diff --git a/backport-AWS-agents-reuse-IMDS-token-until-it-expires-issue-1.patch b/backport-AWS-agents-reuse-IMDS-token-until-it-expires-issue-1.patch deleted file mode 100644 index 274e66546894c7f2c444f378ee8f576df6048b59..0000000000000000000000000000000000000000 --- a/backport-AWS-agents-reuse-IMDS-token-until-it-expires-issue-1.patch +++ /dev/null @@ -1,267 +0,0 @@ -From bfad7ecd6f968c35544dc1d115c32d9730d63267 Mon Sep 17 00:00:00 2001 -From: harshkiprofile <83770157+harshkiprofile@users.noreply.github.com> -Date: Wed, 6 Nov 2024 14:54:43 +0530 -Subject: [PATCH 6/6] AWS agents: reuse IMDS token until it expires (issue - #1990) (#1991) - -* Introduce a new shell function to reuse IMDS token -* Utilize the get_token function to reuse the token -* Move token renewal function to aws.sh for reuse in AWS agent scripts ---- - doc/man/Makefile.am | 2 +- - heartbeat/Makefile.am | 1 + - heartbeat/aws-vpc-move-ip | 7 ++---- - heartbeat/aws-vpc-route53.in | 7 ++---- - heartbeat/aws.sh | 46 ++++++++++++++++++++++++++++++++++++ - heartbeat/awseip | 7 ++---- - heartbeat/awsvip | 7 ++---- - heartbeat/ocf-shellfuncs.in | 2 +- - 8 files changed, 57 insertions(+), 22 deletions(-) - create mode 100644 heartbeat/aws.sh - -diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am -index ef7639bf..447f5cba 100644 ---- a/doc/man/Makefile.am -+++ b/doc/man/Makefile.am -@@ -42,7 +42,7 @@ radir = $(abs_top_builddir)/heartbeat - # required for out-of-tree build - symlinkstargets = \ - ocf-distro ocf.py ocf-rarun ocf-returncodes \ -- findif.sh apache-conf.sh http-mon.sh mysql-common.sh \ -+ findif.sh apache-conf.sh aws.sh http-mon.sh mysql-common.sh \ - nfsserver-redhat.sh openstack-common.sh ora-common.sh - - preptree: -diff --git a/heartbeat/Makefile.am b/heartbeat/Makefile.am -index 40984797..8352f3a3 100644 ---- a/heartbeat/Makefile.am -+++ b/heartbeat/Makefile.am -@@ -218,6 +218,7 @@ ocfcommon_DATA = ocf-shellfuncs \ - ocf-rarun \ - ocf-distro \ - apache-conf.sh \ -+ aws.sh \ - http-mon.sh \ - sapdb-nosha.sh \ - sapdb.sh \ -diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip -index 6115e5ba..3aa9ceb0 100755 ---- a/heartbeat/aws-vpc-move-ip -+++ b/heartbeat/aws-vpc-move-ip -@@ -33,6 +33,7 @@ - - : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} - . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs -+. ${OCF_FUNCTIONS_DIR}/aws.sh - - # Defaults - OCF_RESKEY_awscli_default="/usr/bin/aws" -@@ -47,8 +48,6 @@ OCF_RESKEY_interface_default="eth0" - OCF_RESKEY_iflabel_default="" - OCF_RESKEY_monapi_default="false" - OCF_RESKEY_lookup_type_default="InstanceId" --OCF_RESKEY_curl_retries_default="3" --OCF_RESKEY_curl_sleep_default="1" - - : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} - : ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}} -@@ -62,8 +61,6 @@ OCF_RESKEY_curl_sleep_default="1" - : ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}} - : ${OCF_RESKEY_monapi=${OCF_RESKEY_monapi_default}} - : ${OCF_RESKEY_lookup_type=${OCF_RESKEY_lookup_type_default}} --: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}} --: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}} - ####################################################################### - - -@@ -270,7 +267,7 @@ ec2ip_validate() { - fi - fi - -- TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token") -+ TOKEN=$(get_token) - [ $? -ne 0 ] && exit $OCF_ERR_GENERIC - EC2_INSTANCE_ID=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/instance-id") - [ $? -ne 0 ] && exit $OCF_ERR_GENERIC -diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in -index eba2ed95..85c8de3c 100644 ---- a/heartbeat/aws-vpc-route53.in -+++ b/heartbeat/aws-vpc-route53.in -@@ -43,6 +43,7 @@ - - : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} - . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs -+. ${OCF_FUNCTIONS_DIR}/aws.sh - - # Defaults - OCF_RESKEY_awscli_default="/usr/bin/aws" -@@ -53,8 +54,6 @@ OCF_RESKEY_hostedzoneid_default="" - OCF_RESKEY_fullname_default="" - OCF_RESKEY_ip_default="local" - OCF_RESKEY_ttl_default=10 --OCF_RESKEY_curl_retries_default="3" --OCF_RESKEY_curl_sleep_default="1" - - : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} - : ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}} -@@ -64,8 +63,6 @@ OCF_RESKEY_curl_sleep_default="1" - : ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}} - : ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}} - : ${OCF_RESKEY_ttl:=${OCF_RESKEY_ttl_default}} --: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}} --: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}} - - usage() { - cat <<-EOT -@@ -377,7 +374,7 @@ r53_monitor() { - _get_ip() { - case $OCF_RESKEY_ip in - local|public) -- TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: 21600'" "http://169.254.169.254/latest/api/token") -+ TOKEN=$(get_token) - [ $? -ne 0 ] && exit $OCF_ERR_GENERIC - IPADDRESS=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -s -H 'X-aws-ec2-metadata-token: $TOKEN'" "http://169.254.169.254/latest/meta-data/${OCF_RESKEY_ip}-ipv4") - [ $? -ne 0 ] && exit $OCF_ERR_GENERIC -diff --git a/heartbeat/aws.sh b/heartbeat/aws.sh -new file mode 100644 -index 00000000..c77f93b9 ---- /dev/null -+++ b/heartbeat/aws.sh -@@ -0,0 +1,46 @@ -+#!/bin/sh -+# -+# -+# AWS Helper Scripts -+# -+# -+ -+: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} -+. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs -+ -+# Defaults -+OCF_RESKEY_curl_retries_default="3" -+OCF_RESKEY_curl_sleep_default="1" -+ -+: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}} -+: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}} -+ -+# Function to enable reusable IMDS token retrieval for efficient repeated access -+# File to store the token and timestamp -+TOKEN_FILE="${HA_RSCTMP}/.aws_imds_token" -+TOKEN_LIFETIME=21600 # Token lifetime in seconds (6 hours) -+TOKEN_EXPIRY_THRESHOLD=3600 # Renew token if less than 60 minutes (1 hour) remaining -+ -+# Function to fetch a new token -+fetch_new_token() { -+ TOKEN=$(curl_retry "$OCF_RESKEY_curl_retries" "$OCF_RESKEY_curl_sleep" "--show-error -sX PUT -H 'X-aws-ec2-metadata-token-ttl-seconds: $TOKEN_LIFETIME'" "http://169.254.169.254/latest/api/token") -+ echo "$TOKEN $(date +%s)" > "$TOKEN_FILE" -+ echo "$TOKEN" -+} -+ -+# Function to retrieve or renew the token -+get_token() { -+ if [ -f "$TOKEN_FILE" ]; then -+ read -r STORED_TOKEN STORED_TIMESTAMP < "$TOKEN_FILE" -+ CURRENT_TIME=$(date +%s) -+ ELAPSED_TIME=$((CURRENT_TIME - STORED_TIMESTAMP)) -+ -+ if [ "$ELAPSED_TIME" -lt "$((TOKEN_LIFETIME - TOKEN_EXPIRY_THRESHOLD))" ]; then -+ # Token is still valid -+ echo "$STORED_TOKEN" -+ return -+ fi -+ fi -+ # Fetch a new token if not valid -+ fetch_new_token -+} -\ No newline at end of file -diff --git a/heartbeat/awseip b/heartbeat/awseip -index ffb6223a..4b1c3bc6 100755 ---- a/heartbeat/awseip -+++ b/heartbeat/awseip -@@ -38,6 +38,7 @@ - - : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} - . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs -+. ${OCF_FUNCTIONS_DIR}/aws.sh - - ####################################################################### - -@@ -49,16 +50,12 @@ OCF_RESKEY_auth_type_default="key" - OCF_RESKEY_profile_default="default" - OCF_RESKEY_region_default="" - OCF_RESKEY_api_delay_default="3" --OCF_RESKEY_curl_retries_default="3" --OCF_RESKEY_curl_sleep_default="1" - - : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} - : ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}} - : ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}} - : ${OCF_RESKEY_region=${OCF_RESKEY_region_default}} - : ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}} --: ${OCF_RESKEY_curl_retries=${OCF_RESKEY_curl_retries_default}} --: ${OCF_RESKEY_curl_sleep=${OCF_RESKEY_curl_sleep_default}} - - meta_data() { - cat < -Date: Tue, 3 Sep 2024 12:55:28 +0200 -Subject: [PATCH] Filesystem: dont sleep during stop-action when there are no - processes to kill - -Thanks @SatomiOSAWA for the initial code. ---- - heartbeat/Filesystem | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem -index 3eb520e0..f54969f2 100755 ---- a/heartbeat/Filesystem -+++ b/heartbeat/Filesystem -@@ -685,12 +685,13 @@ signal_processes() { - pids=$(get_pids "$dir") - if [ -z "$pids" ]; then - ocf_log info "No processes on $dir were signalled. force_unmount is set to '$FORCE_UNMOUNT'" -- return -+ return 1 - fi - for pid in $pids; do - ocf_log info "sending signal $sig to: $(ps -f $pid | tail -1)" - kill -s $sig $pid - done -+ return 0 - } - try_umount() { - local SUB="$1" -@@ -717,12 +718,13 @@ timeout_child() { - return $ret - } - fs_stop_loop() { -- local SUB="$1" signals="$2" sig -+ local SUB="$1" signals="$2" sig send_signal - while true; do -+ send_signal=false - for sig in $signals; do -- signal_processes "$SUB" $sig -+ signal_processes "$SUB" $sig && send_signal=true - done -- sleep $OCF_RESKEY_signal_delay -+ $send_signal && sleep $OCF_RESKEY_signal_delay - try_umount "$SUB" && return $OCF_SUCCESS - done - } --- -2.25.1 - diff --git a/backport-Filesystem-on-stop-try-umount-directly-before-scanni.patch b/backport-Filesystem-on-stop-try-umount-directly-before-scanni.patch deleted file mode 100644 index c7a13951a06b768bc48dfe65beeb0b95b0333fbe..0000000000000000000000000000000000000000 --- a/backport-Filesystem-on-stop-try-umount-directly-before-scanni.patch +++ /dev/null @@ -1,49 +0,0 @@ -From f02afd0fadb581ca0fc9798beaf28044cf211200 Mon Sep 17 00:00:00 2001 -From: Lars Ellenberg -Date: Wed, 18 Sep 2024 11:53:52 +0200 -Subject: [PATCH] Filesystem: on stop, try umount directly, before scanning for - users - -48ed6e6d (Filesystem: improve stop-action and allow setting term/kill signals and signal_delay for large filesystems, 2023-07-04) -changed the logic from -"try umount; if that fails, find and kill users; repeat" to -"try to find and kill users; then try umount; repeat" - -But even just walking /proc may take "a long time" on busy systems, -and may still turn up with "no users found". - -It will take even longer for "force_umount=safe" -(observed 8 to 10 seconds just for "get_pids() with "safe" to return nothing) -than for "force_umount=yes" (still ~ 2 to 3 seconds), -but it will take "a long time" in any case. -(BTW, that may be longer than the hardcoded default of 6 seconds for "fast_stop", -which is also the default on many systems now) - -If the dependencies are properly configured, -there should be no users left, -and the umount should just work. - -Revert back to "try umount first", and only then try to find "rogue" users. ---- - heartbeat/Filesystem | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem -index 4dd962fd..99bddaf6 100755 ---- a/heartbeat/Filesystem -+++ b/heartbeat/Filesystem -@@ -732,6 +732,11 @@ fs_stop() { - local SUB="$1" timeout=$2 grace_time ret - grace_time=$((timeout/2)) - -+ # Just walking /proc may take "a long time", even if we don't find any users of this FS. -+ # If dependencies are properly configured, umount should just work. -+ # Only if that fails, try to find and kill processes that still use it. -+ try_umount "" "$SUB" && return $OCF_SUCCESS -+ - # try gracefully terminating processes for up to half of the configured timeout - fs_stop_loop "" "$SUB" "$OCF_RESKEY_term_signals" & - timeout_child $! $grace_time --- -2.25.1 - diff --git a/backport-Filesystem-only-use-umount_force-after-sending-kill_.patch b/backport-Filesystem-only-use-umount_force-after-sending-kill_.patch deleted file mode 100644 index f3c1b1f000af7c35e8132330a16fcc4347d0ef74..0000000000000000000000000000000000000000 --- a/backport-Filesystem-only-use-umount_force-after-sending-kill_.patch +++ /dev/null @@ -1,60 +0,0 @@ -From cb6aaffc260eea0f0fee6fab44393c6cf12b8a83 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Mon, 9 Sep 2024 10:58:12 +0200 -Subject: [PATCH] Filesystem: only use $umount_force after sending kill_signals - ---- - heartbeat/Filesystem | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem -index f54969f2..4dd962fd 100755 ---- a/heartbeat/Filesystem -+++ b/heartbeat/Filesystem -@@ -694,8 +694,8 @@ signal_processes() { - return 0 - } - try_umount() { -- local SUB="$1" -- $UMOUNT $umount_force "$SUB" -+ local force_arg="$1" SUB="$2" -+ $UMOUNT $force_arg "$SUB" - list_mounts | grep "${TAB}${SUB}${TAB}" >/dev/null 2>&1 || { - ocf_log info "unmounted $SUB successfully" - return $OCF_SUCCESS -@@ -718,14 +718,14 @@ timeout_child() { - return $ret - } - fs_stop_loop() { -- local SUB="$1" signals="$2" sig send_signal -+ local force_arg="$1" SUB="$2" signals="$3" sig send_signal - while true; do - send_signal=false - for sig in $signals; do - signal_processes "$SUB" $sig && send_signal=true - done - $send_signal && sleep $OCF_RESKEY_signal_delay -- try_umount "$SUB" && return $OCF_SUCCESS -+ try_umount "$force_arg" "$SUB" && return $OCF_SUCCESS - done - } - fs_stop() { -@@ -733,13 +733,13 @@ fs_stop() { - grace_time=$((timeout/2)) - - # try gracefully terminating processes for up to half of the configured timeout -- fs_stop_loop "$SUB" "$OCF_RESKEY_term_signals" & -+ fs_stop_loop "" "$SUB" "$OCF_RESKEY_term_signals" & - timeout_child $! $grace_time - ret=$? - [ $ret -eq $OCF_SUCCESS ] && return $ret - - # try killing them for the rest of the timeout -- fs_stop_loop "$SUB" "$OCF_RESKEY_kill_signals" & -+ fs_stop_loop "$umount_force" "$SUB" "$OCF_RESKEY_kill_signals" & - timeout_child $! $grace_time - ret=$? - [ $ret -eq $OCF_SUCCESS ] && return $ret --- -2.25.1 - diff --git a/backport-Filesystem-stop-get_pids-to-be-signaled.patch b/backport-Filesystem-stop-get_pids-to-be-signaled.patch deleted file mode 100644 index 2ad9c35e87d0a175cd6b4573c02d02d2d0e6fd37..0000000000000000000000000000000000000000 --- a/backport-Filesystem-stop-get_pids-to-be-signaled.patch +++ /dev/null @@ -1,56 +0,0 @@ -From b42d698f12aaeb871f4cc6a3c0327a27862b4376 Mon Sep 17 00:00:00 2001 -From: Lars Ellenberg -Date: Wed, 18 Sep 2024 13:42:38 +0200 -Subject: [PATCH] Filesystem: stop/get_pids to be signaled - -The "safe" way to get process ids that may be using a particular filesystem -currently uses shell globs ("find /proc/[0-9]*"). -With a million processes (and/or a less capable shell), -that may result in "Argument list too long". - -Replace with find /proc -path "/proc/[0-9]*" instead. -While at it, also fix the non-posix -or to be -o, -and add explicit grouping parentheses \( \) and explicit -print. - -Add a comment to not include "interesting" characters in mount point names. ---- - heartbeat/Filesystem | 23 ++++++++++++++++++++--- - 1 file changed, 20 insertions(+), 3 deletions(-) - -diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem -index 99bddaf6..3405e2c2 100755 ---- a/heartbeat/Filesystem -+++ b/heartbeat/Filesystem -@@ -669,9 +669,26 @@ get_pids() - $FUSER -Mm $dir 2>/dev/null - fi - elif [ "$FORCE_UNMOUNT" = "safe" ]; then -- procs=$(find /proc/[0-9]*/ -type l -lname "${dir}/*" -or -lname "${dir}" 2>/dev/null | awk -F/ '{print $3}') -- mmap_procs=$(grep " ${dir}/" /proc/[0-9]*/maps | awk -F/ '{print $3}') -- printf "${procs}\n${mmap_procs}" | sort | uniq -+ # Yes, in theory, ${dir} could contain "intersting" characters -+ # and would need to be quoted for glob (find) and regex (grep). -+ # Don't do that, then. -+ -+ # Avoid /proc/[0-9]*, it may cause "Argument list too long". -+ # There are several ways to filter for /proc/ -+ # -mindepth 1 -not -path "/proc/[0-9]*" -prune -o ... -+ # -path "/proc/[!0-9]*" -prune -o ... -+ # -path "/proc/[0-9]*" -a ... -+ # the latter seemd to be significantly faster for this one in my naive test. -+ procs=$(exec 2>/dev/null; -+ find /proc -path "/proc/[0-9]*" -type l \( -lname "${dir}/*" -o -lname "${dir}" \) -print | -+ awk -F/ '{print $3}' | uniq) -+ -+ # This finds both /proc//maps and /proc//task//maps; -+ # if you don't want the latter, add -maxdepth. -+ mmap_procs=$(exec 2>/dev/null; -+ find /proc -path "/proc/[0-9]*/maps" -print | -+ xargs -r grep -l " ${dir}/" | awk -F/ '{print $3}' | uniq) -+ printf "${procs}\n${mmap_procs}" | sort -u - fi - } - --- -2.25.1 - diff --git a/backport-IPaddr2-Fix-bringing-up-device.patch b/backport-IPaddr2-Fix-bringing-up-device.patch deleted file mode 100644 index e17d2917fce897177db052ca982c945d1e3219f5..0000000000000000000000000000000000000000 --- a/backport-IPaddr2-Fix-bringing-up-device.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 4af605b8df2437481431f7478fa53238b73a1d92 Mon Sep 17 00:00:00 2001 -From: Alex Hermann -Date: Fri, 26 Jul 2024 17:12:06 +0200 -Subject: [PATCH] IPaddr2: Fix bringing up device - -The `dev` keyword is sometimes required. ---- - heartbeat/IPaddr2 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 -index fb061609..c53356a9 100755 ---- a/heartbeat/IPaddr2 -+++ b/heartbeat/IPaddr2 -@@ -712,7 +712,7 @@ add_interface () { - ocf_run $cmd || return $OCF_ERR_GENERIC - - msg="Bringing device $iface up" -- cmd="$IP2UTIL link set $iface up" -+ cmd="$IP2UTIL link set dev $iface up" - ocf_log info "$msg" - ocf_run $cmd || return $OCF_ERR_GENERIC - --- -2.25.1 - diff --git a/backport-IPaddr2-add-proto-parameter-to-be-able-to-match-a-sp.patch b/backport-IPaddr2-add-proto-parameter-to-be-able-to-match-a-sp.patch deleted file mode 100644 index 9436e85ad4e0611081b21dce69162ed0b1f322fc..0000000000000000000000000000000000000000 --- a/backport-IPaddr2-add-proto-parameter-to-be-able-to-match-a-sp.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 3e36f7882cff1277a87ac5bee9a37d9c5363c982 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Wed, 18 Sep 2024 10:15:17 +0200 -Subject: [PATCH 06/11] IPaddr2: add proto-parameter to be able to match a - specific route - -Fixes #1976 ---- - heartbeat/IPaddr2 | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 -index c53356a9..e325aa57 100755 ---- a/heartbeat/IPaddr2 -+++ b/heartbeat/IPaddr2 -@@ -72,8 +72,8 @@ - OCF_RESKEY_ip_default="" - OCF_RESKEY_cidr_netmask_default="" - OCF_RESKEY_broadcast_default="" -+OCF_RESKEY_proto_default="" - OCF_RESKEY_iflabel_default="" --OCF_RESKEY_cidr_netmask_default="" - OCF_RESKEY_lvs_support_default=false - OCF_RESKEY_lvs_ipv6_addrlabel_default=true - OCF_RESKEY_lvs_ipv6_addrlabel_value_default=99 -@@ -96,6 +96,7 @@ OCF_RESKEY_network_namespace_default="" - : ${OCF_RESKEY_ip=${OCF_RESKEY_ip_default}} - : ${OCF_RESKEY_cidr_netmask=${OCF_RESKEY_cidr_netmask_default}} - : ${OCF_RESKEY_broadcast=${OCF_RESKEY_broadcast_default}} -+: ${OCF_RESKEY_proto=${OCF_RESKEY_proto_default}} - : ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}} - : ${OCF_RESKEY_lvs_support=${OCF_RESKEY_lvs_support_default}} - : ${OCF_RESKEY_lvs_ipv6_addrlabel=${OCF_RESKEY_lvs_ipv6_addrlabel_default}} -@@ -118,6 +119,8 @@ OCF_RESKEY_network_namespace_default="" - - ####################################################################### - -+[ -z "$OCF_RESKEY_proto" ] && proto="" || proto="proto $OCF_RESKEY_proto" -+ - SENDARP=$HA_BIN/send_arp - SENDUA=$HA_BIN/send_ua - FINDIF=findif -@@ -224,6 +227,14 @@ bits of the interface