diff --git a/.gitignore b/.gitignore index 26d0954..f79624a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,4 @@ SOURCES/ClusterLabs-resource-agents-e711383f.tar.gz -SOURCES/SAPHanaSR-2067519.tar.gz SOURCES/aliyun-cli-2.1.10.tar.gz SOURCES/aliyun-python-sdk-core-2.13.1.tar.gz SOURCES/aliyun-python-sdk-ecs-4.9.3.tar.gz @@ -8,4 +7,3 @@ SOURCES/colorama-0.3.3.tar.gz SOURCES/google-cloud-sdk-241.0.0-linux-x86_64.tar.gz SOURCES/pycryptodome-3.6.4.tar.gz SOURCES/pyroute2-0.4.13.tar.gz -SOURCES/sap_cluster_connector-0015fe2.tar.gz diff --git a/.resource-agents.metadata b/.resource-agents.metadata index 5b6c0ef..e21f8a9 100644 --- a/.resource-agents.metadata +++ b/.resource-agents.metadata @@ -1,5 +1,4 @@ 0358e1cb7fe86b2105bd2646cbe86f3c0273844a SOURCES/ClusterLabs-resource-agents-e711383f.tar.gz -92409ca65e8f4e63d5c308368861fa67ced470f1 SOURCES/SAPHanaSR-2067519.tar.gz 306e131d8908ca794276bfe3a0b55ccc3bbd482f SOURCES/aliyun-cli-2.1.10.tar.gz 0a56f6d9ed2014a363486d33b63eca094379be06 SOURCES/aliyun-python-sdk-core-2.13.1.tar.gz c2a98b9a1562d223a76514f05028488ca000c395 SOURCES/aliyun-python-sdk-ecs-4.9.3.tar.gz @@ -8,4 +7,3 @@ f14647a4d37a9a254c4e711b95a7654fc418e41e SOURCES/aliyun-python-sdk-vpc-3.0.2.tar 876e2b0c0e3031c6e6101745acd08e4e9f53d6a9 SOURCES/google-cloud-sdk-241.0.0-linux-x86_64.tar.gz 326a73f58a62ebee00c11a12cfdd838b196e0e8e SOURCES/pycryptodome-3.6.4.tar.gz 147149db11104c06d405fd077dcd2aa1c345f109 SOURCES/pyroute2-0.4.13.tar.gz -731c683ecc63b50fbc0823170e966b74ec2a0f51 SOURCES/sap_cluster_connector-0015fe2.tar.gz diff --git a/SOURCES/7-gcp-bundled.patch b/SOURCES/7-gcp-bundled.patch index 0ea5777..b341dac 100644 --- a/SOURCES/7-gcp-bundled.patch +++ b/SOURCES/7-gcp-bundled.patch @@ -1,6 +1,6 @@ diff -uNr a/heartbeat/gcp-vpc-move-ip.in b/heartbeat/gcp-vpc-move-ip.in ---- a/heartbeat/gcp-vpc-move-ip.in 2018-07-23 12:38:54.098572982 +0200 -+++ b/heartbeat/gcp-vpc-move-ip.in 2018-07-23 12:39:31.062083667 +0200 +--- a/heartbeat/gcp-vpc-move-ip.in 2019-04-05 09:20:26.164739897 +0200 ++++ b/heartbeat/gcp-vpc-move-ip.in 2019-04-05 09:21:01.331139742 +0200 @@ -36,7 +36,7 @@ . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs @@ -11,25 +11,13 @@ diff -uNr a/heartbeat/gcp-vpc-move-ip.in b/heartbeat/gcp-vpc-move-ip.in OCF_RESKEY_vpc_network_default="default" OCF_RESKEY_interface_default="eth0" diff -uNr a/heartbeat/gcp-vpc-move-route.in b/heartbeat/gcp-vpc-move-route.in ---- a/heartbeat/gcp-vpc-move-route.in 2018-07-23 12:38:54.100572956 +0200 -+++ b/heartbeat/gcp-vpc-move-route.in 2018-07-23 12:40:39.174182018 +0200 -@@ -45,6 +45,8 @@ +--- a/heartbeat/gcp-vpc-move-route.in 2019-04-05 09:20:26.180739624 +0200 ++++ b/heartbeat/gcp-vpc-move-route.in 2019-04-05 09:22:28.648649593 +0200 +@@ -45,6 +45,7 @@ from ocf import * try: -+ sys.path.insert(0, '/usr/lib/resource-agents/bundled/gcp/google-cloud-sdk/lib/third_party') + sys.path.insert(0, '/usr/lib/resource-agents/bundled/gcp') import googleapiclient.discovery import pyroute2 except ImportError: -diff -uNr a/heartbeat/gcp-vpc-move-vip.in b/heartbeat/gcp-vpc-move-vip.in ---- a/heartbeat/gcp-vpc-move-vip.in 2018-07-23 12:38:54.105572889 +0200 -+++ b/heartbeat/gcp-vpc-move-vip.in 2018-07-23 12:39:31.063083654 +0200 -@@ -28,6 +28,7 @@ - from ocf import * - - try: -+ sys.path.insert(0, '/usr/lib/resource-agents/bundled/gcp/google-cloud-sdk/lib/third_party') - import googleapiclient.discovery - except ImportError: - pass diff --git a/SOURCES/bz1666691-tomcat-use-systemd-when-catalina.sh-unavailable.patch b/SOURCES/bz1666691-tomcat-use-systemd-when-catalina.sh-unavailable.patch new file mode 100644 index 0000000..571196b --- /dev/null +++ b/SOURCES/bz1666691-tomcat-use-systemd-when-catalina.sh-unavailable.patch @@ -0,0 +1,59 @@ +From b42ef7555de86cc29d165ae17682c223bfb23b6e Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 5 Nov 2018 16:38:01 +0100 +Subject: [PATCH 1/2] tomcat: use systemd on RHEL when catalina.sh is + unavailable + +--- + heartbeat/tomcat | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/heartbeat/tomcat b/heartbeat/tomcat +index 4812a0133..833870038 100755 +--- a/heartbeat/tomcat ++++ b/heartbeat/tomcat +@@ -613,7 +613,6 @@ TOMCAT_NAME="${OCF_RESKEY_tomcat_name-tomcat}" + TOMCAT_CONSOLE="${OCF_RESKEY_script_log-/var/log/$TOMCAT_NAME.log}" + RESOURCE_TOMCAT_USER="${OCF_RESKEY_tomcat_user-root}" + RESOURCE_STATUSURL="${OCF_RESKEY_statusurl-http://127.0.0.1:8080}" +-OCF_RESKEY_force_systemd_default=0 + + JAVA_HOME="${OCF_RESKEY_java_home}" + JAVA_OPTS="${OCF_RESKEY_java_opts}" +@@ -630,6 +629,13 @@ if [ -z "$CATALINA_PID" ]; then + CATALINA_PID="${HA_RSCTMP}/${TOMCAT_NAME}_tomcatstate/catalina.pid" + fi + ++# Only default to true for RedHat systems without catalina.sh ++if [ -e "$CATALINA_HOME/bin/catalina.sh" ] || ! is_redhat_based; then ++ OCF_RESKEY_force_systemd_default=0 ++else ++ OCF_RESKEY_force_systemd_default=1 ++fi ++ + MAX_STOP_TIME="${OCF_RESKEY_max_stop_time}" + + : ${OCF_RESKEY_force_systemd=${OCF_RESKEY_force_systemd_default}} + +From 9cb2b142a9ecb3a2d5a51cdd51b4005f08b9a97b Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 5 Nov 2018 17:09:43 +0100 +Subject: [PATCH 2/2] ocf-distro: add regex for RedHat version + +--- + heartbeat/ocf-distro | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/ocf-distro b/heartbeat/ocf-distro +index 530ee57ed..f69910c98 100644 +--- a/heartbeat/ocf-distro ++++ b/heartbeat/ocf-distro +@@ -39,7 +39,7 @@ get_os_ver() { + VER=$(cat $_DEBIAN_VERSION_FILE) + elif [ -f $_REDHAT_RELEASE_FILE ]; then + OS=RedHat # redhat or similar +- VER= # here some complex sed script ++ VER=$(sed "s/.* release \([^ ]\+\).*/\1/" $_REDHAT_RELEASE_FILE) + else + OS=$(uname -s) + VER=$(uname -r) diff --git a/SOURCES/bz1667414-1-LVM-activate-support-LVs-from-same-VG.patch b/SOURCES/bz1667414-1-LVM-activate-support-LVs-from-same-VG.patch new file mode 100644 index 0000000..af1974c --- /dev/null +++ b/SOURCES/bz1667414-1-LVM-activate-support-LVs-from-same-VG.patch @@ -0,0 +1,23 @@ +From 13511f843b2b0fa1b8b306beac041e0855be05a6 Mon Sep 17 00:00:00 2001 +From: Valentin Vidic +Date: Tue, 15 Jan 2019 15:45:03 +0100 +Subject: [PATCH] LVM-activate: make vgname not uniqe + +If activating one lvname at a time, vgname will not be unique. +--- + heartbeat/LVM-activate | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/LVM-activate b/heartbeat/LVM-activate +index f46932c1c..bc448c9c1 100755 +--- a/heartbeat/LVM-activate ++++ b/heartbeat/LVM-activate +@@ -102,7 +102,7 @@ because some DLM lockspaces might be in use and cannot be closed automatically. + This agent activates/deactivates logical volumes. + + +- ++ + + The volume group name. + diff --git a/SOURCES/bz1667414-2-LVM-activate-only-count-volumes.patch b/SOURCES/bz1667414-2-LVM-activate-only-count-volumes.patch new file mode 100644 index 0000000..5911e0e --- /dev/null +++ b/SOURCES/bz1667414-2-LVM-activate-only-count-volumes.patch @@ -0,0 +1,29 @@ +From ee9a47f97dd8b0cb51033db7879a79588aab409c Mon Sep 17 00:00:00 2001 +From: Valentin Vidic +Date: Tue, 15 Jan 2019 15:40:01 +0100 +Subject: [PATCH] LVM-activate: fix dmsetup check + +When there are no devices in the system dmsetup outputs one line: + + # dmsetup info -c + No devices found +--- + heartbeat/LVM-activate | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/LVM-activate b/heartbeat/LVM-activate +index f46932c1c..c3225e1cb 100755 +--- a/heartbeat/LVM-activate ++++ b/heartbeat/LVM-activate +@@ -715,9 +715,9 @@ lvm_status() { + if [ -n "${LV}" ]; then + # dmsetup ls? It cannot accept device name. It's + # too heavy to list all DM devices. +- dm_count=$(dmsetup info --noheadings --noflush -c -S "vgname=${VG} && lvname=${LV}" | wc -l ) ++ dm_count=$(dmsetup info --noheadings --noflush -c -S "vgname=${VG} && lvname=${LV}" | grep -c -v '^No devices found') + else +- dm_count=$(dmsetup info --noheadings --noflush -c -S "vgname=${VG}" 2>/dev/null | wc -l ) ++ dm_count=$(dmsetup info --noheadings --noflush -c -S "vgname=${VG}" | grep -c -v '^No devices found') + fi + + if [ $dm_count -eq 0 ]; then diff --git a/SOURCES/bz1669140-Route-make-family-parameter-optional.patch b/SOURCES/bz1669140-Route-make-family-parameter-optional.patch new file mode 100644 index 0000000..81ab09d --- /dev/null +++ b/SOURCES/bz1669140-Route-make-family-parameter-optional.patch @@ -0,0 +1,31 @@ +From d95765aba205ea59dcb99378bed4c6d0593ebdb4 Mon Sep 17 00:00:00 2001 +From: fpicot +Date: Fri, 11 Jan 2019 11:38:18 -0500 +Subject: [PATCH] Route: make family parameter optional + +--- + heartbeat/Route | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/Route b/heartbeat/Route +index 67bdf6bfc..2da58bce1 100755 +--- a/heartbeat/Route ++++ b/heartbeat/Route +@@ -124,7 +124,7 @@ The routing table to be configured for the route. + + + +- ++ + + The address family to be used for the route + ip4 IP version 4 +@@ -132,7 +132,7 @@ ip6 IP version 6 + detect Detect from 'destination' address. + + Address Family +- ++ + + + diff --git a/SOURCES/bz1683548-redis-mute-password-warning.patch b/SOURCES/bz1683548-redis-mute-password-warning.patch new file mode 100644 index 0000000..b3b89e0 --- /dev/null +++ b/SOURCES/bz1683548-redis-mute-password-warning.patch @@ -0,0 +1,62 @@ +From 6303448af77d2ed64c7436a84b30cf7fa4941e19 Mon Sep 17 00:00:00 2001 +From: Michele Baldessari +Date: Wed, 30 Jan 2019 21:36:17 +0100 +Subject: [PATCH] redis: Filter warning from stderr when calling 'redis-cli -a' + +In some versions of redis (starting with 4.0.10) we have commits [1] and +[2] which add a warning on stderr which will be printed out every single +time a monitor operation takes place: + + foo pacemaker-remoted[57563]: notice: redis_monitor_20000:1930:stderr + [ Warning: Using a password with '-a' option on the command line interface may not be safe. ] + +Later on commit [3] (merged with 5.0rc4) was merged which added the option +'--no-auth-warning' to disable said warning since it broke a bunch of +scripts [4]. I tried to forcibly either try the command twice (first +with --no-auth-warning and then without in case of errors) but it is +impossible to distinguish between error due to missing param and other +errors. + +So instead of inspecting the version of the redis-cli tool and do the following: +- >= 5.0.0 use --no-auth-warning all the time +- >= 4.0.10 & < 5.0.0 filter the problematic line from stderr only +- else do it like before + +We simply filter out from stderr the 'Using a password' message +unconditionally while making sure we keep stdout just the same. + +Tested on a redis 4.0.10 cluster and confirmed that it is working as +intended. + +All this horror and pain is due to the fact that redis does not support +any other means to pass a password (we could in theory first connect to +the server and then issue an AUTH command, but that seems even more +complex and error prone). See [5] for more info (or [6] for extra fun) + +[1] https://github.com/antirez/redis/commit/c082221aefbb2a472c7193dbdbb90900256ce1a2 +[2] https://github.com/antirez/redis/commit/ef931ef93e909b4f504e8c6fbed350ed70c1c67c +[3] https://github.com/antirez/redis/commit/a4ef94d2f71a32f73ce4ebf154580307a144b48f +[4] https://github.com/antirez/redis/issues/5073 +[5] https://github.com/antirez/redis/issues/3483 +[6] https://github.com/antirez/redis/pull/2413 + +Signed-off-by: Michele Baldessari +--- + heartbeat/redis.in | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/heartbeat/redis.in b/heartbeat/redis.in +index 1dff067e9..e257bcc5e 100644 +--- a/heartbeat/redis.in ++++ b/heartbeat/redis.in +@@ -302,7 +302,9 @@ set_score() + redis_client() { + ocf_log debug "redis_client: '$REDIS_CLIENT' -s '$REDIS_SOCKET' $*" + if [ -n "$clientpasswd" ]; then +- "$REDIS_CLIENT" -s "$REDIS_SOCKET" -a "$clientpasswd" "$@" | sed 's/\r//' ++ # Starting with 4.0.10 there is a warning on stderr when using a pass ++ # Once we stop supporting versions < 5.0.0 we can add --no-auth-warning here ++ ("$REDIS_CLIENT" -s "$REDIS_SOCKET" -a "$clientpasswd" "$@" 2>&1 >&3 3>&- | grep -v "Using a password" >&2 3>&-) 3>&1 | sed 's/\r//' + else + "$REDIS_CLIENT" -s "$REDIS_SOCKET" "$@" | sed 's/\r//' + fi diff --git a/SOURCES/bz1689184-Squid-1-fix-pidfile-issue.patch b/SOURCES/bz1689184-Squid-1-fix-pidfile-issue.patch new file mode 100644 index 0000000..1ebb942 --- /dev/null +++ b/SOURCES/bz1689184-Squid-1-fix-pidfile-issue.patch @@ -0,0 +1,70 @@ +From d228d41c61f57f2576dd87aa7be86f9ca26e3059 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 18 Mar 2019 16:03:14 +0100 +Subject: [PATCH] Squid: fix pid file issue due to new Squid version saving the + PID of the parent process instead of the listener child process + +--- + heartbeat/Squid.in | 21 +++++---------------- + 1 file changed, 5 insertions(+), 16 deletions(-) + +diff --git a/heartbeat/Squid.in b/heartbeat/Squid.in +index a99892d75..0b3c8ea86 100644 +--- a/heartbeat/Squid.in ++++ b/heartbeat/Squid.in +@@ -96,12 +96,9 @@ for a squid instance managed by this RA. + + + +- +- +-This is a required parameter. This parameter specifies a process id file +-for a squid instance managed by this RA. +- +-Pidfile ++ ++Deprecated - do not use anymore ++deprecated - do not use anymore + + + +@@ -175,8 +172,8 @@ get_pids() + # Seek by pattern + SQUID_PIDS[0]=$(pgrep -f "$PROCESS_PATTERN") + +- # Seek by pidfile +- SQUID_PIDS[1]=$(awk '1{print $1}' $SQUID_PIDFILE 2>/dev/null) ++ # Seek by child process ++ SQUID_PIDS[1]=$(pgrep -P ${SQUID_PIDS[0]}) + + if [[ -n "${SQUID_PIDS[1]}" ]]; then + typeset exe +@@ -306,7 +303,6 @@ stop_squid() + while true; do + get_pids + if is_squid_dead; then +- rm -f $SQUID_PIDFILE + return $OCF_SUCCESS + fi + (( lapse_sec = lapse_sec + 1 )) +@@ -326,7 +322,6 @@ stop_squid() + kill -KILL ${SQUID_PIDS[0]} ${SQUID_PIDS[2]} + sleep 1 + if is_squid_dead; then +- rm -f $SQUID_PIDFILE + return $OCF_SUCCESS + fi + done +@@ -389,12 +384,6 @@ if [[ ! -x "$SQUID_EXE" ]]; then + exit $OCF_ERR_CONFIGURED + fi + +-SQUID_PIDFILE="${OCF_RESKEY_squid_pidfile}" +-if [[ -z "$SQUID_PIDFILE" ]]; then +- ocf_exit_reason "SQUID_PIDFILE is not defined" +- exit $OCF_ERR_CONFIGURED +-fi +- + SQUID_PORT="${OCF_RESKEY_squid_port}" + if [[ -z "$SQUID_PORT" ]]; then + ocf_exit_reason "SQUID_PORT is not defined" diff --git a/SOURCES/bz1689184-Squid-2-dont-run-pgrep-without-PID.patch b/SOURCES/bz1689184-Squid-2-dont-run-pgrep-without-PID.patch new file mode 100644 index 0000000..bb6a894 --- /dev/null +++ b/SOURCES/bz1689184-Squid-2-dont-run-pgrep-without-PID.patch @@ -0,0 +1,24 @@ +From e370845f41d39d93f76fa34502d62e2513d5eb73 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Wed, 29 May 2019 14:07:46 +0200 +Subject: [PATCH] Squid: dont run pgrep -P without PID + +--- + heartbeat/Squid.in | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/heartbeat/Squid.in b/heartbeat/Squid.in +index 0b3c8ea86..e62e7ee66 100644 +--- a/heartbeat/Squid.in ++++ b/heartbeat/Squid.in +@@ -173,7 +173,9 @@ get_pids() + SQUID_PIDS[0]=$(pgrep -f "$PROCESS_PATTERN") + + # Seek by child process +- SQUID_PIDS[1]=$(pgrep -P ${SQUID_PIDS[0]}) ++ if [[ -n "${SQUID_PIDS[0]}" ]]; then ++ SQUID_PIDS[1]=$(pgrep -P ${SQUID_PIDS[0]}) ++ fi + + if [[ -n "${SQUID_PIDS[1]}" ]]; then + typeset exe diff --git a/SOURCES/bz1691456-gcloud-dont-detect-python2.patch b/SOURCES/bz1691456-gcloud-dont-detect-python2.patch new file mode 100644 index 0000000..9abbd09 --- /dev/null +++ b/SOURCES/bz1691456-gcloud-dont-detect-python2.patch @@ -0,0 +1,29 @@ +diff -uNr a/bundled/gcp/google-cloud-sdk/bin/gcloud b/bundled/gcp/google-cloud-sdk/bin/gcloud +--- a/bundled/gcp/google-cloud-sdk/bin/gcloud 2019-04-04 12:01:28.838027640 +0200 ++++ b/bundled/gcp/google-cloud-sdk/bin/gcloud 2019-04-04 12:03:21.577089065 +0200 +@@ -74,24 +74,7 @@ + + # if CLOUDSDK_PYTHON is empty + if [ -z "$CLOUDSDK_PYTHON" ]; then +- # if python2 exists then plain python may point to a version != 2 +- if _cloudsdk_which python2 >/dev/null; then +- CLOUDSDK_PYTHON=python2 +- elif _cloudsdk_which python2.7 >/dev/null; then +- # this is what some OS X versions call their built-in Python +- CLOUDSDK_PYTHON=python2.7 +- elif _cloudsdk_which python >/dev/null; then +- # Use unversioned python if it exists. +- CLOUDSDK_PYTHON=python +- elif _cloudsdk_which python3 >/dev/null; then +- # We support python3, but only want to default to it if nothing else is +- # found. +- CLOUDSDK_PYTHON=python3 +- else +- # This won't work because it wasn't found above, but at this point this +- # is our best guess for the error message. +- CLOUDSDK_PYTHON=python +- fi ++ CLOUDSDK_PYTHON="/usr/libexec/platform-python" + fi + + # $PYTHONHOME can interfere with gcloud. Users should use diff --git a/SOURCES/bz1692413-1-iSCSITarget-create-iqn-when-it-doesnt-exist.patch b/SOURCES/bz1692413-1-iSCSITarget-create-iqn-when-it-doesnt-exist.patch new file mode 100644 index 0000000..d50b231 --- /dev/null +++ b/SOURCES/bz1692413-1-iSCSITarget-create-iqn-when-it-doesnt-exist.patch @@ -0,0 +1,31 @@ +From 9273b83edf6ee72a59511f307e168813ca3d31fd Mon Sep 17 00:00:00 2001 +From: colttt +Date: Fri, 12 Oct 2018 15:29:48 +0200 +Subject: [PATCH] possible fix for #1026 + +add an if-condition and remove an useless 'targetcli create' +--- + heartbeat/iSCSITarget.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/iSCSITarget.in b/heartbeat/iSCSITarget.in +index e49a79016..9128fdc55 100644 +--- a/heartbeat/iSCSITarget.in ++++ b/heartbeat/iSCSITarget.in +@@ -340,13 +340,13 @@ iSCSITarget_start() { + ocf_take_lock $TARGETLOCKFILE + ocf_release_lock_on_exit $TARGETLOCKFILE + ocf_run targetcli /iscsi set global auto_add_default_portal=false || exit $OCF_ERR_GENERIC +- ocf_run targetcli /iscsi create ${OCF_RESKEY_iqn} || exit $OCF_ERR_GENERIC ++ if ! [ -d /sys/kernel/config/target/iscsi/${OCF_RESKEY_iqn} ] ; then ++ ocf_run targetcli /iscsi create ${OCF_RESKEY_iqn} || exit $OCF_ERR_GENERIC ++ fi + for portal in ${OCF_RESKEY_portals}; do + if [ $portal != ${OCF_RESKEY_portals_default} ] ; then + IFS=':' read -a sep_portal <<< "$portal" + ocf_run targetcli /iscsi/${OCF_RESKEY_iqn}/tpg1/portals create "${sep_portal[0]}" "${sep_portal[1]}" || exit $OCF_ERR_GENERIC +- else +- ocf_run targetcli /iscsi create ${OCF_RESKEY_iqn} || exit $OCF_ERR_GENERIC + fi + done + # in lio, we can set target parameters by manipulating diff --git a/SOURCES/bz1692413-2-iSCSILogicalUnit-create-acls-fix.patch b/SOURCES/bz1692413-2-iSCSILogicalUnit-create-acls-fix.patch new file mode 100644 index 0000000..a349e46 --- /dev/null +++ b/SOURCES/bz1692413-2-iSCSILogicalUnit-create-acls-fix.patch @@ -0,0 +1,24 @@ +From 0d53e80957a00016418080967892337b1b13f99d Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 30 Jul 2019 11:23:07 +0200 +Subject: [PATCH] iSCSILogicalUnit: only create acls if it doesnt exist + +--- + heartbeat/iSCSILogicalUnit.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/iSCSILogicalUnit.in b/heartbeat/iSCSILogicalUnit.in +index 0fe85b593..02045d754 100644 +--- a/heartbeat/iSCSILogicalUnit.in ++++ b/heartbeat/iSCSILogicalUnit.in +@@ -420,8 +420,8 @@ iSCSILogicalUnit_start() { + + if [ -n "${OCF_RESKEY_allowed_initiators}" ]; then + for initiator in ${OCF_RESKEY_allowed_initiators}; do +- ocf_run targetcli /iscsi/${OCF_RESKEY_target_iqn}/tpg1/acls create ${initiator} add_mapped_luns=False || exit $OCF_ERR_GENERIC +- ocf_run targetcli /iscsi/${OCF_RESKEY_target_iqn}/tpg1/acls/${initiator} create ${OCF_RESKEY_lun} ${OCF_RESKEY_lun} || exit $OCF_ERR_GENERIC ++ [ -d "/sys/kernel/config/target/iscsi/${OCF_RESKEY_target_iqn}/tpgt_1/acls" ] || ocf_run targetcli /iscsi/${OCF_RESKEY_target_iqn}/tpg1/acls create ${initiator} add_mapped_luns=False || exit $OCF_ERR_GENERIC ++ [ -d "/sys/kernel/config/target/iscsi/${OCF_RESKEY_target_iqn}/tpgt_1/acls/${initiator}" ] || ocf_run targetcli /iscsi/${OCF_RESKEY_target_iqn}/tpg1/acls/${initiator} create ${OCF_RESKEY_lun} ${OCF_RESKEY_lun} || exit $OCF_ERR_GENERIC + done + fi + diff --git a/SOURCES/bz1692960-mysql-galera-runuser-su-to-avoid-dac_override.patch b/SOURCES/bz1692960-mysql-galera-runuser-su-to-avoid-dac_override.patch new file mode 100644 index 0000000..16f6caa --- /dev/null +++ b/SOURCES/bz1692960-mysql-galera-runuser-su-to-avoid-dac_override.patch @@ -0,0 +1,93 @@ +From db6d12f4b7b10e214526512abe35307270f81c03 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 8 Aug 2019 14:48:13 +0200 +Subject: [PATCH] mysql/mariadb/galera: use runuser/su to avoid using SELinux + DAC_OVERRIDE + +--- + heartbeat/galera | 11 ++++++----- + heartbeat/mysql-common.sh | 16 ++++++++++++---- + 2 files changed, 18 insertions(+), 9 deletions(-) + +diff --git a/heartbeat/galera b/heartbeat/galera +index 9b9fe5569..056281fb8 100755 +--- a/heartbeat/galera ++++ b/heartbeat/galera +@@ -624,8 +624,7 @@ detect_last_commit() + local recover_args="--defaults-file=$OCF_RESKEY_config \ + --pid-file=$OCF_RESKEY_pid \ + --socket=$OCF_RESKEY_socket \ +- --datadir=$OCF_RESKEY_datadir \ +- --user=$OCF_RESKEY_user" ++ --datadir=$OCF_RESKEY_datadir" + local recovery_file_regex='s/.*WSREP\:.*position\s*recovery.*--log_error='\''\([^'\'']*\)'\''.*/\1/p' + local recovered_position_regex='s/.*WSREP\:\s*[R|r]ecovered\s*position.*\:\(.*\)\s*$/\1/p' + +@@ -654,7 +653,8 @@ detect_last_commit() + + ocf_log info "now attempting to detect last commit version using 'mysqld_safe --wsrep-recover'" + +- ${OCF_RESKEY_binary} $recover_args --wsrep-recover --log-error=$tmp 2>/dev/null ++ $SU - $OCF_RESKEY_user -s /bin/sh -c \ ++ "${OCF_RESKEY_binary} $recover_args --wsrep-recover --log-error=$tmp 2>/dev/null" + + last_commit="$(cat $tmp | sed -n $recovered_position_regex | tail -1)" + if [ -z "$last_commit" ]; then +@@ -670,8 +670,9 @@ detect_last_commit() + # we can only rollback the transaction, but that's OK + # since the DB will get resynchronized anyway + ocf_log warn "local node <${NODENAME}> was not shutdown properly. Rollback stuck transaction with --tc-heuristic-recover" +- ${OCF_RESKEY_binary} $recover_args --wsrep-recover \ +- --tc-heuristic-recover=rollback --log-error=$tmp 2>/dev/null ++ $SU - $OCF_RESKEY_user -s /bin/sh -c \ ++ "${OCF_RESKEY_binary} $recover_args --wsrep-recover \ ++ --tc-heuristic-recover=rollback --log-error=$tmp 2>/dev/null" + + last_commit="$(cat $tmp | sed -n $recovered_position_regex | tail -1)" + if [ ! -z "$last_commit" ]; then +diff --git a/heartbeat/mysql-common.sh b/heartbeat/mysql-common.sh +index d5ac972cd..65db9bf85 100755 +--- a/heartbeat/mysql-common.sh ++++ b/heartbeat/mysql-common.sh +@@ -2,6 +2,13 @@ + + ####################################################################### + ++# Use runuser if available for SELinux. ++if [ -x /sbin/runuser ]; then ++ SU=runuser ++else ++ SU=su ++fi ++ + # Attempt to detect a default binary + OCF_RESKEY_binary_default=$(which mysqld_safe 2> /dev/null) + if [ "$OCF_RESKEY_binary_default" = "" ]; then +@@ -207,7 +214,7 @@ mysql_common_prepare_dirs() + # already existed, check whether it is writable by the configured + # user + for dir in $pid_dir $socket_dir; do +- if ! su -s /bin/sh - $OCF_RESKEY_user -c "test -w $dir"; then ++ if ! $SU -s /bin/sh - $OCF_RESKEY_user -c "test -w $dir"; then + ocf_exit_reason "Directory $dir is not writable by $OCF_RESKEY_user" + exit $OCF_ERR_PERM; + fi +@@ -219,14 +226,15 @@ mysql_common_start() + local mysql_extra_params="$1" + local pid + +- ${OCF_RESKEY_binary} --defaults-file=$OCF_RESKEY_config \ ++ $SU - $OCF_RESKEY_user -s /bin/sh -c \ ++ "${OCF_RESKEY_binary} --defaults-file=$OCF_RESKEY_config \ + --pid-file=$OCF_RESKEY_pid \ + --socket=$OCF_RESKEY_socket \ + --datadir=$OCF_RESKEY_datadir \ + --log-error=$OCF_RESKEY_log \ +- --user=$OCF_RESKEY_user $OCF_RESKEY_additional_parameters \ ++ $OCF_RESKEY_additional_parameters \ + $mysql_extra_params >/dev/null 2>&1 & +- pid=$! ++ pid=$!" + + # Spin waiting for the server to come up. + # Let the CRM/LRM time us out if required. diff --git a/SOURCES/bz1693662-aws-vpc-move-ip-avoid-possible-race-condition.patch b/SOURCES/bz1693662-aws-vpc-move-ip-avoid-possible-race-condition.patch new file mode 100644 index 0000000..8899055 --- /dev/null +++ b/SOURCES/bz1693662-aws-vpc-move-ip-avoid-possible-race-condition.patch @@ -0,0 +1,104 @@ +From 57f695d336cab33c61e754e463654ad6400f7b58 Mon Sep 17 00:00:00 2001 +From: gguifelixamz +Date: Tue, 27 Nov 2018 17:06:05 +0000 +Subject: [PATCH 1/4] Enable --query flag in DescribeRouteTable API call to + avoid race condition with grep + +--- + heartbeat/aws-vpc-move-ip | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip +index 9b2043aca..d2aed7490 100755 +--- a/heartbeat/aws-vpc-move-ip ++++ b/heartbeat/aws-vpc-move-ip +@@ -167,9 +167,10 @@ ec2ip_validate() { + ec2ip_monitor() { + if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ] || ocf_is_probe; then + ocf_log info "monitor: check routing table (API call)" +- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table" ++ cmd=''$OCF_RESKEY_awscli' --profile '$OCF_RESKEY_profile' --output text ec2 describe-route-tables --route-table-ids '$OCF_RESKEY_routing_table' --query 'RouteTables[*].Routes[?DestinationCidrBlock==\`$OCF_RESKEY_address/32\`].InstanceId'' + ocf_log debug "executing command: $cmd" +- ROUTE_TO_INSTANCE="$($cmd | grep $OCF_RESKEY_ip | awk '{ print $3 }')" ++ ROUTE_TO_INSTANCE=$($cmd) ++ ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" + if [ -z "$ROUTE_TO_INSTANCE" ]; then + ROUTE_TO_INSTANCE="" + fi + +From 4d6371aca5dca35b902a480e07a08c1dc3373ca5 Mon Sep 17 00:00:00 2001 +From: gguifelixamz +Date: Thu, 29 Nov 2018 11:39:26 +0000 +Subject: [PATCH 2/4] aws-vpc-move-ip: Fixed outer quotes and removed inner + quotes + +--- + heartbeat/aws-vpc-move-ip | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip +index d2aed7490..ced69bd13 100755 +--- a/heartbeat/aws-vpc-move-ip ++++ b/heartbeat/aws-vpc-move-ip +@@ -167,7 +167,7 @@ ec2ip_validate() { + ec2ip_monitor() { + if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ] || ocf_is_probe; then + ocf_log info "monitor: check routing table (API call)" +- cmd=''$OCF_RESKEY_awscli' --profile '$OCF_RESKEY_profile' --output text ec2 describe-route-tables --route-table-ids '$OCF_RESKEY_routing_table' --query 'RouteTables[*].Routes[?DestinationCidrBlock==\`$OCF_RESKEY_address/32\`].InstanceId'' ++ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table --query RouteTables[*].Routes[?DestinationCidrBlock==\`$OCF_RESKEY_address/32\`].InstanceId" + ocf_log debug "executing command: $cmd" + ROUTE_TO_INSTANCE=$($cmd) + ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" + +From 09f4b061690a0e681aaf7314f1fc3e6f4e597cc8 Mon Sep 17 00:00:00 2001 +From: gguifelixamz +Date: Thu, 29 Nov 2018 11:55:05 +0000 +Subject: [PATCH 3/4] aws-vpc-move-ip: Replaced indentation spaces with tabs + for consistency with the rest of the code + +--- + heartbeat/aws-vpc-move-ip | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip +index ced69bd13..3e827283e 100755 +--- a/heartbeat/aws-vpc-move-ip ++++ b/heartbeat/aws-vpc-move-ip +@@ -167,10 +167,10 @@ ec2ip_validate() { + ec2ip_monitor() { + if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ] || ocf_is_probe; then + ocf_log info "monitor: check routing table (API call)" +- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table --query RouteTables[*].Routes[?DestinationCidrBlock==\`$OCF_RESKEY_address/32\`].InstanceId" ++ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table --query RouteTables[*].Routes[?DestinationCidrBlock==\`$OCF_RESKEY_address/32\`].InstanceId" + ocf_log debug "executing command: $cmd" +- ROUTE_TO_INSTANCE=$($cmd) +- ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" ++ ROUTE_TO_INSTANCE=$($cmd) ++ ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" + if [ -z "$ROUTE_TO_INSTANCE" ]; then + ROUTE_TO_INSTANCE="" + fi + +From fcf85551ce70cb4fb7ce24e21c361fdbe6fcce6b Mon Sep 17 00:00:00 2001 +From: gguifelixamz +Date: Thu, 29 Nov 2018 13:07:32 +0000 +Subject: [PATCH 4/4] aws-vpc-move-ip: In cmd variable on ec2ip_monitor(): + replaced _address with _ip and modified to use single quotes + +--- + heartbeat/aws-vpc-move-ip | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip +index 3e827283e..331ee184f 100755 +--- a/heartbeat/aws-vpc-move-ip ++++ b/heartbeat/aws-vpc-move-ip +@@ -167,7 +167,7 @@ ec2ip_validate() { + ec2ip_monitor() { + if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ] || ocf_is_probe; then + ocf_log info "monitor: check routing table (API call)" +- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table --query RouteTables[*].Routes[?DestinationCidrBlock==\`$OCF_RESKEY_address/32\`].InstanceId" ++ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].InstanceId" + ocf_log debug "executing command: $cmd" + ROUTE_TO_INSTANCE=$($cmd) + ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" diff --git a/SOURCES/bz1695656-gcp-vpc-move-route-vip-fix-python3-encoding.patch b/SOURCES/bz1695656-gcp-vpc-move-route-vip-fix-python3-encoding.patch new file mode 100644 index 0000000..9ad4c1d --- /dev/null +++ b/SOURCES/bz1695656-gcp-vpc-move-route-vip-fix-python3-encoding.patch @@ -0,0 +1,46 @@ +From 17fe1dfeef1534b270e4765277cb8d7b42c4a9c4 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 5 Apr 2019 09:15:40 +0200 +Subject: [PATCH] gcp-vpc-move-route/gcp-vpc-move-vip: fix Python 3 encoding + issue + +--- + heartbeat/gcp-vpc-move-route.in | 2 +- + heartbeat/gcp-vpc-move-vip.in | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/gcp-vpc-move-route.in b/heartbeat/gcp-vpc-move-route.in +index 591b97b1c..7dd47150d 100644 +--- a/heartbeat/gcp-vpc-move-route.in ++++ b/heartbeat/gcp-vpc-move-route.in +@@ -193,7 +193,7 @@ def get_metadata(metadata_key, params=None, timeout=None): + url = '%s?%s' % (metadata_url, params) + request = urlrequest.Request(url, headers=METADATA_HEADERS) + request_opener = urlrequest.build_opener(urlrequest.ProxyHandler({})) +- return request_opener.open(request, timeout=timeout * 1.1).read() ++ return request_opener.open(request, timeout=timeout * 1.1).read().decode("utf-8") + + + def validate(ctx): +diff --git a/heartbeat/gcp-vpc-move-vip.in b/heartbeat/gcp-vpc-move-vip.in +index bd6cf86cd..953d61ed7 100755 +--- a/heartbeat/gcp-vpc-move-vip.in ++++ b/heartbeat/gcp-vpc-move-vip.in +@@ -106,7 +106,7 @@ def get_metadata(metadata_key, params=None, timeout=None): + url = '%s?%s' % (metadata_url, params) + request = urlrequest.Request(url, headers=METADATA_HEADERS) + request_opener = urlrequest.build_opener(urlrequest.ProxyHandler({})) +- return request_opener.open(request, timeout=timeout * 1.1).read() ++ return request_opener.open(request, timeout=timeout * 1.1).read().decode("utf-8") + + + def get_instance(project, zone, instance): +@@ -162,7 +162,7 @@ def get_alias(project, zone, instance): + + def get_localhost_alias(): + net_iface = get_metadata('instance/network-interfaces', {'recursive': True}) +- net_iface = json.loads(net_iface.decode('utf-8')) ++ net_iface = json.loads(net_iface) + try: + return net_iface[0]['ipAliases'][0] + except (KeyError, IndexError): diff --git a/SOURCES/bz1697559-aws-vpc-move-ip-1-multi-route-table-support.patch b/SOURCES/bz1697559-aws-vpc-move-ip-1-multi-route-table-support.patch new file mode 100644 index 0000000..b724aa3 --- /dev/null +++ b/SOURCES/bz1697559-aws-vpc-move-ip-1-multi-route-table-support.patch @@ -0,0 +1,122 @@ +--- a/heartbeat/aws-vpc-move-ip 2019-05-20 10:54:01.527329668 +0200 ++++ b/heartbeat/aws-vpc-move-ip 2019-05-20 11:33:35.386089091 +0200 +@@ -93,11 +93,19 @@ + + + ++ ++ ++Deprecated IP address param. Use the ip param instead. ++ ++Deprecated VPC private IP Address ++ ++ ++ + + +-Name of the routing table, where the route for the IP address should be changed, i.e. rtb-... ++Name of the routing table(s), where the route for the IP address should be changed. If declaring multiple routing tables they should be separated by comma. Example: rtb-XXXXXXXX,rtb-YYYYYYYYY + +-routing table name ++routing table name(s) + + + +@@ -129,6 +137,13 @@ + END + } + ++ec2ip_set_address_param_compat(){ ++ # Include backward compatibility for the deprecated address parameter ++ if [ -z "$OCF_RESKEY_ip" ] && [ -n "$OCF_RESKEY_address" ]; then ++ OCF_RESKEY_ip="$OCF_RESKEY_address" ++ fi ++} ++ + ec2ip_validate() { + for cmd in aws ip curl; do + check_binary "$cmd" +@@ -150,20 +165,29 @@ + } + + ec2ip_monitor() { +- if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ]; then +- ocf_log info "monitor: check routing table (API call)" +- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].InstanceId" +- ocf_log debug "executing command: $cmd" +- ROUTE_TO_INSTANCE=$($cmd) +- ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" +- if [ -z "$ROUTE_TO_INSTANCE" ]; then +- ROUTE_TO_INSTANCE="" +- fi ++ MON_RES="" ++ if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ] || ocf_is_probe; then ++ for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do ++ ocf_log info "monitor: check routing table (API call) - $rtb" ++ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].InstanceId" ++ ocf_log debug "executing command: $cmd" ++ ROUTE_TO_INSTANCE="$($cmd)" ++ ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" ++ if [ -z "$ROUTE_TO_INSTANCE" ]; then ++ ROUTE_TO_INSTANCE="" ++ fi ++ ++ if [ "$EC2_INSTANCE_ID" != "$ROUTE_TO_INSTANCE" ]; then ++ ocf_log warn "not routed to this instance ($EC2_INSTANCE_ID) but to instance $ROUTE_TO_INSTANCE on $rtb" ++ MON_RES="$MON_RES $rtb" ++ fi ++ sleep 1 ++ done + +- if [ "$EC2_INSTANCE_ID" != "$ROUTE_TO_INSTANCE" ];then +- ocf_log warn "not routed to this instance ($EC2_INSTANCE_ID) but to instance $ROUTE_TO_INSTANCE" ++ if [ ! -z "$MON_RES" ]; then + return $OCF_NOT_RUNNING + fi ++ + else + ocf_log debug "monitor: Enhanced Monitoring disabled - omitting API call" + fi +@@ -195,19 +219,23 @@ + } + + ec2ip_get_and_configure() { +- # Adjusting the routing table +- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile ec2 replace-route --route-table-id $OCF_RESKEY_routing_table --destination-cidr-block ${OCF_RESKEY_ip}/32 --instance-id $EC2_INSTANCE_ID" +- ocf_log debug "executing command: $cmd" +- $cmd +- rc=$? +- if [ "$rc" != 0 ]; then +- ocf_log warn "command failed, rc: $rc" +- return $OCF_ERR_GENERIC +- fi ++ for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do ++ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --instance-id $EC2_INSTANCE_ID" ++ ocf_log debug "executing command: $cmd" ++ $cmd ++ rc=$? ++ if [ "$rc" != 0 ]; then ++ ocf_log warn "command failed, rc: $rc" ++ return $OCF_ERR_GENERIC ++ fi ++ sleep 1 ++ done + + # Reconfigure the local ip address + ec2ip_drop +- ip addr add "${OCF_RESKEY_ip}/32" dev $OCF_RESKEY_interface ++ cmd="ip addr add ${OCF_RESKEY_ip}/32 dev $OCF_RESKEY_interface" ++ ocf_log debug "executing command: $cmd" ++ $cmd + rc=$? + if [ $rc != 0 ]; then + ocf_log warn "command failed, rc: $rc" +@@ -289,6 +317,8 @@ + exit $OCF_ERR_PERM + fi + ++ec2ip_set_address_param_compat ++ + ec2ip_validate + + case $__OCF_ACTION in diff --git a/SOURCES/bz1697559-aws-vpc-move-ip-2-fix-route-update-multi-NICs.patch b/SOURCES/bz1697559-aws-vpc-move-ip-2-fix-route-update-multi-NICs.patch new file mode 100644 index 0000000..c283801 --- /dev/null +++ b/SOURCES/bz1697559-aws-vpc-move-ip-2-fix-route-update-multi-NICs.patch @@ -0,0 +1,221 @@ +From 9f2b9cc09f7e2df163ff95585374f860f3dc58eb Mon Sep 17 00:00:00 2001 +From: Tomas Krojzl +Date: Tue, 16 Apr 2019 18:40:29 +0200 +Subject: [PATCH 1/6] Fix for VM having multiple network interfaces + +--- + heartbeat/aws-vpc-move-ip | 22 +++++++++++++++++++++- + 1 file changed, 21 insertions(+), 1 deletion(-) + +diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip +index 090956434..a91c2dd11 100755 +--- a/heartbeat/aws-vpc-move-ip ++++ b/heartbeat/aws-vpc-move-ip +@@ -219,8 +219,28 @@ ec2ip_drop() { + } + + ec2ip_get_and_configure() { ++ cmd="ip -br link show dev $OCF_RESKEY_interface | tr -s ' ' | cut -d' ' -f3" ++ ocf_log debug "executing command: $cmd" ++ MAC_ADDR="$(eval $cmd)" ++ rc=$? ++ if [ $rc != 0 ]; then ++ ocf_log warn "command failed, rc: $rc" ++ return $OCF_ERR_GENERIC ++ fi ++ ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" ++ ++ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-instances --instance-ids $EC2_INSTANCE_ID --query 'Reservations[*].Instances[*].NetworkInterfaces[*].[NetworkInterfaceId,MacAddress]' | grep ${MAC_ADDR} | cut -f1" ++ ocf_log debug "executing command: $cmd" ++ EC2_NETWORK_INTERFACE_ID="$(eval $cmd)" ++ rc=$? ++ if [ $rc != 0 ]; then ++ ocf_log warn "command failed, rc: $rc" ++ return $OCF_ERR_GENERIC ++ fi ++ ocf_log debug "network interface id associated MAC address ${MAC_ADDR}: ${EC2_NETWORK_INTERFACE_ID}" ++ + for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do +- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --instance-id $EC2_INSTANCE_ID" ++ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID" + ocf_log debug "executing command: $cmd" + $cmd + rc=$? + +From a871a463134ebb2456b5f37a343bf9034f5f4074 Mon Sep 17 00:00:00 2001 +From: krojzl +Date: Tue, 16 Apr 2019 18:49:32 +0200 +Subject: [PATCH 2/6] Fixing indentation + +--- + heartbeat/aws-vpc-move-ip | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip +index a91c2dd11..a46d10d30 100755 +--- a/heartbeat/aws-vpc-move-ip ++++ b/heartbeat/aws-vpc-move-ip +@@ -227,7 +227,7 @@ ec2ip_get_and_configure() { + ocf_log warn "command failed, rc: $rc" + return $OCF_ERR_GENERIC + fi +- ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" ++ ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" + + cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-instances --instance-ids $EC2_INSTANCE_ID --query 'Reservations[*].Instances[*].NetworkInterfaces[*].[NetworkInterfaceId,MacAddress]' | grep ${MAC_ADDR} | cut -f1" + ocf_log debug "executing command: $cmd" +@@ -237,7 +237,7 @@ ec2ip_get_and_configure() { + ocf_log warn "command failed, rc: $rc" + return $OCF_ERR_GENERIC + fi +- ocf_log debug "network interface id associated MAC address ${MAC_ADDR}: ${EC2_NETWORK_INTERFACE_ID}" ++ ocf_log debug "network interface id associated MAC address ${MAC_ADDR}: ${EC2_NETWORK_INTERFACE_ID}" + + for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do + cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID" + +From 068680427dff620a948ae25f090bc154b02f17b9 Mon Sep 17 00:00:00 2001 +From: krojzl +Date: Wed, 17 Apr 2019 14:22:31 +0200 +Subject: [PATCH 3/6] Requested fix to avoid using AWS API + +--- + heartbeat/aws-vpc-move-ip | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip +index a46d10d30..2910552f2 100755 +--- a/heartbeat/aws-vpc-move-ip ++++ b/heartbeat/aws-vpc-move-ip +@@ -229,7 +229,7 @@ ec2ip_get_and_configure() { + fi + ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" + +- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-instances --instance-ids $EC2_INSTANCE_ID --query 'Reservations[*].Instances[*].NetworkInterfaces[*].[NetworkInterfaceId,MacAddress]' | grep ${MAC_ADDR} | cut -f1" ++ cmd="curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id" + ocf_log debug "executing command: $cmd" + EC2_NETWORK_INTERFACE_ID="$(eval $cmd)" + rc=$? + +From 207a2ba66ba7196180d27674aa204980fcd25de2 Mon Sep 17 00:00:00 2001 +From: krojzl +Date: Fri, 19 Apr 2019 11:14:21 +0200 +Subject: [PATCH 4/6] More robust approach of getting MAC address + +--- + heartbeat/aws-vpc-move-ip | 29 +++++++++++++++++++++-------- + 1 file changed, 21 insertions(+), 8 deletions(-) + +diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip +index 2910552f2..3a848b7e3 100755 +--- a/heartbeat/aws-vpc-move-ip ++++ b/heartbeat/aws-vpc-move-ip +@@ -219,15 +219,28 @@ ec2ip_drop() { + } + + ec2ip_get_and_configure() { +- cmd="ip -br link show dev $OCF_RESKEY_interface | tr -s ' ' | cut -d' ' -f3" +- ocf_log debug "executing command: $cmd" +- MAC_ADDR="$(eval $cmd)" +- rc=$? +- if [ $rc != 0 ]; then +- ocf_log warn "command failed, rc: $rc" +- return $OCF_ERR_GENERIC ++ MAC_FILE="/sys/class/net/${OCF_RESKEY_interface}/address" ++ if [ -f $MAC_FILE ]; then ++ cmd="cat ${MAC_FILE}" ++ ocf_log debug "executing command: $cmd" ++ MAC_ADDR="$(eval $cmd)" ++ rc=$? ++ if [ $rc != 0 ]; then ++ ocf_log warn "command failed, rc: $rc" ++ return $OCF_ERR_GENERIC ++ fi ++ ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" ++ else ++ cmd="ip -br link show dev ${OCF_RESKEY_interface} | tr -s ' ' | cut -d' ' -f3" ++ ocf_log debug "executing command: $cmd" ++ MAC_ADDR="$(eval $cmd)" ++ rc=$? ++ if [ $rc != 0 ]; then ++ ocf_log warn "command failed, rc: $rc" ++ return $OCF_ERR_GENERIC ++ fi ++ ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" + fi +- ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" + + cmd="curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id" + ocf_log debug "executing command: $cmd" + +From cdcc12a9c1431125b0d5298176e5242bfc9fbe29 Mon Sep 17 00:00:00 2001 +From: krojzl +Date: Fri, 19 Apr 2019 11:20:09 +0200 +Subject: [PATCH 5/6] Moving shared part outside if + +--- + heartbeat/aws-vpc-move-ip | 25 +++++++++---------------- + 1 file changed, 9 insertions(+), 16 deletions(-) + +diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip +index 3a848b7e3..bfe23e5bf 100755 +--- a/heartbeat/aws-vpc-move-ip ++++ b/heartbeat/aws-vpc-move-ip +@@ -222,26 +222,19 @@ ec2ip_get_and_configure() { + MAC_FILE="/sys/class/net/${OCF_RESKEY_interface}/address" + if [ -f $MAC_FILE ]; then + cmd="cat ${MAC_FILE}" +- ocf_log debug "executing command: $cmd" +- MAC_ADDR="$(eval $cmd)" +- rc=$? +- if [ $rc != 0 ]; then +- ocf_log warn "command failed, rc: $rc" +- return $OCF_ERR_GENERIC +- fi +- ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" + else + cmd="ip -br link show dev ${OCF_RESKEY_interface} | tr -s ' ' | cut -d' ' -f3" +- ocf_log debug "executing command: $cmd" +- MAC_ADDR="$(eval $cmd)" +- rc=$? +- if [ $rc != 0 ]; then +- ocf_log warn "command failed, rc: $rc" +- return $OCF_ERR_GENERIC +- fi +- ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" + fi + ++ ocf_log debug "executing command: $cmd" ++ MAC_ADDR="$(eval $cmd)" ++ rc=$? ++ if [ $rc != 0 ]; then ++ ocf_log warn "command failed, rc: $rc" ++ return $OCF_ERR_GENERIC ++ fi ++ ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" ++ + cmd="curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id" + ocf_log debug "executing command: $cmd" + EC2_NETWORK_INTERFACE_ID="$(eval $cmd)" + +From c3fc114fc64f6feb015c5342923fd2afc367ae28 Mon Sep 17 00:00:00 2001 +From: krojzl +Date: Fri, 19 Apr 2019 11:22:55 +0200 +Subject: [PATCH 6/6] Linting adjustment + +--- + heartbeat/aws-vpc-move-ip | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip +index bfe23e5bf..2757c27d0 100755 +--- a/heartbeat/aws-vpc-move-ip ++++ b/heartbeat/aws-vpc-move-ip +@@ -225,7 +225,6 @@ ec2ip_get_and_configure() { + else + cmd="ip -br link show dev ${OCF_RESKEY_interface} | tr -s ' ' | cut -d' ' -f3" + fi +- + ocf_log debug "executing command: $cmd" + MAC_ADDR="$(eval $cmd)" + rc=$? diff --git a/SOURCES/bz1707969-1-ocf_log-do-not-log-debug-when-HA_debug-unset.patch b/SOURCES/bz1707969-1-ocf_log-do-not-log-debug-when-HA_debug-unset.patch new file mode 100644 index 0000000..4de33f1 --- /dev/null +++ b/SOURCES/bz1707969-1-ocf_log-do-not-log-debug-when-HA_debug-unset.patch @@ -0,0 +1,32 @@ +From aae26ca70ef910e83485778c1fb450941fe79e8a Mon Sep 17 00:00:00 2001 +From: Michele Baldessari +Date: Mon, 3 Dec 2018 16:48:14 +0100 +Subject: [PATCH] Do not log at debug log level when HA_debug is unset + +There might be situations (e.g. bundles) where the HA_debug variable +is unset. It makes little sense to enable debug logging when the HA_debug env +variable is unset. +So let's skip debug logs when HA_debug is set to 0 or is unset. + +Tested inside a bundle and observed that previously seen 'ocf_log debug' +calls are now correctly suppressed (w/ HA_debug being unset inside the +container) + +Signed-off-by: Michele Baldessari +--- + heartbeat/ocf-shellfuncs.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in +index 043ab9bf2..b17297e1a 100644 +--- a/heartbeat/ocf-shellfuncs.in ++++ b/heartbeat/ocf-shellfuncs.in +@@ -257,7 +257,7 @@ ha_log() + + ha_debug() { + +- if [ "x${HA_debug}" = "x0" ] ; then ++ if [ "x${HA_debug}" = "x0" ] || [ -z "${HA_debug}" ] ; then + return 0 + fi + if tty >/dev/null; then diff --git a/SOURCES/bz1707969-2-ocf_is_true-add-True-to-regexp.patch b/SOURCES/bz1707969-2-ocf_is_true-add-True-to-regexp.patch new file mode 100644 index 0000000..00e34b8 --- /dev/null +++ b/SOURCES/bz1707969-2-ocf_is_true-add-True-to-regexp.patch @@ -0,0 +1,22 @@ +From 73b35b74b743403aeebab43205475be6f2938cd5 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Wed, 12 Jun 2019 10:11:07 +0200 +Subject: [PATCH] ocf_is_true: add True to regexp + +--- + heartbeat/ocf-shellfuncs.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in +index b17297e1a..7a97558a5 100644 +--- a/heartbeat/ocf-shellfuncs.in ++++ b/heartbeat/ocf-shellfuncs.in +@@ -101,7 +101,7 @@ ocf_is_decimal() { + + ocf_is_true() { + case "$1" in +- yes|true|1|YES|TRUE|ja|on|ON) true ;; ++ yes|true|1|YES|TRUE|True|ja|on|ON) true ;; + *) false ;; + esac + } diff --git a/SOURCES/bz1710058-Squid-1-fix-pidfile-issue.patch b/SOURCES/bz1710058-Squid-1-fix-pidfile-issue.patch deleted file mode 100644 index 1ebb942..0000000 --- a/SOURCES/bz1710058-Squid-1-fix-pidfile-issue.patch +++ /dev/null @@ -1,70 +0,0 @@ -From d228d41c61f57f2576dd87aa7be86f9ca26e3059 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Mon, 18 Mar 2019 16:03:14 +0100 -Subject: [PATCH] Squid: fix pid file issue due to new Squid version saving the - PID of the parent process instead of the listener child process - ---- - heartbeat/Squid.in | 21 +++++---------------- - 1 file changed, 5 insertions(+), 16 deletions(-) - -diff --git a/heartbeat/Squid.in b/heartbeat/Squid.in -index a99892d75..0b3c8ea86 100644 ---- a/heartbeat/Squid.in -+++ b/heartbeat/Squid.in -@@ -96,12 +96,9 @@ for a squid instance managed by this RA. - - - -- -- --This is a required parameter. This parameter specifies a process id file --for a squid instance managed by this RA. -- --Pidfile -+ -+Deprecated - do not use anymore -+deprecated - do not use anymore - - - -@@ -175,8 +172,8 @@ get_pids() - # Seek by pattern - SQUID_PIDS[0]=$(pgrep -f "$PROCESS_PATTERN") - -- # Seek by pidfile -- SQUID_PIDS[1]=$(awk '1{print $1}' $SQUID_PIDFILE 2>/dev/null) -+ # Seek by child process -+ SQUID_PIDS[1]=$(pgrep -P ${SQUID_PIDS[0]}) - - if [[ -n "${SQUID_PIDS[1]}" ]]; then - typeset exe -@@ -306,7 +303,6 @@ stop_squid() - while true; do - get_pids - if is_squid_dead; then -- rm -f $SQUID_PIDFILE - return $OCF_SUCCESS - fi - (( lapse_sec = lapse_sec + 1 )) -@@ -326,7 +322,6 @@ stop_squid() - kill -KILL ${SQUID_PIDS[0]} ${SQUID_PIDS[2]} - sleep 1 - if is_squid_dead; then -- rm -f $SQUID_PIDFILE - return $OCF_SUCCESS - fi - done -@@ -389,12 +384,6 @@ if [[ ! -x "$SQUID_EXE" ]]; then - exit $OCF_ERR_CONFIGURED - fi - --SQUID_PIDFILE="${OCF_RESKEY_squid_pidfile}" --if [[ -z "$SQUID_PIDFILE" ]]; then -- ocf_exit_reason "SQUID_PIDFILE is not defined" -- exit $OCF_ERR_CONFIGURED --fi -- - SQUID_PORT="${OCF_RESKEY_squid_port}" - if [[ -z "$SQUID_PORT" ]]; then - ocf_exit_reason "SQUID_PORT is not defined" diff --git a/SOURCES/bz1710058-Squid-2-dont-run-pgrep-without-PID.patch b/SOURCES/bz1710058-Squid-2-dont-run-pgrep-without-PID.patch deleted file mode 100644 index bb6a894..0000000 --- a/SOURCES/bz1710058-Squid-2-dont-run-pgrep-without-PID.patch +++ /dev/null @@ -1,24 +0,0 @@ -From e370845f41d39d93f76fa34502d62e2513d5eb73 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Wed, 29 May 2019 14:07:46 +0200 -Subject: [PATCH] Squid: dont run pgrep -P without PID - ---- - heartbeat/Squid.in | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/heartbeat/Squid.in b/heartbeat/Squid.in -index 0b3c8ea86..e62e7ee66 100644 ---- a/heartbeat/Squid.in -+++ b/heartbeat/Squid.in -@@ -173,7 +173,9 @@ get_pids() - SQUID_PIDS[0]=$(pgrep -f "$PROCESS_PATTERN") - - # Seek by child process -- SQUID_PIDS[1]=$(pgrep -P ${SQUID_PIDS[0]}) -+ if [[ -n "${SQUID_PIDS[0]}" ]]; then -+ SQUID_PIDS[1]=$(pgrep -P ${SQUID_PIDS[0]}) -+ fi - - if [[ -n "${SQUID_PIDS[1]}" ]]; then - typeset exe diff --git a/SOURCES/bz1710060-gcloud-dont-detect-python2.patch b/SOURCES/bz1710060-gcloud-dont-detect-python2.patch deleted file mode 100644 index 9abbd09..0000000 --- a/SOURCES/bz1710060-gcloud-dont-detect-python2.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff -uNr a/bundled/gcp/google-cloud-sdk/bin/gcloud b/bundled/gcp/google-cloud-sdk/bin/gcloud ---- a/bundled/gcp/google-cloud-sdk/bin/gcloud 2019-04-04 12:01:28.838027640 +0200 -+++ b/bundled/gcp/google-cloud-sdk/bin/gcloud 2019-04-04 12:03:21.577089065 +0200 -@@ -74,24 +74,7 @@ - - # if CLOUDSDK_PYTHON is empty - if [ -z "$CLOUDSDK_PYTHON" ]; then -- # if python2 exists then plain python may point to a version != 2 -- if _cloudsdk_which python2 >/dev/null; then -- CLOUDSDK_PYTHON=python2 -- elif _cloudsdk_which python2.7 >/dev/null; then -- # this is what some OS X versions call their built-in Python -- CLOUDSDK_PYTHON=python2.7 -- elif _cloudsdk_which python >/dev/null; then -- # Use unversioned python if it exists. -- CLOUDSDK_PYTHON=python -- elif _cloudsdk_which python3 >/dev/null; then -- # We support python3, but only want to default to it if nothing else is -- # found. -- CLOUDSDK_PYTHON=python3 -- else -- # This won't work because it wasn't found above, but at this point this -- # is our best guess for the error message. -- CLOUDSDK_PYTHON=python -- fi -+ CLOUDSDK_PYTHON="/usr/libexec/platform-python" - fi - - # $PYTHONHOME can interfere with gcloud. Users should use diff --git a/SOURCES/bz1710061-aws-vpc-move-ip-avoid-possible-race-condition.patch b/SOURCES/bz1710061-aws-vpc-move-ip-avoid-possible-race-condition.patch deleted file mode 100644 index 8899055..0000000 --- a/SOURCES/bz1710061-aws-vpc-move-ip-avoid-possible-race-condition.