Once this occurs, the administrator needs to find the reason for the + OOM situation, rectify it and restart ctdb with "service ctdb start". ++With CTDB 4.4.0 and later this parameter is ignored. + + Minimum amount of free memory (MB) + +@@ -600,8 +601,10 @@ cleanup_smb_conf() { + mv "$OCF_RESKEY_smb_conf.$$" "$OCF_RESKEY_smb_conf" + } + +-append_ctdb_sysconfig() { +- [ -n "$2" ] && echo "$1=$2" >> "$CTDB_SYSCONFIG" ++append_conf() { ++ local file_path="$1" ++ shift ++ [ -n "$2" ] && echo "$1=$2" >> "$file_path" + } + + generate_ctdb_config() { +@@ -644,6 +647,25 @@ cat >$ctdb_config <$script_options < +Date: Wed, 10 Jul 2019 17:54:01 +0200 +Subject: [PATCH 3/3] CTDB: drop sysconfig presence check during validate + +There are two reasons to avoid this check: +- for ctdb versions prior to 4.9.0, the sysconfig file is generated by + the resource agent start hook *after* ctdb_validate() is called. +- post 4.9.0 versions don't use the sysconfig file. + +Signed-off-by: David Disseldorp +--- + heartbeat/CTDB.in | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in +index 0906f3da9..15d78902e 100755 +--- a/heartbeat/CTDB.in ++++ b/heartbeat/CTDB.in +@@ -925,11 +925,6 @@ ctdb_validate() { + check_binary $binary + done + +- if [ -z "$CTDB_SYSCONFIG" ]; then +- ocf_exit_reason "Can't find CTDB config file (expecting /etc/sysconfig/ctdb, /etc/default/ctdb or similar)" +- return $OCF_ERR_INSTALLED +- fi +- + if ocf_is_true "$OCF_RESKEY_ctdb_manages_samba" && [ ! -f "$OCF_RESKEY_smb_conf" ]; then + ocf_exit_reason "Samba config file '$OCF_RESKEY_smb_conf' does not exist." + return $OCF_ERR_INSTALLED diff --git a/SOURCES/bz1726736-Route-1-dont-fence-when-parameters-not-set.patch b/SOURCES/bz1726736-Route-1-dont-fence-when-parameters-not-set.patch new file mode 100644 index 0000000..6c39248 --- /dev/null +++ b/SOURCES/bz1726736-Route-1-dont-fence-when-parameters-not-set.patch @@ -0,0 +1,35 @@ +From 1286636b768bb635e9a6b1f1fbf6267c9c3f4b03 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 19 Aug 2019 13:31:06 +0200 +Subject: [PATCH] Route: dont fence node when parameters arent set + +--- + heartbeat/Route | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/Route b/heartbeat/Route +index b4011e37d..9f92eff3a 100755 +--- a/heartbeat/Route ++++ b/heartbeat/Route +@@ -249,18 +249,18 @@ route_validate() { + if [ "${OCF_RESKEY_CRM_meta_clone}" ]; then + if [ "${OCF_RESKEY_CRM_meta_clone_node_max}" != 1 ]; then + ocf_exit_reason "Misconfigured clone parameters. Must set meta attribute \"clone_node_max\" to 1, got ${OCF_RESKEY_CRM_meta_clone_node_max}." +- return $OCF_ERR_ARGS ++ return $OCF_ERR_CONFIGURED + fi + fi + # Did we get a destination? + if [ -z "${OCF_RESKEY_destination}" ]; then + ocf_exit_reason "Missing required parameter \"destination\"." +- return $OCF_ERR_ARGS ++ return $OCF_ERR_CONFIGURED + fi + # Did we get either a device or a gateway address? + if [ -z "${OCF_RESKEY_device}" -a -z "${OCF_RESKEY_gateway}" ]; then + ocf_exit_reason "Must specify either \"device\", or \"gateway\", or both." +- return $OCF_ERR_ARGS ++ return $OCF_ERR_CONFIGURED + fi + # If a device has been configured, is it available on this system? + if [ -n "${OCF_RESKEY_device}" ]; then diff --git a/SOURCES/bz1726736-Route-2-validate-start-validate-all.patch b/SOURCES/bz1726736-Route-2-validate-start-validate-all.patch new file mode 100644 index 0000000..e2d012e --- /dev/null +++ b/SOURCES/bz1726736-Route-2-validate-start-validate-all.patch @@ -0,0 +1,40 @@ +From 444bdc44fc47c65f848efc0c39c1e8e6620ce10d Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 11 Oct 2019 12:12:52 +0200 +Subject: [PATCH] Route: only validate for start and validate-all actions + +--- + heartbeat/Route | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/Route b/heartbeat/Route +index 9f92eff3a..8898e1afd 100755 +--- a/heartbeat/Route ++++ b/heartbeat/Route +@@ -187,6 +187,8 @@ END + } + + route_start() { ++ route_validate || exit $? ++ + route_status + status=$? + if [ $status -eq $OCF_SUCCESS ]; then +@@ -313,8 +315,6 @@ for binary in ip grep; do + check_binary $binary + done + +-route_validate || exit $? +- + case $OCF_RESKEY_family in + ip4) addr_family="-4" ;; + ip6) addr_family="-6" ;; +@@ -334,7 +334,7 @@ status|monitor) route_status;; + reload) ocf_log info "Reloading..." + route_start + ;; +-validate-all) ;; ++validate-all) route_validate;; + *) route_usage + exit $OCF_ERR_UNIMPLEMENTED + ;; diff --git a/SOURCES/bz1731426-dhcpd-keep-selinux-context.patch b/SOURCES/bz1731426-dhcpd-keep-selinux-context.patch deleted file mode 100644 index 82a46c1..0000000 --- a/SOURCES/bz1731426-dhcpd-keep-selinux-context.patch +++ /dev/null @@ -1,28 +0,0 @@ -From c8c073ed81884128b0b3955fb0b0bd23661044a2 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Wed, 12 Jun 2019 12:45:08 +0200 -Subject: [PATCH] dhcpd: keep SELinux context - ---- - heartbeat/dhcpd | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/heartbeat/dhcpd b/heartbeat/dhcpd -index 8b2d8b695..46027b39b 100755 ---- a/heartbeat/dhcpd -+++ b/heartbeat/dhcpd -@@ -337,12 +337,12 @@ dhcpd_initialize_chroot() { - done | sort -u` - for i in $cplibs ; do - if [ -s "$i" ]; then -- cp -pL "$i" "${OCF_RESKEY_chrooted_path}/$libdir/" || -+ cp -aL "$i" "${OCF_RESKEY_chrooted_path}/$libdir/" || - { ocf_exit_reason "could not copy $i to chroot jail"; return $OCF_ERR_GENERIC; } - fi - done - -- return $OCF_SUCCESS -+ return $OCF_SUCCESS - } - - # Initialize a non-chroot environment diff --git a/SOURCES/bz1731427-CTDB-1-fixes.patch b/SOURCES/bz1731427-CTDB-1-fixes.patch deleted file mode 100644 index 813bf81..0000000 --- a/SOURCES/bz1731427-CTDB-1-fixes.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 8c61f2019d11781b737251b5cf839437b25fc53f Mon Sep 17 00:00:00 2001 -From: David Disseldorp -Date: Wed, 25 Jul 2018 23:15:10 +0200 -Subject: [PATCH 1/3] CTDB: fix incorrect db corruption reports (bsc#1101668) - -If a database was disconnected during an active transaction, then -tdbdump may fail with e.g.: -> /usr/bin/tdbdump /var/lib/ctdb/persistent/secrets.tdb.1 -Failed to open /var/lib/ctdb/persistent/secrets.tdb.1 -tdb(/var/lib/ctdb/persistent/secrets.tdb.1): FATAL: -tdb_transaction_recover: attempt to recover read only database - -This does *not* indicate corruption, only that tdbdump, which opens the -database readonly, isn't able to perform recovery. - -Using tdbtool check, instead of tdbdump, passes: -> tdbtool /var/lib/ctdb/persistent/secrets.tdb.1 check -tdb_transaction_recover: recovered 2146304 byte database -Database integrity is OK and has 2 records. - -Drop the tdbdump checks, and instead rely on the core ctdb event script, -which performs the same checks with tdbtool. - -Signed-off-by: David Disseldorp ---- - heartbeat/CTDB.in | 18 ++++-------------- - 1 file changed, 4 insertions(+), 14 deletions(-) - -diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in -index 1456ea32b..28e58cea0 100755 ---- a/heartbeat/CTDB.in -+++ b/heartbeat/CTDB.in -@@ -392,6 +392,8 @@ enable_event_scripts() { - local event_dir - event_dir=$OCF_RESKEY_ctdb_config_dir/events.d - -+ chmod u+x "$event_dir/00.ctdb" # core database health check -+ - if [ -f "${OCF_RESKEY_ctdb_config_dir}/public_addresses" ]; then - chmod u+x "$event_dir/10.interface" - else -@@ -563,17 +565,6 @@ ctdb_start() { - rv=$? - [ $rv -ne 0 ] && return $rv - -- # Die if databases are corrupted -- persistent_db_dir="${OCF_RESKEY_ctdb_dbdir}/persistent" -- mkdir -p $persistent_db_dir 2>/dev/null -- for pdbase in $persistent_db_dir/*.tdb.