diff --git a/0003-watchdog-5.13-rhsel.patch b/0003-watchdog-5.13-rhsel.patch new file mode 100644 index 0000000..49a7ecd --- /dev/null +++ b/0003-watchdog-5.13-rhsel.patch @@ -0,0 +1,34 @@ +diff -ur watchdog-5.15.old/src/test_binary.c watchdog-5.15/src/test_binary.c +--- watchdog-5.15.old/src/test_binary.c 2016-02-26 12:05:00.000000000 +0000 ++++ watchdog-5.15/src/test_binary.c 2018-02-13 08:51:27.292750445 +0000 +@@ -263,11 +263,11 @@ + * to cause trouble, so make them go to their respective files */ + strcpy(filename_buf, logdir); + strcat(filename_buf, "/test-bin.stdout"); +- if (!freopen(filename_buf, "a+", stdout)) ++ if (!freopen(filename_buf, "a", stdout)) + exit(errno); + strcpy(filename_buf, logdir); + strcat(filename_buf, "/test-bin.stderr"); +- if (!freopen(filename_buf, "a+", stderr)) ++ if (!freopen(filename_buf, "a", stderr)) + exit(errno); + + /* now start binary */ +diff -ur watchdog-5.15.old/src/watchdog.c watchdog-5.15/src/watchdog.c +--- watchdog-5.15.old/src/watchdog.c 2016-02-26 12:05:00.000000000 +0000 ++++ watchdog-5.15/src/watchdog.c 2018-02-13 08:51:43.747738628 +0000 +@@ -86,11 +86,11 @@ + * So make stdout and stderr go to their respective files */ + strcpy(filename_buf, logdir); + strcat(filename_buf, "/repair-bin.stdout"); +- if (!freopen(filename_buf, "a+", stdout)) ++ if (!freopen(filename_buf, "a", stdout)) + exit(errno); + strcpy(filename_buf, logdir); + strcat(filename_buf, "/repair-bin.stderr"); +- if (!freopen(filename_buf, "a+", stderr)) ++ if (!freopen(filename_buf, "a", stderr)) + exit(errno); + + /* now start binary */ diff --git a/0004-watchdog-5.13-rhseldoc.patch b/0004-watchdog-5.13-rhseldoc.patch new file mode 100644 index 0000000..3ccaf23 --- /dev/null +++ b/0004-watchdog-5.13-rhseldoc.patch @@ -0,0 +1,136 @@ +diff -ur watchdog-5.15.old/watchdog.8 watchdog-5.15/watchdog.8 +--- watchdog-5.15.old/watchdog.8 2016-02-26 12:05:00.000000000 +0000 ++++ watchdog-5.15/watchdog.8 2018-02-13 08:54:00.860681339 +0000 +@@ -215,6 +215,7 @@ + .BR watchdog . + So you can for instance restart the server from your + .IR repair-binary . ++See the Systemd section below for additinal information. + .PP + .B watchdog + will try periodically to fork itself to see whether the process +@@ -241,6 +242,8 @@ + considered unreachable causing a soft reboot or action from the + repair binary. + .PP ++To start the watchdog when network is available see the Systemd section below. ++.PP + .B watchdog + can run an external command for user-defined tests. A return code not equal 0 + means an error occurred and watchdog should react. If the external command is +@@ -350,6 +353,9 @@ + 246 + Free for personal watchdog-specific use (was \-10 as an unsigned 8\-bit + number). ++.PP ++With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ ++for your test-binary configuration. + .TP + 245 + Reserved for an unknown result, for example a slow background test that is +@@ -377,6 +383,9 @@ + controls the number of successive repair attempts that report 0 (i.e. success) but + fail to clear the tested fault. If this is exceeded then a reboot takes place. If set + to zero then a reboot can always be blocked by the repair program reporting success. ++.PP ++With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ ++for your repair-binary configuration. + .SH "TEST DIRECTORY" + Executables placed in the test directory are discovered by watchdog on + startup and are automatically executed. They are bounded time-wise by +@@ -415,6 +424,27 @@ + repair-maximum + also controls the number of successive repair attempts that report success + (return 0) but fail to clear the fault. ++.SH SYSTEMD ++To start watchdog after the network is available: ++.PP ++.br ++systemctl disable watchdog ++.br ++systemctl enable NetworkManager-wait-online ++.br ++systemctl enable watchdog-ping ++.PP ++ ++When using custom service pid check with custom service ++systemd unit file please be aware the "Requires=" ++does dependent service deactivation. ++Using "Before=watchdog.service" or "Before=watchdog-ping.service" ++in the custom service unit file may be the desired operation instead. ++See systemd.unit documentation for more details. ++ ++.SH SELINUX ++The directories /etc/watchdog.d/ and /usr/libexec/watchdog/scripts/ are ++recognized locations for custom