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 57f695d336cab33c61e754e463654ad6400f7b58 Mon Sep 17 00:00:00 2001 -From: gguifelixamz -Date: Tue, 27 Nov 2018 17:06:05 +0000 -Subject: [PATCH 1/4] Enable --query flag in DescribeRouteTable API call to - avoid race condition with grep - ---- - heartbeat/aws-vpc-move-ip | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip -index 9b2043aca..d2aed7490 100755 ---- a/heartbeat/aws-vpc-move-ip -+++ b/heartbeat/aws-vpc-move-ip -@@ -167,9 +167,10 @@ ec2ip_validate() { - ec2ip_monitor() { - if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ] || ocf_is_probe; then - ocf_log info "monitor: check routing table (API call)" -- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table" -+ cmd=''$OCF_RESKEY_awscli' --profile '$OCF_RESKEY_profile' --output text ec2 describe-route-tables --route-table-ids '$OCF_RESKEY_routing_table' --query 'RouteTables[*].Routes[?DestinationCidrBlock==\`$OCF_RESKEY_address/32\`].InstanceId'' - ocf_log debug "executing command: $cmd" -- ROUTE_TO_INSTANCE="$($cmd | grep $OCF_RESKEY_ip | awk '{ print $3 }')" -+ ROUTE_TO_INSTANCE=$($cmd) -+ ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" - if [ -z "$ROUTE_TO_INSTANCE" ]; then - ROUTE_TO_INSTANCE="" - fi - -From 4d6371aca5dca35b902a480e07a08c1dc3373ca5 Mon Sep 17 00:00:00 2001 -From: gguifelixamz -Date: Thu, 29 Nov 2018 11:39:26 +0000 -Subject: [PATCH 2/4] aws-vpc-move-ip: Fixed outer quotes and removed inner - quotes - ---- - heartbeat/aws-vpc-move-ip | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip -index d2aed7490..ced69bd13 100755 ---- a/heartbeat/aws-vpc-move-ip -+++ b/heartbeat/aws-vpc-move-ip -@@ -167,7 +167,7 @@ ec2ip_validate() { - ec2ip_monitor() { - if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ] || ocf_is_probe; then - ocf_log info "monitor: check routing table (API call)" -- cmd=''$OCF_RESKEY_awscli' --profile '$OCF_RESKEY_profile' --output text ec2 describe-route-tables --route-table-ids '$OCF_RESKEY_routing_table' --query 'RouteTables[*].Routes[?DestinationCidrBlock==\`$OCF_RESKEY_address/32\`].InstanceId'' -+ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table --query RouteTables[*].Routes[?DestinationCidrBlock==\`$OCF_RESKEY_address/32\`].InstanceId" - ocf_log debug "executing command: $cmd" - ROUTE_TO_INSTANCE=$($cmd) - ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" - -From 09f4b061690a0e681aaf7314f1fc3e6f4e597cc8 Mon Sep 17 00:00:00 2001 -From: gguifelixamz -Date: Thu, 29 Nov 2018 11:55:05 +0000 -Subject: [PATCH 3/4] aws-vpc-move-ip: Replaced indentation spaces with tabs - for consistency with the rest of the code - ---- - heartbeat/aws-vpc-move-ip | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip -index ced69bd13..3e827283e 100755 ---- a/heartbeat/aws-vpc-move-ip -+++ b/heartbeat/aws-vpc-move-ip -@@ -167,10 +167,10 @@ ec2ip_validate() { - ec2ip_monitor() { - if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ] || ocf_is_probe; then - ocf_log info "monitor: check routing table (API call)" -- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table --query RouteTables[*].Routes[?DestinationCidrBlock==\`$OCF_RESKEY_address/32\`].InstanceId" -+ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table --query RouteTables[*].Routes[?DestinationCidrBlock==\`$OCF_RESKEY_address/32\`].InstanceId" - ocf_log debug "executing command: $cmd" -- ROUTE_TO_INSTANCE=$($cmd) -- ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" -+ ROUTE_TO_INSTANCE=$($cmd) -+ ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" - if [ -z "$ROUTE_TO_INSTANCE" ]; then - ROUTE_TO_INSTANCE="" - fi - -From fcf85551ce70cb4fb7ce24e21c361fdbe6fcce6b Mon Sep 17 00:00:00 2001 -From: gguifelixamz -Date: Thu, 29 Nov 2018 13:07:32 +0000 -Subject: [PATCH 4/4] aws-vpc-move-ip: In cmd variable on ec2ip_monitor(): - replaced _address with _ip and modified to use single quotes - ---- - heartbeat/aws-vpc-move-ip | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip -index 3e827283e..331ee184f 100755 ---- a/heartbeat/aws-vpc-move-ip -+++ b/heartbeat/aws-vpc-move-ip -@@ -167,7 +167,7 @@ ec2ip_validate() { - ec2ip_monitor() { - if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ] || ocf_is_probe; then - ocf_log info "monitor: check routing table (API call)" -- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table --query RouteTables[*].Routes[?DestinationCidrBlock==\`$OCF_RESKEY_address/32\`].InstanceId" -+ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].InstanceId" - ocf_log debug "executing command: $cmd" - ROUTE_TO_INSTANCE=$($cmd) - ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" diff --git a/SOURCES/bz1710063-1-gcp-vpc-move-route-vip-fix-python3-encoding.patch b/SOURCES/bz1710063-1-gcp-vpc-move-route-vip-fix-python3-encoding.patch deleted file mode 100644 index 9ad4c1d..0000000 --- a/SOURCES/bz1710063-1-gcp-vpc-move-route-vip-fix-python3-encoding.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 17fe1dfeef1534b270e4765277cb8d7b42c4a9c4 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Fri, 5 Apr 2019 09:15:40 +0200 -Subject: [PATCH] gcp-vpc-move-route/gcp-vpc-move-vip: fix Python 3 encoding - issue - ---- - heartbeat/gcp-vpc-move-route.in | 2 +- - heartbeat/gcp-vpc-move-vip.in | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/heartbeat/gcp-vpc-move-route.in b/heartbeat/gcp-vpc-move-route.in -index 591b97b1c..7dd47150d 100644 ---- a/heartbeat/gcp-vpc-move-route.in -+++ b/heartbeat/gcp-vpc-move-route.in -@@ -193,7 +193,7 @@ def get_metadata(metadata_key, params=None, timeout=None): - url = '%s?%s' % (metadata_url, params) - request = urlrequest.Request(url, headers=METADATA_HEADERS) - request_opener = urlrequest.build_opener(urlrequest.ProxyHandler({})) -- return request_opener.open(request, timeout=timeout * 1.1).read() -+ return request_opener.open(request, timeout=timeout * 1.1).read().decode("utf-8") - - - def validate(ctx): -diff --git a/heartbeat/gcp-vpc-move-vip.in b/heartbeat/gcp-vpc-move-vip.in -index bd6cf86cd..953d61ed7 100755 ---- a/heartbeat/gcp-vpc-move-vip.in -+++ b/heartbeat/gcp-vpc-move-vip.in -@@ -106,7 +106,7 @@ def get_metadata(metadata_key, params=None, timeout=None): - url = '%s?%s' % (metadata_url, params) - request = urlrequest.Request(url, headers=METADATA_HEADERS) - request_opener = urlrequest.build_opener(urlrequest.ProxyHandler({})) -- return request_opener.open(request, timeout=timeout * 1.1).read() -+ return request_opener.open(request, timeout=timeout * 1.1).read().decode("utf-8") - - - def get_instance(project, zone, instance): -@@ -162,7 +162,7 @@ def get_alias(project, zone, instance): - - def get_localhost_alias(): - net_iface = get_metadata('instance/network-interfaces', {'recursive': True}) -- net_iface = json.loads(net_iface.decode('utf-8')) -+ net_iface = json.loads(net_iface) - try: - return net_iface[0]['ipAliases'][0] - except (KeyError, IndexError): diff --git a/SOURCES/bz1710063-2-oauth2client-fix-python3-encoding.patch b/SOURCES/bz1710063-2-oauth2client-fix-python3-encoding.patch deleted file mode 100644 index 06d2078..0000000 --- a/SOURCES/bz1710063-2-oauth2client-fix-python3-encoding.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- ClusterLabs-resource-agents-e711383f/bundled/gcp/google-cloud-sdk/lib/third_party/oauth2client/client.py 1980-01-01 09:00:00.000000000 +0100 -+++ ClusterLabs-resource-agents-e711383f/bundled/gcp/google-cloud-sdk/lib/third_party/oauth2client/client.py.new 2019-05-28 10:42:54.366396838 +0200 -@@ -813,7 +813,7 @@ - - logger.info('Refreshing access_token') - resp, content = http_request( -- self.token_uri.encode('idna'), method='POST', -+ self.token_uri, method='POST', - body=body, headers=headers) - content = _helpers._from_bytes(content) - if resp.status == http_client.OK: diff --git a/SOURCES/bz1714104-aws-vpc-move-ip-1-multi-route-table-support.patch b/SOURCES/bz1714104-aws-vpc-move-ip-1-multi-route-table-support.patch deleted file mode 100644 index b724aa3..0000000 --- a/SOURCES/bz1714104-aws-vpc-move-ip-1-multi-route-table-support.patch +++ /dev/null @@ -1,122 +0,0 @@ ---- a/heartbeat/aws-vpc-move-ip 2019-05-20 10:54:01.527329668 +0200 -+++ b/heartbeat/aws-vpc-move-ip 2019-05-20 11:33:35.386089091 +0200 -@@ -93,11 +93,19 @@ - - - -+ -+ -+Deprecated IP address param. Use the ip param instead. -+ -+Deprecated VPC private IP Address -+ -+ -+ - - --Name of the routing table, where the route for the IP address should be changed, i.e. rtb-... -+Name of the routing table(s), where the route for the IP address should be changed. If declaring multiple routing tables they should be separated by comma. Example: rtb-XXXXXXXX,rtb-YYYYYYYYY - --routing table name -+routing table name(s) - - - -@@ -129,6 +137,13 @@ - END - } - -+ec2ip_set_address_param_compat(){ -+ # Include backward compatibility for the deprecated address parameter -+ if [ -z "$OCF_RESKEY_ip" ] && [ -n "$OCF_RESKEY_address" ]; then -+ OCF_RESKEY_ip="$OCF_RESKEY_address" -+ fi -+} -+ - ec2ip_validate() { - for cmd in aws ip curl; do - check_binary "$cmd" -@@ -150,20 +165,29 @@ - } - - ec2ip_monitor() { -- if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ]; then -- ocf_log info "monitor: check routing table (API call)" -- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $OCF_RESKEY_routing_table --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].InstanceId" -- ocf_log debug "executing command: $cmd" -- ROUTE_TO_INSTANCE=$($cmd) -- ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" -- if [ -z "$ROUTE_TO_INSTANCE" ]; then -- ROUTE_TO_INSTANCE="" -- fi -+ MON_RES="" -+ if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ] || ocf_is_probe; then -+ for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do -+ ocf_log info "monitor: check routing table (API call) - $rtb" -+ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].InstanceId" -+ ocf_log debug "executing command: $cmd" -+ ROUTE_TO_INSTANCE="$($cmd)" -+ ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" -+ if [ -z "$ROUTE_TO_INSTANCE" ]; then -+ ROUTE_TO_INSTANCE="" -+ fi -+ -+ if [ "$EC2_INSTANCE_ID" != "$ROUTE_TO_INSTANCE" ]; then -+ ocf_log warn "not routed to this instance ($EC2_INSTANCE_ID) but to instance $ROUTE_TO_INSTANCE on $rtb" -+ MON_RES="$MON_RES $rtb" -+ fi -+ sleep 1 -+ done - -- if [ "$EC2_INSTANCE_ID" != "$ROUTE_TO_INSTANCE" ];then -- ocf_log warn "not routed to this instance ($EC2_INSTANCE_ID) but to instance $ROUTE_TO_INSTANCE" -+ if [ ! -z "$MON_RES" ]; then - return $OCF_NOT_RUNNING - fi -+ - else - ocf_log debug "monitor: Enhanced Monitoring disabled - omitting API call" - fi -@@ -195,19 +219,23 @@ - } - - ec2ip_get_and_configure() { -- # Adjusting the routing table -- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile ec2 replace-route --route-table-id $OCF_RESKEY_routing_table --destination-cidr-block ${OCF_RESKEY_ip}/32 --instance-id $EC2_INSTANCE_ID" -- ocf_log debug "executing command: $cmd" -- $cmd -- rc=$? -- if [ "$rc" != 0 ]; then -- ocf_log warn "command failed, rc: $rc" -- return $OCF_ERR_GENERIC -- fi -+ for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do -+ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --instance-id $EC2_INSTANCE_ID" -+ ocf_log debug "executing command: $cmd" -+ $cmd -+ rc=$? -+ if [ "$rc" != 0 ]; then -+ ocf_log warn "command failed, rc: $rc" -+ return $OCF_ERR_GENERIC -+ fi -+ sleep 1 -+ done - - # Reconfigure the local ip address - ec2ip_drop -- ip addr add "${OCF_RESKEY_ip}/32" dev $OCF_RESKEY_interface -+ cmd="ip addr add ${OCF_RESKEY_ip}/32 dev $OCF_RESKEY_interface" -+ ocf_log debug "executing command: $cmd" -+ $cmd - rc=$? - if [ $rc != 0 ]; then - ocf_log warn "command failed, rc: $rc" -@@ -289,6 +317,8 @@ - exit $OCF_ERR_PERM - fi - -+ec2ip_set_address_param_compat -+ - ec2ip_validate - - case $__OCF_ACTION in diff --git a/SOURCES/bz1714104-aws-vpc-move-ip-2-fix-route-update-multi-NICs.patch b/SOURCES/bz1714104-aws-vpc-move-ip-2-fix-route-update-multi-NICs.patch deleted file mode 100644 index c283801..0000000 --- a/SOURCES/bz1714104-aws-vpc-move-ip-2-fix-route-update-multi-NICs.patch +++ /dev/null @@ -1,221 +0,0 @@ -From 9f2b9cc09f7e2df163ff95585374f860f3dc58eb Mon Sep 17 00:00:00 2001 -From: Tomas Krojzl -Date: Tue, 16 Apr 2019 18:40:29 +0200 -Subject: [PATCH 1/6] Fix for VM having multiple network interfaces - ---- - heartbeat/aws-vpc-move-ip | 22 +++++++++++++++++++++- - 1 file changed, 21 insertions(+), 1 deletion(-) - -diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip -index 090956434..a91c2dd11 100755 ---- a/heartbeat/aws-vpc-move-ip -+++ b/heartbeat/aws-vpc-move-ip -@@ -219,8 +219,28 @@ ec2ip_drop() { - } - - ec2ip_get_and_configure() { -+ cmd="ip -br link show dev $OCF_RESKEY_interface | tr -s ' ' | cut -d' ' -f3" -+ ocf_log debug "executing command: $cmd" -+ MAC_ADDR="$(eval $cmd)" -+ rc=$? -+ if [ $rc != 0 ]; then -+ ocf_log warn "command failed, rc: $rc" -+ return $OCF_ERR_GENERIC -+ fi -+ ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" -+ -+ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-instances --instance-ids $EC2_INSTANCE_ID --query 'Reservations[*].Instances[*].NetworkInterfaces[*].[NetworkInterfaceId,MacAddress]' | grep ${MAC_ADDR} | cut -f1" -+ ocf_log debug "executing command: $cmd" -+ EC2_NETWORK_INTERFACE_ID="$(eval $cmd)" -+ rc=$? -+ if [ $rc != 0 ]; then -+ ocf_log warn "command failed, rc: $rc" -+ return $OCF_ERR_GENERIC -+ fi -+ ocf_log debug "network interface id associated MAC address ${MAC_ADDR}: ${EC2_NETWORK_INTERFACE_ID}" -+ - for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do -- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --instance-id $EC2_INSTANCE_ID" -+ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID" - ocf_log debug "executing command: $cmd" - $cmd - rc=$? - -From a871a463134ebb2456b5f37a343bf9034f5f4074 Mon Sep 17 00:00:00 2001 -From: krojzl -Date: Tue, 16 Apr 2019 18:49:32 +0200 -Subject: [PATCH 2/6] Fixing indentation - ---- - heartbeat/aws-vpc-move-ip | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip -index a91c2dd11..a46d10d30 100755 ---- a/heartbeat/aws-vpc-move-ip -+++ b/heartbeat/aws-vpc-move-ip -@@ -227,7 +227,7 @@ ec2ip_get_and_configure() { - ocf_log warn "command failed, rc: $rc" - return $OCF_ERR_GENERIC - fi -- ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" -+ ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" - - cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-instances --instance-ids $EC2_INSTANCE_ID --query 'Reservations[*].Instances[*].NetworkInterfaces[*].[NetworkInterfaceId,MacAddress]' | grep ${MAC_ADDR} | cut -f1" - ocf_log debug "executing command: $cmd" -@@ -237,7 +237,7 @@ ec2ip_get_and_configure() { - ocf_log warn "command failed, rc: $rc" - return $OCF_ERR_GENERIC - fi -- ocf_log debug "network interface id associated MAC address ${MAC_ADDR}: ${EC2_NETWORK_INTERFACE_ID}" -+ ocf_log debug "network interface id associated MAC address ${MAC_ADDR}: ${EC2_NETWORK_INTERFACE_ID}" - - for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do - cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID" - -From 068680427dff620a948ae25f090bc154b02f17b9 Mon Sep 17 00:00:00 2001 -From: krojzl -Date: Wed, 17 Apr 2019 14:22:31 +0200 -Subject: [PATCH 3/6] Requested fix to avoid using AWS API - ---- - heartbeat/aws-vpc-move-ip | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip -index a46d10d30..2910552f2 100755 ---- a/heartbeat/aws-vpc-move-ip -+++ b/heartbeat/aws-vpc-move-ip -@@ -229,7 +229,7 @@ ec2ip_get_and_configure() { - fi - ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" - -- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-instances --instance-ids $EC2_INSTANCE_ID --query 'Reservations[*].Instances[*].NetworkInterfaces[*].[NetworkInterfaceId,MacAddress]' | grep ${MAC_ADDR} | cut -f1" -+ cmd="curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id" - ocf_log debug "executing command: $cmd" - EC2_NETWORK_INTERFACE_ID="$(eval $cmd)" - rc=$? - -From 207a2ba66ba7196180d27674aa204980fcd25de2 Mon Sep 17 00:00:00 2001 -From: krojzl -Date: Fri, 19 Apr 2019 11:14:21 +0200 -Subject: [PATCH 4/6] More robust approach of getting MAC address - ---- - heartbeat/aws-vpc-move-ip | 29 +++++++++++++++++++++-------- - 1 file changed, 21 insertions(+), 8 deletions(-) - -diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip -index 2910552f2..3a848b7e3 100755 ---- a/heartbeat/aws-vpc-move-ip -+++ b/heartbeat/aws-vpc-move-ip -@@ -219,15 +219,28 @@ ec2ip_drop() { - } - - ec2ip_get_and_configure() { -- cmd="ip -br link show dev $OCF_RESKEY_interface | tr -s ' ' | cut -d' ' -f3" -- ocf_log debug "executing command: $cmd" -- MAC_ADDR="$(eval $cmd)" -- rc=$? -- if [ $rc != 0 ]; then -- ocf_log warn "command failed, rc: $rc" -- return $OCF_ERR_GENERIC -+ MAC_FILE="/sys/class/net/${OCF_RESKEY_interface}/address" -+ if [ -f $MAC_FILE ]; then -+ cmd="cat ${MAC_FILE}" -+ ocf_log debug "executing command: $cmd" -+ MAC_ADDR="$(eval $cmd)" -+ rc=$? -+ if [ $rc != 0 ]; then -+ ocf_log warn "command failed, rc: $rc" -+ return $OCF_ERR_GENERIC -+ fi -+ ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" -+ else -+ cmd="ip -br link show dev ${OCF_RESKEY_interface} | tr -s ' ' | cut -d' ' -f3" -+ ocf_log debug "executing command: $cmd" -+ MAC_ADDR="$(eval $cmd)" -+ rc=$? -+ if [ $rc != 0 ]; then -+ ocf_log warn "command failed, rc: $rc" -+ return $OCF_ERR_GENERIC -+ fi -+ ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" - fi -- ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" - - cmd="curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id" - ocf_log debug "executing command: $cmd" - -From cdcc12a9c1431125b0d5298176e5242bfc9fbe29 Mon Sep 17 00:00:00 2001 -From: krojzl -Date: Fri, 19 Apr 2019 11:20:09 +0200 -Subject: [PATCH 5/6] Moving shared part outside if - ---- - heartbeat/aws-vpc-move-ip | 25 +++++++++---------------- - 1 file changed, 9 insertions(+), 16 deletions(-) - -diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip -index 3a848b7e3..bfe23e5bf 100755 ---- a/heartbeat/aws-vpc-move-ip -+++ b/heartbeat/aws-vpc-move-ip -@@ -222,26 +222,19 @@ ec2ip_get_and_configure() { - MAC_FILE="/sys/class/net/${OCF_RESKEY_interface}/address" - if [ -f $MAC_FILE ]; then - cmd="cat ${MAC_FILE}" -- ocf_log debug "executing command: $cmd" -- MAC_ADDR="$(eval $cmd)" -- rc=$? -- if [ $rc != 0 ]; then -- ocf_log warn "command failed, rc: $rc" -- return $OCF_ERR_GENERIC -- fi -- ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" - else - cmd="ip -br link show dev ${OCF_RESKEY_interface} | tr -s ' ' | cut -d' ' -f3" -- ocf_log debug "executing command: $cmd" -- MAC_ADDR="$(eval $cmd)" -- rc=$? -- if [ $rc != 0 ]; then -- ocf_log warn "command failed, rc: $rc" -- return $OCF_ERR_GENERIC -- fi -- ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" - fi - -+ ocf_log debug "executing command: $cmd" -+ MAC_ADDR="$(eval $cmd)" -+ rc=$? -+ if [ $rc != 0 ]; then -+ ocf_log warn "command failed, rc: $rc" -+ return $OCF_ERR_GENERIC -+ fi -+ ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" -+ - cmd="curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id" - ocf_log debug "executing command: $cmd" - EC2_NETWORK_INTERFACE_ID="$(eval $cmd)" - -From c3fc114fc64f6feb015c5342923fd2afc367ae28 Mon Sep 17 00:00:00 2001 -From: krojzl -Date: Fri, 19 Apr 2019 11:22:55 +0200 -Subject: [PATCH 6/6] Linting adjustment - ---- - heartbeat/aws-vpc-move-ip | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip -index bfe23e5bf..2757c27d0 100755 ---- a/heartbeat/aws-vpc-move-ip -+++ b/heartbeat/aws-vpc-move-ip -@@ -225,7 +225,6 @@ ec2ip_get_and_configure() { - else - cmd="ip -br link show dev ${OCF_RESKEY_interface} | tr -s ' ' | cut -d' ' -f3" - fi -- - ocf_log debug "executing command: $cmd" - MAC_ADDR="$(eval $cmd)" - rc=$? diff --git a/SOURCES/bz1717759-Filesystem-remove-notify-action-from-metadata.patch b/SOURCES/bz1717759-Filesystem-remove-notify-action-from-metadata.patch new file mode 100644 index 0000000..9cf643e --- /dev/null +++ b/SOURCES/bz1717759-Filesystem-remove-notify-action-from-metadata.patch @@ -0,0 +1,21 @@ +From d1fc6920718284431a2c2cc28562498d6c8ea792 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Wed, 19 Jun 2019 11:12:33 +0200 +Subject: [PATCH] Filesystem: remove removed notify-action from metadata + +--- + heartbeat/Filesystem | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index 780ba63a4..c46ec3cca 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -221,7 +221,6 @@ block if unresponsive nfs mounts are in use on the system. + + + +- + + + diff --git a/SOURCES/bz1718219-podman-1-avoid-double-inspect-call.patch b/SOURCES/bz1718219-podman-1-avoid-double-inspect-call.patch new file mode 100644 index 0000000..5aeada6 --- /dev/null +++ b/SOURCES/bz1718219-podman-1-avoid-double-inspect-call.patch @@ -0,0 +1,46 @@ +From d8400a30604229d349f36855c30a6a438204023b Mon Sep 17 00:00:00 2001 +From: Michele Baldessari +Date: Wed, 12 Jun 2019 11:29:17 +0200 +Subject: [PATCH] Avoid double call to podman inspect in podman_simple_status() + +Right now podman_simple_status() does the following: +- It calls container_exists() which then calls "podman inspect --format {{.State.Running}} $CONTAINER | egrep '(true|false)' >/dev/null 2>&1" +- Then it calls "podman inspect --format {{.State.Running}} $CONTAINER 2>/dev/null" + +This duplication is unnecessary and we can rely on the second podman inspect +call. We need to do this because podman inspect calls are very expensive as +soon as moderate I/O kicks in. + +Tested as follows: +1) Injected the change on an existing bundle-based cluster +2) Observed that monitoring operations kept working okay +3) Verified by adding set -x that only a single podman inspect per monitor + operation was called (as opposed to two before) +4) Restarted a bundle with an OCF resource inside correctly +5) Did a podman stop of a bundle and correctly observed that: +5.a) It was detected as non running: +* haproxy-bundle-podman-1_monitor_60000 on controller-0 'not running' (7): call=192, status=complete, exitreason='', + last-rc-change='Wed Jun 12 09:22:18 2019', queued=0ms, exec=0ms +5.b) It was correctly started afterwards + +Signed-off-by: Michele Baldessari +--- + heartbeat/podman | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/heartbeat/podman b/heartbeat/podman +index 34e11da6b..b2b3081f9 100755 +--- a/heartbeat/podman ++++ b/heartbeat/podman +@@ -238,11 +238,6 @@ podman_simple_status() + { + local val + +- container_exists +- if [ $? -ne 0 ]; then +- return $OCF_NOT_RUNNING +- fi +- + # retrieve the 'Running' attribute for the container + val=$(podman inspect --format {{.State.Running}} $CONTAINER 2>/dev/null) + if [ $? -ne 0 ]; then diff --git a/SOURCES/bz1718219-podman-2-improve-monitor-action.patch b/SOURCES/bz1718219-podman-2-improve-monitor-action.patch new file mode 100644 index 0000000..1537139 --- /dev/null +++ b/SOURCES/bz1718219-podman-2-improve-monitor-action.patch @@ -0,0 +1,63 @@ +From 9685e8e6bf2896377a9cf0e07a85de5dd5fcf2df Mon Sep 17 00:00:00 2001 +From: Michele Baldessari +Date: Wed, 12 Jun 2019 12:00:31 +0200 +Subject: [PATCH] Simplify podman_monitor() + +Before this change podman_monitor() does two things: +\-> podman_simple_status() + \-> podman inspect {{.State.Running}} +\-> if podman_simple_status == 0 then monitor_cmd_exec() + \-> if [ -z "$OCF_RESKEY_monitor_cmd" ]; then # so if OCF_RESKEY_monitor_cmd is empty we just return SUCCESS + return $rc + fi + # if OCF_RESKEY_monitor_cmd is set to something we execute it + podman exec ${CONTAINER} $OCF_RESKEY_monitor_cmd + +Let's actually only rely on podman exec as invoked inside monitor_cmd_exec +when $OCF_RESKEY_monitor_cmd is non empty (which is the default as it is set to "/bin/true"). +When there is no monitor_cmd command defined then it makes sense to rely on podman inspect +calls container in podman_simple_status(). + +Tested as follows: +1) Injected the change on an existing bundle-based cluster +2) Observed that monitoring operations kept working okay +3) Restarted rabbitmq-bundle and galera-bundle successfully +4) Killed a container and we correctly detected the monitor failure +Jun 12 09:52:12 controller-0 pacemaker-controld[25747]: notice: controller-0-haproxy-bundle-podman-1_monitor_60000:230 [ ocf-exit-reason:monitor cmd failed (rc=125), output: cannot exec into container that is not running\n ] +5) Container correctly got restarted after the monitor failure: + haproxy-bundle-podman-1 (ocf::heartbeat:podman): Started controller-0 +6) Stopped and removed a container and pcmk detected it correctly: +Jun 12 09:55:15 controller-0 podman(haproxy-bundle-podman-1)[841411]: ERROR: monitor cmd failed (rc=125), output: unable to exec into haproxy-bundle-podman-1: no container with name or ID haproxy-bundle-podman-1 found: no such container +Jun 12 09:55:15 controller-0 pacemaker-execd[25744]: notice: haproxy-bundle-podman-1_monitor_60000:841411:stderr [ ocf-exit-reason:monitor cmd failed (rc=125), output: unable to exec into haproxy-bundle-podman-1: no container with name or ID haproxy-bundle-podman-1 found: no such container ] +7) pcmk was able to start the container that was stopped and removed: +Jun 12 09:55:16 controller-0 pacemaker-controld[25747]: notice: Result of start operation for haproxy-bundle-podman-1 on controller-0: 0 (ok) +8) Added 'set -x' to the RA and correctly observed that no 'podman inspect' has been invoked during monitoring operations + +Signed-off-by: Michele Baldessari +--- + heartbeat/podman | 11 +++-------- + 1 file changed, 3 insertions(+), 8 deletions(-) + +diff --git a/heartbeat/podman b/heartbeat/podman +index b2b3081f9..a9bd57dea 100755 +--- a/heartbeat/podman ++++ b/heartbeat/podman +@@ -255,15 +255,10 @@ podman_simple_status() + + podman_monitor() + { +- local rc=0 +- +- podman_simple_status +- rc=$? +- +- if [ $rc -ne 0 ]; then +- return $rc ++ if [ -z "$OCF_RESKEY_monitor_cmd" ]; then ++ podman_simple_status ++ return $? + fi +- + monitor_cmd_exec + } + diff --git a/SOURCES/bz1718219-podman-3-remove-docker-remnant.patch b/SOURCES/bz1718219-podman-3-remove-docker-remnant.patch new file mode 100644 index 0000000..56f7302 --- /dev/null +++ b/SOURCES/bz1718219-podman-3-remove-docker-remnant.patch @@ -0,0 +1,34 @@ +From 69c5d35a7a5421d4728db824558007bbb91a9d4a Mon Sep 17 00:00:00 2001 +From: Michele Baldessari +Date: Wed, 12 Jun 2019 12:02:06 +0200 +Subject: [PATCH] Remove unneeded podman exec --help call + +There are no podman releases that do not have the exec argument, so +let's just drop this remnant that came from the docker RA. + +Signed-off-by: Michele Baldessari +--- + heartbeat/podman | 10 ++-------- + 1 file changed, 2 insertions(+), 8 deletions(-) + +diff --git a/heartbeat/podman b/heartbeat/podman +index a9bd57dea..858023555 100755 +--- a/heartbeat/podman ++++ b/heartbeat/podman +@@ -190,14 +190,8 @@ monitor_cmd_exec() + return $rc + fi + +- if podman exec --help >/dev/null 2>&1; then +- out=$(podman exec ${CONTAINER} $OCF_RESKEY_monitor_cmd 2>&1) +- rc=$? +- else +- out=$(echo "$OCF_RESKEY_monitor_cmd" | nsenter --target $(podman inspect --format {{.State.Pid}} ${CONTAINER}) --mount --uts --ipc --net --pid 2>&1) +- rc=$? +- fi +- ++ out=$(podman exec ${CONTAINER} $OCF_RESKEY_monitor_cmd 2>&1) ++ rc=$? + if [ $rc -eq 127 ]; then + ocf_log err "monitor cmd failed (rc=$rc), output: $out" + ocf_exit_reason "monitor_cmd, ${OCF_RESKEY_monitor_cmd} , not found within container." diff --git a/SOURCES/bz1718219-podman-4-use-exec-to-avoid-performance-issues.patch b/SOURCES/bz1718219-podman-4-use-exec-to-avoid-performance-issues.patch new file mode 100644 index 0000000..351207f --- /dev/null +++ b/SOURCES/bz1718219-podman-4-use-exec-to-avoid-performance-issues.patch @@ -0,0 +1,161 @@ +From 6016283dfdcb45bf750f96715fc653a4c0904bca Mon Sep 17 00:00:00 2001 +From: Damien Ciabrini +Date: Fri, 28 Jun 2019 13:34:40 +0200 +Subject: [PATCH] podman: only use exec to manage container's lifecycle + +Under heavy IO load, podman may be impacted and take a long time +to execute some actions. If that takes more than the default +20s container monitoring timeout, containers will restart unexpectedly. + +Replace all IO-sensitive podman calls (inspect, exists...) by +equivalent "podman exec" calls, because the latter command seems +less prone to performance degradation under IO load. + +With this commit, the resource agent now requires podman 1.0.2+, +because it relies on of two different patches [1,2] that improve +IO performance and enable to distinguish "container stopped" +"container doesn't exist" error codes. + +Tested on an OpenStack environment with podman 1.0.2, with the +following scenario: + . regular start/stop/monitor operations + . probe operations (pcs resource cleanup/refresh) + . unmanage/manage operations + . reboot + +[1] https://github.com/containers/libpod/commit/90b835db69d589de559462d988cb3fae5cf1ef49 +[2] https://github.com/containers/libpod/commit/a19975f96d2ee7efe186d9aa0be42285cfafa3f4 +--- + heartbeat/podman | 75 ++++++++++++++++++++++++------------------------ + 1 file changed, 37 insertions(+), 38 deletions(-) + +diff --git a/heartbeat/podman b/heartbeat/podman +index 51f6ba883..8fc2c4695 100755 +--- a/heartbeat/podman ++++ b/heartbeat/podman +@@ -129,9 +129,6 @@ the health of the container. This command must return 0 to indicate that + the container is healthy. A non-zero return code will indicate that the + container has failed and should be recovered. + +-If 'podman exec' is supported, it is used to execute the command. If not, +-nsenter is used. +- + Note: Using this method for monitoring processes inside a container + is not recommended, as containerd tries to track processes running + inside the container and does not deal well with many short-lived +@@ -192,17 +189,13 @@ monitor_cmd_exec() + local rc=$OCF_SUCCESS + local out + +- if [ -z "$OCF_RESKEY_monitor_cmd" ]; then +- return $rc +- fi +- + out=$(podman exec ${CONTAINER} $OCF_RESKEY_monitor_cmd 2>&1) + rc=$? +- if [ $rc -eq 127 ]; then +- ocf_log err "monitor cmd failed (rc=$rc), output: $out" +- ocf_exit_reason "monitor_cmd, ${OCF_RESKEY_monitor_cmd} , not found within container." +- # there is no recovering from this, exit immediately +- exit $OCF_ERR_ARGS ++ # 125: no container with name or ID ${CONTAINER} found ++ # 126: container state improper (not running) ++ # 127: any other error ++ if [ $rc -eq 125 ] || [ $rc -eq 126 ]; then ++ rc=$OCF_NOT_RUNNING + elif [ $rc -ne 0 ]; then + ocf_exit_reason "monitor cmd failed (rc=$rc), output: $out" + rc=$OCF_ERR_GENERIC +@@ -215,7 +208,16 @@ monitor_cmd_exec() + + container_exists() + { +- podman inspect --format {{.State.Running}} $CONTAINER | egrep '(true|false)' >/dev/null 2>&1 ++ local rc ++ local out ++ ++ out=$(podman exec ${CONTAINER} $OCF_RESKEY_monitor_cmd 2>&1) ++ rc=$? ++ # 125: no container with name or ID ${CONTAINER} found ++ if [ $rc -ne 125 ]; then ++ return 0 ++ fi ++ return 1 + } + + remove_container() +@@ -236,30 +238,30 @@ remove_container() + + podman_simple_status() + { +- local val +- +- # retrieve the 'Running' attribute for the container +- val=$(podman inspect --format {{.State.Running}} $CONTAINER 2>/dev/null) +- if [ $? -ne 0 ]; then +- #not running as a result of container not being found +- return $OCF_NOT_RUNNING +- fi ++ local rc + +- if ocf_is_true "$val"; then +- # container exists and is running +- return $OCF_SUCCESS ++ # simple status is implemented via podman exec ++ # everything besides success is considered "not running" ++ monitor_cmd_exec ++ rc=$? ++ if [ $rc -ne $OCF_SUCCESS ]; then ++ rc=$OCF_NOT_RUNNING; + fi +- +- return $OCF_NOT_RUNNING ++ return $rc + } + + podman_monitor() + { +- if [ -z "$OCF_RESKEY_monitor_cmd" ]; then +- podman_simple_status +- return $? +- fi ++ # We rely on running podman exec to monitor the container ++ # state because that command seems to be less prone to ++ # performance issue under IO load. ++ # ++ # For probes to work, we expect cmd_exec to be able to report ++ # when a container is not running. Here, we're not interested ++ # in distinguishing whether it's stopped or non existing ++ # (there's function container_exists for that) + monitor_cmd_exec ++ return $? + } + + podman_create_mounts() { +@@ -416,14 +418,6 @@ podman_validate() + exit $OCF_ERR_CONFIGURED + fi + +- if [ -n "$OCF_RESKEY_monitor_cmd" ]; then +- podman exec --help >/dev/null 2>&1 +- if [ ! $? ]; then +- ocf_log info "checking for nsenter, which is required when 'monitor_cmd' is specified" +- check_binary nsenter +- fi +- fi +- + image_exists + if [ $? -ne 0 ]; then + ocf_exit_reason "base image, ${OCF_RESKEY_image}, could not be found." +@@ -457,6 +451,11 @@ fi + + CONTAINER=$OCF_RESKEY_name + ++# Note: we currently monitor podman containers by with the "podman exec" ++# command, so make sure that invocation is always valid by enforcing the ++# exec command to be non-empty ++: ${OCF_RESKEY_monitor_cmd:=/bin/true} ++ + case $__OCF_ACTION in + meta-data) meta_data + exit $OCF_SUCCESS;; diff --git a/SOURCES/bz1719684-dhcpd-keep-SELinux-context-chroot.patch b/SOURCES/bz1719684-dhcpd-keep-SELinux-context-chroot.patch new file mode 100644 index 0000000..82a46c1 --- /dev/null +++ b/SOURCES/bz1719684-dhcpd-keep-SELinux-context-chroot.patch @@ -0,0 +1,28 @@ +From c8c073ed81884128b0b3955fb0b0bd23661044a2 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Wed, 12 Jun 2019 12:45:08 +0200 +Subject: [PATCH] dhcpd: keep SELinux context + +--- + heartbeat/dhcpd | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/dhcpd b/heartbeat/dhcpd +index 8b2d8b695..46027b39b 100755 +--- a/heartbeat/dhcpd ++++ b/heartbeat/dhcpd +@@ -337,12 +337,12 @@ dhcpd_initialize_chroot() { + done | sort -u` + for i in $cplibs ; do + if [ -s "$i" ]; then +- cp -pL "$i" "${OCF_RESKEY_chrooted_path}/$libdir/" || ++ cp -aL "$i" "${OCF_RESKEY_chrooted_path}/$libdir/" || + { ocf_exit_reason "could not copy $i to chroot jail"; return $OCF_ERR_GENERIC; } + fi + done + +- return $OCF_SUCCESS ++ return $OCF_SUCCESS + } + + # Initialize a non-chroot environment diff --git a/SOURCES/bz1730455-LVM-activate-fix-monitor-hang.patch b/SOURCES/bz1730455-LVM-activate-fix-monitor-hang.patch new file mode 100644 index 0000000..fe1bcd8 --- /dev/null +++ b/SOURCES/bz1730455-LVM-activate-fix-monitor-hang.patch @@ -0,0 +1,22 @@ +From ef37f8a2461b5763f4510d51e08d27d8b1f76937 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 23 Jul 2019 15:47:17 +0200 +Subject: [PATCH] LVM-activate: fix monitor might hang due to lvm_validate + which was added by accident + +--- + heartbeat/LVM-activate | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/heartbeat/LVM-activate b/heartbeat/LVM-activate +index 9c7c721bf..3df40c894 100755 +--- a/heartbeat/LVM-activate ++++ b/heartbeat/LVM-activate +@@ -852,7 +852,6 @@ stop) + lvm_stop + ;; + monitor) +- lvm_validate + lvm_status + ;; + validate-all) diff --git a/SOURCES/bz1732867-CTDB-1-explicitly-use-bash-shell.patch b/SOURCES/bz1732867-CTDB-1-explicitly-use-bash-shell.patch new file mode 100644 index 0000000..cb13c0a --- /dev/null +++ b/SOURCES/bz1732867-CTDB-1-explicitly-use-bash-shell.patch @@ -0,0 +1,39 @@ +From 1ff4ce7cbe58b5309f00ac1bbe124c562b6dcaf6 Mon Sep 17 00:00:00 2001 +From: David Disseldorp +Date: Fri, 27 Jul 2018 16:02:26 +0200 +Subject: [PATCH] CTDB: explicitly use bash shell + +Upcoming recovery lock substring processing is bash specific. + +Signed-off-by: David Disseldorp +--- + configure.ac | 1 + + heartbeat/{CTDB => CTDB.in} | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + rename heartbeat/{CTDB => CTDB.in} (99%) + +diff --git a/configure.ac b/configure.ac +index 039b4942c..10f5314da 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -978,6 +978,7 @@ AC_CONFIG_FILES([heartbeat/slapd], [chmod +x heartbeat/slapd]) + AC_CONFIG_FILES([heartbeat/sybaseASE], [chmod +x heartbeat/sybaseASE]) + AC_CONFIG_FILES([heartbeat/syslog-ng], [chmod +x heartbeat/syslog-ng]) + AC_CONFIG_FILES([heartbeat/vsftpd], [chmod +x heartbeat/vsftpd]) ++AC_CONFIG_FILES([heartbeat/CTDB], [chmod +x heartbeat/CTDB]) + AC_CONFIG_FILES([rgmanager/src/resources/ASEHAagent.sh], [chmod +x rgmanager/src/resources/ASEHAagent.sh]) + AC_CONFIG_FILES([rgmanager/src/resources/apache.sh], [chmod +x rgmanager/src/resources/apache.sh]) + AC_CONFIG_FILES([rgmanager/src/resources/bind-mount.sh], [chmod +x rgmanager/src/resources/bind-mount.sh]) +diff --git a/heartbeat/CTDB b/heartbeat/CTDB.in +similarity index 99% +rename from heartbeat/CTDB +rename to heartbeat/CTDB.in +index 28e58cea0..7d87a4ef7 100755 +--- a/heartbeat/CTDB ++++ b/heartbeat/CTDB.in +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!@BASH_SHELL@ + # + # OCF Resource Agent for managing CTDB + # diff --git a/SOURCES/bz1732867-CTDB-2-add-ctdb_max_open_files-parameter.patch b/SOURCES/bz1732867-CTDB-2-add-ctdb_max_open_files-parameter.patch new file mode 100644 index 0000000..c30bfee --- /dev/null +++ b/SOURCES/bz1732867-CTDB-2-add-ctdb_max_open_files-parameter.patch @@ -0,0 +1,40 @@ +From 61f7cb5954d1727f58fab6d642a124ef342c8641 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Wed, 20 Feb 2019 11:24:28 +0100 +Subject: [PATCH] CTDB: add ctdb_max_open_files parameter + +--- + heartbeat/CTDB.in | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in +index 0d58c850a..bbf8ef627 100755 +--- a/heartbeat/CTDB.in ++++ b/heartbeat/CTDB.in +@@ -288,6 +288,14 @@ What debug level to run at (0-10). Higher means more verbose. + + + ++ ++ ++Maximum number of open files (for ulimit -n) ++ ++Max open files ++ ++ ++ + + + Path to default samba config file. Only necessary if CTDB +@@ -611,6 +619,11 @@ ctdb_start() { + start_as_disabled="--start-as-disabled" + ocf_is_true "$OCF_RESKEY_ctdb_start_as_disabled" || start_as_disabled="" + ++ # set nofile ulimit for ctdbd process ++ if [ -n "$OCF_RESKEY_ctdb_max_open_files" ]; then ++ ulimit -n "$OCF_RESKEY_ctdb_max_open_files" ++ fi ++ + # Start her up + "$OCF_RESKEY_ctdbd_binary" \ + --reclock="$OCF_RESKEY_ctdb_recovery_lock" \ diff --git a/SOURCES/bz1732867-CTDB-3-fixes.patch b/SOURCES/bz1732867-CTDB-3-fixes.patch new file mode 100644 index 0000000..813bf81 --- /dev/null +++ b/SOURCES/bz1732867-CTDB-3-fixes.patch @@ -0,0 +1,131 @@ +From 8c61f2019d11781b737251b5cf839437b25fc53f Mon Sep 17 00:00:00 2001 +From: David Disseldorp +Date: Wed, 25 Jul 2018 23:15:10 +0200 +Subject: [PATCH 1/3] CTDB: fix incorrect db corruption reports (bsc#1101668) + +If a database was disconnected during an active transaction, then +tdbdump may fail with e.g.: +> /usr/bin/tdbdump /var/lib/ctdb/persistent/secrets.tdb.1 +Failed to open /var/lib/ctdb/persistent/secrets.tdb.1 +tdb(/var/lib/ctdb/persistent/secrets.tdb.1): FATAL: +tdb_transaction_recover: attempt to recover read only database + +This does *not* indicate corruption, only that tdbdump, which opens the +database readonly, isn't able to perform recovery. + +Using tdbtool check, instead of tdbdump, passes: +> tdbtool /var/lib/ctdb/persistent/secrets.tdb.1 check +tdb_transaction_recover: recovered 2146304 byte database +Database integrity is OK and has 2 records. + +Drop the tdbdump checks, and instead rely on the core ctdb event script, +which performs the same checks with tdbtool. + +Signed-off-by: David Disseldorp +--- + heartbeat/CTDB.in | 18 ++++-------------- + 1 file changed, 4 insertions(+), 14 deletions(-) + +diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in +index 1456ea32b..28e58cea0 100755 +--- a/heartbeat/CTDB.in ++++ b/heartbeat/CTDB.in +@@ -392,6 +392,8 @@ enable_event_scripts() { + local event_dir + event_dir=$OCF_RESKEY_ctdb_config_dir/events.d + ++ chmod u+x "$event_dir/00.ctdb" # core database health check ++ + if [ -f "${OCF_RESKEY_ctdb_config_dir}/public_addresses" ]; then + chmod u+x "$event_dir/10.interface" + else +@@ -563,17 +565,6 @@ ctdb_start() { + rv=$? + [ $rv -ne 0 ] && return $rv + +- # Die if databases are corrupted +- persistent_db_dir="${OCF_RESKEY_ctdb_dbdir}/persistent" +- mkdir -p $persistent_db_dir 2>/dev/null +- for pdbase in $persistent_db_dir/*.tdb.[0-9]; do +- [ -f "$pdbase" ] || break +- /usr/bin/tdbdump "$pdbase" >/dev/null 2>/dev/null || { +- ocf_exit_reason "Persistent database $pdbase is corrupted! CTDB will not start." +- return $OCF_ERR_GENERIC +- } +- done +- + # Add necessary configuration to smb.conf + init_smb_conf + if [ $? -ne 0 ]; then +@@ -737,9 +728,8 @@ ctdb_monitor() { + + + ctdb_validate() { +- # Required binaries (full path to tdbdump is intentional, as that's +- # what's used in ctdb_start, which was lifted from the init script) +- for binary in pkill /usr/bin/tdbdump; do ++ # Required binaries ++ for binary in pkill; do + check_binary $binary + done + + +From 1ff4ce7cbe58b5309f00ac1bbe124c562b6dcaf6 Mon Sep 17 00:00:00 2001 +From: David Disseldorp +Date: Fri, 27 Jul 2018 16:02:26 +0200 +Subject: [PATCH 2/3] CTDB: explicitly use bash shell + +Upcoming recovery lock substring processing is bash specific. + +Signed-off-by: David Disseldorp +--- + configure.ac | 1 + + heartbeat/CTDB.in | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in +index 7d87a4ef7..f9b5c564f 100755 +--- a/heartbeat/CTDB.in ++++ b/heartbeat/CTDB.in +@@ -134,8 +134,8 @@ For more information see http://linux-ha.org/wiki/CTDB_(resource_agent) + + + +-The location of a shared lock file, common across all nodes. +-This must be on shared storage, e.g.: /shared-fs/samba/ctdb.lock ++The location of a shared lock file or helper binary, common across all nodes. ++See CTDB documentation for details. + + CTDB shared lock file + +@@ -757,13 +757,24 @@ ctdb_validate() { + return $OCF_ERR_CONFIGURED + fi + +- lock_dir=$(dirname "$OCF_RESKEY_ctdb_recovery_lock") +- touch "$lock_dir/$$" 2>/dev/null +- if [ $? != 0 ]; then +- ocf_exit_reason "Directory for lock file '$OCF_RESKEY_ctdb_recovery_lock' does not exist, or is not writable." +- return $OCF_ERR_ARGS ++ if [ "${OCF_RESKEY_ctdb_recovery_lock:0:1}" == '!' ]; then ++ # '!' prefix means recovery lock is handled via a helper binary ++ binary="${OCF_RESKEY_ctdb_recovery_lock:1}" ++ binary="${binary%% *}" # trim any parameters ++ if [ -z "$binary" ]; then ++ ocf_exit_reason "ctdb_recovery_lock invalid helper" ++ return $OCF_ERR_CONFIGURED ++ fi ++ check_binary "${binary}" ++ else ++ lock_dir=$(dirname "$OCF_RESKEY_ctdb_recovery_lock") ++ touch "$lock_dir/$$" 2>/dev/null ++ if [ $? != 0 ]; then ++ ocf_exit_reason "Directory for lock file '$OCF_RESKEY_ctdb_recovery_lock' does not exist, or is not writable." ++ return $OCF_ERR_ARGS ++ fi ++ rm "$lock_dir/$$" + fi +- rm "$lock_dir/$$" + + return $OCF_SUCCESS + } diff --git a/SOURCES/bz1732867-CTDB-4-add-v4.9-support.patch b/SOURCES/bz1732867-CTDB-4-add-v4.9-support.patch new file mode 100644 index 0000000..a3332ef --- /dev/null +++ b/SOURCES/bz1732867-CTDB-4-add-v4.9-support.patch @@ -0,0 +1,452 @@ +From 30b9f55325d2acfba27aa6859c7360e10b7201d7 Mon Sep 17 00:00:00 2001 +From: David Disseldorp +Date: Wed, 5 Jun 2019 00:41:13 +0200 +Subject: [PATCH 1/3] CTDB: support Samba 4.9+ + +With Samba 4.9+, all ctdbd parameters have moved to config files. +Generate a new /etc/ctdb/ctdb.conf file during ctdb startup, based on RA +configuration. + +Event scripts in Samba 4.9+ are also no longer enabled/disabled based on +file mode. Use the "ctdb event script enable/disable" helpers, which now +work without a running ctdbd. + +Fixes: https://github.com/ClusterLabs/resource-agents/issues/1196 +Signed-off-by: David Disseldorp +Signed-off-by: Noel Power +Signed-off-by: Amitay Isaacs +--- + heartbeat/CTDB.in | 214 ++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 167 insertions(+), 47 deletions(-) + +diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in +index 4dd646896..79a2f97e7 100755 +--- a/heartbeat/CTDB.in ++++ b/heartbeat/CTDB.in +@@ -143,6 +143,10 @@ OCF_RESKEY_smb_fileid_algorithm_default="" + + ####################################################################### + ++ctdb_version() { ++ $OCF_RESKEY_ctdb_binary version | awk '{print $NF}' | sed "s/[-\.]\?[[:alpha:]].*//" ++} ++ + meta_data() { + cat < +@@ -256,7 +260,7 @@ host any public ip addresses. + + The directory containing various CTDB configuration files. + The "nodes" and "notify.sh" scripts are expected to be +-in this directory, as is the "events.d" subdirectory. ++in this directory. + + CTDB config file directory + +@@ -282,8 +286,10 @@ Full path to the CTDB cluster daemon binary. + + Full path to the domain socket that ctdbd will create, used for + local clients to attach and communicate with the ctdb daemon. ++With CTDB 4.9.0 and later the socket path is hardcoded at build ++time, so this parameter is ignored. + +-CTDB socket location ++CTDB socket location (ignored with CTDB 4.9+) + + + +@@ -421,16 +427,28 @@ invoke_ctdb() { + timeout=$((OCF_RESKEY_CRM_meta_timeout/1000)) + timelimit=$((OCF_RESKEY_CRM_meta_timeout/1000)) + fi +- $OCF_RESKEY_ctdb_binary --socket="$OCF_RESKEY_ctdb_socket" \ +- -t $timeout -T $timelimit \ +- "$@" ++ ++ local vers=$(ctdb_version) ++ ocf_version_cmp "$vers" "4.9.0" ++ ++ # if version < 4.9.0 specify '--socket' otherwise it's ++ # a compiled option ++ if [ "$?" -eq "0" ]; then ++ $OCF_RESKEY_ctdb_binary --socket="$OCF_RESKEY_ctdb_socket" \ ++ -t $timeout -T $timelimit \ ++ "$@" ++ else ++ $OCF_RESKEY_ctdb_binary \ ++ -t $timeout -T $timelimit \ ++ "$@" ++ fi + } + + # Enable any event scripts that are explicitly required. + # Any others will ultimately be invoked or not based on how they ship + # with CTDB, but will generally have no effect, beacuase the relevant + # CTDB_MANAGES_* options won't be set in /etc/sysconfig/ctdb. +-enable_event_scripts() { ++enable_event_scripts_chmod() { + local event_dir + event_dir=$OCF_RESKEY_ctdb_config_dir/events.d + +@@ -454,6 +472,36 @@ enable_event_scripts() { + fi + } + ++enable_event_scripts_symlink() { ++ # event scripts are symlinked once enabled, with the link source in... ++ mkdir -p "$OCF_RESKEY_ctdb_config_dir/events/legacy" 2>/dev/null ++ ++ invoke_ctdb event script enable legacy 00.ctdb ++ ++ if [ -f "${OCF_RESKEY_ctdb_config_dir}/public_addresses" ]; then ++ invoke_ctdb event script enable legacy 10.interface ++ else ++ invoke_ctdb event script disable legacy 10.interface ++ fi ++ if [ -f "${OCF_RESKEY_ctdb_config_dir}/static-routes" ]; then ++ invoke_ctdb event script enable legacy 11.routing ++ else ++ invoke_ctdb event script disable legacy 11.routing ++ fi ++ ++ if ocf_is_true "$OCF_RESKEY_ctdb_manages_winbind"; then ++ invoke_ctdb event script enable legacy 49.winbind ++ else ++ invoke_ctdb event script disable legacy 49.winbind ++ fi ++ ++ if ocf_is_true "$OCF_RESKEY_ctdb_manages_samba"; then ++ invoke_ctdb event script enable legacy 50.samba ++ else ++ invoke_ctdb event script disable legacy 50.samba ++ fi ++} ++ + # This function has no effect (currently no way to set CTDB_SET_*) + # but remains here in case we need it in future. + set_ctdb_variables() { +@@ -556,6 +604,46 @@ append_ctdb_sysconfig() { + [ -n "$2" ] && echo "$1=$2" >> "$CTDB_SYSCONFIG" + } + ++generate_ctdb_config() { ++ local ctdb_config="$OCF_RESKEY_ctdb_config_dir/ctdb.conf" ++ ++ # Backup existing config if we're not already using an auto-generated one ++ grep -qa '# CTDB-RA: Auto-generated' $ctdb_config || cp -p $ctdb_config ${ctdb_config}.ctdb-ra-orig ++ if [ $? -ne 0 ]; then ++ ocf_log warn "Unable to backup $ctdb_config to ${ctdb_config}.ctdb-ra-orig" ++ fi ++ ++ local log_option="file:$OCF_RESKEY_ctdb_logfile" ++ if [ "$OCF_RESKEY_ctdb_logfile" = "syslog" ]; then ++ log_option="syslog" ++ fi ++ ++ local start_as_disabled="false" ++ ocf_is_true "$OCF_RESKEY_ctdb_start_as_disabled" && start_as_disabled="true" ++ ++ local dbdir_volatile="$OCF_RESKEY_ctdb_dbdir/volatile" ++ [ -d "$dbdir_volatile" ] || mkdir -p "$dbdir_volatile" 2>/dev/null ++ local dbdir_persistent="$OCF_RESKEY_ctdb_dbdir/persistent" ++ [ -d "$dbdir_persistent" ] || mkdir -p "$dbdir_persistent" 2>/dev/null ++ local dbdir_state="$OCF_RESKEY_ctdb_dbdir/state" ++ [ -d "$dbdir_state" ] || mkdir -p "$dbdir_state" 2>/dev/null ++ ++cat >$ctdb_config </dev/null + +- # public addresses file (should not be present, but need to set for correctness if it is) +- local pub_addr_option +- pub_addr_option="" +- [ -f "${OCF_RESKEY_ctdb_config_dir}/public_addresses" ] && \ +- pub_addr_option="--public-addresses=${OCF_RESKEY_ctdb_config_dir}/public_addresses" +- # start as disabled +- local start_as_disabled +- start_as_disabled="--start-as-disabled" +- ocf_is_true "$OCF_RESKEY_ctdb_start_as_disabled" || start_as_disabled="" +- + # set nofile ulimit for ctdbd process + if [ -n "$OCF_RESKEY_ctdb_max_open_files" ]; then + ulimit -n "$OCF_RESKEY_ctdb_max_open_files" + fi + + # Start her up +- "$OCF_RESKEY_ctdbd_binary" \ +- --reclock="$OCF_RESKEY_ctdb_recovery_lock" \ +- --nlist="$OCF_RESKEY_ctdb_config_dir/nodes" \ +- --socket="$OCF_RESKEY_ctdb_socket" \ +- --dbdir="$OCF_RESKEY_ctdb_dbdir" \ +- --dbdir-persistent="$OCF_RESKEY_ctdb_dbdir/persistent" \ +- --event-script-dir="$OCF_RESKEY_ctdb_config_dir/events.d" \ +- --notification-script="$OCF_RESKEY_ctdb_config_dir/notify.sh" \ +- --transport=tcp \ +- $start_as_disabled $log_option $pub_addr_option \ +- -d "$OCF_RESKEY_ctdb_debuglevel" ++ invoke_ctdbd "$version" ++ + if [ $? -ne 0 ]; then + # cleanup smb.conf + cleanup_smb_conf +@@ -688,7 +808,7 @@ ctdb_start() { + if [ $? -ne 0 ]; then + # CTDB will be running, kill it before returning + ctdb_stop +- ocf_exit_reason "Can't invoke $OCF_RESKEY_ctdb_binary --socket=$OCF_RESKEY_ctdb_socket status" ++ ocf_exit_reason "Can't invoke $OCF_RESKEY_ctdb_binary status" + return $OCF_ERR_GENERIC + fi + if ! echo "$status" | grep -qs 'UNHEALTHY (THIS'; then +@@ -725,7 +845,7 @@ ctdb_stop() { + [ $count -gt 10 ] && { + ocf_log info "killing ctdbd " + pkill -9 -f "$OCF_RESKEY_ctdbd_binary" +- pkill -9 -f "${OCF_RESKEY_ctdb_config_dir}/events.d/" ++ pkill -9 -f "${OCF_RESKEY_ctdb_config_dir}/events" + } + done + + +From b4753b7cb46045bb9e7ed5e3a0a20f6104264b12 Mon Sep 17 00:00:00 2001 +From: David Disseldorp +Date: Wed, 10 Jul 2019 17:11:50 +0200 +Subject: [PATCH 2/3] CTDB: generate script.options file for 4.9+ + +Event scripts in CTDB 4.9+ ignore sysconfig configuration and instead +parse parameters in ctdb_config_dir/script.options . + +Signed-off-by: David Disseldorp +--- + heartbeat/CTDB.in | 35 ++++++++++++++++++++++++++++++----- + 1 file changed, 30 insertions(+), 5 deletions(-) + +diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in +index 79a2f97e7..0906f3da9 100755 +--- a/heartbeat/CTDB.in ++++ b/heartbeat/CTDB.in +@@ -242,6 +242,7 @@ If the amount of free memory drops below this value the node will + become unhealthy and ctdb and all managed services will be shutdown. + Once this occurs, the administrator needs to find the reason for the + OOM situation, rectify it and restart ctdb with "service ctdb start". ++With CTDB 4.4.0 and later this parameter is ignored. + + Minimum amount of free memory (MB) + +@@ -600,8 +601,10 @@ cleanup_smb_conf() { + mv "$OCF_RESKEY_smb_conf.