Your message dated Sun, 24 Aug 2025 15:23:14 +0000
with message-id <[email protected]>
and subject line Bug#1109925: fixed in resource-agents 1:4.16.0-4
has caused the Debian Bug report #1109925,
regarding findif.sh: fix to avoid duplicate route issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1109925: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109925
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: resource-agents
Version: 1:4.16.0-3
Severity: important
Hello
In our setup, we use the IPaddr2 resource in Pacemaker to configure a
gateway address for a firewall via Corosync. The interface eno2 is
configured with the IPv6 address 2001:db8:abcd:0012::3/64, and the
Pacemaker resource is defined as follows:
primitive intern-ipv6 IPaddr2 \
params ip="2001:db8:abcd:0012::1" nic=eno2 cidr_netmask=64 \
meta migration-threshold=2 \
op monitor interval=20 on-fail=restart
There is this route installed in the routing table:
2001:db8::/32 via 2001:db8:abcd:0012::10 dev eno2 proto static metric
1024 pref medium
Under this configuration, the resource fails to start, and the following
error appears in the logs:
$HOST pacemaker-schedulerd[273]: warning: Unexpected result (Error
occurred: [findif] failed)
$HOST IPaddr2(intern-ipv6)[774]: ERROR: More than 1 routes match
2001:db8:abcd:0012::1/64. Unable to decide which route to use.
This issue occurs because the findif.sh script
(/usr/lib/ocf/lib/heartbeat/findif.sh) in the heartbeat resource agent
does not correctly handle more specific routes or automatically added
local routes when multiple IPs in the same network exist on an
interface. As a result, the route check fails and prevents the resource
from starting. A fix has already been merged upstream [1], but it is not
yet included in the current released version. It would be very helpful
if this fix could be applied, as our firewall setup depends on this
functionality working correctly. And it will break our existing setup
once we do an upgrade.
I added the patch in the attachment.
[1] https://github.com/ClusterLabs/resource-agents/pull/2052
-- System Information:
Debian Release: 13 (trixie)
resource-agents version:
ii resource-agents 1:4.16.0-3 amd64 Cluster Resource Agents
Regards
Sakirnth
From: Sakirnth Nagarasa <[email protected]>
Date: Sat, 26 Jul 2025 10:51:28 +0200
Subject: findif: Avoid duplicate route issue
Origin: upstream, https://github.com/ClusterLabs/resource-agents/pull/2052
Bug: https://github.com/ClusterLabs/resource-agents/issues/2001
Last-Update: 2025-07-26
To handle more specific routes on the same interface and automatic
creation of local routes in the same network when having multiple
ip address per interface.
---
heartbeat/findif.sh | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/heartbeat/findif.sh b/heartbeat/findif.sh
index 2ae91e9..6fb4711 100644
--- a/heartbeat/findif.sh
+++ b/heartbeat/findif.sh
@@ -217,18 +217,14 @@ findif()
fi
if [ -n "$nic" ] ; then
# NIC supports more than two.
- routematch=$(ip -o -f $family route list match $match $proto $scope | grep -v "^\(unreachable\|prohibit\|blackhole\)" | grep "dev $nic " | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr)
+ routematch=$(ip -o -f $family route list match $match $proto $scope | grep "dev $nic " | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr)
else
- routematch=$(ip -o -f $family route list match $match $proto $scope | grep -v "^\(unreachable\|prohibit\|blackhole\)" | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr)
- fi
- if [ "$family" = "inet6" ]; then
- routematch=$(echo "$routematch" | grep -v "^default")
+ routematch=$(ip -o -f $family route list match $match $proto $scope | sed -e 's,^\([0-9.]\+\) ,\1/32 ,;s,^\([0-9a-f:]\+\) ,\1/128 ,' | sort -t/ -k2,2nr)
fi
- if [ $(echo "$routematch" | wc -l) -gt 1 ]; then
- ocf_exit_reason "More than 1 routes match $match. Unable to decide which route to use."
