diff --git a/SOURCES/RHEL-15302-1-exportfs-make-fsid-optional.patch b/SOURCES/RHEL-15302-1-exportfs-make-fsid-optional.patch new file mode 100644 index 0000000..5cac255 --- /dev/null +++ b/SOURCES/RHEL-15302-1-exportfs-make-fsid-optional.patch @@ -0,0 +1,75 @@ +From b806487ca758fce838c988767556007ecf66a6e3 Mon Sep 17 00:00:00 2001 +From: Roger Zhou +Date: Mon, 10 Apr 2023 18:08:56 +0800 +Subject: [PATCH] exportfs: make the "fsid=" parameter optional + +Based on feedback [1] from the kernel developer @neilbrown regarding the +NFS clustering use case, it has been determined that the fsid= parameter +is now considered optional and safe to omit. + +[1] https://bugzilla.suse.com/show_bug.cgi?id=1201271#c49 +""" +Since some time in 2007 NFS has used the UUID of a filesystem as the +primary identifier for that filesystem, rather than using the device +number. So from that time there should have been reduced need for the +"fsid=" option. Probably there are some filesystems that this didn't +work for. btrfs has been problematic at time, particularly when subvols +are exported. But for quite some years this has all "just worked" at +least for the major filesystems (ext4 xfs btrfs). [...] I would suggest +getting rid of the use of fsid= altogether. [...] I'm confident that it +was no longer an issue in SLE-12 and similarly not in SLE-15. +""" +--- + heartbeat/exportfs | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/heartbeat/exportfs b/heartbeat/exportfs +index 2307a9e67b..435a19646b 100755 +--- a/heartbeat/exportfs ++++ b/heartbeat/exportfs +@@ -82,7 +82,7 @@ The directory or directories to export. + + + +- ++ + + The fsid option to pass to exportfs. This can be a unique positive + integer, a UUID (assuredly sans comma characters), or the special string +@@ -185,6 +185,8 @@ exportfs_methods() { + + reset_fsid() { + CURRENT_FSID=$OCF_RESKEY_fsid ++ [ -z "$CURRENT_FSID" ] && CURRENT_FSID=`echo "$OCF_RESKEY_options" | sed -n 's/.*fsid=\([^,]*\).*/\1/p'` ++ echo $CURRENT_FSID + } + bump_fsid() { + CURRENT_FSID=$((CURRENT_FSID+1)) +@@ -322,7 +324,7 @@ export_one() { + if echo "$opts" | grep fsid >/dev/null; then + #replace fsid in options list + opts=`echo "$opts" | sed "s,fsid=[^,]*,fsid=$(get_fsid),g"` +- else ++ elif [ -n "$OCF_RESKEY_fsid" ]; then + #tack the fsid option onto our options list. + opts="${opts}${sep}fsid=$(get_fsid)" + fi +@@ -448,8 +450,8 @@ exportfs_validate_all () + ocf_exit_reason "$OCF_RESKEY_fsid cannot contain a comma" + return $OCF_ERR_CONFIGURED + fi +- if [ $NUMDIRS -gt 1 ] && +- ! ocf_is_decimal "$OCF_RESKEY_fsid"; then ++ if [ $NUMDIRS -gt 1 ] && [ -n "$(reset_fsid)" ] && ++ ! ocf_is_decimal "$(reset_fsid)"; then + ocf_exit_reason "use integer fsid when exporting multiple directories" + return $OCF_ERR_CONFIGURED + fi +@@ -485,6 +487,6 @@ done + OCF_RESKEY_directory="${directories%% }" + + NUMDIRS=`echo "$OCF_RESKEY_directory" | wc -w` +-OCF_REQUIRED_PARAMS="directory fsid clientspec" ++OCF_REQUIRED_PARAMS="directory clientspec" + OCF_REQUIRED_BINARIES="exportfs" + ocf_rarun $* diff --git a/SOURCES/RHEL-15302-2-ocft-exportfs-remove-fsid-required-test.patch b/SOURCES/RHEL-15302-2-ocft-exportfs-remove-fsid-required-test.patch new file mode 100644 index 0000000..ee3ecca --- /dev/null +++ b/SOURCES/RHEL-15302-2-ocft-exportfs-remove-fsid-required-test.patch @@ -0,0 +1,43 @@ +From 1d1481aa6d848efab4d398ad6e74d80b5b32549f Mon Sep 17 00:00:00 2001 +From: Valentin Vidic +Date: Wed, 1 Nov 2023 18:25:45 +0100 +Subject: [PATCH] exportfs: remove test for "fsid=" parameter + +fsid parameter is now considered optional. +--- + tools/ocft/exportfs | 5 ----- + tools/ocft/exportfs-multidir | 5 ----- + 2 files changed, 10 deletions(-) + +diff --git a/tools/ocft/exportfs b/tools/ocft/exportfs +index 285a4b8ea0..1ec3d4c364 100644 +--- a/tools/ocft/exportfs ++++ b/tools/ocft/exportfs +@@ -28,11 +28,6 @@ CASE "check base env" + Include prepare + AgentRun start OCF_SUCCESS + +-CASE "check base env: no 'OCF_RESKEY_fsid'" +- Include prepare +- Env OCF_RESKEY_fsid= +- AgentRun start OCF_ERR_CONFIGURED +- + CASE "check base env: invalid 'OCF_RESKEY_directory'" + Include prepare + Env OCF_RESKEY_directory=/no_such +diff --git a/tools/ocft/exportfs-multidir b/tools/ocft/exportfs-multidir +index 00e41f0859..ac6d5c7f6a 100644 +--- a/tools/ocft/exportfs-multidir ++++ b/tools/ocft/exportfs-multidir +@@ -28,11 +28,6 @@ CASE "check base env" + Include prepare + AgentRun start OCF_SUCCESS + +-CASE "check base env: no 'OCF_RESKEY_fsid'" +- Include prepare +- Env OCF_RESKEY_fsid= +- AgentRun start OCF_ERR_CONFIGURED +- + CASE "check base env: invalid 'OCF_RESKEY_directory'" + Include prepare + Env OCF_RESKEY_directory=/no_such diff --git a/SOURCES/RHEL-15305-1-findif.sh-fix-loopback-handling.patch