$$" "$OCF_RESKEY_smb_conf" + } + +-append_ctdb_sysconfig() { +- [ -n "$2" ] && echo "$1=$2" >> "$CTDB_SYSCONFIG" ++append_conf() { ++ local file_path="$1" ++ shift ++ [ -n "$2" ] && echo "$1=$2" >> "$file_path" + } + + generate_ctdb_config() { +@@ -644,6 +647,25 @@ cat >$ctdb_config <$script_options < +Date: Wed, 10 Jul 2019 17:54:01 +0200 +Subject: [PATCH 3/3] CTDB: drop sysconfig presence check during validate + +There are two reasons to avoid this check: +- for ctdb versions prior to 4.9.0, the sysconfig file is generated by + the resource agent start hook *after* ctdb_validate() is called. +- post 4.9.0 versions don't use the sysconfig file. + +Signed-off-by: David Disseldorp +--- + heartbeat/CTDB.in | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in +index 0906f3da9..15d78902e 100755 +--- a/heartbeat/CTDB.in ++++ b/heartbeat/CTDB.in +@@ -925,11 +925,6 @@ ctdb_validate() { + check_binary $binary + done + +- if [ -z "$CTDB_SYSCONFIG" ]; then +- ocf_exit_reason "Can't find CTDB config file (expecting /etc/sysconfig/ctdb, /etc/default/ctdb or similar)" +- return $OCF_ERR_INSTALLED +- fi +- + if ocf_is_true "$OCF_RESKEY_ctdb_manages_samba" && [ ! -f "$OCF_RESKEY_smb_conf" ]; then + ocf_exit_reason "Samba config file '$OCF_RESKEY_smb_conf' does not exist." + return $OCF_ERR_INSTALLED diff --git a/SOURCES/bz1734062-podman-1-avoid-double-inspect-call.patch b/SOURCES/bz1734062-podman-1-avoid-double-inspect-call.patch deleted file mode 100644 index 5aeada6..0000000 --- a/SOURCES/bz1734062-podman-1-avoid-double-inspect-call.patch +++ /dev/null @@ -1,46 +0,0 @@ -From d8400a30604229d349f36855c30a6a438204023b Mon Sep 17 00:00:00 2001 -From: Michele Baldessari -Date: Wed, 12 Jun 2019 11:29:17 +0200 -Subject: [PATCH] Avoid double call to podman inspect in podman_simple_status() - -Right now podman_simple_status() does the following: -- It calls container_exists() which then calls "podman inspect --format {{.State.Running}} $CONTAINER | egrep '(true|false)' >/dev/null 2>&1" -- Then it calls "podman inspect --format {{.State.Running}} $CONTAINER 2>/dev/null" - -This duplication is unnecessary and we can rely on the second podman inspect -call. We need to do this because podman inspect calls are very expensive as -soon as moderate I/O kicks in. - -Tested as follows: -1) Injected the change on an existing bundle-based cluster -2) Observed that monitoring operations kept working okay -3) Verified by adding set -x that only a single podman inspect per monitor - operation was called (as opposed to two before) -4) Restarted a bundle with an OCF resource inside correctly -5) Did a podman stop of a bundle and correctly observed that: -5.a) It was detected as non running: -* haproxy-bundle-podman-1_monitor_60000 on controller-0 'not running' (7): call=192, status=complete, exitreason='', - last-rc-change='Wed Jun 12 09:22:18 2019', queued=0ms, exec=0ms -5.b) It was correctly started afterwards - -Signed-off-by: Michele Baldessari ---- - heartbeat/podman | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/heartbeat/podman b/heartbeat/podman -index 34e11da6b..b2b3081f9 100755 ---- a/heartbeat/podman -+++ b/heartbeat/podman -@@ -238,11 +238,6 @@ podman_simple_status() - { - local val - -- container_exists -- if [ $? -ne 0 ]; then -- return $OCF_NOT_RUNNING -- fi -- - # retrieve the 'Running' attribute for the container - val=$(podman inspect --format {{.State.Running}} $CONTAINER 2>/dev/null) - if [ $? -ne 0 ]; then diff --git a/SOURCES/bz1734062-podman-2-improve-monitor-action.patch b/SOURCES/bz1734062-podman-2-improve-monitor-action.patch deleted file mode 100644 index 1537139..0000000 --- a/SOURCES/bz1734062-podman-2-improve-monitor-action.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 9685e8e6bf2896377a9cf0e07a85de5dd5fcf2df Mon Sep 17 00:00:00 2001 -From: Michele Baldessari -Date: Wed, 12 Jun 2019 12:00:31 +0200 -Subject: [PATCH] Simplify podman_monitor() - -Before this change podman_monitor() does two things: -\-> podman_simple_status() - \-> podman inspect {{.State.Running}} -\-> if podman_simple_status == 0 then monitor_cmd_exec() - \-> if [ -z "$OCF_RESKEY_monitor_cmd" ]; then # so if OCF_RESKEY_monitor_cmd is empty we just return SUCCESS - return $rc - fi - # if OCF_RESKEY_monitor_cmd is set to something we execute it - podman exec ${CONTAINER} $OCF_RESKEY_monitor_cmd - -Let's actually only rely on podman exec as invoked inside monitor_cmd_exec -when $OCF_RESKEY_monitor_cmd is non empty (which is the default as it is set to "/bin/true"). -When there is no monitor_cmd command defined then it makes sense to rely on podman inspect -calls container in podman_simple_status(). - -Tested as follows: -1) Injected the change on an existing bundle-based cluster -2) Observed that monitoring operations kept working okay -3) Restarted rabbitmq-bundle and galera-bundle successfully -4) Killed a container and we correctly detected the monitor failure -Jun 12 09:52:12 controller-0 pacemaker-controld[25747]: notice: controller-0-haproxy-bundle-podman-1_monitor_60000:230 [ ocf-exit-reason:monitor cmd failed (rc=125), output: cannot exec into container that is not running\n ] -5) Container correctly got restarted after the monitor failure: - haproxy-bundle-podman-1 (ocf::heartbeat:podman): Started controller-0 -6) Stopped and removed a container and pcmk detected it correctly: -Jun 12 09:55:15 controller-0 podman(haproxy-bundle-podman-1)[841411]: ERROR: monitor cmd failed (rc=125), output: unable to exec into haproxy-bundle-podman-1: no container with name or ID haproxy-bundle-podman-1 found: no such container -Jun 12 09:55:15 controller-0 pacemaker-execd[25744]: notice: haproxy-bundle-podman-1_monitor_60000:841411:stderr [ ocf-exit-reason:monitor cmd failed (rc=125), output: unable to exec into haproxy-bundle-podman-1: no container with name or ID haproxy-bundle-podman-1 found: no such container ] -7) pcmk was able to start the container that was stopped and removed: -Jun 12 09:55:16 controller-0 pacemaker-controld[25747]: notice: Result of start operation for haproxy-bundle-podman-1 on controller-0: 0 (ok) -8) Added 'set -x' to the RA and correctly observed that no 'podman inspect' has been invoked during monitoring operations - -Signed-off-by: Michele Baldessari ---- - heartbeat/podman | 11 +++-------- - 1 file changed, 3 insertions(+), 8 deletions(-) - -diff --git a/heartbeat/podman b/heartbeat/podman -index b2b3081f9..a9bd57dea 100755 ---- a/heartbeat/podman -+++ b/heartbeat/podman -@@ -255,15 +255,10 @@ podman_simple_status() - - podman_monitor() - { -- local rc=0 -- -- podman_simple_status -- rc=$? -- -- if [ $rc -ne 0 ]; then -- return $rc -+ if [ -z "$OCF_RESKEY_monitor_cmd" ]; then -+ podman_simple_status -+ return $? - fi -- - monitor_cmd_exec - } - diff --git a/SOURCES/bz1734062-podman-3-remove-docker-remnant.patch b/SOURCES/bz1734062-podman-3-remove-docker-remnant.patch deleted file mode 100644 index 56f7302..0000000 --- a/SOURCES/bz1734062-podman-3-remove-docker-remnant.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 69c5d35a7a5421d4728db824558007bbb91a9d4a Mon Sep 17 00:00:00 2001 -From: Michele Baldessari -Date: Wed, 12 Jun 2019 12:02:06 +0200 -Subject: [PATCH] Remove unneeded podman exec --help call - -There are no podman releases that do not have the exec argument, so -let's just drop this remnant that came from the docker RA. - -Signed-off-by: Michele Baldessari ---- - heartbeat/podman | 10 ++-------- - 1 file changed, 2 insertions(+), 8 deletions(-) - -diff --git a/heartbeat/podman b/heartbeat/podman -index a9bd57dea..858023555 100755 ---- a/heartbeat/podman -+++ b/heartbeat/podman -@@ -190,14 +190,8 @@ monitor_cmd_exec() - return $rc - fi - -- if podman exec --help >/dev/null 2>&1; then -- out=$(podman exec ${CONTAINER} $OCF_RESKEY_monitor_cmd 2>&1) -- rc=$? -- else -- out=$(echo "$OCF_RESKEY_monitor_cmd" | nsenter --target $(podman inspect --format {{.State.Pid}} ${CONTAINER}) --mount --uts --ipc --net --pid 2>&1) -- rc=$? -- fi -- -+ out=$(podman exec ${CONTAINER} $OCF_RESKEY_monitor_cmd 2>&1) -+ rc=$? - if [ $rc -eq 127 ]; then - ocf_log err "monitor cmd failed (rc=$rc), output: $out" - ocf_exit_reason "monitor_cmd, ${OCF_RESKEY_monitor_cmd} , not found within container." diff --git a/SOURCES/bz1734062-podman-4-use-exec-to-avoid-performance-issues.patch b/SOURCES/bz1734062-podman-4-use-exec-to-avoid-performance-issues.patch deleted file mode 100644 index 351207f..0000000 --- a/SOURCES/bz1734062-podman-4-use-exec-to-avoid-performance-issues.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 6016283dfdcb45bf750f96715fc653a4c0904bca Mon Sep 17 00:00:00 2001 -From: Damien Ciabrini -Date: Fri, 28 Jun 2019 13:34:40 +0200 -Subject: [PATCH] podman: only use exec to manage container's lifecycle - -Under heavy IO load, podman may be impacted and take a long time -to execute some actions. If that takes more than the default -20s container monitoring timeout, containers will restart unexpectedly. - -Replace all IO-sensitive podman calls (inspect, exists...) by -equivalent "podman exec" calls, because the latter command seems -less prone to performance degradation under IO load. - -With this commit, the resource agent now requires podman 1.0.2+, -because it relies on of two different patches [1,2] that improve -IO performance and enable to distinguish "container stopped" -"container doesn't exist" error codes. - -Tested on an OpenStack environment with podman 1.0.2, with the -following scenario: - . regular start/stop/monitor operations - . probe operations (pcs resource cleanup/refresh) - . unmanage/manage operations - . reboot - -[1] https://github.com/containers/libpod/commit/90b835db69d589de559462d988cb3fae5cf1ef49 -[2] https://github.com/containers/libpod/commit/a19975f96d2ee7efe186d9aa0be42285cfafa3f4 ---- - heartbeat/podman | 75 ++++++++++++++++++++++++------------------------ - 1 file changed, 37 insertions(+), 38 deletions(-) - -diff --git a/heartbeat/podman b/heartbeat/podman -index 51f6ba883..8fc2c4695 100755 ---- a/heartbeat/podman -+++ b/heartbeat/podman -@@ -129,9 +129,6 @@ the health of the container. This command must return 0 to indicate that - the container is healthy. A non-zero return code will indicate that the - container has failed and should be recovered. - --If 'podman exec' is supported, it is used to execute the command. If not, --nsenter is used. -- - Note: Using this method for monitoring processes inside a container - is not recommended, as containerd tries to track processes running - inside the container and does not deal well with many short-lived -@@ -192,17 +189,13 @@ monitor_cmd_exec() - local rc=$OCF_SUCCESS - local out - -- if [ -z "$OCF_RESKEY_monitor_cmd" ]; then -- return $rc -- fi -- - out=$(podman exec ${CONTAINER} $OCF_RESKEY_monitor_cmd 2>&1) - rc=$? -- if [ $rc -eq 127 ]; then -- ocf_log err "monitor cmd failed (rc=$rc), output: $out" -- ocf_exit_reason "monitor_cmd, ${OCF_RESKEY_monitor_cmd} , not found within container." -- # there is no recovering from this, exit immediately -- exit $OCF_ERR_ARGS -+ # 125: no container with name or ID ${CONTAINER} found -+ # 126: container state improper (not running) -+ # 127: any other error -+ if [ $rc -eq 125 ] || [ $rc -eq 126 ]; then -+ rc=$OCF_NOT_RUNNING - elif [ $rc -ne 0 ]; then - ocf_exit_reason "monitor cmd failed (rc=$rc), output: $out" - rc=$OCF_ERR_GENERIC -@@ -215,7 +208,16 @@ monitor_cmd_exec() - - container_exists() - { -- podman inspect --format {{.State.Running}} $CONTAINER | egrep '(true|false)' >/dev/null 2>&1 -+ local rc -+ local out -+ -+ out=$(podman exec ${CONTAINER} $OCF_RESKEY_monitor_cmd 2>&1) -+ rc=$? -+ # 125: no container with name or ID ${CONTAINER} found -+ if [ $rc -ne 125 ]; then -+ return 0 -+ fi -+ return 1 - } - - remove_container() -@@ -236,30 +238,30 @@ remove_container() - - podman_simple_status() - { -- local val -- -- # retrieve the 'Running' attribute for the container -- val=$(podman inspect --format {{.State.Running}} $CONTAINER 2>/dev/null) -- if [ $? -ne 0 ]; then -- #not running as a result of container not being found -- return $OCF_NOT_RUNNING -- fi -+ local rc - -- if ocf_is_true "$val"; then -- # container exists and is running -- return $OCF_SUCCESS -+ # simple status is implemented via podman exec -+ # everything besides success is considered "not running" -+ monitor_cmd_exec -+ rc=$? -+ if [ $rc -ne $OCF_SUCCESS ]; then -+ rc=$OCF_NOT_RUNNING; - fi -- -- return $OCF_NOT_RUNNING -+ return $rc - } - - podman_monitor() - { -- if [ -z "$OCF_RESKEY_monitor_cmd" ]; then -- podman_simple_status -- return $? -- fi -+ # We rely on running podman exec to monitor the container -+ # state because that command seems to be less prone to -+ # performance issue under IO load. -+ # -+ # For probes to work, we expect cmd_exec to be able to report -+ # when a container is not running. Here, we're not interested -+ # in distinguishing whether it's stopped or non existing -+ # (there's function container_exists for that) - monitor_cmd_exec -+ return $? - } - - podman_create_mounts() { -@@ -416,14 +418,6 @@ podman_validate() - exit $OCF_ERR_CONFIGURED - fi - -- if [ -n "$OCF_RESKEY_monitor_cmd" ]; then -- podman exec --help >/dev/null 2>&1 -- if [ ! $? ]; then -- ocf_log info "checking for nsenter, which is required when 'monitor_cmd' is specified" -- check_binary nsenter -- fi -- fi -- - image_exists - if [ $? -ne 0 ]; then - ocf_exit_reason "base image, ${OCF_RESKEY_image}, could not be found." -@@ -457,6 +451,11 @@ fi - - CONTAINER=$OCF_RESKEY_name - -+# Note: we currently monitor podman containers by with the "podman exec" -+# command, so make sure that invocation is always valid by enforcing the -+# exec command to be non-empty -+: ${OCF_RESKEY_monitor_cmd:=/bin/true} -+ - case $__OCF_ACTION in - meta-data) meta_data - exit $OCF_SUCCESS;; diff --git a/SOURCES/bz1734067-CTDB-1-explicitly-use-bash-shell.patch b/SOURCES/bz1734067-CTDB-1-explicitly-use-bash-shell.patch deleted file mode 100644 index cb13c0a..0000000 --- a/SOURCES/bz1734067-CTDB-1-explicitly-use-bash-shell.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 1ff4ce7cbe58b5309f00ac1bbe124c562b6dcaf6 Mon Sep 17 00:00:00 2001 -From: David Disseldorp -Date: Fri, 27 Jul 2018 16:02:26 +0200 -Subject: [PATCH] CTDB: explicitly use bash shell - -Upcoming recovery lock substring processing is bash specific. - -Signed-off-by: David Disseldorp ---- - configure.ac | 1 + - heartbeat/{CTDB => CTDB.in} | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - rename heartbeat/{CTDB => CTDB.in} (99%) - -diff --git a/configure.ac b/configure.ac -index 039b4942c..10f5314da 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -978,6 +978,7 @@ AC_CONFIG_FILES([heartbeat/slapd], [chmod +x heartbeat/slapd]) - AC_CONFIG_FILES([heartbeat/sybaseASE], [chmod +x heartbeat/sybaseASE]) - AC_CONFIG_FILES([heartbeat/syslog-ng], [chmod +x heartbeat/syslog-ng]) - AC_CONFIG_FILES([heartbeat/vsftpd], [chmod +x heartbeat/vsftpd]) -+AC_CONFIG_FILES([heartbeat/CTDB], [chmod +x heartbeat/CTDB]) - AC_CONFIG_FILES([rgmanager/src/resources/ASEHAagent.sh], [chmod +x rgmanager/src/resources/ASEHAagent.sh]) - AC_CONFIG_FILES([rgmanager/src/resources/apache.sh], [chmod +x rgmanager/src/resources/apache.sh]) - AC_CONFIG_FILES([rgmanager/src/resources/bind-mount.sh], [chmod +x rgmanager/src/resources/bind-mount.sh]) -diff --git a/heartbeat/CTDB b/heartbeat/CTDB.in -similarity index 99% -rename from heartbeat/CTDB -rename to heartbeat/CTDB.in -index 28e58cea0..7d87a4ef7 100755 ---- a/heartbeat/CTDB -+++ b/heartbeat/CTDB.in -@@ -1,4 +1,4 @@ --#!/bin/sh -+#!@BASH_SHELL@ - # - # OCF Resource Agent for managing CTDB - # diff --git a/SOURCES/bz1734067-CTDB-2-add-ctdb_max_open_files-parameter.patch b/SOURCES/bz1734067-CTDB-2-add-ctdb_max_open_files-parameter.patch deleted file mode 100644 index c30bfee..0000000 --- a/SOURCES/bz1734067-CTDB-2-add-ctdb_max_open_files-parameter.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 61f7cb5954d1727f58fab6d642a124ef342c8641 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Wed, 20 Feb 2019 11:24:28 +0100 -Subject: [PATCH] CTDB: add ctdb_max_open_files parameter - ---- - heartbeat/CTDB.in | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in -index 0d58c850a..bbf8ef627 100755 ---- a/heartbeat/CTDB.in -+++ b/heartbeat/CTDB.in -@@ -288,6 +288,14 @@ What debug level to run at (0-10). Higher means more verbose. - - - -+ -+ -+Maximum number of open files (for ulimit -n) -+ -+Max open files -+ -+ -+ - - - Path to default samba config file. Only necessary if CTDB -@@ -611,6 +619,11 @@ ctdb_start() { - start_as_disabled="--start-as-disabled" - ocf_is_true "$OCF_RESKEY_ctdb_start_as_disabled" || start_as_disabled="" - -+ # set nofile ulimit for ctdbd process -+ if [ -n "$OCF_RESKEY_ctdb_max_open_files" ]; then -+ ulimit -n "$OCF_RESKEY_ctdb_max_open_files" -+ fi -+ - # Start her up - "$OCF_RESKEY_ctdbd_binary" \ - --reclock="$OCF_RESKEY_ctdb_recovery_lock" \ diff --git a/SOURCES/bz1734067-CTDB-3-fixes.patch b/SOURCES/bz1734067-CTDB-3-fixes.patch deleted file mode 100644 index 813bf81..0000000 --- a/SOURCES/bz1734067-CTDB-3-fixes.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 8c61f2019d11781b737251b5cf839437b25fc53f Mon Sep 17 00:00:00 2001 -From: David Disseldorp -Date: Wed, 25 Jul 2018 23:15:10 +0200 -Subject: [PATCH 1/3] CTDB: fix incorrect db corruption reports (bsc#1101668) - -If a database was disconnected during an active transaction, then -tdbdump may fail with e.g.: -> /usr/bin/tdbdump /var/lib/ctdb/persistent/secrets.tdb.1 -Failed to open /var/lib/ctdb/persistent/secrets.tdb.1 -tdb(/var/lib/ctdb/persistent/secrets.tdb.1): FATAL: -tdb_transaction_recover: attempt to recover read only database - -This does *not* indicate corruption, only that tdbdump, which opens the -database readonly, isn't able to perform recovery. - -Using tdbtool check, instead of tdbdump, passes: -> tdbtool /var/lib/ctdb/persistent/secrets.tdb.1 check -tdb_transaction_recover: recovered 2146304 byte database -Database integrity is OK and has 2 records. - -Drop the tdbdump checks, and instead rely on the core ctdb event script, -which performs the same checks with tdbtool. - -Signed-off-by: David Disseldorp ---- - heartbeat/CTDB.in | 18 ++++-------------- - 1 file changed, 4 insertions(+), 14 deletions(-) - -diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in -index 1456ea32b..28e58cea0 100755 ---- a/heartbeat/CTDB.in -+++ b/heartbeat/CTDB.in -@@ -392,6 +392,8 @@ enable_event_scripts() { - local event_dir - event_dir=$OCF_RESKEY_ctdb_config_dir/events.d - -+ chmod u+x "$event_dir/00.ctdb" # core database health check -+ - if [ -f "${OCF_RESKEY_ctdb_config_dir}/public_addresses" ]; then - chmod u+x "$event_dir/10.interface" - else -@@ -563,17 +565,6 @@ ctdb_start() { - rv=$? - [ $rv -ne 0 ] && return $rv - -- # Die if databases are corrupted -- persistent_db_dir="${OCF_RESKEY_ctdb_dbdir}/persistent" -- mkdir -p $persistent_db_dir 2>/dev/null -- for pdbase in $persistent_db_dir/*.tdb.[0-9]; do -- [ -f "$pdbase" ] || break -- /usr/bin/tdbdump "$pdbase" >/dev/null 2>/dev/null || { -- ocf_exit_reason "Persistent database $pdbase is corrupted! CTDB will not start." -- return $OCF_ERR_GENERIC -- } -- done -- - # Add necessary configuration to smb.conf - init_smb_conf - if [ $? -ne 0 ]; then -@@ -737,9 +728,8 @@ ctdb_monitor() { - - - ctdb_validate() { -- # Required binaries (full path to tdbdump is intentional, as that's -- # what's used in ctdb_start, which was lifted from the init script) -- for binary in pkill /usr/bin/tdbdump; do -+ # Required binaries -+ for binary in pkill; do - check_binary $binary - done - - -From 1ff4ce7cbe58b5309f00ac1bbe124c562b6dcaf6 Mon Sep 17 00:00:00 2001 -From: David Disseldorp -Date: Fri, 27 Jul 2018 16:02:26 +0200 -Subject: [PATCH 2/3] CTDB: explicitly use bash shell - -Upcoming recovery lock substring processing is bash specific. - -Signed-off-by: David Disseldorp ---- - configure.ac | 1 + - heartbeat/CTDB.in | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in -index 7d87a4ef7..f9b5c564f 100755 ---- a/heartbeat/CTDB.in -+++ b/heartbeat/CTDB.in -@@ -134,8 +134,8 @@ For more information see http://linux-ha.org/wiki/CTDB_(resource_agent) - - - --The location of a shared lock file, common across all nodes. --This must be on shared storage, e.g.: /shared-fs/samba/ctdb.lock -+The location of a shared lock file or helper binary, common across all nodes. -+See CTDB documentation for details. - - CTDB shared lock file - -@@ -757,13 +757,24 @@ ctdb_validate() { - return $OCF_ERR_CONFIGURED - fi - -- lock_dir=$(dirname "$OCF_RESKEY_ctdb_recovery_lock") -- touch "$lock_dir/$$" 2>/dev/null -- if [ $? != 0 ]; then -- ocf_exit_reason "Directory for lock file '$OCF_RESKEY_ctdb_recovery_lock' does not exist, or is not writable." -- return $OCF_ERR_ARGS -+ if [ "${OCF_RESKEY_ctdb_recovery_lock:0:1}" == '!' ]; then -+ # '!' prefix means recovery lock is handled via a helper binary -+ binary="${OCF_RESKEY_ctdb_recovery_lock:1}" -+ binary="${binary%% *}" # trim any parameters -+ if [ -z "$binary" ]; then -+ ocf_exit_reason "ctdb_recovery_lock invalid helper" -+ return $OCF_ERR_CONFIGURED -+ fi -+ check_binary "${binary}" -+ else -+ lock_dir=$(dirname "$OCF_RESKEY_ctdb_recovery_lock") -+ touch "$lock_dir/$$" 2>/dev/null -+ if [ $? != 0 ]; then -+ ocf_exit_reason "Directory for lock file '$OCF_RESKEY_ctdb_recovery_lock' does not exist, or is not writable." -+ return $OCF_ERR_ARGS -+ fi -+ rm "$lock_dir/$$" - fi -- rm "$lock_dir/$$" - - return $OCF_SUCCESS - } diff --git a/SOURCES/bz1734067-CTDB-4-add-v4.9-support.patch b/SOURCES/bz1734067-CTDB-4-add-v4.9-support.patch deleted file mode 100644 index a3332ef..0000000 --- a/SOURCES/bz1734067-CTDB-4-add-v4.9-support.patch +++ /dev/null @@ -1,452 +0,0 @@ -From 30b9f55325d2acfba27aa6859c7360e10b7201d7 Mon Sep 17 00:00:00 2001 -From: David Disseldorp -Date: Wed, 5 Jun 2019 00:41:13 +0200 -Subject: [PATCH 1/3] CTDB: support Samba 4.9+ - -With Samba 4.9+, all ctdbd parameters have moved to config files. -Generate a new /etc/ctdb/ctdb.conf file during ctdb startup, based on RA -configuration. - -Event scripts in Samba 4.9+ are also no longer enabled/disabled based on -file mode. Use the "ctdb event script enable/disable" helpers, which now -work without a running ctdbd. - -Fixes: https://github.com/ClusterLabs/resource-agents/issues/1196 -Signed-off-by: David Disseldorp -Signed-off-by: Noel Power -Signed-off-by: Amitay Isaacs ---- - heartbeat/CTDB.in | 214 ++++++++++++++++++++++++++++++++++++---------- - 1 file changed, 167 insertions(+), 47 deletions(-) - -diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in -index 4dd646896..79a2f97e7 100755 ---- a/heartbeat/CTDB.in -+++ b/heartbeat/CTDB.in -@@ -143,6 +143,10 @@ OCF_RESKEY_smb_fileid_algorithm_default="" - - ####################################################################### - -+ctdb_version() { -+ $OCF_RESKEY_ctdb_binary version | awk '{print $NF}' | sed "s/[-\.]\?[[:alpha:]].*//" -+} -+ - meta_data() { - cat < -@@ -256,7 +260,7 @@ host any public ip addresses. - - The directory containing various CTDB configuration files. - The "nodes" and "notify.sh" scripts are expected to be --in this directory, as is the "events.d" subdirectory. -+in this directory. - - CTDB config file directory - -@@ -282,8 +286,10 @@ Full path to the CTDB cluster daemon binary. - - Full path to the domain socket that ctdbd will create, used for - local clients to attach and communicate with the ctdb daemon. -+With CTDB 4.9.0 and later the socket path is hardcoded at build -+time, so this parameter is ignored. - --CTDB socket location -+CTDB socket location (ignored with CTDB 4.9+) - - - -@@ -421,16 +427,28 @@ invoke_ctdb() { - timeout=$((OCF_RESKEY_CRM_meta_timeout/1000)) - timelimit=$((OCF_RESKEY_CRM_meta_timeout/1000)) - fi -- $OCF_RESKEY_ctdb_binary --socket="$OCF_RESKEY_ctdb_socket" \ -- -t $timeout -T $timelimit \ -- "$@" -+ -+ local vers=$(ctdb_version) -+ ocf_version_cmp "$vers" "4.9.0" -+ -+ # if version < 4.9.0 specify '--socket' otherwise it's -+ # a compiled option -+ if [ "$?" -eq "0" ]; then -+ $OCF_RESKEY_ctdb_binary --socket="$OCF_RESKEY_ctdb_socket" \ -+ -t $timeout -T $timelimit \ -+ "$@" -+ else -+ $OCF_RESKEY_ctdb_binary \ -+ -t $timeout -T $timelimit \ -+ "$@" -+ fi - } - - # Enable any event scripts that are explicitly required. - # Any others will ultimately be invoked or not based on how they ship - # with CTDB, but will generally have no effect, beacuase the relevant - # CTDB_MANAGES_* options won't be set in /etc/sysconfig/ctdb. --enable_event_scripts() { -+enable_event_scripts_chmod() { - local event_dir - event_dir=$OCF_RESKEY_ctdb_config_dir/events.d - -@@ -454,6 +472,36 @@ enable_event_scripts() { - fi - } - -+enable_event_scripts_symlink() { -+ # event scripts are symlinked once enabled, with the link source in... -+ mkdir -p "$OCF_RESKEY_ctdb_config_dir/events/legacy" 2>/dev/null -+ -+ invoke_ctdb event script enable legacy 00.ctdb -+ -+ if [ -f "${OCF_RESKEY_ctdb_config_dir}/public_addresses" ]; then -+ invoke_ctdb event script enable legacy 10.interface -+ else -+ invoke_ctdb event script disable legacy 10.interface -+ fi -+ if [ -f "${OCF_RESKEY_ctdb_config_dir}/static-routes" ]; then -+ invoke_ctdb event script enable legacy 11.routing -+ else -+ invoke_ctdb event script disable legacy 11.routing -+ fi -+ -+ if ocf_is_true "$OCF_RESKEY_ctdb_manages_winbind"; then -+ invoke_ctdb event script enable legacy 49.winbind -+ else -+ invoke_ctdb event script disable legacy 49.winbind -+ fi -+ -+ if ocf_is_true "$OCF_RESKEY_ctdb_manages_samba"; then -+ invoke_ctdb event script enable legacy 50.samba -+ else -+ invoke_ctdb event script disable legacy 50.samba -+ fi -+} -+ - # This function has no effect (currently no way to set CTDB_SET_*) - # but remains here in case we need it in future. - set_ctdb_variables() { -@@ -556,6 +604,46 @@ append_ctdb_sysconfig() { - [ -n "$2" ] && echo "$1=$2" >> "$CTDB_SYSCONFIG" - } - -+generate_ctdb_config() { -+ local ctdb_config="$OCF_RESKEY_ctdb_config_dir/ctdb.conf" -+ -+ # Backup existing config if we're not already using an auto-generated one -+ grep -qa '# CTDB-RA: Auto-generated' $ctdb_config || cp -p $ctdb_config ${ctdb_config}.ctdb-ra-orig -+ if [ $? -ne 0 ]; then -+ ocf_log warn "Unable to backup $ctdb_config to ${ctdb_config}.ctdb-ra-orig" -+ fi -+ -+ local log_option="file:$OCF_RESKEY_ctdb_logfile" -+ if [ "$OCF_RESKEY_ctdb_logfile" = "syslog" ]; then -+ log_option="syslog" -+ fi -+ -+ local start_as_disabled="false" -+ ocf_is_true "$OCF_RESKEY_ctdb_start_as_disabled" && start_as_disabled="true" -+ -+ local dbdir_volatile="$OCF_RESKEY_ctdb_dbdir/volatile" -+ [ -d "$dbdir_volatile" ] || mkdir -p "$dbdir_volatile" 2>/dev/null -+ local dbdir_persistent="$OCF_RESKEY_ctdb_dbdir/persistent" -+ [ -d "$dbdir_persistent" ] || mkdir -p "$dbdir_persistent" 2>/dev/null -+ local dbdir_state="$OCF_RESKEY_ctdb_dbdir/state" -+ [ -d "$dbdir_state" ] || mkdir -p "$dbdir_state" 2>/dev/null -+ -+cat >$ctdb_config </dev/null - -- # public addresses file (should not be present, but need to set for correctness if it is) -- local pub_addr_option -- pub_addr_option="" -- [ -f "${OCF_RESKEY_ctdb_config_dir}/public_addresses" ] && \ -- pub_addr_option="--public-addresses=${OCF_RESKEY_ctdb_config_dir}/public_addresses" -- # start as disabled -- local start_as_disabled -- start_as_disabled="--start-as-disabled" -- ocf_is_true "$OCF_RESKEY_ctdb_start_as_disabled" || start_as_disabled="" -- - # set nofile ulimit for ctdbd process - if [ -n "$OCF_RESKEY_ctdb_max_open_files" ]; then - ulimit -n "$OCF_RESKEY_ctdb_max_open_files" - fi - - # Start her up -- "$OCF_RESKEY_ctdbd_binary" \ -- --reclock="$OCF_RESKEY_ctdb_recovery_lock" \ -- --nlist="$OCF_RESKEY_ctdb_config_dir/nodes" \ -- --socket="$OCF_RESKEY_ctdb_socket" \ -- --dbdir="$OCF_RESKEY_ctdb_dbdir" \ -- --dbdir-persistent="$OCF_RESKEY_ctdb_dbdir/persistent" \ -- --event-script-dir="$OCF_RESKEY_ctdb_config_dir/events.d" \ -- --notification-script="$OCF_RESKEY_ctdb_config_dir/notify.sh" \ -- --transport=tcp \ -- $start_as_disabled $log_option $pub_addr_option \ -- -d "$OCF_RESKEY_ctdb_debuglevel" -+ invoke_ctdbd "$version" -+ - if [ $? -ne 0 ]; then - # cleanup smb.conf - cleanup_smb_conf -@@ -688,7 +808,7 @@ ctdb_start() { - if [ $? -ne 0 ]; then - # CTDB will be running, kill it before returning - ctdb_stop -- ocf_exit_reason "Can't invoke $OCF_RESKEY_ctdb_binary --socket=$OCF_RESKEY_ctdb_socket status" -+ ocf_exit_reason "Can't invoke $OCF_RESKEY_ctdb_binary status" - return $OCF_ERR_GENERIC - fi - if ! echo "$status" | grep -qs 'UNHEALTHY (THIS'; then -@@ -725,7 +845,7 @@ ctdb_stop() { - [ $count -gt 10 ] && { - ocf_log info "killing ctdbd " - pkill -9 -f "$OCF_RESKEY_ctdbd_binary" -- pkill -9 -f "${OCF_RESKEY_ctdb_config_dir}/events.d/" -+ pkill -9 -f "${OCF_RESKEY_ctdb_config_dir}/events" - } - done - - -From b4753b7cb46045bb9e7ed5e3a0a20f6104264b12 Mon Sep 17 00:00:00 2001 -From: David Disseldorp -Date: Wed, 10 Jul 2019 17:11:50 +0200 -Subject: [PATCH 2/3] CTDB: generate script.options file for 4.9+ - -Event scripts in CTDB 4.9+ ignore sysconfig configuration and instead -parse parameters in ctdb_config_dir/script.options . - -Signed-off-by: David Disseldorp ---- - heartbeat/CTDB.in | 35 ++++++++++++++++++++++++++++++----- - 1 file changed, 30 insertions(+), 5 deletions(-) - -diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in -index 79a2f97e7..0906f3da9 100755 ---- a/heartbeat/CTDB.in -+++ b/heartbeat/CTDB.in -@@ -242,6 +242,7 @@ If the amount of free memory drops below this value the node will - become unhealthy and ctdb and all managed services will be shutdown. - Once this occurs, the administrator needs to find the reason for the - OOM situation, rectify it and restart ctdb with "service ctdb start". -+With CTDB 4.4.0 and later this parameter is ignored. - - Minimum amount of free memory (MB) - -@@ -600,8 +601,10 @@ cleanup_smb_conf() { - mv "$OCF_RESKEY_smb_conf.$$" "$OCF_RESKEY_smb_conf" - } - --append_ctdb_sysconfig() { -- [ -n "$2" ] && echo "$1=$2" >> "$CTDB_SYSCONFIG" -+append_conf() { -+ local file_path="$1" -+ shift -+ [ -n "$2" ] && echo "$1=$2" >> "$file_path" - } - - generate_ctdb_config() { -@@ -644,6 +647,25 @@ cat >$ctdb_config <$script_options < -Date: Wed, 10 Jul 2019 17:54:01 +0200 -Subject: [PATCH 3/3] CTDB: drop sysconfig presence check during validate - -There are two reasons to avoid this check: -- for ctdb versions prior to 4.9.0, the sysconfig file is generated by - the resource agent start hook *after* ctdb_validate() is called. -- post 4.9.0 versions don't use the sysconfig file. - -Signed-off-by: David Disseldorp ---- - heartbeat/CTDB.in | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/heartbeat/CTDB.in b/heartbeat/CTDB.in -index 0906f3da9..15d78902e 100755 ---- a/heartbeat/CTDB.in -+++ b/heartbeat/CTDB.in -@@ -925,11 +925,6 @@ ctdb_validate() { - check_binary $binary - done - -- if [ -z "$CTDB_SYSCONFIG" ]; then -- ocf_exit_reason "Can't find CTDB config file (expecting /etc/sysconfig/ctdb, /etc/default/ctdb or similar)" -- return $OCF_ERR_INSTALLED -- fi -- - if ocf_is_true "$OCF_RESKEY_ctdb_manages_samba" && [ ! -f "$OCF_RESKEY_smb_conf" ]; then - ocf_exit_reason "Samba config file '$OCF_RESKEY_smb_conf' does not exist." - return $OCF_ERR_INSTALLED diff --git a/SOURCES/bz1736746-podman-drop-in-support.patch b/SOURCES/bz1736746-podman-drop-in-support.patch new file mode 100644 index 0000000..8c4be1a --- /dev/null +++ b/SOURCES/bz1736746-podman-drop-in-support.patch @@ -0,0 +1,193 @@ +From 462ada6164cb77c81f5291d88287d68506d38056 Mon Sep 17 00:00:00 2001 +From: Damien Ciabrini +Date: Tue, 9 Jul 2019 23:14:21 +0200 +Subject: [PATCH] Generate addition drop-in dependencies for podman containers + +When podman creates a container, it creates two additional systemd +scope files dynamically: + + - libpod-conmon-.scope - runs a conmon process that + tracks a container's pid1 into a dedicated pidfile. + - libpod-.scope - created dynamically by runc, + for cgroups accounting + +On shutdown, it can happen that systemd stops those scope early, +which in turn sends a SIGTERM to pacemaker-managed containers +before pacemaker has scheduled any stop operation. That +confuses the cluster and may break shutdown. + +Add a new option in the resource-agent to inject additional +dependencies into the dynamically created scope files, so that +systemd is not allowed to stop scopes before the pacemaker +service itself is stopped. + +When that option is enabled, the scopes look like: + + # podman ps | grep galera + c329819a1227 192.168.122.8:8787/rhosp15/openstack-mariadb:latest dumb-init -- /bin... About an hour ago Up About an hour ago galera-bundle-podman-0 + + # systemctl cat libpod*c329819a1227* + # /run/systemd/transient/libpod-conmon-c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b.scope + # This is a transient unit file, created programmatically via the systemd API. Do not edit. + [Scope] + Slice=machine.slice + Delegate=yes + + [Unit] + DefaultDependencies=no + + # /run/systemd/transient/libpod-conmon-c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b.scope.d/dep.conf + [Unit] + Before=pacemaker.service + + # /run/systemd/transient/libpod-c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b.scope + # This is a transient unit file, created programmatically via the systemd API. Do not edit. + [Unit] + Description=libcontainer container c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b + + [Scope] + Slice=machine.slice + Delegate=yes + MemoryAccounting=yes + CPUAccounting=yes + BlockIOAccounting=yes + + [Unit] + DefaultDependencies=no + + # /run/systemd/transient/libpod-c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b.scope.d/dep.conf + [Unit] + Before=pacemaker.service + +Effectively, this prevents systemd from managing the shutdown of any +pacemaker-managed podman container. + +Related: rhbz#1726442 +--- + heartbeat/podman | 82 +++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 81 insertions(+), 1 deletion(-) + +diff --git a/heartbeat/podman b/heartbeat/podman +index 8fc2c4695..8a916eb8c 100755 +--- a/heartbeat/podman ++++ b/heartbeat/podman +@@ -158,6 +158,16 @@ to have the particular one persist when this happens. + reuse container + + ++ ++ ++ ++Use transient drop-in files to add extra dependencies to the systemd ++scopes associated to the container. During reboot, this prevents systemd ++to stop the container before pacemaker. ++ ++drop-in dependency ++ ++ + + + +@@ -273,8 +283,57 @@ podman_create_mounts() { + IFS="$oldIFS" + } + ++podman_container_id() ++{ ++ # Retrieve the container ID by doing a "podman ps" rather than ++ # a "podman inspect", because the latter has performance issues ++ # under IO load. ++ # We could have run "podman start $CONTAINER" to get the ID back ++ # but if the container is stopped, the command will return a ++ # name instead of a container ID. This would break us. ++ podman ps --no-trunc --format '{{.ID}} {{.Names}}' | grep -F -w -m1 "$CONTAINER" | cut -d' ' -f1 ++} ++ ++ ++create_transient_drop_in_dependency() ++{ ++ local cid=$1 ++ local rc=$OCF_SUCCESS ++ ++ if [ -z "$cid" ]; then ++ ocf_log error "Container ID not found for \"$CONTAINER\". Not creating drop-in dependency" ++ return $OCF_ERR_GENERIC ++ fi ++ ++ ocf_log info "Creating drop-in dependency for \"$CONTAINER\" ($cid)" ++ for scope in "libpod-$cid.scope.d" "libpod-conmon-$cid.scope.d"; do ++ if [ $rc -eq $OCF_SUCCESS ] && [ ! -d /run/systemd/transient/"$scope" ]; then ++ mkdir -p /run/systemd/transient/"$scope" && \ ++ echo -e "[Unit]\nBefore=pacemaker.service" > /run/systemd/transient/"$scope"/dep.conf && \ ++ chmod ago+r /run/systemd/transient/"$scope" /run/systemd/transient/"$scope"/dep.conf ++ rc=$? ++ fi ++ done ++ ++ if [ $rc -ne $OCF_SUCCESS ]; then ++ ocf_log error "Could not create drop-in dependency for \"$CONTAINER\" ($cid)" ++ else ++ systemctl daemon-reload ++ rc=$? ++ if [ $rc -ne $OCF_SUCCESS ]; then ++ ocf_log error "Could not refresh service definition after creating drop-in for \"$CONTAINER\"" ++ fi ++ fi ++ ++ return $rc ++} ++ ++ + podman_start() + { ++ local cid ++ local rc ++ + podman_create_mounts + local run_opts="-d --name=${CONTAINER}" + # check to see if the container has already started +@@ -306,8 +365,17 @@ podman_start() + ocf_log info "running container $CONTAINER for the first time" + ocf_run podman run $run_opts $OCF_RESKEY_image $OCF_RESKEY_run_cmd + fi ++ rc=$? + +- if [ $? -ne 0 ]; then ++ # if the container was stopped or didn't exist before, systemd ++ # removed the libpod* scopes. So always try to recreate the drop-ins ++ if [ $rc -eq 0 ] && ocf_is_true "$OCF_RESKEY_drop_in_dependency"; then ++ cid=$(podman_container_id) ++ create_transient_drop_in_dependency "$cid" ++ rc=$? ++ fi ++ ++ if [ $rc -ne 0 ]; then + ocf_exit_reason "podman failed to launch container" + return $OCF_ERR_GENERIC + fi +@@ -353,6 +421,8 @@ podman_stop() + else + ocf_log debug "waiting $timeout second[s] before killing container" + ocf_run podman stop -t=$timeout $CONTAINER ++ # on stop, systemd will automatically delete any transient ++ # drop-in conf that has been created earlier + fi + + if [ $? -ne 0 ]; then +@@ -456,6 +526,16 @@ CONTAINER=$OCF_RESKEY_name + # exec command to be non-empty + : ${OCF_RESKEY_monitor_cmd:=/bin/true} + ++# When OCF_RESKEY_drop_in_dependency is not populated, we ++# look at another file-based way of enabling the option. ++# Otherwise, consider it disabled. ++if [ -z "$OCF_RESKEY_drop_in_dependency" ]; then ++ if [ -f "/etc/sysconfig/podman_drop_in" ] || \ ++ [ -f "/etc/default/podman_drop_in" ]; then ++ OCF_RESKEY_drop_in_dependency=yes ++ fi ++fi ++ + case $__OCF_ACTION in + meta-data) meta_data + exit $OCF_SUCCESS;; diff --git a/SOURCES/bz1738303-podman-drop-in-support.patch b/SOURCES/bz1738303-podman-drop-in-support.patch deleted file mode 100644 index 8c4be1a..0000000 --- a/SOURCES/bz1738303-podman-drop-in-support.patch +++ /dev/null @@ -1,193 +0,0 @@ -From 462ada6164cb77c81f5291d88287d68506d38056 Mon Sep 17 00:00:00 2001 -From: Damien Ciabrini -Date: Tue, 9 Jul 2019 23:14:21 +0200 -Subject: [PATCH] Generate addition drop-in dependencies for podman containers - -When podman creates a container, it creates two additional systemd -scope files dynamically: - - - libpod-conmon-.scope - runs a conmon process that - tracks a container's pid1 into a dedicated pidfile. - - libpod-.scope - created dynamically by runc, - for cgroups accounting - -On shutdown, it can happen that systemd stops those scope early, -which in turn sends a SIGTERM to pacemaker-managed containers -before pacemaker has scheduled any stop operation. That -confuses the cluster and may break shutdown. - -Add a new option in the resource-agent to inject additional -dependencies into the dynamically created scope files, so that -systemd is not allowed to stop scopes before the pacemaker -service itself is stopped. - -When that option is enabled, the scopes look like: - - # podman ps | grep galera - c329819a1227 192.168.122.8:8787/rhosp15/openstack-mariadb:latest dumb-init -- /bin... About an hour ago Up About an hour ago galera-bundle-podman-0 - - # systemctl cat libpod*c329819a1227* - # /run/systemd/transient/libpod-conmon-c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b.scope - # This is a transient unit file, created programmatically via the systemd API. Do not edit. - [Scope] - Slice=machine.slice - Delegate=yes - - [Unit] - DefaultDependencies=no - - # /run/systemd/transient/libpod-conmon-c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b.scope.d/dep.conf - [Unit] - Before=pacemaker.service - - # /run/systemd/transient/libpod-c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b.scope - # This is a transient unit file, created programmatically via the systemd API. Do not edit. - [Unit] - Description=libcontainer container c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b - - [Scope] - Slice=machine.slice - Delegate=yes - MemoryAccounting=yes - CPUAccounting=yes - BlockIOAccounting=yes - - [Unit] - DefaultDependencies=no - - # /run/systemd/transient/libpod-c329819a1227ec548d678861994ef755b1fde9a244e1e4d966d17674df88ce7b.scope.d/dep.conf - [Unit] - Before=pacemaker.service - -Effectively, this prevents systemd from managing the shutdown of any -pacemaker-managed podman container. - -Related: rhbz#1726442 ---- - heartbeat/podman | 82 +++++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 81 insertions(+), 1 deletion(-) - -diff --git a/heartbeat/podman b/heartbeat/podman -index 8fc2c4695..8a916eb8c 100755 ---- a/heartbeat/podman -+++ b/heartbeat/podman -@@ -158,6 +158,16 @@ to have the particular one persist when this happens. - reuse container - - -+ -+ -+ -+Use transient drop-in files to add extra dependencies to the systemd -+scopes associated to the container. During reboot, this prevents systemd -+to stop the container before pacemaker. -+ -+drop-in dependency -+ -+ - - - -@@ -273,8 +283,57 @@ podman_create_mounts() { - IFS="$oldIFS" - } - -+podman_container_id() -+{ -+ # Retrieve the container ID by doing a "podman ps" rather than -+ # a "podman inspect", because the latter has performance issues -+ # under IO load. -+ # We could have run "podman start $CONTAINER" to get the ID back -+ # but if the container is stopped, the command will return a -+ # name instead of a container ID. This would break us. -+ podman ps --no-trunc --format '{{.ID}} {{.Names}}' | grep -F -w -m1 "$CONTAINER" | cut -d' ' -f1 -+} -+ -+ -+create_transient_drop_in_dependency() -+{ -+ local cid=$1 -+ local rc=$OCF_SUCCESS -+ -+ if [ -z "$cid" ]; then -+ ocf_log error "Container ID not found for \"$CONTAINER\". Not creating drop-in dependency" -+ return $OCF_ERR_GENERIC -+ fi -+ -+ ocf_log info "Creating drop-in dependency for \"$CONTAINER\" ($cid)" -+ for scope in "libpod-$cid.scope.d" "libpod-conmon-$cid.scope.d"; do -+ if [ $rc -eq $OCF_SUCCESS ] && [ ! -d /run/systemd/transient/"$scope" ]; then -+ mkdir -p /run/systemd/transient/"$scope" && \ -+ echo -e "[Unit]\nBefore=pacemaker.service" > /run/systemd/transient/"$scope"/dep.conf && \ -+ chmod ago+r /run/systemd/transient/"$scope" /run/systemd/transient/"$scope"/dep.conf -+ rc=$? -+ fi -+ done -+ -+ if [ $rc -ne $OCF_SUCCESS ]; then -+ ocf_log error "Could not create drop-in dependency for \"$CONTAINER\" ($cid)" -+ else -+ systemctl daemon-reload -+ rc=$? -+ if [ $rc -ne $OCF_SUCCESS ]; then -+ ocf_log error "Could not refresh service definition after creating drop-in for \"$CONTAINER\"" -+ fi -+ fi -+ -+ return $rc -+} -+ -+ - podman_start() - { -+ local cid -+ local rc -+ - podman_create_mounts - local run_opts="-d --name=${CONTAINER}" - # check to see if the container has already started -@@ -306,8 +365,17 @@ podman_start() - ocf_log info "running container $CONTAINER for the first time" - ocf_run podman run $run_opts $OCF_RESKEY_image $OCF_RESKEY_run_cmd - fi -+ rc=$? - -- if [ $? -ne 0 ]; then -+ # if the container was stopped or didn't exist before, systemd -+ # removed the libpod* scopes. So always try to recreate the drop-ins -+ if [ $rc -eq 0 ] && ocf_is_true "$OCF_RESKEY_drop_in_dependency"; then -+ cid=$(podman_container_id) -+ create_transient_drop_in_dependency "$cid" -+ rc=$? -+ fi -+ -+ if [ $rc -ne 0 ]; then - ocf_exit_reason "podman failed to launch container" - return $OCF_ERR_GENERIC - fi -@@ -353,6 +421,8 @@ podman_stop() - else - ocf_log debug "waiting $timeout second[s] before killing container" - ocf_run podman stop -t=$timeout $CONTAINER -+ # on stop, systemd will automatically delete any transient -+ # drop-in conf that has been created earlier - fi - - if [ $? -ne 0 ]; then -@@ -456,6 +526,16 @@ CONTAINER=$OCF_RESKEY_name - # exec command to be non-empty - : ${OCF_RESKEY_monitor_cmd:=/bin/true} - -+# When OCF_RESKEY_drop_in_dependency is not populated, we -+# look at another file-based way of enabling the option. -+# Otherwise, consider it disabled. -+if [ -z "$OCF_RESKEY_drop_in_dependency" ]; then -+ if [ -f "/etc/sysconfig/podman_drop_in" ] || \ -+ [ -f "/etc/default/podman_drop_in" ]; then -+ OCF_RESKEY_drop_in_dependency=yes -+ fi -+fi -+ - case $__OCF_ACTION in - meta-data) meta_data - exit $OCF_SUCCESS;; diff --git a/SOURCES/bz1745713-rabbitmq-cluster-1-monitor-mnesia-status.patch b/SOURCES/bz1745713-rabbitmq-cluster-1-monitor-mnesia-status.patch new file mode 100644 index 0000000..fab8bfd --- /dev/null +++ b/SOURCES/bz1745713-rabbitmq-cluster-1-monitor-mnesia-status.patch @@ -0,0 +1,57 @@ +From fcaa52bb98a8686d993550c6f4ab7867625c8059 Mon Sep 17 00:00:00 2001 +From: John Eckersberg +Date: Wed, 29 Aug 2018 16:18:55 -0400 +Subject: [PATCH] rabbitmq-cluster: get cluster status from mnesia during + monitor + +If mnesia is not running (for example if `rabbitmqctl stop_app` has +been called, or the service has paused during partition due to the +pause_minority strategy) then the cluster_status command to +rabbitmqctl will read the cached cluster status from disk and the +command returns 0 even though the service isn't really running at all. + +Instead, force the cluster status to be read from mnesia. If mnesia +is not running due to the above or similar circumstances, the command +will catch that and properly fail the monitor action. + +Resolves: RHBZ#1595753 +--- + heartbeat/rabbitmq-cluster | 20 +++++--------------- + 1 file changed, 5 insertions(+), 15 deletions(-) + +diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster +index a7d2db614..204917475 100755 +--- a/heartbeat/rabbitmq-cluster ++++ b/heartbeat/rabbitmq-cluster +@@ -181,26 +181,16 @@ remove_pid () { + rmq_monitor() { + local rc + +- $RMQ_CTL cluster_status > /dev/null 2>&1 +- rc=$? +- case "$rc" in +- 0) ++ if $RMQ_CTL eval 'rabbit_mnesia:cluster_status_from_mnesia().' | grep -q '^{ok'; then + ocf_log debug "RabbitMQ server is running normally" + rmq_write_nodename +- ++ + return $OCF_SUCCESS +- ;; +- 2|68|69|70|75|78) +- ocf_log info "RabbitMQ server is not running" ++ else ++ ocf_log info "RabbitMQ server could not get cluster status from mnesia" + rmq_delete_nodename + return $OCF_NOT_RUNNING +- ;; +- *) +- ocf_log err "Unexpected return code from '$RMQ_CTL cluster_status' exit code: $rc" +- rmq_delete_nodename +- return $OCF_ERR_GENERIC +- ;; +- esac ++ fi + } + + rmq_init_and_wait() diff --git a/SOURCES/bz1745713-rabbitmq-cluster-2-fail-when-in-minority-partition.patch b/SOURCES/bz1745713-rabbitmq-cluster-2-fail-when-in-minority-partition.patch new file mode 100644 index 0000000..72f5ff6 --- /dev/null +++ b/SOURCES/bz1745713-rabbitmq-cluster-2-fail-when-in-minority-partition.patch @@ -0,0 +1,96 @@ +From cc23c5523a0185fa557a5ab9056d50a60300d12a Mon Sep 17 00:00:00 2001 +From: John Eckersberg +Date: Tue, 16 Oct 2018 16:21:25 -0400 +Subject: [PATCH] rabbitmq-cluster: fail monitor when node is in minority + partition + +It's possible for mnesia to still be running, but for mnesia to be +partitioned. And it's also possible to get into this state without +pacemaker seeing the node go down so no corrective action is taken. + +When monitoring, check the number of nodes that pacemaker thinks is +running, and compare to the number of nodes that mnesia thinks is +running. If mnesia only sees a minority of the total nodes, fail it +so corrective action can be taken to rejoin the cluster. + +This also adds a new function, rmq_app_running, which simply checks +whether the app is running or not and does not care about the +partition status. This is now used instead of the full monitor in a +few places where we don't care about partition state. + +Resolves: RHBZ#1639826 +--- + heartbeat/rabbitmq-cluster | 28 +++++++++++++++++++++++++--- + 1 file changed, 25 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster +index 204917475..78b2bbadf 100755 +--- a/heartbeat/rabbitmq-cluster ++++ b/heartbeat/rabbitmq-cluster +@@ -178,10 +178,31 @@ remove_pid () { + rm -f ${RMQ_PID_FILE} > /dev/null 2>&1 + } + ++rmq_app_running() { ++ if $RMQ_CTL eval 'application:which_applications().' | grep -q '{rabbit,'; then ++ ocf_log debug "RabbitMQ application is running" ++ return $OCF_SUCCESS ++ else ++ ocf_log debug "RabbitMQ application is stopped" ++ return $OCF_NOT_RUNNING ++ fi ++} ++ + rmq_monitor() { + local rc + + if $RMQ_CTL eval 'rabbit_mnesia:cluster_status_from_mnesia().' | grep -q '^{ok'; then ++ pcs_running=$(rmq_join_list | wc -w) ++ ocf_log debug "Pacemaker thinks ${pcs_running} RabbitMQ nodes are running" ++ rmq_running=$($RMQ_CTL eval 'length(mnesia:system_info(running_db_nodes)).') ++ ocf_log debug "RabbitMQ thinks ${rmq_running} RabbitMQ nodes are running" ++ ++ if [ $(( $rmq_running * 2 )) -lt $pcs_running ]; then ++ ocf_log info "RabbitMQ is a minority partition, failing monitor" ++ rmq_delete_nodename ++ return $OCF_ERR_GENERIC ++ fi ++ + ocf_log debug "RabbitMQ server is running normally" + rmq_write_nodename + +@@ -215,7 +236,7 @@ rmq_init_and_wait() + return $OCF_ERR_GENERIC + fi + +- rmq_monitor ++ rmq_app_running + return $? + } + +@@ -236,6 +257,7 @@ rmq_start_first() + if [ $rc -eq 0 ]; then + rc=$OCF_SUCCESS + ocf_log info "cluster bootstrapped" ++ rmq_write_nodename + + if [ -n "$OCF_RESKEY_set_policy" ]; then + # do not quote set_policy, we are passing in arguments +@@ -492,7 +514,7 @@ rmq_stop() { + end. + " + +- rmq_monitor ++ rmq_app_running + if [ $? -eq $OCF_NOT_RUNNING ]; then + return $OCF_SUCCESS + fi +@@ -508,7 +530,7 @@ rmq_stop() { + #TODO add kill logic + stop_wait=1 + while [ $stop_wait = 1 ]; do +- rmq_monitor ++ rmq_app_running + rc=$? + if [ "$rc" -eq $OCF_NOT_RUNNING ]; then + stop_wait=0 diff --git a/SOURCES/bz1745713-rabbitmq-cluster-3-fix-stop-regression.patch b/SOURCES/bz1745713-rabbitmq-cluster-3-fix-stop-regression.patch new file mode 100644 index 0000000..8b422eb --- /dev/null +++ b/SOURCES/bz1745713-rabbitmq-cluster-3-fix-stop-regression.patch @@ -0,0 +1,63 @@ +From 19ee29342f8bb573722991b8cbe4503309ad0bf9 Mon Sep 17 00:00:00 2001 +From: John Eckersberg +Date: Fri, 2 Nov 2018 13:12:53 -0400 +Subject: [PATCH] rabbitmq-cluster: fix regression in rmq_stop + +This regression was introduced in PR#1249 (cc23c55). The stop action +was modified to use rmq_app_running in order to check the service +status, which allows for the following sequence of events: + +- service is started, unclustered +- stop_app is called +- cluster_join is attempted and fails +- stop is called + +Because stop_app was called, rmq_app_running returns $OCF_NOT_RUNNING +and the stop action is a no-op. This means the erlang VM continues +running. + +When the start action is attempted again, a new erlang VM is launched, +but this VM fails to boot because the old one is still running and is +registered with the same name (rabbit@nodename). + +This adds a new function, rmq_node_alive, which does a simple eval to +test whether the erlang VM is up, independent of the rabbit app. The +stop action now uses rmq_node_alive to check the service status, so +even if stop_app was previously called, the erlang VM will be stopped +properly. + +Resolves: RHBZ#1639826 +--- + heartbeat/rabbitmq-cluster | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster +index 78b2bbadf..a2de9dc20 100755 +--- a/heartbeat/rabbitmq-cluster ++++ b/heartbeat/rabbitmq-cluster +@@ -188,6 +188,16 @@ rmq_app_running() { + fi + } + ++rmq_node_alive() { ++ if $RMQ_CTL eval 'ok.'; then ++ ocf_log debug "RabbitMQ node is alive" ++ return $OCF_SUCCESS ++ else ++ ocf_log debug "RabbitMQ node is down" ++ return $OCF_NOT_RUNNING ++ fi ++} ++ + rmq_monitor() { + local rc + +@@ -514,7 +524,7 @@ rmq_stop() { + end. + " + +- rmq_app_running ++ rmq_node_alive + if [ $? -eq $OCF_NOT_RUNNING ]; then + return $OCF_SUCCESS + fi diff --git a/SOURCES/bz1745713-rabbitmq-cluster-4-retry-start-cluster-join-fails.patch b/SOURCES/bz1745713-rabbitmq-cluster-4-retry-start-cluster-join-fails.patch new file mode 100644 index 0000000..80fe18b --- /dev/null +++ b/SOURCES/bz1745713-rabbitmq-cluster-4-retry-start-cluster-join-fails.patch @@ -0,0 +1,83 @@ +From 63c9449bfa9a7fecbc0f00394699a475a384671d Mon Sep 17 00:00:00 2001 +From: Damien Ciabrini +Date: Thu, 9 Aug 2018 16:33:26 +0200 +Subject: [PATCH] rabbitmq-cluster: retry start when cluster join fails + +When a node tries to join an existing cluster, it fetches a node +list to try to connect from any of those running nodes. + +If the nodes from this list become unavailable while we're joining +the cluster, the rabbitmq server will fail to get clustered and +make the start operation fail. + +Give the resource a chance to start anyway by retrying the entire +start actions until it succeeds or until the start timeout is +reached and pacemaker stops the start operation. + +Co-Authored-by: +Suggested-by: +--- + heartbeat/rabbitmq-cluster | 29 ++++++++++++++++++++++++++--- + 1 file changed, 26 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster +index 9ff49e075..84f383460 100755 +--- a/heartbeat/rabbitmq-cluster ++++ b/heartbeat/rabbitmq-cluster +@@ -31,6 +31,12 @@ + + ####################################################################### + ++# This arbitrary value here is used by the rmq_start action to ++# signify that the resource agent must retry the start process ++# It might potentially conflict with OCF assigned error code ++# in the future. ++RMQ_TRY_RESTART_ERROR_CODE=126 ++ + RMQ_SERVER=/usr/sbin/rabbitmq-server + RMQ_CTL=/usr/sbin/rabbitmqctl + RMQ_DATA_DIR="/var/lib/rabbitmq/mnesia" +@@ -354,7 +360,7 @@ rmq_notify() { + return $OCF_SUCCESS + } + +-rmq_start() { ++rmq_try_start() { + local join_list="" + local rc + +@@ -384,8 +390,16 @@ rmq_start() { + rc=$? + + if [ $rc -ne 0 ]; then +- ocf_log info "node failed to join even after reseting local data. Check SELINUX policy" +- return $OCF_ERR_GENERIC ++ # we could not join the rabbitmq cluster from any of the running nodes ++ # this might be due to a unexpected reset of those nodes. Give ourself ++ # a chance to start by retrying the entire start sequence. ++ ++ ocf_log warn "Failed to join the RabbitMQ cluster from nodes ${join_list}. Stopping local unclustered rabbitmq" ++ rmq_stop ++ ++ ocf_log warn "Re-detect available rabbitmq nodes and try to start again" ++ # return an unused OCF value to signify a "retry" condition ++ return $RMQ_TRY_RESTART_ERROR_CODE + fi + + # Restore users, user permissions, and policies (if any) +@@ -443,6 +457,15 @@ rmq_start() { + return $OCF_SUCCESS + } + ++rmq_start() { ++ local rc=$RMQ_TRY_RESTART_ERROR_CODE ++ while [ $rc -eq $RMQ_TRY_RESTART_ERROR_CODE ]; do ++ rmq_try_start ++ rc=$? ++ done ++ return $rc ++} ++ + rmq_stop() { + # Backup users, user permissions, and policies + BaseDataDir=`dirname $RMQ_DATA_DIR` diff --git a/SOURCES/bz1745713-rabbitmq-cluster-5-ensure-node-attribures-removed.patch b/SOURCES/bz1745713-rabbitmq-cluster-5-ensure-node-attribures-removed.patch new file mode 100644 index 0000000..0a25333 --- /dev/null +++ b/SOURCES/bz1745713-rabbitmq-cluster-5-ensure-node-attribures-removed.patch @@ -0,0 +1,42 @@ +From 8ed87936e9ad06318cc49ea767885a405dfde11e Mon Sep 17 00:00:00 2001 +From: John Eckersberg +Date: Wed, 5 Dec 2018 11:45:43 -0500 +Subject: [PATCH] rabbitmq-cluster: better ensure node attributes are removed + +Ensure that the attribute is removed at the end of the stop action. +Also if rmq_app_running or rmq_node_alive shows the service as down, +ensure the attribute is deleted as well. + +Resolves: RHBZ#1656368 +--- + heartbeat/rabbitmq-cluster | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster +index 1643dd1e7..2dca3e216 100755 +--- a/heartbeat/rabbitmq-cluster ++++ b/heartbeat/rabbitmq-cluster +@@ -184,6 +184,7 @@ rmq_app_running() { + return $OCF_SUCCESS + else + ocf_log debug "RabbitMQ application is stopped" ++ rmq_delete_nodename + return $OCF_NOT_RUNNING + fi + } +@@ -194,6 +195,7 @@ rmq_node_alive() { + return $OCF_SUCCESS + else + ocf_log debug "RabbitMQ node is down" ++ rmq_delete_nodename + return $OCF_NOT_RUNNING + fi + } +@@ -554,6 +556,7 @@ rmq_stop() { + sleep 1 + done + ++ rmq_delete_nodename + remove_pid + return $OCF_SUCCESS + } diff --git a/SOURCES/bz1745713-rabbitmq-cluster-6-debug-log-mnesia-query-fails.patch b/SOURCES/bz1745713-rabbitmq-cluster-6-debug-log-mnesia-query-fails.patch new file mode 100644 index 0000000..b39150a --- /dev/null +++ b/SOURCES/bz1745713-rabbitmq-cluster-6-debug-log-mnesia-query-fails.patch @@ -0,0 +1,32 @@ +From 2b6e4a94c847129dd014a1efa733cd1b4a2448e6 Mon Sep 17 00:00:00 2001 +From: John Eckersberg +Date: Fri, 2 Nov 2018 10:11:41 -0400 +Subject: [PATCH] rabbitmq-cluster: debug log detailed output when mnesia query + fails + +--- + heartbeat/rabbitmq-cluster | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster +index 78b2bbadf..fabfeedfb 100755 +--- a/heartbeat/rabbitmq-cluster ++++ b/heartbeat/rabbitmq-cluster +@@ -191,7 +191,8 @@ rmq_app_running() { + rmq_monitor() { + local rc + +- if $RMQ_CTL eval 'rabbit_mnesia:cluster_status_from_mnesia().' | grep -q '^{ok'; then ++ status=$($RMQ_CTL eval 'rabbit_mnesia:cluster_status_from_mnesia().' 2>&1) ++ if echo "${status}" | grep -q '^{ok'; then + pcs_running=$(rmq_join_list | wc -w) + ocf_log debug "Pacemaker thinks ${pcs_running} RabbitMQ nodes are running" + rmq_running=$($RMQ_CTL eval 'length(mnesia:system_info(running_db_nodes)).') +@@ -209,6 +210,7 @@ rmq_monitor() { + return $OCF_SUCCESS + else + ocf_log info "RabbitMQ server could not get cluster status from mnesia" ++ ocf_log debug "${status}" + rmq_delete_nodename + return $OCF_NOT_RUNNING + fi diff --git a/SOURCES/bz1745713-rabbitmq-cluster-7-suppress-additional-output.patch b/SOURCES/bz1745713-rabbitmq-cluster-7-suppress-additional-output.patch new file mode 100644 index 0000000..8b58191 --- /dev/null +++ b/SOURCES/bz1745713-rabbitmq-cluster-7-suppress-additional-output.patch @@ -0,0 +1,87 @@ +From 5a33171b2c40e2e1587e82aad0cb7e39abcf615d Mon Sep 17 00:00:00 2001 +From: John Eckersberg +Date: Thu, 13 Dec 2018 12:58:43 -0500 +Subject: [PATCH] rabbitmq-cluster: always use quiet flag for eval calls + +On older rabbitmq versions, rabbitmqctl appends "...done." at the end +of the output. However we expect eval without this extra output so it +can be used for further processing. The -q option to rabbitmqctl +suppresses the extra output, so ensure we always pass that when +calling eval. + +Resolves: RHBZ#1659072 +--- + heartbeat/rabbitmq-cluster | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster +index 2dca3e216..e82ac2399 100755 +--- a/heartbeat/rabbitmq-cluster ++++ b/heartbeat/rabbitmq-cluster +@@ -39,6 +39,7 @@ RMQ_TRY_RESTART_ERROR_CODE=126 + + RMQ_SERVER=/usr/sbin/rabbitmq-server + RMQ_CTL=/usr/sbin/rabbitmqctl ++RMQ_EVAL="${RMQ_CTL} eval -q" + RMQ_DATA_DIR="/var/lib/rabbitmq/mnesia" + RMQ_PID_DIR="/var/run/rabbitmq" + RMQ_PID_FILE="/var/run/rabbitmq/rmq.pid" +@@ -179,7 +180,7 @@ remove_pid () { + } + + rmq_app_running() { +- if $RMQ_CTL eval 'application:which_applications().' | grep -q '{rabbit,'; then ++ if $RMQ_EVAL 'application:which_applications().' | grep -q '{rabbit,'; then + ocf_log debug "RabbitMQ application is running" + return $OCF_SUCCESS + else +@@ -190,7 +191,7 @@ rmq_app_running() { + } + + rmq_node_alive() { +- if $RMQ_CTL eval 'ok.'; then ++ if $RMQ_EVAL 'ok.'; then + ocf_log debug "RabbitMQ node is alive" + return $OCF_SUCCESS + else +@@ -203,11 +204,11 @@ rmq_node_alive() { + rmq_monitor() { + local rc + +- status=$($RMQ_CTL eval 'rabbit_mnesia:cluster_status_from_mnesia().' 2>&1) ++ status=$($RMQ_EVAL 'rabbit_mnesia:cluster_status_from_mnesia().' 2>&1) + if echo "${status}" | grep -q '^{ok'; then + pcs_running=$(rmq_join_list | wc -w) + ocf_log debug "Pacemaker thinks ${pcs_running} RabbitMQ nodes are running" +- rmq_running=$($RMQ_CTL eval 'length(mnesia:system_info(running_db_nodes)).') ++ rmq_running=$($RMQ_EVAL 'length(mnesia:system_info(running_db_nodes)).') + ocf_log debug "RabbitMQ thinks ${rmq_running} RabbitMQ nodes are running" + + if [ $(( $rmq_running * 2 )) -lt $pcs_running ]; then +@@ -294,7 +295,7 @@ rmq_start_first() + + rmq_is_clustered() + { +- $RMQ_CTL eval 'rabbit_mnesia:is_clustered().' | grep -q true ++ $RMQ_EVAL 'rabbit_mnesia:is_clustered().' | grep -q true + } + + rmq_join_existing() +@@ -432,7 +433,7 @@ rmq_try_start() { + + # Restore users, user permissions, and policies (if any) + BaseDataDir=`dirname $RMQ_DATA_DIR` +- $RMQ_CTL eval " ++ $RMQ_EVAL " + %% Run only if Mnesia is ready. + lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso + begin +@@ -497,7 +498,7 @@ rmq_start() { + rmq_stop() { + # Backup users, user permissions, and policies + BaseDataDir=`dirname $RMQ_DATA_DIR` +- $RMQ_CTL eval " ++ $RMQ_EVAL " + %% Run only if Mnesia is still available. + lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso + begin diff --git a/SOURCES/bz1746148-rabbitmq-cluster-1-monitor-mnesia-status.patch b/SOURCES/bz1746148-rabbitmq-cluster-1-monitor-mnesia-status.patch deleted file mode 100644 index fab8bfd..0000000 --- a/SOURCES/bz1746148-rabbitmq-cluster-1-monitor-mnesia-status.patch +++ /dev/null @@ -1,57 +0,0 @@ -From fcaa52bb98a8686d993550c6f4ab7867625c8059 Mon Sep 17 00:00:00 2001 -From: John Eckersberg -Date: Wed, 29 Aug 2018 16:18:55 -0400 -Subject: [PATCH] rabbitmq-cluster: get cluster status from mnesia during - monitor - -If mnesia is not running (for example if `rabbitmqctl stop_app` has -been called, or the service has paused during partition due to the -pause_minority strategy) then the cluster_status command to -rabbitmqctl will read the cached cluster status from disk and the -command returns 0 even though the service isn't really running at all. - -Instead, force the cluster status to be read from mnesia. If mnesia -is not running due to the above or similar circumstances, the command -will catch that and properly fail the monitor action. - -Resolves: RHBZ#1595753 ---- - heartbeat/rabbitmq-cluster | 20 +++++--------------- - 1 file changed, 5 insertions(+), 15 deletions(-) - -diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster -index a7d2db614..204917475 100755 ---- a/heartbeat/rabbitmq-cluster -+++ b/heartbeat/rabbitmq-cluster -@@ -181,26 +181,16 @@ remove_pid () { - rmq_monitor() { - local rc - -- $RMQ_CTL cluster_status > /dev/null 2>&1 -- rc=$? -- case "$rc" in -- 0) -+ if $RMQ_CTL eval 'rabbit_mnesia:cluster_status_from_mnesia().' | grep -q '^{ok'; then - ocf_log debug "RabbitMQ server is running normally" - rmq_write_nodename -- -+ - return $OCF_SUCCESS -- ;; -- 2|68|69|70|75|78) -- ocf_log info "RabbitMQ server is not running" -+ else -+ ocf_log info "RabbitMQ server could not get cluster status from mnesia" - rmq_delete_nodename - return $OCF_NOT_RUNNING -- ;; -- *) -- ocf_log err "Unexpected return code from '$RMQ_CTL cluster_status' exit code: $rc" -- rmq_delete_nodename -- return $OCF_ERR_GENERIC -- ;; -- esac -+ fi - } - - rmq_init_and_wait() diff --git a/SOURCES/bz1746148-rabbitmq-cluster-2-fail-when-in-minority-partition.patch b/SOURCES/bz1746148-rabbitmq-cluster-2-fail-when-in-minority-partition.patch deleted file mode 100644 index 72f5ff6..0000000 --- a/SOURCES/bz1746148-rabbitmq-cluster-2-fail-when-in-minority-partition.patch +++ /dev/null @@ -1,96 +0,0 @@ -From cc23c5523a0185fa557a5ab9056d50a60300d12a Mon Sep 17 00:00:00 2001 -From: John Eckersberg -Date: Tue, 16 Oct 2018 16:21:25 -0400 -Subject: [PATCH] rabbitmq-cluster: fail monitor when node is in minority - partition - -It's possible for mnesia to still be running, but for mnesia to be -partitioned. And it's also possible to get into this state without -pacemaker seeing the node go down so no corrective action is taken. - -When monitoring, check the number of nodes that pacemaker thinks is -running, and compare to the number of nodes that mnesia thinks is -running. If mnesia only sees a minority of the total nodes, fail it -so corrective action can be taken to rejoin the cluster. - -This also adds a new function, rmq_app_running, which simply checks -whether the app is running or not and does not care about the -partition status. This is now used instead of the full monitor in a -few places where we don't care about partition state. - -Resolves: RHBZ#1639826 ---- - heartbeat/rabbitmq-cluster | 28 +++++++++++++++++++++++++--- - 1 file changed, 25 insertions(+), 3 deletions(-) - -diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster -index 204917475..78b2bbadf 100755 ---- a/heartbeat/rabbitmq-cluster -+++ b/heartbeat/rabbitmq-cluster -@@ -178,10 +178,31 @@ remove_pid () { - rm -f ${RMQ_PID_FILE} > /dev/null 2>&1 - } - -+rmq_app_running() { -+ if $RMQ_CTL eval 'application:which_applications().' | grep -q '{rabbit,'; then -+ ocf_log debug "RabbitMQ application is running" -+ return $OCF_SUCCESS -+ else -+ ocf_log debug "RabbitMQ application is stopped" -+ return $OCF_NOT_RUNNING -+ fi -+} -+ - rmq_monitor() { - local rc - - if $RMQ_CTL eval 'rabbit_mnesia:cluster_status_from_mnesia().' | grep -q '^{ok'; then -+ pcs_running=$(rmq_join_list | wc -w) -+ ocf_log debug "Pacemaker thinks ${pcs_running} RabbitMQ nodes are running" -+ rmq_running=$($RMQ_CTL eval 'length(mnesia:system_info(running_db_nodes)).') -+ ocf_log debug "RabbitMQ thinks ${rmq_running} RabbitMQ nodes are running" -+ -+ if [ $(( $rmq_running * 2 )) -lt $pcs_running ]; then -+ ocf_log info "RabbitMQ is a minority partition, failing monitor" -+ rmq_delete_nodename -+ return $OCF_ERR_GENERIC -+ fi -+ - ocf_log debug "RabbitMQ server is running normally" - rmq_write_nodename - -@@ -215,7 +236,7 @@ rmq_init_and_wait() - return $OCF_ERR_GENERIC - fi - -- rmq_monitor -+ rmq_app_running - return $? - } - -@@ -236,6 +257,7 @@ rmq_start_first() - if [ $rc -eq 0 ]; then - rc=$OCF_SUCCESS - ocf_log info "cluster bootstrapped" -+ rmq_write_nodename - - if [ -n "$OCF_RESKEY_set_policy" ]; then - # do not quote set_policy, we are passing in arguments -@@ -492,7 +514,7 @@ rmq_stop() { - end. - " - -- rmq_monitor -+ rmq_app_running - if [ $? -eq $OCF_NOT_RUNNING ]; then - return $OCF_SUCCESS - fi -@@ -508,7 +530,7 @@ rmq_stop() { - #TODO add kill logic - stop_wait=1 - while [ $stop_wait = 1 ]; do -- rmq_monitor -+ rmq_app_running - rc=$? - if [ "$rc" -eq $OCF_NOT_RUNNING ]; then - stop_wait=0 diff --git a/SOURCES/bz1746148-rabbitmq-cluster-3-fix-stop-regression.patch b/SOURCES/bz1746148-rabbitmq-cluster-3-fix-stop-regression.patch deleted file mode 100644 index 8b422eb..0000000 --- a/SOURCES/bz1746148-rabbitmq-cluster-3-fix-stop-regression.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 19ee29342f8bb573722991b8cbe4503309ad0bf9 Mon Sep 17 00:00:00 2001 -From: John Eckersberg -Date: Fri, 2 Nov 2018 13:12:53 -0400 -Subject: [PATCH] rabbitmq-cluster: fix regression in rmq_stop - -This regression was introduced in PR#1249 (cc23c55). The stop action -was modified to use rmq_app_running in order to check the service -status, which allows for the following sequence of events: - -- service is started, unclustered -- stop_app is called -- cluster_join is attempted and fails -- stop is called - -Because stop_app was called, rmq_app_running returns $OCF_NOT_RUNNING -and the stop action is a no-op. This means the erlang VM continues -running. - -When the start action is attempted again, a new erlang VM is launched, -but this VM fails to boot because the old one is still running and is -registered with the same name (rabbit@nodename). - -This adds a new function, rmq_node_alive, which does a simple eval to -test whether the erlang VM is up, independent of the rabbit app. The -stop action now uses rmq_node_alive to check the service status, so -even if stop_app was previously called, the erlang VM will be stopped -properly. - -Resolves: RHBZ#1639826 ---- - heartbeat/rabbitmq-cluster | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster -index 78b2bbadf..a2de9dc20 100755 ---- a/heartbeat/rabbitmq-cluster -+++ b/heartbeat/rabbitmq-cluster -@@ -188,6 +188,16 @@ rmq_app_running() { - fi - } - -+rmq_node_alive() { -+ if $RMQ_CTL eval 'ok.'; then -+ ocf_log debug "RabbitMQ node is alive" -+ return $OCF_SUCCESS -+ else -+ ocf_log debug "RabbitMQ node is down" -+ return $OCF_NOT_RUNNING -+ fi -+} -+ - rmq_monitor() { - local rc - -@@ -514,7 +524,7 @@ rmq_stop() { - end. - " - -- rmq_app_running -+ rmq_node_alive - if [ $? -eq $OCF_NOT_RUNNING ]; then - return $OCF_SUCCESS - fi diff --git a/SOURCES/bz1746148-rabbitmq-cluster-4-retry-start-cluster-join-fails.patch b/SOURCES/bz1746148-rabbitmq-cluster-4-retry-start-cluster-join-fails.patch deleted file mode 100644 index 80fe18b..0000000 --- a/SOURCES/bz1746148-rabbitmq-cluster-4-retry-start-cluster-join-fails.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 63c9449bfa9a7fecbc0f00394699a475a384671d Mon Sep 17 00:00:00 2001 -From: Damien Ciabrini -Date: Thu, 9 Aug 2018 16:33:26 +0200 -Subject: [PATCH] rabbitmq-cluster: retry start when cluster join fails - -When a node tries to join an existing cluster, it fetches a node -list to try to connect from any of those running nodes. - -If the nodes from this list become unavailable while we're joining -the cluster, the rabbitmq server will fail to get clustered and -make the start operation fail. - -Give the resource a chance to start anyway by retrying the entire -start actions until it succeeds or until the start timeout is -reached and pacemaker stops the start operation. - -Co-Authored-by: -Suggested-by: ---- - heartbeat/rabbitmq-cluster | 29 ++++++++++++++++++++++++++--- - 1 file changed, 26 insertions(+), 3 deletions(-) - -diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster -index 9ff49e075..84f383460 100755 ---- a/heartbeat/rabbitmq-cluster -+++ b/heartbeat/rabbitmq-cluster -@@ -31,6 +31,12 @@ - - ####################################################################### - -+# This arbitrary value here is used by the rmq_start action to -+# signify that the resource agent must retry the start process -+# It might potentially conflict with OCF assigned error code -+# in the future. -+RMQ_TRY_RESTART_ERROR_CODE=126 -+ - RMQ_SERVER=/usr/sbin/rabbitmq-server - RMQ_CTL=/usr/sbin/rabbitmqctl - RMQ_DATA_DIR="/var/lib/rabbitmq/mnesia" -@@ -354,7 +360,7 @@ rmq_notify() { - return $OCF_SUCCESS - } - --rmq_start() { -+rmq_try_start() { - local join_list="" - local rc - -@@ -384,8 +390,16 @@ rmq_start() { - rc=$? - - if [ $rc -ne 0 ]; then -- ocf_log info "node failed to join even after reseting local data. Check SELINUX policy" -- return $OCF_ERR_GENERIC -+ # we could not join the rabbitmq cluster from any of the running nodes -+ # this might be due to a unexpected reset of those nodes. Give ourself -+ # a chance to start by retrying the entire start sequence. -+ -+ ocf_log warn "Failed to join the RabbitMQ cluster from nodes ${join_list}. Stopping local unclustered rabbitmq" -+ rmq_stop -+ -+ ocf_log warn "Re-detect available rabbitmq nodes and try to start again" -+ # return an unused OCF value to signify a "retry" condition -+ return $RMQ_TRY_RESTART_ERROR_CODE - fi - - # Restore users, user permissions, and policies (if any) -@@ -443,6 +457,15 @@ rmq_start() { - return $OCF_SUCCESS - } - -+rmq_start() { -+ local rc=$RMQ_TRY_RESTART_ERROR_CODE -+ while [ $rc -eq $RMQ_TRY_RESTART_ERROR_CODE ]; do -+ rmq_try_start -+ rc=$? -+ done -+ return $rc -+} -+ - rmq_stop() { - # Backup users, user permissions, and policies - BaseDataDir=`dirname $RMQ_DATA_DIR` diff --git a/SOURCES/bz1746148-rabbitmq-cluster-5-ensure-node-attribures-removed.patch b/SOURCES/bz1746148-rabbitmq-cluster-5-ensure-node-attribures-removed.patch deleted file mode 100644 index 0a25333..0000000 --- a/SOURCES/bz1746148-rabbitmq-cluster-5-ensure-node-attribures-removed.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 8ed87936e9ad06318cc49ea767885a405dfde11e Mon Sep 17 00:00:00 2001 -From: John Eckersberg -Date: Wed, 5 Dec 2018 11:45:43 -0500 -Subject: [PATCH] rabbitmq-cluster: better ensure node attributes are removed - -Ensure that the attribute is removed at the end of the stop action. -Also if rmq_app_running or rmq_node_alive shows the service as down, -ensure the attribute is deleted as well. - -Resolves: RHBZ#1656368 ---- - heartbeat/rabbitmq-cluster | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster -index 1643dd1e7..2dca3e216 100755 ---- a/heartbeat/rabbitmq-cluster -+++ b/heartbeat/rabbitmq-cluster -@@ -184,6 +184,7 @@ rmq_app_running() { - return $OCF_SUCCESS - else - ocf_log debug "RabbitMQ application is stopped" -+ rmq_delete_nodename - return $OCF_NOT_RUNNING - fi - } -@@ -194,6 +195,7 @@ rmq_node_alive() { - return $OCF_SUCCESS - else - ocf_log debug "RabbitMQ node is down" -+ rmq_delete_nodename - return $OCF_NOT_RUNNING - fi - } -@@ -554,6 +556,7 @@ rmq_stop() { - sleep 1 - done - -+ rmq_delete_nodename - remove_pid - return $OCF_SUCCESS - } diff --git a/SOURCES/bz1746148-rabbitmq-cluster-6-debug-log-mnesia-query-fails.patch b/SOURCES/bz1746148-rabbitmq-cluster-6-debug-log-mnesia-query-fails.patch deleted file mode 100644 index b39150a..0000000 --- a/SOURCES/bz1746148-rabbitmq-cluster-6-debug-log-mnesia-query-fails.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 2b6e4a94c847129dd014a1efa733cd1b4a2448e6 Mon Sep 17 00:00:00 2001 -From: John Eckersberg -Date: Fri, 2 Nov 2018 10:11:41 -0400 -Subject: [PATCH] rabbitmq-cluster: debug log detailed output when mnesia query - fails - ---- - heartbeat/rabbitmq-cluster | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster -index 78b2bbadf..fabfeedfb 100755 ---- a/heartbeat/rabbitmq-cluster -+++ b/heartbeat/rabbitmq-cluster -@@ -191,7 +191,8 @@ rmq_app_running() { - rmq_monitor() { - local rc - -- if $RMQ_CTL eval 'rabbit_mnesia:cluster_status_from_mnesia().' | grep -q '^{ok'; then -+ status=$($RMQ_CTL eval 'rabbit_mnesia:cluster_status_from_mnesia().' 2>&1) -+ if echo "${status}" | grep -q '^{ok'; then - pcs_running=$(rmq_join_list | wc -w) - ocf_log debug "Pacemaker thinks ${pcs_running} RabbitMQ nodes are running" - rmq_running=$($RMQ_CTL eval 'length(mnesia:system_info(running_db_nodes)).') -@@ -209,6 +210,7 @@ rmq_monitor() { - return $OCF_SUCCESS - else - ocf_log info "RabbitMQ server could not get cluster status from mnesia" -+ ocf_log debug "${status}" - rmq_delete_nodename - return $OCF_NOT_RUNNING - fi diff --git a/SOURCES/bz1746148-rabbitmq-cluster-7-suppress-additional-output.patch b/SOURCES/bz1746148-rabbitmq-cluster-7-suppress-additional-output.patch deleted file mode 100644 index 8b58191..0000000 --- a/SOURCES/bz1746148-rabbitmq-cluster-7-suppress-additional-output.