pool/corosync
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 535834 from home:BinLiu:branches:network:ha-clustering:Factory

Browse Source 
- Upgrade corosync-2.4.2 to corosync-2.4.3(fate#321385)
        doc: document watchdog_device parameter
        Main: Call mlockall after fork
        Totempg: remove duplicate memcpy in mcast_msg func
        Qdevice: fix spell errors in qdevice
        logconfig: Do not overwrite logger_subsys priority
        totemconfig: Prefer nodelist over bindnetaddr
        cpghum: Fix printf of size_t variable
        Qnetd lms: Use UTILS_PRI_RING_ID printf format str
        wd: Report error when close of wd fails
        votequorum: Don't update expected_votes display if value is too high
        votequorum: simplify reconfigure message handling
        quorumtool: Add option to show all node addresses
        main: Don't ask libqb to handle segv, it doesn't work
        man: Document -a option to corosync-quorumtool
        main: use syslog & printf directly for early log messages
        votequorum: make atb consistent on nodelist reload
        Fix typo: Destorying -> Destroying
        init: Add doc URIs to the systemd service files
        wd: fix typo
        corosync.conf.5: Fix watchdog documentation
        corosync.conf.5: add warning about slow watchdogs
        wd: remove extra capitalization typo
        corosync.conf.5: watchdog support is conditional
        notifyd: Add the community name to an SNMP trap
        Logsys: Change logsys syslog_priority priority
        totemrrp: Fix situation when all rings are faulty
        main: Display reason why cluster cannot be formed
        totem: Propagate totem initialization failure
        totemcrypto: Refactor symmetric key importing

OBS-URL: https://build.opensuse.org/request/show/535834
OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/corosync?expand=0&rev=113
This commit is contained in:
Bin Liu 2017-10-23 04:32:00 +00:00 committed by Git OBS Bridge
parent 9359e2998a
commit 4560e27e9c
21 changed files with 99 additions and 968 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
0001-Logsys-Change-logsys-syslog_priority-priority.patch
View File

@ -1,38 +0,0 @@
From 8b6bd86a55b8bda9f3a8ff67bdff908263976fa3 Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Fri, 24 Feb 2017 16:23:50 +0100
Subject: [PATCH] Logsys: Change logsys syslog_priority priority
LibQB adds default "*" syslog filter so we have to set syslog_priority
as low as possible so filters applied later in
_logsys_config_apply_per_file takes effect.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
---
exec/main.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/exec/main.c b/exec/main.c
index 61bcd3d..2370a86 100644
--- a/exec/main.c
+++ b/exec/main.c
@@ -127,10 +127,15 @@
#define IPC_LOGSYS_SIZE 8192*128
#endif
+/*
+ * LibQB adds default "*" syslog filter so we have to set syslog_priority as low
+ * as possible so filters applied later in _logsys_config_apply_per_file takes
+ * effect.
+ */
LOGSYS_DECLARE_SYSTEM ("corosync",
LOGSYS_MODE_OUTPUT_STDERR | LOGSYS_MODE_OUTPUT_SYSLOG,
LOG_DAEMON,
- LOG_INFO);
+ LOG_EMERG);
LOGSYS_DECLARE_SUBSYS ("MAIN");
--
2.6.6

0
0006-coroapi-Use-size_t-for-private_data_size.patch → 0001-coroapi-Use-size_t-for-private_data_size.patch
View File

47
0001-logconfig.c-make-logging.syslog_priority-and-logging.patch
View File

@ -1,47 +0,0 @@
From 5f47e2a8583995cdd80297d4493ce019b02edb14 Mon Sep 17 00:00:00 2001
From: Bin Liu <bliu@suse.com>
Date: Fri, 10 Mar 2017 15:22:13 +0800
Subject: [PATCH] logconfig.c: make logging.syslog_priority and
logging.logfile_priority to info
logfile_priority and syslog_priority could be modified by
logging.logger_subsys.{logfile_priority|syslog_priority}. which could
lead to the following output(which are at notice level):
corosync[21419]: [QUORUM] Using quorum provider corosync_votequorum
corosync[21419]: [QUORUM] Members[1]: 1084777643
corosync[21419]: [QUORUM] This node is within the primary component
and will provide service.
corosync[21419]: [QUORUM] Members[3]: 1084777563 1084777584 1084777643
even the syslog_priority is warning. This patch could avoid the
overwrite.
---
exec/logconfig.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/exec/logconfig.c b/exec/logconfig.c
index a4d348a..6d0bed6 100644
--- a/exec/logconfig.c
+++ b/exec/logconfig.c
@@ -401,7 +401,7 @@ static int corosync_main_config_set (
goto parse_error;
}
}
- else {
+ else if(strcmp(key_name, "logging.syslog_priority") == 0){
if (logsys_config_syslog_priority_set(subsys,
logsys_priority_id_get("info")) < 0) {
error_reason = "unable to set syslog level";
@@ -449,7 +449,7 @@ static int corosync_main_config_set (
goto parse_error;
}
}
- else {
+ else if(strcmp(key_name,"logging.logfile_priority") == 0){
if (logsys_config_logfile_priority_set(subsys,
logsys_priority_id_get("info")) < 0) {
error_reason = "unable to set syslog level";
--
2.6.6