- return $OCF_ERR_GENERIC
- fi
+ # ignore matches from unrelated tables, and sort by metric to get the route with the lowest metric
+ routematch=$(echo "$routematch" | awk '!/^(default|unreachable|prohibit|blackhole)/{match($0, /metric ([^ ]+)/, arr); print arr[1], $0}' | sort -k 1n -u | cut -d" " -f 2- | head -1)
+
set -- $routematch
if [ $# = 0 ] ; then
case $OCF_RESKEY_ip in
--- End Message ---
--- Begin Message ---
Source: resource-agents
Source-Version: 1:4.16.0-4
Done: Valentin Vidic <[email protected]>
We believe that the bug you reported is fixed in the latest version of
resource-agents, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Valentin Vidic <[email protected]> (supplier of updated resource-agents package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 24 Aug 2025 16:32:20 +0200
Source: resource-agents
Architecture: source
Version: 1:4.16.0-4
Distribution: unstable
Urgency: medium
Maintainer: Debian HA Maintainers
<[email protected]>
Changed-By: Valentin Vidic <[email protected]>
Closes: 1109925
Changes:
resource-agents (1:4.16.0-4) unstable; urgency=medium
.
* debian/patches: fix to avoid duplicate route issues (Closes: #1109925)
* debian/patches: fix shellcheck redirection errors
* debian/copyright: remove FSF postal address
Checksums-Sha1:
4926e48ad5aa54d4af9af81da0722dbefcfd8ad9 2751 resource-agents_4.16.0-4.dsc
43e8fd86bc1ceb99eb6aa1dfeacd574343ab5375 23796
resource-agents_4.16.0-4.debian.tar.xz
70c390b3d97236eab74b0673bedc5b205cfdf4e0 8330
resource-agents_4.16.0-4_source.buildinfo
Checksums-Sha256:
4e8e2fa8913c4b8c4a11b536b866aaf197312c46ac6b43c50c0ec3c20e99a8b1 2751
resource-agents_4.16.0-4.dsc
9369f29d53b3dcdaa75fb3eb92f272aeccdbb51537da81a5c7b4eaf6bb22693f 23796
resource-agents_4.16.0-4.debian.tar.xz
37b061f6809b17a86d14dd89bd975a2657a83e0e95a67948cdd568cf271a5dd4 8330
resource-agents_4.16.0-4_source.buildinfo
Files:
b7235e96ca522a345d0262e19d707681 2751 admin optional
resource-agents_4.16.0-4.dsc
bf2e4e44686d0fb5548ee80f4b968c02 23796 admin optional
resource-agents_4.16.0-4.debian.tar.xz
29afb4259604c44bf76d0ea38675ff1b 8330 admin optional
resource-agents_4.16.0-4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEExaW53cM9k/u2PWfIMofYmpfNqHsFAmirKNISHHZ2aWRpY0Bk
ZWJpYW4ub3JnAAoJEDKH2JqXzah7KXAP/1zkUz5/nLruDTUmqdd/0mwfObPIEmsc
imkE67GgKuS88f8NRxl7x3BP5gH9jfPwSeeqhPHC1eggTIPE8pIcL94FUvk9KU5/
68xXVfkM/V1Bpdwm5E/cG7ZtWZUnwG/2qhAyV3v9sgqLYAp0HbNWI9vr71uC9i+H
beBBNuy82tfOkbIuNm4+vf06C/nRJemjRf1CUDe9dHzxYyJlOhY6m2+rmV7lcSjl
8ld4ABmsF037Cp0wC354Bzi2W36INNKF/lRh35eA8inK8JMvf1dvvPYEC7SVEwtr
xxHzm73qrIW6T2duPBZ07xGd/YA8XasS7PT+xglweo4eMZB6A5MFYDTAP2hHODGK
gScihqVpgCJEtCnTYAyx4F/jqQmCzaqA2GObSbcwDMOj0oyu5wm50kzjVUsNgpqT
cjed7jz5s1skpa6vLz68ODibs9M01DFgaEKR9sPMyMwiNxiNtQx/iJiatOe2g9/1
ZWFCigB7xBrjVYsyyBOrbNjKuMbNZpQKI2rAGOOKDLYmGU0pF4nZtzSZri7/jSdv
jxGSQKP6setvtpO8WzT7geB63vBmXwK757aGCBvNCVEHEnF7uLeR049fSNEFrPhF
1d3dZFNh1lE2l0zPrhBNh4edvErV5OWYE4RaZ2I6ukgV8ptCHEXiJ4f2Pud1DpBh
3Ro+bLBQ9ebI
=Y0ll
-----END PGP SIGNATURE-----
pgpE7MA8KZXzH.pgp
Description: PGP signature
--- End Message ---
