diff options
59 files changed, 2208 insertions, 116 deletions
@@ -1,3 +1,31 @@ +* Wed Apr 24 2024 resource-agents contributors +- stable release 4.14.0 +- doc: writing-python-agents: add description of is_probe() and distro() + +* Wed Apr 17 2024 resource-agents contributors +- release candidate 4.14.0 rc1 +- all agents: remove -S state/status that are either ignored, or give an error message in newer versions of Pacemaker +- configure: fix "C preprocessor "gcc -E" fails sanity check" error caused by autoconf 2.72 +- configure: prepare to not build with -ansi by default in the future +- docs: writing-python-agents: update required Python version to 3.6+ +- spec: use /usr/sbin paths for Fedora 40+ +- LVM-activate: avoid false positive for VG activation (fail when system_id_source and volume_list are set) +- aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type parameter and AWS Policy based authentication type +- azure-lb: support IPv6 with Azure load balancer when using socat +- db2: fix OCF_SUCESS typo in db2_notify +- docker: return OCF_NOT_RUNNING when Docker isn't running +- findif.sh: fix corner cases +- findif.sh: fix loopback handling +- findif: check that netmaskbits != EOS in addition to != NULL in all cases +- galera: allow joiner to report non-Primary during initial IST +- nfsserver: fix "server scope" functionality for both potentially other dropins AND multiple ExecStart +- ocivip: fix PRIMARY_IFACE variable when it returns two lines +- openstack-info: ensure no newlines in openstack_ports +- portblock: accept numeric protocol from iptables (to fix regression in iptables 1.8.9 that has shipped in some distros) +- portblock: remove write to tcp_tw_recycle +- storage_mon: fix file handler out of scope leak and uninitialized values +- storage_mon: use memset() to fix "uninitialized value" covscan error, as qb_ipcc_recv() will always set a message + * Wed Oct 11 2023 resource-agents contributors - stable release 4.13.0 - findif.sh: dont use table parameter as it returns no netmask (tested with diff --git a/configure.ac b/configure.ac index d930cd8..76c8251 100644 --- a/configure.ac +++ b/configure.ac @@ -81,6 +81,7 @@ fi AC_PROG_CC dnl Can force other with environment variable "CC". AM_PROG_CC_C_O AC_PROG_CC_STDC +AC_PROG_CPP AC_PROG_AWK AC_PROG_LN_S AC_PROG_INSTALL @@ -185,7 +186,7 @@ AC_SUBST(PKGNAME) AC_ARG_ENABLE([ansi], [ --enable-ansi force GCC to compile to ANSI/ANSI standard for older compilers. - [default=yes]]) + [default=no]]) AC_ARG_ENABLE([fatal-warnings], [ --enable-fatal-warnings very pedantic and fatal warnings for gcc @@ -1062,7 +1063,7 @@ dnl ***************** AC_MSG_RESULT([]) AC_MSG_RESULT([$PACKAGE configuration:]) AC_MSG_RESULT([ Version = ${VERSION}]) -AC_MSG_RESULT([ Build Version = 204f146196774ded1581aed1b6acd0d562b4f958]) +AC_MSG_RESULT([ Build Version = 72b4771db9437c36931c0f673210f6fe6ed4f8ed]) AC_MSG_RESULT([]) AC_MSG_RESULT([ Prefix = ${prefix}]) AC_MSG_RESULT([ Executables = ${sbindir}]) diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..6d6d4e3 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,663 @@ +resource-agents (1:4.14.0-1) unstable; urgency=medium + + * New upstream version 4.14.0 + * debian/patches: refresh for new version + * debian/control: update Standards-Version to 4.7.0 + * debian/control: update Build-Depends for systemd-dev (Closes: #1060518, + #1071980) + * debian/control: drop legacy depends on syslog for ldirectord (Closes: + #1072026) + * debian/tests: install exim4 for MailTo test (Closes: #1060759) + * debian/control: update Build-Depends for pkgconf + + -- Valentin Vidic <vvidic@debian.org> Wed, 05 Jun 2024 21:18:06 +0200 + +resource-agents (1:4.13.0-1) unstable; urgency=medium + + [ Valentin Vidic ] + * New upstream version 4.13.0 + * debian/control: update Build-Depends for new version + * debian/patches: refresh for new version + * debian/lintian-overrides: update for new version + + [ Helmut Grohne ] + * Fix FTBFS when systemd.pc changes systemdsystemunitdir. (Closes: #1052699) + + -- Valentin Vidic <vvidic@debian.org> Thu, 02 Nov 2023 22:13:55 +0100 + +resource-agents (1:4.12.0-2) unstable; urgency=medium + + * debian/patches: add IPv6addr-delay.patch (Closes: #1034280) + * debian/patches: refresh patches offsets + + -- Valentin Vidic <vvidic@debian.org> Thu, 13 Apr 2023 21:43:52 +0200 + +resource-agents (1:4.12.0-1) unstable; urgency=medium + + * New upstream version 4.12.0 + * debian/control: drop lsb-base dependency + * debian/patches: refresh for new version + + -- Valentin Vidic <vvidic@debian.org> Thu, 26 Jan 2023 00:44:32 +0100 + +resource-agents (1:4.11.0-3) unstable; urgency=medium + + * debian/patches: fix build failure in shellcheck of WAS6 + * debian/control: update Standards-Version to 4.6.2 + + -- Valentin Vidic <vvidic@debian.org> Mon, 26 Dec 2022 13:20:51 +0100 + +resource-agents (1:4.11.0-2) unstable; urgency=medium + + [ Debian Janitor ] + * Remove constraints unnecessary since buster + + [ Valentin Vidic ] + * debian/watch: update github url + * debian/control: update Standards-Version to 4.6.1 + * debian/lintian-overrides: refresh for new lintian version + + -- Valentin Vidic <vvidic@debian.org> Sun, 13 Nov 2022 13:58:03 +0100 + +resource-agents (1:4.11.0-1) unstable; urgency=medium + + * New upstream version 4.11.0 + * debian/patches: refresh for new version + * debian/copyright: update copyright for debian directory + + -- Valentin Vidic <vvidic@debian.org> Wed, 06 Apr 2022 22:08:42 +0200 + +resource-agents (1:4.10.0-1) unstable; urgency=medium + + * New upstream version 4.10.0 + * debian/watch: update github url + * debian/control: update Standards-Version to 4.6.0 + * debian/control: update build dependencies + * debian/control: add bc to Depends (Closes: #1000644) + * debian/patches: refresh for new version + * debian/lintian-overrides: refresh for new version + * debian/patches: fix shellcheck errors + * debian/rules: fix version used for building + * debian/rules: fix manpage header + * debian/control: remove old Conflicts and Replaces + * debian/lintian-overrides: ignore capitalization in agent names + * debian/rules: move internal binaries to /usr/libexec/heartbeat + + -- Valentin Vidic <vvidic@debian.org> Sun, 03 Apr 2022 13:39:33 +0200 + +resource-agents (1:4.7.0-1) unstable; urgency=medium + + * New upstream version 4.7.0 + - Stop building legacy rgmanager (rhel) agents + * debian/control: update Maintainers mailing list + * debian/patches: refresh for new version + * debian/control: update Standards-Version to 4.5.1 + * debian/watch: update version to 4 + * debian/rules: update for new version + * debian/lintian-overrides: update for new version + * debian/install: include pkgconfig file + * debian/NEWS: drop old NEWS file + + -- Valentin Vidic <vvidic@debian.org> Mon, 14 Dec 2020 14:34:09 +0100 + +resource-agents (1:4.6.1-1) unstable; urgency=medium + + * New upstream version 4.6.1 + * debian/control: use debhelper v13 + + -- Valentin Vidic <vvidic@debian.org> Thu, 18 Jun 2020 21:03:31 +0200 + +resource-agents (1:4.5.0-2) unstable; urgency=medium + + * debian/tests: fix test for new bind9 version + + -- Valentin Vidic <vvidic@debian.org> Sun, 05 Apr 2020 20:10:00 +0200 + +resource-agents (1:4.5.0-1) unstable; urgency=medium + + * New upstream version 4.5.0 + * debian/patches: refresh for new version + + -- Valentin Vidic <vvidic@debian.org> Fri, 06 Mar 2020 19:50:58 +0100 + +resource-agents (1:4.4.0-3) unstable; urgency=medium + + * debian/salsa-ci.yml: enable CI + * debian/control: update Standards-Version to 4.5.0 + * debian/tests: fix pgsql test for postgresql-12 + + -- Valentin Vidic <vvidic@debian.org> Mon, 10 Feb 2020 19:10:10 +0100 + +resource-agents (1:4.4.0-2) unstable; urgency=medium + + * debian/patches: fix shell expansion in MailTo (Closes: #944694) + * debian/resource-agents.lintian-overrides: cleanup + + -- Valentin Vidic <vvidic@debian.org> Sat, 16 Nov 2019 10:47:46 +0100 + +resource-agents (1:4.4.0-1) unstable; urgency=medium + + * New upstream version 4.4.0 + * debian/control: update Standards-Version to 4.4.1 + * debian/control: build using Rules-Requires-Root: no + * debian/patches: refresh for new version + * debian/control: use debhelper v12 + * debian/control: add Pre-Depends to ldirectord + * debian/rules: fix output of gencontrol + * debian/patches: mysql-common: fix startup check + + -- Valentin Vidic <vvidic@debian.org> Thu, 24 Oct 2019 20:18:24 +0200 + +resource-agents (1:4.3.0-2) unstable; urgency=medium + + * debian/patches: ZFS: fix bashism (Closes: #933398) + + -- Valentin Vidic <vvidic@debian.org> Sat, 17 Aug 2019 11:42:02 +0200 + +resource-agents (1:4.3.0-1) unstable; urgency=medium + + * New upstream version 4.3.0 (Closes: #927311) + * debian/patches: drop xen-toolstack.patch + * debian/patches: refresh for new version + * debian/control: update Standards-Version to 4.4.0 + + -- Valentin Vidic <vvidic@debian.org> Sat, 13 Jul 2019 21:32:37 +0200 + +resource-agents (1:4.2.0-2) unstable; urgency=medium + + * debian/rules: fix build with merged-usr (Closes: #915848) + * debian/patches: use /run for ldirectord pid file + + -- Valentin Vidic <vvidic@debian.org> Sun, 09 Dec 2018 21:04:49 +0100 + +resource-agents (1:4.2.0-1) unstable; urgency=medium + + * New upstream version 4.2.0 + * debian/patches: refresh for new version + + -- Valentin Vidic <vvidic@debian.org> Wed, 24 Oct 2018 11:43:37 +0200 + +resource-agents (1:4.2.0~rc1-1) unstable; urgency=medium + + * New upstream version 4.2.0~rc1 + * debian/patches: refresh for new version + * debian/lintian-overrides: ignore long lines in manpages + * debian/copyright: update file paths + * debian/rules: add python3 for gcp agents + * debian/tests: require postgresql-11 to run the pgsql test + + -- Valentin Vidic <vvidic@debian.org> Thu, 18 Oct 2018 12:14:03 +0200 + +resource-agents (1:4.1.1-4) unstable; urgency=medium + + * debian/patches: try to fix failing pgsql ocft + * debian/patches: use postgresql-11 to test pgsql + + -- Valentin Vidic <vvidic@debian.org> Fri, 12 Oct 2018 10:03:56 +0200 + +resource-agents (1:4.1.1-3) unstable; urgency=medium + + * debian/tests: use default-mysql-server (Closes: #903852) + * debian/copyright: include whole CC-BY-SA license + * debian/copyright: fix file names + * debian/control: update my email in Uploaders + * debian/control: update Standards-Version to 4.2.1 + * debian/patches: use /run in tmpfiles.d + + -- Valentin Vidic <vvidic@debian.org> Tue, 11 Sep 2018 22:50:02 +0200 + +resource-agents (1:4.1.1-2) unstable; urgency=medium + + * debian/control: add missing ldirectord Depends (Closes: #898747) + * debian/patches: detect location of rm command (Closes: #898349) + * debian/control: update Standards-Version to 4.1.4 + * debian/lintian-overrides: cleanup unused override + * debian/patches: add Documentation for ldirectord service + * debian/rules: enable build hardening + * debian/rules: replace dpkg-parsechangelog with pkg-info.mk + * debian/patches: fix spelling errors reported by lintian + * debian/patches: add missing descriptions + + -- Valentin Vidic <Valentin.Vidic@CARNet.hr> Tue, 15 May 2018 20:18:15 +0200 + +resource-agents (1:4.1.1-1) unstable; urgency=medium + + * New upstream version 4.1.1 + * debian/patches: refresh for new version + * debian/patches: fix ocft config for postgresql 10 + * debian/tests: run ocft for pgsql agent + * debian/copyright: make wildcard first paragraph + * debian/compat: update to debhelper v11 + * debian/control: update Vcs URLs to use salsa + * debian/lintian-overrides: ignore long lines in manpages + * debian/control: remove python from Build-Depends + + -- Valentin Vidic <Valentin.Vidic@CARNet.hr> Mon, 12 Mar 2018 22:02:43 +0100 + +resource-agents (1:4.1.0-1) unstable; urgency=medium + + [ Valentin Vidic ] + * New upstream version 4.1.0 + * debian/patches: fix default mysql log and sock paths (Closes: #883281) + * Revert "debian/tests: disable apparmor for mysql" + * debian/tests: start ocft in verbose mode + * debian/tests: use interface from first default route + * debian/tests: skip named test on Ubuntu autopkgtest + infrastructure (Closes: #883060) + + -- Valentin Vidic <Valentin.Vidic@CARNet.hr> Sun, 03 Dec 2017 17:18:57 +0100 + +resource-agents (1:4.1.0~rc1-1) unstable; urgency=medium + + [ Christoph Berg ] + * Remove myself from Uploaders + + [ Valentin Vidic ] + * New upstream version 4.1.0~rc1 + * debian/control: replace deprecated priority extra + * debian/patches: refresh for new version + * debian/rules: use first non-empty line for agent description + * debian/install: update systemd files + * debian/tests: disable apparmor for mysql + * debian/control: update Standards-Version to 4.1.1 + * debian/changelog: cleanup trailing whitespace + * debian/copyright: update Format URL + * debian/control: remove python from Depends + + -- Valentin Vidic <Valentin.Vidic@CARNet.hr> Sun, 26 Nov 2017 11:51:25 +0100 + +resource-agents (1:4.0.1-2) unstable; urgency=medium + + * debian/control: add gawk to Build-Depends + * debian/control: add libxml2-utils to Recommends (Closes: #872920) + * debian/patches: make the package build reproducible + + -- Valentin Vidic <Valentin.Vidic@CARNet.hr> Tue, 22 Aug 2017 18:28:31 +0200 + +resource-agents (1:4.0.1-1) unstable; urgency=medium + + * New upstream release + * Remove patches applied upstream + * Xen: use the toolstack selected in /etc/default/xen (Closes: #854276) + * debian/patches: make .gitignore work with quilt + * debian/control: update Standards-Version to 4.0.0 + * debian/control: use debhelper v10 + + -- Valentin Vidic <Valentin.Vidic@CARNet.hr> Thu, 03 Aug 2017 13:47:13 +0200 + +resource-agents (1:4.0.0~rc1-4) unstable; urgency=medium + + * pgsql: postgresql-9.6 treats the contents of synchronous_standby_names as + SQL identifiers, they need to be quoted for dashes etc. (Closes: #862719) + + -- Christoph Berg <myon@debian.org> Sun, 04 Jun 2017 09:30:30 +0200 + +resource-agents (1:4.0.0~rc1-3) unstable; urgency=medium + + * debian/control: add net-tools to Recommends (Closes: #857368) + + -- Valentin Vidic <Valentin.Vidic@CARNet.hr> Tue, 14 Mar 2017 08:36:06 +0100 + +resource-agents (1:4.0.0~rc1-2) unstable; urgency=medium + + * resource-agents: depend on gawk for LVM monitor + * debian/control: replace tab with spaces + * debian/tests: use ocft to test resource-agents + * lintian: ignore defunct RHEL script rhev-check.sh + * debian/watch: fix RC handling in upstream version + * debian/tests: check ldirectord service