diff --git a/SOURCES/bz1654862-1-IPsrcaddr-dhcp-warning.patch b/SOURCES/bz1654862-1-IPsrcaddr-dhcp-warning.patch new file mode 100644 index 0000000..34bad14 --- /dev/null +++ b/SOURCES/bz1654862-1-IPsrcaddr-dhcp-warning.patch @@ -0,0 +1,41 @@ +From 6d2ed7615614ede093f097189876d0f08553a43e Mon Sep 17 00:00:00 2001 +From: Reid Wahl +Date: Mon, 14 Feb 2022 22:23:39 -0800 +Subject: [PATCH] IPsrcaddr: Add warning about DHCP + +If DHCP is enabled for the interface that serves OCF_RESKEY_ipaddress, +then NetworkManager (and possibly dhclient in systems without NM; +unsure) may later re-add a route that the IPsrcaddr resource replaced. +This may cause the resource to fail or cause other unexpected behavior. + +So far this has been observed with a default route, albeit with an edge +case of a configuration (OCF_RESKEY_ipaddress on a different subnet) +that may not be totally valid. There are likely to be other situations +as well where DHCP can cause conflicts with IPsrcaddr's manual updates +via iproute. The safest option is to use only static configuration for +the involved interface. + +Resolves: RHBZ#1654862 + +Signed-off-by: Reid Wahl +--- + heartbeat/IPsrcaddr | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr +index ec868409f..fd7b6f68d 100755 +--- a/heartbeat/IPsrcaddr ++++ b/heartbeat/IPsrcaddr +@@ -99,6 +99,12 @@ meta_data() { + + Resource script for IPsrcaddr. It manages the preferred source address + modification. ++ ++Note: DHCP should not be enabled for the interface serving the preferred ++source address. Enabling DHCP may result in unexpected behavior, such as ++the automatic addition of duplicate or conflicting routes. This may ++cause the IPsrcaddr resource to fail, or it may produce undesired ++behavior while the resource continues to run. + + Manages the preferred source address for outgoing IP packets + diff --git a/SOURCES/bz1654862-2-IPsrcaddr-error-message-route-not-found.patch b/SOURCES/bz1654862-2-IPsrcaddr-error-message-route-not-found.patch new file mode 100644 index 0000000..8a4a6fc --- /dev/null +++ b/SOURCES/bz1654862-2-IPsrcaddr-error-message-route-not-found.patch @@ -0,0 +1,49 @@ +From 5a65f66ff803ad7ed15af958cc1efdde4d53dcb7 Mon Sep 17 00:00:00 2001 +From: Reid Wahl +Date: Thu, 17 Feb 2022 03:53:21 -0800 +Subject: [PATCH] IPsrcaddr: Better error message when no matching route found + +If OCF_RESKEY_destination is not explicitly set and `ip route list` +can't find a route matching the specifications, the NETWORK variable +doesn't get set. This causes a certain failure of the start operation, +because there is no PREFIX argument to `ip route replace` (syntax +error). It may also cause unexpected behavior for stop operations (but +not in all cases). During a monitor, this event can only happen if +something has changed outside the cluster's control, and so is cause +for warning there. + +Exit OCF_ERR_ARGS for start, log debug for probe, log warning for all +other ops. + +Resolves: RHBZ#1654862 + +Signed-off-by: Reid Wahl +--- + heartbeat/IPsrcaddr | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr +index fd7b6f68d..f0216722d 100755 +--- a/heartbeat/IPsrcaddr ++++ b/heartbeat/IPsrcaddr +@@ -549,6 +549,20 @@ rc=$? + INTERFACE=`echo $findif_out | awk '{print $1}'` + if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] ;then + NETWORK=`$IP2UTIL route list dev $INTERFACE scope link $PROTO match $ipaddress|grep -m 1 -o '^[^ ]*'` ++ ++ if [ -z "$NETWORK" ]; then ++ err_str="command '$IP2UTIL route list dev $INTERFACE scope link $PROTO" ++ err_str="$err_str match $ipaddress' failed to find a matching route" ++ ++ if [ "$__OCF_ACTION" = "start" ]; then ++ ocf_exit_reason "$err_str" ++ exit $OCF_ERR_ARGS ++ elif ! ocf_is_probe; then ++ ocf_log warn "$err_str" ++ else ++ ocf_log debug "$err_str" ++ fi ++ fi + else + NETWORK="$OCF_RESKEY_destination" + fi diff --git a/SOURCES/bz1654862-3-IPsrcaddr-fix-indentation.patch b/SOURCES/bz1654862-3-IPsrcaddr-fix-indentation.patch new file mode 100644 index 0000000..337943d --- /dev/null +++ b/SOURCES/bz1654862-3-IPsrcaddr-fix-indentation.patch @@ -0,0 +1,56 @@ +From 0a197f1cd227e768837dff778a0c56fc1085d434 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 21 Feb 2022 13:54:04 +0100 +Subject: [PATCH] IPsrcaddr: fix indentation in better error message code + +--- + heartbeat/IPsrcaddr | 30 +++++++++++++++--------------- + 1 file changed, 15 insertions(+), 15 deletions(-) + +diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr +index f0216722d..c82adc0e9 100755 +--- a/heartbeat/IPsrcaddr ++++ b/heartbeat/IPsrcaddr +@@ -542,27 +542,27 @@ fi + findif_out=`$FINDIF -C` + rc=$? + [ $rc -ne 0 ] && { +- ocf_exit_reason "[$FINDIF -C] failed" +- exit $rc ++ ocf_exit_reason "[$FINDIF -C] failed" ++ exit $rc + } + + INTERFACE=`echo $findif_out | awk '{print $1}'` + if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] ;then + NETWORK=`$IP2UTIL route list dev $INTERFACE scope link $PROTO match $ipaddress|grep -m 1 -o '^[^ ]*'` + +- if [ -z "$NETWORK" ]; then +- err_str="command '$IP2UTIL route list dev $INTERFACE scope link $PROTO" +- err_str="$err_str match $ipaddress' failed to find a matching route" +- +- if [ "$__OCF_ACTION" = "start" ]; then +- ocf_exit_reason "$err_str" +- exit $OCF_ERR_ARGS +- elif ! ocf_is_probe; then +- ocf_log warn "$err_str" +- else +- ocf_log debug "$err_str" +- fi +- fi ++ if [ -z "$NETWORK" ]; then ++ err_str="command '$IP2UTIL route list dev $INTERFACE scope link $PROTO" ++ err_str="$err_str match $ipaddress' failed to find a matching route" ++ ++ if [ "$__OCF_ACTION" = "start" ]; then ++ ocf_exit_reason "$err_str" ++ exit $OCF_ERR_ARGS ++ elif ! ocf_is_probe; then ++ ocf_log warn "$err_str" ++ else ++ ocf_log debug "$err_str" ++ fi ++ fi + else + NETWORK="$OCF_RESKEY_destination" + fi diff --git a/SOURCES/bz1654862-4-IPsrcaddr-fixes.patch b/SOURCES/bz1654862-4-IPsrcaddr-fixes.patch new file mode 100644 index 0000000..c099fa5 --- /dev/null +++ b/SOURCES/bz1654862-4-IPsrcaddr-fixes.patch @@ -0,0 +1,117 @@ +From 50a596bfb977b18902dc62b99145bbd1a087690a Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 1 Mar 2022 11:06:07 +0100 +Subject: [PATCH] IPsrcaddr: fixes + +- use findif.sh to detect secondary interfaces +- get metric and proto to update the correct route/update it correctly +- match route using interface to fail when trying to update secondary + interfaces without specifying destination (would update default route + before) +- also use PRIMARY_IP/OPTS during stop-action for default routes (to get + back to the exact routes we started with) +- dont fail during stop-action if route doesnt exist +- use [[:blank:]] for WS to follow POSIX standard (suggested by nrwahl) +--- + heartbeat/IPsrcaddr | 35 +++++++++++++++++++---------------- + 1 file changed, 19 insertions(+), 16 deletions(-) + +diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr +index c82adc0e9..7dbf65ff5 100755 +--- a/heartbeat/IPsrcaddr ++++ b/heartbeat/IPsrcaddr +@@ -52,6 +52,7 @@ + # Initialization: + : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} + . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs ++. ${OCF_FUNCTIONS_DIR}/findif.sh + + # Defaults + OCF_RESKEY_ipaddress_default="" +@@ -181,19 +182,21 @@ errorexit() { + # + # where the src clause "src Y.Y.Y.Y" may or may not be present + +-WS="[`echo -en ' \t'`]" ++WS="[[:blank:]]" + OCTET="[0-9]\{1,3\}" + IPADDR="\($OCTET\.