[0-9]; do -- [ -f "$pdbase" ] || break -- /usr/bin/tdbdump "$pdbase" >/dev/null 2>/dev/null || { -- ocf_exit_reason "Persistent database $pdbase is corrupted! CTDB will not start." -- return $OCF_ERR_GENERIC -- } -- done -- - # Add necessary configuration to smb.conf - init_smb_conf - if [ $? -ne 0 ]; then -@@ -737,9 +728,8 @@ ctdb_monitor() { - - - ctdb_validate() { -- # Required binaries (full path to tdbdump is intentional, as that's -- # what's used in ctdb_start, which was lifted from the init script) -- for binary in pkill /usr/bin/tdbdump; do -+ # Required binaries -+ for binary in pkill; do - check_binary $binary - done - - -From 1ff4ce7cbe58b5309f00ac1bbe124c562b6dcaf6 Mon Sep 17 00:00:00 2001 -From: David Disseldorp -Date: Fri, 27 Jul 2018 16:02:26 +0200 -Subject: [PATCH 2/3] CTDB: explicitly use bash shell - -Upcoming recovery lock substring processing is bash specific. - -Signed-off-by: David Disseldorp ---- - configure.ac | 1 + - heartbeat/CTDB.in | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in -index 7d87a4ef7..f9b5c564f 100755 ---- a/heartbeat/CTDB.in -+++ b/heartbeat/CTDB.in -@@ -134,8 +134,8 @@ For more information see http://linux-ha.org/wiki/CTDB_(resource_agent) - - - --The location of a shared lock file, common across all nodes. --This must be on shared storage, e.g.: /shared-fs/samba/ctdb.lock -+The location of a shared lock file or helper binary, common across all nodes. -+See CTDB documentation for details. - - CTDB shared lock file - -@@ -757,13 +757,24 @@ ctdb_validate() { - return $OCF_ERR_CONFIGURED - fi - -- lock_dir=$(dirname "$OCF_RESKEY_ctdb_recovery_lock") -- touch "$lock_dir/$$" 2>/dev/null -- if [ $? != 0 ]; then -- ocf_exit_reason "Directory for lock file '$OCF_RESKEY_ctdb_recovery_lock' does not exist, or is not writable." -- return $OCF_ERR_ARGS -+ if [ "${OCF_RESKEY_ctdb_recovery_lock:0:1}" == '!' ]; then -+ # '!' prefix means recovery lock is handled via a helper binary -+ binary="${OCF_RESKEY_ctdb_recovery_lock:1}" -+ binary="${binary%% *}" # trim any parameters -+ if [ -z "$binary" ]; then -+ ocf_exit_reason "ctdb_recovery_lock invalid helper" -+ return $OCF_ERR_CONFIGURED -+ fi -+ check_binary "${binary}" -+ else -+ lock_dir=$(dirname "$OCF_RESKEY_ctdb_recovery_lock") -+ touch "$lock_dir/$$" 2>/dev/null -+ if [ $? != 0 ]; then -+ ocf_exit_reason "Directory for lock file '$OCF_RESKEY_ctdb_recovery_lock' does not exist, or is not writable." -+ return $OCF_ERR_ARGS -+ fi -+ rm "$lock_dir/$$" - fi -- rm "$lock_dir/$$" - - return $OCF_SUCCESS - } diff --git a/SOURCES/bz1731427-CTDB-2-add-v4.9-support.patch b/SOURCES/bz1731427-CTDB-2-add-v4.9-support.patch deleted file mode 100644 index a3332ef..0000000 --- a/SOURCES/bz1731427-CTDB-2-add-v4.9-support.patch +++ /dev/null @@ -1,452 +0,0 @@ -From 30b9f55325d2acfba27aa6859c7360e10b7201d7 Mon Sep 17 00:00:00 2001 -From: David Disseldorp -Date: Wed, 5 Jun 2019 00:41:13 +0200 -Subject: [PATCH 1/3] CTDB: support Samba 4.9+ - -With Samba 4.9+, all ctdbd parameters have moved to config files. -Generate a new /etc/ctdb/ctdb.conf file during ctdb startup, based on RA -configuration. - -Event scripts in Samba 4.9+ are also no longer enabled/disabled based on -file mode. Use the "ctdb event script enable/disable" helpers, which now -work without a running ctdbd. - -Fixes: https://github.com/ClusterLabs/resource-agents/issues/1196 -Signed-off-by: David Disseldorp -Signed-off-by: Noel Power -Signed-off-by: Amitay Isaacs ---- - heartbeat/CTDB.in | 214 ++++++++++++++++++++++++++++++++++++---------- - 1 file changed, 167 insertions(+), 47 deletions(-) - -diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in -index 4dd646896..79a2f97e7 100755 ---- a/heartbeat/CTDB.in -+++ b/heartbeat/CTDB.in -@@ -143,6 +143,10 @@ OCF_RESKEY_smb_fileid_algorithm_default="" - - ####################################################################### - -+ctdb_version() { -+ $OCF_RESKEY_ctdb_binary version | awk '{print $NF}' | sed "s/[-\.]\?[[:alpha:]].*//" -+} -+ - meta_data() { - cat < -@@ -256,7 +260,7 @@ host any public ip addresses. - - The directory containing various CTDB configuration files. - The "nodes" and "notify.sh" scripts are expected to be --in this directory, as is the "events.d" subdirectory. -+in this directory. - - CTDB config file directory - -@@ -282,8 +286,10 @@ Full path to the CTDB cluster daemon binary. - - Full path to the domain socket that ctdbd will create, used for - local clients to attach and communicate with the ctdb daemon. -+With CTDB 4.9.0 and later the socket path is hardcoded at build -+time, so this parameter is ignored. - --CTDB socket location -+CTDB socket location (ignored with CTDB 4.9+) - - - -@@ -421,16 +427,28 @@ invoke_ctdb() { - timeout=$((OCF_RESKEY_CRM_meta_timeout/1000)) - timelimit=$((OCF_RESKEY_CRM_meta_timeout/1000)) - fi -- $OCF_RESKEY_ctdb_binary --socket="$OCF_RESKEY_ctdb_socket" \ -- -t $timeout -T $timelimit \ -- "$@" -+ -+ local vers=$(ctdb_version) -+ ocf_version_cmp "$vers" "4.9.0" -+ -+ # if version < 4.9.0 specify '--socket' otherwise it's -+ # a compiled option -+ if [ "$?" -eq "0" ]; then -+ $OCF_RESKEY_ctdb_binary --socket="$OCF_RESKEY_ctdb_socket" \ -+ -t $timeout -T $timelimit \ -+ "$@" -+ else -+ $OCF_RESKEY_ctdb_binary \ -+ -t $timeout -T $timelimit \ -+ "$@" -+ fi - } - - # Enable any event scripts that are explicitly required. - # Any others will ultimately be invoked or not based on how they ship - # with CTDB, but will generally have no effect, beacuase the relevant - # CTDB_MANAGES_* options won't be set in /etc/sysconfig/ctdb. --enable_event_scripts() { -+enable_event_scripts_chmod() { - local event_dir - event_dir=$OCF_RESKEY_ctdb_config_dir/events.d - -@@ -454,6 +472,36 @@ enable_event_scripts() { - fi - } - -+enable_event_scripts_symlink() { -+ # event scripts are symlinked once enabled, with the link source in... -+ mkdir -p "$OCF_RESKEY_ctdb_config_dir/events/legacy" 2>/dev/null -+ -+ invoke_ctdb event script enable legacy 00.ctdb -+ -+ if [ -f "${OCF_RESKEY_ctdb_config_dir}/public_addresses" ]; then -+ invoke_ctdb event script enable legacy 10.interface -+ else -+ invoke_ctdb event script disable legacy 10.interface -+ fi -+ if [ -f "${OCF_RESKEY_ctdb_config_dir}/static-routes" ]; then -+ invoke_ctdb event script enable legacy 11.routing -+ else -+ invoke_ctdb event script disable legacy 11.routing -+ fi -+ -+ if ocf_is_true "$OCF_RESKEY_ctdb_manages_winbind"; then -+ invoke_ctdb event script enable legacy 49.winbind -+ else -+ invoke_ctdb event script disable legacy 49.winbind -+ fi -+ -+ if ocf_is_true "$OCF_RESKEY_ctdb_manages_samba"; then -+ invoke_ctdb event script enable legacy 50.samba -+ else -+ invoke_ctdb event script disable legacy 50.samba -+ fi -+} -+ - # This function has no effect (currently no way to set CTDB_SET_*) - # but remains here in case we need it in future. - set_ctdb_variables() { -@@ -556,6 +604,46 @@ append_ctdb_sysconfig() { - [ -n "$2" ] && echo "$1=$2" >> "$CTDB_SYSCONFIG" - } - -+generate_ctdb_config() { -+ local ctdb_config="$OCF_RESKEY_ctdb_config_dir/ctdb.conf" -+ -+ # Backup existing config if we're not already using an auto-generated one -+ grep -qa '# CTDB-RA: Auto-generated' $ctdb_config || cp -p $ctdb_config ${ctdb_config}.ctdb-ra-orig -+ if [ $? -ne 0 ]; then -+ ocf_log warn "Unable to backup $ctdb_config to ${ctdb_config}.ctdb-ra-orig" -+ fi -+ -+ local log_option="file:$OCF_RESKEY_ctdb_logfile" -+ if [ "$OCF_RESKEY_ctdb_logfile" = "syslog" ]; then -+ log_option="syslog" -+ fi -+ -+ local start_as_disabled="false" -+ ocf_is_true "$OCF_RESKEY_ctdb_start_as_disabled" && start_as_disabled="true" -+ -+ local dbdir_volatile="$OCF_RESKEY_ctdb_dbdir/volatile" -+ [ -d "$dbdir_volatile" ] || mkdir -p "$dbdir_volatile" 2>/dev/null -+ local dbdir_persistent="$OCF_RESKEY_ctdb_dbdir/persistent" -+ [ -d "$dbdir_persistent" ] || mkdir -p "$dbdir_persistent" 2>/dev/null -+ local dbdir_state="$OCF_RESKEY_ctdb_dbdir/state" -+ [ -d "$dbdir_state" ] || mkdir -p "$dbdir_state" 2>/dev/null -+ -+cat >$ctdb_config </dev/null - -- # public addresses file (should not be present, but need to set for correctness if it is) -- local pub_addr_option -- pub_addr_option="" -- [ -f "${OCF_RESKEY_ctdb_config_dir}/public_addresses" ] && \ -- pub_addr_option="--public-addresses=${OCF_RESKEY_ctdb_config_dir}/public_addresses" -- # start as disabled -- local start_as_disabled -- start_as_disabled="--start-as-disabled" -- ocf_is_true "$OCF_RESKEY_ctdb_start_as_disabled" || start_as_disabled="" -- - # set nofile ulimit for ctdbd process - if [ -n "$OCF_RESKEY_ctdb_max_open_files" ]; then - ulimit -n "$OCF_RESKEY_ctdb_max_open_files" - fi - - # Start her up -- "$OCF_RESKEY_ctdbd_binary" \ -- --reclock="$OCF_RESKEY_ctdb_recovery_lock" \ -- --nlist="$OCF_RESKEY_ctdb_config_dir/nodes" \ -- --socket="$OCF_RESKEY_ctdb_socket" \ -- --dbdir="$OCF_RESKEY_ctdb_dbdir" \ -- --dbdir-persistent="$OCF_RESKEY_ctdb_dbdir/persistent" \ -- --event-script-dir="$OCF_RESKEY_ctdb_config_dir/events.d" \ -- --notification-script="$OCF_RESKEY_ctdb_config_dir/notify.sh" \ -- --transport=tcp \ -- $start_as_disabled $log_option $pub_addr_option \ -- -d "$OCF_RESKEY_ctdb_debuglevel" -+ invoke_ctdbd "$version" -+ - if [ $? -ne 0 ]; then - # cleanup smb.conf - cleanup_smb_conf -@@ -688,7 +808,7 @@ ctdb_start() { - if [ $? -ne 0 ]; then - # CTDB will be running, kill it before returning - ctdb_stop -- ocf_exit_reason "Can't invoke $OCF_RESKEY_ctdb_binary --socket=$OCF_RESKEY_ctdb_socket status" -+ ocf_exit_reason "Can't invoke $OCF_RESKEY_ctdb_binary status" - return $OCF_ERR_GENERIC - fi - if ! echo "$status" | grep -qs 'UNHEALTHY (THIS'; then -@@ -725,7 +845,7 @@ ctdb_stop() { - [ $count -gt 10 ] && { - ocf_log info "killing ctdbd " - pkill -9 -f "$OCF_RESKEY_ctdbd_binary" -- pkill -9 -f "${OCF_RESKEY_ctdb_config_dir}/events.d/" -+ pkill -9 -f "${OCF_RESKEY_ctdb_config_dir}/events" - } - done - - -From b4753b7cb46045bb9e7ed5e3a0a20f6104264b12 Mon Sep 17 00:00:00 2001 -From: David Disseldorp -Date: Wed, 10 Jul 2019 17:11:50 +0200 -Subject: [PATCH 2/3] CTDB: generate script.options file for 4.9+ - -Event scripts in CTDB 4.9+ ignore sysconfig configuration and instead -parse parameters in ctdb_config_dir/script.options . - -Signed-off-by: David Disseldorp ---- - heartbeat/CTDB.in | 35 ++++++++++++++++++++++++++++++----- - 1 file changed, 30 insertions(+), 5 deletions(-) - -diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in -index 79a2f97e7..0906f3da9 100755 ---- a/heartbeat/CTDB.in -+++ b/heartbeat/CTDB.in -@@ -242,6 +242,7 @@ If the amount of free memory drops below this value the node will - become unhealthy and ctdb and all managed services will be shutdown. - Once this occurs, the administrator needs to find the reason for the - OOM situation, rectify it and restart ctdb with "service ctdb start". -+With CTDB 4.4.0 and later this parameter is ignored. - - Minimum amount of free memory (MB) - -@@ -600,8 +601,10 @@ cleanup_smb_conf() { - mv "$OCF_RESKEY_smb_conf.$$" "$OCF_RESKEY_smb_conf" - } - --append_ctdb_sysconfig() { -- [ -n "$2" ] && echo "$1=$2" >> "$CTDB_SYSCONFIG" -+append_conf() { -+ local file_path="$1" -+ shift -+ [ -n "$2" ] && echo "$1=$2" >> "$file_path" - } - - generate_ctdb_config() { -@@ -644,6 +647,25 @@ cat >$ctdb_config <$script_options < -Date: Wed, 10 Jul 2019 17:54:01 +0200 -Subject: [PATCH 3/3] CTDB: drop sysconfig presence check during validate - -There are two reasons to avoid this check: -- for ctdb versions prior to 4.9.0, the sysconfig file is generated by - the resource agent start hook *after* ctdb_validate() is called. -- post 4.9.0 versions don't use the sysconfig file. - -Signed-off-by: David Disseldorp ---- - heartbeat/CTDB.in | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in -index 0906f3da9..15d78902e 100755 ---- a/heartbeat/CTDB.in -+++ b/heartbeat/CTDB.in -@@ -925,11 +925,6 @@ ctdb_validate() { - check_binary $binary - done - -- if [ -z "$CTDB_SYSCONFIG" ]; then -- ocf_exit_reason "Can't find CTDB config file (expecting /etc/sysconfig/ctdb, /etc/default/ctdb or similar)" -- return $OCF_ERR_INSTALLED -- fi -- - if ocf_is_true "$OCF_RESKEY_ctdb_manages_samba" && [ ! -f "$OCF_RESKEY_smb_conf" ]; then - ocf_exit_reason "Samba config file '$OCF_RESKEY_smb_conf' does not exist." - return $OCF_ERR_INSTALLED diff --git a/SOURCES/bz1732873-LVM-activate-fix-monitor-hang.patch b/SOURCES/bz1732873-LVM-activate-fix-monitor-hang.patch new file mode 100644 index 0000000..fe1bcd8 --- /dev/null +++ b/SOURCES/bz1732873-LVM-activate-fix-monitor-hang.patch @@ -0,0 +1,22 @@ +From ef37f8a2461b5763f4510d51e08d27d8b1f76937 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 23 Jul 2019 15:47:17 +0200 +Subject: [PATCH] LVM-activate: fix monitor might hang due to lvm_validate + which was added by accident + +--- + heartbeat/LVM-activate | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/heartbeat/LVM-activate b/heartbeat/LVM-activate +index 9c7c721bf..3df40c894 100755 +--- a/heartbeat/LVM-activate ++++ b/heartbeat/LVM-activate +@@ -852,7 +852,6 @@ stop) + lvm_stop + ;; + monitor) +- lvm_validate + lvm_status + ;; + validate-all) diff --git a/SOURCES/bz1740069-NovaEvacuate-evacuate_delay.patch b/SOURCES/bz1740069-NovaEvacuate-evacuate_delay.patch new file mode 100644 index 0000000..9b429d7 --- /dev/null +++ b/SOURCES/bz1740069-NovaEvacuate-evacuate_delay.patch @@ -0,0 +1,50 @@ +From 8b9c49fd965f73709d5a6e2c21987ba26af4856b Mon Sep 17 00:00:00 2001 +From: Luca Miccini +Date: Wed, 25 Sep 2019 17:12:39 +0200 +Subject: [PATCH] Add a configurable delay to Nova Evacuate calls + +In case /var/lib/nova/instances resides on NFS we have seen migrations +failing with 'Failed to get "write" lock - Is another process using the +image' errors. + +This has been tracked down to grace/lease timeouts not having expired +before attempting the migration/evacuate, so in this cases it might be +desirable to delay the nova evacuate call to give the storage time to +release the locks. + +Change-Id: Ie2fe784202d754eda38092479b1ab3ff4d02136a +Resolves: rhbz#1740069 +--- + +diff --git a/heartbeat/NovaEvacuate b/heartbeat/NovaEvacuate +index 810f30a..596f520 100644 +--- a/heartbeat/NovaEvacuate ++++ b/heartbeat/NovaEvacuate +@@ -125,6 +125,15 @@ + + + ++ ++ ++Allows delaying the nova evacuate API call, e.g. to give a storage array time to clean ++up eventual locks/leases. ++ ++Nova evacuate delay ++ ++ ++ + + + +@@ -216,6 +225,11 @@ + fence_agent="fence_evacuate" + fi + ++ if [ ${OCF_RESKEY_evacuate_delay} != 0 ]; then ++ ocf_log info "Delaying nova evacuate by $OCF_RESKEY_evacuate_delay seconds" ++ sleep ${OCF_RESKEY_evacuate_delay} ++ fi ++ + ocf_log notice "Initiating evacuation of $node with $fence_agent" + $fence_agent ${fence_options} -o status -n ${node} + if [ $? = 1 ]; then diff --git a/SOURCES/bz1744467-rabbitmq-cluster-restore-users-single-node-mode.patch b/SOURCES/bz1744467-rabbitmq-cluster-restore-users-single-node-mode.patch new file mode 100644 index 0000000..1399a58 --- /dev/null +++ b/SOURCES/bz1744467-rabbitmq-cluster-restore-users-single-node-mode.patch @@ -0,0 +1,148 @@ +From c0b6356bbf5b9a1fb76b011486dfce258d395ef8 Mon Sep 17 00:00:00 2001 +From: Peter Lemenkov +Date: Fri, 6 Sep 2019 14:22:46 +0200 +Subject: [PATCH] Restore users/perms/policies even if starting in a single + node mode + +See https://bugzilla.redhat.com/1744467#c1 + +Signed-off-by: Peter Lemenkov +--- + heartbeat/rabbitmq-cluster | 109 ++++++++++++++++++++----------------- + 1 file changed, 58 insertions(+), 51 deletions(-) + +diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster +index cf8ca21a6..7837e9e3c 100755 +--- a/heartbeat/rabbitmq-cluster ++++ b/heartbeat/rabbitmq-cluster +@@ -114,6 +114,62 @@ rmq_wipe_data() + rm -rf $RMQ_DATA_DIR > /dev/null 2>&1 + } + ++rmq_restore_users_perms_policies() ++{ ++ # Restore users, user permissions, and policies (if any) ++ BaseDataDir=`dirname $RMQ_DATA_DIR` ++ $RMQ_EVAL " ++ %% Run only if Mnesia is ready. ++ lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso ++ begin ++ Restore = fun(Table, PostprocessFun, Filename) -> ++ case file:consult(Filename) of ++ {error, _} -> ++ ok; ++ {ok, [Result]} -> ++ lists:foreach(fun(X) -> mnesia:dirty_write(Table, PostprocessFun(X)) end, Result), ++ file:delete(Filename) ++ end ++ end, ++ ++ %% Restore users ++ ++ Upgrade = fun ++ ({internal_user, A, B, C}) -> {internal_user, A, B, C, rabbit_password_hashing_md5}; ++ ({internal_user, A, B, C, D}) -> {internal_user, A, B, C, D} ++ end, ++ ++ Downgrade = fun ++ ({internal_user, A, B, C}) -> {internal_user, A, B, C}; ++ ({internal_user, A, B, C, rabbit_password_hashing_md5}) -> {internal_user, A, B, C}; ++ %% Incompatible scheme, so we will loose user's password ('B' value) during conversion. ++ %% Unfortunately, this case will require manual intervention - user have to run: ++ %% rabbitmqctl change_password ++ ({internal_user, A, B, C, _}) -> {internal_user, A, B, C} ++ end, ++ ++ %% Check db scheme first ++ [WildPattern] = ets:select(mnesia_gvar, [ { {{rabbit_user, wild_pattern}, '\\\$1'}, [], ['\\\$1'] } ]), ++ case WildPattern of ++ %% Version < 3.6.0 ++ {internal_user,'_','_','_'} -> ++ Restore(rabbit_user, Downgrade, \"$BaseDataDir/users.erl\"); ++ %% Version >= 3.6.0 ++ {internal_user,'_','_','_','_'} -> ++ Restore(rabbit_user, Upgrade, \"$BaseDataDir/users.erl\") ++ end, ++ ++ NoOp = fun(X) -> X end, ++ ++ %% Restore user permissions ++ Restore(rabbit_user_permission, NoOp, \"$BaseDataDir/users_perms.erl\"), ++ ++ %% Restore policies ++ Restore(rabbit_runtime_parameters, NoOp, \"$BaseDataDir/policies.erl\") ++ end. ++ " ++} ++ + rmq_local_node() + { + +@@ -411,6 +467,7 @@ rmq_try_start() { + if [ -z "$join_list" ]; then + rmq_start_first + rc=$? ++ rmq_restore_users_perms_policies + return $rc + fi + +@@ -437,58 +494,8 @@ rmq_try_start() { + return $RMQ_TRY_RESTART_ERROR_CODE + fi + +- # Restore users, user permissions, and policies (if any) +- BaseDataDir=`dirname $RMQ_DATA_DIR` +- $RMQ_EVAL " +- %% Run only if Mnesia is ready. +- lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso +- begin +- Restore = fun(Table, PostprocessFun, Filename) -> +- case file:consult(Filename) of +- {error, _} -> +- ok; +- {ok, [Result]} -> +- lists:foreach(fun(X) -> mnesia:dirty_write(Table, PostprocessFun(X)) end, Result), +- file:delete(Filename) +- end +- end, ++ rmq_restore_users_perms_policies + +- %% Restore users +- +- Upgrade = fun +- ({internal_user, A, B, C}) -> {internal_user, A, B, C, rabbit_password_hashing_md5}; +- ({internal_user, A, B, C, D}) -> {internal_user, A, B, C, D} +- end, +- +- Downgrade = fun +- ({internal_user, A, B, C}) -> {internal_user, A, B, C}; +- ({internal_user, A, B, C, rabbit_password_hashing_md5}) -> {internal_user, A, B, C}; +- %% Incompatible scheme, so we will loose user's password ('B' value) during conversion. +- %% Unfortunately, this case will require manual intervention - user have to run: +- %% rabbitmqctl change_password +- ({internal_user, A, B, C, _}) -> {internal_user, A, B, C} +- end, +- +- %% Check db scheme first +- [WildPattern] = ets:select(mnesia_gvar, [ { {{rabbit_user, wild_pattern}, '\\\$1'}, [], ['\\\$1'] } ]), +- case WildPattern of +- %% Version < 3.6.0 +- {internal_user,'_','_','_'} -> +- Restore(rabbit_user, Downgrade, \"$BaseDataDir/users.erl\"); +- %% Version >= 3.6.0 +- {internal_user,'_','_','_','_'} -> +- Restore(rabbit_user, Upgrade, \"$BaseDataDir/users.erl\") +- end, +- +- NoOp = fun(X) -> X end, +- +- %% Restore user permissions +- Restore(rabbit_user_permission, NoOp, \"$BaseDataDir/users_perms.erl\"), +- +- %% Restore policies +- Restore(rabbit_runtime_parameters, NoOp, \"$BaseDataDir/policies.erl\") +- end. +- " + return $OCF_SUCCESS + } + diff --git a/SOURCES/bz1746266-docker-1-fail-gracefully-when-not-running.patch b/SOURCES/bz1746266-docker-1-fail-gracefully-when-not-running.patch new file mode 100644 index 0000000..1cc2bbb --- /dev/null +++ b/SOURCES/bz1746266-docker-1-fail-gracefully-when-not-running.patch @@ -0,0 +1,82 @@ +From 5941b98140b09e39b4dc2ee155817b287ef32859 Mon Sep 17 00:00:00 2001 +From: zaenk +Date: Thu, 16 May 2019 15:01:43 +0200 +Subject: [PATCH 1/2] Fails docker RA gracefully when command not found Fails + gracefully when daemon not running + +--- + heartbeat/docker | 25 +++++++++++++++++++++++++ + 1 file changed, 25 insertions(+) + +diff --git a/heartbeat/docker b/heartbeat/docker +index c206344ad..1942b8f2f 100755 +--- a/heartbeat/docker ++++ b/heartbeat/docker +@@ -33,6 +33,11 @@ + : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} + . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs + ++# Parameter defaults ++ ++OCF_RESKEY_daemon_pidfile_default="/var/run/docker.pid" ++: ${OCF_RESKEY_daemon_pidfile=${OCF_RESKEY_daemon_pidfile_default}} ++ + ####################################################################### + + meta_data() +@@ -176,6 +181,16 @@ container to be considered healthy. + + + ++ ++ ++ ++The RA will report not running status on hosts where the docker daemon ++is not running. ++ ++Name of the docker daemon pid file ++ ++ ++ + + + +@@ -277,6 +292,16 @@ docker_simple_status() + { + local val + ++ if [ ! -x "$(command -v docker)" ]; then ++ ocf_log err "docker is not installed on this host" ++ return $OCF_ERR_INSTALLED ++ fi ++ ++ if [ ! -e "$OCF_RESKEY_daemon_pidfile" ]; then ++ ocf_log err "docker daemon is not running, pid file $OCF_RESKEY_daemon_pidfile not exists" ++ return $OCF_NOT_RUNNING ++ fi ++ + container_exists + if [ $? -ne 0 ]; then + return $OCF_NOT_RUNNING + +From dca670318452a4666984b2087ea562987d7c5b4f Mon Sep 17 00:00:00 2001 +From: zaenk +Date: Thu, 16 May 2019 15:46:28 +0200 +Subject: [PATCH 2/2] Fixes parameter meta-data + +--- + heartbeat/docker | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/heartbeat/docker b/heartbeat/docker +index 1942b8f2f..250714613 100755 +--- a/heartbeat/docker ++++ b/heartbeat/docker +@@ -181,7 +181,6 @@ container to be considered healthy. + + + +- + + + The RA will report not running status on hosts where the docker daemon diff --git a/SOURCES/bz1746266-docker-2-improve-daemon-check.patch b/SOURCES/bz1746266-docker-2-improve-daemon-check.patch new file mode 100644 index 0000000..fca2b95 --- /dev/null +++ b/SOURCES/bz1746266-docker-2-improve-daemon-check.patch @@ -0,0 +1,99 @@ +From b7ae1bfbe7d393a9e9d993da3da35cc4d1bc9eb4 Mon Sep 17 00:00:00 2001 +From: Michele Baldessari +Date: Wed, 28 Aug 2019 10:46:36 +0200 +Subject: [PATCH] Make the check for the docker daemon being up more robust + +This amends 5941b98140b09e39b4dc2ee155817b287ef32859 (Fails docker RA +gracefully