startup + * debian/tests: use ocft to test nfsserver agent + * debian/tests: simplify nfsserver tests + * Add Valentin Vidic to Uploaders. + + -- Valentin Vidic <Valentin.Vidic@CARNet.hr> Mon, 23 Jan 2017 11:07:20 +0100 + +resource-agents (1:4.0.0~rc1-1) unstable; urgency=medium + + * Team upload. + + [ Christoph Berg ] + * New upstream RC version. + * Add libxml2-utils to Build-Depends for xmllint. + * Include list of agents in package description. + * Remove unused CVE-2010-3389--bug598549.patch. + * Fix typo in IPaddr2, patch by ISHIKAWA Mutsumi. (Closes: #850787) + + [ Adrian Vondendriesch ] + * Bump standards version. + * Add lsb-base to ldirectord dependencies. + + -- Christoph Berg <christoph.berg@credativ.de> Wed, 11 Jan 2017 11:18:39 +0100 + +resource-agents (1:3.9.7-3) unstable; urgency=medium + + * Hardwire SHELL in /usr/lib/ocf/lib/heartbeat/ocf-binaries to /bin/bash, + too many scripts contain bashisms. Spotted by the reproducible project, + thanks! + * Disable IPv6addr and send_ua on non-Linux, they need SIOCSIFADDR and + SIOGIFINDEX. + * Use dh-exec to install ldirectord.service and sfex* on Linux only. + + -- Christoph Berg <myon@debian.org> Fri, 08 Apr 2016 21:19:58 +0200 + +resource-agents (1:3.9.7-2) unstable; urgency=medium + + [ Adrian Vondendriesch ] + * debian/ldirectord.cf: Create a dummy configuration file. + * debian/ldirectord.install: Ship the dummy configuration as default config + for ldirectord. Otherwise the installation fails. (Closes: #817117) + + [ Christoph Berg ] + * Remove Martin, Anibal, Simon, and Frederik from Uploaders. + + -- Christoph Berg <christoph.berg@credativ.de> Mon, 14 Mar 2016 11:35:07 +0100 + +resource-agents (1:3.9.7-1) unstable; urgency=medium + + * New upstream release. + * Add shebang line to runocft. + + -- Christoph Berg <myon@debian.org> Sat, 13 Feb 2016 11:49:44 +0100 + +resource-agents (1:3.9.6-2) unstable; urgency=medium + + * Fix arch-all build by not attempting to fix the findif.sh permissions. + + -- Christoph Berg <christoph.berg@credativ.de> Wed, 03 Feb 2016 11:58:38 +0100 + +resource-agents (1:3.9.6-1) unstable; urgency=medium + + [ Christoph Berg ] + * New upstream release. + + ldirectord uses inet_ntop correctly. (Closes: #752667) + + Xen handler supports "xl". (Closes: #672265) + + Pure-FTPd RA creates pidfile directory. (Closes: #707878) + + Removed bashism within Xinitd (Closes: #690928) + + Bashism in pgsql agent fixed (Closes: #802990) + + Upgrading from previous version fixed (Closes: #739873) + + Crash fixed (Closes: #569533) + + IPv6addr fixed (Closes: #709410) + + findif doesn't require netmask anymore (Closes: #720453) + + lxc agent fixed (Closes: #681818) + * Update debian/copyright. + * Bump dh compat to 9. + * Rewrite ldirectord description, the old one was a mess. + * Install upstream ldirectord.cf as example. + * debian/ldirectord.init: remove "exec". (Closes: #664645) + * debian/patches/mysql-path.patch: Now applies to heartbeat/mysql-common.sh. + * Remove debian/patches/ocf-asterisk, went upstream. + * Drop resource-agents-dev, it only contained a single line in a single file + (but was Arch: any). Move agent_config.h to resource-agents. + * Simplify debian/*.install. + * Replace hardening-wrapper with buildflags.mk. + * Build-Depend on systemd for systemd.pc. + * Remove Python-Version from debian/control. + * Write .tarball-version at build-time. + * Add myself to Uploaders; bump Standards-Version. + + [ Adrian Vondendriesch ] + * Install upstream ldirectord.service file + * Drop fix-gethostinfo-v2 patch. The original bug is fixed by upstream + commit 9d91c7 and 0d4438. + * Add myself to Uploaders. + * Add VCS-Git and VCS-Homepage to debian/changelog. + * Change debian/watch to track new upstream location. + + -- Christoph Berg <christoph.berg@credativ.de> Tue, 02 Feb 2016 17:17:34 +0100 + +resource-agents (1:3.9.5+git+a626847-1) experimental; urgency=medium + + * New upstream checkout + * debian/control: Bump Standards-Version + + -- Martin Loschwitz <madkiss@debian.org> Fri, 21 Feb 2014 12:51:03 +0000 + +resource-agents (1:3.9.5+git20130726-1) experimental; urgency=low + + * New upstream checkout + + -- Martin Loschwitz <madkiss@debian.org> Fri, 26 Jul 2013 09:25:10 +0000 + +resource-agents (1:3.9.5-1) experimental; urgency=low + + * New upstream release + + -- Martin Loschwitz <madkiss@debian.org> Wed, 20 Mar 2013 22:14:18 +0000 + +resource-agents (1:3.9.3+git20121009-3) unstable; urgency=low + + * Fix the previous upload by including the proper patch this time. + + -- Martin Loschwitz <madkiss@debian.org> Thu, 22 Nov 2012 10:19:16 +0000 + +resource-agents (1:3.9.3+git20121009-2) unstable; urgency=low + + * debian/patches/fix-gethostinfo-v2.patch: Applied a patch by Zang + MingJie, edited by Ruben Laban, to fix a problem related to IPv6 in + ldirectord (Closes: #675913) + + -- Martin Loschwitz <madkiss@debian.org> Thu, 22 Nov 2012 09:33:56 +0000 + +resource-agents (1:3.9.3+git20121009-1) unstable; urgency=low + + * New upstream version + * debian/patches/01_docbook_patch.patch: Refactored for new release + * debian/patches/02_spelling_fixes.patch.new: Refatored for new release + * debian/control: Bumped Standards-Version to 3.9.3 + + -- Martin Loschwitz <madkiss@debian.org> Tue, 09 Oct 2012 11:16:59 +0000 + +resource-agents (1:3.9.2-5) unstable; urgency=high + + * debian/control: Fix the Conflicts and Replaces lines of resource-agents + to make sure that cluster-agents and resource-agents are mutually + exclusive. Setting the urgency to high because this bug keeps people + from running the whole clusterstack (Closes: #646110) + * debian/patches/ocf-asterisk: Include the Asterisk PBX OCF resource agent + written by Florian Haas, Andreas Kurz and me, sponsored by hastexo + + -- Martin Loschwitz <madkiss@debian.org> Tue, 15 Nov 2011 17:14:18 +0000 + +resource-agents (1:3.9.2-4) unstable; urgency=low + + * Adopted numerous changes from the Ubuntu packages, implemented by Andres + Rodriguez to make co-maintaining these packages in Ubuntu and Debian a + bit easier. + + -- Martin Loschwitz <madkiss@debian.org> Thu, 20 Oct 2011 12:10:13 +0000 + +resource-agents (1:3.9.2-3) unstable; urgency=low + + * debian/rules: Remove /usr/share/cluster/drbd.metadata from the final + resource-agents package as it conflicts with drbd8-utils, too. Bollocks! + (Closes: #639260) + + -- Martin Loschwitz <madkiss@debian.org> Fri, 26 Aug 2011 12:43:41 +0000 + +resource-agents (1:3.9.2-2) unstable; urgency=low + + * Remove the RHCS DRBD resource agent (/usr/share/cluster/drbd.sh) so that + this package does not conflict with drbd8-utils (Closes: #639260) + * Add Conflicts for current versions of rgmanager -- versions of rgmanager + newer than the one currently in Debian will fix the problem, but right + now, there is no other way to deal with this (Closes: #639274) + + -- Martin Loschwitz <madkiss@debian.org> Fri, 26 Aug 2011 06:03:45 +0000 + +resource-agents (1:3.9.2-1) unstable; urgency=low + + * Package rename due to restructuring from upstream + * Added resource-agents-dev package to hold the important header file + * New upstream release from new repository + * Updated to new Policy version, no changes necessary + * Adapt patches to work with the new upstream version + + -- Martin Loschwitz <madkiss@debian.org> Wed, 24 Aug 2011 09:32:00 +0000 + +cluster-agents (1:1.0.3-4) unstable; urgency=low + + * Use correct paths on Debian/GNU Linux in MySQL resource agent + (Closes: #608274) + * Add build dependency on python + - Fixes build failure on both unstable and testing + + -- Simon Horman <horms@debian.org> Fri, 04 Feb 2011 07:46:13 +0900 + +cluster-agents (1:1.0.3-3.1) unstable; urgency=low + + * Non-maintainer upload. + * debian/patches + - (CVE-*): New patch. Fix CVE-2010-3389 insecure library loading using + LD_LIBRARY_PATH. (important, security; Closes: #598549). + + -- Jari Aalto <jari.aalto@cante.net> Tue, 19 Oct 2010 13:35:00 +0300 + +cluster-agents (1:1.0.3-3) unstable; urgency=low + + * Add build dependency on docbook-xml. (Closes: #579623) + + -- Frederik Schüler <fs@debian.org> Mon, 03 May 2010 20:00:49 +0200 + +cluster-agents (1:1.0.3-2) unstable; urgency=low + + * Adopting patch from Andres Rodriguez and actually include it. + + -- Martin Loschwitz <madkiss@debian.org> Fri, 16 Apr 2010 06:44:40 +0000 + +cluster-agents (1:1.0.3-1) unstable; urgency=low + + * Update to new upstream version 1.0.3 + * Include example configuration file provided by Michael Schwartzkopff + (Closes: #577575) + * Add default file for ldirectord and patch init file to use it + (Closes: #577572, #577574) + + -- Martin Loschwitz <madkiss@debian.org> Fri, 16 Apr 2010 05:57:16 +0000 + +cluster-agents (1:1.0.2+hg1712-1) unstable; urgency=low + + * New upstream Mercurial checkout + * Prepare for unstable upload and actually do it + * Include files added by upstream in cluster-agents + + -- Martin Loschwitz <madkiss@debian.org> Tue, 30 Mar 2010 06:57:42 +0000 + +cluster-agents (1:1.0.2+hg1702-1) unstable; urgency=low + + * New package revision prepared for upload to unstable. + * Update debian/copyright: list LGPL and GPL version 2 components. + * ldirectord: check for a config file in initscript, and do nothing + if it is not present. + + -- Frederik Schüler <fs@debian.org> Fri, 26 Mar 2010 12:23:40 +0100 + +cluster-agents (1:1.0.2+hg1686-1) unstable; urgency=low + + * New package revision prepared for upload to unstable. + * Install ldirector.8 manpage. + * Drop unused lintian overrides. + + -- Frederik Schüler <fs@debian.org> Fri, 12 Mar 2010 12:01:30 +0100 + +cluster-agents (1:1.0.2+hg1657-2) unstable; urgency=low + + [ Martin Loschwitz ] + * Update the copyright-file to be more appropriate and up to date. + + -- Martin Loschwitz <madkiss@debian.org> Wed, 03 Mar 2010 08:40:00 +0100 + +cluster-agents (1:1.0.2+hg1657-1) unstable; urgency=low + + [ Martin Loschwitz ] + * New package revision prepared for upload to unstable. + + -- Martin Loschwitz <madkiss@debian.org> Wed, 02 Mar 2010 14:21:00 +0100 + +cluster-agents (1:1.0.2-2) UNRELEASED; urgency=low + + [ Simon Horman ] + * Add build dependency on xsltproc. + * Use dh_installinit to install the debian ldirectord init script. + * Do not pass --sourcedir to dh_install. + + [ Frederik Schüler ] + * Use source version 3.0 instead of dpatch, drop dependency accordingly. + * Bump standards version to 3.8.4, no changes needed. + * Install lintian override file. + * Install manpages. + * Really clean up in clean target. + * debian/control: drop duplicate Section: field. + + -- Frederik Schüler <fs@debian.org> Fri, 26 Feb 2010 19:33:36 +0100 + +cluster-agents (1:1.0.2-1) unstable; urgency=low + + * New upstream release. + + -- Martin Loschwitz <madkiss@debian.org> Wed, 03 Feb 2010 08:05:00 +0100 + +cluster-agents (1:1.0.2~rc2a+hg20100127-0test1) unstable; urgency=low + + * Incorporating a whole lot of changes done by Ante Karamatic to + these packages; thank you very much indeed! + * New upstream version taken from linux-ha.org repository + * Fix dependencies for ldirectord and include var/lock/subsys/ldirectord + + -- Martin Loschwitz <madkiss@debian.org> Wed, 27 Jan 2010 01:24:00 +0100 + +cluster-agents (1:1.0.2~rc2a-0ubuntu0ppa5) lucid; urgency=low + + * Add libglib2.0-dev to build-deps + + -- Ante Karamatic <ivoks@ubuntu.com> Tue, 05 Jan 2010 18:19:31 +0100 + +cluster-agents (1:1.0.2~rc2a-0ubuntu0ppa4) lucid; urgency=low + + * Add pkg-config to build-deps + + -- Ante Karamatic <ivoks@ubuntu.com> Tue, 05 Jan 2010 17:03:35 +0000 + +cluster-agents (1:1.0.2~rc2a-0ubuntu0ppa3) lucid; urgency=low + + * Fix typo in build-depends + + -- Ante Karamatic <ivoks@ubuntu.com> Tue, 05 Jan 2010 14:15:44 +0000 + +cluster-agents (1:1.0.2~rc2a-0ubuntu0ppa2) lucid; urgency=low + + * Added autoconf, automake and libtool to build-deps + + -- Ante Karamatic <ivoks@ubuntu.com> Mon, 04 Jan 2010 16:11:41 +0000 + +cluster-agents (1:1.0.2~rc2a-0ubuntu0ppa1) lucid; urgency=low + + * New upstream version + * Added dpatch, docbook-xsl and xsltproc to build-deps + * debian/patches/01_local_docbook: + - use local docbook-xsl + + -- Ante Karamatic <ivoks@ubuntu.com> Mon, 04 Jan 2010 15:55:14 +0000 + +cluster-agents (1:1.0+hg20091103-1~bpo50+1) lenny-backports; urgency=low + + * Rebuild for lenny-backports. + + -- Martin Loschwitz <madkiss@debian.org> Tue, 03 Nov 2009 12:10:06 +0000 + +cluster-agents (1:1.0+hg20091103-1) unstable; urgency=low + + * Updated upstream tarball to fetch some important updates + + -- Martin Loschwitz <madkiss@debian.org> Tue, 03 Nov 2009 12:07:35 +0000 + +cluster-agents (1:1.0+hg20091012-1) unstable; urgency=low + + * New upstream version + + -- Martin Loschwitz <madkiss@debian.org> Mon, 12 Oct 2009 17:10:00 +0200 + +cluster-agents (1:1.0+hg20090915-1) unstable; urgency=low + + * Initial release of packages for the cluster agents collection + + -- Martin Loschwitz <madkiss@debian.org> Tue, 15 Sep 2009 09:56:16 +0000 diff --git a/debian/clean b/debian/clean new file mode 100644 index 0000000..0fa1a39 --- /dev/null +++ b/debian/clean @@ -0,0 +1,25 @@ +compile +INSTALL +install-sh +aclocal.m4 +Makefile.in +config.guess +config.sub +missing +configure +depcomp +ldirectord/Makefile.in +ldirectord/init.d/Makefile.in +ldirectord/OCF/Makefile.in +ldirectord/logrotate.d/Makefile.in +doc/Makefile.in +include/config.h.in +heartbeat/Makefile.in +heartbeat/__pycache__/* +tools/Makefile.in +libltdl.tar +libtool.m4 +ltdl.m4 +autoconf +automake +autoheader diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..da00f7f --- /dev/null +++ b/debian/control @@ -0,0 +1,78 @@ +Source: resource-agents +Section: admin +Priority: optional +Maintainer: Debian HA Maintainers <debian-ha-maintainers@alioth-lists.debian.net> +Uploaders: Adrian Vondendriesch <adrian.vondendriesch@credativ.de>, + Valentin Vidic <vvidic@debian.org> +Build-Depends: autoconf, + automake, + cluster-glue-dev, + debhelper-compat (= 13), + dh-exec, + dh-python, + docbook-xml, + docbook-xsl, + gawk, + libglib2.0-dev, + liblrm2-dev, + libnet1-dev, + libpils2-dev, + libplumb2-dev, + libplumbgpl2-dev, + libqb-dev, + libstonith1-dev, + libtool, + libxml2-utils, + net-tools, + pkgconf, + python3, + python3-googleapi, + python3-pyroute2, + shellcheck, +# for systemd.pc: + systemd-dev, + xsltproc, + xml-twig-tools, +Rules-Requires-Root: no +Standards-Version: 4.7.0 +Homepage: https://github.com/ClusterLabs/resource-agents +Vcs-Browser: https://salsa.debian.org/ha-team/resource-agents +Vcs-Git: https://salsa.debian.org/ha-team/resource-agents.git + +Package: resource-agents +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends}, ${python3:Depends}, bc, cluster-glue, gawk +Recommends: libxml2-utils, net-tools, python3-googleapi +Provides: resource-agents-dev +Description: Cluster Resource Agents + This package contains cluster resource agents (RAs) compliant with the Open + Cluster Framework (OCF) specification, used to interface with various services + in a High Availability environment managed by the Pacemaker resource manager. + . + Agents included: + ${agents} + +Package: ldirectord +Architecture: all +Depends: ipvsadm, + libauthen-radius-perl, + libcrypt-ssleay-perl, + libdbi-perl, + libdigest-hmac-perl, + libdigest-md5-perl, + libio-socket-inet6-perl, + libmail-pop3client-perl, + libmailtools-perl, + libnet-dns-perl, + libnet-imap-simple-perl, + libnet-imap-simple-ssl-perl, + libnet-ldap-perl, + libnet-perl, + libsocket6-perl, + libwww-perl, + ${misc:Depends}, + ${perl:Depends} +Pre-Depends: ${misc:Pre-Depends} +Description: Monitors virtual services provided by LVS + ldirectord is a stand-alone daemon to monitor real servers behind + virtual services provided by The Linux Virtual Server (LVS). diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..ede86bc --- /dev/null +++ b/debian/copyright @@ -0,0 +1,581 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: resource-agents +Source: https://github.com/ClusterLabs/resource-agents + +Files: * +Copyright: Copyright (C) 1996-2016 + Akamatsu Hiroshi <akamatsu.hiroshi@yes.nttcom.ne.jp> + Alan Robertson <alanr@unix.sh> + Andrew Beekhof <andrew@beekhof.net> + Christian Rishoj <christian@rishoj.net> + Daiki Matsuda <d.matuda@gmail.com> + David Lee <t.d.lee@durham.ac.uk> + Dejan Muhamedagic <dejan@hello-penguin.com> + Dominik Klein <dk@in-telegence.net> + Fabio M. Di Nitto + Florian Haas <florian@linbit.com> + Hideo Yamauchi <renayama19661014@ybb.ne.jp> + Huang Zhen <zhen.huang@gmail.com> + International Business Machines + Jean-Francois Larvoire <jf.larvoire@hp.com> + Keisuke MORI <kskmori@intellilink.co.jp> + Lars Marowsky-Bree <lmb@suse.de> + Matthew Soffen + Michael Moerz + Michael Schwartzkopff <misch@multinet.de> + Nakahira Kazutomo <nakahira@intellilink.co.jp> + Philipp Kolmann <philipp@kolmann.at> + Raoul Bhatia <r.bhatia@ipax.at> + Red Hat, Inc. + Renzo Alejandro Granados + Ron Terry <rterry@novell.com> + SCL Internet + Sebastian Reitenbach <itlistuser@rapideye.de> + Serge Dubrouski <sergeyfd@gmail.com> + Simon Horman <horms@verge.net.au> + Sistina Software, Inc. + Stephan Berlet <SBerlet@sysdesign-edv.de> + SUSE LINUX AG, Lars Marowsky-Bree + Taro Matsuzawa +License: GPL + +Files: debian/* +Copyright: 2011 Andres Rodriguez <andreserl@ubuntu.com> + 2022 Valentin Vidic <vvidic@debian.org> +License: GPL-2+ + +Files: doc/dev-guides/* +Copyright: 2010, 2011 LINBIT HA-Solutions GmbH + 2011 Novell, Inc. + 2011 SUSE Linux GmbH + 2011 hastexo Professional Services GmbH +License: CC-BY-SA + +Files: heartbeat/* +Copyright: Copyright (c) 1996-2016 + Achim Stumpf + AkurIT.com.au + Alexander Krauth + Andrew Beekhof + Andrew Tridgell + Apra Sistemi s.r.l. + Ben Timby + Charlie Brooks + Chris Bowlby, + Christian Rishoj + Darren Thompson + David Vossel + Dejan Muhamedagic + Dejan Muhamedagic, SUSE/Attachmate + Dhairesh Oza + Evgeny Nifontov and lwang@suse.com + Florian Haas + FREQUENTIS AG + hastexo Professional Services GmbH + Holger Teutsch + Horms + Huang Zhen + IN-telegence GmbH & Co. KG, Dominik Klein + International Business Machines + International Business Machines China, Ltd., Inc. + Jiaju Zhang + Jo De Baer + Krzysztof Gajdemski + Lars Ellenberg + Lars Marowsky-Brée + LINBIT + Linux-HA contributors + Matthias Dahl + Matt Soffen + NIPPON TELEGRAPH AND TELEPHONE CORPORATION + Novell Inc. + Pagelink B.V. + Rajat Upadhyaya + Raoul Bhatia + Red Hat, Inc. + Robert Euhus + Ronnie Sahlberg + Sandro Poppi + Serge Dubrouski + SUSE LINUX AG + The Design Assembly GmbH + Tim Serong + Tuomo Soini + Ulrich Windl + Yan Fitterer +License: GPL-2 + +Files: heartbeat/shellfuncs.in +Copyright: Alan Robertson +License: LGPL + +Files: heartbeat/ocf-shellfuncs.in +Copyright: Copyright (c) 2004 SUSE LINUX AG, Lars Marowsky-Brée +License: LGPL + +Files: heartbeat/ocf-returncodes +Copyright: Copyright (c) 2004 SUSE LINUX AG, Andrew Beekhof +License: LGPL + +Files: heartbeat/scsi2reservation +Copyright: hxinwei@gmail.com +License: GPL-2 + +Files: rgmanager/src/resources/* +Copyright: Copyright (C) 1997-2003 Sistina Software, Inc. All rights reserved. + Copyright (C) 2004-2011 Red Hat, Inc. All rights reserved. +License: GPL-2+ + +Files: rgmanager/src/resources/ASEHAagent.sh.in +Copyright: Copyright 2007 Jian-ping Hui <jphui at sybase.com> + Copyright (C) - 2007, Sybase, Inc. +License: GPL-2 + +Files: rgmanager/src/resources/clusterfs.sh.in +Copyright: Copyright (C) 2000 Mission Critical Linux + Copyright (C) 2002-2008 Red Hat, Inc. All rights reserved. +License: GPL-2+ + +Files: rgmanager/src/resources/db2.sh.in +Copyright: Copyright (C) 2011 Holger Teutsch + Copyright (C) 2014 David Vossel +License: GPL-2+ + +Files: rgmanager/src/resources/drbd.sh.in +Copyright: Copyright (C) 2008 LINBIT +License: GPL-2+ + +Files: rgmanager/src/resources/ocf-shellfuncs.in +Copyright: Copyright (C) 2004 SUSE LINUX AG, Lars Marowsky-Bree. All Rights Reserved. +License: GPL + +Files: rgmanager/src/resources/SAPDatabase +Copyright: Copyright (C) 2006, 2007 Alexander Krauth +License: GPL + +Files: rgmanager/src/resources/SAPInstance +Copyright: Copyright (C) 2006, 2007 Alexander Krauth +License: GPL + +Files: tools/ocft/* +Copyright: Copyright (C) John Shi +License: GPL-2+ + +Files: tools/send_arp.linux.c +Copyright: Copyright (C) Alexey Kuznetsov +License: GPL-2+ + +License: GPL-2+ + This program is free software; you can redistribute it + and/or modify it under the terms of the GNU General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later + version. + . + This program is distributed in the hope that it will be + useful, but WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. See the GNU General Public License for more + details. + . + You should have received a copy of the GNU General Public + License along with this package; if not, write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. + +License: GPL-2 + This program is free software; you can redistribute it + and/or modify it under the terms of the GNU General Public + License version 2 as published by the Free Software Foundation. + . + This program is distributed in the hope that it will be + useful, but WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. See the GNU General Public License for more + details. + . + You should have received a copy of the GNU General Public + License along with this package; if not, write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. + +License: GPL + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, + USA. + . + On Debian systems, the full text of the GNU General Public + License can be found in the file + `/usr/share/common-licenses/GPL'. + +License: LGPL + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + . + On Debian systems, the full text of the GNU Lesser General Public + License version can be found in the file + `/usr/share/common-licenses/LGPL'. + +License: CC-BY-SA + Creative Commons Legal Code + . + Attribution-ShareAlike 3.0 Unported + . + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR + DAMAGES RESULTING FROM ITS USE. + . + License + . + THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE + COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY + COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS + AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. + . + BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE + BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE + CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE + IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS. + . + 1. Definitions + . + "Adaptation" means a work based upon the Work, or upon the Work and other + pre-existing works, such as a translation, adaptation, derivative work, + arrangement of music or other alterations of a literary or artistic work, or + phonogram or performance and includes cinematographic adaptations or any other + form in which the Work may be recast, transformed, or adapted including in any + form recognizably derived from the original, except that a work that + constitutes a Collection will not be considered an Adaptation for the purpose + of this License. For the avoidance of doubt, where the Work is a musical work, + performance or phonogram, the synchronization of the Work in timed-relation + with a moving image ("synching") will be considered an Adaptation for the + purpose of this License. + "Collection" means a collection of literary or artistic works, such as + encyclopedias and anthologies, or performances, phonograms or broadcasts, or + other works or subject matter other than works listed in Section 1(f) below, + which, by reason of the selection and arrangement of their contents, + constitute intellectual creations, in which the Work is included in its + entirety in unmodified form along with one or more other contributions, each + constituting separate and independent works in themselves, which together are + assembled into a collective whole. A work that constitutes a Collection will + not be considered an Adaptation (as defined below) for the purposes of this + License. + "Creative Commons Compatible License" means a license that is listed at + https://creativecommons.org/compatiblelicenses that has been approved by + Creative Commons as being essentially equivalent to this License, including, + at a minimum, because that license: (i) contains terms that have the same + purpose, meaning and effect as the License Elements of this License; and, (ii) + explicitly permits the relicensing of adaptations of works made available + under that license under this License or a Creative Commons jurisdiction + license with the same License Elements as this License. + "Distribute" means to make available to the public the original and copies of + the Work or Adaptation, as appropriate, through sale or other transfer of + ownership. + "License Elements" means the following high-level license attributes as + selected by Licensor and indicated in the title of this License: Attribution, + ShareAlike. + "Licensor" means the individual, individuals, entity or entities that offer(s) + the Work under the terms of this License. + "Original Author" means, in the case of a literary or artistic work, the + individual, individuals, entity or entities who created the Work or if no + individual or entity can be identified, the publisher; and in addition (i) in + the case of a performance the actors, singers, musicians, dancers, and other + persons who act, sing, deliver, declaim, play in, interpret or otherwise + perform literary or artistic works or expressions of folklore; (ii) in the + case of a phonogram the producer being the person or legal entity who first + fixes the sounds of a performance or other sounds; and, (iii) in the case of + broadcasts, the organization that transmits the broadcast. + "Work" means the literary and/or artistic work offered under the terms of this + License including without limitation any production in the literary, + scientific and artistic domain, whatever may be the mode or form of its + expression including digital form, such as a book, pamphlet and other writing; + a lecture, address, sermon or other work of the same nature; a dramatic or + dramatico-musical work; a choreographic work or entertainment in dumb show; a + musical composition with or without words; a cinematographic work to which are + assimilated works expressed by a process analogous to cinematography; a work + of drawing, painting, architecture, sculpture, engraving or lithography; a + photographic work to which are assimilated works expressed by a process + analogous to photography; a work of applied art; an illustration, map, plan, + sketch or three-dimensional work relative to geography, topography, + architecture or science; a performance; a broadcast; a phonogram; a + compilation of data to the extent it is protected as a copyrightable work; or + a work performed by a variety or circus performer to the extent it is not + otherwise considered a literary or artistic work. + "You" means an individual or entity exercising rights under this License who + has not previously violated the terms of this License with respect to the + Work, or who has received express permission from the Licensor to exercise + rights under this License despite a previous violation. + "Publicly Perform" means to perform public recitations of the Work and to + communicate to the public those public recitations, by any means or process, + including by wire or wireless means or public digital performances; to make + available to the public Works in such a way that members of the public may + access these Works from a place and at a place individually chosen by them; to + perform the Work to the public by any means or process and the communication + to the public of the performances of the Work, including by public digital + performance; to broadcast and rebroadcast the Work by any means including + signs, sounds or images. + "Reproduce" means to make copies of the Work by any means including without + limitation by sound or visual recordings and the right of fixation and + reproducing fixations of the Work, including storage of a protected + performance or phonogram in digital form or other electronic medium. + . + 2. Fair Dealing Rights. + . + Nothing in this License is intended to reduce, limit, or restrict any uses + free from copyright or rights arising from limitations or exceptions that are + provided for in connection with the copyright protection under copyright law + or other applicable laws. + . + 3. License Grant. + . + Subject to the terms and conditions of this License, + Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual + (for the duration of the applicable copyright) license to exercise the rights + in the Work as stated below: + . + to Reproduce the Work, to incorporate the Work into one or more Collections, + and to Reproduce the Work as incorporated in the Collections; + to create and Reproduce Adaptations provided that any such Adaptation, + including any translation in any medium, takes reasonable steps