diff --git a/SOURCES/bz1695039-LVM-activate-return-NOT_RUNNING-rejoin-cluster.patch b/SOURCES/bz1695039-LVM-activate-return-NOT_RUNNING-rejoin-cluster.patch new file mode 100644 index 0000000..05e00fb --- /dev/null +++ b/SOURCES/bz1695039-LVM-activate-return-NOT_RUNNING-rejoin-cluster.patch @@ -0,0 +1,82 @@ +From 4ee9a7026d7ed15b0b5cd26f06a21d04fc05d14e Mon Sep 17 00:00:00 2001 +From: Roger Zhou +Date: Mon, 1 Apr 2019 22:57:26 +0800 +Subject: [PATCH 1/2] LVM-activate: return OCF_NOT_RUNNING on initial probe + +In the use case of lvm on top of cluster md/raid. When the fenced node +rejoins to the cluster, Pacemaker will run the monitor action for the +probe operation. At that time, LVM PV and VG won't exist before cluster +md/raid get assembled, and the probe should return $OCF_NOT_RUNNING +instead of $OCF_ERR_CONFIGURED. + +Signed-off-by: Roger Zhou +--- + heartbeat/LVM-activate | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/heartbeat/LVM-activate b/heartbeat/LVM-activate +index 3c462c75c..91ac05c34 100755 +--- a/heartbeat/LVM-activate ++++ b/heartbeat/LVM-activate +@@ -329,6 +329,7 @@ lvmlockd_check() + # Good: lvmlockd is running, and clvmd is not running + if ! pgrep lvmlockd >/dev/null 2>&1 ; then + if ocf_is_probe; then ++ ocf_log info "initial probe: lvmlockd is not running yet." + exit $OCF_NOT_RUNNING + fi + +@@ -481,6 +482,11 @@ lvm_validate() { + exit $OCF_SUCCESS + fi + ++ if ocf_is_probe; then ++ ocf_log info "initial probe: VG [${VG}] is not found on any block device yet." ++ exit $OCF_NOT_RUNNING ++ fi ++ + ocf_exit_reason "Volume group[${VG}] doesn't exist, or not visible on this node!" + exit $OCF_ERR_CONFIGURED + fi + +From df2f58c400b1f6f239f9e1c1fdf6ce0875639b43 Mon Sep 17 00:00:00 2001 +From: Roger Zhou +Date: Mon, 1 Apr 2019 23:02:54 +0800 +Subject: [PATCH 2/2] LVM-activate: align dmsetup report command to standard + +Namely to change 'vgname/lvname' to 'vg_name/lv_name'. The dmsetup +report command follows lvm2 selection criteria field name standard. +- dmsetup v1.02.86 (lvm2 v2_02_107) - 23rd June 2014 + "Add dmsetup -S/--select to define selection criteria" +- dmsetup info -c -S help + +Signed-off-by: Roger Zhou +--- + heartbeat/LVM-activate | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/LVM-activate b/heartbeat/LVM-activate +index 91ac05c34..730d9a09d 100755 +--- a/heartbeat/LVM-activate ++++ b/heartbeat/LVM-activate +@@ -707,7 +707,7 @@ tagging_deactivate() { + # method: + # + # lv_count=$(vgs --foreign -o lv_count --noheadings ${VG} 2>/dev/null | tr -d '[:blank:]') +-# dm_count=$(dmsetup --noheadings info -c -S "vgname=${VG}" 2>/dev/null | grep -c "${VG}-") ++# dm_count=$(dmsetup --noheadings info -c -S "vg_name=${VG}" 2>/dev/null | grep -c "${VG}-") + # test $lv_count -eq $dm_count + # + # It works, but we cannot afford to use LVM command in lvm_status. LVM command is expensive +@@ -730,9 +730,9 @@ lvm_status() { + if [ -n "${LV}" ]; then + # dmsetup ls? It cannot accept device name. It's + # too heavy to list all DM devices. +- dm_count=$(dmsetup info --noheadings --noflush -c -S "vgname=${VG} && lvname=${LV}" | grep -c -v '^No devices found') ++ dm_count=$(dmsetup info --noheadings --noflush -c -S "vg_name=${VG} && lv_name=${LV}" | grep -c -v '^No devices found') + else +- dm_count=$(dmsetup info --noheadings --noflush -c -S "vgname=${VG}" | grep -c -v '^No devices found') ++ dm_count=$(dmsetup info --noheadings --noflush -c -S "vg_name=${VG}" | grep -c -v '^No devices found') + fi + + if [ $dm_count -eq 0 ]; then diff --git a/SOURCES/bz1738428-LVM-activate-detect-volume-without-reboot.patch b/SOURCES/bz1738428-LVM-activate-detect-volume-without-reboot.patch new file mode 100644 index 0000000..4725d8e --- /dev/null +++ b/SOURCES/bz1738428-LVM-activate-detect-volume-without-reboot.patch @@ -0,0 +1,48 @@ +From 6c24147ebe0e979c48db93a5f8ec6094b8707591 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 26 Sep 2019 12:52:39 +0200 +Subject: [PATCH] LVM-activate: move pvscan --cache to validate + +It needs to be called before validate attempts to look at the VG. +--- + configure.ac | 2 +- + heartbeat/LVM-activate | 6 +++++- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 97dac7cf8..1eb65cf34 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -21,7 +21,7 @@ dnl checks for system services + + AC_INIT([resource-agents], + m4_esyscmd([make/git-version-gen .tarball-version]), +- [to_be_defined@foobar.org]) ++ [developers@clusterlabs.org]) + + AC_USE_SYSTEM_EXTENSIONS + +diff --git a/heartbeat/LVM-activate b/heartbeat/LVM-activate +index 3df40c894..9b7c0aa7f 100755 +--- a/heartbeat/LVM-activate ++++ b/heartbeat/LVM-activate +@@ -489,6 +489,11 @@ lvm_validate() { + check_binary lvm + check_binary dmsetup + ++ # This is necessary when using system ID to update lvm hints, ++ # or in older versions of lvm, this is necessary to update the ++ # lvmetad cache. ++ pvscan --cache ++ + if ! vgs --foreign ${VG} >/dev/null 2>&1 ; then + # stop action exits successfully if the VG cannot be accessed... + if [ $__OCF_ACTION = "stop" ]; then +@@ -627,7 +632,6 @@ clvmd_activate() { + systemid_activate() { + local cur_systemid + +- pvscan --cache + cur_systemid=$(vgs --foreign --noheadings -o systemid ${VG} | tr -d '[:blank:]') + + # Put our system ID on the VG diff --git a/SOURCES/bz1741042-IPaddr2-add-noprefixroute-parameter.patch b/SOURCES/bz1741042-IPaddr2-add-noprefixroute-parameter.patch new file mode 100644 index 0000000..f713613 --- /dev/null +++ b/SOURCES/bz1741042-IPaddr2-add-noprefixroute-parameter.patch @@ -0,0 +1,66 @@ +From 34b46b172857babbb2bca5e012c7827ed6a26b01 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Wed, 6 Nov 2019 10:00:31 +0100 +Subject: [PATCH] IPaddr2: add noprefixroute parameter + +--- + heartbeat/IPaddr2 | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 +index 1d39ae514..6f8e8c734 100755 +--- a/heartbeat/IPaddr2 ++++ b/heartbeat/IPaddr2 +@@ -88,6 +88,7 @@ OCF_RESKEY_arp_sender_default="" + OCF_RESKEY_send_arp_opts_default="" + OCF_RESKEY_flush_routes_default="false" + OCF_RESKEY_run_arping_default=false ++OCF_RESKEY_noprefixroute_default="false" + OCF_RESKEY_preferred_lft_default="forever" + OCF_RESKEY_network_namespace_default="" + +@@ -109,6 +110,7 @@ OCF_RESKEY_network_namespace_default="" + : ${OCF_RESKEY_send_arp_opts=${OCF_RESKEY_send_arp_opts_default}} + : ${OCF_RESKEY_flush_routes=${OCF_RESKEY_flush_routes_default}} + : ${OCF_RESKEY_run_arping=${OCF_RESKEY_run_arping_default}} ++: ${OCF_RESKEY_noprefixroute=${OCF_RESKEY_noprefixroute_default}} + : ${OCF_RESKEY_preferred_lft=${OCF_RESKEY_preferred_lft_default}} + : ${OCF_RESKEY_network_namespace=${OCF_RESKEY_network_namespace_default}} + +@@ -377,6 +379,14 @@ Whether or not to run arping for IPv4 collision detection check. + + + ++ ++ ++Use noprefixroute flag (see 'man ip-address'). ++ ++Use noprefixroute flag ++ ++ ++ + + + For IPv6, set the preferred lifetime of the IP address. +@@ -397,8 +407,8 @@ the namespace. + Network namespace to use + + +- + ++ + + + +@@ -640,6 +650,11 @@ add_interface () { + msg="Adding $FAMILY address $ipaddr/$netmask with broadcast address $broadcast to device $iface" + fi + ++ if ocf_is_true "${OCF_RESKEY_noprefixroute}"; then ++ cmd="$cmd noprefixroute" ++ msg="${msg} (with noprefixroute)" ++ fi ++ + if [ ! -z "$label" ]; then + cmd="$cmd label $label" + msg="${msg} (with label $label)" diff --git a/SOURCES/bz1741843-LVM-activate-partial-activation.patch b/SOURCES/bz1741843-LVM-activate-partial-activation.patch new file mode 100644 index 0000000..1eec112 --- /dev/null +++ b/SOURCES/bz1741843-LVM-activate-partial-activation.patch @@ -0,0 +1,69 @@ +diff -uNr a/heartbeat/LVM-activate b/heartbeat/LVM-activate +--- a/heartbeat/LVM-activate 2019-10-08 12:10:11.755991580 +0200 ++++ b/heartbeat/LVM-activate 2019-10-08 12:14:38.388288176 +0200 +@@ -42,6 +42,11 @@ + : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} + . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs + ++# Parameter defaults ++OCF_RESKEY_partial_activation_default="false" ++ ++: ${OCF_RESKEY_partial_activation=${OCF_RESKEY_partial_activation_default}} ++ + # If LV is given, only activate this named LV; otherwise, activate all + # LVs in the named VG. + VG=${OCF_RESKEY_vgname} +@@ -150,6 +155,16 @@ + + + ++ ++ ++If set, the volume group will be activated partially even with some ++physical volumes missing. It helps to set to true when using mirrored ++logical volumes. ++ ++Activate VG partially when missing PVs ++ ++ ++ + + + +@@ -486,6 +501,25 @@ + exit $OCF_ERR_CONFIGURED + fi + ++ # Inconsistency might be due to missing physical volumes, which doesn't ++ # automatically mean we should fail. If partial_activation=true then ++ # we should let start try to handle it, or if no PVs are listed as ++ # "unknown device" then another node may have marked a device missing ++ # where we have access to all of them and can start without issue. ++ case $(vgs -o attr --noheadings $VG | tr -d ' ') in ++ ???p??*) ++ if ! ocf_is_true "$OCF_RESKEY_partial_activation" ; then ++ # We are missing devices and cannot activate partially ++ ocf_exit_reason "Volume group [$VG] has devices missing. Consider partial_activation=true to attempt to activate partially" ++ exit $OCF_ERR_GENERIC ++ else ++ # We are missing devices but are allowed to activate partially. ++ # Assume that caused the vgck failure and carry on ++ ocf_log warn "Volume group inconsistency detected with missing device(s) and partial_activation enabled. Proceeding with requested action." ++ fi ++ ;; ++ esac ++ + # Get the access mode from VG metadata and check if it matches the input + # value. Skip to check "tagging" mode because there's no reliable way to + # automatically check if "tagging" mode is being used. +@@ -545,6 +579,10 @@ + do_activate() { + local activate_opt=$1 + ++ if ocf_is_true "$OCF_RESKEY_partial_activation" ; then ++ activate_opt="${activate_opt} --partial" ++ fi ++ + # Only activate the specific LV if it's given + if [ -n "$LV" ]; then + ocf_run lvchange $activate_opt ${VG}/${LV} diff --git a/SOURCES/bz1744103-Filesystem-1-monitor-symlink-support.patch b/SOURCES/bz1744103-Filesystem-1-monitor-symlink-support.patch new file mode 100644 index 0000000..a57e5b0 --- /dev/null +++ b/SOURCES/bz1744103-Filesystem-1-monitor-symlink-support.patch @@ -0,0 +1,39 @@ +From 2aa8015bc4ff0bd61eca13eceb59aaa672335b76 Mon Sep 17 00:00:00 2001 +From: Reid Wahl +Date: Thu, 30 Aug 2018 18:36:11 -0700 +Subject: [PATCH] Filesystem: Support symlink as mountpoint directory + +Filesystem monitor operation fails when the `directory` attribute is a +symlink. + +The monitor operation calls the `list_mounts` function, which cats +`/proc/mounts` if it exists, else cats `/etc/mtab` if it exists, else +runs the `mount` command. It then greps for `" $MOUNTPOINT "` in the +output, where `$MOUNTPOINT` is the value of the `directory` attribute. + +`/proc/mounts`, `/etc/mtab`, and the `mount` command resolve symlinks +to their canonical targets. So while the monitor operation greps for +the symlink path (surrounded by spaces) as defined in the directory +attribute, the symlink will not be present in the `list_mounts` output. +Only the symlink's target will be present. + +This patch uses `readlink -f $MOUNTPOINT` to resolve the symlink to its +canonical name before using it as a grep pattern in the +`Filesystem_status` function. +--- + heartbeat/Filesystem | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index 7c73b0b97..fc4b8fcd5 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -580,7 +580,7 @@ Filesystem_stop() + # + Filesystem_status() + { +- if list_mounts | grep -q " $MOUNTPOINT " >/dev/null 2>&1; then ++ if list_mounts | grep -q " $(readlink -f $MOUNTPOINT) " >/dev/null 2>&1; then + rc=$OCF_SUCCESS + msg="$MOUNTPOINT is mounted (running)" + else diff --git a/SOURCES/bz1744103-Filesystem-2-add-symlink-support.patch b/SOURCES/bz1744103-Filesystem-2-add-symlink-support.patch new file mode 100644 index 0000000..d5cf49f --- /dev/null +++ b/SOURCES/bz1744103-Filesystem-2-add-symlink-support.patch @@ -0,0 +1,43 @@ +From e2c3ec91cdd123b8afc6010f45ecd22ee6d8ecf7 Mon Sep 17 00:00:00 2001 +From: Reid Wahl +Date: Mon, 3 Sep 2018 00:30:01 -0700 +Subject: [PATCH] Filesystem: Canonicalize mountpoint symlinks + +Commit 2aa8015 added support to `Filesystem_status()` for mountpoints +that are symlinks. However, it missed two other places where `readlink` +calls should have been added to canonicalize symlinks. +--- + heartbeat/Filesystem | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index fc4b8fcd5..2a43d1daa 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -278,7 +278,7 @@ determine_blockdevice() { + nfs4|nfs|smbfs|cifs|glusterfs|ceph|tmpfs|overlay|overlayfs|rozofs|zfs|cvfs|none) + : ;; + *) +- DEVICE=`list_mounts | grep " $MOUNTPOINT " | cut -d' ' -f1` ++ DEVICE=`list_mounts | grep " $(readlink -f "$MOUNTPOINT" ) " | cut -d' ' -f1` + if [ -b "$DEVICE" ]; then + blockdevice=yes + fi +@@ -396,7 +396,7 @@ fstype_supported() + Filesystem_start() + { + # Check if there are any mounts mounted under the mountpoint +- if list_mounts | grep -q -E " $MOUNTPOINT/\w+" >/dev/null 2>&1; then ++ if list_mounts | grep -q -E " $(readlink -f "$MOUNTPOINT" )/\w+" >/dev/null 2>&1; then + ocf_log err "There is one or more mounts mounted under $MOUNTPOINT." + return $OCF_ERR_CONFIGURED + fi +@@ -580,7 +580,7 @@ Filesystem_stop() + # + Filesystem_status() + { +- if list_mounts | grep -q " $(readlink -f $MOUNTPOINT) " >/dev/null 2>&1; then ++ if list_mounts | grep -q " $(readlink -f "$MOUNTPOINT" ) " >/dev/null 2>&1; then + rc=$OCF_SUCCESS + msg="$MOUNTPOINT is mounted (running)" + else diff --git a/SOURCES/bz1744103-Filesystem-3-fix-umount-disk-failure.patch b/SOURCES/bz1744103-Filesystem-3-fix-umount-disk-failure.patch new file mode 100644 index 0000000..1a53120 --- /dev/null +++ b/SOURCES/bz1744103-Filesystem-3-fix-umount-disk-failure.patch @@ -0,0 +1,53 @@ +From 69d607dc7568168e874f99d5a8b6bdb66b579d8b Mon Sep 17 00:00:00 2001 +From: "yusk.iida" +Date: Tue, 7 May 2019 19:37:26 +0900 +Subject: [PATCH] Low: Filesystem: Fix a problem umount is not executed in the + event of a disk failure + +--- + heartbeat/Filesystem | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index 2a43d1daa..bd974f8f3 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -278,7 +278,7 @@ determine_blockdevice() { + nfs4|nfs|smbfs|cifs|glusterfs|ceph|tmpfs|overlay|overlayfs|rozofs|zfs|cvfs|none) + : ;; + *) +- DEVICE=`list_mounts | grep " $(readlink -f "$MOUNTPOINT" ) " | cut -d' ' -f1` ++ DEVICE=`list_mounts | grep " $CANONICALIZED_MOUNTPOINT " | cut -d' ' -f1` + if [ -b "$DEVICE" ]; then + blockdevice=yes + fi +@@ -396,7 +396,7 @@ fstype_supported() + Filesystem_start() + { + # Check if there are any mounts mounted under the mountpoint +- if list_mounts | grep -q -E " $(readlink -f "$MOUNTPOINT" )/\w+" >/dev/null 2>&1; then ++ if list_mounts | grep -q -E " $CANONICALIZED_MOUNTPOINT/\w+" >/dev/null 2>&1; then + ocf_log err "There is one or more mounts mounted under $MOUNTPOINT." + return $OCF_ERR_CONFIGURED + fi +@@ -580,7 +580,7 @@ Filesystem_stop() + # + Filesystem_status() + { +- if list_mounts | grep -q " $(readlink -f "$MOUNTPOINT" ) " >/dev/null 2>&1; then ++ if list_mounts | grep -q " $CANONICALIZED_MOUNTPOINT " >/dev/null 2>&1; then + rc=$OCF_SUCCESS + msg="$MOUNTPOINT is mounted (running)" + else +@@ -804,6 +804,11 @@ if [ -z "$OCF_RESKEY_directory" ]; then + else + MOUNTPOINT=$(echo $OCF_RESKEY_directory | sed 's/\/*$//') + : ${MOUNTPOINT:=/} ++ CANONICALIZED_MOUNTPOINT=$(readlink -f "$MOUNTPOINT") ++ if [ $? -ne 0 ]; then ++ ocf_exit_reason "Could not canonicalize $MOUNTPOINT because readlink failed" ++ exit $OCF_ERR_GENERIC ++ fi + # At this stage, $MOUNTPOINT does not contain trailing "/" unless it is "/" + # TODO: / mounted via Filesystem sounds dangerous. On stop, we'll + # kill the whole system. Is that a good idea? diff --git a/SOURCES/bz1744103-Filesystem-4-fix-readlink-issue.patch b/SOURCES/bz1744103-Filesystem-4-fix-readlink-issue.patch new file mode 100644 index 0000000..68b9313 --- /dev/null +++ b/SOURCES/bz1744103-Filesystem-4-fix-readlink-issue.patch @@ -0,0 +1,32 @@ +From 48a7ebcea5ce0522021cf3079b62107a06b530b9 Mon Sep 17 00:00:00 2001 +From: James Oakley +Date: Thu, 8 Aug 2019 05:56:14 -0700 +Subject: [PATCH] Don't call readlink on path if it does not exist + +--- + heartbeat/Filesystem | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index 4bbbc06d3..738e3c08e 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -858,10 +858,14 @@ if [ -z "$OCF_RESKEY_directory" ]; then + else + MOUNTPOINT=$(echo $OCF_RESKEY_directory | sed 's/\/*$//') + : ${MOUNTPOINT:=/} +- CANONICALIZED_MOUNTPOINT=$(readlink -f "$MOUNTPOINT") +- if [ $? -ne 0 ]; then +- ocf_exit_reason "Could not canonicalize $MOUNTPOINT because readlink failed" +- exit $OCF_ERR_GENERIC ++ if [ -e "$MOUNTPOINT" ] ; then ++ CANONICALIZED_MOUNTPOINT=$(readlink -f "$MOUNTPOINT") ++ if [ $? -ne 0 ]; then ++ ocf_exit_reason "Could not canonicalize $MOUNTPOINT because readlink failed" ++ exit $OCF_ERR_GENERIC ++ fi ++ else ++ CANONICALIZED_MOUNTPOINT="$MOUNTPOINT" + fi + # At this stage, $MOUNTPOINT does not contain trailing "/" unless it is "/" + # TODO: / mounted via Filesystem sounds dangerous. On stop, we'll diff --git a/SOURCES/bz1744140-Filesystem-1-avoid-corrupt-mount-list.patch b/SOURCES/bz1744140-Filesystem-1-avoid-corrupt-mount-list.patch new file mode 100644 index 0000000..1184817 --- /dev/null +++ b/SOURCES/bz1744140-Filesystem-1-avoid-corrupt-mount-list.patch @@ -0,0 +1,46 @@ +From b67278bc92cfb0b9947ff5fff65f46f420a42c2c Mon Sep 17 00:00:00 2001 +From: Kazutomo Nakahira +Date: Fri, 10 May 2019 14:30:51 +0900 +Subject: [PATCH] Low: Filesystem: Fix missing mount point due to corrupted + mount list + +--- + heartbeat/Filesystem | 20 +++++++++++++++----- + 1 file changed, 15 insertions(+), 5 deletions(-) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index 2a43d1daa..c38ae12d4 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -255,16 +255,26 @@ is_bind_mount() { + } + list_mounts() { + local inpf="" ++ local mount_list="" ++ local check_list="x" ++ + if [ -e "/proc/mounts" ] && ! is_bind_mount; then + inpf=/proc/mounts + elif [ -f "/etc/mtab" -a -r "/etc/mtab" ]; then + inpf=/etc/mtab + fi +- if [ "$inpf" ]; then +- cut -d' ' -f1,2,3 < $inpf +- else +- $MOUNT | cut -d' ' -f1,3,5 +- fi ++ ++ # Make sure that the mount list has not been changed while reading. ++ while [ "$mount_list" != "$check_list" ]; do ++ check_list=$mount_list ++ if [ "$inpf" ]; then ++ mount_list=$(cut -d' ' -f1,2,3 < $inpf) ++ else ++ mount_list=$($MOUNT | cut -d' ' -f1,3,5) ++ fi ++ done ++ ++ echo "$mount_list" + } + + determine_blockdevice() { diff --git a/SOURCES/bz1744140-Filesystem-2-prevent-killing-bind-mount.patch b/SOURCES/bz1744140-Filesystem-2-prevent-killing-bind-mount.patch new file mode 100644 index 0000000..f642548 --- /dev/null +++ b/SOURCES/bz1744140-Filesystem-2-prevent-killing-bind-mount.patch @@ -0,0 +1,52 @@ +From bfbc99003ebd96d79bbf8ad50be0b5e714a92fd7 Mon Sep 17 00:00:00 2001 +From: ytakeshita +Date: Fri, 7 Jun 2019 15:20:52 +0900 +Subject: [PATCH] Medium: Filesystem: Prevents to all root user processes are + killed when bind mounting a directory on rootfs. + +if a directory is bound mounting on rootfs and "force_umount" is not set "safe", change "force_umount" to "safe". +--- + heartbeat/Filesystem | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index c46ec3cca..1b29a08b3 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -314,6 +314,24 @@ bind_kernel_check() { + [ $? -ne 0 ] && + ocf_log warn "kernel `uname -r` cannot handle read only bind mounts" + } ++ ++bind_rootfs_check() { ++ local SOURCE ++ local TARGET ++ local ROOTFS ++ ++ SOURCE=$1 ++ TARGET=$(df --output=target $SOURCE | tail -n 1) ++ ++ ROOTFS=$(list_mounts | grep -w rootfs | cut -d' ' -f 2) ++ ++ if [ "${TARGET}" = "${ROOTFS}" ]; then ++ return 1 ++ else ++ return 0 ++ fi ++} ++ + bind_mount() { + if is_bind_mount && [ "$options" != "-o bind" ] + then +@@ -476,6 +494,11 @@ get_pids() + local procs + local mmap_procs + ++ if is_bind_mount && ocf_is_true "$FORCE_UNMOUNT" && ! bind_rootfs_check "$DEVICE"; then ++ ocf_log debug "Change force_umount from '$FORCE_UNMOUNT' to 'safe'" ++ FORCE_UNMOUNT=safe ++ fi ++ + if ocf_is_true "$FORCE_UNMOUNT"; then + if [ "X${HOSTOS}" = "XOpenBSD" ];then + fstat | grep $dir | awk '{print $3}' diff --git a/SOURCES/bz1744140-Filesystem-3-improved-bind-mount-check.patch b/SOURCES/bz1744140-Filesystem-3-improved-bind-mount-check.patch new file mode 100644 index 0000000..9bb2f11 --- /dev/null +++ b/SOURCES/bz1744140-Filesystem-3-improved-bind-mount-check.patch @@ -0,0 +1,42 @@ +From f8e5d2afc5b9bbf676ac20894f0f26e6ec998557 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 10 Sep 2019 15:40:12 +0200 +Subject: [PATCH] Filesystem: improve "/" check for bind mounts + +--- + heartbeat/Filesystem | 15 +++------------ + 1 file changed, 3 insertions(+), 12 deletions(-) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index 738e3c08e..e66ddc77f 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -337,17 +337,8 @@ bind_kernel_check() { + ocf_log warn "kernel `uname -r` cannot handle read only bind mounts" + } + +-bind_rootfs_check() { +- local SOURCE +- local TARGET +- local ROOTFS +- +- SOURCE=$1 +- TARGET=$(df --output=target $SOURCE | tail -n 1) +- +- ROOTFS=$(list_mounts | grep -w rootfs | cut -d' ' -f 2) +- +- if [ "${TARGET}" = "${ROOTFS}" ]; then ++bind_root_mount_check() { ++ if [ "$(df -P "$1" | awk 'END{print $6}')" = "/" ]; then + return 1 + else + return 0 +@@ -516,7 +507,7 @@ get_pids() + local procs + local mmap_procs + +- if is_bind_mount && ocf_is_true "$FORCE_UNMOUNT" && ! bind_rootfs_check "$DEVICE"; then ++ if is_bind_mount && ocf_is_true "$FORCE_UNMOUNT" && ! bind_root_mount_check "$DEVICE"; then + ocf_log debug "Change force_umount from '$FORCE_UNMOUNT' to 'safe'" + FORCE_UNMOUNT=safe + fi diff --git a/SOURCES/bz1744224-IPsrcaddr-1-add-destination-and-table-parameters.patch b/SOURCES/bz1744224-IPsrcaddr-1-add-destination-and-table-parameters.patch new file mode 100644 index 0000000..cb4fde4 --- /dev/null +++ b/SOURCES/bz1744224-IPsrcaddr-1-add-destination-and-table-parameters.patch @@ -0,0 +1,202 @@ +--- ClusterLabs-resource-agents-e711383f/heartbeat/IPsrcaddr 2019-08-15 16:02:10.055827624 +0200 ++++ /home/oalbrigt/src/resource-agents/heartbeat/IPsrcaddr 2019-08-15 15:45:50.690757838 +0200 +@@ -1,6 +1,6 @@ + #!/bin/sh + # +-# Description: IPsrcaddr - Preferred source address modification ++# Description: IPsrcaddr - Preferred source(/dest) address modification + # + # Author: John Sutton + # Support: users@clusterlabs.org +@@ -11,7 +11,7 @@ + # + # This script manages the preferred source address associated with + # packets which originate on the localhost and are routed through the +-# default route. By default, i.e. without the use of this script or ++# matching route. By default, i.e. without the use of this script or + # similar, these packets will carry the IP of the primary i.e. the + # non-aliased interface. This can be a nuisance if you need to ensure + # that such packets carry the same IP irrespective of which host in +@@ -27,7 +27,7 @@ + # + # NOTES: + # +-# 1) There must be one and not more than 1 default route! Mainly because ++# 1) There must be one and not more than 1 matching route! Mainly because + # I can't see why you should have more than one. And if there is more + # than one, we would have to box clever to find out which one is to be + # modified, or we would have to pass its identity as an argument. +@@ -54,16 +54,25 @@ + . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs + + # Defaults ++OCF_RESKEY_ipaddress_default="" ++OCF_RESKEY_cidr_netmask_default="" ++OCF_RESKEY_destination_default="0.0.0.0/0" + OCF_RESKEY_proto_default="" ++OCF_RESKEY_table_default="" + ++: ${OCF_RESKEY_ipaddress=${OCF_RESKEY_ipaddress_default}} ++: ${OCF_RESKEY_cidr_netmask=${OCF_RESKEY_cidr_netmask_default}} ++: ${OCF_RESKEY_destination=${OCF_RESKEY_destination_default}} + : ${OCF_RESKEY_proto=${OCF_RESKEY_proto_default}} ++: ${OCF_RESKEY_table=${OCF_RESKEY_table_default}} + ####################################################################### + + [ -z "$OCF_RESKEY_proto" ] && PROTO="" || PROTO="proto $OCF_RESKEY_proto" ++[ -z "$OCF_RESKEY_table" ] && TABLE="" || TABLE="table $OCF_RESKEY_table" + + USAGE="usage: $0 {start|stop|status|monitor|validate-all|meta-data}"; + +- CMDSHOW="$IP2UTIL route show to exact 0.0.0.0/0" ++ CMDSHOW="$IP2UTIL route show $TABLE to exact $OCF_RESKEY_destination" + CMDCHANGE="$IP2UTIL route change to " + + SYSTYPE="`uname -s`" +@@ -91,7 +100,7 @@ + The IP address. + + IP address +- ++ + + + +@@ -100,7 +109,15 @@ + dotted quad notation 255.255.255.0). + + Netmask +- ++ ++ ++ ++ ++ ++The destination IP/subnet for the route (default: $OCF_RESKEY_destination_default) ++ ++Destination IP/subnet ++ + + + +@@ -108,7 +125,17 @@ + Proto to match when finding network. E.g. "kernel". + + Proto +- ++ ++ ++ ++ ++ ++Table to modify. E.g. "local". ++ ++The table has to have a route matching the "destination" parameter. ++ ++Table ++ + + + +@@ -151,21 +178,22 @@ + export OCF_RESKEY_ip=$OCF_RESKEY_ipaddress + + srca_read() { +- # Capture the default route - doublequotes prevent word splitting... +- DEFROUTE="`$CMDSHOW`" || errorexit "command '$CMDSHOW' failed" +- +- # ... so we can make sure there is only 1 default route +- [ 1 -eq `echo "$DEFROUTE" | wc -l` ] || \ +- errorexit "more than 1 default route exists" ++ # Capture matching route - doublequotes prevent word splitting... ++ ROUTE="`$CMDSHOW`" || errorexit "command '$CMDSHOW' failed" + +- # But there might still be no default route +- [ -z "$DEFROUTE" ] && errorexit "no default route exists" ++ # ... so we can make sure there is only 1 matching route ++ [ 1 -eq `echo "$ROUTE" | wc -l` ] || \ ++ errorexit "more than 1 matching route exists" ++ ++ # But there might still be no matching route ++ [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] && [ -z "$ROUTE" ] && \ ++ ! ocf_is_probe && errorexit "no matching route exists" + + # Sed out the source ip address if it exists +- SRCIP=`echo $DEFROUTE | sed -n "s/$MATCHROUTE/\3/p"` ++ SRCIP=`echo $ROUTE | sed -n "s/$MATCHROUTE/\3/p"` + + # and what remains after stripping out the source ip address clause +- ROUTE_WO_SRC=`echo $DEFROUTE | sed "s/$MATCHROUTE/\1\5/"` ++ ROUTE_WO_SRC=`echo $ROUTE | sed "s/$MATCHROUTE/\1\5/"` + + [ -z "$SRCIP" ] && return 1 + [ $SRCIP = $1 ] && return 0 +@@ -185,11 +213,13 @@ + rc=$OCF_SUCCESS + ocf_log info "The ip route has been already set.($NETWORK, $INTERFACE, $ROUTE_WO_SRC)" + else +- $IP2UTIL route replace $NETWORK dev $INTERFACE src $1 || \ +- errorexit "command 'ip route replace $NETWORK dev $INTERFACE src $1' failed" ++ $IP2UTIL route replace $TABLE $NETWORK dev $INTERFACE src $1 || \ ++ errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE src $1' failed" + +- $CMDCHANGE $ROUTE_WO_SRC src $1 || \ +- errorexit "command '$CMDCHANGE $ROUTE_WO_SRC src $1' failed" ++ if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] ;then ++ $CMDCHANGE $ROUTE_WO_SRC src $1 || \ ++ errorexit "command '$CMDCHANGE $ROUTE_WO_SRC src $1' failed" ++ fi + rc=$? + fi + +@@ -201,7 +231,7 @@ + # If one exists but it's not the same as the one specified, that's + # an error. Maybe that's the wrong behaviour because if this fails + # then when IPaddr releases the associated interface (if there is one) +-# your default route will also get dropped ;-( ++# your matching route will also get dropped ;-( + # The exit code should conform to LSB exit codes. + # + +@@ -217,11 +247,13 @@ + + [ $rc = 2 ] && errorexit "The address you specified to stop does not match the preferred source address" + +- $IP2UTIL route replace $NETWORK dev $INTERFACE || \ +- errorexit "command 'ip route replace $NETWORK dev $INTERFACE' failed" ++ $IP2UTIL route replace $TABLE $NETWORK dev $INTERFACE || \ ++ errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE' failed" + +- $CMDCHANGE $ROUTE_WO_SRC || \ +- errorexit "command '$CMDCHANGE $ROUTE_WO_SRC' failed" ++ if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] ;then ++ $CMDCHANGE $ROUTE_WO_SRC || \ ++ errorexit "command '$CMDCHANGE $ROUTE_WO_SRC' failed" ++ fi + + return $? + } +@@ -406,6 +438,10 @@ + return $OCF_ERR_CONFIGURED + fi + ++ if ! echo "$OCF_RESKEY_destination" | grep -q "/"; then ++ return $OCF_ERR_CONFIGURED ++ fi ++ + + if ! [ "x$SYSTYPE" = "xLinux" ]; then + # checks after this point are only relevant for linux. +@@ -486,7 +522,11 @@ + } + + INTERFACE=`echo $findif_out | awk '{print $1}'` +-NETWORK=`$IP2UTIL route list dev $INTERFACE scope link $PROTO match $ipaddress|grep -m 1 -o '^[^ ]*'` ++if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] ;then ++ NETWORK=`$IP2UTIL route list dev $INTERFACE scope link $PROTO match $ipaddress|grep -m 1 -o '^[^ ]*'` ++else ++ NETWORK="$OCF_RESKEY_destination" ++fi + + case $1 in + start) srca_start $ipaddress diff --git a/SOURCES/bz1744224-IPsrcaddr-2-local-rule-destination-fixes.patch b/SOURCES/bz1744224-IPsrcaddr-2-local-rule-destination-fixes.patch new file mode 100644 index 0000000..cca64cb --- /dev/null +++ b/SOURCES/bz1744224-IPsrcaddr-2-local-rule-destination-fixes.patch @@ -0,0 +1,42 @@ +From 0e73d3f474d08779b64ed99fb3f80c1e806ff1b7 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 28 Nov 2019 16:11:51 +0100 +Subject: [PATCH] IPsrcaddr: fixes to replace local rule if using local table, + and set src back to primary for device on stop + +--- + heartbeat/IPsrcaddr | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr +index d80b72165..f9085f082 100755 +--- a/heartbeat/IPsrcaddr ++++ b/heartbeat/IPsrcaddr +@@ -75,6 +75,10 @@ USAGE="usage: $0 {start|stop|status|monitor|validate-all|meta-data}"; + CMDSHOW="$IP2UTIL route show $TABLE to exact $OCF_RESKEY_destination" + CMDCHANGE="$IP2UTIL route change to " + ++if [ "$OCF_RESKEY_table" = "local" ]; then ++ TABLE="$TABLE local" ++fi ++ + SYSTYPE="`uname -s`" + + usage() { +@@ -247,8 +251,14 @@ srca_stop() { + + [ $rc = 2 ] && errorexit "The address you specified to stop does not match the preferred source address" + +- $IP2UTIL route replace $TABLE $NETWORK dev $INTERFACE || \ +- errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE' failed" ++ OPTS="" ++ if [ "$OCF_RESKEY_destination" != "0.0.0.0/0" ] ;then ++ PRIMARY_IP="$($IP2UTIL -4 -o addr show dev eth0 primary | awk '{split($4,a,"/");print a[1]}')" ++ OPTS="proto kernel scope host src $PRIMARY_IP" ++ fi ++ ++ $IP2UTIL route replace $TABLE $NETWORK dev $INTERFACE $OPTS || \ ++ errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE $OPTS' failed" + + if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] ;then + $CMDCHANGE $ROUTE_WO_SRC || \ diff --git a/SOURCES/bz1744224-IPsrcaddr-3-fix-probe-issues.patch b/SOURCES/bz1744224-IPsrcaddr-3-fix-probe-issues.patch new file mode 100644 index 0000000..b9f8e7e --- /dev/null +++ b/SOURCES/bz1744224-IPsrcaddr-3-fix-probe-issues.patch @@ -0,0 +1,45 @@ +From 7afc581f6cd8fc37c3e14ece12fb16d31f1886f9 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 10 Jan 2020 14:35:56 +0100 +Subject: [PATCH] IPsrcaddr: fixes to avoid failing during probe + +--- + heartbeat/IPsrcaddr | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr +index f9085f082..0ef8b391f 100755 +--- a/heartbeat/IPsrcaddr ++++ b/heartbeat/IPsrcaddr +@@ -75,6 +75,10 @@ USAGE="usage: $0 {start|stop|status|monitor|validate-all|meta-data}"; + CMDSHOW="$IP2UTIL route show $TABLE to exact $OCF_RESKEY_destination" + CMDCHANGE="$IP2UTIL route change to " + ++if [ "$OCF_RESKEY_destination" != "0.0.0.0/0" ]; then ++ CMDSHOW="$CMDSHOW src $OCF_RESKEY_ipaddress" ++fi ++ + if [ "$OCF_RESKEY_table" = "local" ]; then + TABLE="$TABLE local" + fi +@@ -183,7 +187,7 @@ export OCF_RESKEY_ip=$OCF_RESKEY_ipaddress + + srca_read() { + # Capture matching route - doublequotes prevent word splitting... +- ROUTE="`$CMDSHOW`" || errorexit "command '$CMDSHOW' failed" ++ ROUTE="`$CMDSHOW 2> /dev/null`" || errorexit "command '$CMDSHOW' failed" + + # ... so we can make sure there is only 1 matching route + [ 1 -eq `echo "$ROUTE" | wc -l` ] || \ +@@ -199,6 +203,11 @@ srca_read() { + # and what remains after stripping out the source ip address clause + ROUTE_WO_SRC=`echo $ROUTE | sed "s/$MATCHROUTE/\1\5/"` + ++ # using "src " only returns output if there's a match ++ if [ "$OCF_RESKEY_destination" != "0.0.0.0/0" ]; then ++ [ -z "$ROUTE" ] && return 1 || return 0 ++ fi ++ + [ -z "$SRCIP" ] && return 1 + [ $SRCIP = $1 ] && return 0 + return 2 diff --git a/SOURCES/bz1744224-IPsrcaddr-4-fix-hardcoded-device.patch b/SOURCES/bz1744224-IPsrcaddr-4-fix-hardcoded-device.patch new file mode 100644 index 0000000..e0e1d04 --- /dev/null +++ b/SOURCES/bz1744224-IPsrcaddr-4-fix-hardcoded-device.patch @@ -0,0 +1,23 @@ +From 5f0d15ad70098510a3782d6fd18d6eacfb51b0cf Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 16 Jan 2020 14:59:26 +0100 +Subject: [PATCH] IPsrcaddr: remove hardcoded device when using destination + parameter + +--- + heartbeat/IPsrcaddr | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr +index 0ef8b391f..7cdc3a9fe 100755 +--- a/heartbeat/IPsrcaddr ++++ b/heartbeat/IPsrcaddr +@@ -262,7 +262,7 @@ srca_stop() { + + OPTS="" + if [ "$OCF_RESKEY_destination" != "0.0.0.0/0" ] ;then +- PRIMARY_IP="$($IP2UTIL -4 -o addr show dev eth0 primary | awk '{split($4,a,"/");print a[1]}')" ++ PRIMARY_IP="$($IP2UTIL -4 -o addr show dev $INTERFACE primary | awk '{split($4,a,"/");print a[1]}')" + OPTS="proto kernel scope host src $PRIMARY_IP" + fi + diff --git a/SOURCES/bz1748768-docker-fix-stop-issues.patch b/SOURCES/bz1748768-docker-fix-stop-issues.patch new file mode 100644 index 0000000..d4e6f16 --- /dev/null +++ b/SOURCES/bz1748768-docker-fix-stop-issues.patch @@ -0,0 +1,88 @@ +From 5949405d0031a4aba91c81cb28c24821ad2d439a Mon Sep 17 00:00:00 2001 +From: Reid Wahl +Date: Thu, 3 Jan 2019 15:05:20 -0800 +Subject: [PATCH] docker: Fix issues with stop operation + +The docker RA's stop operation doesn't behave properly in some cases. + 1. It returns a false success code in case of an error response from + the daemon. + 2. It fails at `remove_container()` if the container does not exist + but another docker object of the same name does exist. + +In case #1, the `container_exists()` function returns the same exit code +(1) if the container is not found (an expected error) or if there is an +error response from the docker daemon (an unexpected error). These types +of errors should be handled differently. + +In case #2, the `docker inspect` calls do not limit their search to +containers. So if a non-container object is found with a matching name, +the RA attempts to remove a container by that name. Such a container may +not exist. + +This patch fixes these issues as follows: + 1. Match an error response in `container_exists()` against the string + "No such container". + 2. Add `--type=container` to the `docker inspect` calls to restrict + the match. +--- + heartbeat/docker | 26 ++++++++++++++++++++++---- + 1 file changed, 22 insertions(+), 4 deletions(-) + +diff --git a/heartbeat/docker b/heartbeat/docker +index f5ba83ff2..c206344ad 100755 +--- a/heartbeat/docker ++++ b/heartbeat/docker +@@ -215,7 +215,7 @@ monitor_cmd_exec() + out=$(docker exec ${CONTAINER} $OCF_RESKEY_monitor_cmd 2>&1) + rc=$? + else +- out=$(echo "$OCF_RESKEY_monitor_cmd" | nsenter --target $(docker inspect --format {{.State.Pid}} ${CONTAINER}) --mount --uts --ipc --net --pid 2>&1) ++ out=$(echo "$OCF_RESKEY_monitor_cmd" | nsenter --target $(docker inspect --type=container --format {{.State.Pid}} ${CONTAINER}) --mount --uts --ipc --net --pid 2>&1) + rc=$? + fi + +@@ -236,7 +236,25 @@ monitor_cmd_exec() + + container_exists() + { +- docker inspect --format {{.State.Running}} $CONTAINER | egrep '(true|false)' >/dev/null 2>&1 ++ local err ++ ++ err=$(docker inspect --type=container $CONTAINER 2>&1 >/dev/null) ++ ++ if [ $? -ne $OCF_SUCCESS ]; then ++ case $err in ++ *"No such container"*) ++ # Return failure instead of exiting if container does not exist ++ return 1 ++ ;; ++ *) ++ # Exit if error running command ++ ocf_exit_reason "$err" ++ exit $OCF_ERR_GENERIC ++ ;; ++ esac ++ fi ++ ++ return $OCF_SUCCESS + } + + remove_container() +@@ -265,7 +283,7 @@ docker_simple_status() + fi + + # retrieve the 'Running' attribute for the container +- val=$(docker inspect --format {{.State.Running}} $CONTAINER 2>/dev/null) ++ val=$(docker inspect --type=container --format {{.State.Running}} $CONTAINER 2>/dev/null) + if [ $? -ne 0 ]; then + #not running as a result of container not being found + return $OCF_NOT_RUNNING +@@ -295,7 +313,7 @@ docker_health_status() + # if starting takes longer than monitor timeout then upstream will make this fail. + while + +- val=$(docker inspect --format {{.State.Health.Status}} $CONTAINER 2>/dev/null) ++ val=$(docker inspect --type=container --format {{.State.Health.Status}} $CONTAINER 2>/dev/null) + if [ $? -ne 0 ]; then + #not healthy as a result of container not being found + return $OCF_NOT_RUNNING diff --git a/SOURCES/bz1750261-Route-1-dont-fence-when-parameters-not-set.patch b/SOURCES/bz1750261-Route-1-dont-fence-when-parameters-not-set.patch new file mode 100644 index 0000000..6c39248 --- /dev/null +++ b/SOURCES/bz1750261-Route-1-dont-fence-when-parameters-not-set.patch @@ -0,0 +1,35 @@ +From 1286636b768bb635e9a6b1f1fbf6267c9c3f4b03 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 19 Aug 2019 13:31:06 +0200 +Subject: [PATCH] Route: dont fence node when parameters arent set + +--- + heartbeat/Route | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/Route b/heartbeat/Route +index b4011e37d..9f92eff3a 100755 +--- a/heartbeat/Route ++++ b/heartbeat/Route +@@ -249,18 +249,18 @@ route_validate() { + if [ "${OCF_RESKEY_CRM_meta_clone}" ]; then + if [ "${OCF_RESKEY_CRM_meta_clone_node_max}" != 1 ]; then + ocf_exit_reason "Misconfigured clone parameters. Must set meta attribute \"clone_node_max\" to 1, got ${OCF_RESKEY_CRM_meta_clone_node_max}." +- return $OCF_ERR_ARGS ++ return $OCF_ERR_CONFIGURED + fi + fi + # Did we get a destination? + if [ -z "${OCF_RESKEY_destination}" ]; then + ocf_exit_reason "Missing required parameter \"destination\"." +- return $OCF_ERR_ARGS ++ return $OCF_ERR_CONFIGURED + fi + # Did we get either a device or a gateway address? + if [ -z "${OCF_RESKEY_device}" -a -z "${OCF_RESKEY_gateway}" ]; then + ocf_exit_reason "Must specify either \"device\", or \"gateway\", or both." +- return $OCF_ERR_ARGS ++ return $OCF_ERR_CONFIGURED + fi + # If a device has been configured, is it available on this system? + if [ -n "${OCF_RESKEY_device}" ]; then diff --git a/SOURCES/bz1750261-Route-2-validate-start-validate-all.patch b/SOURCES/bz1750261-Route-2-validate-start-validate-all.patch new file mode 100644 index 0000000..e2d012e --- /dev/null +++ b/SOURCES/bz1750261-Route-2-validate-start-validate-all.patch @@ -0,0 +1,40 @@ +From 444bdc44fc47c65f848efc0c39c1e8e6620ce10d Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 11 Oct 2019 12:12:52 +0200 +Subject: [PATCH] Route: only validate for start and validate-all actions + +--- + heartbeat/Route | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/Route b/heartbeat/Route +index 9f92eff3a..8898e1afd 100755 +--- a/heartbeat/Route ++++ b/heartbeat/Route +@@ -187,6 +187,8 @@ END + } + + route_start() { ++ route_validate || exit $? ++ + route_status + status=$? + if [ $status -eq $OCF_SUCCESS ]; then +@@ -313,8 +315,6 @@ for binary in ip grep; do + check_binary $binary + done + +-route_validate || exit $? +- + case $OCF_RESKEY_family in + ip4) addr_family="-4" ;; + ip6) addr_family="-6" ;; +@@ -334,7 +334,7 @@ status|monitor) route_status;; + reload) ocf_log info "Reloading..." + route_start + ;; +-validate-all) ;; ++validate-all) route_validate;; + *) route_usage + exit $OCF_ERR_UNIMPLEMENTED + ;; diff --git a/SOURCES/bz1750352-rabbitmq-cluster-restore-users-single-node-mode.patch b/SOURCES/bz1750352-rabbitmq-cluster-restore-users-single-node-mode.patch new file mode 100644 index 0000000..1399a58 --- /dev/null +++ b/SOURCES/bz1750352-rabbitmq-cluster-restore-users-single-node-mode.patch @@ -0,0 +1,148 @@ +From c0b6356bbf5b9a1fb76b011486dfce258d395ef8 Mon Sep 17 00:00:00 2001 +From: Peter Lemenkov +Date: Fri, 6 Sep 2019 14:22:46 +0200 +Subject: [PATCH] Restore users/perms/policies even if starting in a single + node mode + +See https://bugzilla.redhat.com/1744467#c1 + +Signed-off-by: Peter Lemenkov +--- + heartbeat/rabbitmq-cluster | 109 ++++++++++++++++++++----------------- + 1 file changed, 58 insertions(+), 51 deletions(-) + +diff --git a/heartbeat/rabbitmq-cluster b/heartbeat/rabbitmq-cluster +index cf8ca21a6..7837e9e3c 100755 +--- a/heartbeat/rabbitmq-cluster ++++ b/heartbeat/rabbitmq-cluster +@@ -114,6 +114,62 @@ rmq_wipe_data() + rm -rf $RMQ_DATA_DIR > /dev/null 2>&1 + } + ++rmq_restore_users_perms_policies() ++{ ++ # Restore users, user permissions, and policies (if any) ++ BaseDataDir=`dirname $RMQ_DATA_DIR` ++ $RMQ_EVAL " ++ %% Run only if Mnesia is ready. ++ lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso ++ begin ++ Restore = fun(Table, PostprocessFun, Filename) -> ++ case file:consult(Filename) of ++ {error, _} -> ++ ok; ++ {ok, [Result]} -> ++ lists:foreach(fun(X) -> mnesia:dirty_write(Table, PostprocessFun(X)) end, Result), ++ file:delete(Filename) ++ end ++ end, ++ ++ %% Restore users ++ ++ Upgrade = fun ++ ({internal_user, A, B, C}) -> {internal_user, A, B, C, rabbit_password_hashing_md5}; ++ ({internal_user, A, B, C, D}) -> {internal_user, A, B, C, D} ++ end, ++ ++ Downgrade = fun ++ ({internal_user, A, B, C}) -> {internal_user, A, B, C}; ++ ({internal_user, A, B, C, rabbit_password_hashing_md5}) -> {internal_user, A, B, C}; ++ %% Incompatible scheme, so we will loose user's password ('B' value) during conversion. ++ %% Unfortunately, this case will require manual intervention - user have to run: ++ %% rabbitmqctl change_password ++ ({internal_user, A, B, C, _}) -> {internal_user, A, B, C} ++ end, ++ ++ %% Check db scheme first ++ [WildPattern] = ets:select(mnesia_gvar, [ { {{rabbit_user, wild_pattern}, '\\\$1'}, [], ['\\\$1'] } ]), ++ case WildPattern of ++ %% Version < 3.6.0 ++ {internal_user,'_','_','_'} -> ++ Restore(rabbit_user, Downgrade, \"$BaseDataDir/users.erl\"); ++ %% Version >= 3.6.0 ++ {internal_user,'_','_','_','_'} -> ++ Restore(rabbit_user, Upgrade, \"$BaseDataDir/users.erl\") ++ end, ++ ++ NoOp = fun(X) -> X end, ++ ++ %% Restore user permissions ++ Restore(rabbit_user_permission, NoOp, \"$BaseDataDir/users_perms.erl\"), ++ ++ %% Restore policies ++ Restore(rabbit_runtime_parameters, NoOp, \"$BaseDataDir/policies.erl\") ++ end. ++ " ++} ++ + rmq_local_node() + { + +@@ -411,6 +467,7 @@ rmq_try_start() { + if [ -z "$join_list" ]; then + rmq_start_first + rc=$? ++ rmq_restore_users_perms_policies + return $rc + fi + +@@ -437,58 +494,8 @@ rmq_try_start() { + return $RMQ_TRY_RESTART_ERROR_CODE + fi + +- # Restore users, user permissions, and policies (if any) +- BaseDataDir=`dirname $RMQ_DATA_DIR` +- $RMQ_EVAL " +- %% Run only if Mnesia is ready. +- lists:any(fun({mnesia,_,_}) -> true; ({_,_,_}) -> false end, application:which_applications()) andalso +- begin +- Restore = fun(Table, PostprocessFun, Filename) -> +- case file:consult(Filename) of +- {error, _} -> +- ok; +- {ok, [Result]} -> +- lists:foreach(fun(X) -> mnesia:dirty_write(Table, PostprocessFun(X)) end, Result), +- file:delete(Filename) +- end +- end, ++ rmq_restore_users_perms_policies + +- %% Restore users +- +- Upgrade = fun +- ({internal_user, A, B, C}) -> {internal_user, A, B, C, rabbit_password_hashing_md5}; +- ({internal_user, A, B, C, D}) -> {internal_user, A, B, C, D} +- end, +- +- Downgrade = fun +- ({internal_user, A, B, C}) -> {internal_user, A, B, C}; +- ({internal_user, A, B, C, rabbit_password_hashing_md5}) -> {internal_user, A, B, C}; +- %% Incompatible scheme, so we will loose user's password ('B' value) during conversion. +- %% Unfortunately, this case will require manual intervention - user have to run: +- %% rabbitmqctl change_password +- ({internal_user, A, B, C, _}) -> {internal_user, A, B, C} +- end, +- +- %% Check db scheme first +- [WildPattern] = ets:select(mnesia_gvar, [ { {{rabbit_user, wild_pattern}, '\\\$1'}, [], ['\\\$1'] } ]), +- case WildPattern of +- %% Version < 3.6.0 +- {internal_user,'_','_','_'} -> +- Restore(rabbit_user, Downgrade, \"$BaseDataDir/users.erl\"); +- %% Version >= 3.6.0 +- {internal_user,'_','_','_','_'} -> +- Restore(rabbit_user, Upgrade, \"$BaseDataDir/users.erl\") +- end, +- +- NoOp = fun(X) -> X end, +- +- %% Restore user permissions +- Restore(rabbit_user_permission, NoOp, \"$BaseDataDir/users_perms.erl\"), +- +- %% Restore policies +- Restore(rabbit_runtime_parameters, NoOp, \"$BaseDataDir/policies.erl\") +- end. +- " + return $OCF_SUCCESS + } + diff --git a/SOURCES/bz1751700-IPaddr2-1-sanitize-IPv6-IPs.patch b/SOURCES/bz1751700-IPaddr2-1-sanitize-IPv6-IPs.patch new file mode 100644 index 0000000..74d3628 --- /dev/null +++ b/SOURCES/bz1751700-IPaddr2-1-sanitize-IPv6-IPs.patch @@ -0,0 +1,47 @@ +From 8ecfa95fff384ed047fd804016abdbbdcdd96d27 Mon Sep 17 00:00:00 2001 +From: Keisuke MORI +Date: Wed, 11 Sep 2019 15:33:37 +0900 +Subject: [PATCH] Low: IPaddr2: fix to work properly with unsanitized IPv6 + addresses + +`ip route get` shows the sanitized address at $1 or $2 depending on +the address is already assigned to the node or not. +``` +[root@centos73-1 ~]# /sbin/ip route get 2001:db8:101::0001 +2001:db8:101::1 dev eth1 proto ra src 2001:db8:101:0:XXXX:XXXX:XXXX:XXXX metric 100 +[root@centos73-1 ~]# /sbin/ip addr add 2001:db8:101::0001/64 dev eth1 +[root@centos73-1 ~]# /sbin/ip route get 2001:db8:101::0001 +local 2001:db8:101::1 dev lo table local proto none src 2001:db8:101::1 metric 0 +``` + +It can not be sanitized if the address is unreachable and on the recent distributions +(probably depending on the iproute package version) +``` +[root@centos73-1 ~]# /sbin/ip route get 2001:db8:201::0001 +unreachable 2001:db8:201::1 dev lo table unspec proto kernel src 2001:db8:101:0:XXXX:XXXX:XXXX:XXXX metric 429496 +``` +``` +[root@rhel80-1 ~]# /sbin/ip route get 200:db8:201::0001 +RTNETLINK answers: Network is unreachable +``` +--- + heartbeat/IPaddr2 | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 +index 041ace3a2..4f28ddab6 100755 +--- a/heartbeat/IPaddr2 ++++ b/heartbeat/IPaddr2 +@@ -477,6 +477,12 @@ ip_init() { + fi + else + FAMILY=inet6 ++ # address sanitization defined in RFC5952 ++ SANITIZED_IP=$($IP2UTIL route get $OCF_RESKEY_ip | awk '$1~/:/ {print $1} $2~/:/ {print $2}') ++ if [ -n "$SANITIZED_IP" ]; then ++ OCF_RESKEY_ip="$SANITIZED_IP" ++ fi ++ + if ocf_is_true $OCF_RESKEY_lvs_support ;then + ocf_exit_reason "The IPv6 does not support lvs_support" + exit $OCF_ERR_CONFIGURED diff --git a/SOURCES/bz1751700-IPaddr2-2-return-empty-when-sanitation-fails.patch b/SOURCES/bz1751700-IPaddr2-2-return-empty-when-sanitation-fails.patch new file mode 100644 index 0000000..32f5e06 --- /dev/null +++ b/SOURCES/bz1751700-IPaddr2-2-return-empty-when-sanitation-fails.patch @@ -0,0 +1,22 @@ +From 7eff4e17641cc1463e61d772af16d17264477523 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 12 Sep 2019 12:51:54 +0200 +Subject: [PATCH] IPaddr2: IPv6 return empty string when sanitation fails + +--- + heartbeat/IPaddr2 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 +index 4f28ddab6..1d39ae514 100755 +--- a/heartbeat/IPaddr2 ++++ b/heartbeat/IPaddr2 +@@ -478,7 +478,7 @@ ip_init() { + else + FAMILY=inet6 + # address sanitization defined in RFC5952 +- SANITIZED_IP=$($IP2UTIL route get $OCF_RESKEY_ip | awk '$1~/:/ {print $1} $2~/:/ {print $2}') ++ SANITIZED_IP=$($IP2UTIL route get $OCF_RESKEY_ip 2> /dev/null | awk '$1~/:/ {print $1} $2~/:/ {print $2}') + if [ -n "$SANITIZED_IP" ]; then + OCF_RESKEY_ip="$SANITIZED_IP" + fi diff --git a/SOURCES/bz1751962-nfsserver-1-systemd-perf-improvements.patch b/SOURCES/bz1751962-nfsserver-1-systemd-perf-improvements.patch new file mode 100644 index 0000000..e577a2e --- /dev/null +++ b/SOURCES/bz1751962-nfsserver-1-systemd-perf-improvements.patch @@ -0,0 +1,77 @@ +From 530c48138f7dedaf99ae1ca98865d2f8b7432475 Mon Sep 17 00:00:00 2001 +From: Eberhard Kuemmerle +Date: Thu, 12 Sep 2019 21:10:43 +0200 +Subject: [PATCH] nfsserver: performance improvements for systemd enabled + systems + +> I found two critical actions in the script: +> - systemctl status nfs-server (which also calls journalctl) +> - systemctl list-unit-files + +source: +https://lists.clusterlabs.org/pipermail/developers/2019-September/002214.html +--- + heartbeat/nfsserver | 37 +++++++++++++++++++------------------ + 1 file changed, 19 insertions(+), 18 deletions(-) + +diff --git a/heartbeat/nfsserver b/heartbeat/nfsserver +index bf59da98e..8527a90f3 100755 +--- a/heartbeat/nfsserver ++++ b/heartbeat/nfsserver +@@ -233,24 +233,25 @@ set_exec_mode() + return 0 + fi + +- ## +- # Attempt systemd (with nfs-lock.service). +- ## + if which systemctl > /dev/null 2>&1; then +- if systemctl list-unit-files | grep nfs-server > /dev/null && systemctl list-unit-files | grep nfs-lock > /dev/null; then +- EXEC_MODE=2 +- # when using systemd, the nfs-lock service file handles nfsv3 locking daemons for us. +- return 0 +- fi +- fi ++ if systemctl list-unit-files 'nfs-*' | grep nfs-server > /dev/null; then ++ ++ ## ++ # Attempt systemd (with nfs-lock.service). ++ ## ++ if systemctl list-unit-files 'nfs-*' | grep nfs-lock > /dev/null; then ++ EXEC_MODE=2 ++ # when using systemd, the nfs-lock service file handles nfsv3 locking daemons for us. ++ return 0 ++ fi + +- ## +- # Attempt systemd (with rpc-statd.service). +- ## +- if which systemctl > /dev/null 2>&1; then +- if systemctl list-unit-files | grep nfs-server > /dev/null && systemctl list-unit-files | grep rpc-statd > /dev/null; then +- EXEC_MODE=3 +- return 0 ++ ## ++ # Attempt systemd (with rpc-statd.service). ++ ## ++ if systemctl list-unit-files 'rpc-*' | grep rpc-statd > /dev/null; then ++ EXEC_MODE=3 ++ return 0 ++ fi + fi + fi + +@@ -272,12 +273,12 @@ nfs_exec() + 2) if ! echo $svc | grep -q "\."; then + svc="${svc}.service" + fi +- systemctl $cmd $svc ++ systemctl -n0 $cmd $svc + ;; + 3) if ! echo $svc | grep -q "\."; then + svc="${svc}.service" + fi +- systemctl $cmd $svc ++ systemctl -n0 $cmd $svc + ;; + esac + } diff --git a/SOURCES/bz1751962-nfsserver-2-systemd-use-no-legend.patch b/SOURCES/bz1751962-nfsserver-2-systemd-use-no-legend.patch new file mode 100644 index 0000000..bbdc807 --- /dev/null +++ b/SOURCES/bz1751962-nfsserver-2-systemd-use-no-legend.patch @@ -0,0 +1,38 @@ +From ca9d2f9c2d23a9dc783e0d52419790d0d441232c Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 24 Sep 2019 09:12:47 +0200 +Subject: [PATCH] nfsserver: use "--no-legend" for systemctl "list-unit-files" + calls + +--- + heartbeat/nfsserver | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/nfsserver b/heartbeat/nfsserver +index 8527a90f3..acef0147a 100755 +--- a/heartbeat/nfsserver ++++ b/heartbeat/nfsserver +@@ -234,12 +234,12 @@ set_exec_mode() + fi + + if which systemctl > /dev/null 2>&1; then +- if systemctl list-unit-files 'nfs-*' | grep nfs-server > /dev/null; then ++ if systemctl --no-legend list-unit-files 'nfs-*' | grep nfs-server > /dev/null; then + + ## + # Attempt systemd (with nfs-lock.service). + ## +- if systemctl list-unit-files 'nfs-*' | grep nfs-lock > /dev/null; then ++ if systemctl --no-legend list-unit-files 'nfs-*' | grep nfs-lock > /dev/null; then + EXEC_MODE=2 + # when using systemd, the nfs-lock service file handles nfsv3 locking daemons for us. + return 0 +@@ -248,7 +248,7 @@ set_exec_mode() + ## + # Attempt systemd (with rpc-statd.service). + ## +- if systemctl list-unit-files 'rpc-*' | grep rpc-statd > /dev/null; then ++ if systemctl --no-legend list-unit-files 'rpc-*' | grep rpc-statd > /dev/null; then + EXEC_MODE=3 + return 0 + fi diff --git a/SOURCES/bz1755760-NovaEvacuate-evacuate_delay.patch b/SOURCES/bz1755760-NovaEvacuate-evacuate_delay.patch new file mode 100644 index 0000000..9b429d7 --- /dev/null +++ b/SOURCES/bz1755760-NovaEvacuate-evacuate_delay.patch @@ -0,0 +1,50 @@ +From 8b9c49fd965f73709d5a6e2c21987ba26af4856b Mon Sep 17 00:00:00 2001 +From: Luca Miccini +Date: Wed, 25 Sep 2019 17:12:39 +0200 +Subject: [PATCH] Add a configurable delay to Nova Evacuate calls + +In case /var/lib/nova/instances resides on NFS we have seen migrations +failing with 'Failed to get "write" lock - Is another process using the +image' errors. + +This has been tracked down to grace/lease timeouts not having expired +before attempting the migration/evacuate, so in this cases it might be +desirable to delay the nova evacuate call to give the storage time to +release the locks. + +Change-Id: Ie2fe784202d754eda38092479b1ab3ff4d02136a +Resolves: rhbz#1740069 +--- + +diff --git a/heartbeat/NovaEvacuate b/heartbeat/NovaEvacuate +index 810f30a..596f520 100644 +--- a/heartbeat/NovaEvacuate ++++ b/heartbeat/NovaEvacuate +@@ -125,6 +125,15 @@ + + + ++ ++ ++Allows delaying the nova evacuate API call, e.g. to give a storage array time to clean ++up eventual locks/leases. ++ ++Nova evacuate delay ++ ++ ++ + + + +@@ -216,6 +225,11 @@ + fence_agent="fence_evacuate" + fi + ++ if [ ${OCF_RESKEY_evacuate_delay} != 0 ]; then ++ ocf_log info "Delaying nova evacuate by $OCF_RESKEY_evacuate_delay seconds" ++ sleep ${OCF_RESKEY_evacuate_delay} ++ fi ++ + ocf_log notice "Initiating evacuation of $node with $fence_agent" + $fence_agent ${fence_options} -o status -n ${node} + if [ $? = 1 ]; then diff --git a/SOURCES/bz1757837-IPsrcaddr-fix-regression-without-NetworkManager.patch b/SOURCES/bz1757837-IPsrcaddr-fix-regression-without-NetworkManager.patch new file mode 100644 index 0000000..ed60aca --- /dev/null +++ b/SOURCES/bz1757837-IPsrcaddr-fix-regression-without-NetworkManager.patch @@ -0,0 +1,75 @@ +From 6052e8fd37d23f46db217f915b445c7e67dccb34 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 4 Apr 2019 13:31:27 +0200 +Subject: [PATCH] IPsrcaddr: make proto optional to fix regression when used + without NetworkManager + +--- + heartbeat/IPsrcaddr | 21 +++++++++++++++++---- + 1 file changed, 17 insertions(+), 4 deletions(-) + +diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr +index 4ca3d2364..5a447196e 100755 +--- a/heartbeat/IPsrcaddr ++++ b/heartbeat/IPsrcaddr +@@ -50,12 +50,17 @@ + + ####################################################################### + # Initialization: +- + : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} + . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs + ++# Defaults ++OCF_RESKEY_proto_default="" ++ ++: ${OCF_RESKEY_proto=${OCF_RESKEY_proto_default}} + ####################################################################### + ++[ -z "$OCF_RESKEY_proto" ] && PROTO="" || PROTO="proto $OCF_RESKEY_proto" ++ + USAGE="usage: $0 {start|stop|status|monitor|validate-all|meta-data}"; + + CMDSHOW="$IP2UTIL route show to exact 0.0.0.0/0" +@@ -97,6 +102,14 @@ dotted quad notation 255.255.255.0). + Netmask + + ++ ++ ++ ++Proto to match when finding network. E.g. "kernel". ++ ++Proto ++ ++ + + + +@@ -172,7 +185,7 @@ srca_start() { + rc=$OCF_SUCCESS + ocf_log info "The ip route has been already set.($NETWORK, $INTERFACE, $ROUTE_WO_SRC)" + else +- ip route replace $NETWORK dev $INTERFACE src $1 || \ ++ $IP2UTIL route replace $NETWORK dev $INTERFACE src $1 || \ + errorexit "command 'ip route replace $NETWORK dev $INTERFACE src $1' failed" + + $CMDCHANGE $ROUTE_WO_SRC src $1 || \ +@@ -204,7 +217,7 @@ srca_stop() { + + [ $rc = 2 ] && errorexit "The address you specified to stop does not match the preferred source address" + +- ip route replace $NETWORK dev $INTERFACE || \ ++ $IP2UTIL route replace $NETWORK dev $INTERFACE || \ + errorexit "command 'ip route replace $NETWORK dev $INTERFACE' failed" + + $CMDCHANGE $ROUTE_WO_SRC || \ +@@ -473,7 +486,7 @@ rc=$? + } + + INTERFACE=`echo $findif_out | awk '{print $1}'` +-NETWORK=`ip route list dev $INTERFACE scope link proto kernel match $ipaddress|grep -o '^[^ ]*'` ++NETWORK=`$IP2UTIL route list dev $INTERFACE scope link $PROTO match $ipaddress|grep -m 1 -o '^[^ ]*'` + + case $1 in + start) srca_start $ipaddress diff --git a/SOURCES/bz1764888-exportfs-allow-same-fsid.patch b/SOURCES/bz1764888-exportfs-allow-same-fsid.patch new file mode 100644 index 0000000..93d47af --- /dev/null +++ b/SOURCES/bz1764888-exportfs-allow-same-fsid.patch @@ -0,0 +1,22 @@ +From 9cea030ba6d5c759971873b80d6d97b545ecac39 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 7 Nov 2019 13:03:30 +0100 +Subject: [PATCH] exportfs: allow multiple exports of same directory + +--- + heartbeat/exportfs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/exportfs b/heartbeat/exportfs +index d79aced88..1cabdee70 100755 +--- a/heartbeat/exportfs ++++ b/heartbeat/exportfs +@@ -82,7 +82,7 @@ The directory or directories to export. + + + +- ++ + + The fsid option to pass to exportfs. This can be a unique positive + integer, a UUID (assuredly sans comma characters), or the special string diff --git a/SOURCES/bz1765128-mysql-galera-fix-incorrect-rc.patch b/SOURCES/bz1765128-mysql-galera-fix-incorrect-rc.patch new file mode 100644 index 0000000..9e816bd --- /dev/null +++ b/SOURCES/bz1765128-mysql-galera-fix-incorrect-rc.patch @@ -0,0 +1,46 @@ +From c718050a4a2bb47d640af1d8e19995590755670f Mon Sep 17 00:00:00 2001 +From: Valentin Vidic +Date: Wed, 23 Oct 2019 22:04:44 +0200 +Subject: [PATCH] Low: mysql-common: fix startup check + +PID value is not capture correctly so the startup +fails with the wrong exit code. + +Starting 'mysql' case 8 'check lib file': +Setting agent environment: export OCF_RESKEY_CRM_meta_timeout=15000 +Setting system environment: chmod u-w /var/lib/mysql +Running agent: ./mysql start +ERROR: The agent was hanging, killed it, maybe you damaged the agent or system's environment, see details below: +Oct 23 18:46:06 INFO: MySQL is not running +runuser: warning: cannot change directory to /nonexistent: No such file or directory +runuser: warning: cannot change directory to /nonexistent: No such file or directory +runuser: warning: cannot change directory to /nonexistent: No such file or directory +Oct 23 18:46:06 INFO: MySQL is not running +Oct 23 18:46:08 INFO: MySQL is not running +Oct 23 18:46:10 INFO: MySQL is not running +Oct 23 18:46:12 INFO: MySQL is not running +Oct 23 18:46:14 INFO: MySQL is not running +Oct 23 18:46:16 INFO: MySQL is not running +Oct 23 18:46:18 INFO: MySQL is not running +Oct 23 18:46:20 INFO: MySQL is not running +Oct 23 18:46:22 INFO: MySQL is not running +Oct 23 18:46:24 INFO: MySQL is not running +--- + heartbeat/mysql-common.