From 02ec8a4a840f18ecc7b3f54a4c71d48fc49f6de3 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jun 01 2022 18:10:43 +0000 Subject: import fence-agents-4.2.1-96.el8 --- diff --git a/SOURCES/bz2072421-1-all-agents-unify-ssl-parameters.patch b/SOURCES/bz2072421-1-all-agents-unify-ssl-parameters.patch new file mode 100644 index 0000000..d783a47 --- /dev/null +++ b/SOURCES/bz2072421-1-all-agents-unify-ssl-parameters.patch @@ -0,0 +1,243 @@ +From 999f2f8b4dc7d258679daf8c3f13d9b317ff4435 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 7 Apr 2022 13:11:12 +0200 +Subject: [PATCH] all agents: unify ssl parameters to avoid having to use --ssl + when using --ssl-secure/--ssl-insecure for some agents + +THIS MIGHT BREAK SETUPS USING fence_docker or fence_pve! +--- + agents/cisco_ucs/fence_cisco_ucs.py | 9 +++++---- + agents/docker/fence_docker.py | 9 ++++++--- + agents/rhevm/fence_rhevm.py | 8 ++++---- + agents/vmware_rest/fence_vmware_rest.py | 8 ++++---- + agents/vmware_soap/fence_vmware_soap.py | 2 +- + agents/vmware_vcloud/fence_vmware_vcloud.py | 4 ++-- + agents/zvm/fence_zvmip.py | 8 +++++--- + lib/fencing.py.py | 6 ++++++ + tests/data/metadata/fence_docker.xml | 4 ++-- + 13 files changed, 64 insertions(+), 31 deletions(-) + +diff --git a/agents/cisco_ucs/fence_cisco_ucs.py b/agents/cisco_ucs/fence_cisco_ucs.py +index 2280dbbc7..b85379a73 100644 +--- a/agents/cisco_ucs/fence_cisco_ucs.py ++++ b/agents/cisco_ucs/fence_cisco_ucs.py +@@ -99,7 +99,7 @@ def get_list(conn, options): + + def send_command(opt, command, timeout): + ## setup correct URL +- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt: ++ if "--ssl-secure" in opt or "--ssl-insecure" in opt: + url = "https:" + else: + url = "http:" +@@ -114,13 +114,14 @@ def send_command(opt, command, timeout): + conn.setopt(pycurl.POSTFIELDS, command.encode("ascii")) + conn.setopt(pycurl.WRITEFUNCTION, web_buffer.write) + conn.setopt(pycurl.TIMEOUT, timeout) +- if "--ssl" in opt or "--ssl-secure" in opt: ++ ++ if "--ssl-secure" in opt: + conn.setopt(pycurl.SSL_VERIFYPEER, 1) + conn.setopt(pycurl.SSL_VERIFYHOST, 2) +- +- if "--ssl-insecure" in opt: ++ elif "--ssl-insecure" in opt: + conn.setopt(pycurl.SSL_VERIFYPEER, 0) + conn.setopt(pycurl.SSL_VERIFYHOST, 0) ++ + conn.perform() + result = web_buffer.getvalue().decode() + +diff --git a/agents/docker/fence_docker.py b/agents/docker/fence_docker.py +index fef87da86..004402518 100644 +--- a/agents/docker/fence_docker.py ++++ b/agents/docker/fence_docker.py +@@ -43,7 +43,7 @@ def get_list(conn, options): + + + def send_cmd(options, cmd, post = False): +- url = "http%s://%s:%s/v%s/%s" % ("s" if "--ssl" in options else "", options["--ip"], options["--ipport"], options["--api-version"], cmd) ++ url = "http%s://%s:%s/v%s/%s" % ("s" if "--ssl-secure" in options or "--ssl-insecure" in options else "", options["--ip"], options["--ipport"], options["--api-version"], cmd) + conn = pycurl.Curl() + output_buffer = io.BytesIO() + if logging.getLogger().getEffectiveLevel() < logging.WARNING: +@@ -55,7 +55,8 @@ def send_cmd(options, cmd, post = False): + conn.setopt(pycurl.POSTFIELDSIZE, 