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 5a33171b2c40e2e1587e82aad0cb7e39abcf615d Mon Sep 17 00:00:00 2001 -From: John Eckersberg -Date: Thu, 13 Dec 2018 12:58:43 -0500 -Subject: [PATCH] rabbitmq-cluster: always use quiet flag for eval calls - -On older rabbitmq versions, rabbitmqctl appends "...done." at the end -of the output. However we expect eval without this extra output so it -can be used for further processing. The -q option to rabbitmqctl -suppresses the extra output, so ensure we always pass that when -calling eval. - -Resolves: RHBZ#1659072 ---- - heartbeat/rabbitmq-cluster | 15 ++++++++------- - 1 file changed, 8 insertions(+), 7 deletions(-) - -diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster -index 2dca3e216..e82ac2399 100755 ---- a/heartbeat/rabbitmq-cluster -+++ b/heartbeat/rabbitmq-cluster -@@ -39,6 +39,7 @@ RMQ_TRY_RESTART_ERROR_CODE=126 - - RMQ_SERVER=/usr/sbin/rabbitmq-server - RMQ_CTL=/usr/sbin/rabbitmqctl -+RMQ_EVAL="${RMQ_CTL} eval -q" - RMQ_DATA_DIR="/var/lib/rabbitmq/mnesia" - RMQ_PID_DIR="/var/run/rabbitmq" - RMQ_PID_FILE="/var/run/rabbitmq/rmq.pid" -@@ -179,7 +180,7 @@ remove_pid () { - } - - rmq_app_running() { -- if $RMQ_CTL eval 'application:which_applications().' | grep -q '{rabbit,'; then -+ if $RMQ_EVAL 'application:which_applications().' | grep -q '{rabbit,'; then - ocf_log debug "RabbitMQ application is running" - return $OCF_SUCCESS - else -@@ -190,7 +191,7 @@ rmq_app_running() { - } - - rmq_node_alive() { -- if $RMQ_CTL eval 'ok.'; then -+ if $RMQ_EVAL 'ok.'; then - ocf_log debug "RabbitMQ node is alive" - return $OCF_SUCCESS - else -@@ -203,11 +204,11 @@ rmq_node_alive() { - rmq_monitor() { - local rc - -- status=$($RMQ_CTL eval 'rabbit_mnesia:cluster_status_from_mnesia().' 2>&1) -+ status=$($RMQ_EVAL 'rabbit_mnesia:cluster_status_from_mnesia().' 2>&1) - if echo "${status}" | grep -q '^{ok'; then - pcs_running=$(rmq_join_list | wc -w) - ocf_log debug "Pacemaker thinks ${pcs_running} RabbitMQ nodes are running" -- rmq_running=$($RMQ_CTL eval 'length(mnesia:system_info(running_db_nodes)).') -+ rmq_running=$($RMQ_EVAL 'length(mnesia:system_info(running_db_nodes)).') - ocf_log debug "RabbitMQ thinks ${rmq_running} RabbitMQ nodes are running" - - if [ $(( $rmq_running * 2 )) -lt $pcs_running ]; then -@@ -294,7 +295,7 @@ rmq_start_first() - - rmq_is_clustered() - { -- $RMQ_CTL eval 'rabbit_mnesia:is_clustered().' | grep -q true -+ $RMQ_EVAL 'rabbit_mnesia:is_clustered().' | grep -q true - } - - rmq_join_existing() -@@ -432,7 +433,7 @@ rmq_try_start() { - - # Restore users, user permissions, and policies (if any) - BaseDataDir=`dirname $RMQ_DATA_DIR` -- $RMQ_CTL eval " -+ $RMQ_EVAL " - %% Run only if Mnesia is ready. - lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso - begin -@@ -497,7 +498,7 @@ rmq_start() { - rmq_stop() { - # Backup users, user permissions, and policies - BaseDataDir=`dirname $RMQ_DATA_DIR` -- $RMQ_CTL eval " -+ $RMQ_EVAL " - %% Run only if Mnesia is still available. - lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso - begin diff --git a/SOURCES/bz1746148-redis-mute-password-warning.patch b/SOURCES/bz1746148-redis-mute-password-warning.patch deleted file mode 100644 index b3b89e0..0000000 --- a/SOURCES/bz1746148-redis-mute-password-warning.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 6303448af77d2ed64c7436a84b30cf7fa4941e19 Mon Sep 17 00:00:00 2001 -From: Michele Baldessari -Date: Wed, 30 Jan 2019 21:36:17 +0100 -Subject: [PATCH] redis: Filter warning from stderr when calling 'redis-cli -a' - -In some versions of redis (starting with 4.0.10) we have commits [1] and -[2] which add a warning on stderr which will be printed out every single -time a monitor operation takes place: - - foo pacemaker-remoted[57563]: notice: redis_monitor_20000:1930:stderr - [ Warning: Using a password with '-a' option on the command line interface may not be safe. ] - -Later on commit [3] (merged with 5.0rc4) was merged which added the option -'--no-auth-warning' to disable said warning since it broke a bunch of -scripts [4]. I tried to forcibly either try the command twice (first -with --no-auth-warning and then without in case of errors) but it is -impossible to distinguish between error due to missing param and other -errors. - -So instead of inspecting the version of the redis-cli tool and do the following: -- >= 5.0.0 use --no-auth-warning all the time -- >= 4.0.10 & < 5.0.0 filter the problematic line from stderr only -- else do it like before - -We simply filter out from stderr the 'Using a password' message -unconditionally while making sure we keep stdout just the same. - -Tested on a redis 4.0.10 cluster and confirmed that it is working as -intended. - -All this horror and pain is due to the fact that redis does not support -any other means to pass a password (we could in theory first connect to -the server and then issue an AUTH command, but that seems even more -complex and error prone). See [5] for more info (or [6] for extra fun) - -[1] https://github.com/antirez/redis/commit/c082221aefbb2a472c7193dbdbb90900256ce1a2 -[2] https://github.com/antirez/redis/commit/ef931ef93e909b4f504e8c6fbed350ed70c1c67c -[3] https://github.com/antirez/redis/commit/a4ef94d2f71a32f73ce4ebf154580307a144b48f -[4] https://github.com/antirez/redis/issues/5073 -[5] https://github.com/antirez/redis/issues/3483 -[6] https://github.com/antirez/redis/pull/2413 - -Signed-off-by: Michele Baldessari ---- - heartbeat/redis.in | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/heartbeat/redis.in b/heartbeat/redis.in -index 1dff067e9..e257bcc5e 100644 ---- a/heartbeat/redis.in -+++ b/heartbeat/redis.in -@@ -302,7 +302,9 @@ set_score() - redis_client() { - ocf_log debug "redis_client: '$REDIS_CLIENT' -s '$REDIS_SOCKET' $*" - if [ -n "$clientpasswd" ]; then -- "$REDIS_CLIENT" -s "$REDIS_SOCKET" -a "$clientpasswd" "$@" | sed 's/\r//' -+ # Starting with 4.0.10 there is a warning on stderr when using a pass -+ # Once we stop supporting versions < 5.0.0 we can add --no-auth-warning here -+ ("$REDIS_CLIENT" -s "$REDIS_SOCKET" -a "$clientpasswd" "$@" 2>&1 >&3 3>&- | grep -v "Using a password" >&2 3>&-) 3>&1 | sed 's/\r//' - else - "$REDIS_CLIENT" -s "$REDIS_SOCKET" "$@" | sed 's/\r//' - fi diff --git a/SOURCES/python3-syntax-fixes.patch b/SOURCES/python3-syntax-fixes.patch index a037ae1..a34e312 100644 --- a/SOURCES/python3-syntax-fixes.patch +++ b/SOURCES/python3-syntax-fixes.patch @@ -703,32 +703,3 @@ diff -uNr a/bundled/aliyun/pycryptodome/lib/Crypto/Util/RFC1751.py b/bundled/ali if k2!=key: - print 'english_to_key fails on key', repr(key), ', producing', repr(k2) + print('english_to_key fails on key', repr(key), ', producing', repr(k2)) - - -diff -uNr a/SAPHanaSR-2067519/SAPHana/tools/SAPHanaSR.py b/SAPHanaSR-2067519/SAPHana/tools/SAPHanaSR.py ---- a/SAPHanaSR-2067519/SAPHana/tools/SAPHanaSR.py 2018-06-19 11:22:42.000000000 +0200 -+++ b/SAPHanaSR-2067519/SAPHana/tools/SAPHanaSR.py 2018-10-08 12:22:08.534722649 +0200 -@@ -26,19 +26,19 @@ - # 2 : fatal - did not got SRs answer - status2Rc = { "ACTIVE": 0, "SYNCING": 1, "INITIALIZING": 1, "UNKNOWN": 1, "ERROR": 1, "FATAL": 2 } - --print "SR for site: " + remSite; -+print("SR for site: " + remSite); - - srDict = sr.getLandscapeConfiguration(remSite)[0] - for srEntry in srDict: - noAnswer = 0 -- print srEntry["HOST"] + " / " + str(srEntry["PORT"]) + " / " + srEntry["DATABASE"] + " / " + srEntry["REPLICATION_STATUS"] -+ print(srEntry["HOST"] + " / " + str(srEntry["PORT"]) + " / " + srEntry["DATABASE"] + " / " + srEntry["REPLICATION_STATUS"]) - currStatus = status2Rc[srEntry["REPLICATION_STATUS"]]; -- print "currStatus " + str(currStatus) -+ print("currStatus " + str(currStatus)) - if ( worstStatus < currStatus ): - worstStatus = currStatus; - - if ( noAnswer == 1 ): -- print "No Answer " -+ print("No Answer ") - rc=status2Rc["FATAL"] - else: - rc=worstStatus diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec index 396a054..ddb9073 100644 --- a/SPECS/resource-agents.spec +++ b/SPECS/resource-agents.spec @@ -22,12 +22,6 @@ %global upstream_prefix ClusterLabs-resource-agents %global upstream_version e711383f -%global sap_script_prefix sap_cluster_connector -%global sap_script_hash 0015fe2 - -%global saphana_prefix SAPHanaSR -%global saphana_hash 2067519 - # bundles %global bundled_lib_dir bundled ## google cloud @@ -72,7 +66,7 @@ Name: resource-agents Summary: Open Source HA Reusable Cluster Resource Scripts Version: 4.1.1 -Release: 17%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.6 +Release: 33%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist} License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/resource-agents %if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel} @@ -81,16 +75,14 @@ Group: System Environment/Base Group: Productivity/Clustering/HA %endif Source0: %{upstream_prefix}-%{upstream_version}.tar.gz -Source1: %{sap_script_prefix}-%{sap_script_hash}.tar.gz -Source2: %{saphana_prefix}-%{saphana_hash}.tar.gz -Source3: %{googlecloudsdk}-%{googlecloudsdk_version}-linux-x86_64.tar.gz -Source4: %{pyroute2}-%{pyroute2_version}.tar.gz -Source5: %{colorama}-%{colorama_version}.tar.gz -Source6: %{pycryptodome}-%{pycryptodome_version}.tar.gz -Source7: %{aliyunsdkcore}-%{aliyunsdkcore_version}.tar.gz -Source8: %{aliyunsdkecs}-%{aliyunsdkecs_version}.tar.gz -Source9: %{aliyunsdkvpc}-%{aliyunsdkvpc_version}.tar.gz -Source10: %{aliyuncli}-%{aliyuncli_version}.tar.gz +Source1: %{googlecloudsdk}-%{googlecloudsdk_version}-linux-x86_64.tar.gz +Source2: %{pyroute2}-%{pyroute2_version}.tar.gz +Source3: %{colorama}-%{colorama_version}.tar.gz +Source4: %{pycryptodome}-%{pycryptodome_version}.tar.gz +Source5: %{aliyunsdkcore}-%{aliyunsdkcore_version}.tar.gz +Source6: %{aliyunsdkecs}-%{aliyunsdkecs_version}.tar.gz +Source7: %{aliyunsdkvpc}-%{aliyunsdkvpc_version}.tar.gz +Source8: %{aliyuncli}-%{aliyuncli_version}.tar.gz Patch0: nova-compute-wait-NovaEvacuate.patch Patch1: LVM-volume_group_check_only.patch Patch2: bz1552330-vdo-vol.patch @@ -127,39 +119,50 @@ Patch32: bz1642027-nfsserver-var-lib-nfs-fix.patch Patch33: bz1662466-vdo-vol-fix-monitor-action.patch Patch34: bz1643307-LVM-activate-dont-fail-initial-probe.patch Patch35: bz1658664-LVM-activate-dont-require-locking_type.patch -Patch36: bz1710058-Squid-1-fix-pidfile-issue.patch -Patch37: bz1710063-1-gcp-vpc-move-route-vip-fix-python3-encoding.patch -Patch38: bz1710061-aws-vpc-move-ip-avoid-possible-race-condition.patch -Patch39: bz1714104-aws-vpc-move-ip-1-multi-route-table-support.patch -Patch40: bz1714104-aws-vpc-move-ip-2-fix-route-update-multi-NICs.patch -Patch41: bz1710058-Squid-2-dont-run-pgrep-without-PID.patch -Patch42: bz1734062-podman-1-avoid-double-inspect-call.patch -Patch43: bz1734062-podman-2-improve-monitor-action.patch -Patch44: bz1734062-podman-3-remove-docker-remnant.patch -Patch45: bz1734062-podman-4-use-exec-to-avoid-performance-issues.patch -Patch46: bz1734067-CTDB-1-explicitly-use-bash-shell.patch -Patch47: bz1734067-CTDB-2-add-ctdb_max_open_files-parameter.patch -Patch48: bz1734067-CTDB-3-fixes.patch -Patch49: bz1734067-CTDB-4-add-v4.9-support.patch -Patch50: bz1738303-podman-drop-in-support.patch -Patch51: bz1746148-redis-mute-password-warning.patch -Patch52: bz1746148-rabbitmq-cluster-1-monitor-mnesia-status.patch -Patch53: bz1746148-rabbitmq-cluster-2-fail-when-in-minority-partition.patch -Patch54: bz1746148-rabbitmq-cluster-3-fix-stop-regression.patch -Patch55: bz1746148-rabbitmq-cluster-4-retry-start-cluster-join-fails.patch -Patch56: bz1746148-rabbitmq-cluster-5-ensure-node-attribures-removed.patch -Patch57: bz1746148-rabbitmq-cluster-6-debug-log-mnesia-query-fails.patch -Patch58: bz1746148-rabbitmq-cluster-7-suppress-additional-output.patch +Patch36: bz1689184-Squid-1-fix-pidfile-issue.patch +Patch37: bz1667414-1-LVM-activate-support-LVs-from-same-VG.patch +Patch38: bz1667414-2-LVM-activate-only-count-volumes.patch +Patch39: bz1666691-tomcat-use-systemd-when-catalina.sh-unavailable.patch +Patch40: bz1693662-aws-vpc-move-ip-avoid-possible-race-condition.patch +Patch41: bz1695656-gcp-vpc-move-route-vip-fix-python3-encoding.patch +Patch42: bz1697559-aws-vpc-move-ip-1-multi-route-table-support.patch +Patch43: bz1697559-aws-vpc-move-ip-2-fix-route-update-multi-NICs.patch +Patch44: bz1669140-Route-make-family-parameter-optional.patch +Patch45: bz1683548-redis-mute-password-warning.patch +Patch46: bz1692413-1-iSCSITarget-create-iqn-when-it-doesnt-exist.patch +Patch47: bz1689184-Squid-2-dont-run-pgrep-without-PID.patch +Patch48: bz1707969-1-ocf_log-do-not-log-debug-when-HA_debug-unset.patch +Patch49: bz1707969-2-ocf_is_true-add-True-to-regexp.patch +Patch50: bz1717759-Filesystem-remove-notify-action-from-metadata.patch +Patch51: bz1719684-dhcpd-keep-SELinux-context-chroot.patch +Patch52: bz1718219-podman-1-avoid-double-inspect-call.patch +Patch53: bz1718219-podman-2-improve-monitor-action.patch +Patch54: bz1718219-podman-3-remove-docker-remnant.patch +Patch55: bz1718219-podman-4-use-exec-to-avoid-performance-issues.patch +Patch56: bz1730455-LVM-activate-fix-monitor-hang.patch +Patch57: bz1732867-CTDB-1-explicitly-use-bash-shell.patch +Patch58: bz1732867-CTDB-2-add-ctdb_max_open_files-parameter.patch +Patch59: bz1732867-CTDB-3-fixes.patch +Patch60: bz1732867-CTDB-4-add-v4.9-support.patch +Patch61: bz1692413-2-iSCSILogicalUnit-create-acls-fix.patch +Patch62: bz1736746-podman-drop-in-support.patch +Patch63: bz1692960-mysql-galera-runuser-su-to-avoid-dac_override.patch +Patch64: bz1745713-rabbitmq-cluster-1-monitor-mnesia-status.patch +Patch65: bz1745713-rabbitmq-cluster-2-fail-when-in-minority-partition.patch +Patch66: bz1745713-rabbitmq-cluster-3-fix-stop-regression.patch +Patch67: bz1745713-rabbitmq-cluster-4-retry-start-cluster-join-fails.patch +Patch68: bz1745713-rabbitmq-cluster-5-ensure-node-attribures-removed.patch +Patch69: bz1745713-rabbitmq-cluster-6-debug-log-mnesia-query-fails.patch +Patch70: bz1745713-rabbitmq-cluster-7-suppress-additional-output.patch # bundle patches Patch1000: 7-gcp-bundled.patch Patch1001: 8-google-cloud-sdk-fixes.patch Patch1002: 9-google-cloud-sdk-oauth2client-python-rsa-to-cryptography.patch Patch1003: 10-gcloud-support-info.patch -Patch1004: bz1710060-gcloud-dont-detect-python2.patch +Patch1004: bz1691456-gcloud-dont-detect-python2.patch Patch1005: aliyun-vpc-move-ip-4-bundled.patch Patch1006: python3-syntax-fixes.patch Patch1007: aliyuncli-python3-fixes.patch -Patch1008: bz1710063-2-oauth2client-fix-python3-encoding.patch Obsoletes: heartbeat-resources <= %{version} Provides: heartbeat-resources = %{version} @@ -200,6 +203,9 @@ Requires: /usr/sbin/lvm # nfsserver / netfs.sh Requires: /usr/sbin/rpc.nfsd /sbin/rpc.statd /usr/sbin/rpc.mountd +# ocf.py +Requires: python3 + # rgmanager %if %{with rgmanager} # ip.sh @@ -266,7 +272,6 @@ Provides: bundled(python-appdirs) = 1.4.0 Provides: bundled(python-argparse) = 1.2.1 Provides: bundled(python-chardet) = 2.3.0 Provides: bundled(python-dulwich) = 0.10.2 -Provides: bundled(python-httplib2) = 0.11.3 Provides: bundled(python-ipaddress) = 1.0.16 Provides: bundled(python-ipaddr) = 2.1.11 Provides: bundled(python-mako) = 1.0.7 @@ -290,41 +295,6 @@ The Google Cloud Platform resource agents allows Google Cloud Platform instances to be managed in a cluster environment. %endif -%ifarch x86_64 ppc64le -%package sap -License: GPLv2+ -Summary: SAP cluster resource agents and connector script -%if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel} -Group: System Environment/Base -%else -Group: Productivity/Clustering/HA -%endif -Requires: %{name} = %{version}-%{release} -Requires: perl - -%description sap -The SAP resource agents and connector script interface with -Pacemaker to allow SAP instances to be managed in a cluster -environment. -%endif - -%ifarch x86_64 ppc64le -%package sap-hana -License: GPLv2+ -Summary: SAP HANA cluster resource agents -%if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel} -Group: System Environment/Base -%else -Group: Productivity/Clustering/HA -%endif -Requires: %{name} = %{version}-%{release} -Requires: perl - -%description sap-hana -The SAP HANA resource agents interface with Pacemaker to allow -SAP instances to be managed in a cluster environment. -%endif - %prep %if 0%{?suse_version} == 0 && 0%{?fedora} == 0 && 0%{?centos_version} == 0 && 0%{?rhel} == 0 %{error:Unable to determine the distribution/version. This is generally caused by missing /etc/rpm/macros.dist. Please install the correct build packages or define the required macros manually.} @@ -371,9 +341,9 @@ exit 1 %patch35 -p1 %patch36 -p1 %patch37 -p1 -%patch38 -p1 -F2 +%patch38 -p1 %patch39 -p1 -%patch40 -p1 +%patch40 -p1 -F2 %patch41 -p1 %patch42 -p1 %patch43 -p1 @@ -382,8 +352,8 @@ exit 1 %patch46 -p1 %patch47 -p1 %patch48 -p1 -%patch49 -p1 -F1 -%patch50 -p1 -F2 +%patch49 -p1 +%patch50 -p1 %patch51 -p1 %patch52 -p1 %patch53 -p1 @@ -392,22 +362,29 @@ exit 1 %patch56 -p1 %patch57 -p1 %patch58 -p1 +%patch59 -p1 +%patch60 -p1 -F1 +%patch61 -p1 +%patch62 -p1 -F2 +%patch63 -p1 +%patch64 -p1 +%patch65 -p1 +%patch66 -p1 +%patch67 -p1 +%patch68 -p1 +%patch69 -p1 +%patch70 -p1 chmod 755 heartbeat/nova-compute-wait chmod 755 heartbeat/NovaEvacuate -# add SAPHana agents to Makefile.am -mv %{saphana_prefix}-%{saphana_hash}/SAPHana/ra/SAPHana* heartbeat -sed -i -e '/ SAPInstance \\/a\ SAPHana \\\n SAPHanaTopology \\' heartbeat/Makefile.am -sed -i -e '/ ocf_heartbeat_SAPInstance.7 \\/a\ ocf_heartbeat_SAPHana.7 \\\n ocf_heartbeat_SAPHanaTopology.7 \\' doc/man/Makefile.am - # bundles mkdir -p %{bundled_lib_dir}/gcp mkdir -p %{bundled_lib_dir}/aliyun # google-cloud-sdk bundle %ifarch x86_64 -tar -xzf %SOURCE3 -C %{bundled_lib_dir}/gcp +tar -xzf %SOURCE1 -C %{bundled_lib_dir}/gcp # gcp*: append bundled-directory to search path, gcloud-ra %patch1000 -p1 # google-cloud-sdk fixes @@ -479,7 +456,7 @@ cp %{googlecloudsdk_dir}/lib/third_party/apitools/LICENSE %{googlecloudsdk}_apit cp %{googlecloudsdk_dir}/lib/third_party/containerregistry/LICENSE %{googlecloudsdk}_containerregistry_LICENSE # python-pyroute2 bundle -tar -xzf %SOURCE4 -C %{bundled_lib_dir}/gcp +tar -xzf %SOURCE2 -C %{bundled_lib_dir}/gcp mv %{bundled_lib_dir}/gcp/%{pyroute2}-%{pyroute2_version} %{pyroute2_dir} cp %{pyroute2_dir}/README.md %{pyroute2}_README.md cp %{pyroute2_dir}/README.license.md %{pyroute2}_README.license.md @@ -487,7 +464,7 @@ cp %{pyroute2_dir}/LICENSE.Apache.v2 %{pyroute2}_LICENSE.Apache.v2 cp %{pyroute2_dir}/LICENSE.GPL.v2 %{pyroute2}_LICENSE.GPL.v2 # python-colorama bundle -tar -xzf %SOURCE5 -C %{bundled_lib_dir}/aliyun +tar -xzf %SOURCE3 -C %{bundled_lib_dir}/aliyun mv %{bundled_lib_dir}/aliyun/%{colorama}-%{colorama_version} %{colorama_dir} cp %{colorama_dir}/LICENSE.txt %{colorama}_LICENSE.txt cp %{colorama_dir}/README.rst %{colorama}_README.rst @@ -498,28 +475,28 @@ rm -rf *.egg-info popd # python-pycryptodome bundle -tar -xzf %SOURCE6 -C %{bundled_lib_dir}/aliyun +tar -xzf %SOURCE4 -C %{bundled_lib_dir}/aliyun mv %{bundled_lib_dir}/aliyun/%{pycryptodome}-%{pycryptodome_version} %{pycryptodome_dir} cp %{pycryptodome_dir}/README.rst %{pycryptodome}_README.rst cp %{pycryptodome_dir}/LICENSE.rst %{pycryptodome}_LICENSE.rst # python-aliyun-sdk-core bundle -tar -xzf %SOURCE7 -C %{bundled_lib_dir}/aliyun +tar -xzf %SOURCE5 -C %{bundled_lib_dir}/aliyun mv %{bundled_lib_dir}/aliyun/%{aliyunsdkcore}-%{aliyunsdkcore_version} %{aliyunsdkcore_dir} cp %{aliyunsdkcore_dir}/README.rst %{aliyunsdkcore}_README.rst # python-aliyun-sdk-ecs bundle -tar -xzf %SOURCE8 -C %{bundled_lib_dir}/aliyun +tar -xzf %SOURCE6 -C %{bundled_lib_dir}/aliyun mv %{bundled_lib_dir}/aliyun/%{aliyunsdkecs}-%{aliyunsdkecs_version} %{aliyunsdkecs_dir} cp %{aliyunsdkecs_dir}/README.rst %{aliyunsdkecs}_README.rst # python-aliyun-sdk-vpc bundle -tar -xzf %SOURCE9 -C %{bundled_lib_dir}/aliyun +tar -xzf %SOURCE7 -C %{bundled_lib_dir}/aliyun mv %{bundled_lib_dir}/aliyun/%{aliyunsdkvpc}-%{aliyunsdkvpc_version} %{aliyunsdkvpc_dir} cp %{aliyunsdkvpc_dir}/README.rst %{aliyunsdkvpc}_README.rst # aliyuncli bundle -tar -xzf %SOURCE10 -C %{bundled_lib_dir}/aliyun +tar -xzf %SOURCE8 -C %{bundled_lib_dir}/aliyun mv %{bundled_lib_dir}/aliyun/%{aliyuncli}-%{aliyuncli_version} %{aliyuncli_dir} cp %{aliyuncli_dir}/README.rst %{aliyuncli}_README.rst cp %{aliyuncli_dir}/LICENSE %{aliyuncli}_LICENSE @@ -529,9 +506,6 @@ cp %{aliyuncli_dir}/LICENSE %{aliyuncli}_LICENSE # aliyun Python 3 fixes %patch1006 -p1 %patch1007 -p1 - -# google-cloud-sdk oauth2client fix Python 3 encoding issue -%patch1008 -p1 %endif %build @@ -624,8 +598,6 @@ make install DESTDIR=%{buildroot} # byte compile ocf.py %py_byte_compile %{__python3} %{buildroot}%{_usr}/lib/ocf/lib/heartbeat -mv %{sap_script_prefix}-%{sap_script_hash}/redhat/sap_redhat_cluster_connector %{buildroot}/%{_sbindir} - # google-cloud-sdk bundle %ifarch x86_64 pushd %{googlecloudsdk_dir} @@ -748,15 +720,20 @@ rm -rf %{buildroot} ### # Supported, but in another sub package ### -%exclude %{_sbindir}/sap_redhat_cluster_connector -%exclude /usr/lib/ocf/resource.d/heartbeat/SAP* -%exclude /usr/lib/ocf/lib/heartbeat/sap* -%exclude %{_mandir}/man7/*SAP* +%exclude /usr/lib/ocf/resource.d/heartbeat/aliyun-vpc-move-ip* +%exclude %{_mandir}/man7/*aliyun-vpc-move-ip* %exclude /usr/lib/ocf/resource.d/heartbeat/gcp* %exclude %{_mandir}/man7/*gcp* %exclude /usr/lib/%{name}/%{bundled_lib_dir} ### +# Moved to separate packages +### +%exclude /usr/lib/ocf/resource.d/heartbeat/SAP* +%exclude /usr/lib/ocf/lib/heartbeat/sap* +%exclude %{_mandir}/man7/*SAP* + +### # Unsupported ### %exclude /usr/lib/ocf/resource.d/heartbeat/clvm @@ -940,66 +917,108 @@ ccs_update_schema > /dev/null 2>&1 ||: /usr/lib/%{name}/%{bundled_lib_dir}/gcp %endif -%ifarch x86_64 ppc64le -%files sap -%defattr(-,root,root) -%{_sbindir}/sap_redhat_cluster_connector -/usr/lib/ocf/resource.d/heartbeat/SAP* -/usr/lib/ocf/lib/heartbeat/sap* -%{_mandir}/man7/*SAP* -%exclude %{_mandir}/man7/*SAPHana* -%exclude /usr/lib/ocf/resource.d/heartbeat/SAPHana* -%endif - -%ifarch x86_64 ppc64le -%files sap-hana -%defattr(-,root,root) -/usr/lib/ocf/resource.d/heartbeat/SAPHana* -%{_mandir}/man7/*SAPHana* -%endif - %changelog -* Wed Aug 28 2019 Oyvind Albrigtsen - 4.1.1-17.6 +* Tue Aug 27 2019 Oyvind Albrigtsen - 4.1.1-33 - rabbitmq-cluster: fail monitor when node is in minority partition, fix stop regression, retry start when cluster join fails, ensure node attributes are removed - Resolves: rhbz#1746148 + Resolves: rhbz#1745713 + +* Mon Aug 12 2019 Oyvind Albrigtsen - 4.1.1-32 +- mysql/galera: use runuser/su to avoid using DAC_OVERRIDE -* Wed Aug 7 2019 Oyvind Albrigtsen - 4.1.1-17.5 + Resolves: rhbz#1692960 + +* Wed Aug 7 2019 Oyvind Albrigtsen - 4.1.1-31 - podman: add drop-in dependency support - Resolves: rhbz#1738303 + Resolves: rhbz#1736746 + +* Wed Jul 31 2019 Oyvind Albrigtsen - 4.1.1-30 +- iSCSITarget/iSCSILogicalUnit: only create iqn/acls when it doesnt + exist + + Resolves: rhbz#1692413 + +* Tue Jul 30 2019 Oyvind Albrigtsen - 4.1.1-29 +- CTDB: add support for v4.9+ + + Resolves: rhbz#1732867 -* Tue Jul 30 2019 Oyvind Albrigtsen - 4.1.1-17.4 +* Tue Jul 23 2019 Oyvind Albrigtsen - 4.1.1-28 - podman: fixes to avoid bundle resources restarting when probing takes too long -- CTDB: add support for v4.9+ +- LVM-activate: fix monitor to avoid hang caused by validate-all call + + Resolves: rhbz#1718219 + Resolves: rhbz#1730455 + +* Wed Jun 19 2019 Oyvind Albrigtsen - 4.1.1-27 +- ocf_log: do not log debug messages when HA_debug unset +- Filesystem: remove notify-action from metadata +- dhcpd keep SELinux context in chroot + + Resolves: rhbz#1707969 + Resolves: rhbz#1717759 + Resolves: rhbz#1719684 + +* Tue Jun 11 2019 Oyvind Albrigtsen - 4.1.1-26 +- sap/sap-hana: split subpackages into separate packages - Resolves: rhbz#1734062 - Resolves: rhbz#1734067 + Resolves: rhbz#1705767 -* Wed May 29 2019 Oyvind Albrigtsen - 4.1.1-17.3 +* Wed May 29 2019 Oyvind Albrigtsen - 4.1.1-24 - Squid: fix PID file issue - Resolves: rhbz#1710058 + Resolves: rhbz#1689184 -* Wed May 29 2019 Oyvind Albrigtsen - 4.1.1-17.2 -- gcp-vpc-move-route/gcp-vpc-move-vip: fix Python 3 encoding issue +* Tue May 28 2019 Oyvind Albrigtsen - 4.1.1-23 +- Route: make family parameter optional +- redis: mute password warning + + Resolves: rhbz#1669140 + Resolves: rhbz#1683548 + +* Thu May 23 2019 Oyvind Albrigtsen - 4.1.1-22 - aws-vpc-move-ip: add multi route-table support and fix issue w/multiple NICs - Resolves: rhbz#1710063 - Resolves: rhbz#1714104 + Resolves: rhbz#1697559 -* Wed May 15 2019 Oyvind Albrigtsen - 4.1.1-17.1 +* Fri Apr 5 2019 Oyvind Albrigtsen - 4.1.1-21 +- gcp-vpc-move-route/gcp-vpc-move-vip: fix Python 3 encoding issue + + Resolves: rhbz#1695656 + +* Mon Apr 1 2019 Oyvind Albrigtsen - 4.1.1-20 +- LVM/clvm: remove manpages for excluded agents +- aws-vpc-move-ip: use "--query" to avoid a possible race condition - gcloud-ra: fix Python 3 issue and remove Python 2 detection + + Resolves: rhbz#1694392 + Resolves: rhbz#1693662 + Resolves: rhbz#1691456 + +* Thu Mar 21 2019 Oyvind Albrigtsen - 4.1.1-19 +- Add CI gating tests +- LVM-activate: support LVs from same VG +- tomcat: use systemd when catalina.sh is unavailable +- Fixed python-devel/perl build dependencies + + Resolves: rhbz#1682136 + Resolves: rhbz#1667414 + Resolves: rhbz#1666691 + Resolves: rhbz#1595854 + +* Thu Mar 7 2019 Oyvind Albrigtsen - 4.1.1-18 +- aliyun-vpc-move-ip: exclude from main package - aliyuncli-ra: upgrade bundled python-aliyun-sdk-core and fix Python 3 issues -- aws-vpc-move-ip: use "--query" to avoid a possible race condition +- ocf.py: byte compile - Resolves: rhbz#1710060 - Resolves: rhbz#1710057 - Resolves: rhbz#1710061 + Resolves: rhbz#1677204 + Resolves: rhbz#1677981 + Resolves: rhbz#1678874 * Tue Feb 5 2019 Oyvind Albrigtsen - 4.1.1-17 - LVM-activate: dont require locking_type