executables. + .SH BUGS + None known so far. + .SH AUTHORS +@@ -433,4 +463,4 @@ + The pid file of the running + .BR watchdog . + .SH "SEE ALSO" +-.BR watchdog.conf (5) ++.BR watchdog.conf (5), systemd.unit (5) +diff -ur watchdog-5.15.old/watchdog.conf watchdog-5.15/watchdog.conf +--- watchdog-5.15.old/watchdog.conf 2016-02-26 12:05:00.000000000 +0000 ++++ watchdog-5.15/watchdog.conf 2018-02-13 08:52:18.899721271 +0000 +@@ -16,6 +16,8 @@ + #min-memory = 1 + #allocatable-memory = 1 + ++# With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ ++# or /etc/watchdog.d/ for your test-binary and repair-binary configuration. + #repair-binary = /usr/sbin/repair + #repair-timeout = 60 + #test-binary = +@@ -45,5 +47,12 @@ + realtime = yes + priority = 1 + ++# When using custom service pid check with custom service ++# systemd unit file please be aware the "Requires=" ++# does dependent service deactivation. ++# Using "Before=watchdog.service" or "Before=watchdog-ping.service" ++# in the custom service unit file may be the desired operation instead. ++# See man 5 systemd.unit for more details. ++# + # Check if rsyslogd is still running by enabling the following line + #pidfile = /var/run/rsyslogd.pid +diff -ur watchdog-5.15.old/watchdog.conf.5 watchdog-5.15/watchdog.conf.5 +--- watchdog-5.15.old/watchdog.conf.5 2016-02-26 12:05:00.000000000 +0000 ++++ watchdog-5.15/watchdog.conf.5 2018-02-13 08:52:18.898721271 +0000 +@@ -105,6 +105,7 @@ + pidfile = + Set pidfile name for server test mode. + This option can be given as often as you like to check several servers. ++See the Systemd section in watchdog (8) for more information. + .TP + ping = + Set IPv4 address for ping mode. +@@ -119,6 +120,8 @@ + .TP + test-binary = + Execute the given binary to do some user defined tests. ++With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ ++for your test-binary configuration. + .TP + test-timeout = + User defined tests may only run for seconds. Set to 0 for unlimited. +@@ -126,6 +129,8 @@ + repair-binary = + Execute the given binary in case of a problem instead of shutting down the + system. ++With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ ++for your repair-binary configuration. + .TP + repair-timeout = + repair command may only run for seconds. Set to 0 for 'unlimited', but +@@ -156,6 +161,7 @@ + .TP + test-directory = + Set the directory to run user test/repair scripts. Default is '/etc/watchdog.d' ++The /etc/watchdog.d/ is recognized by SELinux policy. + See the Test Directory section in watchdog(8) for more information. + .TP + log-dir = diff --git a/README.watchdog.ipmi b/README.watchdog.ipmi new file mode 100644 index 0000000..4a83238 --- /dev/null +++ b/README.watchdog.ipmi @@ -0,0 +1,107 @@ + +Instructions for how to set up the watchdog daemon to work with IPMI's hardware watchdog +---------------------------------------------------------------------------------------- + +First, verify that the ipmitool utility is present on the system to allow +the watchdog timer to be turned off via the command line (which ipmitool). +This will allow the hardware watchdog timer to be turned off gracefully +should it ever become necessary. If ipmitool is not present, install +it or download the latest version from http://ipmitool.sourceforge.net and +build and install it on your system. + +Next, prior to starting up the watchdog daemon, the BMC BIOS should be set +to enable the IPMI/BMC hardware watchdog timer, the OpenIPMI watchdog driver +module should be inserted with the desired configuration/startup settings, +and the watchdog daemon's configuration file should be modified to use /dev/watchdog: + + 1. To setup the IPMI/BMC BIOS to enable the hardware watchdog + timer, see BMC documentation. The main settings in the BMC BIOS + requiring modification to turn on the IPMI watchdog timer are: + + - Set the BMC POST Watchdog to "ENABLED". + - Set the BMC POST Watchdog Timeout to "5 Minutes". + + 2. To insert the OpenIPMI watchdog driver module with the + desired configuration settings, two steps are necessary: + + i.) Configure the OpenIPMI watchdog driver by editing the + /etc/sysconfig/ipmi configuration file: + + - Set "IPMI_WATCHDOG=yes". + - Set desired options via the IPMI_WATCHDOG_OPTIONS + config entry. + + EXAMPLE: 