prefix. - - - -+ -+ -+Proto to match when finding network. E.g. "kernel". -+ -+Proto -+ -+ -+ - - - You can specify an additional label for your IP address here. --- -2.25.1 - diff --git a/backport-IPaddr2-improve-fail-logic-and-check-ip_status-after.patch b/backport-IPaddr2-improve-fail-logic-and-check-ip_status-after.patch deleted file mode 100644 index 58b70991ed4f7cd978bf357ba61e6a14b43a06ed..0000000000000000000000000000000000000000 --- a/backport-IPaddr2-improve-fail-logic-and-check-ip_status-after.patch +++ /dev/null @@ -1,135 +0,0 @@ -From 6fab544e702a7601714cd017aecc00193f23ae72 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Fri, 11 Oct 2024 13:13:10 +0200 -Subject: [PATCH 11/11] IPaddr2: improve fail logic and check ip_status after - adding IP - -* check that the label got applied -* return OCF_ERR_GENERIC to avoid false-positive when IP was manually added before starting the resource -* check ip_status after adding IP to fail without having to wait for the first monitor-action - -Co-authored-by: Evan J. Felix ---- - heartbeat/IPaddr2 | 35 ++++++++++++++++++++++++++--------- - 1 file changed, 26 insertions(+), 9 deletions(-) - -diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 -index e325aa57..27cae2d1 100755 ---- a/heartbeat/IPaddr2 -+++ b/heartbeat/IPaddr2 -@@ -586,7 +586,7 @@ ip_init() { - exit $rc - fi - fi -- -+ - SENDARPPIDFILE="$SENDARPPIDDIR/send_arp-$OCF_RESKEY_ip" - - if [ -n "$IFLABEL" ]; then -@@ -985,6 +985,7 @@ run_send_ua() { - # ok = served (for CIP: + hash bucket) - # partial = served and no hash bucket (CIP only) - # partial2 = served and no CIP iptables rule -+# partial3 = served with no label - # no = nothing - # - ip_served() { -@@ -1002,6 +1003,11 @@ ip_served() { - - if [ -z "$IP_CIP" ]; then - for i in $cur_nic; do -+ # check address label -+ if [ -n "$IFLABEL" ] && [ -z "`$IP2UTIL -o -f $FAMILY addr show $nic label $IFLABEL`" ]; then -+ echo partial3 -+ return 0 -+ fi - # only mark as served when on the same interfaces as $NIC - [ "$i" = "$NIC" ] || continue - echo "ok" -@@ -1065,7 +1071,12 @@ ip_start() { - if [ "$ip_status" = "ok" ]; then - exit $OCF_SUCCESS - fi -- -+ -+ if [ "$ip_status" = "partial3" ]; then -+ ocf_exit_reason "IP $OCF_RESKEY_ip available, but label missing" -+ exit $OCF_ERR_GENERIC -+ fi -+ - if [ -n "$IP_CIP" ] && ([ $ip_status = "no" ] || [ $ip_status = "partial2" ]); then - $MODPROBE ip_conntrack - $IPADDR2_CIP_IPTABLES -I INPUT -d $OCF_RESKEY_ip -i $NIC -j CLUSTERIP \ -@@ -1083,7 +1094,7 @@ ip_start() { - if [ -n "$IP_CIP" ] && [ $ip_status = "partial" ]; then - echo "+$IP_INC_NO" >$IP_CIP_FILE - fi -- -+ - if [ "$ip_status" = "no" ]; then - if ocf_is_true ${OCF_RESKEY_lvs_support}; then - for i in `find_interface $OCF_RESKEY_ip 32`; do -@@ -1094,7 +1105,7 @@ ip_start() { - esac - done - fi -- -+ - add_interface "$OCF_RESKEY_ip" "$NETMASK" "${BRDCAST:-none}" "$NIC" "$IFLABEL" "$METRIC" - rc=$? - -@@ -1102,6 +1113,12 @@ ip_start() { - ocf_exit_reason "Failed to add $OCF_RESKEY_ip" - exit $rc - fi -+ -+ ip_status=`ip_served` -+ if [ "$ip_status" != "ok" ]; then -+ ocf_exit_reason "Failed to add $OCF_RESKEY_ip with error $ip_status" -+ exit $OCF_ERR_GENERIC -+ fi - fi - - case $NIC in -@@ -1134,7 +1151,7 @@ ip_stop() { - ocf_take_lock $CIP_lockfile - ocf_release_lock_on_exit $CIP_lockfile - fi -- -+ - if [ -f "$SENDARPPIDFILE" ] ; then - kill `cat "$SENDARPPIDFILE"` - if [ $? -ne 0 ]; then -@@ -1171,17 +1188,17 @@ ip_stop() { - i=`expr $i + 1` - done - else -- ip_del_if="no" -+ ip_del_if="no" - fi - fi -- -+ - if [ "$ip_del_if" = "yes" ]; then - delete_interface $OCF_RESKEY_ip $NIC $NETMASK - if [ $? -ne 0 ]; then - ocf_exit_reason "Unable to remove IP [${OCF_RESKEY_ip} from interface [ $NIC ]" - exit $OCF_ERR_GENERIC - fi -- -+ - if ocf_is_true ${OCF_RESKEY_lvs_support}; then - restore_loopback "$OCF_RESKEY_ip" - fi -@@ -1200,7 +1217,7 @@ ip_monitor() { - run_arp_sender refresh - return $OCF_SUCCESS - ;; -- partial|no|partial2) -+ no) - exit $OCF_NOT_RUNNING - ;; - *) --- -2.25.1 - diff --git a/backport-IPsrcaddr-specify-dev-for-default-route-as-e.g.-fe80.patch b/backport-IPsrcaddr-specify-dev-for-default-route-as-e.g.-fe80.patch deleted file mode 100644 index d63b2aac541e9b928442215709bf10e039b7c7e0..0000000000000000000000000000000000000000 --- a/backport-IPsrcaddr-specify-dev-for-default-route-as-e.g.-fe80.patch +++ /dev/null @@ -1,39 +0,0 @@ -From f23ae9c1e9ff9a44a053c7c2378975ac5b807478 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Thu, 29 Aug 2024 16:24:02 +0200 -Subject: [PATCH 02/17] IPsrcaddr: specify dev for default route, as e.g. - fe80:: routes can be present on multiple interfaces - ---- - heartbeat/IPsrcaddr | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/heartbeat/IPsrcaddr b/heartbeat/IPsrcaddr -index 1c87d5b7..58d89a28 100755 ---- a/heartbeat/IPsrcaddr -+++ b/heartbeat/IPsrcaddr -@@ -278,8 +278,8 @@ srca_start() { - errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE $PROTO src $1 $METRIC $PREF' failed" - - if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] || [ "$OCF_RESKEY_destination" = "::/0" ]; then -- $CMDCHANGE $ROUTE_WO_SRC $PROTO src $1 || \ -- errorexit "command '$CMDCHANGE $ROUTE_WO_SRC $PROTO src $1' failed" -+ $CMDCHANGE $ROUTE_WO_SRC dev $INTERFACE $PROTO src $1 || \ -+ errorexit "command '$CMDCHANGE $ROUTE_WO_SRC dev $INTERFACE $PROTO src $1' failed" - fi - rc=$? - fi -@@ -322,8 +322,8 @@ srca_stop() { - errorexit "command 'ip route replace $TABLE $NETWORK dev $INTERFACE $OPTS $METRIC $PREF' failed" - - if [ "$OCF_RESKEY_destination" = "0.0.0.0/0" ] || [ "$OCF_RESKEY_destination" = "::/0" ]; then -- $CMDCHANGE $ROUTE_WO_SRC proto static || \ -- errorexit "command '$CMDCHANGE $ROUTE_WO_SRC proto static' failed" -+ $CMDCHANGE $ROUTE_WO_SRC dev $INTERFACE proto static || \ -+ errorexit "command '$CMDCHANGE $ROUTE_WO_SRC dev $INTERFACE proto static' failed" - fi - - return $? --- -2.33.1.windows.1 - diff --git a/backport-apache-http-mon_sh-change-curl-opts-to-match-wget.patch b/backport-apache-http-mon_sh-change-curl-opts-to-match-wget.patch deleted file mode 100644 index a19ec69d335aac49b8ffba486b64d57bf698f418..0000000000000000000000000000000000000000 --- a/backport-apache-http-mon_sh-change-curl-opts-to-match-wget.