[pve-devel] [PATCH corosync-pve 09/10] add patches for Corosync 3.x

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed May 22 15:37:24 CEST 2019


some minor cherry-picks, and two big series:
- crypto compatibility for upgrading from Corosync 2.x
- cpg callback merging for joinlists

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
 ...-cfgtool-Improve-link-status-display.patch | 166 ++++
 ...-Revert-init-Enable-StopWhenUnneeded.patch |  63 ++
 patches/0007-add-crypto-patches.patch         | 404 +++++++++
 patches/0008-CPG-callback-merging.patch       | 858 ++++++++++++++++++
 patches/series                                |   4 +
 5 files changed, 1495 insertions(+)
 create mode 100644 patches/0005-cfgtool-Improve-link-status-display.patch
 create mode 100644 patches/0006-Revert-init-Enable-StopWhenUnneeded.patch
 create mode 100644 patches/0007-add-crypto-patches.patch
 create mode 100644 patches/0008-CPG-callback-merging.patch

diff --git a/patches/0005-cfgtool-Improve-link-status-display.patch b/patches/0005-cfgtool-Improve-link-status-display.patch
new file mode 100644
index 0000000..d6782f7
--- /dev/null
+++ b/patches/0005-cfgtool-Improve-link-status-display.patch
@@ -0,0 +1,166 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler at proxmox.com>
+Date: Wed, 22 May 2019 12:24:45 +0200
+Subject: [PATCH] cfgtool: Improve link status display
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+cherry-picked from upstream master
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
+---
+ .../cfgtool-Improve-link-status-display.patch | 134 ++++++++++++++++++
+ debian/patches/series                         |   1 +
+ 2 files changed, 135 insertions(+)
+ create mode 100644 debian/patches/cfgtool-Improve-link-status-display.patch
+
+diff --git a/debian/patches/cfgtool-Improve-link-status-display.patch b/debian/patches/cfgtool-Improve-link-status-display.patch
+new file mode 100644
+index 00000000..93ee9937
+--- /dev/null
++++ b/debian/patches/cfgtool-Improve-link-status-display.patch
+@@ -0,0 +1,134 @@
++From: Christine Caulfield <ccaulfie at redhat.com>
++Date: Tue, 22 Jan 2019 10:06:29 +0000
++Subject: cfgtool: Improve link status display
++
++Now show the nodeids properly, rather than node indexes which were
++annoying and unhelpful.
++
++Signed-off-by: Christine Caulfield <ccaulfie at redhat.com>
++Reviewed-by: Jan Friesse <jfriesse at redhat.com>
++(cherry picked from commit c0d14485c3ebdeb2332f7c48acd155163e5b7fc1)
++---
++ tools/Makefile.am        |  2 +-
++ tools/corosync-cfgtool.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++--
++ 2 files changed, 55 insertions(+), 3 deletions(-)
++
++diff --git a/tools/Makefile.am b/tools/Makefile.am
++index 7a9ab04..0793884 100644
++--- a/tools/Makefile.am
+++++ b/tools/Makefile.am
++@@ -58,7 +58,7 @@ corosync-blackbox: corosync-blackbox.sh
++ 
++ corosync_cmapctl_LDADD	= $(LIBQB_LIBS) $(top_builddir)/lib/libcmap.la
++ 
++-corosync_cfgtool_LDADD	= $(LIBQB_LIBS) $(top_builddir)/lib/libcfg.la
+++corosync_cfgtool_LDADD	= $(LIBQB_LIBS) $(top_builddir)/lib/libcfg.la $(top_builddir)/lib/libcmap.la
++ 
++ corosync_cpgtool_LDADD	= $(LIBQB_LIBS) $(top_builddir)/lib/libcfg.la \
++ 			  $(top_builddir)/lib/libcpg.la
++diff --git a/tools/corosync-cfgtool.c b/tools/corosync-cfgtool.c
++index c138085..ed29694 100644
++--- a/tools/corosync-cfgtool.c
+++++ b/tools/corosync-cfgtool.c
++@@ -50,6 +50,7 @@
++ #include <corosync/corotypes.h>
++ #include <corosync/totem/totem.h>
++ #include <corosync/cfg.h>
+++#include <corosync/cmap.h>
++ 
++ #define cs_repeat(result, max, code)				\
++ 	do {							\
++@@ -75,16 +76,33 @@ enum user_action {
++ 	ACTION_KILL_NODE,
++ };
++ 
+++static int node_compare(const void *aptr, const void *bptr)
+++{
+++	uint32_t a,b;
+++
+++	a = *(uint32_t *)aptr;
+++	b = *(uint32_t *)bptr;
+++
+++	return a > b;
+++}
+++
++ static int
++ linkstatusget_do (char *interface_name, int brief)
++ {
++ 	cs_error_t result;
++ 	corosync_cfg_handle_t handle;
+++	cmap_handle_t cmap_handle;
++ 	unsigned int interface_count;
++ 	char **interface_names;
++ 	char **interface_status;
+++	uint32_t nodeid_list[KNET_MAX_HOST];
+++	char iter_key[CMAP_KEYNAME_MAXLEN];
++ 	unsigned int i;
+++	cmap_iter_handle_t iter;
++ 	unsigned int nodeid;
+++	unsigned int node_pos;
+++	cmap_value_types_t type;
+++	size_t value_len;
++ 	int rc = 0;
++ 	int len, s = 0, t;
++ 
++@@ -95,6 +113,37 @@ linkstatusget_do (char *interface_name, int brief)
++ 		exit (1);
++ 	}
++ 
+++	result = cmap_initialize (&cmap_handle);
+++	if (result != CS_OK) {
+++		printf ("Could not initialize corosync cmap API error %d\n", result);
+++		exit (1);
+++	}
+++	/* Get a list of nodes. We do it this way rather than using votequorum as cfgtool
+++	 * needs to be independent of quorum type
+++	 */
+++	result = cmap_iter_init(cmap_handle, "nodelist.node.", &iter);
+++	if (result != CS_OK) {
+++		printf ("Could not get nodelist from cmap. error %d\n", result);
+++		exit (1);
+++	}
+++
+++	while ((cmap_iter_next(cmap_handle, iter, iter_key, &value_len, &type)) == CS_OK) {
+++		result = sscanf(iter_key, "nodelist.node.%u.nodeid", &node_pos);
+++		if (result != 1) {
+++			continue;
+++		}
+++		if (cmap_get_uint32(cmap_handle, iter_key, &nodeid) == CS_OK) {
+++			nodeid_list[s++] = nodeid;
+++		}
+++	}
+++
+++	/* totemknet returns nodes in nodeid order - even though it doesn't tell us
+++	   what the nodeid is. So sort our node list and we can then look up
+++	   knet node pos to get an actual nodeid.
+++	   Yep, I really should have totally rewritten the cfg interface for this.
+++	*/
+++	qsort(nodeid_list, s, sizeof(uint32_t), node_compare);
+++
++ 	result = corosync_cfg_local_get(handle, &nodeid);
++ 	if (result != CS_OK) {
++ 		printf ("Could not get the local node id, the error is: %d\n", result);
++@@ -134,9 +183,11 @@ linkstatusget_do (char *interface_name, int brief)
++ 					(!strstr(interface_status[i], "FAULTY"))) {
++ 					len = strlen(interface_status[i]);
++ 					printf ("\tstatus:\n");
++-					while(s < len) {
+++					while (s < len) {
+++						nodeid = nodeid_list[s];
++ 						t = interface_status[i][s] - '0';
++-						printf("\t\tnode %d:\t", s++);
+++						s++;
+++						printf("\t\tnodeid %2d:\t", nodeid);
++ 						printf("link enabled:%d\t", t&1? 1 : 0);
++ 						printf("link connected:%d\n", t&2? 1: 0);
++ 					}
++@@ -157,6 +208,7 @@ linkstatusget_do (char *interface_name, int brief)
++ 		free(interface_names);
++ 	}
++ 
+++	(void)cmap_finalize (cmap_handle);
++ 	(void)corosync_cfg_finalize (handle);
++ 	return rc;
++ }
+diff --git a/debian/patches/series b/debian/patches/series
+index fcba2944..32007175 100644
+--- a/debian/patches/series
++++ b/debian/patches/series
+@@ -6,3 +6,4 @@ AC_PROG_SED-is-already-present.patch
+ Use-the-SED-variable-provided-by-configure.patch
+ Use-the-AWK-variable-provided-by-configure.patch
+ pve__only-start-corosync.service-if-conf-exists.patch
++cfgtool-Improve-link-status-display.patch
diff --git a/patches/0006-Revert-init-Enable-StopWhenUnneeded.patch b/patches/0006-Revert-init-Enable-StopWhenUnneeded.patch
new file mode 100644
index 0000000..2d06245
--- /dev/null
+++ b/patches/0006-Revert-init-Enable-StopWhenUnneeded.patch
@@ -0,0 +1,63 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler at proxmox.com>
+Date: Wed, 22 May 2019 12:25:28 +0200
+Subject: [PATCH] Revert "init: Enable StopWhenUnneeded"
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+cherry-picked from upstream master
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
+---
+ .../Revert-init-Enable-StopWhenUnneeded.patch | 31 +++++++++++++++++++
+ debian/patches/series                         |  1 +
+ 2 files changed, 32 insertions(+)
+ create mode 100644 debian/patches/Revert-init-Enable-StopWhenUnneeded.patch
+
+diff --git a/debian/patches/Revert-init-Enable-StopWhenUnneeded.patch b/debian/patches/Revert-init-Enable-StopWhenUnneeded.patch
+new file mode 100644
+index 00000000..8b7f240c
+--- /dev/null
++++ b/debian/patches/Revert-init-Enable-StopWhenUnneeded.patch
+@@ -0,0 +1,31 @@
++From: Jan Friesse <jfriesse at redhat.com>
++Date: Thu, 4 Apr 2019 11:40:19 +0200
++Subject: Revert "init: Enable StopWhenUnneeded"
++
++This reverts commit 03d9321bc80887d4578744c26c05d61e2d9d4278.