0) + conn.setopt(pycurl.WRITEFUNCTION, output_buffer.write) + conn.setopt(pycurl.TIMEOUT, int(options["--shell-timeout"])) +- if "--ssl" in options: ++ ++ if "--ssl-secure" in options: + if not (set(("--tlscert", "--tlskey", "--tlscacert")) <= set(options)): + fail_usage("Failed. If --ssl option is used, You have to also \ + specify: --tlscert, --tlskey and --tlscacert") +@@ -63,7 +64,7 @@ def send_cmd(options, cmd, post = False): + conn.setopt(pycurl.SSLCERT, options["--tlscert"]) + conn.setopt(pycurl.SSLKEY, options["--tlskey"]) + conn.setopt(pycurl.CAINFO, options["--tlscacert"]) +- else: ++ elif "--ssl-insecure" in options: + conn.setopt(pycurl.SSL_VERIFYPEER, 0) + conn.setopt(pycurl.SSL_VERIFYHOST, 0) + +@@ -136,6 +137,8 @@ def main(): + + device_opt = ["ipaddr", "no_password", "no_login", "port", "method", "web", "tlscert", "tlskey", "tlscacert", "ssl", "api_version"] + ++ all_opt["ssl"]["default"] = "1" ++ + options = check_input(device_opt, process_input(device_opt)) + + docs = { } +diff --git a/agents/rhevm/fence_rhevm.py b/agents/rhevm/fence_rhevm.py +index 25aecbe58..5f74d06f6 100644 +--- a/agents/rhevm/fence_rhevm.py ++++ b/agents/rhevm/fence_rhevm.py +@@ -85,7 +85,7 @@ def send_command(opt, command, method="GET"): + logging.debug("auto-detected API version: " + opt["--api-version"]) + + ## setup correct URL +- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt: ++ if "--ssl-secure" in opt or "--ssl-insecure" in opt: + url = "https:" + else: + url = "http:" +@@ -126,11 +126,11 @@ def send_command(opt, command, method="GET"): + conn.setopt(pycurl.COOKIEJAR, cookie_file) + + conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"])) +- if "--ssl" in opt or "--ssl-secure" in opt: ++ ++ if "--ssl-secure" in opt: + conn.setopt(pycurl.SSL_VERIFYPEER, 1) + conn.setopt(pycurl.SSL_VERIFYHOST, 2) +- +- if "--ssl-insecure" in opt: ++ elif "--ssl-insecure" in opt: + conn.setopt(pycurl.SSL_VERIFYPEER, 0) + conn.setopt(pycurl.SSL_VERIFYHOST, 0) + +diff --git a/agents/vmware_rest/fence_vmware_rest.py b/agents/vmware_rest/fence_vmware_rest.py +index e49fd5663..4b884fc62 100644 +--- a/agents/vmware_rest/fence_vmware_rest.py ++++ b/agents/vmware_rest/fence_vmware_rest.py +@@ -69,7 +69,7 @@ def connect(opt): + conn = pycurl.Curl() + + ## setup correct URL +- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt: ++ if "--ssl-secure" in opt or "--ssl-insecure" in opt: + conn.base_url = "https:" + else: + conn.base_url = "http:" +@@ -89,11 +89,11 @@ def connect(opt): + conn.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"]) + + conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"])) +- if "--ssl" in opt or "--ssl-secure" in opt: ++ ++ if "--ssl-secure" in opt: + conn.setopt(pycurl.SSL_VERIFYPEER, 1) + conn.setopt(pycurl.SSL_VERIFYHOST, 2) +- +- if "--ssl-insecure" in opt: ++ elif "--ssl-insecure" in opt: + conn.setopt(pycurl.SSL_VERIFYPEER, 0) + conn.setopt(pycurl.SSL_VERIFYHOST, 0) + +diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py +index 2cd45e0b3..51fb0f147 100644 +--- a/agents/vmware_soap/fence_vmware_soap.py ++++ b/agents/vmware_soap/fence_vmware_soap.py +@@ -34,7 +34,7 @@ def send(self, request): + def soap_login(options): + run_delay(options) + +- if "--ssl" in options or "--ssl-secure" in options or "--ssl-insecure" in options: ++ if "--ssl-secure" in options or "--ssl-insecure" in options: + if "--ssl-insecure" in options: + import ssl + import urllib3 +diff --git a/agents/vmware_vcloud/fence_vmware_vcloud.py b/agents/vmware_vcloud/fence_vmware_vcloud.py +index 42372a83d..7626b82bb 100644 +--- a/agents/vmware_vcloud/fence_vmware_vcloud.py ++++ b/agents/vmware_vcloud/fence_vmware_vcloud.py +@@ -60,7 +60,7 @@ def connect(opt): + conn = pycurl.Curl() + + ## setup correct URL +- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt: ++ if "--ssl-secure" in opt or "--ssl-insecure" in opt: + conn.base_url = "https:" + else: + conn.base_url = "http:" +@@ -76,7 +76,7 @@ def connect(opt): + conn.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"]) + + conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"])) +- if "--ssl" in opt or "--ssl-secure" in opt: ++ if "--ssl-secure" in opt: + conn.setopt(pycurl.SSL_VERIFYPEER, 1) + conn.setopt(pycurl.SSL_VERIFYHOST, 2) + elif "--ssl-insecure" in opt: +diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py +index e8f849eda..90ca95d45 100644 +--- a/agents/zvm/fence_zvmip.py ++++ b/agents/zvm/fence_zvmip.py +@@ -26,7 +26,7 @@ def open_socket(options): + except socket.gaierror: + fail(EC_LOGIN_DENIED) + +- if "--ssl" in options: ++ if "--ssl-secure" in options or "--ssl-insecure" in options: + import ssl + sock = socket.socket() + sslcx = ssl.create_default_context() +@@ -132,7 +132,7 @@ def get_list_of_images(options, command, data_as_plug): + images = set() + + if output_len > 3*INT4: +- recvflag = socket.MSG_WAITALL if "--ssl" not in options else 0 ++ recvflag = socket.MSG_WAITALL if "--ssl-secure" not in options and "--ssl-insecure" not in options else 0 + array_len = struct.unpack("!i", conn.recv(INT4))[0] + data = "" + +diff --git a/lib/fencing.py.py b/lib/fencing.py.py +index 696388d55..b746ede8b 100644 +--- a/lib/fencing.py.py ++++ b/lib/fencing.py.py +@@ -789,6 +789,12 @@ def check_input(device_opt, opt, other_conditions = False): + if "--password-script" in options: + options["--password"] = os.popen(options["--password-script"]).read().rstrip() + ++ if "--ssl-secure" in options or "--ssl-insecure" in options: ++ options["--ssl"] = "" ++ ++ if "--ssl" in options and "--ssl-insecure" not in options: ++ options["--ssl-secure"] = "" ++ + if os.environ.get("PCMK_service") == "pacemaker-fenced" and "--disable-timeout" not in options: + options["--disable-timeout"] = "1" + +diff --git a/tests/data/metadata/fence_docker.xml b/tests/data/metadata/fence_docker.xml +index 723e72280..51c7c470a 100644 +--- a/tests/data/metadata/fence_docker.xml ++++ b/tests/data/metadata/fence_docker.xml +@@ -20,7 +20,7 @@ + + + +- ++ + TCP/UDP port to use for connection with device + + +@@ -43,7 +43,7 @@ + + + +- ++ + Use SSL connection with verifying certificate + + diff --git a/SOURCES/bz2072421-2-fence_zvmip-connect-error.patch