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 72f8ce893664640745ff277247e7be7fddfd20e7 Mon Sep 17 00:00:00 2001 -From: Athos Ribeiro -Date: Wed, 4 Sep 2024 17:38:47 -0300 -Subject: [PATCH 05/17] apache/http-mon.sh: change curl opts to match wget - -curl was recently moved to be de default http client, deprecating wget, -the former preferred one. However, the curl options being used differ -from the ones set for wget, changing the behavior of the agents using -the monitor when using one or the other client. ---- - heartbeat/http-mon.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/heartbeat/http-mon.sh b/heartbeat/http-mon.sh -index 44ca8968..163d70d1 100644 ---- a/heartbeat/http-mon.sh -+++ b/heartbeat/http-mon.sh -@@ -22,7 +22,7 @@ if ocf_is_true "$OCF_RESKEY_use_ipv6" || echo "$STATUSURL" | grep -qs "::"; then - curl_ipv6_opts="-g" - fi - WGETOPTS="-O- -q --no-proxy --bind-address=$bind_address" --CURLOPTS="-o - -Ss -L --interface lo $curl_ipv6_opts" -+CURLOPTS="-o - -Ss -L --noproxy '*' --interface $bind_address $curl_ipv6_opts" - - request_url_header() { - which curl >/dev/null 2>&1 --- -2.33.1.windows.1 - diff --git a/backport-apache-http-mon_sh-doc-curl-as-preferred-client.patch b/backport-apache-http-mon_sh-doc-curl-as-preferred-client.patch deleted file mode 100644 index be5719004550fee9c023c24b53942939796ea9c3..0000000000000000000000000000000000000000 --- a/backport-apache-http-mon_sh-doc-curl-as-preferred-client.patch +++ /dev/null @@ -1,25 +0,0 @@ -From d0f94298153658f384e2d2c45e4c6f6b158582ec Mon Sep 17 00:00:00 2001 -From: Athos Ribeiro -Date: Wed, 4 Sep 2024 18:06:38 -0300 -Subject: [PATCH 06/17] apache/http-mon.sh: doc curl as preferred client - ---- - heartbeat/http-mon.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/heartbeat/http-mon.sh b/heartbeat/http-mon.sh -index 163d70d1..b10930a0 100644 ---- a/heartbeat/http-mon.sh -+++ b/heartbeat/http-mon.sh -@@ -76,7 +76,7 @@ userdefined() { - # find a good http client - # - findhttpclient() { -- # prefer wget (for historical reasons) -+ # prefer curl (see b2ca07d) - if [ "x$CLIENT" != x ] && which "$CLIENT" >/dev/null 2>&1; then - echo "$CLIENT" - elif which curl >/dev/null 2>&1; then --- -2.33.1.windows.1 - diff --git a/backport-azure-lb-fix-spelling-of-adresses-to-addresses.patch b/backport-azure-lb-fix-spelling-of-adresses-to-addresses.patch deleted file mode 100644 index 2ecc5cbaf193db2e4f932f3401a51ec920ccca57..0000000000000000000000000000000000000000 --- a/backport-azure-lb-fix-spelling-of-adresses-to-addresses.patch +++ /dev/null @@ -1,25 +0,0 @@ -From b9d48abfbc6042767bf6610b61f4c1656d79ee40 Mon Sep 17 00:00:00 2001 -From: Valentin Vidic -Date: Sun, 28 Jul 2024 19:19:01 +0200 -Subject: [PATCH] azure-lb: fix spelling of adresses to addresses - ---- - heartbeat/azure-lb | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/heartbeat/azure-lb b/heartbeat/azure-lb -index 64225264b..adfc61e9e 100755 ---- a/heartbeat/azure-lb -+++ b/heartbeat/azure-lb -@@ -86,9 +86,9 @@ default: Neither -4 nor -6 will be used. The default behavior of socat and nc wi - If net.ipv6.bindv6only = 1 => Listen only on IPv4 addresses - ipv4only: Listen only on IPv4 addresses. - ipv6enable: Enable TCP6 support. -- nc: Listen only on IPv6 adresses independent of net.ipv6.bindv6only -+ nc: Listen only on IPv6 addresses independent of net.ipv6.bindv6only - socat: If net.ipv6.bindv6only = 0 => Listen on both IPv4 and IP6 addresses. -- If net.ipv6.bindv6only = 1 => Listen only on IPv6 adresses. -+ If net.ipv6.bindv6only = 1 => Listen only on IPv6 addresses. - - Usage of IPv4 and IPv6 addresses. - diff --git a/backport-docker-compose-use-docker-compose-when-not-using-old.patch b/backport-docker-compose-use-docker-compose-when-not-using-old.patch deleted file mode 100644 index 6caf6058569f440ed63d24d2d247ed1afe830d00..0000000000000000000000000000000000000000 --- a/backport-docker-compose-use-docker-compose-when-not-using-old.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 33d73b0113b3acf77b8346ceac1bfdcf3cdaebe6 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Fri, 13 Sep 2024 09:41:20 +0200 -Subject: [PATCH 02/10] docker-compose: use "docker compose" when not using - older docker-compose command - ---- - heartbeat/docker-compose | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/heartbeat/docker-compose b/heartbeat/docker-compose -index 696f3a36..9d11ee4b 100755 ---- a/heartbeat/docker-compose -+++ b/heartbeat/docker-compose -@@ -113,9 +113,15 @@ exit $OCF_SUCCESS - if [ -r "$OCF_RESKEY_binpath" -a -x "$OCF_RESKEY_binpath" ]; then - COMMAND="$OCF_RESKEY_binpath" - else -+ OCF_RESKEY_binpath="$OCF_RESKEY_binpath_default" - COMMAND="$OCF_RESKEY_binpath_default" - fi - -+if ! $COMMAND -v 2>&1 | grep -q "^docker-compose version 1\."; then -+ OCF_RESKEY_binpath="${OCF_RESKEY_binpath%%-compose}" -+ COMMAND="$OCF_RESKEY_binpath compose" -+fi -+ - DIR="$OCF_RESKEY_dirpath" - PRE="$(echo ${DIR##*/} | tr A-Z a-z | sed 's/[^a-z0-9]//g')" - YML="$OCF_RESKEY_ymlfile" --- -2.25.1 - diff --git a/backport-findif.sh-ignore-unreachable-blackhole-and-prohibit-.patch b/backport-findif.sh-ignore-unreachable-blackhole-and-prohibit-.patch deleted file mode 100644 index 37393acf003f2bf9a63bb2a0d0527e2ff8c89549..0000000000000000000000000000000000000000 --- a/backport-findif.sh-ignore-unreachable-blackhole-and-prohibit-.patch +++ /dev/null @@ -1,28 +0,0 @@ -From f561e272e9b7fe94ba598b70c6d2f44d034446ed Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Wed, 14 Aug 2024 12:05:54 +0200 -Subject: [PATCH] findif.sh: ignore unreachable, blackhole, and prohibit routes - ---- - heartbeat/findif.sh | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh -index ca5d1a5c..7b817f75 100644 ---- a/heartbeat/findif.sh -+++ b/heartbeat/findif.sh -@@ -218,9 +218,9 @@ findif() - fi - if [ -n "$nic" ] ; then - # NIC supports more than two. -- routematch=$(ip -o -f $family route list match $match $proto $scope | grep "dev $nic " | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr) -+ routematch=$(ip -o -f $family route list match $match $proto $scope | grep -v "^\(unreachable\|prohibit\|blackhole\)" | grep "dev $nic " | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr) - else -- routematch=$(ip -o -f $family route list match $match $proto $scope | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr) -+ routematch=$(ip -o -f $family route