++
++Reverted because when corosync service is not enabled and corosync
++is executed by "systemctl start corosync" it is then immediately
++shutdown because of "Unit not needed anymore. Stopping.".
++
++This is really not expected behavior.
++
++Signed-off-by: Jan Friesse <jfriesse at redhat.com>
++Reviewed-by: Christine Caulfield <ccaulfie at redhat.com>
++(cherry picked from commit 527e30a8d050c077d8adff2a5aa77d9b683a8f28)
++---
++ init/corosync.service.in | 1 -
++ 1 file changed, 1 deletion(-)
++
++diff --git a/init/corosync.service.in b/init/corosync.service.in
++index 28046ca..adf7080 100644
++--- a/init/corosync.service.in
+++++ b/init/corosync.service.in
++@@ -5,7 +5,6 @@ ConditionKernelCommandLine=!nocluster
++ ConditionPathExists=/etc/corosync/corosync.conf
++ Requires=network-online.target
++ After=network-online.target
++-StopWhenUnneeded=yes
++ 
++ [Service]
++ EnvironmentFile=- at INITCONFIGDIR@/corosync
+diff --git a/debian/patches/series b/debian/patches/series
+index 32007175..2caabe1c 100644
+--- a/debian/patches/series
++++ b/debian/patches/series
+@@ -7,3 +7,4 @@ Use-the-SED-variable-provided-by-configure.patch
+ Use-the-AWK-variable-provided-by-configure.patch
+ pve__only-start-corosync.service-if-conf-exists.patch
+ cfgtool-Improve-link-status-display.patch
++Revert-init-Enable-StopWhenUnneeded.patch
diff --git a/patches/0007-add-crypto-patches.patch b/patches/0007-add-crypto-patches.patch
new file mode 100644
index 0000000..4273eb5
--- /dev/null
+++ b/patches/0007-add-crypto-patches.patch
@@ -0,0 +1,404 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler at proxmox.com>
+Date: Wed, 22 May 2019 12:26:43 +0200
+Subject: [PATCH] add crypto patches
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+cherry-picked from upstream master, to ease in-place upgrade for
+clusters running our default configuration
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
+---
+ ...rypto-re-introduce-secauth-parameter.patch |  62 ++++++++
+ .../keygen-Reflect-change-in-knet.patch       | 100 +++++++++++++
+ ...et-totem.keyfile-and-totem.key-to-RO.patch |  44 ++++++
+ .../totemconfig-Remove-support-for-3des.patch | 138 ++++++++++++++++++
+ debian/patches/series                         |   4 +
+ 5 files changed, 348 insertions(+)
+ create mode 100644 debian/patches/crypto-re-introduce-secauth-parameter.patch
+ create mode 100644 debian/patches/keygen-Reflect-change-in-knet.patch
+ create mode 100644 debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch
+ create mode 100644 debian/patches/totemconfig-Remove-support-for-3des.patch
+
+diff --git a/debian/patches/crypto-re-introduce-secauth-parameter.patch b/debian/patches/crypto-re-introduce-secauth-parameter.patch
+new file mode 100644
+index 00000000..1c5739c1
+--- /dev/null
++++ b/debian/patches/crypto-re-introduce-secauth-parameter.patch
+@@ -0,0 +1,62 @@
++From: =?utf-8?q?Fabian_Gr=C3=BCnbichler?= <f.gruenbichler at proxmox.com>
++Date: Wed, 10 Apr 2019 09:43:33 +0200
++Subject: crypto: re-introduce secauth parameter
++MIME-Version: 1.0
++Content-Type: text/plain; charset="utf-8"
++Content-Transfer-Encoding: 8bit
++
++with the following semantics:
++- default off
++- implies crypto_hash SHA256 and crypto_cipher AES256
++- crypto_* have higher precedence
++- only applicable for knet, like crypto_*
++
++this should make upgrading from Corosync 2.x less painful for users that
++have an explicit secauth=on in their configuration.
++
++Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
++Reviewed-by: Jan Friesse <jfriesse at redhat.com>
++(cherry picked from commit b97ca8e9f026aaaf2fe9cf697d89803004587f60)
++---
++ exec/totemconfig.c  | 8 ++++++++
++ man/corosync.conf.5 | 8 ++++++++
++ 2 files changed, 16 insertions(+)
++
++diff --git a/exec/totemconfig.c b/exec/totemconfig.c
++index 4f69fd5..1954f76 100644
++--- a/exec/totemconfig.c
+++++ b/exec/totemconfig.c
++@@ -450,6 +450,14 @@ static int totem_get_crypto(struct totem_config *totem_config, const char **erro
++ 		tmp_model = "nss";
++ 	}
++ 
+++	if (icmap_get_string("totem.secauth", &str) == CS_OK) {
+++		if (strcmp(str, "on") == 0) {
+++			tmp_cipher = "aes256";
+++			tmp_hash = "sha256";
+++		}
+++		free(str);
+++	}
+++
++ 	if (icmap_get_string("totem.crypto_cipher", &str) == CS_OK) {
++ 		if (strcmp(str, "none") == 0) {
++ 			tmp_cipher = "none";
++diff --git a/man/corosync.conf.5 b/man/corosync.conf.5
++index 216dfc5..b294e11 100644
++--- a/man/corosync.conf.5
+++++ b/man/corosync.conf.5
++@@ -224,6 +224,14 @@ transmission is only supported for the knet transport.
++ 
++ The default is none.
++ 
+++.TP
+++secauth
+++This implies crypto_cipher=aes256 and crypto_hash=sha256, unless those options
+++are explicitly set. Encrypted transmission is only supported for the knet
+++transport.
+++
+++The default is off.
+++
++ .TP
++ keyfile
++ This specifies the fully qualified path to the shared key used to
+diff --git a/debian/patches/keygen-Reflect-change-in-knet.patch b/debian/patches/keygen-Reflect-change-in-knet.patch
+new file mode 100644
+index 00000000..068f481f
+--- /dev/null
++++ b/debian/patches/keygen-Reflect-change-in-knet.patch
+@@ -0,0 +1,100 @@
++From: Jan Friesse <jfriesse at redhat.com>
++Date: Tue, 9 Apr 2019 17:09:34 +0200
++Subject: keygen: Reflect change in knet
++
++Knet commit 1cb36f0cffd4559971826ca4774a88c5b05882fb reduced minimal
++key length to 1024-bit. Keygen should keep compatibility with already
++released 3.0.[0-1] so default key length should be 2048 bits. It's
++possible to use -s argument to generate shorter key - keygen respects
++minimum/maximum as defined by knet.
++
++Also fix man page to reflect this change.
++
++Signed-off-by: Jan Friesse <jfriesse at redhat.com>
++Reviewed-by: Christine Caulfield <ccaulfie at redhat.com>
++(cherry picked from commit c260bce45b1f5b4a82c74513c4b3302d32daf179)
++---
++ tools/corosync-keygen.c |  4 ++--
++ man/corosync-keygen.8   | 21 +++++++++------------
++ 2 files changed, 11 insertions(+), 14 deletions(-)
++
++diff --git a/tools/corosync-keygen.c b/tools/corosync-keygen.c
++index 40e4d6e..243661a 100644
++--- a/tools/corosync-keygen.c
+++++ b/tools/corosync-keygen.c
++@@ -1,6 +1,6 @@
++ /*
++  * Copyright (c) 2004 MontaVista Software, Inc.
++- * Copyright (c) 2005-2017 Red Hat, Inc.
+++ * Copyright (c) 2005-2019 Red Hat, Inc.
++  *
++  * All rights reserved.
