Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-116149

portblock: multi-state/promotable support

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.3
    • rhel-8.8.0.z
    • resource-agents
    • resource-agents-4.16.0-54.el10
    • No
    • Moderate
    • rhel-ha
    • ZStream
    • 5
    • 13
    • 18
    • 8
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • HA-infra Sprint #1: Oct 6 2025, HA-infra Sprint #2: Nov 3 2025, HA-infra Sprint #3: Nov24 2025, HA-Infra Sprint #4:Dec15-Jan9, HA-Infra Sprint #4:Dec15-Jan10
    • Regression Exception
    • Enhancement
    • Hide
      The `portblock` resource agent now supports promotable clones::
      Previously, the `portblock` resource agent only supported simple active and inactive states. This made it impossible to coordinate port blocking and unblocking based on whether a node was in a primary or secondary role within a cluster.
      +
      With this enhancement, the `portblock` resource agent supports promotable clones.
      +
      As a result, you can configure `portblock` resources that use "Promoted" and "Unpromoted" states. For example, you can now create a configuration where unpromoted nodes block a specific port while the promoted node unblocks it, which is essential for managing traffic in certain active-passive service environments.
      Show
      The `portblock` resource agent now supports promotable clones:: Previously, the `portblock` resource agent only supported simple active and inactive states. This made it impossible to coordinate port blocking and unblocking based on whether a node was in a primary or secondary role within a cluster. + With this enhancement, the `portblock` resource agent supports promotable clones. + As a result, you can configure `portblock` resources that use "Promoted" and "Unpromoted" states. For example, you can now create a configuration where unpromoted nodes block a specific port while the promoted node unblocks it, which is essential for managing traffic in certain active-passive service environments.
    • In Progress
    • Required
    • Required
    • Not Required
    • None

      What were you trying to do that didn't work?

      Block/unblock port(s) based on promotable logic.

      What is the impact of this issue to you?

      Unable to unblock ports when the resource gets promoted.

      Please provide the package NVR for which the bug is seen:

      How reproducible is this bug?:

      100%

      Steps to reproduce

      1. pcs resource create pblock portblock protocol=tcp portno=8444 direction=both action=unlock promotable

      Expected results

      The resource gets promoted on one node, and changes the state of the firewall accordingly.

      Actual results

      All nodes remain in unpromoted state due to lack of promotable logic in the agent.

       Note

      This ticket does not cover the nftables part of the Pull Request.

              rhn-engineering-oalbrigt Oyvind Albrigtsen
              rhn-engineering-oalbrigt Oyvind Albrigtsen
              Oyvind Albrigtsen Oyvind Albrigtsen
              Martin Juricek Martin Juricek
              Michal Stubna Michal Stubna
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: