diff --git a/.fence-agents.metadata b/.fence-agents.metadata index 47be38c..6d85c18 100644 --- a/.fence-agents.metadata +++ b/.fence-agents.metadata @@ -47,8 +47,7 @@ ecd73099139d222059443ad19dfeee3f715e1ab0 SOURCES/msal-1.18.0.tar.gz 04e016bd1fa4ed6ddb852095a45d4f8c81a5b54a SOURCES/msal-extensions-1.0.0.tar.gz ba59fbd147307e7ef92a1fad259e7dc0b07e79e0 SOURCES/msrest-0.6.21-py2.py3-none-any.whl 3d65a50b68e3aa506b6af42be485ed2710afa9da SOURCES/msrestazure-0.6.4-py2.py3-none-any.whl -0b5ba4c47bdd7ff17ca4954349d7213a95d03f25 SOURCES/oauthlib-3.1.1-py2.py3-none-any.whl -f6efa66f6106b069b5c0e0cf8cc677e4e96c91ca SOURCES/oauthlib-3.1.1.tar.gz +7e2f8f4cebf309ef6aaf740ee9073276d6937802 SOURCES/oauthlib-3.2.2.tar.gz 570d69d8c108ebb8aee562389d13b07dfb61ce25 SOURCES/openshift-0.12.1.tar.gz 2b10cb7681bc678ba4ff3be524b28d783e4095ce SOURCES/packaging-20.9-py2.py3-none-any.whl bccbc1bf76a9db46998eb8e1ffa2f2a2baf9237a SOURCES/packaging-21.2-py3-none-any.whl diff --git a/.gitignore b/.gitignore index 6e61f11..1284b26 100644 --- a/.gitignore +++ b/.gitignore @@ -47,8 +47,7 @@ SOURCES/msal-1.18.0.tar.gz SOURCES/msal-extensions-1.0.0.tar.gz SOURCES/msrest-0.6.21-py2.py3-none-any.whl SOURCES/msrestazure-0.6.4-py2.py3-none-any.whl -SOURCES/oauthlib-3.1.1-py2.py3-none-any.whl -SOURCES/oauthlib-3.1.1.tar.gz +SOURCES/oauthlib-3.2.2.tar.gz SOURCES/openshift-0.12.1.tar.gz SOURCES/packaging-20.9-py2.py3-none-any.whl SOURCES/packaging-21.2-py3-none-any.whl diff --git a/SOURCES/bz2111998-fence_ibm_vpc-add-token-cache-support.patch b/SOURCES/bz2111998-fence_ibm_vpc-add-token-cache-support.patch new file mode 100644 index 0000000..a3002a7 --- /dev/null +++ b/SOURCES/bz2111998-fence_ibm_vpc-add-token-cache-support.patch @@ -0,0 +1,432 @@ +From bccac64a5135815ada30d385ab573409f1176905 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 7 Jul 2022 14:18:21 +0200 +Subject: [PATCH 1/3] build: make xml-check: ignore detected paths in *_file + parameters not matching saved metadata + +--- + make/agentpycheck.mk | 2 +- + 83 files changed, 1 insertion(+), 108 deletions(-) + +diff --git a/make/agentpycheck.mk b/make/agentpycheck.mk +index f686c4c89..4044dbad3 100644 +--- a/make/agentpycheck.mk ++++ b/make/agentpycheck.mk +@@ -1,5 +1,5 @@ + DATADIR:=$(abs_top_srcdir)/tests/data/metadata +-AWK_VAL='BEGIN {store=-1} /name=".*_path"/ {store=2} {if (store!=0) {print}; store--}' ++AWK_VAL='BEGIN {store=-1} /name=".*_path"/ || /name=".*_file"/ {store=2} {if (store!=0) {print}; store--}' + + TEST_TARGET=$(filter-out $(TEST_TARGET_SKIP),$(TARGET)) + +From 1b7f3cc431ca53962506e6d96e7a4938c4388416 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 1 Jul 2022 13:29:16 +0200 +Subject: [PATCH 2/3] build: add FENCETMPDIR for state files + +--- + Makefile.am | 3 ++- + configure.ac | 30 ++++++++++++++++++++++++++++++ + m4/PKG_CHECK_VAR.m4 | 24 ++++++++++++++++++++++++ + make/fencebuild.mk | 1 + + systemd/Makefile.am | 24 ++++++++++++++++++++++++ + systemd/fence-agents.conf.in | 1 + + 7 files changed, 97 insertions(+), 2 deletions(-) + create mode 100644 m4/PKG_CHECK_VAR.m4 + create mode 100644 systemd/Makefile.am + create mode 100644 systemd/fence-agents.conf.in + +diff --git a/Makefile.am b/Makefile.am +index c1091b93a..1d115e5aa 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -23,7 +23,7 @@ TARFILES = $(PACKAGE_NAME)-$(VERSION).tar.bz2 \ + + ACLOCAL_AMFLAGS = -I m4 + +-SUBDIRS = lib agents doc ++SUBDIRS = lib agents doc systemd + + .PHONY: $(SUBDIRS) + +@@ -34,6 +34,7 @@ doc: agents + install-exec-local: + $(INSTALL) -d $(DESTDIR)/$(LOGDIR) + $(INSTALL) -d $(DESTDIR)/$(CLUSTERVARRUN) ++ $(INSTALL) -d -m 1755 $(DESTDIR)$(FENCETMPDIR) + + uninstall-local: + rmdir $(DESTDIR)/$(LOGDIR) || :; +diff --git a/configure.ac b/configure.ac +index 1bad8e3b0..d7afb8dbe 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -135,10 +135,38 @@ AC_ARG_WITH([agents], + [ AGENTS_LIST="$withval" ], + [ AGENTS_LIST="all" ]) + ++FENCETMPDIR=${localstatedir}/run/fence-agents ++AC_ARG_WITH(fencetmpdir, ++ [ --with-fencetmpdir=DIR directory for fence agents state files [${FENCETMPDIR}]], ++ [ FENCETMPDIR="$withval" ]) ++ ++# Expand $prefix ++eval FENCETMPDIR="`eval echo ${FENCETMPDIR}`" ++AC_DEFINE_UNQUOTED(FENCETMPDIR,"$FENCETMPDIR", Where Fence agents keep state files) ++AC_SUBST(FENCETMPDIR) ++ ++ + if test "x$AGENTS_LIST" = x; then + AC_ERROR([No agents selected]) + fi + ++# PKG_CHECK_MODULES will fail if systemd is not found by default, so make sure ++# we set the proper vars and deal with it ++PKG_CHECK_MODULES([systemd], [systemd], [HAS_SYSTEMD=yes], [HAS_SYSTEMD=no]) ++if test "x$HAS_SYSTEMD" == "xyes"; then ++ PKG_CHECK_VAR([SYSTEMD_TMPFILES_DIR], [systemd], [tmpfilesdir]) ++ if test "x$SYSTEMD_TMPFILES_DIR" == "x"; then ++ AC_MSG_ERROR([Unable to detect systemd tmpfiles directory automatically]) ++ fi ++ ++ # sanitize systed vars when using non standard prefix ++ if test "$prefix" != "/usr"; then ++ SYSTEMD_TMPFILES_DIR="$prefix/$SYSTEMD_TMPFILES_DIR" ++ AC_SUBST([SYSTEMD_TMPFILES_DIR]) ++ fi ++fi ++AM_CONDITIONAL(HAVE_SYSTEMD, [test "x$HAS_SYSTEMD" == xyes ]) ++ + FENCE_KDUMP=0 + if echo "$AGENTS_LIST" | grep -q -E "all|kdump"; then + case "$host_os" in +@@ -552,6 +580,8 @@ AC_CONFIG_FILES([Makefile + agents/Makefile + lib/Makefile + doc/Makefile ++ systemd/Makefile ++ systemd/fence-agents.conf + agents/virt/Makefile + agents/virt/config/Makefile + agents/virt/common/Makefile +diff --git a/m4/PKG_CHECK_VAR.m4 b/m4/PKG_CHECK_VAR.m4 +new file mode 100644 +index 000000000..2221a69eb +--- /dev/null ++++ b/m4/PKG_CHECK_VAR.m4 +@@ -0,0 +1,24 @@ ++dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, ++dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) ++dnl ------------------------------------------- ++dnl Since: 0.28 ++dnl ++dnl Retrieves the value of the pkg-config variable for the given module. ++dnl ++dnl Origin (declared license: GPLv2+ with less restrictive exception): ++dnl https://cgit.freedesktop.org/pkg-config/tree/pkg.m4.in?h=pkg-config-0.29.1#n261 ++dnl (AS_VAR_COPY replaced with backward-compatible equivalent and guard ++dnl to prefer system-wide variant by Jan Pokorny ) ++ ++m4_ifndef([PKG_CHECK_VAR],[ ++AC_DEFUN([PKG_CHECK_VAR], ++[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl ++AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl ++ ++_PKG_CONFIG([$1], [variable="][$3]["], [$2]) ++dnl AS_VAR_COPY([$1], [pkg_cv_][$1]) ++$1=AS_VAR_GET([pkg_cv_][$1]) ++ ++AS_VAR_IF([$1], [""], [$5], [$4])dnl ++])dnl PKG_CHECK_VAR ++])dnl m4_ifndef +diff --git a/make/fencebuild.mk b/make/fencebuild.mk +index 762db62c4..9a3c6d6dd 100644 +--- a/make/fencebuild.mk ++++ b/make/fencebuild.mk +@@ -8,6 +8,7 @@ define gen_agent_from_py + -e 's#@''LOGDIR@#${LOGDIR}#g' \ + -e 's#@''SBINDIR@#${sbindir}#g' \ + -e 's#@''LIBEXECDIR@#${libexecdir}#g' \ ++ -e 's#@''FENCETMPDIR@#${FENCETMPDIR}#g' \ + -e 's#@''IPMITOOL_PATH@#${IPMITOOL_PATH}#g' \ + -e 's#@''OPENSTACK_PATH@#${OPENSTACK_PATH}#g' \ + -e 's#@''AMTTOOL_PATH@#${AMTTOOL_PATH}#g' \ +diff --git a/systemd/Makefile.am b/systemd/Makefile.am +new file mode 100644 +index 000000000..aa3a01679 +--- /dev/null ++++ b/systemd/Makefile.am +@@ -0,0 +1,24 @@ ++# ++# Copyright (C) 2017 Oyvind Albrigtsen ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License ++# as published by the Free Software Foundation; either version 2 ++# of the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++# ++ ++MAINTAINERCLEANFILES = Makefile.in ++ ++if HAVE_SYSTEMD ++tmpfilesdir = $(SYSTEMD_TMPFILES_DIR) ++tmpfiles_DATA = fence-agents.conf ++endif +diff --git a/systemd/fence-agents.conf.in b/systemd/fence-agents.conf.in +new file mode 100644 +index 000000000..4181287da +--- /dev/null ++++ b/systemd/fence-agents.conf.in +@@ -0,0 +1 @@ ++d @FENCETMPDIR@ 1755 root root + +From d5a12d9c30b66eb8720e037c4dce5fe0f3ad7dbb Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 30 Jun 2022 13:20:37 +0200 +Subject: [PATCH 3/3] fence_ibm_vpc: add token cache support + +--- + agents/ibm_vpc/fence_ibm_vpc.py | 126 ++++++++++++++++++++---- + tests/data/metadata/fence_ibm_vpc.xml | 4 + + 3 files changed, 110 insertions(+), 22 deletions(-) + + def auth_connect(opt): +diff --git a/agents/ibm_vpc/fence_ibm_vpc.py b/agents/ibm_vpc/fence_ibm_vpc.py +index 3da3ce056..847010584 100755 +--- a/agents/ibm_vpc/fence_ibm_vpc.py ++++ b/agents/ibm_vpc/fence_ibm_vpc.py +@@ -4,9 +4,10 @@ + import pycurl, io, json + import logging + import atexit ++import hashlib + sys.path.append("@FENCEAGENTSLIBDIR@") + from fencing import * +-from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS ++from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS, EC_GENERIC_ERROR + + state = { + "running": "on", +@@ -22,7 +23,7 @@ def get_list(conn, options): + + try: + command = "instances?version=2021-05-25&generation=2&limit={}".format(options["--limit"]) +- res = send_command(conn, command) ++ res = send_command(conn, options, command) + except Exception as e: + logging.debug("Failed: Unable to get list: {}".format(e)) + return outlets +@@ -38,7 +39,7 @@ def get_list(conn, options): + def get_power_status(conn, options): + try: + command = "instances/{}?version=2021-05-25&generation=2".format(options["--plug"]) +- res = send_command(conn, command) ++ res = send_command(conn, options, command) + result = state[res["status"]] + if options["--verbose-level"] > 1: + logging.debug("Result:\n{}".format(json.dumps(res, indent=2))) +@@ -57,27 +58,71 @@ def set_power_status(conn, options): + + try: + command = "instances/{}/actions?version=2021-05-25&generation=2".format(options["--plug"]) +- send_command(conn, command, "POST", action, 201) ++ send_command(conn, options, command, "POST", action, 201) + except Exception as e: + logging.debug("Failed: Unable to set power to {} for {}".format(options["--action"], e)) + fail(EC_STATUS) + + def get_bearer_token(conn, options): ++ import os, errno ++ ++ try: ++ # FIPS requires usedforsecurity=False and might not be ++ # available on all distros: https://bugs.python.org/issue9216 ++ hash = hashlib.sha256(options["--apikey"].encode("utf-8"), usedforsecurity=False).hexdigest() ++ except (AttributeError, TypeError): ++ hash = hashlib.sha256(options["--apikey"].encode("utf-8")).hexdigest() ++ file_path = options["--token-file"].replace("[hash]", hash) + token = None ++ ++ if not os.path.isdir(os.path.dirname(file_path)): ++ os.makedirs(os.path.dirname(file_path)) ++ ++ # For security, remove file with potentially elevated mode + try: +- conn.setopt(pycurl.HTTPHEADER, [ +- "Content-Type: application/x-www-form-urlencoded", +- "User-Agent: curl", +- ]) +- token = send_command(conn, "https://iam.cloud.ibm.com/identity/token", "POST", "grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey={}".format(options["--apikey"]))["access_token"] +- except Exception: +- logging.error("Failed: Unable to authenticate") +- fail(EC_LOGIN_DENIED) ++ os.remove(file_path) ++ except OSError: ++ pass ++ ++ try: ++ oldumask = os.umask(0) ++ file_handle = os.open(file_path, os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0o600) ++ except OSError as e: ++ if e.errno == errno.EEXIST: # Failed as the file already exists. ++ logging.error("Failed: File already exists: {}".format(e)) ++ sys.exit(EC_GENERIC_ERROR) ++ else: # Something unexpected went wrong ++ logging.error("Failed: Unable to open file: {}".format(e)) ++ sys.exit(EC_GENERIC_ERROR) ++ else: # No exception, so the file must have been created successfully. ++ with os.fdopen(file_handle, 'w') as file_obj: ++ try: ++ conn.setopt(pycurl.HTTPHEADER, [ ++ "Content-Type: application/x-www-form-urlencoded", ++ "User-Agent: curl", ++ ]) ++ token = send_command(conn, options, "https://iam.cloud.ibm.com/identity/token", "POST", "grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey={}".format(options["--apikey"]))["access_token"] ++ except Exception as e: ++ logging.error("Failed: Unable to authenticate: {}".format(e)) ++ fail(EC_LOGIN_DENIED) ++ file_obj.write(token) ++ finally: ++ os.umask(oldumask) + + return token + ++def set_bearer_token(conn, bearer_token): ++ conn.setopt(pycurl.HTTPHEADER, [ ++ "Content-Type: application/json", ++ "Authorization: Bearer {}".format(bearer_token), ++ "User-Agent: curl", ++ ]) ++ ++ return conn ++ + def connect(opt): + conn = pycurl.Curl() ++ bearer_token = "" + + ## setup correct URL + conn.base_url = "https://" + opt["--region"] + ".iaas.cloud.ibm.com/v1/" +@@ -91,21 +136,28 @@ def connect(opt): + conn.setopt(pycurl.PROXY, "{}".format(opt["--proxy"])) + + # get bearer token +- bearer_token = get_bearer_token(conn, opt) ++ try: ++ try: ++ # FIPS requires usedforsecurity=False