++  *
++@@ -52,7 +52,7 @@
++ 
++ #define DEFAULT_KEYFILE COROSYSCONFDIR "/authkey"
++ 
++-#define DEFAULT_KEYFILE_LEN		TOTEM_PRIVATE_KEY_LEN_MIN
+++#define DEFAULT_KEYFILE_LEN		256
++ 
++ #define DEFAULT_RANDOM_DEV		"/dev/urandom"
++ 
++diff --git a/man/corosync-keygen.8 b/man/corosync-keygen.8
++index 0839621..8767ddc 100644
++--- a/man/corosync-keygen.8
+++++ b/man/corosync-keygen.8
++@@ -1,5 +1,5 @@
++ .\"/*
++-.\" * Copyright (C) 2010-2017 Red Hat, Inc.
+++.\" * Copyright (C) 2010-2019 Red Hat, Inc.
++ .\" *
++ .\" * All rights reserved.
++ .\" *
++@@ -31,7 +31,7 @@
++ .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
++ .\" * THE POSSIBILITY OF SUCH DAMAGE.
++ .\" */
++-.TH COROSYNC-KEYGEN 8 2017-07-03
+++.TH COROSYNC-KEYGEN 8 2019-04-09
++ .SH NAME
++ corosync-keygen \- Generate an authentication key for Corosync.
++ .SH SYNOPSIS
++@@ -69,7 +69,7 @@ Random number source file. Default is /dev/urandom. As an example /dev/random ma
++ used when really superb randomness is needed.
++ .TP
++ .B -s size
++-Size of the generated key in bytes. Default is 1024 bytes. Allowed range is <1024, 4096>.
+++Size of the generated key in bytes. Default is 256 bytes. Allowed range is <128, 4096>.
++ .TP
++ .TP
++ .B -l
++@@ -84,7 +84,7 @@ Generate the key.
++ .nf
++ # corosync-keygen
++ Corosync Cluster Engine Authentication key generator.
++-Gathering 8192 bits for key from /dev/urandom.
+++Gathering 2048 bits for key from /dev/urandom.
++ Writing corosync key to /etc/corosync/authkey
++ .fi
++ 
++@@ -101,15 +101,12 @@ Writing corosync key to /tmp/authkey.
++ Generate superb key using /dev/random
++ .nf
++ # corosync-keygen -r /dev/random
++-Corosync Cluster Engine Authentication key generator.
++-Gathering 8192 bits for key from /dev/random.
+++Gathering 2048 bits for key from /dev/random.
++ Press keys on your keyboard to generate entropy.
++-Press keys on your keyboard to generate entropy (7928 bits still needed).
++-Press keys on your keyboard to generate entropy (7880 bits still needed).
++- ...
++-Press keys on your keyboard to generate entropy (104 bits still needed).
++-Press keys on your keyboard to generate entropy (56 bits still needed).
++-Press keys on your keyboard to generate entropy (8 bits still needed).
+++Press keys on your keyboard to generate entropy (1128 bits still needed).
+++Press keys on your keyboard to generate entropy (504 bits still needed).
+++Press keys on your keyboard to generate entropy (128 bits still needed).
+++Press keys on your keyboard to generate entropy (32 bits still needed).
++ Writing corosync key to /etc/corosync/authkey.
++ .fi
++ 
+diff --git a/debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch b/debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch
+new file mode 100644
+index 00000000..9daad20b
+--- /dev/null
++++ b/debian/patches/set-totem.keyfile-and-totem.key-to-RO.patch
+@@ -0,0 +1,44 @@
++From: =?utf-8?q?Fabian_Gr=C3=BCnbichler?= <f.gruenbichler at proxmox.com>
++Date: Wed, 3 Apr 2019 21:57:30 +0200
++Subject: set totem.keyfile and totem.key to RO
++MIME-Version: 1.0
++Content-Type: text/plain; charset="utf-8"
++Content-Transfer-Encoding: 8bit
++
++so that we get the nice log message when attempting to modify them at
++runtime, just like for totem.crypto_* and co.
++
++Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
++Reviewed-by: Jan Friesse <jfriesse at redhat.com>
++(cherry picked from commit 03fba21503f1b8395519190cc537f63100e995f5)
++---
++ exec/cfg.c  | 2 ++
++ exec/main.c | 2 ++
++ 2 files changed, 4 insertions(+)
++
++diff --git a/exec/cfg.c b/exec/cfg.c
++index dec7dbf..9aeba0c 100644
++--- a/exec/cfg.c
+++++ b/exec/cfg.c
++@@ -578,6 +578,8 @@ static void remove_ro_entries(icmap_map_t temp_map)
++ 	delete_and_notify_if_changed(temp_map, "totem.secauth");
++ 	delete_and_notify_if_changed(temp_map, "totem.crypto_hash");
++ 	delete_and_notify_if_changed(temp_map, "totem.crypto_cipher");
+++	delete_and_notify_if_changed(temp_map, "totem.keyfile");
+++	delete_and_notify_if_changed(temp_map, "totem.key");
++ 	delete_and_notify_if_changed(temp_map, "totem.version");
++ 	delete_and_notify_if_changed(temp_map, "totem.threads");
++ 	delete_and_notify_if_changed(temp_map, "totem.ip_version");
++diff --git a/exec/main.c b/exec/main.c
++index 8554036..06a519c 100644
++--- a/exec/main.c
+++++ b/exec/main.c
++@@ -1036,6 +1036,8 @@ static void set_icmap_ro_keys_flag (void)
++ 	 */
++ 	icmap_set_ro_access("totem.crypto_cipher", CS_FALSE, CS_TRUE);
++ 	icmap_set_ro_access("totem.crypto_hash", CS_FALSE, CS_TRUE);
+++	icmap_set_ro_access("totem.keyfile", CS_FALSE, CS_TRUE);
+++	icmap_set_ro_access("totem.key", CS_FALSE, CS_TRUE);
++ 	icmap_set_ro_access("totem.secauth", CS_FALSE, CS_TRUE);
++ 	icmap_set_ro_access("totem.ip_version", CS_FALSE, CS_TRUE);
++ 	icmap_set_ro_access("totem.rrp_mode", CS_FALSE, CS_TRUE);
+diff --git a/debian/patches/totemconfig-Remove-support-for-3des.patch b/debian/patches/totemconfig-Remove-support-for-3des.patch
+new file mode 100644
+index 00000000..c46f137f
+--- /dev/null
++++ b/debian/patches/totemconfig-Remove-support-for-3des.patch
+@@ -0,0 +1,138 @@
++From: Jan Friesse <jfriesse at redhat.com>
++Date: Thu, 11 Apr 2019 08:23:29 +0200
++Subject: totemconfig: Remove support for 3des
++
++Triple DES is considered as a "weak cipher" since 2016 so there is
++really no need to support it in the corosync. Thanks to bug in
++Corosync/Knet/NSS which caused 3des to not work at all,
++no matter what library was used, we can just remove support for 3des
++without braking the compatibility.
++
++Also fix coroparse so:
++- totem.crypto_type is removed (this is 1.x construct which was not used
++even in 2.x)
++- Add checking of totem.crypto_model.
++- Enumarate possible values for crypto_model, crypto_cipher and
++crypto_hash error messages
++
++Signed-off-by: Jan Friesse <jfriesse at redhat.com>
++Reviewed-by: Christine Caulfield <ccaulfie at redhat.com>
++(cherry picked from commit d05636b738e3cb1cd7a491e4ef492cd44a8bf6a9)
++---
++ exec/coroparse.c         | 21 ++++++++++-----------
++ exec/totemconfig.c       |  3 ---
++ conf/lenses/corosync.aug |  4 ++--
++ man/corosync.conf.5      |  6 +++---
++ 4 files changed, 15 insertions(+), 19 deletions(-)
++
++diff --git a/exec/coroparse.c b/exec/coroparse.c
++index bee0a8c..16e0257 100644
++--- a/exec/coroparse.c
+++++ b/exec/coroparse.c
++@@ -1,5 +1,5 @@
++ /*
++- * Copyright (c) 2006-2018 Red Hat, Inc.
+++ * Copyright (c) 2006-2019 Red Hat, Inc.
++  *
++  * All rights reserved.