to clearly + label, demarcate or otherwise identify that changes were made to the original + Work. For example, a translation could be marked "The original work was + translated from English to Spanish," or a modification could indicate "The + original work has been modified."; + to Distribute and Publicly Perform the Work including as incorporated in + Collections; and, + to Distribute and Publicly Perform Adaptations. + For the avoidance of doubt: + . + Non-waivable Compulsory License Schemes. In those jurisdictions in which the + right to collect royalties through any statutory or compulsory licensing + scheme cannot be waived, the Licensor reserves the exclusive right to collect + such royalties for any exercise by You of the rights granted under this + License; + Waivable Compulsory License Schemes. In those jurisdictions in which the right + to collect royalties through any statutory or compulsory licensing scheme can + be waived, the Licensor waives the exclusive right to collect such royalties + for any exercise by You of the rights granted under this License; and, + Voluntary License Schemes. The Licensor waives the right to collect royalties, + whether individually or, in the event that the Licensor is a member of a + collecting society that administers voluntary licensing schemes, via that + society, from any exercise by You of the rights granted under this License. + The above rights may be exercised in all media and formats whether now known + or hereafter devised. The above rights include the right to make such + modifications as are technically necessary to exercise the rights in other + media and formats. Subject to Section 8(f), all rights not expressly granted + by Licensor are hereby reserved. + . + 4. Restrictions. The license granted in Section 3 above is expressly made + subject to and limited by the following restrictions: + . + You may Distribute or Publicly Perform the Work only under the terms of this + License. You must include a copy of, or the Uniform Resource Identifier (URI) + for, this License with every copy of the Work You Distribute or Publicly + Perform. You may not offer or impose any terms on the Work that restrict the + terms of this License or the ability of the recipient of the Work to exercise + the rights granted to that recipient under the terms of the License. You may + not sublicense the Work. You must keep intact all notices that refer to this + License and to the disclaimer of warranties with every copy of the Work You + Distribute or Publicly Perform. When You Distribute or Publicly Perform the + Work, You may not impose any effective technological measures on the Work that + restrict the ability of a recipient of the Work from You to exercise the + rights granted to that recipient under the terms of the License. This Section + 4(a) applies to the Work as incorporated in a Collection, but this does not + require the Collection apart from the Work itself to be made subject to the + terms of this License. If You create a Collection, upon notice from any + Licensor You must, to the extent practicable, remove from the Collection any + credit as required by Section 4(c), as requested. If You create an Adaptation, + upon notice from any Licensor You must, to the extent practicable, remove from + the Adaptation any credit as required by Section 4(c), as requested. + You may Distribute or Publicly Perform an Adaptation only under the terms of: + (i) this License; (ii) a later version of this License with the same License + Elements as this License; (iii) a Creative Commons jurisdiction license + (either this or a later license version) that contains the same License + Elements as this License (e.g., Attribution-ShareAlike 3.0 US)); (iv) a + Creative Commons Compatible License. If you license the Adaptation under one + of the licenses mentioned in (iv), you must comply with the terms of that + license. If you license the Adaptation under the terms of any of the licenses + mentioned in (i), (ii) or (iii) (the "Applicable License"), you must comply + with the terms of the Applicable License generally and the following + provisions: (I) You must include a copy of, or the URI for, the Applicable + License with every copy of each Adaptation You Distribute or Publicly Perform; + (II) You may not offer or impose any terms on the Adaptation that restrict the + terms of the Applicable License or the ability of the recipient of the + Adaptation to exercise the rights granted to that recipient under the terms of + the Applicable License; (III) You must keep intact all notices that refer to + the Applicable License and to the disclaimer of warranties with every copy of + the Work as included in the Adaptation You Distribute or Publicly Perform; + (IV) when You Distribute or Publicly Perform the Adaptation, You may not + impose any effective technological measures on the Adaptation that restrict + the ability of a recipient of the Adaptation from You to exercise the rights + granted to that recipient under the terms of the Applicable License. This + Section 4(b) applies to the Adaptation as incorporated in a Collection, but + this does not require the Collection apart from the Adaptation itself to be + made subject to the terms of the Applicable License. + If You Distribute, or Publicly Perform the Work or any Adaptations or + Collections, You must, unless a request has been made pursuant to Section + 4(a), keep intact all copyright notices for the Work and provide, reasonable + to the medium or means You are utilizing: (i) the name of the Original Author + (or pseudonym, if applicable) if supplied, and/or if the Original Author + and/or Licensor designate another party or parties (e.g., a sponsor institute, + publishing entity, journal) for attribution ("Attribution Parties") in + Licensor's copyright notice, terms of service or by other reasonable means, + the name of such party or parties; (ii) the title of the Work if supplied; + (iii) to the extent reasonably practicable, the URI, if any, that Licensor + specifies to be associated with the Work, unless such URI does not refer to + the copyright notice or licensing information for the Work; and (iv) , + consistent with Ssection 3(b), in the case of an Adaptation, a credit + identifying the use of the Work in the Adaptation (e.g., "French translation + of the Work by Original Author," or "Screenplay based on original Work by + Original Author"). The credit required by this Section 4(c) may be implemented + in any reasonable manner; provided, however, that in the case of a Adaptation + or Collection, at a minimum such credit will appear, if a credit for all + contributing authors of the Adaptation or Collection appears, then as part of + these credits and in a manner at least as prominent as the credits for the + other contributing authors. For the avoidance of doubt, You may only use the + credit required by this Section for the purpose of attribution in the manner + set out above and, by exercising Your rights under this License, You may not + implicitly or explicitly assert or imply any connection with, sponsorship or + endorsement by the Original Author, Licensor and/or Attribution Parties, as + appropriate, of You or Your use of the Work, without the separate, express + prior written permission of the Original Author, Licensor and/or Attribution + Parties. + Except as otherwise agreed in writing by the Licensor or as may be otherwise + permitted by applicable law, if You Reproduce, Distribute or Publicly Perform + the Work either by itself or as part of any Adaptations or Collections, You + must not distort, mutilate, modify or take other derogatory action in relation + to the Work which would be prejudicial to the Original Author's honor or + reputation. Licensor agrees that in those jurisdictions (e.g. Japan), in which + any exercise of the right granted in Section 3(b) of this License (the right + to make Adaptations) would be deemed to be a distortion, mutilation, + modification or other derogatory action prejudicial to the Original Author's + honor and reputation, the Licensor will waive or not assert, as appropriate, + this Section, to the fullest extent permitted by the applicable national law, + to enable You to reasonably exercise Your right under Section 3(b) of this + License (right to make Adaptations) but not otherwise. + . + 5. Representations, Warranties and Disclaimer + . + UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS + THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND + CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, + WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A + PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER + DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT + DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED + WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. + . + 6. Limitation on Liability. + . + EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE + LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, + PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE + WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + . + 7. Termination + . + This License and the rights granted hereunder will terminate automatically + upon any breach by You of the terms of this License. Individuals or entities + who have received Adaptations or Collections from You under this License, + however, will not have their licenses terminated provided such individuals or + entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, + 7, and 8 will survive any termination of this License. + Subject to the above terms and conditions, the license granted here is + perpetual (for the duration of the applicable copyright in the Work). + Notwithstanding the above, Licensor reserves the right to release the Work + under different license terms or to stop distributing the Work at any time; + provided, however that any such election will not serve to withdraw this + License (or any other license that has been, or is required to be, granted + under the terms of this License), and this License will continue in full force + and effect unless terminated as stated above. + . + 8. Miscellaneous + . + Each time You Distribute or Publicly Perform the Work or a Collection, the + Licensor offers to the recipient a license to the Work on the same terms and + conditions as the license granted to You under this License. + Each time You Distribute or Publicly Perform an Adaptation, Licensor offers to + the recipient a license to the original Work on the same terms and conditions + as the license granted to You under this License. + If any provision of this License is invalid or unenforceable under applicable + law, it shall not affect the validity or enforceability of the remainder of + the terms of this License, and without further action by the parties to this + agreement, such provision shall be reformed to the minimum extent necessary to + make such provision valid and enforceable. + No term or provision of this License shall be deemed waived and no breach + consented to unless such waiver or consent shall be in writing and signed by + the party to be charged with such waiver or consent. + This License constitutes the entire agreement between the parties with respect + to the Work licensed here. There are no understandings, agreements or + representations with respect to the Work not specified here. Licensor shall + not be bound by any additional provisions that may appear in any communication + from You. This License may not be modified without the mutual written + agreement of the Licensor and You. + The rights granted under, and the subject matter referenced, in this License + were drafted utilizing the terminology of the Berne Convention for the + Protection of Literary and Artistic Works (as amended on September 28, 1979), + the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO + Performances and Phonograms Treaty of 1996 and the Universal Copyright + Convention (as revised on July 24, 1971). These rights and subject matter take + effect in the relevant jurisdiction in which the License terms are sought to + be enforced according to the corresponding provisions of the implementation of + those treaty provisions in the applicable national law. If the standard suite + of rights granted under applicable copyright law includes additional rights + not granted under this License, such additional rights are deemed to be + included in the License; this License is not intended to restrict the license + of any rights under applicable law. + . + Creative Commons Notice + . + Creative Commons is not a party to this License, and makes no warranty + whatsoever in connection with the Work. Creative Commons will not be + liable to You or any party on any legal theory for any damages + whatsoever, including without limitation any general, special, + incidental or consequential damages arising in connection to this + license. Notwithstanding the foregoing two (2) sentences, if Creative + Commons has expressly identified itself as the Licensor hereunder, it + shall have all rights and obligations of Licensor. + . + Except for the limited purpose of indicating to the public that the + Work is licensed under the CCPL, Creative Commons does not authorize + the use by either party of the trademark "Creative Commons" or any + related trademark or logo of Creative Commons without the prior + written consent of Creative Commons. Any permitted use will be in + compliance with Creative Commons' then-current trademark usage + guidelines, as may be published on its website or otherwise made + available upon request from time to time. For the avoidance of doubt, + this trademark restriction does not form part of the License. + . + Creative Commons may be contacted at https://creativecommons.org/. diff --git a/debian/ldirectord.cf b/debian/ldirectord.cf new file mode 100644 index 0000000..40c70fa --- /dev/null +++ b/debian/ldirectord.cf @@ -0,0 +1,4 @@ +# Dummy configuration file. +# +# See /usr/share/doc/ldirectord/examples/ldirectord.cf.gz for +# configuration examples. diff --git a/debian/ldirectord.default b/debian/ldirectord.default new file mode 100644 index 0000000..9035566 --- /dev/null +++ b/debian/ldirectord.default @@ -0,0 +1,4 @@ +# Set the following variable to define a default configuration +# file for ldirectord. + +# CONFIG_FILE=/etc/ldirectord.cf diff --git a/debian/ldirectord.examples b/debian/ldirectord.examples new file mode 100644 index 0000000..11690b0 --- /dev/null +++ b/debian/ldirectord.examples @@ -0,0 +1 @@ +ldirectord/ldirectord.cf diff --git a/debian/ldirectord.init b/debian/ldirectord.init new file mode 100644 index 0000000..de3228c --- /dev/null +++ b/debian/ldirectord.init @@ -0,0 +1,51 @@ +#!