diff --git a/Fix-openstack-info-Ensure-no-newlines-in-openstack.patch b/Fix-openstack-info-Ensure-no-newlines-in-openstack.patch new file mode 100644 index 0000000000000000000000000000000000000000..ad73b541315941ea7fb7ae2ad479623e3ac39110 --- /dev/null +++ b/Fix-openstack-info-Ensure-no-newlines-in-openstack.patch @@ -0,0 +1,59 @@ +From 2d5eaf0d97acb0dda6b5f872653ad66dc1dc8c1d Mon Sep 17 00:00:00 2001 +From: Reid Wahl +Date: Tue, 26 Mar 2024 20:43:19 -0700 +Subject: [PATCH] Fix: openstack-info: Ensure no newlines in openstack_ports + +This makes the openstack_ports variable match the format specified in +the openstack-info metadata (see longdesc). It should be a +comma-separated list of "SUBNET_ID:PORT_ID". It should not be + +SUBNET_A +SUBNET_B:PORT_1,SUBNET_C +SUBNET_D:PORT_2, + +But rather + +SUBNET_A:PORT1,SUBNET_B:PORT1,SUBNET_C:PORT2,SUBNET_D:PORT2 + +The newlines caused parsing issues in an experimental version of +Pacemaker. Pacemaker is being fixed +(https://github.com/ClusterLabs/pacemaker/pull/3395), but this +illustrated an issue in openstack-info that makes parsing rather +precarious. + +openstack-virtual-ip is capable of parsing either format without changes +on a stable release of Pacemaker. + +However, looking ahead, it should be updated to use +"attrd_updater --output-as=xml" to query the attribute, as the XML +output is much easier and more reliable to parse. (It should check the +Pacemaker feature set to determine whether XML output is available for +attrd_updater.) + +Signed-off-by: Reid Wahl +--- + heartbeat/openstack-info.in | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/openstack-info.in b/heartbeat/openstack-info.in +index 6502f1df..876e833c 100755 +--- a/heartbeat/openstack-info.in ++++ b/heartbeat/openstack-info.in +@@ -164,10 +164,12 @@ OSInfoStats() { + --format json \ + --column fixed_ips \ + ${port_id}") +- subnet_id=$(echo "$subnet_result" | ++ subnet_ids=$(echo "$subnet_result" | + grep -P '\"subnet_id\": \".*\",$' | + grep -P -o '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}') +- value="${value}${subnet_id}:${port_id}," ++ for subnet_id in $subnet_ids; do ++ value="${value}${subnet_id}:${port_id}," ++ done + done + value=${value%,} + +-- +2.25.1 + diff --git a/all-agents-remove-S-state-status-that-are-either-ign.patch b/all-agents-remove-S-state-status-that-are-either-ign.patch new file mode 100644 index 0000000000000000000000000000000000000000..5e863a07c8c29288a04dd7f780ef4a02d753755f --- /dev/null +++ b/all-agents-remove-S-state-status-that-are-either-ign.patch @@ -0,0 +1,113 @@ +From f97fee4af31822c40c318562d8cc707ced0aa11c Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 22 Mar 2024 09:09:56 +0100 +Subject: [PATCH] all agents: remove -S state/status that are either ignored, + or give an error message in newer versions of Pacemaker + +--- + heartbeat/SysInfo.in | 2 +- + heartbeat/lxd-info.in | 4 ++-- + heartbeat/machine-info.in | 4 ++-- + heartbeat/openstack-floating-ip | 4 ++-- + heartbeat/openstack-virtual-ip | 4 ++-- + 5 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/heartbeat/SysInfo.in b/heartbeat/SysInfo.in +index c57b7b66..8a268d76 100644 +--- a/heartbeat/SysInfo.in ++++ b/heartbeat/SysInfo.in +@@ -119,7 +119,7 @@ UpdateStat() { + name=$1; shift + value="$*" + echo -e "$name:\t$value" +- ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -S status -n $name -v "$value" ++ ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n $name -v "$value" + } + + SysInfoStats() { +diff --git a/heartbeat/lxd-info.in b/heartbeat/lxd-info.in +index f9fb44ac..88b15e57 100644 +--- a/heartbeat/lxd-info.in ++++ b/heartbeat/lxd-info.in +@@ -89,7 +89,7 @@ END + LXDInfoStats() { + value=$(lxc list|grep -ci RUNNING) + echo -e "lxd_containers:\t$value" +- ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -S status -n lxd_containers -v $value ++ ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n lxd_containers -v $value + } + + LXDInfo_usage() { +@@ -108,7 +108,7 @@ LXDInfo_start() { + + LXDInfo_stop() { + rm -f $OCF_RESKEY_pidfile +- ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -S state -n lxd_containers ++ ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n lxd_containers + exit $OCF_SUCCESS + } + +diff --git a/heartbeat/machine-info.in b/heartbeat/machine-info.in +index bfa7ce5f..6bd328aa 100644 +--- a/heartbeat/machine-info.in ++++ b/heartbeat/machine-info.in +@@ -90,7 +90,7 @@ END + MachineInfoStats() { + value=$(machinectl|awk '/machines listed/ {print $1}') + echo -e "machines:\t$value" +- ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -S status -n machines -v $value ++ ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n machines -v $value + } + + MachineInfo_usage() { +@@ -109,7 +109,7 @@ MachineInfo_start() { + + MachineInfo_stop() { + rm -f $OCF_RESKEY_pidfile +- ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -S state -n machines ++ ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n machines + exit $OCF_SUCCESS + } + +diff --git a/heartbeat/openstack-floating-ip b/heartbeat/openstack-floating-ip +index 7317f19a..a7c07284 100755 +--- a/heartbeat/openstack-floating-ip ++++ b/heartbeat/openstack-floating-ip +@@ -143,13 +143,13 @@ osflip_monitor() { + for port in $node_port_ids ; do + if echo "$result" | grep -q $port ; then + floating_ip=$(echo "$result" | awk '/floating_ip_address/ {print $2}') +- ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -S status -n openstack_floating_ip -v $floating_ip ++ ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n openstack_floating_ip -v $floating_ip + + return $OCF_SUCCESS + fi + done + +- ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -S state -n openstack_floating_ip ++ ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n openstack_floating_ip + ocf_log warn "$OCF_RESKEY_ip_id is not attached to any fixed address" + return $OCF_NOT_RUNNING + } +diff --git a/heartbeat/openstack-virtual-ip b/heartbeat/openstack-virtual-ip +index 361357d5..e54926a0 100755 +--- a/heartbeat/openstack-virtual-ip ++++ b/heartbeat/openstack-virtual-ip +@@ -137,12 +137,12 @@ osvip_monitor() { + --column allowed_address_pairs \ + ${node_port_id}") + if echo "$result" | grep -q "$OCF_RESKEY_ip"; then +- ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -S status -n openstack_virtual_ip -v $OCF_RESKEY_ip ++ ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n openstack_virtual_ip -v $OCF_RESKEY_ip + + return $OCF_SUCCESS + fi + +- ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -S state -n openstack_virtual_ip ++ ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n openstack_virtual_ip + ocf_log warn "$OCF_RESKEY_ip is not attached to any fixed address" + return $OCF_NOT_RUNNING + } +-- +2.25.1 + diff --git a/findifsh-fix-corner-cases.patch b/findifsh-fix-corner-cases.patch new file mode 100644 index 0000000000000000000000000000000000000000..d907a9104f74beff169c2baaf507477d58811f38 --- /dev/null +++ b/findifsh-fix-corner-cases.patch @@ -0,0 +1,28 @@ +From f717b4a3aa83c9124e62716f421b99e314d00233 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 12 Apr 2024 12:23:21 +0200 +Subject: [PATCH] findif.sh: fix corner cases + +--- + heartbeat/findif.