++  *
++@@ -747,13 +747,11 @@ static int main_config_parser_cb(const char *path,
++ 					return (0);
++ 				}
++ 			}
++-			if (strcmp(path, "totem.crypto_type") == 0) {
+++			if (strcmp(path, "totem.crypto_model") == 0) {
++ 				if ((strcmp(value, "nss") != 0) &&
++-				    (strcmp(value, "aes256") != 0) &&
++-				    (strcmp(value, "aes192") != 0) &&
++-				    (strcmp(value, "aes128") != 0) &&
++-				    (strcmp(value, "3des") != 0)) {
++-					*error_string = "Invalid crypto type";
+++				    (strcmp(value, "openssl") != 0)) {
+++					*error_string = "Invalid crypto model. "
+++					    "Should be nss or openssl";
++ 
++ 					return (0);
++ 				}
++@@ -762,9 +760,9 @@ static int main_config_parser_cb(const char *path,
++ 				if ((strcmp(value, "none") != 0) &&
++ 				    (strcmp(value, "aes256") != 0) &&
++ 				    (strcmp(value, "aes192") != 0) &&
++-				    (strcmp(value, "aes128") != 0) &&
++-				    (strcmp(value, "3des") != 0)) {
++-					*error_string = "Invalid cipher type";
+++				    (strcmp(value, "aes128") != 0)) {
+++					*error_string = "Invalid cipher type. "
+++					    "Should be none, aes256, aes192 or aes128";
++ 
++ 					return (0);
++ 				}
++@@ -776,7 +774,8 @@ static int main_config_parser_cb(const char *path,
++ 				    (strcmp(value, "sha256") != 0) &&
++ 				    (strcmp(value, "sha384") != 0) &&
++ 				    (strcmp(value, "sha512") != 0)) {
++-					*error_string = "Invalid hash type";
+++					*error_string = "Invalid hash type. "
+++					    "Should be none, md5, sha1, sha256, sha384 or sha512";
++ 
++ 					return (0);
++ 				}
++diff --git a/exec/totemconfig.c b/exec/totemconfig.c
++index d57562a..4f69fd5 100644
++--- a/exec/totemconfig.c
+++++ b/exec/totemconfig.c
++@@ -463,9 +463,6 @@ static int totem_get_crypto(struct totem_config *totem_config, const char **erro
++ 		if (strcmp(str, "aes128") == 0) {
++ 			tmp_cipher = "aes128";
++ 		}
++-		if (strcmp(str, "3des") == 0) {
++-			tmp_cipher = "3des";
++-		}
++ 		free(str);
++ 	}
++ 
++diff --git a/conf/lenses/corosync.aug b/conf/lenses/corosync.aug
++index 39334f1..edeb4fb 100644
++--- a/conf/lenses/corosync.aug
+++++ b/conf/lenses/corosync.aug
++@@ -51,8 +51,8 @@ let totem =
++     |kv "rrp_mode" /none|active|passive/
++     |kv "vsftype" /none|ykd/
++     |kv "secauth" /on|off/
++-    |kv "crypto_type" /nss|aes256|aes192|aes128|3des/
++-    |kv "crypto_cipher" /none|nss|aes256|aes192|aes128|3des/
+++    |kv "crypto_model" /nss|openssl/
+++    |kv "crypto_cipher" /none|nss|aes256|aes192|aes128/
++     |kv "crypto_hash" /none|md5|sha1|sha256|sha384|sha512/
++     |kv "transport" /udp|iba|udpu/
++     |kv "version" Rx.integer
++diff --git a/man/corosync.conf.5 b/man/corosync.conf.5
++index dd6f3ba..216dfc5 100644
++--- a/man/corosync.conf.5
+++++ b/man/corosync.conf.5
++@@ -1,6 +1,6 @@
++ .\"/*
++ .\" * Copyright (c) 2005 MontaVista Software, Inc.
++-.\" * Copyright (c) 2006-2018 Red Hat, Inc.
+++.\" * Copyright (c) 2006-2019 Red Hat, Inc.
++ .\" *
++ .\" * All rights reserved.
++ .\" *
++@@ -32,7 +32,7 @@
++ .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
++ .\" * THE POSSIBILITY OF SUCH DAMAGE.
++ .\" */
++-.TH COROSYNC_CONF 5 2019-01-10 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
+++.TH COROSYNC_CONF 5 2019-04-11 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
++ .SH NAME
++ corosync.conf - corosync executive configuration file
++ 
++@@ -218,7 +218,7 @@ The default is none.
++ .TP
++ crypto_cipher
++ This specifies which cipher should be used to encrypt all messages.
++-Valid values are none (no encryption), aes256, aes192, aes128 and 3des.
+++Valid values are none (no encryption), aes256, aes192 and aes128.
++ Enabling crypto_cipher, requires also enabling of crypto_hash. Encrypted
++ transmission is only supported for the knet transport.
++ 
+diff --git a/debian/patches/series b/debian/patches/series
+index 2caabe1c..6f18c886 100644
+--- a/debian/patches/series
++++ b/debian/patches/series
+@@ -8,3 +8,7 @@ Use-the-AWK-variable-provided-by-configure.patch
+ pve__only-start-corosync.service-if-conf-exists.patch
+ cfgtool-Improve-link-status-display.patch
+ Revert-init-Enable-StopWhenUnneeded.patch
++set-totem.keyfile-and-totem.key-to-RO.patch
++keygen-Reflect-change-in-knet.patch
++totemconfig-Remove-support-for-3des.patch
++crypto-re-introduce-secauth-parameter.patch
diff --git a/patches/0008-CPG-callback-merging.patch b/patches/0008-CPG-callback-merging.patch
new file mode 100644
index 0000000..2b8d946
--- /dev/null
+++ b/patches/0008-CPG-callback-merging.patch
@@ -0,0 +1,858 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler at proxmox.com>
+Date: Wed, 22 May 2019 12:27:19 +0200
+Subject: [PATCH] CPG callback merging
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+cherry-picked from upstream PR 468.
+
+this series aims to minimize callback calls in case of cluster cold
+starts or re-joining after network partitions, which cause a huge spike
+in network load on bigger clusters running pmxcfs.
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
+---
+ .../cpg-Add-CPG_REASON_UNDEFINED.patch        | 152 +++++++++++++
+ ...more-comments-to-notify_lib_joinlist.patch | 193 +++++++++++++++++
+ ...illing-of-member_list-to-subfunction.patch | 130 ++++++++++++
+ ...ify_lib_joinlist-drop-conn-parameter.patch | 112 ++++++++++
+ ...-confchg-event-per-group-on-joinlist.patch | 199 ++++++++++++++++++
+ debian/patches/series                         |   5 +
+ 6 files changed, 791 insertions(+)
+ create mode 100644 debian/patches/cpg-Add-CPG_REASON_UNDEFINED.patch
+ create mode 100644 debian/patches/cpg-Add-more-comments-to-notify_lib_joinlist.patch
+ create mode 100644 debian/patches/cpg-Move-filling-of-member_list-to-subfunction.patch
+ create mode 100644 debian/patches/cpg-notify_lib_joinlist-drop-conn-parameter.patch
+ create mode 100644 debian/patches/cpg-send-single-confchg-event-per-group-on-joinlist.patch
+
+diff --git a/debian/patches/cpg-Add-CPG_REASON_UNDEFINED.patch b/debian/patches/cpg-Add-CPG_REASON_UNDEFINED.patch
+new file mode 100644
+index 00000000..a69b53ac
+--- /dev/null
++++ b/debian/patches/cpg-Add-CPG_REASON_UNDEFINED.patch
+@@ -0,0 +1,152 @@
++From: Jan Friesse <jfriesse at redhat.com>
++Date: Tue, 16 Apr 2019 12:52:31 +0200
++Subject: cpg: Add CPG_REASON_UNDEFINED
++
++Previously the reason field for the member_list items
++in cpg_totem_confchg_fn was unset what may be little confusing.
++
++Solution is to add a special value CPG_REASON_UNDEFINED and use it for
++the member_list items.
++
++Signed-off-by: Jan Friesse <jfriesse at redhat.com>
++Reviewed-by: Christine Caulfield <ccaulfie at redhat.com>
++(cherry picked from commit 41f9e966bb1cfa70d0f6ec1ce46d9c845845b599)
++---
++ include/corosync/cpg.h        |  3 ++-
++ man/cpg_initialize.3.in       | 18 ++++++++++--------
++ man/cpg_model_initialize.3.in | 18 ++++++++++--------
++ exec/cpg.c                    |  3 ++-
++ 4 files changed, 24 insertions(+), 18 deletions(-)
++
++diff --git a/include/corosync/cpg.h b/include/corosync/cpg.h
++index 5ebd478..600bbf7 100644
++--- a/include/corosync/cpg.h
+++++ b/include/corosync/cpg.h
++@@ -1,5 +1,5 @@
++ /*
++- * Copyright (c) 2006-2011 Red Hat, Inc.
+++ * Copyright (c) 2006-2019 Red Hat, Inc.
++  *
++  * All rights reserved.
++  *
++@@ -80,6 +80,7 @@ typedef enum {
++  * @brief The cpg_reason_t enum
++  */
++ typedef enum {
+++	CPG_REASON_UNDEFINED = 0,
++ 	CPG_REASON_JOIN = 1,
++ 	CPG_REASON_LEAVE = 2,
++ 	CPG_REASON_NODEDOWN = 3,
++diff --git a/man/cpg_initialize.3.in b/man/cpg_initialize.3.in
++index bdecc1e..38c7de5 100644
++--- a/man/cpg_initialize.3.in
+++++ b/man/cpg_initialize.3.in
++@@ -1,5 +1,5 @@
++ .\"/*
++-.\" * Copyright (c) 2006-2009 Red Hat, Inc.