\)\{3\}$OCTET" + SRCCLAUSE="src$WS$WS*\($IPADDR\)" + MATCHROUTE="\(.*${WS}\)\($SRCCLAUSE\)\($WS.*\|$\)" +-FINDIF=$HA_BIN/findif ++METRICCLAUSE=".*\(metric$WS[^ ]\+\)" ++PROTOCLAUSE=".*\(proto$WS[^ ]\+\)" ++FINDIF=findif + + # findif needs that to be set + export OCF_RESKEY_ip=$OCF_RESKEY_ipaddress + + srca_read() { + # Capture matching route - doublequotes prevent word splitting... +- ROUTE="`$CMDSHOW 2> /dev/null`" || errorexit "command '$CMDSHOW' failed" ++ ROUTE="`$CMDSHOW dev $INTERFACE 2> /dev/null`" || errorexit "command '$CMDSHOW' failed" + + # ... so we can make sure there is only 1 matching route + [ 1 -eq `echo "$ROUTE" | wc -l` ] || \ +@@ -201,7 +204,7 @@ srca_read() { + + # But there might still be no matching route + [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] && [ -z "$ROUTE" ] && \ +- ! ocf_is_probe && errorexit "no matching route exists" ++ ! ocf_is_probe && [ "$__OCF_ACTION" != stop ] && errorexit "no matching route exists" + + # Sed out the source ip address if it exists + SRCIP=`echo $ROUTE | sed -n "s/$MATCHROUTE/\3/p"` +@@ -232,8 +235,8 @@ srca_start() { + rc=$OCF_SUCCESS + ocf_log info "The ip route has been already set.($NETWORK, $INTERFACE, $ROUTE_WO_SRC)" + else +- $IP2UTIL route replace $TABLE $NETWORK dev $INTERFACE src $1 || \ +- errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE src $1' failed" ++ $IP2UTIL route replace $TABLE $NETWORK dev $INTERFACE $PROTO src $1 $METRIC || \ ++ errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE $PROTO src $1 $METRIC' failed" + + if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] ;then + $CMDCHANGE $ROUTE_WO_SRC src $1 || \ +@@ -266,14 +269,11 @@ srca_stop() { + + [ $rc = 2 ] && errorexit "The address you specified to stop does not match the preferred source address" + +- OPTS="" +- if [ "$OCF_RESKEY_destination" != "0.0.0.0/0" ] ;then +- PRIMARY_IP="$($IP2UTIL -4 -o addr show dev $INTERFACE primary | awk '{split($4,a,"/");print a[1]}')" +- OPTS="proto kernel scope host src $PRIMARY_IP" +- fi ++ PRIMARY_IP="$($IP2UTIL -4 -o addr show dev $INTERFACE primary | awk '{split($4,a,"/");print a[1]}')" ++ OPTS="proto kernel scope link src $PRIMARY_IP" + +- $IP2UTIL route replace $TABLE $NETWORK dev $INTERFACE $OPTS || \ +- errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE $OPTS' failed" ++ $IP2UTIL route replace $TABLE $NETWORK dev $INTERFACE $OPTS $METRIC || \ ++ errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE $OPTS $METRIC' failed" + + if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] ;then + $CMDCHANGE $ROUTE_WO_SRC || \ +@@ -539,16 +539,19 @@ if [ $rc -ne $OCF_SUCCESS ]; then + esac + fi + +-findif_out=`$FINDIF -C` ++findif_out=`$FINDIF` + rc=$? + [ $rc -ne 0 ] && { +- ocf_exit_reason "[$FINDIF -C] failed" ++ ocf_exit_reason "[$FINDIF] failed" + exit $rc + } + + INTERFACE=`echo $findif_out | awk '{print $1}'` ++LISTROUTE=`$IP2UTIL route list dev $INTERFACE scope link $PROTO match $ipaddress` ++METRIC=`echo $LISTROUTE | sed -n "s/$METRICCLAUSE/\1/p"` ++[ -z "$PROTO" ] && PROTO=`echo $LISTROUTE | sed -n "s/$PROTOCLAUSE/\1/p"` + if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] ;then +- NETWORK=`$IP2UTIL route list dev $INTERFACE scope link $PROTO match $ipaddress|grep -m 1 -o '^[^ ]*'` ++ NETWORK=`echo $LISTROUTE | grep -m 1 -o '^[^ ]*'` + + if [ -z "$NETWORK" ]; then + err_str="command '$IP2UTIL route list dev $INTERFACE scope link $PROTO" diff --git a/SOURCES/bz1654862-IPsrcaddr-dhcp-warning.patch b/SOURCES/bz1654862-IPsrcaddr-dhcp-warning.patch deleted file mode 100644 index 34bad14..0000000 --- a/SOURCES/bz1654862-IPsrcaddr-dhcp-warning.