72
0001-totemconfig.c-Fixed-Evicted-from-CPG-membership.patch
View File

@ -1,72 +0,0 @@
From 622a4a629346f3b52ecac140ab99fb3023dca8f9 Mon Sep 17 00:00:00 2001
From: Bin Liu <bliu@suse.com>
Date: Tue, 11 Apr 2017 16:57:55 +0800
Subject: [PATCH] totemconfig.c: Fixed Evicted from CPG membership
---
exec/main.c | 4 ++++
exec/totemconfig.c | 13 ++++++++++++-
exec/totemconfig.h | 1 +
3 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/exec/main.c b/exec/main.c
index 0ca5634a..f09b73cf 100644
--- a/exec/main.c
+++ b/exec/main.c
@@ -1261,6 +1261,10 @@ int main (int argc, char **argv, char **envp)
if (totem_config_warnings & TOTEM_CONFIG_WARNING_TOTEM_NODEID_IGNORED) {
log_printf (LOGSYS_LEVEL_WARNING, "nodeid appears both in totem section and nodelist. Nodelist one is used.");
}
+ if (totem_config_warnings & TOTEM_CONFIG_BINDNETADDR_NODELIST_SET) {
+ log_printf (LOGSYS_LEVEL_WARNING, "%s", "interface section bindnetaddr is used together with nodelist. "
+ "Nodelist one is going to be used.");
+ }
if (totem_config_warnings != 0) {
log_printf (LOGSYS_LEVEL_WARNING, "Please migrate config file to nodelist.");
diff --git a/exec/totemconfig.c b/exec/totemconfig.c
index f232ea8f..305a7fe4 100644
--- a/exec/totemconfig.c
+++ b/exec/totemconfig.c
@@ -975,7 +975,7 @@ extern int totem_config_read (
uint64_t *warnings)
{
int res = 0;
- char *str;
+ char *str, *ring0_addr_str;
unsigned int ringnumber = 0;
int member_count = 0;
icmap_iter_t iter, member_iter;
@@ -1048,6 +1048,17 @@ extern int totem_config_read (
*/
config_convert_nodelist_to_interface(totem_config);
} else {
+ if (icmap_get_string("nodelist.node.0.ring0_addr", &ring0_addr_str) == CS_OK) {
+ /*
+ * Both bindnetaddr and ring0_addr are set.
+ * Log warning information, and use nodelist instead
+ */
+ *warnings |= TOTEM_CONFIG_BINDNETADDR_NODELIST_SET;
+
+ config_convert_nodelist_to_interface(totem_config);
+
+ free(ring0_addr_str);
+ }
free(str);
}
diff --git a/exec/totemconfig.h b/exec/totemconfig.h
index 10607cc2..368ecabf 100644
--- a/exec/totemconfig.h
+++ b/exec/totemconfig.h
@@ -46,6 +46,7 @@
#define TOTEM_CONFIG_WARNING_MEMBERS_IGNORED (1<<1)
#define TOTEM_CONFIG_WARNING_MEMBERS_DEPRECATED (1<<2)
#define TOTEM_CONFIG_WARNING_TOTEM_NODEID_IGNORED (1<<3)
+#define TOTEM_CONFIG_BINDNETADDR_NODELIST_SET (1<<4)
extern int totem_config_read (
struct totem_config *totem_config,
--
2.12.0

0
0005-votequorum-Report-errors-from-votequorum_exec_send_r.patch → 0001-votequorum-Report-errors-from-votequorum_exec_send_r.patch
View File

46
0002-Main-call-mlock-after-fork.patch
View File

@ -1,46 +0,0 @@
From 3b89acd59f5113edb23ba41e2ce67f9c3b2880fb Mon Sep 17 00:00:00 2001
From: Bin Liu <bliu@suse.com>
Date: Tue, 9 May 2017 11:17:51 +0800
Subject: [PATCH] Main: call mlock after fork
Man page of mlockall is clear:
Memory locks are not inherited by a child created via fork(2) and are
automatically removed (unlocked) during an execve(2) or when the
process terminates.
So calling mlockall before corosync_tty_detach is noop when corosync is
executed as a daemon (corosync -f was not affected).
This regression is caused by ed7d054
(setprio for logsys/qblog was correct, mlockall was not).
Solution is to move corosync_mlockall call on correct place.
---
exec/main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/exec/main.c b/exec/main.c
index 7d2dcf7c..b3fce95b 100644
--- a/exec/main.c
+++ b/exec/main.c
@@ -1201,8 +1201,6 @@ int main (int argc, char **argv, char **envp)
corosync_setscheduler ();
}
- corosync_mlockall ();
-
/*
* Other signals are registered later via qb_loop_signal_add
*/
@@ -1329,6 +1327,8 @@ int main (int argc, char **argv, char **envp)
corosync_tty_detach ();
}
+ corosync_mlockall();
+
corosync_poll_handle = qb_loop_create ();
memset(&scheduler_pause_timeout_data, 0, sizeof(scheduler_pause_timeout_data));
--
2.12.0