and might not be ++ # available on all distros: https://bugs.python.org/issue9216 ++ hash = hashlib.sha256(opt["--apikey"].encode("utf-8"), usedforsecurity=False).hexdigest() ++ except (AttributeError, TypeError): ++ hash = hashlib.sha256(opt["--apikey"].encode("utf-8")).hexdigest() ++ f = open(opt["--token-file"].replace("[hash]", hash)) ++ bearer_token = f.read() ++ f.close() ++ except IOError: ++ bearer_token = get_bearer_token(conn, opt) + + # set auth token for later requests +- conn.setopt(pycurl.HTTPHEADER, [ +- "Content-Type: application/json", +- "Authorization: Bearer {}".format(bearer_token), +- "User-Agent: curl", +- ]) ++ conn = set_bearer_token(conn, bearer_token) + + return conn + + def disconnect(conn): + conn.close() + +-def send_command(conn, command, method="GET", action=None, expected_rc=200): ++def send_command(conn, options, command, method="GET", action=None, expected_rc=200): + if not command.startswith("https"): + url = conn.base_url + command + else: +@@ -130,6 +182,26 @@ def send_command(conn, command, method="GET", action=None, expected_rc=200): + raise(e) + + rc = conn.getinfo(pycurl.HTTP_CODE) ++ ++ # auth if token has expired ++ if rc in [400, 401, 415]: ++ tokenconn = pycurl.Curl() ++ token = get_bearer_token(tokenconn, options) ++ tokenconn.close() ++ conn = set_bearer_token(conn, token) ++ ++ # flush web_buffer ++ web_buffer.close() ++ web_buffer = io.BytesIO() ++ conn.setopt(pycurl.WRITEFUNCTION, web_buffer.write) ++ ++ try: ++ conn.perform() ++ except Exception as e: ++ raise(e) ++ ++ rc = conn.getinfo(pycurl.HTTP_CODE) ++ + result = web_buffer.getvalue().decode("UTF-8") + + web_buffer.close() +@@ -173,7 +245,7 @@ def define_new_opts(): + all_opt["proxy"] = { + "getopt" : ":", + "longopt" : "proxy", +- "help" : "--proxy=[http://:] Proxy: 'http://:'", ++ "help" : "--proxy=[http://:] Proxy: 'http://:'", + "required" : "0", + "default": "", + "shortdesc" : "Network proxy", +@@ -188,14 +260,26 @@ def define_new_opts(): + "shortdesc" : "Number of nodes returned by API", + "order" : 0 + } ++ all_opt["token_file"] = { ++ "getopt" : ":", ++ "longopt" : "token-file", ++ "help" : "--token-file=[path] Path to the token cache file\n" ++ "\t\t\t\t (Default: @FENCETMPDIR@/fence_ibm_vpc/[hash].token)\n" ++ "\t\t\t\t [hash] will be replaced by a hashed value", ++ "required" : "0", ++ "default": "@FENCETMPDIR@/fence_ibm_vpc/[hash].token", ++ "shortdesc" : "Path to the token cache file", ++ "order" : 0 ++ } + + + def main(): + device_opt = [ + "apikey", + "region", +- "limit", + "proxy", ++ "limit", ++ "token_file", + "port", + "no_password", + ] +diff --git a/tests/data/metadata/fence_ibm_vpc.xml b/tests/data/metadata/fence_ibm_vpc.xml +index acf4925fc..c35bc4619 100644 +--- a/tests/data/metadata/fence_ibm_vpc.xml ++++ b/tests/data/metadata/fence_ibm_vpc.xml +@@ -23,6 +23,10 @@ + + Region + ++ ++ ++ Path to the token cache file ++ + + + diff --git a/SOURCES/bz2122944-1-fence_vmware_soap-set-timeout-cleanup-tmp-dirs.patch b/SOURCES/bz2122944-1-fence_vmware_soap-set-timeout-cleanup-tmp-dirs.patch new file mode 100644 index 0000000..fee804b --- /dev/null +++ b/SOURCES/bz2122944-1-fence_vmware_soap-set-timeout-cleanup-tmp-dirs.patch @@ -0,0 +1,70 @@ +From d4d2dd5066b62210a05c1256c6aee39609e3a974 Mon Sep 17 00:00:00 2001 +From: Thanasis Katsios +Date: Mon, 1 Nov 2021 12:31:36 +0200 +Subject: [PATCH 1/3] fence_vmware_soap: Use --login-timeout option + +Fixes issue #446. +--- + agents/vmware_soap/fence_vmware_soap.