/bin/sh +# +### BEGIN INIT INFO +# Short-Description: Monitor virtual services provided by LVS. +# Provides: ldirectord +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +### END INIT INFO +# +# Author: Horms <horms@verge.net.au> +# +# Debian init script for ldirectord +# + +NAME=ldirectord +DAEMON="/usr/sbin/$NAME" +CONFIG="/etc/default/$NAME" + +test -x $DAEMON || exit 0 + +test -x /var/lock/subsys || mkdir -p /var/lock/subsys + +. /lib/lsb/init-functions + +CONFIG_FILE="" +[ -f "$CONFIG" ] && . "$CONFIG" +CONFIG_FILE="${CONFIG_FILE:=/etc/ldirectord.cf}" + +test -f ${CONFIG_FILE} +RC=$? +if [ $RC -ne 0 ] ; then + log_warning_msg "No configuration file found, doing nothing." + exit 0 +fi + +case "$1" in + start|stop|restart|try-restart|status|reload|force-reload) + log_daemon_msg "Running $NAME" "$1" + "$DAEMON" "$CONFIG_FILE" $1 + RC=$? + log_end_msg $RC + exit $RC + ;; + *) + echo "Usage: /etc/init.d/$NAME" \ + "{start|stop|restart|try-restart|status|reload|force-reload}" >&2 + exit 1 + ;; +esac diff --git a/debian/ldirectord.install b/debian/ldirectord.install new file mode 100755 index 0000000..4d17e3d --- /dev/null +++ b/debian/ldirectord.install @@ -0,0 +1,9 @@ +#!/usr/bin/dh-exec + +debian/ldirectord.cf /etc/ha.d +etc/ha.d/resource.d/ldirectord +etc/init.d/ldirectord +etc/logrotate.d/ldirectord +${deb_systemdsystemunitdir}/ldirectord.service [linux-any] +usr/sbin/ldirectord +usr/share/man/man8/ldirectord.8 diff --git a/debian/patches/01_docbook_patch.patch b/debian/patches/01_docbook_patch.patch new file mode 100644 index 0000000..b7a44e1 --- /dev/null +++ b/debian/patches/01_docbook_patch.patch @@ -0,0 +1,16 @@ +Description: Use local stylesheet prefix +Author: Martin Loschwitz <madkiss@debian.org> +Last-Update: 2011-10-20 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/doc/man/Makefile.am ++++ b/doc/man/Makefile.am +@@ -26,7 +26,7 @@ + + CLEANFILES = $(man_MANS) $(xmlfiles) metadata-*.xml + +-STYLESHEET_PREFIX ?= http://docbook.sourceforge.net/release/xsl/current ++STYLESHEET_PREFIX ?= /usr/share/xml/docbook/stylesheet/docbook-xsl + MANPAGES_STYLESHEET ?= $(STYLESHEET_PREFIX)/manpages/docbook.xsl + HTML_STYLESHEET ?= $(STYLESHEET_PREFIX)/xhtml/docbook.xsl + FO_STYLESHEET ?= $(STYLESHEET_PREFIX)/fo/docbook.xsl diff --git a/debian/patches/gitignore.patch b/debian/patches/gitignore.patch new file mode 100644 index 0000000..93123dc --- /dev/null +++ b/debian/patches/gitignore.patch @@ -0,0 +1,27 @@ +Description: Fix .gitignore to work with debian package + Remove entries that interfere with maintaining debian/patches + in the Debian HA git repository. +Author: Valentin Vidic <Valentin.Vidic@CARNet.hr> +Forwarded: not-needed +Last-Update: 2017-08-03 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/.gitignore ++++ b/.gitignore +@@ -123,7 +123,6 @@ + MISC_ERRORS + cscope.files + cscope.out +-patches + updates + logs + +@@ -135,8 +134,6 @@ + *.gz + *.xz + *.sed +-*.diff +-*.patch + *.gres + *~ + diff --git a/debian/patches/ipv6-linux-only b/debian/patches/ipv6-linux-only new file mode 100644 index 0000000..5299a96 --- /dev/null +++ b/debian/patches/ipv6-linux-only @@ -0,0 +1,19 @@ +Description: Disable IPv6addr and send_ua on non-Linux + They need SIOCSIFADDR and SIOGIFINDEX. +Author: Christoph Berg <myon@debian.org> +Last-Update: 2016-04-08 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/configure.ac ++++ b/configure.ac +@@ -809,8 +809,8 @@ + dnl ************************************************************************ + dnl * Check for netinet/icmp6.h to enable the IPv6addr resource agent + AC_CHECK_HEADERS(netinet/icmp6.h,[],[],[#include <sys/types.h>]) +-AM_CONDITIONAL(USE_IPV6ADDR_AGENT, test "$ac_cv_header_netinet_icmp6_h" = yes && test "$ac_cv_header_heartbeat_glue_config_h" = yes) +-AM_CONDITIONAL(IPV6ADDR_COMPATIBLE, test "$ac_cv_header_netinet_icmp6_h" = yes) ++AM_CONDITIONAL(USE_IPV6ADDR_AGENT, test "$ac_cv_header_netinet_icmp6_h" = yes && test "$ac_cv_header_heartbeat_glue_config_h" = yes && test $(uname) = Linux) ++AM_CONDITIONAL(IPV6ADDR_COMPATIBLE, test "$ac_cv_header_netinet_icmp6_h" = yes && test $(uname) = Linux) + + dnl ======================================================================== + dnl Compiler flags diff --git a/debian/patches/mysql-path.patch b/debian/patches/mysql-path.patch new file mode 100644 index 0000000..0a04b5a --- /dev/null +++ b/debian/patches/mysql-path.patch @@ -0,0 +1,28 @@ +Description: fix mysql log and sock paths for Debian +Author: Valentin Vidic <Valentin.Vidic@CARNet.hr> +Last-Update: 2017-12-03 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/heartbeat/mysql-common.sh ++++ b/heartbeat/mysql-common.sh +@@ -30,15 +30,15 @@ + OCF_RESKEY_socket_default="/var/run/mysql/mysql.sock" + else + if [ "$OCF_RESKEY_binary_default" = "" ]; then +- OCF_RESKEY_binary_default="/usr/bin/safe_mysqld" ++ OCF_RESKEY_binary_default="/usr/bin/mysqld_safe" + fi +- OCF_RESKEY_config_default="/etc/my.cnf" ++ OCF_RESKEY_config_default="/etc/mysql/my.cnf" + OCF_RESKEY_datadir_default="/var/lib/mysql" + OCF_RESKEY_user_default="mysql" + OCF_RESKEY_group_default="mysql" +- OCF_RESKEY_log_default="/var/log/mysqld.log" +- OCF_RESKEY_pid_default="/var/run/mysql/mysqld.pid" +- OCF_RESKEY_socket_default="/var/lib/mysql/mysql.sock" ++ OCF_RESKEY_log_default="/var/log/mysql/error.log" ++ OCF_RESKEY_pid_default="/var/run/mysqld/mysqld.pid" ++ OCF_RESKEY_socket_default="/var/run/mysqld/mysqld.sock" + fi + OCF_RESKEY_client_binary_default="mysql" + OCF_RESKEY_test_user_default="root" diff --git a/debian/patches/no-dirty-version b/debian/patches/no-dirty-version new file mode 100644 index 0000000..b03f2a3 --- /dev/null +++ b/debian/patches/no-dirty-version @@ -0,0 +1,27 @@ +Description: Never use a -dirty version in git builds +Author: Christoph Berg <christoph.berg@credativ.de> +Last-Update: 2016-02-02 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/make/git-version-gen ++++ b/make/git-version-gen +@@ -136,19 +136,6 @@ + + v=`echo "$v" |sed 's/^v//'` + +-# Don't declare a version "dirty" merely because a time stamp has changed. +-git update-index --refresh > /dev/null 2>&1 +- +-dirty=`sh -c 'git diff-index --name-only HEAD' 2>/dev/null` || dirty= +-case "$dirty" in +- '') ;; +- *) # Append the suffix only if there isn't one already. +- case $v in +- *-dirty) ;; +- *) v="$v-dirty" ;; +- esac ;; +-esac +- + # Omit the trailing newline, so that m4_esyscmd can use the result directly. + echo "$v" | tr -d "$nl" + diff --git a/debian/patches/ocft-configs.patch b/debian/patches/ocft-configs.patch new file mode 100644 index 0000000..80817fa --- /dev/null +++ b/debian/patches/ocft-configs.patch @@ -0,0 +1,122 @@ +Description: Make agent tests work on Debian + Patch package names and other details in ocft test + configs to be usable by debian/tests. +Author: Valentin Vidic <Valentin.Vidic@CARNet.hr> +Forwarded: not-needed +Last-Update: 2017-01-12 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/tools/ocft/mysql ++++ b/tools/ocft/mysql +@@ -3,7 +3,7 @@ + CONFIG + Agent mysql + AgentRoot /usr/lib/ocf/resource.d/heartbeat +- InstallPackage mysql ++ InstallPackage default-mysql-server + HangTimeout 20 + + SETUP-AGENT +--- a/tools/ocft/named ++++ b/tools/ocft/named +@@ -6,8 +6,8 @@ + CONFIG + Agent named + AgentRoot /usr/lib/ocf/resource.d/heartbeat +- InstallPackage bind +- InstallPackage bind-utils ++ InstallPackage bind9 ++ InstallPackage bind9-utils + + SETUP-AGENT + /etc/init.d/named start +@@ -15,6 +15,7 @@ + + CASE-BLOCK crm_setting + Env OCF_RESKEY_CRM_meta_timeout=15000 ++ Env OCF_RESKEY_named_user=bind + + CASE-BLOCK default_status + AgentRun stop +--- a/tools/ocft/iscsi ++++ b/tools/ocft/iscsi +@@ -3,7 +3,7 @@ + CONFIG + Agent iscsi + AgentRoot /usr/lib/ocf/resource.d/heartbeat +- InstallPackage open-iscsi targetcli ++ InstallPackage open-iscsi targetcli-fb + HangTimeout 20 + + VARIABLE +@@ -24,11 +24,6 @@ + else + /etc/init.d/open-iscsi start + fi +- if systemctl list-unit-files 2>/dev/null | fgrep -q target.service; then +- systemctl start target.service +- else +- /etc/init.d/target start +- fi + export OCF_RESKEY_iqn=$OCFT_target + export OCF_RESKEY_portals=$OCFT_portal + export OCF_RESKEY_target_iqn=$OCFT_target +@@ -45,9 +40,6 @@ + export OCF_RESKEY_lun=1 + /usr/lib/ocf/resource.d/heartbeat/iSCSILogicalUnit stop + /usr/lib/ocf/resource.d/heartbeat/iSCSITarget stop +- if systemctl list-unit-files 2>/dev/null | fgrep -q target.service; then +- systemctl stop target.service +- fi + loopbackeddev unmake $OCFT_disk + + CASE-BLOCK required_args +--- a/tools/ocft/MailTo ++++ b/tools/ocft/MailTo +@@ -3,7 +3,7 @@ + CONFIG + Agent MailTo + AgentRoot /usr/lib/ocf/resource.d/heartbeat +- InstallPackage mailx ++ InstallPackage bsd-mailx + HangTimeout 20 + + CASE-BLOCK required_args +--- a/tools/ocft/nfsserver ++++ b/tools/ocft/nfsserver +@@ -11,6 +11,7 @@ + if test -f /etc/init.d/nfsserver; then + INITSCRIPT="/etc/init.d/nfsserver" + fi ++ service nfs-kernel-server stop + true + + CASE-BLOCK required_args +--- a/tools/ocft/pgsql ++++ b/tools/ocft/pgsql +@@ -3,15 +3,22 @@ + CONFIG + Agent pgsql + AgentRoot /usr/lib/ocf/resource.d/heartbeat +- InstallPackage postgresql-server ++ InstallPackage postgresql + HangTimeout 20 + + SETUP-AGENT +- /etc/init.d/postgresql start +- /etc/init.d/postgresql stop ++ # nothing ++ ++VARIABLE ++ cluster_name="$(pg_conftool -s show cluster_name)" ++ cluster_version="$(pg_conftool -s show cluster_name | cut -d/ -f1)" + + CASE-BLOCK crm_setting + Env OCF_RESKEY_CRM_meta_timeout=15000 ++ Env OCF_RESKEY_pgctl=/usr/lib/postgresql/$cluster_version/bin/pg_ctl ++ Env OCF_RESKEY_pgdata=/var/lib/postgresql/$cluster_name ++ Env OCF_RESKEY_config=/etc/postgresql/$cluster_name/postgresql.conf ++ Env OCF_RESKEY_socketdir=/var/run/postgresql + + CASE-BLOCK default_status + AgentRun stop diff --git a/debian/patches/reproducible.patch b/debian/patches/reproducible.patch new file mode 100644 index 0000000..e346912 --- /dev/null +++ b/debian/patches/reproducible.patch @@ -0,0 +1,19 @@ +Description: Try to make the package build reproducible + Some compile options cause the build to be unreproducible: + -ggdb3: debug info and Build ID in the binaries change +Author: Valentin Vidic <Valentin.Vidic@CARNet.hr> +Forwarded: not-needed +Last-Update: 2017-08-22 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/configure.ac ++++ b/configure.ac +@@ -836,7 +836,7 @@ + CFLAGS="$CFLAGS -g" + enable_fatal_warnings=no + else +- CFLAGS="$CFLAGS -ggdb3" ++ CFLAGS="$CFLAGS -ggdb2" + + # We had to eliminate -Wnested-externs because of libtool changes + # Also remove -Waggregate-return because we use one libnet diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..d4e9090 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,8 @@ +01_docbook_patch.patch +mysql-path.patch +no-dirty-version +ipv6-linux-only +ocft-configs.patch +gitignore.patch +reproducible.patch +var-run.patch diff --git a/debian/patches/var-run.patch b/debian/patches/var-run.patch new file mode 100644 index 0000000..d66cd57 --- /dev/null +++ b/debian/patches/var-run.patch @@ -0,0 +1,16 @@ +Description: Use /run instead of /var/run +Author: Valentin Vidic <vvidic@debian.org> +Last-Update: 2018-12-09 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/ldirectord/systemd/ldirectord.service.in ++++ b/ldirectord/systemd/ldirectord.service.in +@@ -8,7 +8,7 @@ + ExecStop=@sbindir@/ldirectord stop + ExecStopPost=@RM@ -f /var/lock/subsys/ldirectord + ExecReload=@sbindir@/ldirectord reload +-PIDFile=/var/run/ldirectord.ldirectord.pid ++PIDFile=/run/ldirectord.ldirectord.pid + Type=forking + KillMode=none + diff --git a/debian/resource-agents.install b/debian/resource-agents.install new file mode 100755 index 0000000..80a4f5d --- /dev/null +++ b/debian/resource-agents.install @@ -0,0 +1,17 @@ +#!/usr/bin/dh-exec +etc/ha.d/shellfuncs +${deb_systemdsystemunitdir}/resource-agents-deps.target [linux-any] +usr/include +usr/lib/ocf +usr/lib/tmpfiles.d/resource-agents.conf [linux-any] +usr/libexec/heartbeat +usr/sbin/ocft +usr/sbin/ocf-tester +usr/sbin/sfex_init [linux-any] +usr/sbin/sfex_stat [linux-any] +usr/share/doc/resource-agents +usr/share/man/man7/* +usr/share/man/man8/ocf-tester.8 +usr/share/man/man8/sfex_init.8 [linux-any] +usr/share/pkgconfig/resource-agents.pc +usr/share/resource-agents diff --git a/debian/resource-agents.lintian-overrides b/debian/resource-agents.lintian-overrides new file mode 100644 index 0000000..4249310 --- /dev/null +++ b/debian/resource-agents.lintian-overrides @@ -0,0 +1,26 @@ +# ignore manpage warnings +resource-agents: no-manual-page [usr/sbin/ocft] +resource-agents: no-manual-page [usr/sbin/sfex_stat] +resource-agents: groff-message troff:<standard input>:37: warning [p 1, 2.3i]: cannot break line [usr/share/man/man7/ocf_heartbeat_openstack-info.7.gz:1] + +# these are sourced shell libraries: +resource-agents: script-not-executable [usr/lib/ocf/lib/heartbeat/findif.sh] +resource-agents: script-not-executable [usr/lib/ocf/lib/heartbeat/mysql-common.sh] + +# ignore capitalization in agent names +resource-agents: capitalization-error-in-description apache Apache +resource-agents: capitalization-error-in-description mysql MySQL + +# ignore bash false positives +resource-agents: bash-term-in-posix-shell '-{uuid,label}' [usr/lib/ocf/resource.d/heartbeat/Filesystem:173] +resource-agents: bash-term-in-posix-shell '(({Node, [], OkChannelsCount}))' [usr/lib/ocf/resource.d/heartbeat/rabbitmq-server-ha:2090] +resource-agents: bash-term-in-posix-shell 'a[1]=' [usr/lib/ocf/resource.d/heartbeat/nginx:233] +resource-agents: bash-term-in-posix-shell 'function allfiles(' [usr/lib/ocf/resource.d/heartbeat/nginx:246] +resource-agents: bash-term-in-posix-shell 'function is' [usr/lib/ocf/resource.d/heartbeat/portblock:145] +resource-agents: bash-term-in-posix-shell 'function isdir(' [usr/lib/ocf/resource.d/heartbeat/nginx:270] +resource-agents: bash-term-in-posix-shell 'function listfiles(' [usr/lib/ocf/resource.d/heartbeat/nginx:253] +resource-agents: bash-term-in-posix-shell 'function printfile(' [usr/lib/ocf/resource.d/heartbeat/nginx:240] +resource-agents: bash-term-in-posix-shell 'function procinclude(' [usr/lib/ocf/resource.d/heartbeat/nginx:260] +resource-agents: bash-term-in-posix-shell 'function procline(' [usr/lib/ocf/resource.d/heartbeat/nginx:228] +resource-agents: bash-term-in-posix-shell 'let' [usr/lib/ocf/resource.d/heartbeat/LinuxSCSI:59] +resource-agents: bash-term-in-posix-shell 'source address.' [usr/lib/ocf/resource.d/heartbeat/IPsrcaddr:107] diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..3dea720 --- /dev/null +++ b/debian/rules @@ -0,0 +1,56 @@ +#!