list match $match $proto $scope | grep -v "^\(unreachable\|prohibit\|blackhole\)" | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr) - fi - if [ "$family" = "inet6" ]; then - routematch=$(echo "$routematch" | grep -v "^default") --- -2.25.1 - diff --git a/backport-findif.sh-remove-local-proto-to-use-global-proto-fro.patch b/backport-findif.sh-remove-local-proto-to-use-global-proto-fro.patch deleted file mode 100644 index 405b1ed1fa8772e4324ee95c9fe42583f276366d..0000000000000000000000000000000000000000 --- a/backport-findif.sh-remove-local-proto-to-use-global-proto-fro.patch +++ /dev/null @@ -1,25 +0,0 @@ -From db2aa652a846513d124ac445e1d1e16f332adaa1 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Wed, 2 Oct 2024 09:40:55 +0200 -Subject: [PATCH 07/10] findif.sh: remove "local proto" to use global proto - from the agents - ---- - heartbeat/findif.sh | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh -index 7b817f75..2ae91e95 100644 ---- a/heartbeat/findif.sh -+++ b/heartbeat/findif.sh -@@ -196,7 +196,6 @@ findif() - { - local match="$OCF_RESKEY_ip" - local family -- local proto - local scope - local nic="$OCF_RESKEY_nic" - local netmask="$OCF_RESKEY_cidr_netmask" --- -2.25.1 - diff --git a/backport-nfsserver-also-stop-rpc-statd-for-nfsv4_only-to-avoi.patch b/backport-nfsserver-also-stop-rpc-statd-for-nfsv4_only-to-avoi.patch deleted file mode 100644 index eff1e23d52595a68bf33cecb2430c806cbdba6c1..0000000000000000000000000000000000000000 --- a/backport-nfsserver-also-stop-rpc-statd-for-nfsv4_only-to-avoi.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 38eaf00bc81af7530c56eba282918762a47a9326 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Thu, 19 Sep 2024 13:01:53 +0200 -Subject: [PATCH 06/10] nfsserver: also stop rpc-statd for nfsv4_only to avoid - stop failing in some cases - -E.g. nfs_no_notify=true nfsv4_only=true nfs_shared_infodir=/nfsmq/nfsinfo would cause a "Failed to unmount a bind mount" error ---- - heartbeat/nfsserver | 16 +++++++--------- - 1 file changed, 7 insertions(+), 9 deletions(-) - -diff --git a/heartbeat/nfsserver b/heartbeat/nfsserver -index 5793d7a7..fd9268af 100755 ---- a/heartbeat/nfsserver -+++ b/heartbeat/nfsserver -@@ -947,15 +947,13 @@ nfsserver_stop () - sleep 1 - done - -- if ! ocf_is_true "$OCF_RESKEY_nfsv4_only"; then -- nfs_exec stop rpc-statd > /dev/null 2>&1 -- ocf_log info "Stop: rpc-statd" -- rpcinfo -t localhost 100024 > /dev/null 2>&1 -- rc=$? -- if [ "$rc" -eq "0" ]; then -- ocf_exit_reason "Failed to stop rpc-statd" -- return $OCF_ERR_GENERIC -- fi -+ nfs_exec stop rpc-statd > /dev/null 2>&1 -+ ocf_log info "Stop: rpc-statd" -+ rpcinfo -t localhost 100024 > /dev/null 2>&1 -+ rc=$? -+ if [ "$rc" -eq "0" ]; then -+ ocf_exit_reason "Failed to stop rpc-statd" -+ return $OCF_ERR_GENERIC - fi - - nfs_exec stop nfs-idmapd > /dev/null 2>&1 --- -2.25.1 - diff --git a/backport-ocf-shellfuncs-systemd_drop_in-only-if-needed.patch b/backport-ocf-shellfuncs-systemd_drop_in-only-if-needed.patch deleted file mode 100644 index 158c4d49db828f17e1ee0b7e054eb9e940b77492..0000000000000000000000000000000000000000 --- a/backport-ocf-shellfuncs-systemd_drop_in-only-if-needed.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 82958dc115c47232ae0468b1ddf64e728ec325e4 Mon Sep 17 00:00:00 2001 -From: Georg Pfuetzenreuter -Date: Wed, 9 Oct 2024 00:16:44 +0200 -Subject: [PATCH] ocf-shellfuncs: systemd_drop_in only if needed - -Avoid dbus overload upon many simultaneous "daemon-reload" invocations -(when a resource agent using systemd_drop_in() is called multiple times -as part of parallel resource operations in Pacemaker) by skipping the -file creation and reload if the expected data already exists. - -Whilst at it, align the indentation of the heredoc with the other parts -of the function. - -Signed-off-by: Georg Pfuetzenreuter ---- - heartbeat/ocf-shellfuncs.in | 19 +++++++++++-------- - 1 file changed, 11 insertions(+), 8 deletions(-) - -diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in -index 9335cbf0..5c4bb326 100644 ---- a/heartbeat/ocf-shellfuncs.in -+++ b/heartbeat/ocf-shellfuncs.in -@@ -662,14 +662,17 @@ systemd_drop_in() - systemdrundir="/run/systemd/system/resource-agents-deps.target.d" - mkdir -p "$systemdrundir" - conf_file="$systemdrundir/$1.conf" -- cat >"$conf_file" < "$conf_file" <<-EOF -+ [Unit] -+ $conf_line -+ EOF -+ # The information is accessible through systemd API and systemd would -+ # complain about improper permissions. -+ chmod o+r "$conf_file" -+ systemctl daemon-reload -+ fi - } - - # usage: curl_retry RETRIES SLEEP ARGS URL --- -2.25.1 - diff --git a/backport-podman-Improve-handling-of-stopping-container-remova.patch b/backport-podman-Improve-handling-of-stopping-container-remova.patch deleted file mode 100644 index 90dd9e6ef012ae9ec069243fc616d5e4b42bb0c4..0000000000000000000000000000000000000000 --- a/backport-podman-Improve-handling-of-stopping-container-remova.patch +++ /dev/null @@ -1,46 +0,0 @@ -From e3ba7ba866d2d2cd7b1fe37a111445dc3c95182d Mon Sep 17 00:00:00 2001 -From: Antonio Romito -Date: Tue, 10 Sep 2024 14:39:14 +0200 -Subject: [PATCH 02/11] podman: Improve handling of "stopping" container - removal in remove_container() (#1973) - -- Added handling for containers in a stopping state by checking the state and force-removing if necessary. -- Improved log messages to provide clearer information when force removal is needed. - -Related: https://issues.redhat.com/browse/RHEL-58008 ---- - heartbeat/podman | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/heartbeat/podman b/heartbeat/podman -index 53867bff..643ec4d8 100755 ---- a/heartbeat/podman -+++ b/heartbeat/podman -@@ -254,6 +254,13 @@ remove_container() - ocf_run podman rm -v $CONTAINER - rc=$? - if [ $rc -ne 0 ]; then -+ if [ $rc -eq 2 ]; then -+ if podman inspect --format '{{.State.Status}}' $CONTAINER | grep -wq "stopping"; then -+ ocf_log err "Inactive container ${CONTAINER} is stuck in 'stopping' state. Force-remove it." -+ ocf_run podman rm -f $CONTAINER -+ rc=$? -+ fi -+ fi - # due to a podman bug (rhbz#1841485), sometimes a stopped - # container can still be associated with Exec sessions, in - # which case the "podman rm" has to be forced -@@ -517,8 +524,8 @@ podman_stop() - # but the associated container exit code is -1. If that's the case, - # assume