0
0010-fix-ifdown-udp.patch → 0002-fix-ifdown-udp.patch
View File

0
0011-fix-tmpfiles-create.patch → 0003-fix-tmpfiles-create.patch
View File

173
0003-totemrrp-Fix-situation-when-all-rings-are-faulty.patch
View File

@ -1,173 +0,0 @@
From eaa92765f1226f16ddb58f1baf3494b817726cb4 Mon Sep 17 00:00:00 2001
From: Bin Liu <bliu@suse.com>
Date: Tue, 16 May 2017 10:49:23 +0800
Subject: [PATCH] totemrrp: Fix situation when all rings are faulty
Previously when all rings were marked as failed no message was sent via
any interface. This is problem because totemsrp relies on messages
delivered via localhost multicast loop socket so it never moved to
single node mode and it got stuck.
Solution is to send message via one of the interfaces (first one seems
to be obvious choice) if it was not sent via any interface.
Strictly speaking it should be enough to change just *_mcast_flush_send
functions, but changing others is just for sure.
---
exec/totemrrp.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++--------
1 file changed, 62 insertions(+), 9 deletions(-)
diff --git a/exec/totemrrp.c b/exec/totemrrp.c
index 0d9a58d5..15ba7766 100644
--- a/exec/totemrrp.c
+++ b/exec/totemrrp.c
@@ -1002,7 +1002,7 @@ static void passive_monitor (
}
/*
- * Max is larger then threshold -> start adjusting process
+ * Max is larger than threshold -> start adjusting process
*/
if (max > PASSIVE_RECV_COUNT_THRESHOLD) {
min_all = min_active = recv_count[iface_no];
@@ -1117,9 +1117,15 @@ static void passive_mcast_flush_send (
i++;
} while ((i <= instance->interface_count) && (passive_instance->faulty[passive_instance->msg_xmit_iface] == 1));
- if (i <= instance->interface_count) {
- totemnet_mcast_flush_send (instance->net_handles[passive_instance->msg_xmit_iface], msg, msg_len);
+ if (i > instance->interface_count) {
+ /*
+ * All interfaces are faulty. It's still needed to send mcast
+ * message to local host so use first interface.
+ */
+ passive_instance->msg_xmit_iface = 0;
}
+
+ totemnet_mcast_flush_send (instance->net_handles[passive_instance->msg_xmit_iface], msg, msg_len);
}
static void passive_mcast_noflush_send (
@@ -1135,9 +1141,15 @@ static void passive_mcast_noflush_send (
i++;
} while ((i <= instance->interface_count) && (passive_instance->faulty[passive_instance->msg_xmit_iface] == 1));
- if (i <= instance->interface_count) {
- totemnet_mcast_noflush_send (instance->net_handles[passive_instance->msg_xmit_iface], msg, msg_len);
+ if (i > instance->interface_count) {
+ /*
+ * All interfaces are faulty. It's still needed to send mcast
+ * message to local host so use first interface.
+ */
+ passive_instance->msg_xmit_iface = 0;
}
+
+ totemnet_mcast_noflush_send (instance->net_handles[passive_instance->msg_xmit_iface], msg, msg_len);
}
static void passive_token_recv (
@@ -1179,12 +1191,17 @@ static void passive_token_send (
i++;
} while ((i <= instance->interface_count) && (passive_instance->faulty[passive_instance->token_xmit_iface] == 1));
- if (i <= instance->interface_count) {
- totemnet_token_send (
- instance->net_handles[passive_instance->token_xmit_iface],
- msg, msg_len);
+ if (i > instance->interface_count) {
+ /*
+ * All interfaces are faulty. It's still needed to send token
+ * message to (potentionally) local host so use first interface.
+ */
+ passive_instance->msg_xmit_iface = 0;
}
+ totemnet_token_send (
+ instance->net_handles[passive_instance->token_xmit_iface],
+ msg, msg_len);
}
static void passive_recv_flush (struct totemrrp_instance *instance)
@@ -1568,13 +1585,24 @@ static void active_mcast_flush_send (
unsigned int msg_len)
{
int i;
+ int msg_sent;
struct active_instance *rrp_algo_instance = (struct active_instance *)instance->rrp_algo_instance;
+ msg_sent = 0;
+
for (i = 0; i < instance->interface_count; i++) {
if (rrp_algo_instance->faulty[i] == 0) {
+ msg_sent = 1;
totemnet_mcast_flush_send (instance->net_handles[i], msg, msg_len);
}
}
+ if (!msg_sent) {
+ /*
+ * All interfaces are faulty. It's still needed to send mcast
+ * message to local host so use first interface.
+ */
+ totemnet_mcast_flush_send (instance->net_handles[0], msg, msg_len);
+ }
}
static void active_mcast_noflush_send (
@@ -1583,13 +1611,24 @@ static void active_mcast_noflush_send (
unsigned int msg_len)
{
int i;
+ int msg_sent;
struct active_instance *rrp_algo_instance = (struct active_instance *)instance->rrp_algo_instance;
+ msg_sent = 0;
for (i = 0; i < instance->interface_count; i++) {
if (rrp_algo_instance->faulty[i] == 0) {
+ msg_sent = 1;
totemnet_mcast_noflush_send (instance->net_handles[i], msg, msg_len);
}
}
+
+ if (!msg_sent) {
+ /*
+ * All interfaces are faulty. It's still needed to send mcast
+ * message to local host so use first interface.
+ */
+ totemnet_mcast_noflush_send (instance->net_handles[0], msg, msg_len);
+ }
}
static void active_token_recv (
@@ -1645,15 +1684,29 @@ static void active_token_send (
{
struct active_instance *rrp_algo_instance = (struct active_instance *)instance->rrp_algo_instance;
int i;
+ int msg_sent;
+
+ msg_sent = 0;
for (i = 0; i < instance->interface_count; i++) {
if (rrp_algo_instance->faulty[i] == 0) {
+ msg_sent = 1;
totemnet_token_send (
instance->net_handles[i],
msg, msg_len);
}
}
+
+ if (!msg_sent) {
+ /*
+ * All interfaces are faulty. It's still needed to send token
+ * message to (potentionally) local host so use first interface.
+ */
+ totemnet_token_send (
+ instance->net_handles[0],
+ msg, msg_len);
+ }
}
static void active_recv_flush (struct totemrrp_instance *instance)
--
2.12.0