when command not found). That commit checked for a pidfile +which tends to be less robust in the presence of stale pidfiles and +also adds a configuration option for the pidfile location which is +more churn than needed to simply check for a service availability. + +Let's simply call 'docker version'. When that commands returns 1 the docker +daemon is not running and also return OCF_ERR_GENERIC instead of +OCF_NOT_RUNNING. This is a key point because if the docker daemon +is stopped and not running it can very well be that the containers +are still up (e.g. when you use live-restore in docker). In this +situation we want an explicit fence event to be triggered due to +the failure of stopping. + +Not doing so would mean that the stop operation returned ok and +for example we'd be starting an A/P resource on a second node all +the while it was still running on the node there the docker daemon +was stopped. + +We also explicitely catch OCF_ERR_GENERIC in the docker_stop function +to make our intent clearer. + +Tested this in an Openstack deployment and observed the following: +A) All the usual pcmk operations still correctly work +B) A 'systemctl stop docker' will eventually trigger a fence operation + on the node. + +Co-Authored-By: Luca Miccini +Co-Authored-By: Damien Ciabrini +Signed-off-by: Michele Baldessari +--- + heartbeat/docker | 25 ++++++++++--------------- + 1 file changed, 10 insertions(+), 15 deletions(-) + +diff --git a/heartbeat/docker b/heartbeat/docker +index 60e163bda..7c587b962 100755 +--- a/heartbeat/docker ++++ b/heartbeat/docker +@@ -35,9 +35,6 @@ + + # Parameter defaults + +-OCF_RESKEY_daemon_pidfile_default="/var/run/docker.pid" +-: ${OCF_RESKEY_daemon_pidfile=${OCF_RESKEY_daemon_pidfile_default}} +- + ####################################################################### + + meta_data() +@@ -184,15 +182,6 @@ container to be considered healthy. + + + +- +- +-The RA will report not running status on hosts where the docker daemon +-is not running. +- +-Name of the docker daemon pid file +- +- +- + + + +@@ -299,9 +288,13 @@ docker_simple_status() + return $OCF_ERR_INSTALLED + fi + +- if [ ! -e "$OCF_RESKEY_daemon_pidfile" ]; then +- ocf_log err "docker daemon is not running, pid file $OCF_RESKEY_daemon_pidfile not exists" +- return $OCF_NOT_RUNNING ++ ++ # let's first check if the daemon is up and running. ++ VERSION_OUT=$(docker version) ++ version_ret=$? ++ if [ $version_ret -eq 1 ]; then ++ ocf_exit_reason "Docker service is in error state while checking for ${CONTAINER}, based on image, ${OCF_RESKEY_image}: ${VERSION_OUT}" ++ return $OCF_ERR_GENERIC + fi + + container_exists +@@ -457,9 +450,11 @@ docker_stop() + { + local timeout=60 + docker_simple_status +- if [ $? -eq $OCF_NOT_RUNNING ]; then ++ if [ $? -eq $OCF_NOT_RUNNING ]; then + remove_container + return $OCF_SUCCESS ++ elif [ $? -eq $OCF_ERR_GENERIC ]; then ++ return $OCF_ERR_GENERIC + fi + + if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then diff --git a/SOURCES/bz1746266-docker-3-fix-stop-return-code.patch b/SOURCES/bz1746266-docker-3-fix-stop-return-code.patch new file mode 100644 index 0000000..7029c6f --- /dev/null +++ b/SOURCES/bz1746266-docker-3-fix-stop-return-code.patch @@ -0,0 +1,41 @@ +From 3d52ec553fc3de82e1d1dcbef949882947915c49 Mon Sep 17 00:00:00 2001 +From: Michele Baldessari +Date: Thu, 29 Aug 2019 08:10:57 +0200 +Subject: [PATCH] Fixup docker_stop condition on error + +In docker_stop() let's store the return code of docker_simple_status +otherwise the second branch of the elif risks reflecting the return +code of the previous operaiton and not of docker_simple_status() + +Retested this with a bunch of stop/start commands on a rabbitmq bundle +and observed no issues. + +This fixes a stop() regression introduced in +b7ae1bfbe7d393a9e9d993da3da35cc4d1bc9eb4 ("Make the check for the docker +daemon being up more robust") + +Thanks to Kota Akatsuka for spotting it. + +Signed-off-by: Michele Baldessari +--- + heartbeat/docker | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/docker b/heartbeat/docker +index 7c587b962..41ac42129 100755 +--- a/heartbeat/docker ++++ b/heartbeat/docker +@@ -450,10 +450,11 @@ docker_stop() + { + local timeout=60 + docker_simple_status +- if [ $? -eq $OCF_NOT_RUNNING ]; then ++ ret=$? ++ if [ $ret -eq $OCF_NOT_RUNNING ]; then + remove_container + return $OCF_SUCCESS +- elif [ $? -eq $OCF_ERR_GENERIC ]; then ++ elif [ $ret -eq $OCF_ERR_GENERIC ]; then + return $OCF_ERR_GENERIC + fi + diff --git a/SOURCES/bz1750704-docker-1-fail-gracefully-when-not-running.patch b/SOURCES/bz1750704-docker-1-fail-gracefully-when-not-running.patch deleted file mode 100644 index 1cc2bbb..0000000 --- a/SOURCES/bz1750704-docker-1-fail-gracefully-when-not-running.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 5941b98140b09e39b4dc2ee155817b287ef32859 Mon Sep 17 00:00:00 2001 -From: zaenk -Date: Thu, 16 May 2019 15:01:43 +0200 -Subject: [PATCH 1/2] Fails docker RA gracefully when command not found Fails - gracefully when daemon not running - ---- - heartbeat/docker | 25 +++++++++++++++++++++++++ - 1 file changed, 25 insertions(+) - -diff --git a/heartbeat/docker b/heartbeat/docker -index c206344ad..1942b8f2f 100755 ---- a/heartbeat/docker -+++ b/heartbeat/docker -@@ -33,6 +33,11 @@ - : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} - . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs - -+# Parameter defaults -+ -+OCF_RESKEY_daemon_pidfile_default="/var/run/docker.pid" -+: ${OCF_RESKEY_daemon_pidfile=${OCF_RESKEY_daemon_pidfile_default}} -+ - ####################################################################### - - meta_data() -@@ -176,6 +181,16 @@ container to be considered healthy. - - - -+ -+ -+ -+The RA will report not running status on hosts where the docker daemon -+is not running. -+ -+Name of the docker daemon pid file -+ -+ -+ - - - -@@ -277,6 +292,16 @@ docker_simple_status() - { - local val - -+ if [ ! -x "$(command -v docker)" ]; then -+ ocf_log err "docker is not installed on this host" -+ return $OCF_ERR_INSTALLED -+ fi -+ -+ if [ ! -e "$OCF_RESKEY_daemon_pidfile" ]; then -+ ocf_log err "docker daemon is not running, pid file $OCF_RESKEY_daemon_pidfile not exists" -+ return $OCF_NOT_RUNNING -+ fi -+ - container_exists - if [ $? -ne 0 ]; then - return $OCF_NOT_RUNNING - -From dca670318452a4666984b2087ea562987d7c5b4f Mon Sep 17 00:00:00 2001 -From: zaenk -Date: Thu, 16 May 2019 15:46:28 +0200 -Subject: [PATCH 2/2] Fixes parameter meta-data - ---- - heartbeat/docker | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/heartbeat/docker b/heartbeat/docker -index 1942b8f2f..250714613 100755 ---- a/heartbeat/docker -+++ b/heartbeat/docker -@@ -181,7 +181,6 @@ container to be considered healthy. - - - -- - - - The RA will report not running status on hosts where the docker daemon diff --git a/SOURCES/bz1750704-docker-2-improve-daemon-check.patch b/SOURCES/bz1750704-docker-2-improve-daemon-check.patch deleted file mode 100644 index fca2b95..0000000 --- a/SOURCES/bz1750704-docker-2-improve-daemon-check.patch +++ /dev/null @@ -1,99 +0,0 @@ -From b7ae1bfbe7d393a9e9d993da3da35cc4d1bc9eb4 Mon Sep 17 00:00:00 2001 -From: Michele Baldessari -Date: Wed, 28 Aug 2019 10:46:36 +0200 -Subject: [PATCH] Make the check for the docker daemon being up more robust - -This amends 5941b98140b09e39b4dc2ee155817b287ef32859 (Fails docker RA -gracefully when command not found). That commit checked for a pidfile -which tends to be less robust in the presence of stale pidfiles and -also adds