there's no failure and continue with the rm as usual. - if [ $rc -eq 125 ] && \ -- podman inspect --format '{{.State.Status}}:{{.State.ExitCode}}' $CONTAINER | grep -wq "stopped:-1"; then -- ocf_log warn "Container ${CONTAINER} had an unexpected stop outcome. Trying to remove it anyway." -+ podman inspect --format '{{.State.Status}}:{{.State.ExitCode}}' $CONTAINER | grep -Eq '^(exited|stopped):-1$'; then -+ ocf_log err "Container ${CONTAINER} had an unexpected stop outcome. Trying to remove it anyway." - else - ocf_exit_reason "Failed to stop container, ${CONTAINER}, based on image, ${OCF_RESKEY_image}." - return $OCF_ERR_GENERIC --- -2.25.1 - diff --git a/backport-powervs-subnet-Add-optional-argument-route_table-196.patch b/backport-powervs-subnet-Add-optional-argument-route_table-196.patch deleted file mode 100644 index 5a0259743c6ce082d5639dafea119d452f5e331e..0000000000000000000000000000000000000000 --- a/backport-powervs-subnet-Add-optional-argument-route_table-196.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 0f701bc874873f1426a6e60b1d96633445ea0631 Mon Sep 17 00:00:00 2001 -From: ehaefele <30649454+ehaefele@users.noreply.github.com> -Date: Wed, 21 Aug 2024 09:37:08 +0200 -Subject: [PATCH 01/17] powervs-subnet: Add optional argument route_table - (#1966) - ---- - heartbeat/powervs-subnet.in | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - -diff --git a/heartbeat/powervs-subnet.in b/heartbeat/powervs-subnet.in -index ec59d5b0..08762306 100755 ---- a/heartbeat/powervs-subnet.in -+++ b/heartbeat/powervs-subnet.in -@@ -63,7 +63,7 @@ class nmcli: - CONN_PREFIX = "VIP_" - DEV_PREFIX = "env" - ROUTING_PRIO = 50 -- ROUTING_TABLE = 500 -+ ROUTING_TABLE = ocf.get_parameter("route_table", 500) - _WAIT_FOR_NIC_SLEEP = 3 - - def __init__(self): -@@ -804,7 +804,7 @@ def start_action( - nic, ip_address, mac, gateway = ws.subnet_add() - - ocf.logger.debug( -- f"start_action: add nmcli connection: nic: {nic}, ip: {ip_address}, mac: {mac}, gateway: {gateway}, jumbo: {ws.jumbo}" -+ f"start_action: add nmcli connection: nic: {nic}, ip: {ip_address}, mac: {mac}, gateway: {gateway}, jumbo: {ws.jumbo}, table {nmcli.ROUTING_TABLE}" - ) - - conn_name = f"{nmcli.CONN_PREFIX}{nic}" -@@ -931,7 +931,7 @@ def validate_all_action( - - res_options = locals() - -- # The class instantation validates the resource agent options and that the instance exists -+ # The class instantiation validates the resource agent options and that the instance exists - try: - # Check instance in local workspace - _ = PowerCloudAPI(**res_options, use_remote_workspace=False) -@@ -982,7 +982,7 @@ def main(): - "powervs-subnet", - shortdesc="Manages moving a Power Virtual Server subnet", - longdesc=agent_description, -- version=1.02, -+ version=1.03, - ) - - agent.add_parameter( -@@ -1083,6 +1083,16 @@ def main(): - default="false", - ) - -+ agent.add_parameter( -+ "route_table", -+ shortdesc="route table ID", -+ longdesc="ID of the route table for the interface. Default is 500.", -+ content_type="string", -+ required=False, -+ default="500", -+ ) -+ -+ - agent.add_action("start", timeout=900, handler=start_action) - agent.add_action("stop", timeout=450, handler=stop_action) - agent.add_action( --- -2.33.1.windows.1 - diff --git a/backport-powervs-subnet-Enable-access-via-private-endpoint-fo.patch b/backport-powervs-subnet-Enable-access-via-private-endpoint-fo.patch deleted file mode 100644 index dedaea922867bebbd85bb9ae4d1a6f06340a176c..0000000000000000000000000000000000000000 --- a/backport-powervs-subnet-Enable-access-via-private-endpoint-fo.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 4533539dbaeb3ae47a4d8dfd0012db4c16b79e00 Mon Sep 17 00:00:00 2001 -From: edmund-haefele -Date: Wed, 4 Sep 2024 09:32:39 +0000 -Subject: [PATCH] powervs-subnet: Enable access via private endpoint for IBM - IAM - ---- - heartbeat/powervs-subnet.in | 15 +++++++++------ - 1 file changed, 9 insertions(+), 6 deletions(-) - -diff --git a/heartbeat/powervs-subnet.in b/heartbeat/powervs-subnet.in -index 08762306..83a468e0 100755 ---- a/heartbeat/powervs-subnet.in -+++ b/heartbeat/powervs-subnet.in -@@ -265,6 +265,7 @@ class PowerCloudAPI: - """Provides methods to manage Power Virtual Server resources through its REST API.""" - - _URL_IAM_GLOBAL = "https://iam.cloud.ibm.com/identity/token" -+ _URL_IAM_PRIVATE = "https://private.iam.cloud.ibm.com/identity/token" - _URL_API_PUBLIC = "https://{}.power-iaas.cloud.ibm.com" - _URL_API_PRIVATE = "https://private.{}.power-iaas.cloud.ibm.com" - _URL_API_BASE = "/pcloud/v1/cloud-instances/{}" -@@ -382,7 +383,7 @@ class PowerCloudAPI: - def _set_token(self): - """Use the stored API key to obtain an IBM Cloud IAM access token.""" - -- url = self._URL_IAM_GLOBAL -+ url = self._URL_IAM - - headers = { - "content-type": "application/x-www-form-urlencoded", -@@ -671,6 +672,9 @@ class PowerCloudAPI: - self._URL_API_PRIVATE if api_type == "private" else self._URL_API_PUBLIC - ) - self._url = url_api_fmt.format(self._res_options["region"]) -+ self._URL_IAM = ( -+ self._URL_IAM_PRIVATE if api_type == "private" else self._URL_IAM_GLOBAL -+ ) - self._base = self._URL_API_BASE.format(self._cloud_instance_id) - self._session = None - -@@ -965,15 +969,14 @@ def main(): - Install with @server group to ensure that NetworkManager settings are correct. - Verify that the NetworkManager-config-server package is installed. - -- 2. IBM Cloud API Key: -+ 2. A two-node cluster that is distributed across two different Power Virtual Server workspaces in two data centers in a region. -+ -+ 3. IBM Cloud API Key: - Create a service API key that is privileged for both Power Virtual Server - workspaces. Save the service API key in a file and copy the file to both - cluster nodes. Use same filename and directory location on both cluster nodes. - Reference the path to the key file in the resource definition. - -- 3. The hostname of the virtual server instances must be same as the name -- of the virtual server instances in the Power Virtual Server workspaces. -- - For comprehensive documentation on implementing high availability for - SAP applications on IBM Power Virtual Server, visit https://cloud.ibm.com/docs/sap?topic=sap-ha-overview. - """) -@@ -982,7 +985,7 @@ def main(): - "powervs-subnet", - shortdesc="Manages moving a Power Virtual Server subnet", - longdesc=agent_description, -- version=1.03, -+ version=1.04, - ) - - agent.add_parameter( --- -2.25.1 - diff --git a/backport-powervs-subnet-Modify-gathering-of-Apikey-calculatio.patch b/backport-powervs-subnet-Modify-gathering-of-Apikey-calculatio.patch deleted file mode 100644 index 6c27996608414a735e9811e27255e81177222d97..0000000000000000000000000000000000000000 --- a/backport-powervs-subnet-Modify-gathering-of-Apikey-calculatio.