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py +index a7f08b3d6..034695931 100644 +--- a/agents/vmware_soap/fence_vmware_soap.py ++++ b/agents/vmware_soap/fence_vmware_soap.py +@@ -57,7 +57,8 @@ def soap_login(options): + + try: + headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : "vim25"} +- conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers) ++ login_timeout = int(options["--login-timeout"]) ++ conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers, timeout=login_timeout) + + mo_ServiceInstance = Property('ServiceInstance') + mo_ServiceInstance._type = 'ServiceInstance' + +From 1e8f0d7582c7768149269f8d002d71b2febbdda0 Mon Sep 17 00:00:00 2001 +From: Thanasis Katsios +Date: Tue, 2 Nov 2021 16:52:59 +0200 +Subject: [PATCH 2/3] Set timeout to 60s when disable-timeouts is used + +--- + agents/vmware_soap/fence_vmware_soap.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py +index 034695931..38101352e 100644 +--- a/agents/vmware_soap/fence_vmware_soap.py ++++ b/agents/vmware_soap/fence_vmware_soap.py +@@ -57,7 +57,7 @@ def soap_login(options): + + try: + headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : "vim25"} +- login_timeout = int(options["--login-timeout"]) ++ login_timeout = 60 if "--disable-timeout" in options and options["--disable-timeout"] != "false" else int(options["--login-timeout"]) + conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers, timeout=login_timeout) + + mo_ServiceInstance = Property('ServiceInstance') + +From 8094c8a5a06adf0bd891d4fddcc0b72861a0947e Mon Sep 17 00:00:00 2001 +From: Thanasis Katsios +Date: Tue, 2 Nov 2021 18:51:02 +0200 +Subject: [PATCH 3/3] Support disable-timeout simplification + +--- + agents/vmware_soap/fence_vmware_soap.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py +index 38101352e..2cd45e0b3 100644 +--- a/agents/vmware_soap/fence_vmware_soap.py ++++ b/agents/vmware_soap/fence_vmware_soap.py +@@ -57,7 +57,7 @@ def soap_login(options): + + try: + headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : "vim25"} +- login_timeout = 60 if "--disable-timeout" in options and options["--disable-timeout"] != "false" else int(options["--login-timeout"]) ++ login_timeout = int(options["--login-timeout"]) or 60 + conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers, timeout=login_timeout) + + mo_ServiceInstance = Property('ServiceInstance') diff --git a/SOURCES/bz2122944-2-fence_vmware_soap-login-timeout-15s.patch b/SOURCES/bz2122944-2-fence_vmware_soap-login-timeout-15s.patch new file mode 100644 index 0000000..58b90bc --- /dev/null +++ b/SOURCES/bz2122944-2-fence_vmware_soap-login-timeout-15s.patch @@ -0,0 +1,23 @@ +From 2d4b3ea47fa7a9a301d34cefc8f279cae7df4afd Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 26 Jan 2023 13:19:16 +0100 +Subject: [PATCH] fence_vmware_soap: set login_timeout lower than default + pcmk_monitor_timeout (20s) to remove tmp dirs on fail + +--- + agents/vmware_soap/fence_vmware_soap.