b/SOURCES/RHEL-15305-1-findif.sh-fix-loopback-handling.patch new file mode 100644 index 0000000..283f0f2 --- /dev/null +++ b/SOURCES/RHEL-15305-1-findif.sh-fix-loopback-handling.patch @@ -0,0 +1,45 @@ +From e4f84ae185b6943d1ff461d53c7f1b5295783086 Mon Sep 17 00:00:00 2001 +From: Valentin Vidic +Date: Wed, 1 Nov 2023 19:35:21 +0100 +Subject: [PATCH] findif.sh: fix loopback handling + +tools/ocft/IPaddr2 fails the loopback test because of the missing +table local parameter: + +$ ip -o -f inet route list match 127.0.0.3 scope host + +$ ip -o -f inet route list match 127.0.0.3 table local scope host +local 127.0.0.0/8 dev lo proto kernel src 127.0.0.1 + +Also rename the function because it is called only in for the special +loopback address case. +--- + heartbeat/findif.sh | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh +index 5f1c19ec3..7c766e6e0 100644 +--- a/heartbeat/findif.sh ++++ b/heartbeat/findif.sh +@@ -29,10 +29,10 @@ prefixcheck() { + fi + return 0 + } +-getnetworkinfo() ++getloopbackinfo() + { + local line netinfo +- ip -o -f inet route list match $OCF_RESKEY_ip table "${OCF_RESKEY_table:=main}" scope host | (while read line; ++ ip -o -f inet route list match $OCF_RESKEY_ip table local scope host | (while read line; + do + netinfo=`echo $line | awk '{print $2}'` + case $netinfo in +@@ -222,7 +222,7 @@ findif() + if [ $# = 0 ] ; then + case $OCF_RESKEY_ip in + 127.*) +- set -- `getnetworkinfo` ++ set -- `getloopbackinfo` + shift;; + esac + fi diff --git a/SOURCES/RHEL-15305-2-findif.sh-dont-use-table-parameter.patch b/SOURCES/RHEL-15305-2-findif.sh-dont-use-table-parameter.patch new file mode 100644 index 0000000..29dba3b --- /dev/null +++ b/SOURCES/RHEL-15305-2-findif.sh-dont-use-table-parameter.patch @@ -0,0 +1,20 @@ +--- a/heartbeat/findif.sh 2024-02-08 11:31:53.414257686 +0100 ++++ b/heartbeat/findif.sh 2023-11-02 10:20:12.150853167 +0100 +@@ -210,14 +210,14 @@ + fi + findif_check_params $family || return $? + +- if [ -n "$netmask" ] ; then ++ if [ -n "$netmask" ]; then + match=$match/$netmask + fi + if [ -n "$nic" ] ; then + # NIC supports more than two. +- set -- $(ip -o -f $family route list match $match $scope table "${OCF_RESKEY_table:=main}" | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}') ++ set -- $(ip -o -f $family route list match $match $scope | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}') + else +- set -- $(ip -o -f $family route list match $match $scope table "${OCF_RESKEY_table:=main}" | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}') ++ set -- $(ip -o -f $family route list match $match $scope | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}') + fi + if [ $# = 0 ] ; then + case $OCF_RESKEY_ip in diff --git a/SOURCES/RHEL-16248-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-auth_type-role.patch b/SOURCES/RHEL-16248-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-auth_type-role.patch new file mode 100644 index 0000000..7d3256d --- /dev/null +++ b/SOURCES/RHEL-16248-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-auth_type-role.patch @@ -0,0 +1,555 @@ +From f45f76600a7e02c860566db7d1350dc3b09449c2 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 6 Nov 2023 15:49:44 +0100 +Subject: [PATCH] aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type + parameter and AWS Policy based authentication type + +--- + heartbeat/aws-vpc-move-ip | 43 +++++++++++++++++++---- + heartbeat/aws-vpc-route53.in | 47 ++++++++++++++++++++----- + heartbeat/awseip | 68 +++++++++++++++++++++++++++--------- + heartbeat/awsvip | 60 ++++++++++++++++++++++++------- + 4 files changed, 173 insertions(+), 45 deletions(-) + +diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip +index dee040300f..54806f6eaa 100755 +--- a/heartbeat/aws-vpc-move-ip ++++ b/heartbeat/aws-vpc-move-ip +@@ -36,6 +36,7 @@ + + # Defaults + OCF_RESKEY_awscli_default="/usr/bin/aws" ++OCF_RESKEY_auth_type_default="key" + OCF_RESKEY_profile_default="default" + OCF_RESKEY_region_default="" + OCF_RESKEY_ip_default="" +@@ -48,6 +49,7 @@ OCF_RESKEY_monapi_default="false" + OCF_RESKEY_lookup_type_default="InstanceId" + + : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} ++: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}} + : ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}} + : ${OCF_RESKEY_region=${OCF_RESKEY_region_default}} + : ${OCF_RESKEY_ip=${OCF_RESKEY_ip_default}} +@@ -58,8 +60,6 @@ OCF_RESKEY_lookup_type_default="InstanceId" + : ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}} + : ${OCF_RESKEY_monapi=${OCF_RESKEY_monapi_default}} + : ${OCF_RESKEY_lookup_type=${OCF_RESKEY_lookup_type_default}} +- +-[ -n "$OCF_RESKEY_region" ] && region_opt="--region $OCF_RESKEY_region" + ####################################################################### + + +@@ -83,6 +83,10 @@ cat < + Resource Agent to move IP addresses within a VPC of the Amazon Webservices EC2 + by changing an entry in an specific routing table ++ ++Credentials needs to be setup by running "aws configure", or by using AWS Policies. ++ ++See https://aws.amazon.com/cli/ for more information about awscli. + + Move IP within a VPC of the AWS EC2 + +@@ -95,6 +99,15 @@ Path to command line tools for AWS + + + ++ ++ ++Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure", ++or "role" to use AWS Policies. ++ ++Authentication type ++ ++ ++ + + + Valid AWS CLI profile name (see ~/.aws/config and 'aws configure') +@@ -198,7 +211,7 @@ END + execute_cmd_as_role(){ + cmd=$1 + role=$2 +- output="$($OCF_RESKEY_awscli sts assume-role --role-arn $role --role-session-name AWSCLI-RouteTableUpdate --profile $OCF_RESKEY_profile $region_opt --output=text)" ++ output="$($AWSCLI_CMD sts assume-role --role-arn $role --role-session-name AWSCLI-RouteTableUpdate --output=text)" + export AWS_ACCESS_KEY_ID="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $5}')" + export AWS_SECRET_ACCESS_KEY="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $7}')" + export AWS_SESSION_TOKEN="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $8}')" +@@ -220,11 +233,11 @@ ec2ip_set_address_param_compat(){ + } + + ec2ip_validate() { +- for cmd in $OCF_RESKEY_awscli ip curl; do ++ for cmd in "$OCF_RESKEY_awscli" ip curl; do + check_binary "$cmd" + done + +- if [ -z "$OCF_RESKEY_profile" ]; then ++ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then + ocf_exit_reason "profile parameter not set" + return $OCF_ERR_CONFIGURED + fi +@@ -262,7 +275,7 @@ ec2ip_monitor() { + for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do + ocf_log info "monitor: check routing table (API call) - $rtb" + if [ -z "${OCF_RESKEY_routing_table_role}" ]; then +- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type" ++ cmd="$AWSCLI_CMD --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type" + ocf_log debug "executing command: $cmd" + ROUTE_TO_INSTANCE="$($cmd)" + else +@@ -368,7 +381,7 @@ ec2ip_get_and_configure() { + EC2_NETWORK_INTERFACE_ID="$(ec2ip_get_instance_eni)" + for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do + if [ -z "${OCF_RESKEY_routing_table_role}" ]; then +- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID" ++ cmd="$AWSCLI_CMD --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID" + ocf_log debug "executing command: $cmd" + $cmd + else +@@ -475,6 +488,22 @@ if ! ocf_is_root; then + exit $OCF_ERR_PERM + fi + ++AWSCLI_CMD="${OCF_RESKEY_awscli}" ++if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then ++ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}" ++elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then ++ if [ -z "${OCF_RESKEY_region}" ]; then ++ ocf_exit_reason "region needs to be set when using role-based authentication" ++ exit $OCF_ERR_CONFIGURED ++ fi ++else ++ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}" ++ exit $OCF_ERR_CONFIGURED ++fi ++if [ -n "${OCF_RESKEY_region}" ]; then ++ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}" ++fi ++ + ec2ip_set_address_param_compat + + ec2ip_validate +diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in +index 22cbb35833..18ab157e8a 100644 +--- a/heartbeat/aws-vpc-route53.in ++++ b/heartbeat/aws-vpc-route53.in +@@ -46,24 +46,22 @@ + + # Defaults + OCF_RESKEY_awscli_default="/usr/bin/aws" ++OCF_RESKEY_auth_type_default="key" + OCF_RESKEY_profile_default="default" ++OCF_RESKEY_region_default="" + OCF_RESKEY_hostedzoneid_default="" + OCF_RESKEY_fullname_default="" + OCF_RESKEY_ip_default="local" + OCF_RESKEY_ttl_default=10 + + : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} ++: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}} + : ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}} ++: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}} + : ${OCF_RESKEY_hostedzoneid:=${OCF_RESKEY_hostedzoneid_default}} + : ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}} + : ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}} + : ${OCF_RESKEY_ttl:=${OCF_RESKEY_ttl_default}} +-####################################################################### +- +- +-AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10" +-####################################################################### +- + + usage() { + cat <<-EOT +@@ -123,6 +121,15 @@ Path to command line tools for AWS + + + ++ ++ ++Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure", ++or "role" to use AWS Policies. ++ ++Authentication type ++ ++ ++ + + + The name of the AWS CLI profile of the root account. This +@@ -196,7 +203,7 @@ r53_validate() { + + # Check for