'IPMI_WATCHDOG_OPTIONS="timeout=60 start_now=1 \ + preop=preop_give_data action=power_cycle pretimeout=1" ' + + Execute "modinfo ipmi_watchdog" for more detailed information + on the available ipmi watchdog timer options. + + - Execute "service ipmi start" (the watchdog driver starts + automatically along with the other ipmi drivers). + + IMPORTANT: If "start_now=1" has been set as one of the + configuration options, be sure to start up the watchdog + daemon before the BMC timer expires! + + ii.) Set the OpenIPMI daemon and watchdog to start during bootup: + + - chkconfig ipmi on + - chkconfig watchdog on + + + 3. Configure the watchdog daemon by editing the + /etc/watchdog.conf configuration file: + + - Uncomment the "watchdog-device = /dev/watchdog" line. + - Ensure that "realtime = yes" and "priority = 1" are set and not + commented-out. + - Uncomment the "interval" line, and set the interval to be less + than what you set the timeout option to be in the /etc/sysconfig/ipmi + file (ex "timeout=60" so you might set interval to 50). + + So in the example described herein, the BMC BIOS setting is in + minutes (5), and the "interval" and ipmi_watchdog "timeout" settings + are both in seconds (50 and 60 respectively). Therefore, the BMC + hardware watchdog timer is set to expire and trigger a system power + cycle unless reset by the watchdog daemon within 5 minutes, and the + watchdog daemon will reset the timer every 60 seconds. + + + 4. Start the Watchdog daemon: + + - execute "service watchdog start" + + +IMPORTANT: To gracefully stop/kill the watchdog daemon, be sure +to use "service watchdog stop" (which executes "kill -s SIGTERM ") +and do *not* use "kill -9 ". Using "kill -9 " will cause the +daemon to be shut off without stopping the BMC's watchdog timer, thus +a system reboot will be triggered when the BMC's watchdog timer expires. + +Alternately, or in case the watchdog daemon is killed "ungracefully", +you can stop the BMC timer by executing the following ipmitool utility +command before the watchdog timer expires: + + # ipmitool -v raw 0x06 0x24 0x04 0x01 0x00 0x10 0x00 0x0a + +---------------------------------------------------------------------- + +To test the watchdog after system configuration and setup: + +. Use kill -9 on the watchdog daemon so it doesn't shut down the watchdog daemon + gracefully. Verify that the system gets reset after the BMC timer expires. + +. Use "service watchdog stop" and verify that the watchdog daemon shuts off + the BMC watchdog timer gracefully (the system doesn't get reset). + +. Set the timer on the watchdog daemon to be greater than the time set in + the BMC BIOS for system reset and verify that the system is reset. + +. Set the timer on the daemon to be less than the time set in the + BMC timer and verify that the BMC watchdog is poked regularly and the + system is not reset. + +. Test some of the other actions the BMC can take when the watchdog timer + goes off (see modinfo ipmi_watchdog for some other settings to try). + diff --git a/watchdog-5.15.tar.gz b/watchdog-5.15.tar.gz new file mode 100644 index 0000000..39d9bea Binary files /dev/null and b/watchdog-5.15.tar.gz differ diff --git a/watchdog-ping.service b/watchdog-ping.service new file mode 100644 index 0000000..1ae93b1 --- /dev/null +++ b/watchdog-ping.service @@ -0,0 +1,11 @@ +[Unit] +Description=watchdog daemon for use with ping test / network dependency +After=network.target +Conflicts=watchdog.service + +[Service] +Type=forking +ExecStart=/usr/sbin/watchdog + +[Install] +WantedBy=multi-user.target diff --git a/watchdog.init b/watchdog.init new file mode 100644 index 0000000..3c5cf6a --- /dev/null +++ b/watchdog.init @@ -0,0 +1,91 @@ +#! /bin/sh +# +# watchdog - a watchdog daemon +# +# chkconfig: - 27 46 +# description: A watchdog daemon +# +# rc file author: Marc Merlin +# Henning P. Schmiedehausen +# Richard W.M. Jones + +# Source function library. +. /etc/rc.d/init.d/functions + +[ -x /usr/sbin/watchdog -a -e /etc/watchdog.conf ] || exit 0 + +VERBOSE="no" +if [ -f /etc/sysconfig/watchdog ]; then + . /etc/sysconfig/watchdog +fi + +RETVAL=0 +prog=watchdog +pidfile=/var/run/watchdog.pid +lockfile=/var/lock/subsys/watchdog + +start() { + + echo -n $"Starting $prog: " + if [ -n "$(pidofproc $prog)" ]; then + echo -n $"$prog: already running" + echo_failure + echo + return 1 + fi + if [ "$VERBOSE" = "yes" ]; then + daemon /usr/sbin/${prog} -v + else + daemon /usr/sbin/${prog} + fi + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch $lockfile + [ $RETVAL -eq 0 ] && echo_success + [ $RETVAL -ne 0 ] && echo_failure + return $RETVAL +} + +stop() { + echo -n "Stopping $prog: " + # We are forcing it to _only_ use -TERM as killproc could use + # -KILL which would result in BMC timer not being set properly + # and reboot the box. + killproc $prog -TERM + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f $lockfile $pidfile + return $RETVAL +} + +restart() { + stop + sleep 6 + start +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + reload|restart) + restart + ;; + condrestart) + if [ -f $lockfile ]; then + restart + fi + ;; + status) + status $prog + RETVAL=$? + ;; + *) + echo $"Usage: $0 {start|stop|restart|status|condrestart}" + exit 1 +esac + +exit $RETVAL diff --git a/watchdog.service b/watchdog.service new file mode 100644 index 0000000..e5847b9 --- /dev/null +++ b/watchdog.service @@ -0,0 +1,11 @@ +[Unit] +Description=watchdog daemon +# man systemd.special +# auto added After=basic.target + +[Service] +Type=forking +ExecStart=/usr/sbin/watchdog + +[Install] +WantedBy=multi-user.target diff --git a/watchdog.spec b/watchdog.spec new file mode 100644 index 0000000..155242a --- /dev/null +++ b/watchdog.spec @@ -0,0 +1,76 @@ +Name: watchdog +Summary: A powerful software and/or Hardware watchdog daemon and/or device +Version: 5.15 +Release: 4 +License: GPLv2+ +URL: http://sourceforge.net/projects/watchdog/ +Source0: http://downloads.sourceforge.net/watchdog/watchdog-%{version}.tar.gz +Source1: https://sourceforge.net/p/watchdog/code/ci/master/tree/redhat/watchdog.init +Source2: https://sourceforge.net/p/watchdog/code/ci/master/tree/README.watchdog.ipmi +# watchdog.service and watchdog-ping.service enable systemd support for watchdog. +# https://patchwork.openembedded.org/patch/113573 +Source4: watchdog.service +Source5: watchdog-ping.service +Patch0000: 0003-watchdog-5.13-rhsel.patch +Patch0001: 0004-watchdog-5.13-rhseldoc.patch +BuildRequires: gcc libtirpc-devel systemd-units +Requires: systemd + +%description +The watchdog program can be used as a powerful software watchdog daemon or +a hardware watchdog device. + +%prep +%autosetup -n watchdog-%{version} -p1 + +cp %{SOURCE2} . + +mv README README.orig +iconv -f ISO-8859-1 -t UTF-8 < README.orig > README + +%build +%configure CFLAGS="%{__global_cflags} -I/usr/include/tirpc" \ + LDFLAGS="%{__global_ldflags} -ltirpc" +%make_build + +%install +install -d -m0755 %{buildroot}%{_sysconfdir} +install -d -m0755 %{buildroot}%{_sysconfdir}/watchdog.d +%make_install +install -Dp -m0644 watchdog.sysconfig %{buildroot}%{_sysconfdir}/sysconfig/watchdog +install -Dp -m0644 %{SOURCE4} %{buildroot}%{_unitdir}/watchdog.service +install -Dp -m0644 %{SOURCE5} %{buildroot}%{_unitdir}/watchdog-ping.service +install -Dd -m0755 %{buildroot}%{_libexecdir}/watchdog/scripts + +%post +%systemd_post watchdog.service + +%preun +%systemd_preun watchdog.service +%systemd_preun watchdog.ping.service + +%postun +%systemd_postun_with_restart watchdog.service +%systemd_postun_with_restart watchdog.ping.service + +%triggerun -- watchdog < 5.9-4 + +/usr/bin/systemd-sysv-convert --save watchdog >/dev/null 2>&1 ||: + +/sbin/chkconfig --del watchdog >/dev/null 2>&1 || : +/bin/systemctl try-restart watchdog.service >/dev/null 2>&1 || : +/bin/systemctl try-restart watchdog-ping.service >/dev/null 2>&1 || : + +%files +%doc AUTHORS ChangeLog COPYING examples/ IAFA-PACKAGE NEWS README TODO README.watchdog.ipmi +%config(noreplace) %{_sysconfdir}/{watchdog.conf,sysconfig/watchdog} +%{_sysconfdir}/watchdog.d +%{_sbindir}/{watchdog,wd_identify,wd_keepalive} +%{_mandir}/man5/watchdog.conf.5* +%{_mandir}/man8/{watchdog.8*,wd_identify.8*,wd_keepalive.8*} +%{_unitdir}/{watchdog.service,watchdog-ping.service} +%{_libexecdir}/watchdog/scripts + +%changelog +* Mon Apr 27 2020 chengzihan - 5.15-4 +- Package init diff --git a/watchdog.yaml b/watchdog.yaml new file mode 100644 index 0000000..59ac18d --- /dev/null +++ b/watchdog.yaml @@ -0,0 +1,4 @@ +version_control: git +src_repo: git://git.code.sf.net/p/watchdog/code +tag_prefix: ^ +seperator: .