45
0004-main-Display-reason-why-cluster-cannot-be-formed.patch
View File

@ -1,45 +0,0 @@
From 9f5fde414d114e02e686f59f40e5080fedc70224 Mon Sep 17 00:00:00 2001
From: Bin Liu <bliu@suse.com>
Date: Wed, 7 Jun 2017 13:29:14 +0800
Subject: [PATCH] main: Display reason why cluster cannot be formed
---
exec/main.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/exec/main.c b/exec/main.c
index 7d2dcf7c..da9e1ecd 100644
--- a/exec/main.c
+++ b/exec/main.c
@@ -497,6 +497,7 @@ static void corosync_totem_stats_updater (void *data)
uint32_t total_token_holdtime;
int t, prev, i;
int32_t token_count;
+ const char *cstr;
char key_name[ICMAP_KEYNAME_MAXLEN];
stats = api->totem_get_stats();
@@ -535,11 +536,18 @@ static void corosync_totem_stats_updater (void *data)
if (stats->mrp->srp->continuous_gather > MAX_NO_CONT_GATHER ||
stats->mrp->srp->continuous_sendmsg_failures > MAX_NO_CONT_SENDMSG_FAILURES) {
+ cstr = "";
+ if (stats->mrp->srp->continuous_sendmsg_failures > MAX_NO_CONT_SENDMSG_FAILURES) {
+ cstr = "number of multicast sendmsg failures is above threshold";
+ }
+ if (stats->mrp->srp->continuous_gather > MAX_NO_CONT_GATHER) {
+ cstr = "totem is continuously in gather state";
+ }
log_printf (LOGSYS_LEVEL_WARNING,
"Totem is unable to form a cluster because of an "
- "operating system or network fault. The most common "
+ "operating system or network fault(reason: %s). The most common "
"cause of this message is that the local firewall is "
- "configured improperly.");
+ "configured improperly.", cstr);
icmap_set_uint8("runtime.totem.pg.mrp.srp.firewall_enabled_or_nic_failure", 1);
} else {
icmap_set_uint8("runtime.totem.pg.mrp.srp.firewall_enabled_or_nic_failure", 0);
--
2.12.0

0
0012-mark-corosync-as-a-static-service.patch → 0004-mark-corosync-as-a-static-service.patch
View File