required binaries + ocf_log debug "Checking for required binaries" +- for command in curl dig; do ++ for command in "${OCF_RESKEY_awscli}" curl dig; do + check_binary "$command" + done + +@@ -216,7 +223,10 @@ r53_validate() { + esac + + # profile +- [[ -z "$OCF_RESKEY_profile" ]] && ocf_log error "AWS CLI profile not set $OCF_RESKEY_profile!" && exit $OCF_ERR_CONFIGURED ++ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then ++ ocf_exit_reason "profile parameter not set" ++ return $OCF_ERR_CONFIGURED ++ fi + + # TTL + [[ -z "$OCF_RESKEY_ttl" ]] && ocf_log error "TTL not set $OCF_RESKEY_ttl!" && exit $OCF_ERR_CONFIGURED +@@ -417,7 +427,6 @@ _update_record() { + } + + ############################################################################### +- + case $__OCF_ACTION in + usage|help) + usage +@@ -427,6 +436,26 @@ case $__OCF_ACTION in + metadata + exit $OCF_SUCCESS + ;; ++esac ++ ++AWSCLI_CMD="${OCF_RESKEY_awscli}" ++if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then ++ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}" ++elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then ++ if [ -z "${OCF_RESKEY_region}" ]; then ++ ocf_exit_reason "region needs to be set when using role-based authentication" ++ exit $OCF_ERR_CONFIGURED ++ fi ++else ++ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}" ++ exit $OCF_ERR_CONFIGURED ++fi ++if [ -n "${OCF_RESKEY_region}" ]; then ++ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}" ++fi ++AWSCLI_CMD="$AWSCLI_CMD --cli-connect-timeout 10" ++ ++case $__OCF_ACTION in + start) + r53_validate || exit $? + r53_start +diff --git a/heartbeat/awseip b/heartbeat/awseip +index dc48460c85..49b0ca6155 100755 +--- a/heartbeat/awseip ++++ b/heartbeat/awseip +@@ -23,7 +23,8 @@ + # + # Prerequisites: + # +-# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.) ++# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.) or ++# (AWSRole) Setup up relevant AWS Policies to allow agent related functions to be executed. + # - a reserved secondary private IP address for EC2 instances high availability + # - IAM user role with the following permissions: + # * DescribeInstances +@@ -44,11 +45,15 @@ + # Defaults + # + OCF_RESKEY_awscli_default="/usr/bin/aws" ++OCF_RESKEY_auth_type_default="key" + OCF_RESKEY_profile_default="default" ++OCF_RESKEY_region_default="" + OCF_RESKEY_api_delay_default="3" + + : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} ++: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}} + : ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}} ++: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}} + : ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}} + + meta_data() { +@@ -63,7 +68,7 @@ Resource Agent for Amazon AWS Elastic IP Addresses. + + It manages AWS Elastic IP Addresses with awscli. + +-Credentials needs to be setup by running "aws configure". ++Credentials needs to be setup by running "aws configure", or by using AWS Policies. + + See https://aws.amazon.com/cli/ for more information about awscli. + +@@ -79,6 +84,15 @@ command line tools for aws services + + + ++ ++ ++Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure", ++or "role" to use AWS Policies. ++ ++Authentication type ++ ++ ++ + + + Valid AWS CLI profile name (see ~/.aws/config and 'aws configure') +@@ -111,6 +125,14 @@ predefined private ip address for ec2 instance + + + ++ ++ ++Region for AWS resource (required for role-based authentication) ++ ++Region ++ ++ ++ + + + a short delay between API calls, to avoid sending API too quick +@@ -157,13 +179,13 @@ awseip_start() { + NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN") + fi + done +- $AWSCLI --profile $OCF_RESKEY_profile ec2 associate-address \ ++ $AWSCLI_CMD ec2 associate-address \ + --network-interface-id ${NETWORK_ID} \ + --allocation-id ${ALLOCATION_ID} \ + --private-ip-address ${PRIVATE_IP_ADDRESS} + RET=$? + else +- $AWSCLI --profile $OCF_RESKEY_profile ec2 associate-address \ ++ $AWSCLI_CMD ec2 associate-address \ + --instance-id ${INSTANCE_ID} \ + --allocation-id ${ALLOCATION_ID} + RET=$? +@@ -183,7 +205,7 @@ awseip_start() { + awseip_stop() { + awseip_monitor || return $OCF_SUCCESS + +- ASSOCIATION_ID=$($AWSCLI --profile $OCF_RESKEY_profile --output json ec2 describe-addresses \ ++ ASSOCIATION_ID=$($AWSCLI_CMD --output json ec2 describe-addresses \ + --allocation-id ${ALLOCATION_ID} | grep -m 1 "AssociationId" | awk -F'"' '{print$4}') + + if [ -z "${ASSOCIATION_ID}" ]; then +@@ -191,9 +213,7 @@ awseip_stop() { + return $OCF_NOT_RUNNING + fi + +- $AWSCLI --profile ${OCF_RESKEY_profile} \ +- ec2 disassociate-address \ +- --association-id ${ASSOCIATION_ID} ++ $AWSCLI_CMD ec2 disassociate-address --association-id ${ASSOCIATION_ID} + RET=$? + + # delay