+++.\" * Copyright (c) 2006-2019 Red Hat, Inc.
++ .\" *
++ .\" * All rights reserved.
++ .\" *
++@@ -31,7 +31,7 @@
++ .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
++ .\" * THE POSSIBILITY OF SUCH DAMAGE.
++ .\" */
++-.TH CPG_INITIALIZE 3 2004-08-31 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
+++.TH CPG_INITIALIZE 3 2019-04-16 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
++ .SH NAME
++ cpg_initialize \- Create a new connection to the CPG service
++ .SH SYNOPSIS
++@@ -132,18 +132,20 @@ struct cpg_address {
++ .IP
++ .PP
++ where nodeid is a 32 bit unique node identifier, pid is the process ID of the process that has joined/left the group
++-or sent the message, and reason is an integer code indicating why the node joined/left the group.
+++or sent the message, and reason is an integer code indicating why the node joined/left the group (this value is not
+++set for the member_list items).
++ .PP
++ .IP
++ .RS
++ .ne 18
++ .nf
++ .PP
++-CPG_REASON_JOIN     - the process joined a group using cpg_join().
++-CPG_REASON_LEAVE    - the process left a group using cpg_leave()
++-CPG_REASON_NODEDOWN - the process left a group because the node left the cluster.
++-CPG_REASON_NODEUP   - the process joined a group because it was already a member of a group on a node that has just joined the cluster
++-CPG_REASON_PROCDOWN - the process left a group without calling cpg_leave()
+++CPG_REASON_JOIN      - the process joined a group using cpg_join().
+++CPG_REASON_LEAVE     - the process left a group using cpg_leave()
+++CPG_REASON_NODEDOWN  - the process left a group because the node left the cluster.
+++CPG_REASON_NODEUP    - the process joined a group because it was already a member of a group on a node that has just joined the cluster
+++CPG_REASON_PROCDOWN  - the process left a group without calling cpg_leave()
+++CPG_REASON_UNDEFINED - a special value used for the member_list items
++ .ta
++ .fi
++ .RE
++diff --git a/man/cpg_model_initialize.3.in b/man/cpg_model_initialize.3.in
++index e06325d..17ca16a 100644
++--- a/man/cpg_model_initialize.3.in
+++++ b/man/cpg_model_initialize.3.in
++@@ -1,5 +1,5 @@
++ .\"/*
++-.\" * Copyright (c) 2010 Red Hat, Inc.
+++.\" * Copyright (c) 2010-2019 Red Hat, Inc.
++ .\" *
++ .\" * All rights reserved.
++ .\" *
++@@ -32,7 +32,7 @@
++ .\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
++ .\" * THE POSSIBILITY OF SUCH DAMAGE.
++ .\" */
++-.TH CPG_MODEL_INITIALIZE 3 2010-04-07 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
+++.TH CPG_MODEL_INITIALIZE 3 2019-04-16 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
++ .SH NAME
++ cpg_model_initialize \- Create a new connection to the CPG service
++ .SH SYNOPSIS
++@@ -166,18 +166,20 @@ struct cpg_address {
++ .IP
++ .PP
++ where nodeid is a 32 bit unique node identifier, pid is the process ID of the process that has joined/left the group
++-or sent the message, and reason is an integer code indicating why the node joined/left the group.
+++or sent the message, and reason is an integer code indicating why the node joined/left the group (this value is not
+++set for the member_list items).
++ .PP
++ .IP
++ .RS
++ .ne 18
++ .nf
++ .PP
++-CPG_REASON_JOIN     - the process joined a group using cpg_join().
++-CPG_REASON_LEAVE    - the process left a group using cpg_leave()
++-CPG_REASON_NODEDOWN - the process left a group because the node left the cluster.
++-CPG_REASON_NODEUP   - the process joined a group because it was already a member of a group on a node that has just joined the cluster
++-CPG_REASON_PROCDOWN - the process left a group without calling cpg_leave()
+++CPG_REASON_JOIN      - the process joined a group using cpg_join().
+++CPG_REASON_LEAVE     - the process left a group using cpg_leave()
+++CPG_REASON_NODEDOWN  - the process left a group because the node left the cluster.
+++CPG_REASON_NODEUP    - the process joined a group because it was already a member of a group on a node that has just joined the cluster
+++CPG_REASON_PROCDOWN  - the process left a group without calling cpg_leave()
+++CPG_REASON_UNDEFINED - a special value used for the member_list items
++ .ta
++ .fi
++ .RE
++diff --git a/exec/cpg.c b/exec/cpg.c
++index b7ac579..e39ca34 100644
++--- a/exec/cpg.c
+++++ b/exec/cpg.c
++@@ -1,5 +1,5 @@
++ /*
++- * Copyright (c) 2006-2015 Red Hat, Inc.
+++ * Copyright (c) 2006-2019 Red Hat, Inc.
++  *
++  * All rights reserved.
++  *
++@@ -712,6 +712,7 @@ static int notify_lib_joinlist(
++ 			if (!founded) {
++ 				retgi->nodeid = pi->nodeid;
++ 				retgi->pid = pi->pid;
+++				retgi->reason = CPG_REASON_UNDEFINED;
++ 				retgi++;
++ 			}
++ 		}
+diff --git a/debian/patches/cpg-Add-more-comments-to-notify_lib_joinlist.patch b/debian/patches/cpg-Add-more-comments-to-notify_lib_joinlist.patch
+new file mode 100644
+index 00000000..e32102fa
+--- /dev/null
++++ b/debian/patches/cpg-Add-more-comments-to-notify_lib_joinlist.patch
+@@ -0,0 +1,193 @@
++From: Jan Friesse <jfriesse at redhat.com>
++Date: Wed, 15 May 2019 17:39:13 +0200
++Subject: cpg: Add more comments to notify_lib_joinlist
++
++And make handling of left_list more generic. Also free skiplist
++allocated by joinlist_inform_clients function. Last (but not least)
++remove czechlish founded (should have been pp of "find").
++
++Signed-off-by: Jan Friesse <jfriesse at redhat.com>
++(cherry picked from commit 10702c7e6c0cf8164ad8f05acb4e334461555973)
++---
++ exec/cpg.c | 91 +++++++++++++++++++++++++++++++++++++++++---------------------
++ 1 file changed, 60 insertions(+), 31 deletions(-)
++
++diff --git a/exec/cpg.c b/exec/cpg.c
++index e04ba57..2ecdc6b 100644
++--- a/exec/cpg.c
+++++ b/exec/cpg.c
++@@ -663,31 +663,37 @@ static int notify_lib_joinlist(
++ 	int size;
++ 	char *buf;
++ 	struct qb_list_head *iter;
++-	int count;
+++	int member_list_entries;
++ 	struct res_lib_cpg_confchg_callback *res;
++ 	mar_cpg_address_t *retgi;
+++	int i;
++ 
++-	count = 0;
+++	/*
+++	 * Find size of member_list (use process_info_list but remove items in left_list)
+++	 */
+++	member_list_entries = 0;
++ 
++ 	qb_list_for_each(iter, &process_info_list_head) {
++ 		struct process_info *pi = qb_list_entry (iter, struct process_info, list);
+++
++ 		if (mar_name_compare (&pi->group, group_name) == 0) {
++-			int i;
++-			int founded = 0;
+++			int in_left_list = 0;
++ 
++ 			for (i = 0; i < left_list_entries; i++) {
++ 				if (left_list[i].nodeid == pi->nodeid && left_list[i].pid == pi->pid) {
++-					founded++;
+++					in_left_list = 1;
+++					break ;
++ 				}
++ 			}
++ 
++-			if (!founded)
++-				count++;
+++			if (!in_left_list) {
+++				member_list_entries++;
+++			}
++ 		}
++ 	}
++ 
++ 	size = sizeof(struct res_lib_cpg_confchg_callback) +
++-		sizeof(mar_cpg_address_t) * (count + left_list_entries + joined_list_entries);
+++		sizeof(mar_cpg_address_t) * (member_list_entries + left_list_entries + joined_list_entries);
++ 	buf = alloca(size);
++ 	if (!buf)
++ 		return CS_ERR_LIBRARY;
++@@ -695,27 +701,30 @@ static int notify_lib_joinlist(
++ 	res = (struct res_lib_cpg_confchg_callback *)buf;
++ 	res->joined_list_entries = joined_list_entries;
++ 	res->left_list_entries = left_list_entries;
++-	res->member_list_entries = count;
+++	res->member_list_entries = member_list_entries;
++ 	retgi = res->member_list;
++ 	res->header.size = size;
++ 	res->header.id = id;
++ 	res->header.error = CS_OK;
++ 	memcpy(&res->group_name, group_name, sizeof(mar_cpg_name_t));
++ 
+++	/*
+++	 * Fill res->memberlist. Use process_info_list but remove items in left_list.