a configuration option for the pidfile location which is -more churn than needed to simply check for a service availability. - -Let's simply call 'docker version'. When that commands returns 1 the docker -daemon is not running and also return OCF_ERR_GENERIC instead of -OCF_NOT_RUNNING. This is a key point because if the docker daemon -is stopped and not running it can very well be that the containers -are still up (e.g. when you use live-restore in docker). In this -situation we want an explicit fence event to be triggered due to -the failure of stopping. - -Not doing so would mean that the stop operation returned ok and -for example we'd be starting an A/P resource on a second node all -the while it was still running on the node there the docker daemon -was stopped. - -We also explicitely catch OCF_ERR_GENERIC in the docker_stop function -to make our intent clearer. - -Tested this in an Openstack deployment and observed the following: -A) All the usual pcmk operations still correctly work -B) A 'systemctl stop docker' will eventually trigger a fence operation - on the node. - -Co-Authored-By: Luca Miccini -Co-Authored-By: Damien Ciabrini -Signed-off-by: Michele Baldessari ---- - heartbeat/docker | 25 ++++++++++--------------- - 1 file changed, 10 insertions(+), 15 deletions(-) - -diff --git a/heartbeat/docker b/heartbeat/docker -index 60e163bda..7c587b962 100755 ---- a/heartbeat/docker -+++ b/heartbeat/docker -@@ -35,9 +35,6 @@ - - # Parameter defaults - --OCF_RESKEY_daemon_pidfile_default="/var/run/docker.pid" --: ${OCF_RESKEY_daemon_pidfile=${OCF_RESKEY_daemon_pidfile_default}} -- - ####################################################################### - - meta_data() -@@ -184,15 +182,6 @@ container to be considered healthy. - - - -- -- --The RA will report not running status on hosts where the docker daemon --is not running. -- --Name of the docker daemon pid file -- -- -- - - - -@@ -299,9 +288,13 @@ docker_simple_status() - return $OCF_ERR_INSTALLED - fi - -- if [ ! -e "$OCF_RESKEY_daemon_pidfile" ]; then -- ocf_log err "docker daemon is not running, pid file $OCF_RESKEY_daemon_pidfile not exists" -- return $OCF_NOT_RUNNING -+ -+ # let's first check if the daemon is up and running. -+ VERSION_OUT=$(docker version) -+ version_ret=$? -+ if [ $version_ret -eq 1 ]; then -+ ocf_exit_reason "Docker service is in error state while checking for ${CONTAINER}, based on image, ${OCF_RESKEY_image}: ${VERSION_OUT}" -+ return $OCF_ERR_GENERIC - fi - - container_exists -@@ -457,9 +450,11 @@ docker_stop() - { - local timeout=60 - docker_simple_status -- if [ $? -eq $OCF_NOT_RUNNING ]; then -+ if [ $? -eq $OCF_NOT_RUNNING ]; then - remove_container - return $OCF_SUCCESS -+ elif [ $? -eq $OCF_ERR_GENERIC ]; then -+ return $OCF_ERR_GENERIC - fi - - if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then diff --git a/SOURCES/bz1750704-docker-3-fix-stop-return-code.patch b/SOURCES/bz1750704-docker-3-fix-stop-return-code.patch deleted file mode 100644 index 7029c6f..0000000 --- a/SOURCES/bz1750704-docker-3-fix-stop-return-code.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 3d52ec553fc3de82e1d1dcbef949882947915c49 Mon Sep 17 00:00:00 2001 -From: Michele Baldessari -Date: Thu, 29 Aug 2019 08:10:57 +0200 -Subject: [PATCH] Fixup docker_stop condition on error - -In docker_stop() let's store the return code of docker_simple_status -otherwise the second branch of the elif risks reflecting the return -code of the previous operaiton and not of docker_simple_status() - -Retested this with a bunch of stop/start commands on a rabbitmq bundle -and observed no issues. - -This fixes a stop() regression introduced in -b7ae1bfbe7d393a9e9d993da3da35cc4d1bc9eb4 ("Make the check for the docker -daemon being up more robust") - -Thanks to Kota Akatsuka for spotting it. - -Signed-off-by: Michele Baldessari ---- - heartbeat/docker | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/heartbeat/docker b/heartbeat/docker -index 7c587b962..41ac42129 100755 ---- a/heartbeat/docker -+++ b/heartbeat/docker -@@ -450,10 +450,11 @@ docker_stop() - { - local timeout=60 - docker_simple_status -- if [ $? -eq $OCF_NOT_RUNNING ]; then -+ ret=$? -+ if [ $ret -eq $OCF_NOT_RUNNING ]; then - remove_container - return $OCF_SUCCESS -- elif [ $? -eq $OCF_ERR_GENERIC ]; then -+ elif [ $ret -eq $OCF_ERR_GENERIC ]; then - return $OCF_ERR_GENERIC - fi - diff --git a/SOURCES/bz1756262-NovaEvacuate-evacuate_delay.patch b/SOURCES/bz1756262-NovaEvacuate-evacuate_delay.patch deleted file mode 100644 index 9b429d7..0000000 --- a/SOURCES/bz1756262-NovaEvacuate-evacuate_delay.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 8b9c49fd965f73709d5a6e2c21987ba26af4856b Mon Sep 17 00:00:00 2001 -From: Luca Miccini -Date: Wed, 25 Sep 2019 17:12:39 +0200 -Subject: [PATCH] Add a configurable delay to Nova Evacuate calls - -In case /var/lib/nova/instances resides on NFS we have seen migrations -failing with 'Failed to get "write" lock - Is another process using the -image' errors. - -This has been tracked down to grace/lease timeouts not having expired -before attempting the migration/evacuate, so in this cases it might be -desirable to delay the nova evacuate call to give the storage time to -release the locks. - -Change-Id: Ie2fe784202d754eda38092479b1ab3ff4d02136a -Resolves: rhbz#1740069 ---- - -diff --git a/heartbeat/NovaEvacuate b/heartbeat/NovaEvacuate -index 810f30a..596f520 100644 ---- a/heartbeat/NovaEvacuate -+++ b/heartbeat/NovaEvacuate -@@ -125,6 +125,15 @@ - - - -+ -+ -+Allows delaying the nova evacuate API call, e.g. to give a storage array time to clean -+up eventual locks/leases. -+ -+Nova evacuate delay -+ -+ -+ - - - -@@ -216,6 +225,11 @@ - fence_agent="fence_evacuate" - fi - -+ if [ ${OCF_RESKEY_evacuate_delay} != 0 ]; then -+ ocf_log info "Delaying nova evacuate by $OCF_RESKEY_evacuate_delay seconds" -+ sleep ${OCF_RESKEY_evacuate_delay} -+ fi -+ - ocf_log notice "Initiating evacuation of $node with $fence_agent" - $fence_agent ${fence_options} -o status -n ${node} - if [ $? = 1 ]; then diff --git a/SOURCES/bz1757753-nfsserver-1-systemd-perf-improvements.patch b/SOURCES/bz1757753-nfsserver-1-systemd-perf-improvements.patch new file mode 100644 index 0000000..e577a2e --- /dev/null +++ b/SOURCES/bz1757753-nfsserver-1-systemd-perf-improvements.patch @@ -0,0 +1,77 @@ +From 530c48138f7dedaf99ae1ca98865d2f8b7432475 Mon Sep 17 00:00:00 2001 +From: Eberhard Kuemmerle +Date: Thu, 12 Sep 2019 21:10:43 +0200 +Subject: [PATCH] nfsserver: performance improvements for systemd enabled + systems + +> I found two critical actions in the script: +> - systemctl status nfs-server (which also calls journalctl) +> - systemctl list-unit-files + +source: +https://lists.clusterlabs.org/pipermail/developers/2019-September/002214.html +--- + heartbeat/nfsserver | 37 +++++++++++++++++++------------------ + 1 file changed, 19 insertions(+), 18 deletions(-) + +diff --git a/heartbeat/nfsserver b/heartbeat/nfsserver +index bf59da98e..8527a90f3 100755 +--- a/heartbeat/nfsserver ++++ b/heartbeat/nfsserver +@@ -233,24 +233,25 @@ set_exec_mode() + return 0 + fi + +- ## +- # Attempt systemd (with nfs-lock.service). +- ## + if which systemctl > /dev/null 2>&1; then +- if systemctl list-unit-files | grep nfs-server > /dev/null && systemctl list-unit-files | grep nfs-lock > /dev/null; then +- EXEC_MODE=2 +- # when using systemd, the nfs-lock service file handles nfsv3 locking daemons for us. +- return 0 +- fi +- fi ++ if systemctl list-unit-files 'nfs-*' | grep nfs-server > /dev/null; then ++ ++ ## ++ # Attempt systemd (with nfs-lock.service). ++ ## ++ if systemctl list-unit-files 'nfs-*' | grep nfs-lock > /dev/null; then ++ EXEC_MODE=2 ++ # when using systemd, the nfs-lock service file handles nfsv3 locking daemons for us. ++ return 0 ++ fi + +- ## +- # Attempt systemd (with rpc-statd.service). +- ## +- if which systemctl > /dev/null 2>&1; then +- if systemctl list-unit-files | grep nfs-server > /dev/null && systemctl list-unit-files | grep rpc-statd > /dev/null; then +- EXEC_MODE=3 +- return 0 ++ ## ++ # Attempt systemd (with rpc-statd.service). ++ ## ++ if systemctl list-unit-files 'rpc-*' | grep rpc-statd > /dev/null; then ++ EXEC_MODE=3 ++ return 0 ++ fi + fi + fi + +@@ -272,12 +273,12 @@ nfs_exec() + 2) if ! echo $svc | grep -q "\."; then + svc="${svc}.service" + fi +- systemctl $cmd $svc ++ systemctl -n0 $cmd $svc + ;; + 3) if ! echo $svc | grep -q "\."; then + svc="${svc}.service" + fi +- systemctl $cmd $svc ++ systemctl -n0 $cmd $svc + ;; + esac + } diff --git a/SOURCES/bz1757753-nfsserver-2-systemd-use-no-legend.patch b/SOURCES/bz1757753-nfsserver-2-systemd-use-no-legend.patch new file mode 100644 index 0000000..bbdc807 --- /dev/null +++ b/SOURCES/bz1757753-nfsserver-2-systemd-use-no-legend.patch @@ -0,0 +1,38 @@ +From ca9d2f9c2d23a9dc783e0d52419790d0d441232c Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 24 Sep 2019 09:12:47 +0200 +Subject: [PATCH] nfsserver: use "--no-legend" for systemctl "list-unit-files" + calls + +--- + heartbeat/nfsserver | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/nfsserver b/heartbeat/nfsserver +index 8527a90f3..acef0147a 100755 +--- a/heartbeat/nfsserver ++++ b/heartbeat/nfsserver +@@ -234,12 +234,12 @@ set_exec_mode() + fi + + if which systemctl > /dev/null 2>&1; then +- if systemctl list-unit-files 'nfs-*' | grep nfs-server > /dev/null; then ++ if systemctl --no-legend list-unit-files 'nfs-*' | grep nfs-server > /dev/null; then + + ## + # Attempt systemd (with nfs-lock.service). + ## +- if systemctl list-unit-files 'nfs-*' | grep nfs-lock > /dev/null; then ++ if systemctl --no-legend list-unit-files 'nfs-*' | grep nfs-lock > /dev/null; then + EXEC_MODE=2 + # when using systemd, the nfs-lock service file handles nfsv3 locking daemons for us. + return 0 +@@ -248,7 +248,7 @@ set_exec_mode() + ## + # Attempt systemd (with rpc-statd.service). + ## +- if systemctl list-unit-files 'rpc-*' | grep rpc-statd > /dev/null; then ++ if systemctl --no-legend list-unit-files 'rpc-*' | grep rpc-statd > /dev/null; then + EXEC_MODE=3 + return 0 + fi diff --git a/SOURCES/bz1803024-oralsnr-allow-using-same-tns_admin.patch b/SOURCES/bz1803024-oralsnr-allow-using-same-tns_admin.patch deleted file mode 100644 index 5963259..0000000 --- a/SOURCES/bz1803024-oralsnr-allow-using-same-tns_admin.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 2e288c233dc3b67d1845d5fdb8f857e0d7377820 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Wed, 12 Feb 2020 10:32:17 +0100 -Subject: [PATCH] oralsnr: allow using the tns_admin directory for different - listeners - ---- - heartbeat/oralsnr | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/heartbeat/oralsnr b/heartbeat/oralsnr -index 08fb8ae11..1ecf8fca8 100755 ---- a/heartbeat/oralsnr -+++ b/heartbeat/oralsnr -@@ -116,7 +116,7 @@ Defaults to LISTENER. - - - -- -+ - - Full path to the directory that contains the Oracle - listener tnsnames.ora configuration file. The shell diff --git a/SOURCES/bz1803798-rabbitmq-cluster-delete-nodename-when-stop-fails.patch b/SOURCES/bz1803798-rabbitmq-cluster-delete-nodename-when-stop-fails.patch deleted file mode 100644 index fc95598..0000000 --- a/SOURCES/bz1803798-rabbitmq-cluster-delete-nodename-when-stop-fails.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 47d75f8de9dc912da035805f141c674885ce432f Mon Sep 17 00:00:00 2001 -From: John Eckersberg -Date: Thu, 16 Jan 2020 10:20:59 -0500 -Subject: [PATCH] rabbitmq-cluster: ensure we delete nodename if stop action - fails - -If the stop action fails, we want to remove the nodename from the crm -attribute. Currently it is possible for the stop action to fail but -the rabbitmq server does actually stop. This leaves the attribute -still present. This means if the entire rabbitmq cluster is stopped, -it is not possible to start the cluster again because the first node -to start will think there is at least one other node running. Then -the node tries to join an existing cluster instead of rebootstrapping -the cluster from a single node. ---- - heartbeat/rabbitmq-cluster | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster -index 7837e9e3c..a9ebd37ad 100755 ---- a/heartbeat/rabbitmq-cluster -+++ b/heartbeat/rabbitmq-cluster -@@ -552,6 +552,7 @@ rmq_stop() { - - if [ $rc -ne 0 ]; then - ocf_log err "rabbitmq-server stop command failed: $RMQ_CTL stop, $rc" -+ rmq_delete_nodename - return $rc - fi - -@@ -565,6 +566,7 @@ rmq_stop() { - break - elif [ "$rc" -ne $OCF_SUCCESS ]; then - ocf_log info "rabbitmq-server stop failed: $rc" -+ rmq_delete_nodename - exit $OCF_ERR_GENERIC - fi - sleep 1 diff --git a/SOURCES/bz1803800-exportfs-allow-same-fsid.patch b/SOURCES/bz1803800-exportfs-allow-same-fsid.patch deleted file mode 100644 index 93d47af..0000000 --- a/SOURCES/bz1803800-exportfs-allow-same-fsid.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 9cea030ba6d5c759971873b80d6d97b545ecac39 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Thu, 7 Nov 2019 13:03:30 +0100 -Subject: [PATCH] exportfs: allow multiple exports of same directory - ---- - heartbeat/exportfs | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/heartbeat/exportfs b/heartbeat/exportfs -index d79aced88..1cabdee70 100755 ---- a/heartbeat/exportfs -+++ b/heartbeat/exportfs -@@ -82,7 +82,7 @@ The directory or directories to export. - - - -- -+ - - The fsid option to pass to exportfs. This can be a unique positive - integer, a UUID (assuredly sans comma characters), or the special string diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec index 605e114..ebc32ef 100644 --- a/SPECS/resource-agents.spec +++ b/SPECS/resource-agents.spec @@ -45,7 +45,7 @@ %global sap_script_package_hash f3644f5 %global saphana_prefix SAPHanaSR -%global saphana_version d1dde99 +%global saphana_hash 2067519 %global saphana_scaleout_prefix SAPHanaSR-ScaleOut %global saphana_scaleout_hash a77e8c6 @@ -95,7 +95,7 @@ Name: resource-agents Summary: Open Source HA Reusable Cluster Resource Scripts Version: 4.1.1 -Release: 30%{?dist}.7 +Release: 46%{?dist} License: GPLv2+ and LGPLv2+ and ASL 2.0 URL: https://github.com/ClusterLabs/resource-agents %if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel} @@ -106,7 +106,7 @@ Group: Productivity/Clustering/HA Source0: %{upstream_prefix}-%{upstream_version}.tar.gz Source1: %{sap_script_prefix}-%{sap_script_hash}.tar.gz Source2: %{sap_script_package_prefix}-%{sap_script_package_hash}.tar.gz -Source3: %{saphana_prefix}-%{saphana_version}.tar.gz +Source3: %{saphana_prefix}-%{saphana_hash}.tar.gz Source4: %{saphana_scaleout_prefix}-%{saphana_scaleout_hash}.tar.gz Source5: %{googlecloudsdk}-%{googlecloudsdk_version}-linux-x86_64.tar.gz Source6: %{pyroute2}-%{pyroute2_version}.tar.gz @@ -167,22 +167,34 @@ Patch46: bz1667413-2-LVM-activate-only-count-volumes.patch Patch47: bz1651790-1-CTDB-explicitly-use-bash-shell.patch Patch48: bz1651790-2-CTDB-add-ctdb_max_open_files-parameter.patch Patch49: bz1504055-IPsrcaddr-fix-regression-without-NetworkManager.patch -Patch50: bz1598969-iSCSILogicalUnit-create-iqn-when-it-doesnt-exist.patch +Patch50: bz1598969-1-iSCSITarget-create-iqn-when-it-doesnt-exist.patch Patch51: bz1693658-aws-vpc-move-ip-avoid-possible-race-condition.patch Patch52: bz1697558-aws-vpc-move-ip-1-multi-route-table-support.patch Patch53: bz1697558-aws-vpc-move-ip-2-fix-route-update-multi-NICs.patch Patch54: bz1549579-2-ocf_is_true-add-True-to-regexp.patch Patch55: bz1363902-SAPHanaSR-monitor-fix-tolower-error.patch -Patch56: bz1731426-dhcpd-keep-selinux-context.patch -Patch57: bz1731427-CTDB-1-fixes.patch -Patch58: bz1731427-CTDB-2-add-v4.9-support.patch -Patch59: bz1750704-docker-1-fail-gracefully-when-not-running.patch -Patch60: bz1750704-docker-2-improve-daemon-check.patch -Patch61: bz1750704-docker-3-fix-stop-return-code.patch -Patch62: bz1756262-NovaEvacuate-evacuate_delay.patch -Patch63: bz1803800-exportfs-allow-same-fsid.patch -Patch64: bz1803798-rabbitmq-cluster-delete-nodename-when-stop-fails.patch -Patch65: bz1803024-oralsnr-allow-using-same-tns_admin.patch +Patch56: bz1716418-dhcpd-keep-selinux-context.patch +Patch57: bz1719443-CTDB-1-fixes.patch +Patch58: bz1719443-CTDB-2-add-v4.9-support.patch +Patch59: bz1732873-LVM-activate-fix-monitor-hang.patch +Patch60: bz1598969-2-iSCSILogicalUnit-create-acls-fix.patch +Patch61: bz1642067-SAPHanaTopology-make-multi-instance-aware.patch +Patch62: bz1582685-IPsrcaddr-1-add-destination-and-table-parameters.patch +Patch63: bz1726736-Route-1-dont-fence-when-parameters-not-set.patch +Patch64: bz1746266-docker-1-fail-gracefully-when-not-running.patch +Patch65: bz1746266-docker-2-improve-daemon-check.patch +Patch66: bz1746266-docker-3-fix-stop-return-code.patch +Patch67: bz1744467-rabbitmq-cluster-restore-users-single-node-mode.patch +Patch68: bz1528365-IPaddr2-1-sanitize-IPv6-IPs.patch +Patch69: bz1528365-IPaddr2-2-return-empty-when-sanitation-fails.patch +Patch70: bz1740069-NovaEvacuate-evacuate_delay.patch +Patch71: bz1757753-nfsserver-1-systemd-perf-improvements.patch +Patch72: bz1757753-nfsserver-2-systemd-use-no-legend.patch +Patch73: bz1695041-LVM-activate-return-NOT_RUNNING-rejoin-cluster.patch +Patch74: bz1726736-Route-2-validate-start-validate-all.patch +Patch75: bz1582685-IPsrcaddr-2-local-rule-destination-fixes.patch +Patch76: bz1582685-IPsrcaddr-3-fix-probe-issues.patch +Patch77: bz1582685-IPsrcaddr-4-fix-hardcoded-device.patch # bundle patches Patch1000: bz1568588-7-gcp-bundled.patch @@ -377,7 +389,7 @@ SAP instances to be managed in a cluster environment. License: GPLv2+ Summary: SAP HANA Scale-Out cluster resource agents Version: 0.163.2 -Release: 7%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.7 +Release: 22%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist} %if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel} Group: System Environment/Base %else @@ -397,7 +409,7 @@ environment. License: GPLv2+ Summary: SAP cluster connector script Version: 3.0.1 -Release: 7%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.7 +Release: 22%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist} %if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel} Group: System Environment/Base %else @@ -417,10 +429,10 @@ instances to be managed in a cluster environment. exit 1 %endif %setup -q -n %{upstream_prefix}-%{upstream_version} -%setup -T -D -a 1 -n %{upstream_prefix}-%{upstream_version} -%setup -T -D -a 2 -n %{upstream_prefix}-%{upstream_version} -%setup -T -D -a 3 -n %{upstream_prefix}-%{upstream_version} -%setup -T -D -a 4 -n %{upstream_prefix}-%{upstream_version} +%setup -q -T -D -a 1 -n %{upstream_prefix}-%{upstream_version} +%setup -q -T -D -a 2 -n %{upstream_prefix}-%{upstream_version} +%setup -q -T -D -a 3 -n %{upstream_prefix}-%{upstream_version} +%setup -q -T -D -a 4 -n %{upstream_prefix}-%{upstream_version} %patch0 -p1 %patch1 -p1 %patch2 -p1 @@ -486,19 +498,28 @@ exit 1 %patch62 -p1 %patch63 -p1 %patch64 -p1 -%patch65 -p1 -F1 +%patch65 -p1 +%patch66 -p1 +%patch67 -p1 +%patch68 -p1 +%patch69 -p1 +%patch70 -p1 +%patch71 -p1 +%patch72 -p1 +%patch73 -p1 +%patch74 -p1 +%patch75 -p1 +%patch76 -p1 +%patch77 -p1 # add SAPHana agents to Makefile.am -mv %{saphana_prefix}-%{saphana_version}/ra/SAPHana* heartbeat +mv %{saphana_prefix}-%{saphana_hash}/SAPHana/ra/SAPHana* heartbeat mv %{saphana_scaleout_prefix}-%{saphana_scaleout_hash}/SAPHana/ra/SAPHanaController heartbeat mv %{saphana_scaleout_prefix}-%{saphana_scaleout_hash}/SAPHana/ra/SAPHanaTopology heartbeat/SAPHanaTopologyScaleOut sed -i -e 's/\( /dev/null 2>&1 ||: /usr/lib/ocf/resource.d/heartbeat/SAPHanaTopology %{_mandir}/man7/*SAPHana.* %{_mandir}/man7/*SAPHanaTopology.* -%{_datadir}/SAPHanaSR -%exclude %{_datadir}/SAPHanaSR/srHook/SAPHanaSR.py? %endif %ifarch x86_64 ppc64le @@ -1127,42 +1142,65 @@ ccs_update_schema > /dev/null 2>&1 ||: %endif %changelog -* Tue Feb 18 2020 Oyvind Albrigtsen - 4.1.1-30.7 -- Rebase resource-agents-sap-hana to SAPHanaSR 0.154.0 upstream release. +* Thu Jan 16 2020 Oyvind Albrigtsen - 4.1.1-46 +- IPsrcaddr: add destination and table parameters + + Resolves: rhbz#1582685 + +* Fri Oct 11 2019 Oyvind Albrigtsen - 4.1.1-43 +- Route: dont fence when parameters not set - Resolves: rhbz#1803915 + Resolves: rhbz#1726736 -* Mon Feb 17 2020 Oyvind Albrigtsen - 4.1.1-30.5 -- exportfs: allow multiple exports with same fsid -- rabbitmq-cluster: delete nodename when stop fails -- oralsnr: allow using same tns_admin directory for listeners +* Wed Oct 2 2019 Oyvind Albrigtsen - 4.1.1-42 +- LVM-activate: return NOT_RUNNING when node rejoins cluster + Resolves: rhbz#1695041 - Resolves: rhbz#1803800 - Resolves: rhbz#1803798 - Resolves: rhbz#1803024 +* Wed Oct 2 2019 Oyvind Albrigtsen - 4.1.1-41 +- nfsserver: systemd performance improvements -* Fri Sep 27 2019 Oyvind Albrigtsen - 4.1.1-30.4 + Resolves: rhbz#1757753 + +* Thu Sep 26 2019 Oyvind Albrigtsen - 4.1.1-40 - NovaEvacuate: add "evacuate_delay" parameter - Resolves: rhbz#1756262 + Resolves: rhbz#1740069 + +* Thu Sep 12 2019 Oyvind Albrigtsen - 4.1.1-38 +- IPaddr2: sanitize compressed IPv6 IPs + + Resolves: rhbz#1528365 -* Tue Sep 10 2019 Oyvind Albrigtsen - 4.1.1-30.3 +* Mon Sep 9 2019 Oyvind Albrigtsen - 4.1.1-37 +- rabbitmq-cluster: also restore users in single node mode + + Resolves: rhbz#1744467 + +* Mon Sep 9 2019 Oyvind Albrigtsen - 4.1.1-36 - docker: improve daemon check to fence when docker is stopped manually - Resolves: rhbz#1750704 + Resolves: rhbz#1746266 -* Fri Aug 23 2019 Oyvind Albrigtsen - 4.1.1-30.2 +* Tue Aug 6 2019 Oyvind Albrigtsen - 4.1.1-33 - SAPHanaTopology: make multi instance aware (MCOS) - Resolves: rhbz#1744923 + Resolves: rhbz#1642067 + +* Wed Jul 31 2019 Oyvind Albrigtsen - 4.1.1-32 +- iSCSITarget/iSCSILogicalUnit: only create iqn/acls when it doesnt + exist -* Mon Jul 22 2019 Oyvind Albrigtsen - 4.1.1-30.1 + Resolves: rhbz#1598969 + +* Thu Jul 25 2019 Oyvind Albrigtsen - 4.1.1-31 - dhcpd: keep SELinux context in chroot - CTDB: add support for v4.9+ +- LVM-activate: fix monitor to avoid hang caused by validate-all call - Resolves: rhbz#1731426 - Resolves: rhbz#1731427 + Resolves: rhbz#1716418 + Resolves: rhbz#1719443 + Resolves: rhbz#1732873 * Thu Jun 27 2019 Oyvind Albrigtsen - 4.1.1-30 - resource-agents-sap-hana-scaleout: new subpackage @@ -1198,10 +1236,8 @@ ccs_update_schema > /dev/null 2>&1 ||: * Tue Mar 26 2019 Oyvind Albrigtsen - 4.1.1-20 - IPsrcaddr: add proto and table parameters -- iSCSILogicalUnit: only create iqn when it doesnt exist Resolves: rhbz#1504055 - Resolves: rhbz#1598969 * Thu Feb 28 2019 Oyvind Albrigtsen - 4.1.1-19 - CTDB: add ctdb_max_open_files parameter