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 82045adbe11db0288bfe27d34f59e85948483f34 Mon Sep 17 00:00:00 2001 -From: edmund-haefele -Date: Tue, 13 Aug 2024 09:22:37 +0000 -Subject: [PATCH] powervs-subnet: Modify gathering of Apikey, calculation of - timeout. - ---- - heartbeat/powervs-subnet.in | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/heartbeat/powervs-subnet.in b/heartbeat/powervs-subnet.in -index 3d86ae7c9..ec59d5b07 100755 ---- a/heartbeat/powervs-subnet.in -+++ b/heartbeat/powervs-subnet.in -@@ -24,6 +24,7 @@ - - import ipaddress - import json -+import math - import os - import re - import socket -@@ -175,8 +176,7 @@ class nmcli: - - ocf.logger.debug(f"wait_for_nic: args: mac: {mac}, timeout: {timeout} s") - mac_address = mac.upper() -- retries = (timeout // cls._WAIT_FOR_NIC_SLEEP) - 1 -- -+ retries = math.ceil((timeout * 0.95) / cls._WAIT_FOR_NIC_SLEEP) - 1 - for attempt in range(1, retries + 1): - try: - ocf.logger.debug( -@@ -363,8 +363,11 @@ class PowerCloudAPI: - try: - keys = json.loads(f.read()) - # data seems to be in json format -- # return the value of the item with the key 'apikey' -- api_key = keys.get("apikey", keys) -+ # return the value of the item with the key 'Apikey' -+ # backward compatibility: In the past, the key name was 'apikey' -+ api_key = keys.get("Apikey", "") -+ if not api_key: -+ api_key = keys.get("apikey", "") - except ValueError: - # data is text, return as is - api_key = f.read().strip() -@@ -979,7 +982,7 @@ def main(): - "powervs-subnet", - shortdesc="Manages moving a Power Virtual Server subnet", - longdesc=agent_description, -- version=1.01, -+ version=1.02, - ) - - agent.add_parameter( diff --git a/backport-powervs-subnet-dont-require-api_type-as-it-has-a-def.patch b/backport-powervs-subnet-dont-require-api_type-as-it-has-a-def.patch deleted file mode 100644 index cf5a56163cfc1aa146140ec06c1675c1651344c2..0000000000000000000000000000000000000000 --- a/backport-powervs-subnet-dont-require-api_type-as-it-has-a-def.patch +++ /dev/null @@ -1,26 +0,0 @@ -From af95b6dfd267462974a22d67ec1ebaf5fb783a8d Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Tue, 22 Oct 2024 15:22:50 +0200 -Subject: [PATCH 1/6] powervs-subnet: dont require api_type as it has a default - value - ---- - heartbeat/powervs-subnet.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/heartbeat/powervs-subnet.in b/heartbeat/powervs-subnet.in -index 83a468e0..84e86c0c 100755 ---- a/heartbeat/powervs-subnet.in -+++ b/heartbeat/powervs-subnet.in -@@ -1019,7 +1019,7 @@ def main(): - shortdesc="API type", - longdesc="Connect to Power Virtual Server regional endpoints over a public or private network (public|private).", - content_type="string", -- required=True, -+ required=False, - default="private", - ) - --- -2.25.1 - diff --git a/resource-agents.spec b/resource-agents.spec index a9a15a29c722a764640fe8c0b55ee65572983a8a..3cb0df2afeb241d820496a041c18b14d41a6c352 100644 --- a/resource-agents.spec +++ b/resource-agents.spec @@ -1,33 +1,10 @@ Name: resource-agents Summary: Open Source HA Reusable Cluster Resource Scripts -Version: 4.15.1 -Release: 12 +Version: 4.16.0 +Release: 1 License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/resource-agents -Source0: https://github.com/ClusterLabs/resource-agents/archive/v%{version}.tar.gz - -Patch0: backport-IPaddr2-Fix-bringing-up-device.patch -Patch1: backport-azure-lb-fix-spelling-of-adresses-to-addresses.patch -Patch2: backport-powervs-subnet-Modify-gathering-of-Apikey-calculatio.patch -Patch3: backport-findif.sh-ignore-unreachable-blackhole-and-prohibit-.patch -Patch4: backport-powervs-subnet-Add-optional-argument-route_table-196.patch -Patch5: backport-IPsrcaddr-specify-dev-for-default-route-as-e.g.-fe80.patch -Patch6: backport-docker-compose-use-docker-compose-when-not-using-old.patch -Patch7: backport-nfsserver-also-stop-rpc-statd-for-nfsv4_only-to-avoi.patch -Patch8: backport-Filesystem-dont-sleep-during-stop-action-when-there-.patch -Patch9: backport-powervs-subnet-Enable-access-via-private-endpoint-fo.patch -Patch10: backport-IPaddr2-add-proto-parameter-to-be-able-to-match-a-sp.patch -Patch11: backport-podman-Improve-handling-of-stopping-container-remova.patch -Patch12: backport-apache-http-mon_sh-change-curl-opts-to-match-wget.patch -Patch13: backport-apache-http-mon_sh-doc-curl-as-preferred-client.patch -Patch14: backport-IPaddr2-improve-fail-logic-and-check-ip_status-after.patch -Patch15: backport-findif.sh-remove-local-proto-to-use-global-proto-fro.patch -Patch16: backport-Filesystem-only-use-umount_force-after-sending-kill_.patch -Patch17: backport-Filesystem-on-stop-try-umount-directly-before-scanni.patch -Patch18: backport-Filesystem-stop-get_pids-to-be-signaled.patch -Patch19: backport-ocf-shellfuncs-systemd_drop_in-only-if-needed.patch -Patch20: backport-AWS-agents-reuse-IMDS-token-until-it-expires-issue-1.patch -Patch21: backport-powervs-subnet-dont-require-api_type-as-it-has-a-def.patch +Source0: https://github.com/ClusterLabs/resource-agents/releases/tag/v%{version}.tar.gz Obsoletes: heartbeat-resources <= %{version} Provides: heartbeat-resources = %{version} @@ -126,6 +103,9 @@ export CFLAGS="$(echo '%{optflags}')" %{_mandir}/man8/{ocf-tester.8*,ldirectord.8*} %changelog +* Thu Nov 14 2024 bixiaoyan - 4.16.0-1 +- update version to 4.16.0 + * Thu Nov 07 2024 bixiaoyan - 4.15.1-12 - AWS agents: reuse IMDS token until it expires - powervs-subnet: dont require api_type as it has a default value diff --git a/v4.15.1.tar.gz b/v4.15.1.tar.gz deleted file mode 100644 index c5c80a0a7abed3203481b35ef4bf51e47b8ba48b..0000000000000000000000000000000000000000 Binary files a/v4.15.1.tar.gz and /dev/null differ diff --git a/v4.16.0.tar.gz b/v4.16.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..1100a8bf3387f197a1bc04387ffda646b1505d89 Binary files /dev/null and b/v4.16.0.tar.gz differ