+++	 */
++ 	qb_list_for_each(iter, &process_info_list_head) {
++-		struct process_info *pi=qb_list_entry (iter, struct process_info, list);
+++		struct process_info *pi = qb_list_entry (iter, struct process_info, list);
++ 
++ 		if (mar_name_compare (&pi->group, group_name) == 0) {
++-			int i;
++-			int founded = 0;
+++			int in_left_list = 0;
++ 
++-			for (i = 0;i < left_list_entries; i++) {
+++			for (i = 0; i < left_list_entries; i++) {
++ 				if (left_list[i].nodeid == pi->nodeid && left_list[i].pid == pi->pid) {
++-					founded++;
+++					in_left_list = 1;
+++					break ;
++ 				}
++ 			}
++ 
++-			if (!founded) {
+++			if (!in_left_list) {
++ 				retgi->nodeid = pi->nodeid;
++ 				retgi->pid = pi->pid;
++ 				retgi->reason = CPG_REASON_UNDEFINED;
++@@ -724,23 +733,30 @@ static int notify_lib_joinlist(
++ 		}
++ 	}
++ 
+++	/*
+++	 * Fill res->left_list
+++	 */
++ 	if (left_list_entries) {
++ 		memcpy (retgi, left_list, left_list_entries * sizeof(mar_cpg_address_t));
++ 		retgi += left_list_entries;
++ 	}
++ 
++ 	if (joined_list_entries) {
++-		int i;
++-
+++		/*
+++		 * Fill res->joined_list
+++		 */
++ 		memcpy (retgi, joined_list, joined_list_entries * sizeof(mar_cpg_address_t));
++ 		retgi += joined_list_entries;
++ 
++-		for (i=0; i < joined_list_entries; i++) {
+++		/*
+++		 * Update cpd_state for all local joined processes in group
+++		 */
+++		for (i = 0; i < joined_list_entries; i++) {
++ 			if (joined_list[i].nodeid == api->totem_nodeid_get()) {
++-			qb_list_for_each(iter, &cpg_pd_list_head) {
+++				qb_list_for_each(iter, &cpg_pd_list_head) {
++ 					struct cpg_pd *cpd = qb_list_entry (iter, struct cpg_pd, list);
++-					if (mar_name_compare (&cpd->group_name, group_name) == 0 &&
++-					    joined_list[i].pid == cpd->pid) {
+++					if (joined_list[i].pid == cpd->pid &&
+++					    mar_name_compare (&cpd->group_name, group_name) == 0) {
++ 						cpd->cpd_state = CPD_STATE_JOIN_COMPLETED;
++ 					}
++ 				}
++@@ -748,6 +764,9 @@ static int notify_lib_joinlist(
++ 		}
++ 	}
++ 
+++	/*
+++	 * Send notification to all ipc clients joined in group_name
+++	 */
++ 	qb_list_for_each(iter, &cpg_pd_list_head) {
++ 		struct cpg_pd *cpd = qb_list_entry (iter, struct cpg_pd, list);
++ 		if (mar_name_compare (&cpd->group_name, group_name) == 0) {
++@@ -760,16 +779,25 @@ static int notify_lib_joinlist(
++ 		}
++ 	}
++ 
++-	if (left_list_entries &&
++-	    left_list[0].nodeid == api->totem_nodeid_get() &&
++-	    left_list[0].reason == CONFCHG_CPG_REASON_LEAVE) {
++-	qb_list_for_each(iter, &cpg_pd_list_head) {
++-			struct cpg_pd *cpd = qb_list_entry (iter, struct cpg_pd, list);
++-			if (mar_name_compare (&cpd->group_name, group_name) == 0 &&
++-			    left_list[0].pid == cpd->pid) {
++-				cpd->pid = 0;
++-				memset (&cpd->group_name, 0, sizeof(cpd->group_name));
++-				cpd->cpd_state = CPD_STATE_UNJOINED;
+++	if (left_list_entries) {
+++		/*
+++		 * Zero internal cpd state for all local processes leaving group
+++		 * (this loop is not strictly needed because left_list always either
+++		 *  contains exactly one process running on local node or more items
+++		 *  but none of them is running on local node)
+++		 */
+++		for (i = 0; i < joined_list_entries; i++) {
+++			if (left_list[i].nodeid == api->totem_nodeid_get() &&
+++			    left_list[i].reason == CONFCHG_CPG_REASON_LEAVE) {
+++				qb_list_for_each(iter, &cpg_pd_list_head) {
+++					struct cpg_pd *cpd = qb_list_entry (iter, struct cpg_pd, list);
+++					if (left_list[i].pid == cpd->pid &&
+++					    mar_name_compare (&cpd->group_name, group_name) == 0) {
+++						cpd->pid = 0;
+++						memset (&cpd->group_name, 0, sizeof(cpd->group_name));
+++						cpd->cpd_state = CPD_STATE_UNJOINED;
+++					}
+++				}
++ 			}
++ 		}
++ 	}
++@@ -966,6 +994,7 @@ static void joinlist_inform_clients (void)
++ 		free(jld);
++ 	}
++ 	qb_map_iter_free(miter);
+++	qb_map_destroy(group_notify_map);
++ 
++ 	joinlist_remove_zombie_pi_entries ();
++ }
+diff --git a/debian/patches/cpg-Move-filling-of-member_list-to-subfunction.patch b/debian/patches/cpg-Move-filling-of-member_list-to-subfunction.patch
+new file mode 100644
+index 00000000..9ec65353
+--- /dev/null
++++ b/debian/patches/cpg-Move-filling-of-member_list-to-subfunction.patch
+@@ -0,0 +1,130 @@
++From: Jan Friesse <jfriesse at redhat.com>
++Date: Thu, 16 May 2019 14:08:25 +0200
++Subject: cpg: Move filling of member_list to subfunction
++
++Signed-off-by: Jan Friesse <jfriesse at redhat.com>
++(cherry picked from commit 0c1de94461368b4a924b516b77691e6ec471dcb0)
++---
++ exec/cpg.c | 86 ++++++++++++++++++++++++++++++++++++--------------------------
++ 1 file changed, 50 insertions(+), 36 deletions(-)
++
++diff --git a/exec/cpg.c b/exec/cpg.c
++index 2ecdc6b..98a16a6 100644
++--- a/exec/cpg.c
+++++ b/exec/cpg.c
++@@ -652,26 +652,27 @@ static int notify_lib_totem_membership (
++ 	return CS_OK;
++ }
++ 
++-static int notify_lib_joinlist(
+++/*
+++ * Helper function for notify_lib_joinlist which prepares member_list using
+++ * process_info_list with removed left_list items.
+++ * member_list_entries - When not NULL it contains number of member_list entries
+++ * member_list - When not NULL it is used as pointer to start of preallocated
+++ *               array of members. Pointer is adjusted to the end of array on
+++ *               exit.
+++ */
+++static void notify_lib_joinlist_fill_member_list(
++ 	const mar_cpg_name_t *group_name,
++-	int joined_list_entries,
++-	mar_cpg_address_t *joined_list,
++ 	int left_list_entries,
++-	mar_cpg_address_t *left_list,
++-	int id)
+++	const mar_cpg_address_t *left_list,
+++	int *member_list_entries,
+++	mar_cpg_address_t **member_list)
++ {
++-	int size;
++-	char *buf;
++ 	struct qb_list_head *iter;
++-	int member_list_entries;
++-	struct res_lib_cpg_confchg_callback *res;
++-	mar_cpg_address_t *retgi;
++ 	int i;
++ 
++-	/*
++-	 * Find size of member_list (use process_info_list but remove items in left_list)
++-	 */
++-	member_list_entries = 0;
+++	if (member_list_entries != NULL) {
+++		*member_list_entries = 0;
+++	}
++ 
++ 	qb_list_for_each(iter, &process_info_list_head) {
++ 		struct process_info *pi = qb_list_entry (iter, struct process_info, list);
++@@ -687,10 +688,42 @@ static int notify_lib_joinlist(
++ 			}
++ 
++ 			if (!in_left_list) {
++-				member_list_entries++;
+++				if (member_list_entries != NULL) {
+++					(*member_list_entries)++;
+++				}
+++
+++				if (member_list != NULL) {
+++					(*member_list)->nodeid = pi->nodeid;
+++					(*member_list)->pid = pi->pid;
+++					(*member_list)->reason = CPG_REASON_UNDEFINED;
+++					(*member_list)++;
+++				}
++ 			}
++ 		}
++ 	}
+++}
+++
+++static int notify_lib_joinlist(
+++	const mar_cpg_name_t *group_name,
+++	int joined_list_entries,
+++	mar_cpg_address_t *joined_list,
+++	int left_list_entries,
+++	mar_cpg_address_t *left_list,
+++	int id)
+++{
+++	int size;
+++	char *buf;
+++	struct qb_list_head *iter;
+++	int member_list_entries;
+++	struct res_lib_cpg_confchg_callback *res;
+++	mar_cpg_address_t *retgi;
+++	int i;
+++
+++	/*
+++	 * Find size of member_list (use process_info_list but remove items in left_list)
+++	 */
+++	notify_lib_joinlist_fill_member_list(group_name, left_list_entries, left_list,
+++	    &member_list_entries, NULL);
++ 
++ 	size = sizeof(struct res_lib_cpg_confchg_callback) +
++ 		sizeof(mar_cpg_address_t) * (member_list_entries + left_list_entries + joined_list_entries);
++@@ -711,27 +744,8 @@ static int notify_lib_joinlist(
++ 	/*
++ 	 * Fill res->memberlist. Use process_info_list but remove items in left_list.