235
0007-Make-corosync-work-when-FIPS-mode-is-enabled.patch
View File

@ -1,235 +0,0 @@
--- corosync-2.4.2.orig/exec/totemcrypto.c 2016-11-08 00:39:12.000000000 +0800
+++ corosync-2.4.2/exec/totemcrypto.c 2017-07-12 11:09:43.693227825 +0800
@@ -206,6 +206,13 @@
(const char *)format, ##args); \
} while (0);
+enum sym_key_type {
+ SYM_KEY_TYPE_CRYPT,
+ SYM_KEY_TYPE_HASH
+};
+
+#define MAX_WRAPPED_KEY_LEN 128
+
/*
* crypt/decrypt functions
*/
@@ -226,38 +233,147 @@
return CRYPTO_CIPHER_TYPE_AES256;
}
-static int init_nss_crypto(struct crypto_instance *instance)
+static PK11SymKey *import_symmetric_key(struct crypto_instance *instance, enum sym_key_type key_type)
{
- PK11SlotInfo* crypt_slot = NULL;
- SECItem crypt_param;
+ SECItem key_item;
+ PK11SlotInfo *slot;
+ PK11SymKey *res_key;
+ CK_MECHANISM_TYPE cipher;
+ CK_ATTRIBUTE_TYPE operation;
+ CK_MECHANISM_TYPE wrap_mechanism;
+ int wrap_key_len;
+ PK11SymKey *wrap_key;
+ PK11Context *wrap_key_crypt_context;
+ SECItem tmp_sec_item;
+ SECItem wrapped_key;
+ int wrapped_key_len;
+ unsigned char wrapped_key_data[MAX_WRAPPED_KEY_LEN];
+
+ memset(&key_item, 0, sizeof(key_item));
+ slot = NULL;
+ wrap_key = NULL;
+ res_key = NULL;
+ wrap_key_crypt_context = NULL;
+
+ key_item.type = siBuffer;
+ key_item.data = instance->private_key;
+
+ switch (key_type) {
+ case SYM_KEY_TYPE_CRYPT:
+ key_item.len = cipher_key_len[instance->crypto_cipher_type];
+ cipher = cipher_to_nss[instance->crypto_cipher_type];
+ operation = CKA_ENCRYPT|CKA_DECRYPT;
+ break;
+ case SYM_KEY_TYPE_HASH:
+ key_item.len = instance->private_key_len;
+ cipher = hash_to_nss[instance->crypto_hash_type];
+ operation = CKA_SIGN;
+ break;
+ }
+
+ slot = PK11_GetBestSlot(cipher, NULL);
+ if (slot == NULL) {
+ log_printf(instance->log_level_security, "Unable to find security slot (%d): %s",
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
+ goto exit_res_key;
+ }
- if (!cipher_to_nss[instance->crypto_cipher_type]) {
- return 0;
+ /*
+ * Without FIPS it would be possible to just use
+ * res_key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, operation, &key_item, NULL);
+ * with FIPS NSS Level 2 certification has to be "workarounded" (so it becomes Level 1) by using
+ * following method:
+ * 1. Generate wrap key
+ * 2. Encrypt authkey with wrap key
+ * 3. Unwrap encrypted authkey using wrap key
+ */
+
+ /*
+ * Generate wrapping key
+ */
+ wrap_mechanism = PK11_GetBestWrapMechanism(slot);
+ wrap_key_len = PK11_GetBestKeyLength(slot, wrap_mechanism);
+ wrap_key = PK11_KeyGen(slot, wrap_mechanism, NULL, wrap_key_len, NULL);
+ if (wrap_key == NULL) {
+ log_printf(instance->log_level_security, "Unable to generate wrapping key (%d): %s",
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
+ goto exit_res_key;
}
- crypt_param.type = siBuffer;
- crypt_param.data = instance->private_key;
- crypt_param.len = cipher_key_len[instance->crypto_cipher_type];
+ /*
+ * Encrypt authkey with wrapping key
+ */
- crypt_slot = PK11_GetBestSlot(cipher_to_nss[instance->crypto_cipher_type], NULL);
- if (crypt_slot == NULL) {
- log_printf(instance->log_level_security, "Unable to find security slot (err %d)",
- PR_GetError());
- return -1;
+ /*
+ * Initialization of IV is not needed because PK11_GetBestWrapMechanism should return ECB mode
+ */
+ memset(&tmp_sec_item, 0, sizeof(tmp_sec_item));
+ wrap_key_crypt_context = PK11_CreateContextBySymKey(wrap_mechanism, CKA_ENCRYPT,
+ wrap_key, &tmp_sec_item);
+ if (wrap_key_crypt_context == NULL) {
+ log_printf(instance->log_level_security, "Unable to create encrypt context (%d): %s",
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
+ goto exit_res_key;
+ }
+
+ wrapped_key_len = (int)sizeof(wrapped_key_data);
+
+ if (PK11_CipherOp(wrap_key_crypt_context, wrapped_key_data, &wrapped_key_len,
+ sizeof(wrapped_key_data), key_item.data, key_item.len) != SECSuccess) {
+ log_printf(instance->log_level_security, "Unable to encrypt authkey (%d): %s",
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
+ goto exit_res_key;
+ }
+
+ if (PK11_Finalize(wrap_key_crypt_context) != SECSuccess) {
+ log_printf(instance->log_level_security, "Unable to finalize encryption of authkey (%d): %s",
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
+ goto exit_res_key;
}
- instance->nss_sym_key = PK11_ImportSymKey(crypt_slot,
- cipher_to_nss[instance->crypto_cipher_type],
- PK11_OriginUnwrap, CKA_ENCRYPT|CKA_DECRYPT,
- &crypt_param, NULL);
+ /*
+ * Finally unwrap sym key
+ */
+ memset(&tmp_sec_item, 0, sizeof(tmp_sec_item));
+ wrapped_key.data = wrapped_key_data;
+ wrapped_key.len = wrapped_key_len;
+
+ res_key = PK11_UnwrapSymKey(wrap_key, wrap_mechanism, &tmp_sec_item, &wrapped_key,
+ cipher, operation, key_item.len);
+ if (res_key == NULL) {
+ log_printf(instance->log_level_security, "Failure to import key into NSS (%d): %s",
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
+ goto exit_res_key;
+ }
+
+exit_res_key:
+ if (wrap_key_crypt_context != NULL) {
+ PK11_DestroyContext(wrap_key_crypt_context, PR_TRUE);
+ }
+
+ if (wrap_key != NULL) {
+ PK11_FreeSymKey(wrap_key);
+ }
+
+ if (slot != NULL) {
+ PK11_FreeSlot(slot);
+ }
+
+ return (res_key);
+}
+
+static int init_nss_crypto(struct crypto_instance *instance)
+{
+
+ if (!cipher_to_nss[instance->crypto_cipher_type]) {
+ return 0;
+ }
+
+ instance->nss_sym_key = import_symmetric_key(instance, SYM_KEY_TYPE_CRYPT);
if (instance->nss_sym_key == NULL) {
- log_printf(instance->log_level_security, "Failure to import key into NSS (err %d)",
- PR_GetError());
return -1;
}
- PK11_FreeSlot(crypt_slot);
-
return 0;
}
@@ -312,9 +428,9 @@
nss_sec_param);
if (!crypt_context) {
log_printf(instance->log_level_security,
- "PK11_CreateContext failed (encrypt) crypt_type=%d (err %d)",
+ "PK11_CreateContext failed (encrypt) crypt_type=%d (%d): %s",
(int)cipher_to_nss[instance->crypto_cipher_type],
- PR_GetError());
+ PR_GetError(), PR_ErrorToString(PR_GetError(), PR_LANGUAGE_I_DEFAULT));
goto out;
}
@@ -447,36 +563,16 @@
static int init_nss_hash(struct crypto_instance *instance)
{
- PK11SlotInfo* hash_slot = NULL;
- SECItem hash_param;
if (!hash_to_nss[instance->crypto_hash_type]) {
return 0;
}
- hash_param.type = siBuffer;
- hash_param.data = instance->private_key;
- hash_param.len = instance->private_key_len;
-
- hash_slot = PK11_GetBestSlot(hash_to_nss[instance->crypto_hash_type], NULL);
- if (hash_slot == NULL) {
- log_printf(instance->log_level_security, "Unable to find security slot (err %d)",
- PR_GetError());
- return -1;
- }
-
- instance->nss_sym_key_sign = PK11_ImportSymKey(hash_slot,
- hash_to_nss[instance->crypto_hash_type],
- PK11_OriginUnwrap, CKA_SIGN,
- &hash_param, NULL);
+ instance->nss_sym_key_sign = import_symmetric_key(instance, SYM_KEY_TYPE_HASH);
if (instance->nss_sym_key_sign == NULL) {
- log_printf(instance->log_level_security, "Failure to import key into NSS (err %d)",
- PR_GetError());
return -1;
}
- PK11_FreeSlot(hash_slot);
-
return 0;
}