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh +index 7c766e6e..13484f82 100644 +--- a/heartbeat/findif.sh ++++ b/heartbeat/findif.sh +@@ -215,9 +215,9 @@ findif() + fi + if [ -n "$nic" ] ; then + # NIC supports more than two. +- set -- $(ip -o -f $family route list match $match $scope | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}') ++ set -- $(ip -o -f $family route list match $match $scope | grep "dev $nic " | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr) + else +- set -- $(ip -o -f $family route list match $match $scope | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}') ++ set -- $(ip -o -f $family route list match $match $scope | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr) + fi + if [ $# = 0 ] ; then + case $OCF_RESKEY_ip in +-- +2.25.1 + diff --git a/nfsserver-fix-server-scope-functionality-for-both-po.patch b/nfsserver-fix-server-scope-functionality-for-both-po.patch new file mode 100644 index 0000000000000000000000000000000000000000..12f3a2850fbdd04c15bf5e86d60ea48e67a75d84 --- /dev/null +++ b/nfsserver-fix-server-scope-functionality-for-both-po.patch @@ -0,0 +1,57 @@ +From a346aae4bee8f53354fa001141057a1c88743ef3 Mon Sep 17 00:00:00 2001 +From: Lars Ellenberg +Date: Tue, 26 Mar 2024 17:43:14 +0100 +Subject: [PATCH] nfsserver: fix "server scope" functionality for both + potentially other dropins AND multiple ExecStart + +986ebe18 (nfsserver: Fix NFSv4 lock failover: set NFS Server Scope (#1688), 2021-10-13) + +Prefixes all `ExecStart=.*` with an unshare --uts. +It did not expect an existing "empty, resetting" `ExecStart=`, though, +and changed that as well. The attempt to fix that with + +806e3fe9 (nfsserver: fix "server scope" functionality to live with additional drop-in files, 2023-02-15) + +it wrong though: it only fixes the _last_ ExecStart found (`|tail -1`). +There may be more than one ExecStart (even though arguable some of them should be ExecStartPost). + +Without the "only last line", it would be a valid fix, +though it would unnecessarily list irrelevant ExecStart lines as well. + +My attempt to fix the fix: +Find the set of `ExecStart=...` lines after the last reset (`ExecStart=`), if any. +Edit in the "unshare uts" prefix into all of those lines. + +(we could also patch only the line containing rpc.nfsd, +but I'm sure some distro will find creative ways to break our assumptions again) +--- + heartbeat/nfsserver | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/heartbeat/nfsserver b/heartbeat/nfsserver +index 8838195a..5793d7a7 100755 +--- a/heartbeat/nfsserver ++++ b/heartbeat/nfsserver +@@ -711,8 +711,17 @@ inject_unshare_uts_name_into_systemd_units () + test -d "$dir" || mkdir -p "$dir" + test -e "$dropin" && rm -f "$dropin" + +- # NOTE: additional ExecStart= might exist in the drop-in files, eg. openSUSE +- edited_exec_start=$(systemctl cat $svc | sed -ne "s#^ExecStart=\\([-+:!@]*\\)\\(.\+\\)#ExecStart=\\1/usr/bin/unshare --uts /bin/sh -c 'hostname \${NFS_SERVER_SCOPE}; exec \"\$@\"' -- \\2#p" | tail -1) ++ # NOTE: multiple ExecStart may exist, ++ # even additional `ExecStart=` to reset the list might exist in the drop-in files. ++ # We are interested in only the "currently relevant" set of ExecStart. ++ local unshare_uts_set_hostname='/usr/bin/unshare --uts /bin/sh -c '\''hostname ${NFS_SERVER_SCOPE}; exec "$@"'\'' -- ' ++ edited_exec_start=$(systemctl cat $svc \ ++ | sed -n \ ++ -e '/^ExecStart=/ H;' \ ++ -e '/^ExecStart=[[:space:]]*$/ {s/.*//;h};' \ ++ -e '${g;s/^\n//;p}' \ ++ | sed -e 's#^\(ExecStart=[-+:!@]*\)\(.\+\)#\1'"$unshare_uts_set_hostname"'\2#' ++ ) + + cat > "$dropin" <<___ + [Service] +-- +2.25.1 + diff --git a/portblock-remove-write-to-tcp_tw_recycle.patch b/portblock-remove-write-to-tcp_tw_recycle.patch new file mode 100644 index 0000000000000000000000000000000000000000..5e0bb4fa3f908b9ad5a3f5f53a55f7dc56ac3b57 --- /dev/null +++ b/portblock-remove-write-to-tcp_tw_recycle.patch @@ -0,0 +1,56 @@ +From c448ca01367916741662b9e6af54d5d3f189d4fa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christoph=20B=C3=B6hmwalder?