/usr/bin/make -f + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk +include /usr/share/dpkg/pkg-info.mk +export deb_systemdsystemunitdir=$(shell pkg-config --variable=systemdsystemunitdir systemd | sed s,^/,,) + +%: + dh $@ --with python3 + +override_dh_autoreconf: + echo $(DEB_VERSION_UPSTREAM_REVISION) > .tarball-version + dh_autoreconf + +override_dh_auto_configure: + dh_auto_configure -- --sbindir=/usr/sbin --libexecdir=/usr/libexec \ + --with-ocf-root=/usr/lib/ocf --with-initdir=/etc/init.d \ + --with-rsctmpdir=/run/resource-agents \ + --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ + --mandir=/usr/share/man --libdir=/usr/lib --disable-fatal-warnings \ + SHELL=/bin/bash PYTHON=/usr/bin/python3 \ + BASH_SHELL=/bin/bash RM=/bin/rm \ + ROUTE=/sbin/route GREP=/bin/grep \ + TAR=/bin/tar PING=/bin/ping IFCONFIG=/sbin/ifconfig \ + REBOOT=/sbin/reboot POWEROFF_CMD=/sbin/poweroff + +# fix manpage header +override_dh_auto_install: + dh_auto_install + sed -i -e 's/^\(\.TH "[^"]*\?\)\\"/\1"/' $(CURDIR)/debian/tmp/usr/share/man/man7/*.7 + +override_dh_python3: + dh_python3 /usr/lib/ocf/lib/heartbeat + +override_dh_auto_clean: + dh_auto_clean + rm -f .version .tarball-version + find . -name Makefile.in | xargs -r rm + +override_dh_gencontrol: + set -e; \ + export OCF_ROOT=$(CURDIR)/debian/resource-agents/usr/lib/ocf; \ + export LC_ALL=C; \ + ( \ + echo -n "agents="; \ + for agent in debian/resource-agents/usr/lib/ocf/resource.d/heartbeat/*; do \ + echo "$$agent meta-data ..." >&2; \ + desc=$$($$agent meta-data 2>/dev/null | xml_grep --root resource-agent/shortdesc --text_only /dev/stdin | sed -n '/^$$/!{s/^[[:space:]]*//p; q}'); \ + line=$$(echo "$$(basename $$agent): $$desc" | sed -e 's/^\(.\{75\}\).\{4\}.*/\1.../'); \ + echo -n " $$line\$${Newline}"; \ + done; \ + echo \ + ) >> debian/resource-agents.substvars + rm -rf debian/resource-agents/usr/lib/ocf/lib/heartbeat/__pycache__ + dh_gencontrol diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml new file mode 100644 index 0000000..33c3a64 --- /dev/null +++ b/debian/salsa-ci.yml @@ -0,0 +1,4 @@ +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 0000000..2049770 --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1,3 @@ +# allow custom variables in install files +dh-exec-subst-unknown-variable deb_systemdsystemunitdir [debian/ldirectord.install:7] +dh-exec-subst-unknown-variable deb_systemdsystemunitdir [debian/resource-agents.install:3] diff --git a/debian/tests/IPaddr2 b/debian/tests/IPaddr2 new file mode 100755 index 0000000..8124857 --- /dev/null +++ b/debian/tests/IPaddr2 @@ -0,0 +1,23 @@ +#!/bin/sh + +set -e + +AGENT=IPaddr2 + +cleanup () { + ocft clean $AGENT +} + +trap "cleanup" 0 2 3 15 + +IFACE=$(ip route show 0/0 | head -n 1 | cut -d ' ' -f 5) +echo "Using $IFACE as default route interface" +sed "s/eth0/$IFACE/g" /usr/share/resource-agents/ocft/configs/$AGENT > $AUTOPKGTEST_TMP/$AGENT + +mkdir -p /run/resource-agents + +echo "Running: ocft make -d $AUTOPKGTEST_TMP $AGENT" +ocft make -d $AUTOPKGTEST_TMP $AGENT + +echo "Running: ocft test -v $AGENT" +ocft test -v $AGENT diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..8e229e7 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,57 @@ +Tests: IPaddr2 +Depends: resource-agents +Restrictions: needs-root, isolation-container + +Test-Command: service ldirectord status +Depends: ldirectord +Restrictions: needs-root, isolation-container + +Test-Command: debian/tests/run-ocft MailTo +Depends: resource-agents, bsd-mailx, exim4 +Restrictions: needs-root, isolation-container + +Test-Command: debian/tests/run-ocft apache +Depends: resource-agents, apache2, wget +Restrictions: needs-root, isolation-container + +Test-Command: debian/tests/run-ocft mysql +Depends: resource-agents, default-mysql-server +Restrictions: needs-root, isolation-container + +Test-Command: debian/tests/run-ocft pgsql +Depends: resource-agents, postgresql +Restrictions: needs-root, isolation-container + +Test-Command: debian/tests/run-ocft postfix +Depends: resource-agents, postfix +Restrictions: needs-root, isolation-container + +# currently failing on Ubuntu autopkgtest setup for networking differences, so skip there +# Working in Debci, but compared to badtest retains all the other tests coverage +Test-Command: [ "`lsb_release -is`" = "Ubuntu" ] || debian/tests/run-ocft named +Depends: resource-agents, bind9 (>= 1:9.16.1-2), bind9-host, bind9-utils, lsb-release +Restrictions: needs-root, isolation-container + +Test-Command: debian/tests/run-ocft Filesystem +Depends: resource-agents +Restrictions: needs-root, isolation-machine + +Test-Command: debian/tests/run-ocft LVM +Depends: resource-agents, lvm2 +Restrictions: needs-root, isolation-machine + +Test-Command: debian/tests/run-ocft exportfs +Depends: resource-agents, nfs-kernel-server +Restrictions: needs-root, isolation-machine + +Test-Command: debian/tests/run-ocft exportfs-multidir +Depends: resource-agents, nfs-kernel-server +Restrictions: needs-root, isolation-machine + +Test-Command: debian/tests/run-ocft nfsserver +Depends: resource-agents, nfs-kernel-server +Restrictions: needs-root, isolation-machine + +Test-Command: debian/tests/run-ocft iscsi +Depends: resource-agents, open-iscsi, targetcli-fb, openssl +Restrictions: needs-root, isolation-machine diff --git a/debian/tests/run-ocft b/debian/tests/run-ocft new file mode 100755 index 0000000..f820fce --- /dev/null +++ b/debian/tests/run-ocft @@ -0,0 +1,19 @@ +#!/bin/sh + +set -e + +AGENT=$1 + +cleanup () { + ocft clean $AGENT +} + +trap "cleanup" 0 2 3 15 + +mkdir -p /run/resource-agents + +echo "Running: ocft make $AGENT" +ocft make $AGENT + +echo "Running: ocft test -v $AGENT" +ocft test -v $AGENT diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..3179fc4 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=4 +opts="uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\d*)$/$1~$2/" \ +https://github.com/ClusterLabs/resource-agents/tags/ .*/v([\d\.]*.*)\.tar\.gz diff --git a/doc/dev-guides/writing-python-agents.md b/doc/dev-guides/writing-python-agents.md index f26313f..1b05e23 100644 --- a/doc/dev-guides/writing-python-agents.md +++ b/doc/dev-guides/writing-python-agents.md @@ -5,8 +5,7 @@ A simple library for authoring resource agents in Python is provided in the `ocf.py` library. -Agents written in Python should be ideally compatible both with Python -2.7+ and Python 3.3+. +Agents written in Python should be compatible with Python 3.6+. The library provides various helper constants and functions, a logging implementation as well as a run loop and metadata generation facility. @@ -53,7 +52,11 @@ logger.error("Something went terribly wrong.") * `ocf_exit_reason`: Prints the exit error string to stderr. * `have_binary`: Returns True if the given binary is available. * `is_true`: Converts an OCF truth value to a Python boolean. +* `is_probe`: Returns True when running a probe action. Used to return + OCF_NOT_RUNNING instead of error code that would cause unexpected actions + like fencing before starting the resource or when it is disabled. * `get_parameter`: Looks up the matching `OCF_RESKEY_` environment variable. +* `distro`: Returns <Distro>/<Version> or <Distro> if version info is unavailable. * `Agent`: Class which helps to generate the XML metadata. * `run`: OCF run loop implementation. diff --git a/heartbeat/Delay b/heartbeat/Delay index 5aa8f46..c96da0e 100755 --- a/heartbeat/Delay +++ b/heartbeat/Delay @@ -4,22 +4,9 @@ # Support: users@clusterlabs.org # License: GNU General Public License (GPL) # -# This script is a test resource for introducing delay. +# This script is a resource for introducing a delay. # -# usage: $0 {start|stop|status|monitor|meta-data} -# -# OCF parameters are as below: -# OCF_RESKEY_startdelay -# OCF_RESKEY_stopdelay -# OCF_RESKEY_mondelay -# -# -# OCF_RESKEY_startdelay defaults to 20 (seconds) -# OCF_RESKEY_stopdelay defaults to $OCF_RESKEY_startdelay -# OCF_RESKEY_mondelay defaults to $OCF_RESKEY_startdelay -# -# -# This is really a test resource script. +# usage: $0 {start|stop|status|monitor|meta-data} # ####################################################################### @@ -54,7 +41,7 @@ meta_data() { <version>1.0</version> <longdesc lang="en"> -This script is a test resource for introducing delay. +This script is a resource for introducing a delay. </longdesc> <shortdesc lang="en">Waits for a defined timespan</shortdesc> diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem index 0665628..e1378f7 100755 --- a/heartbeat/Filesystem +++ b/heartbeat/Filesystem @@ -704,7 +704,7 @@ timeout_child() { wait $pid ret=$? - # ret would be 127 + child exit code if the timeout expired + # ret would be 127 + child exit code if the timeout expired (see "man wait" for more info) [ $ret -lt 128 ] && kill -s KILL $killer return $ret } diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index 97a7431..5f30b8f 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 @@ -624,7 +624,7 @@ find_interface() { # List interfaces but exclude FreeS/WAN ipsecN virtual interfaces # local iface="`$IP2UTIL -o -f $FAMILY addr show \ - | grep "\ $ipaddr/$netmask" \ + | grep " $ipaddr/$netmask" \ | cut -d ' ' -f2 \ | grep -v '^ipsec[0-9][0-9]*$'`" diff --git a/heartbeat/LVM-activate b/heartbeat/LVM-activate index f6f24a3..3858ed8 100755 --- a/heartbeat/LVM-activate +++ b/heartbeat/LVM-activate @@ -448,6 +448,10 @@ systemid_check() { # system_id_source is set in lvm.conf source=$(lvmconfig 'global/system_id_source' 2>/dev/null | cut -d"=" -f2) + + # Is volume_list set in lvm.conf + vol_list=$(lvmconfig 'activation/volume_list' 2>/dev/null | cut -d"=" -f2) + if [ "$source" = "" ] || [ "$source" = "none" ]; then ocf_exit_reason "system_id_source in lvm.conf is not set correctly!" exit $OCF_ERR_ARGS @@ -458,6 +462,11 @@ systemid_check() exit $OCF_ERR_ARGS fi + if [ -n "$source" ] && [ -n "$vol_list" ]; then + ocf_exit_reason "Both system_id_source & volume_list cannot be defined!" + exit $OCF_ERR_ARGS + fi + return $OCF_SUCCESS } diff --git a/heartbeat/SysInfo.in b/heartbeat/SysInfo.in index c57b7b6..8a268d7 100644 --- a/heartbeat/SysInfo.in +++ b/heartbeat/SysInfo.in @@ -119,7 +119,7 @@ UpdateStat() { name=$1; shift value="$*" echo -e "$name:\t$value" - ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -S status -n $name -v "$value" + ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n $name -v "$value" } SysInfoStats() { diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip index dee0403..54806f6 100755 --- a/heartbeat/aws-vpc-move-ip +++ b/heartbeat/aws-vpc-move-ip @@ -36,6 +36,7 @@ # Defaults OCF_RESKEY_awscli_default="/usr/bin/aws" +OCF_RESKEY_auth_type_default="key" OCF_RESKEY_profile_default="default" OCF_RESKEY_region_default="" OCF_RESKEY_ip_default="" @@ -48,6 +49,7 @@ OCF_RESKEY_monapi_default="false" OCF_RESKEY_lookup_type_default="InstanceId" : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} +: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}} : ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}} : ${OCF_RESKEY_region=${OCF_RESKEY_region_default}} : ${OCF_RESKEY_ip=${OCF_RESKEY_ip_default}} @@ -58,8 +60,6 @@ OCF_RESKEY_lookup_type_default="InstanceId" : ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}} : ${OCF_RESKEY_monapi=${OCF_RESKEY_monapi_default}} : ${OCF_RESKEY_lookup_type=${OCF_RESKEY_lookup_type_default}} - -[ -n "$OCF_RESKEY_region" ] && region_opt="--region $OCF_RESKEY_region" ####################################################################### @@ -83,6 +83,10 @@ cat <<END <longdesc lang="en"> Resource Agent to move IP addresses within a VPC of the Amazon Webservices EC2 by changing an entry in an specific routing table + +Credentials needs to be setup by running "aws configure", or by using AWS Policies. + +See https://aws.amazon.com/cli/ for more information about awscli. </longdesc> <shortdesc lang="en">Move IP within a VPC of the AWS EC2</shortdesc> @@ -95,6 +99,15 @@ Path to command line tools for AWS <content type="string" default="${OCF_RESKEY_awscli_default}" /> </parameter> +<parameter name="auth_type"> +<longdesc lang="en"> +Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure", +or "role" to use AWS Policies. +</longdesc> +<shortdesc lang="en">Authentication type</shortdesc> +<content type="string" default="${OCF_RESKEY_auth_type_default}" /> +</parameter> + <parameter name="profile"> <longdesc lang="en"> Valid AWS CLI profile name (see ~/.aws/config and 'aws configure') @@ -198,7 +211,7 @@ END execute_cmd_as_role(){ cmd=$1 role=$2 - output="$($OCF_RESKEY_awscli sts assume-role --role-arn $role --role-session-name AWSCLI-RouteTableUpdate --profile $OCF_RESKEY_profile $region_opt --output=text)" + output="$($AWSCLI_CMD sts assume-role --role-arn $role --role-session-name AWSCLI-RouteTableUpdate --output=text)" export AWS_ACCESS_KEY_ID="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $5}')" export AWS_SECRET_ACCESS_KEY="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $7}')" export AWS_SESSION_TOKEN="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $8}')" @@ -220,11 +233,11 @@ ec2ip_set_address_param_compat(){ } ec2ip_validate() { - for cmd in $OCF_RESKEY_awscli ip curl; do + for cmd in "$OCF_RESKEY_awscli" ip curl; do check_binary "$cmd" done - if [ -z "$OCF_RESKEY_profile" ]; then + if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then ocf_exit_reason "profile parameter not set" return $OCF_ERR_CONFIGURED fi @@ -262,7 +275,7 @@ ec2ip_monitor() { for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do ocf_log info "monitor: check routing table (API call) - $rtb" if [ -z "${OCF_RESKEY_routing_table_role}" ]; then - cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type" + cmd="$AWSCLI_CMD --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type" ocf_log debug "executing command: $cmd" ROUTE_TO_INSTANCE="$($cmd)" else @@ -368,7 +381,7 @@ ec2ip_get_and_configure() { EC2_NETWORK_INTERFACE_ID="$(ec2ip_get_instance_eni)" for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do if [ -z "${OCF_RESKEY_routing_table_role}" ]; then - cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID" + cmd="$AWSCLI_CMD --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID" ocf_log debug "executing command: $cmd" $cmd else @@ -475,6 +488,22 @@ if ! ocf_is_root; then exit $OCF_ERR_PERM fi +AWSCLI_CMD="${OCF_RESKEY_awscli}" +if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then + AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}" +elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then + if [ -z "${OCF_RESKEY_region}" ]; then + ocf_exit_reason "region needs to be set when using role-based authentication" + exit $OCF_ERR_CONFIGURED + fi +else + ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}" + exit $OCF_ERR_CONFIGURED +fi +if [ -n "${OCF_RESKEY_region}" ]; then + AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}" +fi + ec2ip_set_address_param_compat ec2ip_validate diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in index 22cbb35..18ab157 100644 --- a/heartbeat/aws-vpc-route53.in +++ b/heartbeat/aws-vpc-route53.in @@ -46,24 +46,22 @@ # Defaults OCF_RESKEY_awscli_default="/usr/bin/aws" +OCF_RESKEY_auth_type_default="key" OCF_RESKEY_profile_default="default" +OCF_RESKEY_region_default="" OCF_RESKEY_hostedzoneid_default="" OCF_RESKEY_fullname_default="" OCF_RESKEY_ip_default="local" OCF_RESKEY_ttl_default=10 : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} +: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}} : ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}} +: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}} : ${OCF_RESKEY_hostedzoneid:=${OCF_RESKEY_hostedzoneid_default}} : ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}} : ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}} : ${OCF_RESKEY_ttl:=${OCF_RESKEY_ttl_default}} -####################################################################### - - -AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10" -####################################################################### - usage() { cat <<-EOT @@ -123,6 +121,15 @@ Path to command line tools for AWS <content type="string" default="${OCF_RESKEY_awscli_default}" /> </parameter> +<parameter name="auth_type"> +<longdesc lang="en"> +Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure", +or "role" to use AWS Policies. +</longdesc> +<shortdesc lang="en">Authentication type</shortdesc> +<content type="string" default="${OCF_RESKEY_auth_type_default}" /> +</parameter> + <parameter name="profile"> <longdesc lang="en"> The name of the AWS CLI profile of the root account. This @@ -196,7 +203,7 @@ r53_validate() { # Check for required binaries ocf_log debug "Checking for required binaries" - for command in curl dig; do + for command in "${OCF_RESKEY_awscli}" curl dig; do check_binary "$command" done @@ -216,7 +223,10 @@ r53_validate() { esac # profile - [[ -z "$OCF_RESKEY_profile" ]] && ocf_log error "AWS CLI profile not set $OCF_RESKEY_profile!" && exit $OCF_ERR_CONFIGURED + if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then + ocf_exit_reason "profile parameter not set" + return $OCF_ERR_CONFIGURED + fi # TTL [[ -z "$OCF_RESKEY_ttl" ]] && ocf_log error "TTL not set $OCF_RESKEY_ttl!" && exit $OCF_ERR_CONFIGURED @@ -417,7 +427,6 @@ _update_record() { } ############################################################################### - case $__OCF_ACTION in usage|help) usage @@ -427,6 +436,26 @@ case $__OCF_ACTION in metadata exit $OCF_SUCCESS ;; +esac + +AWSCLI_CMD="${OCF_RESKEY_awscli}" +if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then + AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}" +elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then + if [ -z "${OCF_RESKEY_region}" ]; then + ocf_exit_reason "region needs to be set when using role-based authentication" + exit $OCF_ERR_CONFIGURED + fi +else + ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}" + exit $OCF_ERR_CONFIGURED +fi +if [ -n "${OCF_RESKEY_region}" ]; then + AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}" +fi +AWSCLI_CMD="$AWSCLI_CMD --cli-connect-timeout 10" + +case $__OCF_ACTION in start) r53_validate || exit $? r53_start diff --git a/heartbeat/awseip b/heartbeat/awseip index dc48460..49b0ca6 100755 --- a/heartbeat/awseip +++ b/heartbeat/awseip @@ -23,7 +23,8 @@ # # Prerequisites: # -# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.) +# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.) or +# (AWSRole) Setup up relevant AWS Policies to allow agent related functions to be executed. # - a reserved secondary private IP address for EC2 instances high availability # - IAM user role with the following permissions: # * DescribeInstances @@ -44,11 +45,15 @@ # Defaults # OCF_RESKEY_awscli_default="/usr/bin/aws" +OCF_RESKEY_auth_type_default="key" OCF_RESKEY_profile_default="default" +OCF_RESKEY_region_default="" OCF_RESKEY_api_delay_default="3" : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} +: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}} : ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}} +: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}} : ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}} meta_data() { @@ -63,7 +68,7 @@ Resource Agent for Amazon AWS Elastic IP Addresses. It manages AWS Elastic IP Addresses with awscli. -Credentials needs to be setup by running "aws configure". +Credentials needs to be setup by running "aws configure", or by using AWS Policies. See https://aws.amazon.com/cli/ for more information about awscli. </longdesc> @@ -79,6 +84,15 @@ command line tools for aws services <content type="string" default="${OCF_RESKEY_awscli_default}" /> </parameter> +<parameter name="auth_type"> +<longdesc lang="en"> +Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure", +or "role" to use AWS Policies. +</longdesc> +<shortdesc lang="en">Authentication type</shortdesc> +<content type="string" default="${OCF_RESKEY_auth_type_default}" /> +</parameter> + <parameter name="profile"> <longdesc lang="en"> Valid AWS CLI profile name (see ~/.aws/config and 'aws configure') @@ -111,6 +125,14 @@ predefined private ip address for ec2 instance <content type="string" default="" /> </parameter> +<parameter name="region" required="0"> +<longdesc lang="en"> +Region for AWS resource (required for role-based authentication) +</longdesc> +<shortdesc lang="en">Region</shortdesc> +<content type="string" default="${OCF_RESKEY_region_default}" /> +</parameter> + <parameter name="api_delay" unique="0"> <longdesc lang="en"> a short delay between API calls, to avoid sending API too quick @@ -157,13 +179,13 @@ awseip_start() { NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN") fi done - $AWSCLI --profile $OCF_RESKEY_profile ec2 associate-address \ + $AWSCLI_CMD ec2 associate-address \ --network-interface-id ${NETWORK_ID} \ --allocation-id ${ALLOCATION_ID} \ --private-ip-address ${PRIVATE_IP_ADDRESS} RET=$? else - $AWSCLI --profile $OCF_RESKEY_profile ec2 associate-address \ + $AWSCLI_CMD ec2 associate-address \ --instance-id ${INSTANCE_ID} \ --allocation-id ${ALLOCATION_ID} RET=$? @@ -183,7 +205,7 @@ awseip_start() { awseip_stop() { awseip_monitor || return $OCF_SUCCESS - ASSOCIATION_ID=$($AWSCLI --profile $OCF_RESKEY_profile --output json ec2 describe-addresses \ + ASSOCIATION_ID=$($AWSCLI_CMD --output json ec2 describe-addresses \ --allocation-id ${ALLOCATION_ID} | grep -m 1 "AssociationId" | awk -F'"' '{print$4}') if [ -z "${ASSOCIATION_ID}" ]; then @@ -191,9 +213,7 @@ awseip_stop() { return $OCF_NOT_RUNNING fi - $AWSCLI --profile ${OCF_RESKEY_profile} \ - ec2 disassociate-address \ - --association-id ${ASSOCIATION_ID} + $AWSCLI_CMD ec2 disassociate-address --association-id ${ASSOCIATION_ID} RET=$? # delay to avoid sending request too fast @@ -208,7 +228,7 @@ awseip_stop() { } awseip_monitor() { - $AWSCLI --profile $OCF_RESKEY_profile ec2 describe-instances --instance-id "${INSTANCE_ID}" | grep -q "${ELASTIC_IP}" + $AWSCLI_CMD ec2 describe-instances --instance-id "${INSTANCE_ID}" | grep -q "${ELASTIC_IP}" RET=$? if [ $RET -ne 0 ]; then @@ -218,9 +238,9 @@ awseip_monitor() { } awseip_validate() { - check_binary ${AWSCLI} + check_binary "${OCF_RESKEY_awscli}" - if [ -z "$OCF_RESKEY_profile" ]; then + if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then ocf_exit_reason "profile parameter not set" return $OCF_ERR_CONFIGURED fi @@ -238,9 +258,27 @@ case $__OCF_ACTION in meta_data exit $OCF_SUCCESS ;; -esac + usage|help) + awseip_usage + exit $OCF_SUCCESS + ;; +esac -AWSCLI="${OCF_RESKEY_awscli}" +AWSCLI_CMD="${OCF_RESKEY_awscli}" +if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then + AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}" +elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then + if [ -z "${OCF_RESKEY_region}" ]; then + ocf_exit_reason "region needs to be set when using role-based authentication" + exit $OCF_ERR_CONFIGURED + fi +else + ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}" + exit $OCF_ERR_CONFIGURED +fi +if [ -n "${OCF_RESKEY_region}" ]; then + AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}" +fi ELASTIC_IP="${OCF_RESKEY_elastic_ip}" ALLOCATION_ID="${OCF_RESKEY_allocation_id}" PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}" @@ -272,10 +310,6 @@ case $__OCF_ACTION in validate|validate-all) awseip_validate ;; - usage|help) - awseip_usage - exit $OCF_SUCCESS - ;; *) awseip_usage exit $OCF_ERR_UNIMPLEMENTED diff --git a/heartbeat/awsvip b/heartbeat/awsvip index 037278e..bdb4d68 100755 --- a/heartbeat/awsvip +++ b/heartbeat/awsvip @@ -23,7 +23,8 @@ # # Prerequisites: # -# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.) +# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey, etc.) or +# (AWSRole) Setup up relevant AWS Policies to allow agent related functions to be executed. # - a reserved secondary private IP address for EC2 instances high availablity # - IAM user role with the following permissions: # * DescribeInstances @@ -43,11 +44,15 @@ # Defaults # OCF_RESKEY_awscli_default="/usr/bin/aws" +OCF_RESKEY_auth_type_default="key" OCF_RESKEY_profile_default="default" +OCF_RESKEY_region_default="" OCF_RESKEY_api_delay_default="3" : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} +: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}} : ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}} +: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}} : ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}} meta_data() { @@ -62,7 +67,7 @@ Resource Agent for Amazon AWS Secondary Private IP Addresses. It manages AWS Secondary Private IP Addresses with awscli. -Credentials needs to be setup by running "aws configure". +Credentials needs to be setup by running "aws configure", or by using AWS Policies. See https://aws.amazon.com/cli/ for more information about awscli. </longdesc> @@ -78,6 +83,15 @@ command line tools for aws services <content type="string" default="${OCF_RESKEY_awscli_default}" /> </parameter> +<parameter name="auth_type"> +<longdesc lang="en"> +Authentication type "key" for AccessKey and SecretAccessKey set via "aws configure", +or "role" to use AWS Policies. +</longdesc> +<shortdesc lang="en">Authentication type</shortdesc> +<content type="string" default="${OCF_RESKEY_auth_type_default}" /> +</parameter> + <parameter name="profile"> <longdesc lang="en"> Valid AWS CLI profile name (see ~/.aws/config and 'aws configure') @@ -94,6 +108,14 @@ reserved secondary private ip for ec2 instance <content type="string" default="" /> </parameter> +<parameter name="region" required="0"> +<longdesc lang="en"> +Region for AWS resource (required for role-based authentication) +</longdesc> +<shortdesc lang="en">Region</shortdesc> +<content type="string" default="${OCF_RESKEY_region_default}" /> +</parameter> + <parameter name="api_delay" unique="0"> <longdesc lang="en"> a short delay between API calls, to avoid sending API too quick @@ -131,7 +153,7 @@ END awsvip_start() { awsvip_monitor && return $OCF_SUCCESS - $AWSCLI --profile $OCF_RESKEY_profile ec2 assign-private-ip-addresses \ + $AWSCLI_CMD ec2 assign-private-ip-addresses \ --network-interface-id ${NETWORK_ID} \ --private-ip-addresses ${SECONDARY_PRIVATE_IP} \ --allow-reassignment @@ -151,7 +173,7 @@ awsvip_start() { awsvip_stop() { awsvip_monitor || return $OCF_SUCCESS - $AWSCLI --profile $OCF_RESKEY_profile ec2 unassign-private-ip-addresses \ + $AWSCLI_CMD ec2 unassign-private-ip-addresses \ --network-interface-id ${NETWORK_ID} \ --private-ip-addresses ${SECONDARY_PRIVATE_IP} RET=$? @@ -168,7 +190,7 @@ awsvip_stop() { } awsvip_monitor() { - $AWSCLI --profile ${OCF_RESKEY_profile} ec2 describe-instances \ + $AWSCLI_CMD ec2 describe-instances \ --instance-id "${INSTANCE_ID}" \ --query 'Reservations[].Instances[].NetworkInterfaces[].PrivateIpAddresses[].PrivateIpAddress[]' \ --output text | \ @@ -182,9 +204,9 @@ awsvip_monitor() { } awsvip_validate() { - check_binary ${AWSCLI} + check_binary "${OCF_RESKEY_awscli}" - if [ -z "$OCF_RESKEY_profile" ]; then + if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile" ]; then ocf_exit_reason "profile parameter not set" return $OCF_ERR_CONFIGURED fi @@ -202,9 +224,27 @@ case $__OCF_ACTION in meta_data exit $OCF_SUCCESS ;; + usage|help) + awsvip_usage + exit $OCF_SUCCESS + ;; esac -AWSCLI="${OCF_RESKEY_awscli}" +AWSCLI_CMD="${OCF_RESKEY_awscli}" +if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then + AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}" +elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then + if [ -z "${OCF_RESKEY_region}" ]; then + ocf_exit_reason "region needs to be set when using role-based authentication" + exit $OCF_ERR_CONFIGURED + fi +else + ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}" + exit $OCF_ERR_CONFIGURED +fi +if [ -n "${OCF_RESKEY_region}" ]; then + AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}" +fi SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}" TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN") @@ -236,10 +276,6 @@ case $__OCF_ACTION in validate|validate-all) awsvip_validate ;; - usage|help) - awsvip_usage - exit $OCF_SUCCESS - ;; *) awsvip_usage exit $OCF_ERR_UNIMPLEMENTED diff --git a/heartbeat/azure-lb b/heartbeat/azure-lb index 7f585bf..198e71c 100755 --- a/heartbeat/azure-lb +++ b/heartbeat/azure-lb @@ -114,7 +114,7 @@ lb_start() { cmd="$OCF_RESKEY_nc -l -k $OCF_RESKEY_port" if [ $( basename $OCF_RESKEY_nc ) = 'socat' ]; then #socat has different parameters - cmd="$OCF_RESKEY_nc -U