196
0008-main.c-add-option-to-set-priority.patch
View File

@ -1,196 +0,0 @@
--- corosync-2.4.2.orig/exec/main.c 2017-07-11 16:45:28.979262348 +0800
+++ corosync-2.4.2/exec/main.c 2017-07-11 16:44:05.195259862 +0800
@@ -889,8 +889,10 @@
}
-static void corosync_setscheduler (void)
+static int corosync_set_rr_scheduler (void)
{
+ int ret_val = 0;
+
#if defined(HAVE_PTHREAD_SETSCHEDPARAM) && defined(HAVE_SCHED_GET_PRIORITY_MAX) && defined(HAVE_SCHED_SETSCHEDULER)
int res;
@@ -907,6 +909,7 @@
#ifdef HAVE_QB_LOG_THREAD_PRIORITY_SET
qb_log_thread_priority_set (SCHED_OTHER, 0);
#endif
+ ret_val = -1;
} else {
/*
@@ -928,11 +931,15 @@
LOGSYS_PERROR (errno, LOGSYS_LEVEL_WARNING,
"Could not get maximum scheduler priority");
sched_priority = 0;
+ ret_val = -1;
}
#else
log_printf(LOGSYS_LEVEL_WARNING,
"The Platform is missing process priority setting features. Leaving at default.");
+ ret_val = -1;
#endif
+
+ return (ret_val);
}
@@ -1159,29 +1166,46 @@
const char *error_string;
struct totem_config totem_config;
int res, ch;
- int background, setprio, testonly;
+ int background, sched_rr, prio, testonly;
struct stat stat_out;
enum e_corosync_done flock_err;
uint64_t totem_config_warnings;
struct scheduler_pause_timeout_data scheduler_pause_timeout_data;
+ long int tmpli;
+ char *ep;
/* default configuration
*/
background = 1;
- setprio = 1;
+ sched_rr = 1;
+ prio = 0;
testonly = 0;
- while ((ch = getopt (argc, argv, "fprtv")) != EOF) {
+ while ((ch = getopt (argc, argv, "fP:prtv")) != EOF) {
switch (ch) {
case 'f':
background = 0;
break;
case 'p':
- setprio = 0;
+ sched_rr = 0;
+ break;
+ case 'P':
+ if (strcmp(optarg, "max") == 0) {
+ prio = INT_MIN;
+ } else if (strcmp(optarg, "min") == 0) {
+ prio = INT_MAX;
+ } else {
+ tmpli = strtol(optarg, &ep, 10);
+ if (errno != 0 || *ep != '\0' || tmpli > INT_MAX || tmpli < INT_MIN) {
+ fprintf(stderr, "Priority value %s is invalid", optarg);
+ logsys_system_fini();
+ return EXIT_FAILURE;
+ }
+ }
break;
case 'r':
- setprio = 1;
+ sched_rr = 1;
break;
case 't':
testonly = 1;
@@ -1197,9 +1221,10 @@
fprintf(stderr, \
"usage:\n"\
" -f : Start application in foreground.\n"\
- " -p : Do not set process priority.\n"\
+ " -p : Do not set realtime scheduling.\n"\
" -t : Test configuration and exit.\n"\
" -r : Set round robin realtime scheduling (default).\n"\
+ " -P num : Set priority of process (no effect when -r is used)\n"\
" -v : Display version and SVN revision of Corosync and exit.\n");
logsys_system_fini();
return EXIT_FAILURE;
@@ -1207,15 +1232,6 @@
}
/*
- * Set round robin realtime scheduling with priority 99
- * Lock all memory to avoid page faults which may interrupt
- * application healthchecking
- */
- if (setprio) {
- corosync_setscheduler ();
- }
-
- /*
* Other signals are registered later via qb_loop_signal_add
*/
(void)signal (SIGSEGV, sigsegv_handler);
@@ -1319,6 +1335,24 @@
corosync_exit_error (COROSYNC_DONE_EXIT);
}
+ /*
+ * Set round robin realtime scheduling with priority 99
+ */
+ if (sched_rr) {
+ if (corosync_set_rr_scheduler () != 0) {
+ prio = INT_MIN;
+ } else {
+ prio = 0;
+ }
+ }
+
+ if (prio != 0) {
+ if (setpriority(PRIO_PGRP, 0, prio) != 0) {
+ LOGSYS_PERROR(errno, LOGSYS_LEVEL_WARNING,
+ "Could not set priority %d", prio);
+ }
+ }
+
ip_version = totem_config.ip_version;
totem_config.totem_memb_ring_id_create_or_load = corosync_ring_id_create_or_load;
@@ -1345,6 +1379,11 @@
corosync_tty_detach ();
}
+ /*
+ * Lock all memory to avoid page faults which may interrupt
+ * application healthchecking
+ */
+
corosync_mlockall();
corosync_poll_handle = qb_loop_create ();
--- corosync-2.4.2.orig/man/corosync.8 2016-11-08 00:39:12.000000000 +0800
+++ corosync-2.4.2/man/corosync.8 2017-07-11 16:48:06.555267022 +0800
@@ -31,11 +31,11 @@
.\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
.\" * THE POSSIBILITY OF SUCH DAMAGE.
.\" */
-.TH COROSYNC 8 2010-05-30
+.TH COROSYNC 8 2017-07-07
.SH NAME
corosync \- The Corosync Cluster Engine.
.SH SYNOPSIS
-.B "corosync [\-f] [\-p] [\-r] [\-v]"
+.B "corosync [\-f] [-P num] [\-p] [\-r] [\-v]"
.SH DESCRIPTION
.B corosync
Corosync provides clustering infracture such as membership, messaging and quorum.
@@ -45,10 +45,22 @@
Start application in foreground.
.TP
.B -p
-Do not set process priority.
+Do not set realtime scheduling.
.TP
+.B -P
+Set priority of process. Has effect only when
.B -r
-Set round robin realtime scheduling (default).
+is not used. Can be ether numeric value with similar meaning as
+.BR nice (1)
+or
+.B max
+/
+.B min
+meaning maximal / minimal priority (so minimal / maximal nice value).
+.TP
+.B -r
+Set round robin realtime scheduling with maximal priority (default). When setting
+of scheduler fails, fallback to set maximal priority.
.TP
.B -t
Test configuration and then exit.