++ 	 */
++-	qb_list_for_each(iter, &process_info_list_head) {
++-		struct process_info *pi = qb_list_entry (iter, struct process_info, list);
++-
++-		if (mar_name_compare (&pi->group, group_name) == 0) {
++-			int in_left_list = 0;
++-
++-			for (i = 0; i < left_list_entries; i++) {
++-				if (left_list[i].nodeid == pi->nodeid && left_list[i].pid == pi->pid) {
++-					in_left_list = 1;
++-					break ;
++-				}
++-			}
++-
++-			if (!in_left_list) {
++-				retgi->nodeid = pi->nodeid;
++-				retgi->pid = pi->pid;
++-				retgi->reason = CPG_REASON_UNDEFINED;
++-				retgi++;
++-			}
++-		}
++-	}
+++	notify_lib_joinlist_fill_member_list(group_name, left_list_entries, left_list,
+++	    NULL, &retgi);
++ 
++ 	/*
++ 	 * Fill res->left_list
+diff --git a/debian/patches/cpg-notify_lib_joinlist-drop-conn-parameter.patch b/debian/patches/cpg-notify_lib_joinlist-drop-conn-parameter.patch
+new file mode 100644
+index 00000000..e1742bf9
+--- /dev/null
++++ b/debian/patches/cpg-notify_lib_joinlist-drop-conn-parameter.patch
+@@ -0,0 +1,112 @@
++From: =?utf-8?q?Fabian_Gr=C3=BCnbichler?= <f.gruenbichler at proxmox.com>
++Date: Wed, 15 May 2019 13:45:13 +0200
++Subject: cpg: notify_lib_joinlist: drop conn parameter
++
++since it is always set to NULL.
++
++(cherry picked from commit d5e9723695b2ae63162b238300013d785e875ea7)
++---
++ exec/cpg.c | 54 ++++++++++++++++++++++++------------------------------
++ 1 file changed, 24 insertions(+), 30 deletions(-)
++
++diff --git a/exec/cpg.c b/exec/cpg.c
++index e39ca34..b752cc1 100644
++--- a/exec/cpg.c
+++++ b/exec/cpg.c
++@@ -647,7 +647,6 @@ static int notify_lib_totem_membership (
++ 
++ static int notify_lib_joinlist(
++ 	const mar_cpg_name_t *group_name,
++-	void *conn,
++ 	int joined_list_entries,
++ 	mar_cpg_address_t *joined_list,
++ 	int left_list_entries,
++@@ -728,40 +727,35 @@ static int notify_lib_joinlist(
++ 		retgi += joined_list_entries;
++ 	}
++ 
++-	if (conn) {
++-		api->ipc_dispatch_send (conn, buf, size);
++-	} else {
++ 	qb_list_for_each(iter, &cpg_pd_list_head) {
++-			struct cpg_pd *cpd = qb_list_entry (iter, struct cpg_pd, list);
++-			if (mar_name_compare (&cpd->group_name, group_name) == 0) {
++-				assert (joined_list_entries <= 1);
++-				if (joined_list_entries) {
++-					if (joined_list[0].pid == cpd->pid &&
++-						joined_list[0].nodeid == api->totem_nodeid_get()) {
++-						cpd->cpd_state = CPD_STATE_JOIN_COMPLETED;
++-					}
+++		struct cpg_pd *cpd = qb_list_entry (iter, struct cpg_pd, list);
+++		if (mar_name_compare (&cpd->group_name, group_name) == 0) {
+++			assert (joined_list_entries <= 1);
+++			if (joined_list_entries) {
+++				if (joined_list[0].pid == cpd->pid &&
+++					joined_list[0].nodeid == api->totem_nodeid_get()) {
+++					cpd->cpd_state = CPD_STATE_JOIN_COMPLETED;
++ 				}
++-				if (cpd->cpd_state == CPD_STATE_JOIN_COMPLETED ||
++-					cpd->cpd_state == CPD_STATE_LEAVE_STARTED) {
+++			}
+++			if (cpd->cpd_state == CPD_STATE_JOIN_COMPLETED ||
+++				cpd->cpd_state == CPD_STATE_LEAVE_STARTED) {
++ 
++-					api->ipc_dispatch_send (cpd->conn, buf, size);
++-					cpd->transition_counter++;
++-				}
++-				if (left_list_entries) {
++-					if (left_list[0].pid == cpd->pid &&
++-						left_list[0].nodeid == api->totem_nodeid_get() &&
++-						left_list[0].reason == CONFCHG_CPG_REASON_LEAVE) {
++-
++-						cpd->pid = 0;
++-						memset (&cpd->group_name, 0, sizeof(cpd->group_name));
++-						cpd->cpd_state = CPD_STATE_UNJOINED;
++-					}
+++				api->ipc_dispatch_send (cpd->conn, buf, size);
+++				cpd->transition_counter++;
+++			}
+++			if (left_list_entries) {
+++				if (left_list[0].pid == cpd->pid &&
+++					left_list[0].nodeid == api->totem_nodeid_get() &&
+++					left_list[0].reason == CONFCHG_CPG_REASON_LEAVE) {
+++
+++					cpd->pid = 0;
+++					memset (&cpd->group_name, 0, sizeof(cpd->group_name));
+++					cpd->cpd_state = CPD_STATE_UNJOINED;
++ 				}
++ 			}
++ 		}
++ 	}
++ 
++-
++ 	/*
++ 	 * Traverse thru cpds and send totem membership for cpd, where it is not send yet
++ 	 */
++@@ -858,7 +852,7 @@ static void downlist_inform_clients (void)
++ 		}
++ 
++ 		/* send confchg event */
++-		notify_lib_joinlist(&group, NULL,
+++		notify_lib_joinlist(&group,
++ 			0, NULL,
++ 			pcd->left_list_entries,
++ 			pcd->left_list,
++@@ -1157,7 +1151,7 @@ static void do_proc_join(
++ 	notify_info.nodeid = nodeid;
++ 	notify_info.reason = reason;
++ 
++-	notify_lib_joinlist(&pi->group, NULL,
+++	notify_lib_joinlist(&pi->group,
++ 			    1, &notify_info,
++ 			    0, NULL,
++ 			    MESSAGE_RES_CPG_CONFCHG_CALLBACK);
++@@ -1177,7 +1171,7 @@ static void do_proc_leave(
++ 	notify_info.nodeid = nodeid;
++ 	notify_info.reason = reason;
++ 
++-	notify_lib_joinlist(name, NULL,
+++	notify_lib_joinlist(name,
++ 		0, NULL,
++ 		1, &notify_info,
++ 		MESSAGE_RES_CPG_CONFCHG_CALLBACK);
+diff --git a/debian/patches/cpg-send-single-confchg-event-per-group-on-joinlist.patch b/debian/patches/cpg-send-single-confchg-event-per-group-on-joinlist.patch
+new file mode 100644
+index 00000000..013baaa0
+--- /dev/null
++++ b/debian/patches/cpg-send-single-confchg-event-per-group-on-joinlist.patch
+@@ -0,0 +1,199 @@
++From: =?utf-8?q?Fabian_Gr=C3=BCnbichler?= <f.gruenbichler at proxmox.com>
++Date: Wed, 8 May 2019 16:31:15 +0200
++Subject: cpg: send single confchg event per group on joinlist
++MIME-Version: 1.0
++Content-Type: text/plain; charset="utf-8"
++Content-Transfer-Encoding: 8bit
++
++using a similar approach to
++
++43bead364514e8ae2ba00bcf07c460e31d0b1765 "Send one confchg event per CPG group to CPG client"
++
++which did the same for leave events on a network partition.
