pool/drbd-utils
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

merge into: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
...
pull from: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2

1 Commits
factory ... slfo-1.2

Author SHA256 Message Date
Heming Zhao
d032ae3a71 sync OBS request 1318531, 1318206, 1300285 and 1299830 from network:ha-clustering:Factory 
https://build.opensuse.org/requests/1318531
- [SELinux] nfs_drbd: "fence-peer helper broken, returned 0" and nfs WRITE hang when power off the secondary node (bsc#1252991)
  * Update and rename patch
    - bsc-1233273_drbd.ocf-update-for-OCF-1.1.patch
    + bsc-1233273-1252991_drbd.ocf-update-for-OCF-1.1.patch

https://build.opensuse.org/request/show/1318206
- Allow domtrans from kernel_t to drbd_t (bsc#1252991)
  * add patch
    - 1252991-selinux-domtrans-from-kernel.patch

https://build.opensuse.org/request/show/1300285
- drbd_passive didn't start due to drbd.rules returning error (bsc#1247534)
  * update patch
    - bsc-1247534_drbd-didnt-start-due-to-drbd_rules-returning-err.patch

https://build.opensuse.org/request/show/1299830
- drbd_passive didn't start due to drbd.rules returning error (bsc#1247534)
  * remove patch
    - bsc-1239437_drbd.rules-fix-missing-udev-device.patch
  * add patch
    - bsc-1247534_drbd-didnt-start-due-to-drbd_rules-returning-err.patch

[sync OBS request 1318531]
Signed-off-by: Su Yue <glass.su@suse.com>
Signed-off-by: Heming Zhao <heming.zhao@suse.com>
 2025-11-19 12:06:50 +08:00
6 changed files with 146 additions and 50 deletions
Expand all files Collapse all files

46
1252991-selinux-domtrans-from-kernel.patch Normal file
View File

@@ -0,0 +1,46 @@
From c2a3e3ea3de7eb7b9e0a8cf78cdb3bb7f56d52f3 Mon Sep 17 00:00:00 2001
From: Cathy Hu <cahu@suse.de>
Date: Fri, 14 Nov 2025 11:38:23 +0100
Subject: [PATCH] selinux: Allow domtrans from kernel_t to drbd_t
/usr/lib/drbd/crm-fence-peer.9.sh is labelled drbd_exec_t, however
the domain lands in kernel_generic_helper_t as it is not allowed
to transition from kernel_t to drbd_t.
Additionally, when the domtrans succeeds, crm-fence-peer.9.sh
will create entries in /proc with drbd_t label, so allowing that.
---
selinux/drbd.te | 3 +++
1 file changed, 3 insertions(+)
diff --git a/selinux/drbd.te b/selinux/drbd.te
index 8aa2c573..5b2e9861 100644
--- a/selinux/drbd.te
+++ b/selinux/drbd.te
@@ -50,6 +50,7 @@ require {
#============= drbd_t ==============
allow drbd_t self:capability { dac_read_search kill net_admin sys_admin };
dontaudit drbd_t self:capability sys_tty_config;
+allow drbd_t self:dir rw_dir_perms;
allow drbd_t self:fifo_file rw_fifo_file_perms;
allow drbd_t self:unix_stream_socket create_stream_socket_perms;
allow drbd_t self:netlink_socket create_socket_perms;
@@ -72,6 +73,7 @@ manage_dirs_pattern(drbd_t, drbd_tmp_t, drbd_tmp_t)
manage_files_pattern(drbd_t, drbd_tmp_t, drbd_tmp_t)
files_tmp_filetrans(drbd_t, drbd_tmp_t, {file dir})
+kernel_domtrans_to(drbd_t, drbd_exec_t)
kernel_read_system_state(drbd_t)
kernel_load_module(drbd_t)
@@ -91,6 +93,7 @@ files_read_kernel_modules(drbd_t)
logging_send_syslog_msg(drbd_t)
+fs_associate_proc(drbd_t)
fs_getattr_xattr_fs(drbd_t)
modutils_read_module_config(drbd_t)
--
2.51.1

50
bsc-1233273_drbd.ocf-update-for-OCF-1.1.patch → bsc-1233273-1252991_drbd.ocf-update-for-OCF-1.1.patch
View File