68
0009-totem-Propagate-totem-initialization-failure.patch
View File

@ -1,68 +0,0 @@
--- corosync-2.4.2.orig/exec/main.c 2017-07-11 17:23:41.903330368 +0800
+++ corosync-2.4.2/exec/main.c 2017-07-11 17:31:08.687343622 +0800
@@ -1424,9 +1424,13 @@
* Join multicast group and setup delivery
* and configuration change functions
*/
- totempg_initialize (
+ if(totempg_initialize (
corosync_poll_handle,
- &totem_config);
+ &totem_config) != 0) {
+
+ log_printf (LOGSYS_LEVEL_ERROR, "Can't initialize TOTEM layer");
+ corosync_exit_error (COROSYNC_DONE_FATAL_ERR);
+ }
totempg_service_ready_register (
main_service_ready);
--- corosync-2.4.2.orig/exec/totempg.c 2016-11-08 00:39:12.000000000 +0800
+++ corosync-2.4.2/exec/totempg.c 2017-07-11 17:27:47.615337658 +0800
@@ -814,6 +814,10 @@
totempg_confchg_fn,
totempg_waiting_trans_ack_cb);
+ if (res == -1) {
+ goto error_exit;
+ }
+
totemmrp_callback_token_create (
&callback_token_received_handle,
TOTEM_CALLBACK_TOKEN_RECEIVED,
@@ -827,6 +831,7 @@
list_init (&totempg_groups_list);
+error_exit:
return (res);
}
--- corosync-2.4.2.orig/exec/totemsrp.c 2016-11-08 00:39:12.000000000 +0800
+++ corosync-2.4.2/exec/totemsrp.c 2017-07-11 17:30:30.887342501 +0800
@@ -851,6 +851,7 @@
int waiting_trans_ack))
{
struct totemsrp_instance *instance;
+ int res;
instance = malloc (sizeof (struct totemsrp_instance));
if (instance == NULL) {
@@ -993,7 +994,7 @@
}
}
- totemrrp_initialize (
+ res = totemrrp_initialize (
poll_handle,
&instance->totemrrp_context,
totem_config,
@@ -1004,6 +1005,9 @@
main_token_seqid_get,
main_msgs_missing,
target_set_completed);
+ if (res == -1) {
+ goto error_exit;
+ }
/*
* Must have net_mtu adjusted by totemrrp_initialize first

4
bnc#872651-stop-cluster.patch
View File

@ -1,5 +1,5 @@
--- corosync-2.3.5.orig/init/corosync.service.in 2015-07-21 11:09:11.911660803 +0800
+++ corosync-2.3.5/init/corosync.service.in 2015-07-21 13:25:08.239783189 +0800
--- corosync-2.4.3.orig/init/corosync.service.in 2015-07-21 11:09:11.911660803 +0800
+++ corosync-2.4.3/init/corosync.service.in 2015-07-21 13:25:08.239783189 +0800
@@ -3,6 +3,7 @@
ConditionKernelCommandLine=!nocluster
Requires=network-online.target

4
bsc#1047860-add-version.patch
View File

@ -1,4 +0,0 @@
--- /dev/null 2015-07-20 08:30:37.121221591 +0800
+++ corosync-2.4.1/.tarball-version 2016-10-17 09:24:34.907779088 +0800
@@ -0,0 +1 @@
+2.4.2

3
corosync-2.4.2.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0dd0ee718253c18c5090e0304eec72a7be8b18b6fe5e03de59ce095fa08c8b63
size 547204

3
corosync-2.4.3.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b1e7e422e8d2f7af8e5315fa329b1dbd1175fff32efaa55e8054584c80a2c597
size 1195419

10
corosync-init-lockfile-path-error.patch
View File

@ -1,8 +1,6 @@
Index: corosync-2.3.1/init/corosync.in
===================================================================
--- corosync-2.3.1.orig/init/corosync.in
+++ corosync-2.3.1/init/corosync.in
@@ -29,6 +29,7 @@ PATH="/sbin:/bin:/usr/sbin:/usr/bin:@SBI
--- corosync-2.4.3.orig/init/corosync.in 2017-09-21 23:14:59.000000000 +0800
+++ corosync-2.4.3/init/corosync.in 2017-10-23 12:09:54.209149758 +0800
@@ -29,6 +29,7 @@
success()
{
echo -ne "[ OK ]\r"
@ -10,7 +8,7 @@ Index: corosync-2.3.1/init/corosync.in
}
failure()
@@ -106,6 +107,7 @@ start()
@@ -109,6 +110,7 @@
# they also assume that init scripts will create
# required subdirectories for proper operations
mkdir -p @LOCALSTATEDIR@/run