++
++Fixes: #351
++
++Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
++(cherry picked from commit 9c60289b831ef0b138142c3fc39c9a9da8a2ada2)
++---
++ exec/cpg.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++----------------
++ 1 file changed, 73 insertions(+), 24 deletions(-)
++
++diff --git a/exec/cpg.c b/exec/cpg.c
++index b752cc1..e04ba57 100644
++--- a/exec/cpg.c
+++++ b/exec/cpg.c
++@@ -194,6 +194,12 @@ struct join_list_entry {
++ 	mar_cpg_name_t group_name;
++ };
++ 
+++struct join_list_confchg_data {
+++	mar_cpg_name_t cpg_group;
+++	mar_cpg_address_t join_list[CPG_MEMBERS_MAX];
+++	int join_list_entries;
+++};
+++
++ /*
++  * Service Interfaces required by service_message_handler struct
++  */
++@@ -312,7 +318,8 @@ static void do_proc_join(
++ 	const mar_cpg_name_t *name,
++ 	uint32_t pid,
++ 	unsigned int nodeid,
++-	int reason);
+++	int reason,
+++	qb_map_t *group_notify_map);
++ 
++ static void do_proc_leave(
++ 	const mar_cpg_name_t *name,
++@@ -723,35 +730,46 @@ static int notify_lib_joinlist(
++ 	}
++ 
++ 	if (joined_list_entries) {
+++		int i;
+++
++ 		memcpy (retgi, joined_list, joined_list_entries * sizeof(mar_cpg_address_t));
++ 		retgi += joined_list_entries;
+++
+++		for (i=0; i < joined_list_entries; i++) {
+++			if (joined_list[i].nodeid == api->totem_nodeid_get()) {
+++			qb_list_for_each(iter, &cpg_pd_list_head) {
+++					struct cpg_pd *cpd = qb_list_entry (iter, struct cpg_pd, list);
+++					if (mar_name_compare (&cpd->group_name, group_name) == 0 &&
+++					    joined_list[i].pid == cpd->pid) {
+++						cpd->cpd_state = CPD_STATE_JOIN_COMPLETED;
+++					}
+++				}
+++			}
+++		}
++ 	}
++ 
++ 	qb_list_for_each(iter, &cpg_pd_list_head) {
++ 		struct cpg_pd *cpd = qb_list_entry (iter, struct cpg_pd, list);
++ 		if (mar_name_compare (&cpd->group_name, group_name) == 0) {
++-			assert (joined_list_entries <= 1);
++-			if (joined_list_entries) {
++-				if (joined_list[0].pid == cpd->pid &&
++-					joined_list[0].nodeid == api->totem_nodeid_get()) {
++-					cpd->cpd_state = CPD_STATE_JOIN_COMPLETED;
++-				}
++-			}
++ 			if (cpd->cpd_state == CPD_STATE_JOIN_COMPLETED ||
++ 				cpd->cpd_state == CPD_STATE_LEAVE_STARTED) {
++ 
++ 				api->ipc_dispatch_send (cpd->conn, buf, size);
++ 				cpd->transition_counter++;
++ 			}
++-			if (left_list_entries) {
++-				if (left_list[0].pid == cpd->pid &&
++-					left_list[0].nodeid == api->totem_nodeid_get() &&
++-					left_list[0].reason == CONFCHG_CPG_REASON_LEAVE) {
++-
++-					cpd->pid = 0;
++-					memset (&cpd->group_name, 0, sizeof(cpd->group_name));
++-					cpd->cpd_state = CPD_STATE_UNJOINED;
++-				}
+++		}
+++	}
+++
+++	if (left_list_entries &&
+++	    left_list[0].nodeid == api->totem_nodeid_get() &&
+++	    left_list[0].reason == CONFCHG_CPG_REASON_LEAVE) {
+++	qb_list_for_each(iter, &cpg_pd_list_head) {
+++			struct cpg_pd *cpd = qb_list_entry (iter, struct cpg_pd, list);
+++			if (mar_name_compare (&cpd->group_name, group_name) == 0 &&
+++			    left_list[0].pid == cpd->pid) {
+++				cpd->pid = 0;
+++				memset (&cpd->group_name, 0, sizeof(cpd->group_name));
+++				cpd->cpd_state = CPD_STATE_UNJOINED;
++ 			}
++ 		}
++ 	}
++@@ -915,6 +933,11 @@ static void joinlist_inform_clients (void)
++ 	struct joinlist_msg *stored_msg;
++ 	struct qb_list_head *iter;
++ 	unsigned int i;
+++	qb_map_t *group_notify_map;
+++	qb_map_iter_t *miter;
+++	struct join_list_confchg_data *jld;
+++
+++	group_notify_map = qb_skiplist_create();
++ 
++ 	i = 0;
++ 	qb_list_for_each(iter, &joinlist_messages_head) {
++@@ -931,9 +954,19 @@ static void joinlist_inform_clients (void)
++ 		}
++ 
++ 		do_proc_join (&stored_msg->group_name, stored_msg->pid, stored_msg->sender_nodeid,
++-			CONFCHG_CPG_REASON_NODEUP);
+++			CONFCHG_CPG_REASON_NODEUP, group_notify_map);
++ 	}
++ 
+++	miter = qb_map_iter_create(group_notify_map);
+++	while (qb_map_iter_next(miter, (void **)&jld)) {
+++		notify_lib_joinlist(&jld->cpg_group,
+++				    jld->join_list_entries, jld->join_list,
+++				    0, NULL,
+++				    MESSAGE_RES_CPG_CONFCHG_CALLBACK);
+++		free(jld);
+++	}
+++	qb_map_iter_free(miter);
+++
++ 	joinlist_remove_zombie_pi_entries ();
++ }
++ 
++@@ -1111,13 +1144,15 @@ static void do_proc_join(
++ 	const mar_cpg_name_t *name,
++ 	uint32_t pid,
++ 	unsigned int nodeid,
++-	int reason)
+++	int reason,
+++	qb_map_t *group_notify_map)
++ {
++ 	struct process_info *pi;
++ 	struct process_info *pi_entry;
++ 	mar_cpg_address_t notify_info;
++ 	struct qb_list_head *list;
++ 	struct qb_list_head *list_to_add = NULL;
+++	int size;
++ 
++ 	if (process_info_find (name, pid, nodeid) != NULL) {
++ 		return ;
++@@ -1151,10 +1186,24 @@ static void do_proc_join(
++ 	notify_info.nodeid = nodeid;
++ 	notify_info.reason = reason;
++ 
++-	notify_lib_joinlist(&pi->group,
++-			    1, &notify_info,
++-			    0, NULL,
++-			    MESSAGE_RES_CPG_CONFCHG_CALLBACK);
+++	if (group_notify_map == NULL) {
+++		notify_lib_joinlist(&pi->group,
+++				    1, &notify_info,
+++				    0, NULL,
+++				    MESSAGE_RES_CPG_CONFCHG_CALLBACK);
+++	} else {
+++		struct join_list_confchg_data *jld = qb_map_get(group_notify_map, pi->group.value);
+++		if (jld == NULL) {
+++			jld = (struct join_list_confchg_data *)calloc(1, sizeof(struct join_list_confchg_data));
+++			memcpy(&jld->cpg_group, &pi->group, sizeof(mar_cpg_name_t));
+++			qb_map_put(group_notify_map, jld->cpg_group.value, jld);
+++		}
+++		size = jld->join_list_entries;
+++		jld->join_list[size].nodeid = notify_info.nodeid;
+++		jld->join_list[size].pid = notify_info.pid;
+++		jld->join_list[size].reason = notify_info.reason;
+++		jld->join_list_entries++;
+++	}
++ }
++ 
++ static void do_proc_leave(
++@@ -1219,7 +1268,7 @@ static void message_handler_req_exec_cpg_procjoin (
++ 
++ 	do_proc_join (&req_exec_cpg_procjoin->group_name,
++ 		req_exec_cpg_procjoin->pid, nodeid,
++-		CONFCHG_CPG_REASON_JOIN);
+++		CONFCHG_CPG_REASON_JOIN, NULL);
++ }
++ 
++ static void message_handler_req_exec_cpg_procleave (
+diff --git a/debian/patches/series b/debian/patches/series
+index 6f18c886..324cc365 100644
+--- a/debian/patches/series
++++ b/debian/patches/series
+@@ -12,3 +12,8 @@ set-totem.keyfile-and-totem.key-to-RO.patch
+ keygen-Reflect-change-in-knet.patch
+ totemconfig-Remove-support-for-3des.patch
+ crypto-re-introduce-secauth-parameter.patch
++cpg-Add-CPG_REASON_UNDEFINED.patch
++cpg-notify_lib_joinlist-drop-conn-parameter.patch
++cpg-send-single-confchg-event-per-group-on-joinlist.patch
++cpg-Add-more-comments-to-notify_lib_joinlist.patch
++cpg-Move-filling-of-member_list-to-subfunction.patch
diff --git a/patches/series b/patches/series
index 0f845a0..18e0ab4 100644
--- a/patches/series
+++ b/patches/series
@@ -2,3 +2,7 @@
 0002-remove-init-script.patch
 0003-only-start-corosync.service-if-conf-exists.patch
 0004-bsys-disable-augeas-tools.patch
+0005-cfgtool-Improve-link-status-display.patch
+0006-Revert-init-Enable-StopWhenUnneeded.patch
+0007-add-crypto-patches.patch
+0008-CPG-callback-merging.patch
-- 
2.20.1





More information about the pve-devel mailing list