= + +Date: Mon, 25 Mar 2024 15:39:44 +0100 +Subject: [PATCH 1/3] portblock: remove write to tcp_tw_recycle + +Currently, the portblock resource agent enables the +net.ipv4.tcp_tw_recycle option before sending a tickle ACK packet. + +This option is supposed to recycle TCP sockets that are left in the +TIME_WAIT state. On the host that initiates the closing of a TCP +connection, a socket will be left in this state for about 60 seconds +before it finally gets removed (and freed up for further use). This is +by design, and it is generally considered useful. [0] + +The tcp_tw_recycle option is supposed to shorten the time that a socket +spends in the TIME_WAIT state, allowing its slot to be reused more +quickly. + +Unfortunately, there are no hints left by the previous author about the +rationale behind setting this option. One can only guess that they +somehow managed to exhaust the number of TCP sockets during testing, and +setting this option resolved that immediate issue. It is not entirely +clear how this would happen in an actual real-world scenario, since it +would require many switchovers in a relatively short period of time. + +The problem is that this option has been completely broken starting from +Linux 4.10 (since it started randomizing TCP timestamp offsets), and +even before that for NAT connections. + +Finally, the option has been completely removed in Linux 4.12, which now +leads to annoying "No such file or directory" errors whenever the +portblock agent runs on a semi-modern kernel. + +Thus, remove the line enabling the option. + +[0] https://vincent.bernat.ch/en/blog/2014-tcp-time-wait-state-linux +--- + heartbeat/portblock | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/heartbeat/portblock b/heartbeat/portblock +index 7b9f5ca3..e88ecc2a 100755 +--- a/heartbeat/portblock ++++ b/heartbeat/portblock +@@ -328,7 +328,6 @@ save_tcp_connections() + tickle_remote() + { + [ -z "$OCF_RESKEY_tickle_dir" ] && return +- echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle + f=$OCF_RESKEY_tickle_dir/$OCF_RESKEY_ip + [ -r $f ] || return + $TICKLETCP -n 3 < $f +-- +2.25.1 + diff --git a/resource-agents.spec b/resource-agents.spec index 1f01bf9fd8679e7598545f584054d5ee2cf66387..e100ff0ec327bae755080f54366b2a3a953a27e3 100644 --- a/resource-agents.spec +++ b/resource-agents.spec @@ -1,7 +1,7 @@ Name: resource-agents Summary: Open Source HA Reusable Cluster Resource Scripts Version: 4.13.0 -Release: 11 +Release: 16 License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/resource-agents Source0: https://github.com/ClusterLabs/resource-agents/archive/v%{version}.tar.gz @@ -16,6 +16,11 @@ Patch0007: Fix-docker-RA-behavior-when-Docker-isn-t-running.patch Patch0008: Low-IPaddr2-Remove-stray-backslash.patch Patch0009: Doc-Delay-Drop-old-comments.patch Patch0010: portblock-accept-numeric-protocol-from-iptables.patch +Patch0011: all-agents-remove-S-state-status-that-are-either-ign.patch +Patch0012: nfsserver-fix-server-scope-functionality-for-both-po.patch +Patch0013: Fix-openstack-info-Ensure-no-newlines-in-openstack.patch +Patch0014: portblock-remove-write-to-tcp_tw_recycle.patch +Patch0015: findifsh-fix-corner-cases.patch Obsoletes: heartbeat-resources <= %{version} Provides: heartbeat-resources = %{version} BuildRequires: automake autoconf pkgconfig gcc perl-interpreter perl-generators python3-devel @@ -113,6 +118,21 @@ export CFLAGS="$(echo '%{optflags}')" %{_mandir}/man8/{ocf-tester.8*,ldirectord.8*} %changelog +* Wed Apr 17 2024 bixiaoyan - 4.13.0-16 +- findif.sh: fix corner cases + +* Wed Apr 10 2024 bixiaoyan - 4.13.0-15 +- portblock: remove write to tcp_tw_recycle + +* Wed Apr 10 2024 bixiaoyan - 4.13.0-14 +- Fix: openstack-info: Ensure no newlines in openstack_ports + +* Mon Apr 08 2024 zouzhimin - 4.13.0-13 +- nfsserver: fix "server scope" functionality for both potentially other dropins AND multiple ExecStart + +* Fri Mar 29 2024 zouzhimin - 4.13.0-12 +- all agents: remove -S state/status that are either ignored + * Mon Mar 25 2024 bixiaoyan - 4.13.0-11 - portblock: accept numeric protocol from iptables