79
corosync.changes
View File

@ -1,3 +1,82 @@
-------------------------------------------------------------------
Mon Oct 23 03:12:42 UTC 2017 - bliu@suse.com
- Upgrade corosync-2.4.2 to corosync-2.4.3(fate#321385)
doc: document watchdog_device parameter
Main: Call mlockall after fork
Totempg: remove duplicate memcpy in mcast_msg func
Qdevice: fix spell errors in qdevice
logconfig: Do not overwrite logger_subsys priority
totemconfig: Prefer nodelist over bindnetaddr
cpghum: Fix printf of size_t variable
Qnetd lms: Use UTILS_PRI_RING_ID printf format str
wd: Report error when close of wd fails
votequorum: Don't update expected_votes display if value is too high
votequorum: simplify reconfigure message handling
quorumtool: Add option to show all node addresses
main: Don't ask libqb to handle segv, it doesn't work
man: Document -a option to corosync-quorumtool
main: use syslog & printf directly for early log messages
votequorum: make atb consistent on nodelist reload
Fix typo: Destorying -> Destroying
init: Add doc URIs to the systemd service files
wd: fix typo
corosync.conf.5: Fix watchdog documentation
corosync.conf.5: add warning about slow watchdogs
wd: remove extra capitalization typo
corosync.conf.5: watchdog support is conditional
notifyd: Add the community name to an SNMP trap
Logsys: Change logsys syslog_priority priority
totemrrp: Fix situation when all rings are faulty
main: Display reason why cluster cannot be formed
totem: Propagate totem initialization failure
totemcrypto: Refactor symmetric key importing
totemcrypto: Use different method to import key
main: Add option to set priority
main: Add support for libcgroup
totemcrypto: Fix compiler warning
cmap: Remove noop highest config version check
qdevice: Add support for heuristics
Spec: drop unneeded dependency
Spec: make internal dependencies arch-qualified
cmap: don't shutdown highest config_version node
totemudp: Remove memb_join discarding
Spec: fix arch-qualified dependencies
Include fcntl.h for F_* and O_* defines
totemudp: Retry if bind fails
Remove deprecated doxygen flags
man: Fix typos in man page
man: Modify man-page according to command usage
Remove redundant header file inclusion
upstart: Add softdog module loading example
Added:
corosync-2.4.3.tar.gz
Removed:
corosync-2.4.2.tar.gz
bsc#1047860-add-version.patch
0001-Logsys-Change-logsys-syslog_priority-priority.patch
0001-logconfig.c-make-logging.syslog_priority-and-logging.patch
0001-totemconfig.c-Fixed-Evicted-from-CPG-membership.patch
0002-Main-call-mlock-after-fork.patch
0003-totemrrp-Fix-situation-when-all-rings-are-faulty.patch
0004-main-Display-reason-why-cluster-cannot-be-formed.patch
0005-votequorum-Report-errors-from-votequorum_exec_send_r.patch
0007-Make-corosync-work-when-FIPS-mode-is-enabled.patch
0008-main.c-add-option-to-set-priority.patch
0009-totem-Propagate-totem-initialization-failure.patch
Modified:
bsc#1047860-add-version.patch: change version to 2.4.3
corosync.changes: add changelogs
corosync.spec: remove unnecessary patches
Renamed:
0006-coroapi-Use-size_t-for-private_data_size.patch -> 0001-coroapi-Use-size_t-for-private_data_size.patch
0010-fix-ifdown-udp.patch -> 0002-fix-ifdown-udp.patch
0011-fix-tmpfiles-create.patch -> 0003-fix-tmpfiles-create.patch
0012-mark-corosync-as-a-static-service.patch -> 0004-mark-corosync-as-a-static-service.patch
-------------------------------------------------------------------
Thu Sep 28 06:15:35 UTC 2017 - bliu@suse.com

44
corosync.spec
View File

@ -45,33 +45,22 @@ Name: corosync
Summary: The Corosync Cluster Engine and Application Programming Interfaces
License: BSD-3-Clause
Group: Productivity/Clustering/HA
Version: 2.4.2
Version: 2.4.3
Release: 0
Url: http://corosync.github.io/corosync/
Source0: %{name}-%{version}.tar.gz
Source2: baselibs.conf
Patch1: corosync-init-lockfile-path-error.patch
Patch2: bsc#1047860-add-version.patch
Patch3: bnc#872651-stop-cluster.patch
Patch4: bnc#882449-corosync-conf-example.patch
Patch5: corosync-2.3.4-fix-bashisms.patch
Patch6: bsc#1001164-corosync.conf-example.patch
Patch7: corosync-start-stop-level.patch
Patch8: disable-build-html-docs.patch
Patch9: 0001-Logsys-Change-logsys-syslog_priority-priority.patch
Patch10: 0001-logconfig.c-make-logging.syslog_priority-and-logging.patch
Patch11: 0001-totemconfig.c-Fixed-Evicted-from-CPG-membership.patch
Patch12: 0002-Main-call-mlock-after-fork.patch
Patch13: 0003-totemrrp-Fix-situation-when-all-rings-are-faulty.patch
Patch14: 0004-main-Display-reason-why-cluster-cannot-be-formed.patch
Patch15: 0005-votequorum-Report-errors-from-votequorum_exec_send_r.patch
Patch16: 0006-coroapi-Use-size_t-for-private_data_size.patch
Patch17: 0007-Make-corosync-work-when-FIPS-mode-is-enabled.patch
Patch18: 0008-main.c-add-option-to-set-priority.patch
Patch19: 0009-totem-Propagate-totem-initialization-failure.patch
Patch20: 0010-fix-ifdown-udp.patch
Patch21: 0011-fix-tmpfiles-create.patch
Patch22: 0012-mark-corosync-as-a-static-service.patch
Patch2: bnc#872651-stop-cluster.patch
Patch3: bnc#882449-corosync-conf-example.patch
Patch4: corosync-2.3.4-fix-bashisms.patch
Patch5: bsc#1001164-corosync.conf-example.patch
Patch6: corosync-start-stop-level.patch
Patch7: disable-build-html-docs.patch
Patch8: 0001-coroapi-Use-size_t-for-private_data_size.patch
Patch9: 0002-fix-ifdown-udp.patch
Patch10: 0003-fix-tmpfiles-create.patch
Patch11: 0004-mark-corosync-as-a-static-service.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# openais is indeed gone and should be uninstalled. Yes, we do not
@ -148,17 +137,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%build
%if %{with runautogen}