to avoid sending request too fast +@@ -208,7 +228,7 @@ awseip_stop() { + } + + awseip_monitor() { +- $AWSCLI --profile $OCF_RESKEY_profile ec2 describe-instances --instance-id "${INSTANCE_ID}" | grep -q "${ELASTIC_IP}" ++ $AWSCLI_CMD ec2 describe-instances --instance-id "${INSTANCE_ID}" | grep -q "${ELASTIC_IP}" + RET=$? + + if [ $RET -ne 0 ]; then +@@ -218,9 +238,9 @@ awseip_monitor() { + } + + awseip_validate() { +- check_binary ${AWSCLI} ++ check_binary "${OCF_RESKEY_awscli}" + +- if [ -z "$OCF_RESKEY_profile" ]; then ++ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then + ocf_exit_reason "profile parameter not set" + return $OCF_ERR_CONFIGURED + fi +@@ -238,9 +258,27 @@ case $__OCF_ACTION in + meta_data + exit $OCF_SUCCESS + ;; +-esac ++ usage|help) ++ awseip_usage ++ exit $OCF_SUCCESS ++ ;; ++esac + +-AWSCLI="${OCF_RESKEY_awscli}" ++AWSCLI_CMD="${OCF_RESKEY_awscli}" ++if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then ++ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}" ++elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then ++ if [ -z "${OCF_RESKEY_region}" ]; then ++ ocf_exit_reason "region needs to be set when using role-based authentication" ++ exit $OCF_ERR_CONFIGURED ++ fi ++else ++ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}" ++ exit $OCF_ERR_CONFIGURED ++fi ++if [ -n "${OCF_RESKEY_region}" ]; then ++ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}" ++fi + ELASTIC_IP="${OCF_RESKEY_elastic_ip}" + ALLOCATION_ID="${OCF_RESKEY_allocation_id}" + PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}" +@@ -272,10 +310,6 @@ case $__OCF_ACTION in + validate|validate-all) + awseip_validate + ;; +- usage|help) +- awseip_usage +- exit $OCF_SUCCESS +- ;; + *) + awseip_usage + exit $OCF_ERR_UNIMPLEMENTED +diff --git a/heartbeat/awsvip b/heartbeat/awsvip +index 037278e296..bdb4d68dd0 100755 +--- a/heartbeat/awsvip ++++ b/heartbeat/awsvip +@@ -23,7 +23,8 @@ + # + # Prerequisites: + # +-# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.) ++# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.) or ++# (AWSRole) Setup up relevant AWS Policies to allow agent related functions to be executed. + # - a reserved secondary private IP address for EC2 instances high availablity + # - IAM user role with the following permissions: + # * DescribeInstances +@@ -43,11 +44,15 @@ + # Defaults + # + OCF_RESKEY_awscli_default="/usr/bin/aws" ++OCF_RESKEY_auth_type_default="key" + OCF_RESKEY_profile_default="default" ++OCF_RESKEY_region_default="" + OCF_RESKEY_api_delay_default="3" + + : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} ++: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}} + : ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}} ++: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}} + : ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}} + + meta_data() { +@@ -62,7 +67,7 @@ Resource Agent for Amazon AWS Secondary Private IP Addresses. + + It manages AWS Secondary Private IP Addresses with awscli. + +-Credentials needs to be setup by running "aws configure". ++Credentials needs to be setup by running "aws configure", or by using AWS Policies. + + See https://aws.amazon.com/cli/ for more information about awscli. + +@@ -78,6 +83,15 @@ command line tools for aws services + + + ++ ++ ++Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure", ++or "role" to use AWS Policies. ++ ++Authentication type ++ ++ ++ + + + Valid AWS CLI profile name (see ~/.aws/config and 'aws configure') +@@ -94,6 +108,14 @@ reserved secondary private ip for ec2 instance + + + ++ ++ ++Region for AWS resource (required for role-based authentication) ++ ++Region ++ ++ ++ + + + a short delay between API calls, to avoid sending API too quick +@@ -131,7 +153,7 @@ END + awsvip_start() { + awsvip_monitor && return $OCF_SUCCESS + +- $AWSCLI --profile $OCF_RESKEY_profile ec2 assign-private-ip-addresses \ ++ $AWSCLI_CMD ec2 assign-private-ip-addresses \ + --network-interface-id ${NETWORK_ID} \ + --private-ip-addresses ${SECONDARY_PRIVATE_IP} \ + --allow-reassignment +@@ -151,7 +173,7 @@ awsvip_start() { + awsvip_stop() { + awsvip_monitor || return $OCF_SUCCESS + +- $AWSCLI --profile $OCF_RESKEY_profile ec2 unassign-private-ip-addresses \ ++ $AWSCLI_CMD ec2 unassign-private-ip-addresses \ + --network-interface-id ${NETWORK_ID} \ + --private-ip-addresses ${SECONDARY_PRIVATE_IP} + RET=$? +@@ -168,7 +190,7 @@ awsvip_stop() { + } + + awsvip_monitor() { +- $AWSCLI --profile ${OCF_RESKEY_profile} ec2 describe-instances \ ++ $AWSCLI_CMD ec2 describe-instances \ + --instance-id "${INSTANCE_ID}" \ + --query 'Reservations[].Instances[].NetworkInterfaces[].PrivateIpAddresses[].PrivateIpAddress[]' \ + --output text | \ +@@ -182,9 +204,9 @@ awsvip_monitor() { + } + + awsvip_validate() { +- check_binary ${AWSCLI} ++ check_binary "${OCF_RESKEY_awscli}" + +- if [ -z "$OCF_RESKEY_profile" ]; then ++ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then + ocf_exit_reason "profile parameter not set" + return $OCF_ERR_CONFIGURED + fi +@@ -202,9 +224,27 @@ case $__OCF_ACTION in + meta_data + exit $OCF_SUCCESS + ;; ++ usage|help) ++ awsvip_usage ++ exit $OCF_SUCCESS ++ ;; + esac + +-AWSCLI="${OCF_RESKEY_awscli}" ++AWSCLI_CMD="${OCF_RESKEY_awscli}" ++if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then ++ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}" ++elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then ++ if [ -z "${OCF_RESKEY_region}" ]; then ++ ocf_exit_reason "region needs to be set when using role-based authentication" ++ exit $OCF_ERR_CONFIGURED ++ fi ++else ++ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}" ++ exit $OCF_ERR_CONFIGURED ++fi ++if [ -n "${OCF_RESKEY_region}" ]; then ++ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}" ++fi + SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}" + TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") + INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN") +@@ -236,10 +276,6 @@ case $__OCF_ACTION in + validate|validate-all) + awsvip_validate + ;; +- usage|help) +- awsvip_usage +- exit $OCF_SUCCESS +- ;; + *) + awsvip_usage + exit $OCF_ERR_UNIMPLEMENTED diff --git a/SOURCES/RHEL-17083-findif-EOS-fix.patch b/SOURCES/RHEL-17083-findif-EOS-fix.patch new file mode 100644 index 0000000..aaf5505 --- /dev/null +++ b/SOURCES/RHEL-17083-findif-EOS-fix.patch @@ -0,0 +1,22 @@ +From b23ba4eaefb500199c4845751f4c5545c81f42f1 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 20 Nov 2023 16:37:37 +0100 +Subject: [PATCH 2/2] findif: also check that netmaskbits != EOS + +--- + tools/findif.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/findif.c b/tools/findif.c +index a25395fec..ab108a3c4 100644 +--- a/tools/findif.c ++++ b/tools/findif.c +@@ -669,7 +669,7 @@ main(int argc, char ** argv) { + } + } + +- if (netmaskbits) { ++ if (netmaskbits != NULL && *netmaskbits != EOS) { + best_netmask = netmask; + }else if (best_netmask == 0L) { + /* diff --git a/SOURCES/bz1904465-mysql-common-improve-error-message.patch b/SOURCES/bz1904465-mysql-common-improve-error-message.patch new file mode 100644 index 0000000..4a19fc4 --- /dev/null +++ b/SOURCES/bz1904465-mysql-common-improve-error-message.patch @@ -0,0 +1,68 @@ +From fcceb714085836de9db4493b527e94d85dd72626 Mon Sep 17 00:00:00 2001 +From: ut002970 +Date: Wed, 6 Sep 2023 15:27:05 +0800 +Subject: [PATCH 1/3] modify error message + +--- + heartbeat/mysql-common.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/mysql-common.sh b/heartbeat/mysql-common.sh +index 8104019b03..a93acc4c60 100755 +--- a/heartbeat/mysql-common.sh ++++ b/heartbeat/mysql-common.sh +@@ -254,7 +254,7 @@ mysql_common_start() + while [ $start_wait = 1 ]; do + if ! ps $pid > /dev/null 2>&1; then + wait $pid +- ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), please check your installation" ++ ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), please check your installation, log message you can check $OCF_RESKEY_log" + return $OCF_ERR_GENERIC + fi + mysql_common_status info + +From 8f9b344cd5b3cb96ea0f94b7ab0306da2234ac00 Mon Sep 17 00:00:00 2001 +From: ut002970 +Date: Wed, 6 Sep 2023 15:56:24 +0800 +Subject: [PATCH 2/3] modify error message + +--- + heartbeat/mysql-common.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/mysql-common.sh b/heartbeat/mysql-common.sh +index a93acc4c60..d5b2286737 100755 +--- a/heartbeat/mysql-common.sh ++++ b/heartbeat/mysql-common.sh +@@ -254,7 +254,7 @@ mysql_common_start() + while [ $start_wait = 1 ]; do + if ! ps $pid > /dev/null 2>&1; then + wait $pid +- ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), please check your installation, log message you can check $OCF_RESKEY_log" ++ ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), Check $OCF_RESKEY_log for details" + return $OCF_ERR_GENERIC + fi + mysql_common_status info + +From a292b3c552bf3f2beea5f73e0d171546c0a1273c Mon Sep 17 00:00:00 2001 +From: ut002970 +Date: Wed, 6 Sep 2023 16:10:48 +0800 +Subject: [PATCH 3/3] modify error message + +--- + heartbeat/mysql-common.