TCP-LISTEN:$OCF_RESKEY_port,backlog=10,fork,reuseaddr /dev/null" + cmd="$OCF_RESKEY_nc -U TCP6-LISTEN:$OCF_RESKEY_port,backlog=10,fork,reuseaddr /dev/null" fi if ! lb_monitor; then ocf_log debug "Starting $process: $cmd" diff --git a/heartbeat/db2 b/heartbeat/db2 index 95447ab..1cd66f1 100755 --- a/heartbeat/db2 +++ b/heartbeat/db2 @@ -848,7 +848,7 @@ db2_notify() { # only interested in pre-start [ $OCF_RESKEY_CRM_meta_notify_type = pre \ - -a $OCF_RESKEY_CRM_meta_notify_operation = start ] || return $OCF_SUCESS + -a $OCF_RESKEY_CRM_meta_notify_operation = start ] || return $OCF_SUCCESS # gets FIRST_ACTIVE_LOG db2_get_cfg $dblist || return $? diff --git a/heartbeat/docker b/heartbeat/docker index 2adcade..50523db 100755 --- a/heartbeat/docker +++ b/heartbeat/docker @@ -293,8 +293,8 @@ docker_simple_status() VERSION_OUT=$(docker version) version_ret=$? if [ $version_ret -eq 1 ]; then - ocf_exit_reason "Docker service is in error state while checking for ${CONTAINER}, based on image, ${OCF_RESKEY_image}: ${VERSION_OUT}" - return $OCF_ERR_GENERIC + ocf_log err "Docker service is not running or in error state while checking for ${CONTAINER}, based on image, ${OCF_RESKEY_image}: ${VERSION_OUT}" + return $OCF_NOT_RUNNING fi container_exists diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh index 5f1c19e..13484f8 100644 --- a/heartbeat/findif.sh +++ b/heartbeat/findif.sh @@ -29,10 +29,10 @@ prefixcheck() { fi return 0 } -getnetworkinfo() +getloopbackinfo() { local line netinfo - ip -o -f inet route list match $OCF_RESKEY_ip scope host | (while read line; + ip -o -f inet route list match $OCF_RESKEY_ip table local scope host | (while read line; do netinfo=`echo $line | awk '{print $2}'` case $netinfo in @@ -215,14 +215,14 @@ findif() fi if [ -n "$nic" ] ; then # NIC supports more than two. - set -- $(ip -o -f $family route list match $match $scope | grep "dev $nic " | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}') + set -- $(ip -o -f $family route list match $match $scope | grep "dev $nic " | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr) else - set -- $(ip -o -f $family route list match $match $scope | awk 'BEGIN{best=0} /\// { mask=$1; sub(".*/", "", mask); if( int(mask)>=best ) { best=int(mask); best_ln=$0; } } END{print best_ln}') + set -- $(ip -o -f $family route list match $match $scope | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr) fi if [ $# = 0 ] ; then case $OCF_RESKEY_ip in 127.*) - set -- `getnetworkinfo` + set -- `getloopbackinfo` shift;; esac fi diff --git a/heartbeat/galera.in b/heartbeat/galera.in index 6aed3e4..b518595 100755 --- a/heartbeat/galera.in +++ b/heartbeat/galera.in @@ -822,6 +822,11 @@ galera_promote() return $rc fi + # At this point, the mysql pidfile is created on disk and the + # mysql server is reacheable via its UNIX socket. If we are a + # joiner, SST transfers (rsync) have finished, but an IST may + # still be requested or ongoing + galera_monitor rc=$? if [ $rc != $OCF_SUCCESS -a $rc != $OCF_RUNNING_MASTER ]; then @@ -835,12 +840,6 @@ galera_promote() return $OCF_ERR_GENERIC fi - is_primary - if [ $? -ne 0 ]; then - ocf_exit_reason "Failure. Master instance started, but is not in Primary mode." - return $OCF_ERR_GENERIC - fi - if ocf_is_true $bootstrap; then promote_everyone clear_bootstrap_node @@ -991,8 +990,18 @@ galera_monitor() fi rc=$OCF_RUNNING_MASTER else - ocf_exit_reason "local node <${NODENAME}> is started, but not in primary mode. Unknown state." - rc=$OCF_ERR_GENERIC + # It seems that with recent galera (26.4+), a joiner that is + # connected to a Primary component and is preparing its IST + # request might still temporarily report its state as + # Non-Primary. Do not fail in this case as the promote + # operation will loop until the IST finishes or the promote + # times out. + if [ "$__OCF_ACTION" = "promote" ] && ! ocf_is_true $(is_bootstrap); then + ocf_log info "local node <${NODENAME}> is receiving a State Transfer." + else + ocf_exit_reason "local node <${NODENAME}> is started, but not in primary mode. Unknown state." + rc=$OCF_ERR_GENERIC + fi fi return $rc diff --git a/heartbeat/lxd-info.in b/heartbeat/lxd-info.in index f9fb44a..88b15e5 100644 --- a/heartbeat/lxd-info.in +++ b/heartbeat/lxd-info.in @@ -89,7 +89,7 @@ END LXDInfoStats() { value=$(lxc list|grep -ci RUNNING) echo -e "lxd_containers:\t$value" - ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -S status -n lxd_containers -v $value + ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n lxd_containers -v $value } LXDInfo_usage() { @@ -108,7 +108,7 @@ LXDInfo_start() { LXDInfo_stop() { rm -f $OCF_RESKEY_pidfile - ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -S state -n lxd_containers + ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n lxd_containers exit $OCF_SUCCESS } diff --git a/heartbeat/machine-info.in b/heartbeat/machine-info.in index bfa7ce5..6bd328a 100644 --- a/heartbeat/machine-info.in +++ b/heartbeat/machine-info.in @@ -90,7 +90,7 @@ END MachineInfoStats() { value=$(machinectl|awk '/machines listed/ {print $1}') echo -e "machines:\t$value" - ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -S status -n machines -v $value + ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n machines -v $value } MachineInfo_usage() { @@ -109,7 +109,7 @@ MachineInfo_start() { MachineInfo_stop() { rm -f $OCF_RESKEY_pidfile - ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -S state -n machines + ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n machines exit $OCF_SUCCESS } diff --git a/heartbeat/nfsserver b/heartbeat/nfsserver index 8838195..5793d7a 100755 --- a/heartbeat/nfsserver +++ b/heartbeat/nfsserver @@ -711,8 +711,17 @@ inject_unshare_uts_name_into_systemd_units () test -d "$dir" || mkdir -p "$dir" test -e "$dropin" && rm -f "$dropin" - # NOTE: additional ExecStart= might exist in the drop-in files, eg. openSUSE - edited_exec_start=$(systemctl cat $svc | sed -ne "s#^ExecStart=\\([-+:!@]*\\)\\(.\+\\)#ExecStart=\\1/usr/bin/unshare --uts /bin/sh -c 'hostname \${NFS_SERVER_SCOPE}; exec \"\$@\"' -- \\2#p" | tail -1) + # NOTE: multiple ExecStart may exist, + # even additional `ExecStart=` to reset the list might exist in the drop-in files. + # We are interested in only the "currently relevant" set of ExecStart. + local unshare_uts_set_hostname='/usr/bin/unshare --uts /bin/sh -c '\''hostname ${NFS_SERVER_SCOPE}; exec "$@"'\'' -- ' + edited_exec_start=$(systemctl cat $svc \ + | sed -n \ + -e '/^ExecStart=/ H;' \ + -e '/^ExecStart=[[:space:]]*$/ {s/.*//;h};' \ + -e '${g;s/^\n//;p}' \ + | sed -e 's#^\(ExecStart=[-+:!@]*\)\(.\+\)#\1'"$unshare_uts_set_hostname"'\2#' + ) cat > "$dropin" <<___ [Service] diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in index 6852163..a617e00 100644 --- a/heartbeat/ocf-shellfuncs.in +++ b/heartbeat/ocf-shellfuncs.in @@ -22,7 +22,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# Build version: 204f146196774ded1581aed1b6acd0d562b4f958 +# Build version: 72b4771db9437c36931c0f673210f6fe6ed4f8ed # TODO: Some of this should probably split out into a generic OCF # library for shell scripts, but for the time being, we'll just use it diff --git a/heartbeat/ocivip b/heartbeat/ocivip index 053646d..f146807 100755 --- a/heartbeat/ocivip +++ b/heartbeat/ocivip @@ -221,7 +221,7 @@ SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}" CIDR_NETMASK="${OCF_RESKEY_cidr_netmask}" INTERFACE_ALIAS="${OCF_RESKEY_interface_alias}" VNIC_ID="$(curl -s -H "Authorization: Bearer Oracle" -L http://169.254.169.254/opc/v2/vnics/ | jq -r '.[0].vnicId')" -PRIMARY_IFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)') +PRIMARY_IFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -n1) case $__OCF_ACTION in start) diff --git a/heartbeat/openstack-floating-ip b/heartbeat/openstack-floating-ip index 7317f19..a7c0728 100755 --- a/heartbeat/openstack-floating-ip +++ b/heartbeat/openstack-floating-ip @@ -143,13 +143,13 @@ osflip_monitor() { for port in $node_port_ids ; do if echo "$result" | grep -q $port ; then floating_ip=$(echo "$result" | awk '/floating_ip_address/ {print $2}') - ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -S status -n openstack_floating_ip -v $floating_ip + ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n openstack_floating_ip -v $floating_ip return $OCF_SUCCESS fi done - ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -S state -n openstack_floating_ip + ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n openstack_floating_ip ocf_log warn "$OCF_RESKEY_ip_id is not attached to any fixed address" return $OCF_NOT_RUNNING } diff --git a/heartbeat/openstack-info.in b/heartbeat/openstack-info.in index 6502f1d..876e833 100755 --- a/heartbeat/openstack-info.in +++ b/heartbeat/openstack-info.in @@ -164,10 +164,12 @@ OSInfoStats() { --format json \ --column fixed_ips \ ${port_id}") - subnet_id=$(echo "$subnet_result" | + subnet_ids=$(echo "$subnet_result" | grep -P '\"subnet_id\": \".*\",$' | grep -P -o '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}') - value="${value}${subnet_id}:${port_id}," + for subnet_id in $subnet_ids; do + value="${value}${subnet_id}:${port_id}," + done done value=${value%,} diff --git a/heartbeat/openstack-virtual-ip b/heartbeat/openstack-virtual-ip index 361357d..e54926a 100755 --- a/heartbeat/openstack-virtual-ip +++ b/heartbeat/openstack-virtual-ip @@ -137,12 +137,12 @@ osvip_monitor() { --column allowed_address_pairs \ ${node_port_id}") if echo "$result" | grep -q "$OCF_RESKEY_ip"; then - ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -S status -n openstack_virtual_ip -v $OCF_RESKEY_ip + ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n openstack_virtual_ip -v $OCF_RESKEY_ip return $OCF_SUCCESS fi - ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -S state -n openstack_virtual_ip + ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n openstack_virtual_ip ocf_log warn "$OCF_RESKEY_ip is not attached to any fixed address" return $OCF_NOT_RUNNING } diff --git a/heartbeat/portblock b/heartbeat/portblock index 06fcc19..e88ecc2 100755 --- a/heartbeat/portblock +++ b/heartbeat/portblock @@ -266,7 +266,14 @@ active_grep_pat() local src=$3 local dst=$any fi - echo "^DROP${w}${1}${w}--${w}${src}${w}${dst}${w}multiport${w}${4}ports${w}${2}$" + # iptables 1.8.9 briefly broke the output format, returning the + # numeric protocol value instead of a string. Support both variants. + if [ "$1" = "tcp" ]; then + local prot="(tcp|6)" + else + local prot="(udp|17)" + fi + echo "^DROP${w}${prot}${w}--${w}${src}${w}${dst}${w}multiport${w}${4}ports${w}${2}$" } #chain_isactive {udp|tcp} portno,portno ip chain @@ -274,7 +281,7 @@ chain_isactive() { [ "$4" = "OUTPUT" ] && ds="s" || ds="d" PAT=$(active_grep_pat "$1" "$2" "$3" "$ds") - $IPTABLES $wait -n -L "$4" | grep "$PAT" >/dev/null + $IPTABLES $wait -n -L "$4" | grep -qE "$PAT" } # netstat -tn and ss -Htn, split on whitespace and colon, @@ -321,7 +328,6 @@ save_tcp_connections() tickle_remote() { [ -z "$OCF_RESKEY_tickle_dir" ] && return - echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle f=$OCF_RESKEY_tickle_dir/$OCF_RESKEY_ip [ -r $f ] || return $TICKLETCP -n 3 < $f diff --git a/resource-agents.spec.in b/resource-agents.spec.in index 1cbf28c..930db6d 100644 --- a/resource-agents.spec.in +++ b/resource-agents.spec.in @@ -100,7 +100,7 @@ Requires: /usr/sbin/fuser %endif # Filesystem / fs.sh / netfs.sh -%if 0%{?suse_version} +%if 0%{?fedora} > 39 || 0%{?suse_version} Requires: /usr/sbin/fsck %else Requires: /sbin/fsck @@ -141,9 +141,14 @@ Requires: /usr/sbin/ethtool Requires: /sbin/rdisc /usr/sbin/arping /bin/ping /bin/ping6 # nfsexport.sh +%if 0%{?fedora} > 39 +Requires: /usr/sbin/findfs +Requires: /usr/sbin/quotaon /usr/sbin/quotacheck +%else Requires: /sbin/findfs Requires: /sbin/quotaon /sbin/quotacheck %endif +%endif %description A set of scripts to interface with several services to operate in a diff --git a/tools/findif.c b/tools/findif.c index a25395f..ab108a3 100644 --- a/tools/findif.c +++ b/tools/findif.c @@ -669,7 +669,7 @@ main(int argc, char ** argv) { } } - if (netmaskbits) { + if (netmaskbits != NULL && *netmaskbits != EOS) { best_netmask = netmask; }else if (best_netmask == 0L) { /* diff --git a/tools/ocft/exportfs b/tools/ocft/exportfs index 285a4b8..1ec3d4c 100644 --- a/tools/ocft/exportfs +++ b/tools/ocft/exportfs @@ -28,11 +28,6 @@ CASE "check base env" Include prepare AgentRun start OCF_SUCCESS -CASE "check base env: no 'OCF_RESKEY_fsid'" - Include prepare - Env OCF_RESKEY_fsid= - AgentRun start OCF_ERR_CONFIGURED - CASE "check base env: invalid 'OCF_RESKEY_directory'" Include prepare Env OCF_RESKEY_directory=/no_such diff --git a/tools/ocft/exportfs-multidir b/tools/ocft/exportfs-multidir index 00e41f0..ac6d5c7 100644 --- a/tools/ocft/exportfs-multidir +++ b/tools/ocft/exportfs-multidir @@ -28,11 +28,6 @@ CASE "check base env" Include prepare AgentRun start OCF_SUCCESS -CASE "check base env: no 'OCF_RESKEY_fsid'" - Include prepare - Env OCF_RESKEY_fsid= - AgentRun start OCF_ERR_CONFIGURED - CASE "check base env: invalid 'OCF_RESKEY_directory'" Include prepare Env OCF_RESKEY_directory=/no_such diff --git a/tools/storage_mon.c b/tools/storage_mon.c index 1aae29e..a9227ef 100644 --- a/tools/storage_mon.c +++ b/tools/storage_mon.c @@ -382,9 +382,11 @@ static int write_pid_file(const char *pidfile) syslog(LOG_ERR, "Failed to write '%s' to %s: %s", pid, pidfile, strerror(errno)); goto done; } - close(fd); rc = 0; done: + if (fd != -1) { + close(fd); + } if (pid != NULL) { free(pid); } @@ -653,6 +655,7 @@ storage_mon_client(void) int32_t rc; + memset(&response, 0, sizeof(response)); snprintf(ipcs_name, SMON_MAX_IPCSNAME, "storage_mon_%s", attrname); conn = qb_ipcc_connect(ipcs_name, 0); if (conn == NULL) { @@ -663,6 +666,7 @@ storage_mon_client(void) snprintf(request.message, SMON_MAX_MSGSIZE, "%s", SMON_GET_RESULT_COMMAND); request.hdr.id = 0; request.hdr.size = sizeof(struct storage_mon_check_value_req); + response.hdr.id = 0; rc = qb_ipcc_send(conn, &request, request.hdr.size); if (rc < 0) { syslog(LOG_ERR, "qb_ipcc_send error : %d\n", rc); @@ -683,7 +687,11 @@ storage_mon_client(void) /* greater than 0 : monitoring error. */ /* -1 : communication system error. */ /* -2 : Not all checks completed for first device in daemon mode. */ - rc = atoi(response.message); + if (strnlen(response.message, 1)) { + rc = atoi(response.message); + } else { + rc = -1; + } syslog(LOG_DEBUG, "daemon response[%d]: %s \n", response.hdr.id, response.message); |