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 6d2ed7615614ede093f097189876d0f08553a43e Mon Sep 17 00:00:00 2001 -From: Reid Wahl -Date: Mon, 14 Feb 2022 22:23:39 -0800 -Subject: [PATCH] IPsrcaddr: Add warning about DHCP - -If DHCP is enabled for the interface that serves OCF_RESKEY_ipaddress, -then NetworkManager (and possibly dhclient in systems without NM; -unsure) may later re-add a route that the IPsrcaddr resource replaced. -This may cause the resource to fail or cause other unexpected behavior. - -So far this has been observed with a default route, albeit with an edge -case of a configuration (OCF_RESKEY_ipaddress on a different subnet) -that may not be totally valid. There are likely to be other situations -as well where DHCP can cause conflicts with IPsrcaddr's manual updates -via iproute. The safest option is to use only static configuration for -the involved interface. - -Resolves: RHBZ#1654862 - -Signed-off-by: Reid Wahl ---- - heartbeat/IPsrcaddr | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr -index ec868409f..fd7b6f68d 100755 ---- a/heartbeat/IPsrcaddr -+++ b/heartbeat/IPsrcaddr -@@ -99,6 +99,12 @@ meta_data() { - - Resource script for IPsrcaddr. It manages the preferred source address - modification. -+ -+Note: DHCP should not be enabled for the interface serving the preferred -+source address. Enabling DHCP may result in unexpected behavior, such as -+the automatic addition of duplicate or conflicting routes. This may -+cause the IPsrcaddr resource to fail, or it may produce undesired -+behavior while the resource continues to run. - - Manages the preferred source address for outgoing IP packets - diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec index dc41e80..6f48dac 100644 --- a/SPECS/resource-agents.spec +++ b/SPECS/resource-agents.spec @@ -66,7 +66,7 @@ Name: resource-agents Summary: Open Source HA Reusable Cluster Resource Scripts Version: 4.9.0 -Release: 15%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist} +Release: 16%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist} License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/resource-agents %if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel} @@ -97,7 +97,10 @@ Patch10: bz2012057-Route-return-OCF_NOT_RUNNING-missing-route.patch Patch11: bz2029706-1-db2-crm_attribute-use-forever.patch Patch12: bz2029706-2-db2-fixes.patch Patch13: bz1992661-mysql-use-ssl-mode.patch -Patch14: bz1654862-IPsrcaddr-dhcp-warning.patch +Patch14: bz1654862-1-IPsrcaddr-dhcp-warning.patch +Patch15: bz1654862-2-IPsrcaddr-error-message-route-not-found.patch +Patch16: bz1654862-3-IPsrcaddr-fix-indentation.patch +Patch17: bz1654862-4-IPsrcaddr-fixes.patch # bundle patches Patch1000: 7-gcp-bundled.patch @@ -286,6 +289,9 @@ exit 1 %patch12 -p1 %patch13 -p1 %patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 chmod 755 heartbeat/nova-compute-wait chmod 755 heartbeat/NovaEvacuate @@ -866,16 +872,17 @@ ccs_update_schema > /dev/null 2>&1 ||: %{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm %changelog +* Thu Mar 3 2022 Oyvind Albrigtsen - 4.9.0-16 +- IPsrcaddr: add warning about possible issues when used with DHCP, + and add error message when matching route not found + + Resolves: rhbz#1654862 + * Thu Feb 24 2022 Oyvind Albrigtsen - 4.9.0-15 - db2: use -l forever to fix crm_attribute issue Resolves: rhbz#2029706 -* Tue Feb 15 2022 Oyvind Albrigtsen - 4.9.0-14 -- IPsrcaddr: add warning about possible issues when used with DHCP - - Resolves: rhbz#1654862 - * Thu Jan 20 2022 Oyvind Albrigtsen - 4.9.0-13 - mysql: add support for local SSL connection