portblock: remove write to tcp_tw_recycle

(cherry picked from commit edfd48a6ae81ce70a293327b24d0c06759e6dfc7)

portblock-remove-write-to-tcp_tw_recycle.patch

@@ -0,0 +1,56 @@
+From c448ca01367916741662b9e6af54d5d3f189d4fa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christoph=20B=C3=B6hmwalder?=
+ <christoph.boehmwalder@linbit.com>
+Date: Mon, 25 Mar 2024 15:39:44 +0100
+Subject: [PATCH 1/3] portblock: remove write to tcp_tw_recycle
+
+Currently, the portblock resource agent enables the
+net.ipv4.tcp_tw_recycle option before sending a tickle ACK packet.
+
+This option is supposed to recycle TCP sockets that are left in the
+TIME_WAIT state. On the host that initiates the closing of a TCP
+connection, a socket will be left in this state for about 60 seconds
+before it finally gets removed (and freed up for further use). This is
+by design, and it is generally considered useful. [0]
+
+The tcp_tw_recycle option is supposed to shorten the time that a socket
+spends in the TIME_WAIT state, allowing its slot to be reused more
+quickly.
+
+Unfortunately, there are no hints left by the previous author about the
+rationale behind setting this option. One can only guess that they
+somehow managed to exhaust the number of TCP sockets during testing, and
+setting this option resolved that immediate issue. It is not entirely
+clear how this would happen in an actual real-world scenario, since it
+would require many switchovers in a relatively short period of time.
+
+The problem is that this option has been completely broken starting from
+Linux 4.10 (since it started randomizing TCP timestamp offsets), and
+even before that for NAT connections.
+
+Finally, the option has been completely removed in Linux 4.12, which now
+leads to annoying "No such file or directory" errors whenever the
+portblock agent runs on a semi-modern kernel.
+
+Thus, remove the line enabling the option.
+
+[0] https://vincent.bernat.ch/en/blog/2014-tcp-time-wait-state-linux
+---
+ heartbeat/portblock | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/heartbeat/portblock b/heartbeat/portblock
+index 7b9f5ca3..e88ecc2a 100755
+--- a/heartbeat/portblock
++++ b/heartbeat/portblock
+@@ -328,7 +328,6 @@ save_tcp_connections()
+ tickle_remote()
+ {
+ 	[ -z "$OCF_RESKEY_tickle_dir" ] && return
+-	echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
+ 	f=$OCF_RESKEY_tickle_dir/$OCF_RESKEY_ip
+ 	[ -r $f ] || return
+ 	$TICKLETCP -n 3 < $f
+-- 
+2.25.1
+

resource-agents.spec

@@ -1,7 +1,7 @@
 Name:                resource-agents
 Summary:             Open Source HA Reusable Cluster Resource Scripts
 Version:             4.13.0
-Release:             14
+Release:             15
 License:             GPLv2+ and LGPLv2+
 URL:                 https://github.com/ClusterLabs/resource-agents
 Source0:             https://github.com/ClusterLabs/resource-agents/archive/v%{version}.tar.gz
@@ -19,6 +19,7 @@ Patch0010:	     portblock-accept-numeric-protocol-from-iptables.patch
 Patch0011:           all-agents-remove-S-state-status-that-are-either-ign.patch
 Patch0012:           nfsserver-fix-server-scope-functionality-for-both-po.patch
 Patch0013:	     Fix-openstack-info-Ensure-no-newlines-in-openstack.patch
+Patch0014:	     portblock-remove-write-to-tcp_tw_recycle.patch
 Obsoletes:           heartbeat-resources <= %{version}
 Provides:            heartbeat-resources = %{version}
 BuildRequires:       automake autoconf pkgconfig gcc perl-interpreter perl-generators python3-devel
@@ -116,6 +117,9 @@ export CFLAGS="$(echo '%{optflags}')"
 %{_mandir}/man8/{ocf-tester.8*,ldirectord.8*}
 
 %changelog
+* Wed Apr 10 2024 bixiaoyan <bixiaoyan@kylinos.cn> - 4.13.0-15
+- portblock: remove write to tcp_tw_recycle
+
 * Wed Apr 10 2024 bixiaoyan <bixiaoyan@kylinos.cn> - 4.13.0-14
 - Fix: openstack-info: Ensure no newlines in openstack_ports