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/heartbeat/mysql-common.sh b/heartbeat/mysql-common.sh +index d5b2286737..d6b4e3cdf4 100755 +--- a/heartbeat/mysql-common.sh ++++ b/heartbeat/mysql-common.sh +@@ -254,7 +254,7 @@ mysql_common_start() + while [ $start_wait = 1 ]; do + if ! ps $pid > /dev/null 2>&1; then + wait $pid +- ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?), Check $OCF_RESKEY_log for details" ++ ocf_exit_reason "MySQL server failed to start (pid=$pid) (rc=$?). Check $OCF_RESKEY_log for details" + return $OCF_ERR_GENERIC + fi + mysql_common_status info diff --git a/SOURCES/bz2040110-IPaddr2-IPsrcaddr-3-dont-use-table-parameter.patch b/SOURCES/bz2040110-IPaddr2-IPsrcaddr-3-dont-use-table-parameter.patch deleted file mode 100644 index ef5d8d5..0000000 --- a/SOURCES/bz2040110-IPaddr2-IPsrcaddr-3-dont-use-table-parameter.patch +++ /dev/null @@ -1,79 +0,0 @@ -From cf2fd2a9cf06dc2e915f2fb5dbcc5e09e907a6df Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Thu, 5 Oct 2023 11:53:18 +0200 -Subject: [PATCH] findif.sh: dont use table parameter as it returns no netmask - (tested with main/local/custom tables) - ---- - heartbeat/IPaddr2 | 12 ------------ - heartbeat/findif.sh | 8 ++++---- - 2 files changed, 4 insertions(+), 16 deletions(-) - -diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 -index e8384c5866..97a7431a24 100755 ---- a/heartbeat/IPaddr2 -+++ b/heartbeat/IPaddr2 -@@ -73,7 +73,6 @@ OCF_RESKEY_ip_default="" - OCF_RESKEY_cidr_netmask_default="" - OCF_RESKEY_broadcast_default="" - OCF_RESKEY_iflabel_default="" --OCF_RESKEY_table_default="" - OCF_RESKEY_cidr_netmask_default="" - OCF_RESKEY_lvs_support_default=false - OCF_RESKEY_lvs_ipv6_addrlabel_default=false -@@ -98,7 +97,6 @@ OCF_RESKEY_network_namespace_default="" - : ${OCF_RESKEY_cidr_netmask=${OCF_RESKEY_cidr_netmask_default}} - : ${OCF_RESKEY_broadcast=${OCF_RESKEY_broadcast_default}} - : ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}} --: ${OCF_RESKEY_table=${OCF_RESKEY_table_default}} - : ${OCF_RESKEY_lvs_support=${OCF_RESKEY_lvs_support_default}} - : ${OCF_RESKEY_lvs_ipv6_addrlabel=${OCF_RESKEY_lvs_ipv6_addrlabel_default}} - : ${OCF_RESKEY_lvs_ipv6_addrlabel_value=${OCF_RESKEY_lvs_ipv6_addrlabel_value_default}} -@@ -241,16 +239,6 @@ If a label is specified in nic name, this parameter has no effect. - - - -- -- --Table to use to lookup which interface to use for the IP. -- --This can be used for policy based routing. See man ip-rule(8). -- --Table -- -- -- - - - Enable support for LVS Direct Routing configurations. In case a IP -diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh -index 6c04c98c19..5f1c19ec3c 100644 ---- a/heartbeat/findif.sh -+++ b/heartbeat/findif.sh -@@ -32,7 +32,7 @@ prefixcheck() { - getnetworkinfo() - { - local line netinfo -- ip -o -f inet route list match $OCF_RESKEY_ip table "${OCF_RESKEY_table:=main}" scope host | (while read line; -+ ip -o -f inet route list match $OCF_RESKEY_ip scope host | (while read line; - do - netinfo=`echo $line | awk '{print $2}'` - case $netinfo in -@@ -210,14 +210,14 @@ findif() - fi - findif_check_params $family || return $? - -- if [ -n "$netmask" ] ; then -+ if [ -n "$netmask" ]; then - match=$match/$netmask - fi - if [ -n "$nic" ] ; then - # NIC supports more than two. -- set -- $(ip -o -f $family route list match $match $scope table "${OCF_RESKEY_table:=main}" | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}') -+ set -- $(ip -o -f $family route list match $match $scope | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}') - else -- set -- $(ip -o -f $family route list match $match $scope table "${OCF_RESKEY_table:=main}" | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}') -+ set -- $(ip -o -f $family route list match $match $scope | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}') - fi - if [ $# = 0 ] ; then - case $OCF_RESKEY_ip in diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec index 4d1986a..a60af53 100644 --- a/SPECS/resource-agents.spec +++ b/SPECS/resource-agents.spec @@ -73,7 +73,7 @@ Name: resource-agents Summary: Open Source HA Reusable Cluster Resource Scripts Version: 4.9.0 -Release: 48%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist}.1 +Release: 54%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:.%{alphatag}}%{?dirty:.%{dirty}}%{?dist} License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/resource-agents %if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel} @@ -153,7 +153,13 @@ Patch56: bz2040110-IPaddr2-IPsrcaddr-2-fix-table-parameter.patch Patch57: bz2189243-Filesystem-1-improve-stop-action.patch Patch58: bz2189243-Filesystem-2-fix-incorrect-parameter-types.patch Patch59: bz2189243-Filesystem-3-fix-signal_delay-default-value.patch -Patch60: bz2040110-IPaddr2-IPsrcaddr-3-dont-use-table-parameter.patch +Patch60: bz1904465-mysql-common-improve-error-message.patch +Patch61: RHEL-15302-1-exportfs-make-fsid-optional.patch +Patch62: RHEL-15302-2-ocft-exportfs-remove-fsid-required-test.patch +Patch63: RHEL-15305-1-findif.sh-fix-loopback-handling.patch +Patch64: RHEL-16248-aws-vpc-move-ip-aws-vpc-route53-awseip-awsvip-auth_type-role.patch +Patch65: RHEL-17083-findif-EOS-fix.patch +Patch66: RHEL-15305-2-findif.sh-dont-use-table-parameter.patch # bundle patches Patch1000: 7-gcp-bundled.patch @@ -335,67 +341,73 @@ databases to be managed in a cluster environment. exit 1 %endif %setup -q -n %{upstream_prefix}-%{upstream_version} -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -%patch25 -p1 -%patch26 -p1 -%patch27 -p1 -%patch28 -p1 -%patch29 -p1 -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 -%patch33 -p1 -%patch34 -p1 -%patch35 -p1 -%patch36 -p1 -%patch37 -p1 -%patch38 -p1 -%patch39 -p1 -%patch40 -p1 -%patch41 -p1 -%patch42 -p1 -%patch43 -p1 -%patch44 -p1 -%patch45 -p1 -%patch46 -p1 -%patch47 -p1 -%patch48 -p1 -%patch49 -p1 -%patch50 -p1 -%patch51 -p1 -%patch52 -p1 -%patch53 -p1 -%patch54 -p1 -%patch55 -p1 -%patch56 -p1 -%patch57 -p1 -%patch58 -p1 -%patch59 -p1 -%patch60 -p1 +%patch -p1 -P 0 +%patch -p1 -P 1 +%patch -p1 -P 2 +%patch -p1 -P 3 +%patch -p1 -P 4 +%patch -p1 -P 5 +%patch -p1 -P 6 +%patch -p1 -P 7 +%patch -p1 -P 8 +%patch -p1 -P 9 +%patch -p1 -P 10 +%patch -p1 -P 11 +%patch -p1 -P 12 +%patch -p1 -P 13 +%patch -p1 -P 14 +%patch -p1 -P 15 +%patch -p1 -P 16 +%patch -p1 -P 17 +%patch -p1 -P 18 +%patch -p1 -P 19 +%patch -p1 -P 20 +%patch -p1 -P 21 +%patch -p1 -P 22 +%patch -p1 -P 23 +%patch -p1 -P 24 +%patch -p1 -P 25 +%patch -p1 -P 26 +%patch -p1 -P 27 +%patch -p1 -P 28 +%patch -p1 -P 29 +%patch -p1 -P 30 +%patch -p1 -P 31 +%patch -p1 -P 32 +%patch -p1 -P 33 +%patch -p1 -P 34 +%patch -p1 -P 35 +%patch -p1 -P 36 +%patch -p1 -P 37 +%patch -p1 -P 38 +%patch -p1 -P 39 +%patch -p1 -P 40 +%patch -p1 -P 41 +%patch -p1 -P 42 +%patch -p1 -P 43 +%patch -p1 -P 44 +%patch -p1 -P 45 +%patch -p1 -P 46 +%patch -p1 -P 47 +%patch -p1 -P 48 +%patch -p1 -P 49 +%patch -p1 -P 50 +%patch -p1 -P 51 +%patch -p1 -P 52 +%patch -p1 -P 53 +%patch -p1 -P 54 +%patch -p1 -P 55 +%patch -p1 -P 56 +%patch -p1 -P 57 +%patch -p1 -P 58 +%patch -p1 -P 59 +%patch -p1 -P 60 +%patch -p1 -P 61 +%patch -p1 -P 62 +%patch -p1 -P 63 +%patch -p1 -P 64 +%patch -p1 -P 65 +%patch -p1 -P 66 chmod 755 heartbeat/nova-compute-wait chmod 755 heartbeat/NovaEvacuate @@ -409,15 +421,15 @@ mkdir -p %{bundled_lib_dir}/aliyun %ifarch x86_64 tar -xzf %SOURCE1 -C %{bundled_lib_dir}/gcp # gcp*: append bundled-directory to search path, gcloud-ra -%patch1000 -p1 +%patch -p1 -P 1000 # replace python-rsa with python-cryptography -%patch1001 -p1 +%patch -p1 -P 1001 # gcloud support info -%patch1002 -p1 +%patch -p1 -P 1002 # configure: skip bundled gcp lib checks -%patch1003 -p1 -F1 +%patch -p1 -P 1003 -F1 # gcloud remove python 2 detection -%patch1004 -p1 +%patch -p1 -P 1004 # rename gcloud mv %{googlecloudsdk_dir}/bin/gcloud %{googlecloudsdk_dir}/bin/gcloud-ra # keep googleapiclient @@ -524,16 +536,16 @@ mv %{bundled_lib_dir}/aliyun/%{aliyuncli}-%{aliyuncli_version} %{aliyuncli_dir} cp %{aliyuncli_dir}/README.rst %{aliyuncli}_README.rst cp %{aliyuncli_dir}/LICENSE %{aliyuncli}_LICENSE # aliyun*: use bundled libraries -%patch1005 -p1 +%patch -p1 -P 1005 # aliyun Python 3 fixes -%patch1006 -p1 -%patch1007 -p1 +%patch -p1 -P 1006 +%patch -p1 -P 1007 # fix CVE's in python-pygments pushd %{googlecloudsdk_dir}/lib/third_party -%patch1008 -p1 -F2 -%patch1009 -p1 -F2 +%patch -p1 -P 1008 -F2 +%patch -p1 -P 1009 -F2 popd %endif @@ -977,16 +989,37 @@ ccs_update_schema > /dev/null 2>&1 ||: %{_usr}/lib/ocf/lib/heartbeat/OCF_*.pm %changelog -* Wed Jan 24 2024 Oyvind Albrigtsen - 4.9.0-48.1 +* Thu Feb 8 2024 Oyvind Albrigtsen - 4.9.0-54 +- findif.sh: fix loopback IP handling + + Resolves: RHEL-15305 + +* Wed Jan 24 2024 Oyvind Albrigtsen - 4.9.0-53 - bundled urllib3: fix CVE-2023-45803 - bundled pycryptodome: fix CVE-2023-52323 - Resolves: RHEL-22436, RHEL-21746 + Resolves: RHEL-22431, RHEL-20916 -* Thu Oct 5 2023 Oyvind Albrigtsen - 4.9.0-48 -- IPaddr2/IPsrcaddr: support policy-based routing +* Tue Nov 21 2023 Oyvind Albrigtsen - 4.9.0-52 +- findif: also check that netmaskbits != EOS - Resolves: rhbz#2040110 + Resolves: RHEL-17083 + +* Fri Nov 17 2023 Oyvind Albrigtsen - 4.9.0-51 +- aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type parameter + and AWS Policy based authentication type + + Resolves: RHEL-16248 + +* Thu Nov 2 2023 Oyvind Albrigtsen - 4.9.0-49 +- exportfs: make "fsid" parameter optional + + Resolves: RHEL-15302 + +* Wed Sep 6 2023 Oyvind Albrigtsen - 4.9.0-48 +- mysql-common: improve error message + + Resolves: rhbz#1904465 * Wed Jul 26 2023 MSVSphere Packaging Team - 4.9.0-47 - Rebuilt for MSVSphere 8.8 @@ -997,6 +1030,11 @@ ccs_update_schema > /dev/null 2>&1 ||: Resolves: rhbz#2189243 +* Wed Jun 21 2023 Oyvind Albrigtsen - 4.9.0-44 +- IPaddr2/IPsrcaddr: support policy-based routing + + Resolves: rhbz#2040110 + * Wed Jun 14 2023 Oyvind Albrigtsen - 4.9.0-43 - mysql: fix replication issues