@@ -1,7 +1,7 @@
From 3baaf88af512492dd5315a50cf421fbcf51ef9b8 Mon Sep 17 00:00:00 2001
From 8c53c6777e4336f1d4e50279dc539ed70aa04f33 Mon Sep 17 00:00:00 2001
From: Su Yue <glass.su@suse.com>
Date: Sun, 7 Jul 2024 16:52:18 +0800
Subject: [PATCH 3/3] drbd.ocf: update for OCF 1.1
Subject: [PATCH] update for OCF 1.1
According to [1], the commit
1. bumps drbd ocf version to 1.5
@@ -13,17 +13,47 @@ According to [1], the commit
Because of change <4>, the drbd ocf RA won't be able to support old
names so we need to bump version of the RA.
Also set default role in crm-fence-peer scripts to 'Promoted'.
[1] Links: https://projects.clusterlabs.org/w/development/update_resource_agent_for_ocf_1.1/
Signed-off-by: Su Yue <glass.su@suse.com>
---
scripts/drbd.ocf | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
scripts/crm-fence-peer.9.sh | 2 +-
scripts/crm-fence-peer.sh | 2 +-
scripts/drbd.ocf | 16 ++++++++--------
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/scripts/crm-fence-peer.9.sh b/scripts/crm-fence-peer.9.sh
index b326a1656c15..9fb0b7dee34d 100755
--- a/scripts/crm-fence-peer.9.sh
+++ b/scripts/crm-fence-peer.9.sh
@@ -1444,7 +1444,7 @@ fi
# apply defaults:
: "== fencing_attribute == ${fencing_attribute:="#uname"}"
: "== id_prefix == ${id_prefix:="drbd-fence-by-handler"}"
-: "== role == ${role:="Master"}"
+: "== role == ${role:="Promoted"}"
# defaults suitable for most cases
: "== net_hickup_time == ${net_hickup_time:=0}"
diff --git a/scripts/crm-fence-peer.sh b/scripts/crm-fence-peer.sh
index 3932937940ce..ad857e4dfcce 100755
--- a/scripts/crm-fence-peer.sh
+++ b/scripts/crm-fence-peer.sh
@@ -1046,7 +1046,7 @@ fi
# apply defaults:
: "== fencing_attribute == ${fencing_attribute:="#uname"}"
: "== id_prefix == ${id_prefix:="drbd-fence-by-handler"}"
-: "== role == ${role:="Master"}"
+: "== role == ${role:="Promoted"}"
# defaults suitable for most cases
: "== net_hickup_time == ${net_hickup_time:=0}"
diff --git a/scripts/drbd.ocf b/scripts/drbd.ocf
index bbe25f38edda..5b213640ec38 100755
index 1d051baa550d..8dfa5c465f5b 100755
--- a/scripts/drbd.ocf
+++ b/scripts/drbd.ocf
@@ -233,13 +233,13 @@ meta_data() {
@@ -221,13 +221,13 @@ meta_data() {
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<!-- version attribute is version of this resource agent -->
@@ -40,7 +70,7 @@ index bbe25f38edda..5b213640ec38 100755
DRBD is a shared-nothing replicated storage device.
NOTE:
@@ -253,10 +253,10 @@ See the DRBD User's Guide for more information.
@@ -241,10 +241,10 @@ See the DRBD User's Guide for more information.
https://docs.linbit.com/
</longdesc>
@@ -53,7 +83,7 @@ index bbe25f38edda..5b213640ec38 100755
<longdesc lang="en">
The name of the drbd resource from the drbd.conf file.
</longdesc>
@@ -483,8 +483,8 @@ to be generated after the failover of a "healthy" DRBD.
@@ -471,8 +471,8 @@ to be generated after the failover of a "healthy" DRBD.
<action name="demote" timeout="90" />
<action name="notify" timeout="90" />
<action name="stop" timeout="100" />
@@ -64,7 +94,7 @@ index bbe25f38edda..5b213640ec38 100755
<action name="meta-data" timeout="5" />
<action name="validate-all" />
</actions>
@@ -974,7 +974,7 @@ drbd_monitor() {
@@ -962,7 +962,7 @@ drbd_monitor() {
fi
case $status in
@@ -74,5 +104,5 @@ index bbe25f38edda..5b213640ec38 100755
(2) : "OCF_ERR_ARGS" ;;
(3) : "OCF_ERR_UNIMPLEMENTED" ;;
--
2.45.2
2.50.1 (Apple Git-155)

37
bsc-1239437_drbd.rules-fix-missing-udev-device.patch
View File

@@ -1,37 +0,0 @@
From 9cd344fadd8b142c9995055619695d7b96014d83 Mon Sep 17 00:00:00 2001
From: Heming Zhao <heming.zhao@suse.com>
Date: Thu, 13 Mar 2025 15:43:50 +0800
Subject: [PATCH] drbd.rules: fix missing udev device
This commit partialy reverts commit aa6409657553 ("drbd.rules: use
drbdsetup udev command"). The changes in aa6409657553 switch udev
generator from drbdadm to drbdsetup, which introduces incompatibility
with existing udev rules.
See bsc#1239437 for more details.
Signed-off-by: Heming Zhao <heming.zhao@suse.com>
---
scripts/drbd.rules.in | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scripts/drbd.rules.in b/scripts/drbd.rules.in
index c918facb8768..469996e23efd 100644
--- a/scripts/drbd.rules.in
+++ b/scripts/drbd.rules.in
@@ -3,10 +3,11 @@
SUBSYSTEM!="block", GOTO="drbd_end"
KERNEL!="drbd*", GOTO="drbd_end"
-IMPORT{program}="@sbindir@/drbdsetup udev %m"
+IMPORT{program}="@sbindir@/drbdadm sh-udev minor-%m"
ENV{SYMLINK_BY_DISK}!="", SYMLINK+="$env{SYMLINK_BY_DISK}"
ENV{SYMLINK_BY_RES}!="", SYMLINK+="$env{SYMLINK_BY_RES}"
+ENV{DEVICE}=="drbd_?*", SYMLINK+="$env{DEVICE}"
ENV{SYSTEMD_WANTS}="drbd-graceful-shutdown.service"
LABEL="drbd_end"
--
2.43.0