b/SOURCES/bz2072421-2-fence_zvmip-connect-error.patch new file mode 100644 index 0000000..1a1bd97 --- /dev/null +++ b/SOURCES/bz2072421-2-fence_zvmip-connect-error.patch @@ -0,0 +1,30 @@ +From 6430104318b4bf349425b08636183bf839812e04 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 31 May 2022 08:55:25 +0200 +Subject: [PATCH] fence_zvmip: show unable to connect error instead of full + stacktrace, e.g. when not using --ssl for SSL devices + +--- + agents/zvm/fence_zvmip.py | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py +index 90ca95d45..4f538e10d 100644 +--- a/agents/zvm/fence_zvmip.py ++++ b/agents/zvm/fence_zvmip.py +@@ -127,8 +127,13 @@ def get_list_of_images(options, command, data_as_plug): + + conn.send(packet) + +- request_id = struct.unpack("!i", conn.recv(INT4))[0] +- (output_len, request_id, return_code, reason_code) = struct.unpack("!iiii", conn.recv(INT4 * 4)) ++ try: ++ request_id = struct.unpack("!i", conn.recv(INT4))[0] ++ (output_len, request_id, return_code, reason_code) = struct.unpack("!iiii", conn.recv(INT4 * 4)) ++ except struct.error: ++ logging.debug(sys.exc_info()) ++ fail_usage("Failed: Unable to connect to {} port: {} SSL: {} \n".format(options["--ip"], options["--ipport"], bool("--ssl" in options))) ++ + images = set() + + if output_len > 3*INT4: diff --git a/SOURCES/bz2072421-all-agents-unify-ssl-parameters.patch b/SOURCES/bz2072421-all-agents-unify-ssl-parameters.patch deleted file mode 100644 index d783a47..0000000 --- a/SOURCES/bz2072421-all-agents-unify-ssl-parameters.patch +++ /dev/null @@ -1,243 +0,0 @@ -From 999f2f8b4dc7d258679daf8c3f13d9b317ff4435 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Thu, 7 Apr 2022 13:11:12 +0200 -Subject: [PATCH] all agents: unify ssl parameters to avoid having to use --ssl - when using --ssl-secure/--ssl-insecure for some agents - -THIS MIGHT BREAK SETUPS USING fence_docker or fence_pve! ---- - agents/cisco_ucs/fence_cisco_ucs.py | 9 +++++---- - agents/docker/fence_docker.py | 9 ++++++--- - agents/rhevm/fence_rhevm.py | 8 ++++---- - agents/vmware_rest/fence_vmware_rest.py | 8 ++++---- - agents/vmware_soap/fence_vmware_soap.py | 2 +- - agents/vmware_vcloud/fence_vmware_vcloud.py | 4 ++-- - agents/zvm/fence_zvmip.py | 8 +++++--- - lib/fencing.py.py | 6 ++++++ - tests/data/metadata/fence_docker.xml | 4 ++-- - 13 files changed, 64 insertions(+), 31 deletions(-) - -diff --git a/agents/cisco_ucs/fence_cisco_ucs.py b/agents/cisco_ucs/fence_cisco_ucs.py -index 2280dbbc7..b85379a73 100644 ---- a/agents/cisco_ucs/fence_cisco_ucs.py -+++ b/agents/cisco_ucs/fence_cisco_ucs.py -@@ -99,7 +99,7 @@ def get_list(conn, options): - - def send_command(opt, command, timeout): - ## setup correct URL -- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt: -+ if "--ssl-secure" in opt or "--ssl-insecure" in opt: - url = "https:" - else: - url = "http:" -@@ -114,13 +114,14 @@ def send_command(opt, command, timeout): - conn.setopt(pycurl.POSTFIELDS, command.encode("ascii")) - conn.setopt(pycurl.WRITEFUNCTION, web_buffer.write) - conn.setopt(pycurl.TIMEOUT, timeout) -- if "--ssl" in opt or "--ssl-secure" in opt: -+ -+ if "--ssl-secure" in opt: - conn.setopt(pycurl.SSL_VERIFYPEER, 1) - conn.setopt(pycurl.SSL_VERIFYHOST, 2) -- -- if "--ssl-insecure" in opt: -+ elif "--ssl-insecure" in opt: - conn.setopt(pycurl.SSL_VERIFYPEER, 0) - conn.setopt(pycurl.SSL_VERIFYHOST, 0) -+ - conn.perform() - result = web_buffer.getvalue().decode() - -diff --git a/agents/docker/fence_docker.py b/agents/docker/fence_docker.py -index fef87da86..004402518 100644 ---- a/agents/docker/fence_docker.py -+++ b/agents/docker/fence_docker.py -@@ -43,7 +43,7 @@ def get_list(conn, options): - - - def send_cmd(options, cmd, post = False): -- url = "http%s://%s:%s/v%s/%s" % ("s" if "--ssl" in options else "", options["--ip"], options["--ipport"], options["--api-version"], cmd) -+ url = "http%s://%s:%s/v%s/%s" % ("s" if "--ssl-secure" in options or "--ssl-insecure" in options else "", options["--ip"], options["--ipport"], options["--api-version"], cmd) - conn = pycurl.Curl() - output_buffer = io.BytesIO() - if logging.getLogger().getEffectiveLevel() < logging.WARNING: -@@ -55,7 +55,8 @@ def send_cmd(options, cmd, post = False): - conn.setopt(pycurl.POSTFIELDSIZE, 0) - conn.setopt(pycurl.WRITEFUNCTION, output_buffer.write) - conn.setopt(pycurl.TIMEOUT, int(options["--shell-timeout"])) -- if "--ssl" in options: -+ -+ if "--ssl-secure" in options: - if not (set(("--tlscert", "--tlskey", "--tlscacert")) <= set(options)): - fail_usage("Failed. If --ssl option is used, You have to also \ - specify: --tlscert, --tlskey and --tlscacert") -@@ -63,7 +64,7 @@ def send_cmd(options, cmd, post = False): - conn.setopt(pycurl.SSLCERT, options["--tlscert"]) - conn.setopt(pycurl.SSLKEY, options["--tlskey"]) - conn.setopt(pycurl.CAINFO, options["--tlscacert"]) -- else: -+ elif "--ssl-insecure" in options: - conn.setopt(pycurl.SSL_VERIFYPEER, 0) - conn.setopt(pycurl.SSL_VERIFYHOST, 0) - -@@ -136,6 +137,8 @@ def main(): - - device_opt = ["ipaddr", "no_password", "no_login", "port", "method", "web", "tlscert", "tlskey", "tlscacert", "ssl", "api_version"] - -+ all_opt["ssl"]["default"] = "1" -+ - options = check_input(device_opt, process_input(device_opt)) - - docs = { } -diff --git a/agents/rhevm/fence_rhevm.py b/agents/rhevm/fence_rhevm.py -index 25aecbe58..5f74d06f6 100644 ---- a/agents/rhevm/fence_rhevm.py -+++ b/agents/rhevm/fence_rhevm.py -@@ -85,7 +85,7 @@ def send_command(opt, command, method="GET"): - logging.debug("auto-detected API version: " + opt["--api-version"]) - - ## setup correct URL -- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt: -+ if "--ssl-secure" in opt or "--ssl-insecure" in opt: - url = "https:" - else: - url = "http:" -@@ -126,11 +126,11 @@ def send_command(opt, command, method="GET"): - conn.setopt(pycurl.COOKIEJAR, cookie_file) - - conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"])) -- if "--ssl" in opt or "--ssl-secure" in opt: -+ -+ if "--ssl-secure" in opt: - conn.setopt(pycurl.SSL_VERIFYPEER, 1) - conn.setopt(pycurl.SSL_VERIFYHOST, 2) -- -- if "--ssl-insecure" in opt: -+ elif "--ssl-insecure" in opt: - conn.setopt(pycurl.SSL_VERIFYPEER, 0) - conn.setopt(pycurl.SSL_VERIFYHOST, 0) - -diff --git a/agents/vmware_rest/fence_vmware_rest.py b/agents/vmware_rest/fence_vmware_rest.py -index e49fd5663..4b884fc62 100644 ---- a/agents/vmware_rest/fence_vmware_rest.py -+++ b/agents/vmware_rest/fence_vmware_rest.py -@@ -69,7 +69,7 @@ def connect(opt): - conn = pycurl.Curl() - - ## setup correct URL -- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt: -+ if "--ssl-secure" in opt or "--ssl-insecure" in opt: - conn.base_url = "https:" - else: - conn.base_url = "http:" -@@ -89,11 +89,11 @@ def connect(opt): - conn.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"]) - - conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"])) -- if "--ssl" in opt or "--ssl-secure" in opt: -+ -+ if "--ssl-secure" in opt: - conn.setopt(pycurl.SSL_VERIFYPEER, 1) - conn.setopt(pycurl.SSL_VERIFYHOST, 2) -- -- if "--ssl-insecure" in opt: -+ elif "--ssl-insecure" in opt: - conn.setopt(pycurl.SSL_VERIFYPEER, 0) - conn.setopt(pycurl.SSL_VERIFYHOST, 0) - -diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py -index 2cd45e0b3..51fb0f147 100644 ---- a/agents/vmware_soap/fence_vmware_soap.py -+++ b/agents/vmware_soap/fence_vmware_soap.py -@@ -34,7 +34,7 @@ def send(self, request): - def soap_login(options): - run_delay(options) - -- if "--ssl" in options or "--ssl-secure" in options or "--ssl-insecure" in options: -+ if "--ssl-secure" in options or "--ssl-insecure" in options: - if "--ssl-insecure" in options: - import ssl - import urllib3 -diff --git a/agents/vmware_vcloud/fence_vmware_vcloud.py b/agents/vmware_vcloud/fence_vmware_vcloud.py -index 42372a83d..7626b82bb 100644 ---- a/agents/vmware_vcloud/fence_vmware_vcloud.py -+++ b/agents/vmware_vcloud/fence_vmware_vcloud.py -@@ -60,7 +60,7 @@ def connect(opt): - conn = pycurl.Curl() - - ## setup correct URL -- if "--ssl" in opt or "--ssl-secure" in opt or "--ssl-insecure" in opt: -+ if "--ssl-secure" in opt or "--ssl-insecure" in opt: - conn.base_url = "https:" - else: - conn.base_url = "http:" -@@ -76,7 +76,7 @@ def connect(opt): - conn.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"]) - - conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"])) -- if "--ssl" in opt or "--ssl-secure" in opt: -+ if "--ssl-secure" in opt: - conn.setopt(pycurl.SSL_VERIFYPEER, 1) - conn.setopt(pycurl.SSL_VERIFYHOST, 2) - elif "--ssl-insecure" in opt: -diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py -index e8f849eda..90ca95d45 100644 ---- a/agents/zvm/fence_zvmip.py -+++ b/agents/zvm/fence_zvmip.py -@@ -26,7 +26,7 @@ def open_socket(options): - except socket.gaierror: - fail(EC_LOGIN_DENIED) - -- if "--ssl" in options: -+ if "--ssl-secure" in options or "--ssl-insecure" in options: - import ssl - sock = socket.socket() - sslcx = ssl.create_default_context() -@@ -132,7 +132,7 @@ def get_list_of_images(options, command, data_as_plug): - images = set() - - if output_len > 3*INT4: -- recvflag = socket.MSG_WAITALL if "--ssl" not in options else 0 -+ recvflag = socket.MSG_WAITALL if "--ssl-secure" not in options and "--ssl-insecure" not in options else 0 - array_len = struct.unpack("!i", conn.recv(INT4))[0] - data = "" - -diff --git a/lib/fencing.py.py b/lib/fencing.py.py -index 696388d55..b746ede8b 100644 ---- a/lib/fencing.py.py -+++ b/lib/fencing.py.py -@@ -789,6 +789,12 @@ def check_input(device_opt, opt, other_conditions = False): - if "--password-script" in options: - options["--password"] = os.popen(options["--password-script"]).read().rstrip() - -+ if "--ssl-secure" in options or "--ssl-insecure" in options: -+ options["--ssl"] = "" -+ -+ if "--ssl" in options and "--ssl-insecure" not in options: -+ options["--ssl-secure"] = "" -+ - if os.environ.get("PCMK_service") == "pacemaker-fenced" and "--disable-timeout" not in options: - options["--disable-timeout"] = "1" - -diff --git a/tests/data/metadata/fence_docker.xml b/tests/data/metadata/fence_docker.xml -index 723e72280..51c7c470a 100644 ---- a/tests/data/metadata/fence_docker.xml -+++ b/tests/data/metadata/fence_docker.xml -@@ -20,7 +20,7 @@ - - - -- -+ - TCP/UDP port to use for connection with device - - -@@ -43,7 +43,7 @@ - - - -- -+ - Use SSL connection with verifying certificate - - diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec index 982199d..f044ada 100644 --- a/SPECS/fence-agents.spec +++ b/SPECS/fence-agents.spec @@ -87,7 +87,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.2.1 -Release: 95%{?alphatag:.%{alphatag}}%{?dist} +Release: 96%{?alphatag:.%{alphatag}}%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Base URL: https://github.com/ClusterLabs/fence-agents @@ -283,11 +283,12 @@ Patch108: bz2048857-fence_aws-botocore-bundled.patch Patch109: bz1886074-1-fencing-source_env.patch Patch110: bz1886074-2-fence_openstack.patch Patch111: bz1886074-3-fence_openstack-bundled.patch -Patch112: bz2072421-all-agents-unify-ssl-parameters.patch +Patch112: bz2072421-1-all-agents-unify-ssl-parameters.patch Patch113: bz2078244-fence_gce-update.patch Patch114: bz2080994-fence_ibm_vpc-fix-parameters.patch Patch115: bz2080729-1-fence_apc-fence_ilo_moonshot-import-logging.patch Patch116: bz2080729-2-fence_lpar-fix-import-fail_usage.patch +Patch117: bz2072421-2-fence_zvmip-connect-error.patch %if 0%{?fedora} || 0%{?rhel} > 7 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti @@ -482,6 +483,7 @@ BuildRequires: python3-google-api-client python3-pip python3-wheel python3-jinja %patch114 -p1 %patch115 -p1 %patch116 -p1 +%patch117 -p1 # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -1506,6 +1508,11 @@ Fence agent for IBM z/VM over IP. %endif %changelog +* Tue May 31 2022 Oyvind Albrigtsen - 4.2.1-96 +- all agents: unify ssl parameters to avoid having to use --ssl when + using --ssl-secure/--ssl-insecure for some agents + Resolves: rhbz#2072421 + * Tue May 17 2022 Oyvind Albrigtsen - 4.2.1-95 - fence_apc/fence_ilo_moonshot/fence_lpar: add missing "import logging" Resolves: rhbz#2080729 @@ -1516,9 +1523,6 @@ Fence agent for IBM z/VM over IP. Resolves: rhbz#2080994 * Thu Apr 28 2022 Oyvind Albrigtsen - 4.2.1-93 -- all agents: unify ssl parameters to avoid having to use --ssl when - using --ssl-secure/--ssl-insecure for some agents - Resolves: rhbz#2072421 - fence_gce: update fence agent Resolves: rhbz#2078244