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/mysql-common.sh b/heartbeat/mysql-common.sh +index d1b1ddb96..4004a6b65 100755 +--- a/heartbeat/mysql-common.sh ++++ b/heartbeat/mysql-common.sh +@@ -239,8 +239,8 @@ mysql_common_start() + --datadir=$OCF_RESKEY_datadir \ + --log-error=$OCF_RESKEY_log \ + $OCF_RESKEY_additional_parameters \ +- $mysql_extra_params >/dev/null 2>&1 & +- pid=$!" ++ $mysql_extra_params >/dev/null 2>&1" & ++ pid=$! + + # Spin waiting for the server to come up. + # Let the CRM/LRM time us out if required. diff --git a/SOURCES/bz1767916-IPaddr2-clusterip-not-supported.patch b/SOURCES/bz1767916-IPaddr2-clusterip-not-supported.patch new file mode 100644 index 0000000..6e8ccfe --- /dev/null +++ b/SOURCES/bz1767916-IPaddr2-clusterip-not-supported.patch @@ -0,0 +1,104 @@ +From 92c49b6f2847546f3f938b10a2a97021774f0be3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20Pokorn=C3=BD?= +Date: Wed, 4 Dec 2019 14:36:59 +0100 +Subject: [PATCH] IPaddr2: ipt_CLUSTERIP "iptables" extension not "nft" backend + compatible +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reference: +https://lists.clusterlabs.org/pipermail/users/2019-December/026674.html +(thread also sketches a future ambition for a [presumably, to revert +the habit of a functional overloading] separate agent to use +"xt_cluster" extension/cluster match). + +Signed-off-by: Jan Pokorný +--- + heartbeat/IPaddr2 | 29 ++++++++++++++++++++++------- + heartbeat/ocf-binaries.in | 2 ++ + 2 files changed, 24 insertions(+), 7 deletions(-) + +diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 +index 6f8e8c734..db0b0e547 100755 +--- a/heartbeat/IPaddr2 ++++ b/heartbeat/IPaddr2 +@@ -123,6 +123,8 @@ VLDIR=$HA_RSCTMP + SENDARPPIDDIR=$HA_RSCTMP + CIP_lockfile=$HA_RSCTMP/IPaddr2-CIP-${OCF_RESKEY_ip} + ++IPADDR2_CIP_IPTABLES=$IPTABLES ++ + ####################################################################### + + meta_data() { +@@ -138,11 +140,21 @@ It can add an IP alias, or remove one. + In addition, it can implement Cluster Alias IP functionality + if invoked as a clone resource. + +-If used as a clone, you should explicitly set clone-node-max >= 2, ++If used as a clone, "shared address with a trivial, stateless ++(autonomous) load-balancing/mutual exclusion on ingress" mode gets ++applied (as opposed to "assume resource uniqueness" mode otherwise). ++For that, Linux firewall (kernel and userspace) is assumed, and since ++recent distributions are ambivalent in plain "iptables" command to ++particular back-end resolution, "iptables-legacy" (when present) gets ++prioritized so as to avoid incompatibilities (note that respective ++ipt_CLUSTERIP firewall extension in use here is, at the same time, ++marked deprecated, yet said "legacy" layer can make it workable, ++literally, to this day) with "netfilter" one (as in "iptables-nft"). ++In that case, you should explicitly set clone-node-max >= 2, + and/or clone-max < number of nodes. In case of node failure, + clone instances need to be re-allocated on surviving nodes. +-This would not be possible if there is already an instance on those nodes, +-and clone-node-max=1 (which is the default). ++This would not be possible if there is already an instance ++on those nodes, and clone-node-max=1 (which is the default). + + + Manages virtual IPv4 and IPv6 addresses (Linux specific version) +@@ -995,7 +1007,7 @@ ip_start() { + + if [ -n "$IP_CIP" ] && ([ $ip_status = "no" ] || [ $ip_status = "partial2" ]); then + $MODPROBE ip_conntrack +- $IPTABLES -I INPUT -d $OCF_RESKEY_ip -i $NIC -j CLUSTERIP \ ++ $IPADDR2_CIP_IPTABLES -I INPUT -d $OCF_RESKEY_ip -i $NIC -j CLUSTERIP \ + --new \ + --clustermac $IF_MAC \ + --total-nodes $IP_INC_GLOBAL \ +@@ -1089,7 +1101,7 @@ ip_stop() { + i=1 + while [ $i -le $IP_INC_GLOBAL ]; do + ocf_log info $i +- $IPTABLES -D INPUT -d $OCF_RESKEY_ip -i $NIC -j CLUSTERIP \ ++ $IPADDR2_CIP_IPTABLES -D INPUT -d $OCF_RESKEY_ip -i $NIC -j CLUSTERIP \ + --new \ + --clustermac $IF_MAC \ + --total-nodes $IP_INC_GLOBAL \ +@@ -1186,8 +1198,11 @@ ip_validate() { + set_send_arp_program + + if [ -n "$IP_CIP" ]; then +- check_binary $IPTABLES +- check_binary $MODPROBE ++ if have_binary "$IPTABLES_LEGACY"; then ++ IPADDR2_CIP_IPTABLES="$IPTABLES_LEGACY" ++ fi ++ check_binary "$IPADDR2_CIP_IPTABLES" ++ check_binary $MODPROBE + fi + + # $BASEIP, $NETMASK, $NIC , $IP_INC_GLOBAL, and $BRDCAST have been checked within ip_init, +diff --git a/heartbeat/ocf-binaries.in b/heartbeat/ocf-binaries.in +index 9439ae170..e9bf95fc2 100644 +--- a/heartbeat/ocf-binaries.in ++++ b/heartbeat/ocf-binaries.in +@@ -26,6 +26,8 @@ export PATH + : ${GREP:=grep} + : ${IFCONFIG:=ifconfig} + : ${IPTABLES:=iptables} ++## for cases that are known not to be serviceable with iptables-nft impl. ++: ${IPTABLES_LEGACY:=iptables-legacy} + : ${IP2UTIL:=ip} + : ${MDADM:=mdadm} + : ${MODPROBE:=modprobe} diff --git a/SOURCES/bz1777381-Filesystem-1-refresh-UUID.patch b/SOURCES/bz1777381-Filesystem-1-refresh-UUID.patch new file mode 100644 index 0000000..bd84123 --- /dev/null +++ b/SOURCES/bz1777381-Filesystem-1-refresh-UUID.patch @@ -0,0 +1,33 @@ +From 18888da3ceef7a56388c89a616485fd8faa392cc Mon Sep 17 00:00:00 2001 +From: Roger Zhou +Date: Thu, 14 Nov 2019 17:52:13 +0800 +Subject: [PATCH] Filesystem: refresh UUID in the start phase + +In the case a fresh filesystem is just created from another node on the +shared storage, is not visible yet. Then try partprobe to refresh +/dev/disk/by-uuid/* up to date. + +Signed-off-by: Roger Zhou +--- + heartbeat/Filesystem | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index e66ddc77f..543986441 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -454,6 +454,14 @@ Filesystem_start() + # accordingly + + if [ $blockdevice = "yes" ]; then ++ if [ "$DEVICE" != "/dev/null" -a ! -b "$DEVICE" ] ; then ++ # In the case a fresh filesystem is just created ++ # from another node on the shared storage, and ++ # is not visible yet. Then try partprobe to ++ # refresh /dev/disk/by-uuid/* up to date. ++ have_binary partprobe && partprobe >/dev/null 2>&1 ++ fi ++ + if [ "$DEVICE" != "/dev/null" -a ! -b "$DEVICE" ] ; then + ocf_exit_reason "Couldn't find device [$DEVICE]. Expected /dev/??? to exist" + exit $OCF_ERR_INSTALLED diff --git a/SOURCES/bz1777381-Filesystem-2-udev-settle.patch b/SOURCES/bz1777381-Filesystem-2-udev-settle.patch new file mode 100644 index 0000000..fde7f89 --- /dev/null +++ b/SOURCES/bz1777381-Filesystem-2-udev-settle.patch @@ -0,0 +1,124 @@ +From af39017b9333dcbadee2a15f3829667f2b18fb45 Mon Sep 17 00:00:00 2001 +From: Roger Zhou +Date: Fri, 20 Dec 2019 23:28:45 +0800 +Subject: [PATCH 1/2] Filesystem: respect udevd need time to create UUID + symlinks + +To refresh the filesystem UUID, there is a race condition. partprobe +might return before the UUID symlink get created. Particularly, when the +system has many devices, the udev daemon could need visible time to +process the udev event queue. Hence, wait udev for a moment. + +Signed-off-by: Roger Zhou +--- + heartbeat/Filesystem | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem +index 543986441..c21ad5761 100755 +--- a/heartbeat/Filesystem ++++ b/heartbeat/Filesystem +@@ -460,6 +460,10 @@ Filesystem_start() + # is not visible yet. Then try partprobe to + # refresh /dev/disk/by-uuid/* up to date. + have_binary partprobe && partprobe >/dev/null 2>&1 ++ local timeout ++ timeout=${OCF_RESKEY_CRM_meta_timeout:="60000"} ++ timeout=$((timeout/1000)) ++ have_binary udevadm && udevadm settle -t $timeout --exit-if-exists=$DEVICE + fi + + if [ "$DEVICE" != "/dev/null" -a ! -b "$DEVICE" ] ; then + +From a9fb8077c8201b287ee0486b2a34db4b7d4d8f5d Mon Sep 17 00:00:00 2001 +From: Roger Zhou +Date: Wed, 25 Dec 2019 15:45:03 +0800 +Subject: [PATCH 2/2] Filesystem: add trigger_udev_rules_if_need() for -U, -L, + or /dev/xxx device + +DEVICE parameter of this RA accepts "-U " and "-L