25
bsc-1247534_drbd-didnt-start-due-to-drbd_rules-returning-err.patch Normal file
View File

@@ -0,0 +1,25 @@
diff -Nupr a/scripts/drbd.ocf b/scripts/drbd.ocf
--- a/scripts/drbd.ocf 2025-08-15 14:56:51.370952179 +0800
+++ b/scripts/drbd.ocf 2025-08-15 14:57:19.900056780 +0800
@@ -1621,6 +1621,21 @@ _drbd_validate_all () {
# (as is the case here), we don't need to add "--stacked"
# anymore, even if they are stacked.
: # nothing to do.
+
+ # ref bsc#1239437 bsc#1247534
+ # For device names like drbd_tom, drbd_jerry, ... (not style: drbd[0-9]+
+ # we change the path to /dev/drbd${minor}.
+ for i in "${!DRBD_DEVICES[@]}"; do
+ dev=$(basename ${DRBD_DEVICES[$i]})
+ if [[ ! $dev =~ drbd[0-9]+ ]]; then
+ minor=$($DRBDADM dump $DRBD_RESOURCE | grep -Eo "${dev}[[:space:]]minor[[:space:]][0-9]+" | cut -d' ' -f 3)
+ if [[ $minor =~ ^[0-9]+$ ]]; then
+ DRBD_DEVICES[$i]="/dev/drbd${minor}"
+ else
+ ocf_log warn "$dev doesn't have minor"
+ fi
+ fi
+ done
elif DRBD_DEVICES=($($DRBDADM --stacked sh-dev $DRBD_RESOURCE 2>/dev/null)); then
# apparently a "stacked" resource. Remember for future DRBDADM calls.
DRBDADM="$DRBDADM -S"

31
drbd-utils.changes
View File

@@ -1,3 +1,34 @@
-------------------------------------------------------------------
Tue Nov 18 08:43:39 UTC 2025 - Glass Su <glass.su@suse.com>
- [SELinux] nfs_drbd: "fence-peer helper broken, returned 0" and nfs WRITE hang when power off the secondary node (bsc#1252991)
* Update and rename patch
- bsc-1233273_drbd.ocf-update-for-OCF-1.1.patch
+ bsc-1233273-1252991_drbd.ocf-update-for-OCF-1.1.patch
-------------------------------------------------------------------
Fri Nov 14 11:10:58 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
- Allow domtrans from kernel_t to drbd_t (bsc#1252991)
* add patch
- 1252991-selinux-domtrans-from-kernel.patch
-------------------------------------------------------------------
Tue Aug 19 12:28:46 UTC 2025 - heming zhao <heming.zhao@suse.com>
- drbd_passive didn't start due to drbd.rules returning error (bsc#1247534)
* update patch
- bsc-1247534_drbd-didnt-start-due-to-drbd_rules-returning-err.patch
-------------------------------------------------------------------
Fri Aug 15 07:12:00 UTC 2025 - Heming Zhao <heming.zhao@suse.com>
- drbd_passive didn't start due to drbd.rules returning error (bsc#1247534)
* remove patch
- bsc-1239437_drbd.rules-fix-missing-udev-device.patch
* add patch
- bsc-1247534_drbd-didnt-start-due-to-drbd_rules-returning-err.patch
-------------------------------------------------------------------
Tue Jun 17 14:38:00 UTC 2025 - Heming Zhao <heming.zhao@suse.com>

7
drbd-utils.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package drbd-utils
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -71,9 +71,10 @@ Patch1003: bsc-1032142_Disable-quorum-in-default-configuration.patch
Patch1004: move_fencing_from_disk_to_net_in_example.patch
Patch1005: pie-fix.patch
Patch1006: bsc-1233273_drbd.ocf-replace-crm_master-with-ocf_promotion_score.patch
Patch1007: bsc-1233273_drbd.ocf-update-for-OCF-1.1.patch
Patch1007: bsc-1233273-1252991_drbd.ocf-update-for-OCF-1.1.patch
Patch1008: rpmlint-build-error.patch
Patch1009: bsc-1239437_drbd.rules-fix-missing-udev-device.patch
Patch1009: bsc-1247534_drbd-didnt-start-due-to-drbd_rules-returning-err.patch
Patch1010: 1252991-selinux-domtrans-from-kernel.patch
#############################################
Provides: drbd-bash-completion = %{version}