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py +index b1d27a9fb..4a4ec1780 100644 +--- a/agents/vmware_soap/fence_vmware_soap.py ++++ b/agents/vmware_soap/fence_vmware_soap.py +@@ -57,7 +57,7 @@ def soap_login(options): + + try: + headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : "vim25"} +- login_timeout = int(options["--login-timeout"]) or 60 ++ login_timeout = int(options["--login-timeout"]) or 15 + conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers, timeout=login_timeout) + + mo_ServiceInstance = Property('ServiceInstance') diff --git a/SOURCES/bz2127878-fence_ibm_vpc-add-token-cache-support.patch b/SOURCES/bz2127878-fence_ibm_vpc-add-token-cache-support.patch deleted file mode 100644 index a3002a7..0000000 --- a/SOURCES/bz2127878-fence_ibm_vpc-add-token-cache-support.patch +++ /dev/null @@ -1,432 +0,0 @@ -From bccac64a5135815ada30d385ab573409f1176905 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Thu, 7 Jul 2022 14:18:21 +0200 -Subject: [PATCH 1/3] build: make xml-check: ignore detected paths in *_file - parameters not matching saved metadata - ---- - make/agentpycheck.mk | 2 +- - 83 files changed, 1 insertion(+), 108 deletions(-) - -diff --git a/make/agentpycheck.mk b/make/agentpycheck.mk -index f686c4c89..4044dbad3 100644 ---- a/make/agentpycheck.mk -+++ b/make/agentpycheck.mk -@@ -1,5 +1,5 @@ - DATADIR:=$(abs_top_srcdir)/tests/data/metadata --AWK_VAL='BEGIN {store=-1} /name=".*_path"/ {store=2} {if (store!=0) {print}; store--}' -+AWK_VAL='BEGIN {store=-1} /name=".*_path"/ || /name=".*_file"/ {store=2} {if (store!=0) {print}; store--}' - - TEST_TARGET=$(filter-out $(TEST_TARGET_SKIP),$(TARGET)) - -From 1b7f3cc431ca53962506e6d96e7a4938c4388416 Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Fri, 1 Jul 2022 13:29:16 +0200 -Subject: [PATCH 2/3] build: add FENCETMPDIR for state files - ---- - Makefile.am | 3 ++- - configure.ac | 30 ++++++++++++++++++++++++++++++ - m4/PKG_CHECK_VAR.m4 | 24 ++++++++++++++++++++++++ - make/fencebuild.mk | 1 + - systemd/Makefile.am | 24 ++++++++++++++++++++++++ - systemd/fence-agents.conf.in | 1 + - 7 files changed, 97 insertions(+), 2 deletions(-) - create mode 100644 m4/PKG_CHECK_VAR.m4 - create mode 100644 systemd/Makefile.am - create mode 100644 systemd/fence-agents.conf.in - -diff --git a/Makefile.am b/Makefile.am -index c1091b93a..1d115e5aa 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -23,7 +23,7 @@ TARFILES = $(PACKAGE_NAME)-$(VERSION).tar.bz2 \ - - ACLOCAL_AMFLAGS = -I m4 - --SUBDIRS = lib agents doc -+SUBDIRS = lib agents doc systemd - - .PHONY: $(SUBDIRS) - -@@ -34,6 +34,7 @@ doc: agents - install-exec-local: - $(INSTALL) -d $(DESTDIR)/$(LOGDIR) - $(INSTALL) -d $(DESTDIR)/$(CLUSTERVARRUN) -+ $(INSTALL) -d -m 1755 $(DESTDIR)$(FENCETMPDIR) - - uninstall-local: - rmdir $(DESTDIR)/$(LOGDIR) || :; -diff --git a/configure.ac b/configure.ac -index 1bad8e3b0..d7afb8dbe 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -135,10 +135,38 @@ AC_ARG_WITH([agents], - [ AGENTS_LIST="$withval" ], - [ AGENTS_LIST="all" ]) - -+FENCETMPDIR=${localstatedir}/run/fence-agents -+AC_ARG_WITH(fencetmpdir, -+ [ --with-fencetmpdir=DIR directory for fence agents state files [${FENCETMPDIR}]], -+ [ FENCETMPDIR="$withval" ]) -+ -+# Expand $prefix -+eval FENCETMPDIR="`eval echo ${FENCETMPDIR}`" -+AC_DEFINE_UNQUOTED(FENCETMPDIR,"$FENCETMPDIR", Where Fence agents keep state files) -+AC_SUBST(FENCETMPDIR) -+ -+ - if test "x$AGENTS_LIST" = x; then - AC_ERROR([No agents selected]) - fi - -+# PKG_CHECK_MODULES will fail if systemd is not found by default, so make sure -+# we set the proper vars and deal with it -+PKG_CHECK_MODULES([systemd], [systemd], [HAS_SYSTEMD=yes], [HAS_SYSTEMD=no]) -+if test "x$HAS_SYSTEMD" == "xyes"; then -+ PKG_CHECK_VAR([SYSTEMD_TMPFILES_DIR], [systemd], [tmpfilesdir]) -+ if test "x$SYSTEMD_TMPFILES_DIR" == "x"; then -+ AC_MSG_ERROR([Unable to detect systemd tmpfiles directory automatically]) -+ fi -+ -+ # sanitize systed vars when using non standard prefix -+ if test "$prefix" != "/usr"; then -+ SYSTEMD_TMPFILES_DIR="$prefix/$SYSTEMD_TMPFILES_DIR" -+ AC_SUBST([SYSTEMD_TMPFILES_DIR]) -+ fi -+fi -+AM_CONDITIONAL(HAVE_SYSTEMD, [test "x$HAS_SYSTEMD" == xyes ]) -+ - FENCE_KDUMP=0 - if echo "$AGENTS_LIST" | grep -q -E "all|kdump"; then - case "$host_os" in -@@ -552,6 +580,8 @@ AC_CONFIG_FILES([Makefile - agents/Makefile - lib/Makefile - doc/Makefile -+ systemd/Makefile -+ systemd/fence-agents.conf - agents/virt/Makefile - agents/virt/config/Makefile - agents/virt/common/Makefile -diff --git a/m4/PKG_CHECK_VAR.m4 b/m4/PKG_CHECK_VAR.m4 -new file mode 100644 -index 000000000..2221a69eb ---- /dev/null -+++ b/m4/PKG_CHECK_VAR.m4 -@@ -0,0 +1,24 @@ -+dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, -+dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -+dnl ------------------------------------------- -+dnl Since: 0.28 -+dnl -+dnl Retrieves the value of the pkg-config variable for the given module. -+dnl -+dnl Origin (declared license: GPLv2+ with less restrictive exception): -+dnl https://cgit.freedesktop.org/pkg-config/tree/pkg.m4.in?h=pkg-config-0.29.1#n261 -+dnl (AS_VAR_COPY replaced with backward-compatible equivalent and guard -+dnl to prefer system-wide variant by Jan Pokorny ) -+ -+m4_ifndef([PKG_CHECK_VAR],[ -+AC_DEFUN([PKG_CHECK_VAR], -+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl -+ -+_PKG_CONFIG([$1], [variable="][$3]["], [$2]) -+dnl AS_VAR_COPY([$1], [pkg_cv_][$1]) -+$1=AS_VAR_GET([pkg_cv_][$1]) -+ -+AS_VAR_IF([$1], [""], [$5], [$4])dnl -+])dnl PKG_CHECK_VAR -+])dnl m4_ifndef -diff --git a/make/fencebuild.mk b/make/fencebuild.mk -index 762db62c4..9a3c6d6dd 100644 ---- a/make/fencebuild.mk -+++ b/make/fencebuild.mk -@@ -8,6 +8,7 @@ define gen_agent_from_py - -e 's#@''LOGDIR@#${LOGDIR}#g' \ - -e 's#@''SBINDIR@#${sbindir}#g' \ - -e 's#@''LIBEXECDIR@#${libexecdir}#g' \ -+ -e 's#@''FENCETMPDIR@#${FENCETMPDIR}#g' \ - -e 's#@''IPMITOOL_PATH@#${IPMITOOL_PATH}#g' \ - -e 's#@''OPENSTACK_PATH@#${OPENSTACK_PATH}#g' \ - -e 's#@''AMTTOOL_PATH@#${AMTTOOL_PATH}#g' \ -diff --git a/systemd/Makefile.am b/systemd/Makefile.am -new file mode 100644 -index 000000000..aa3a01679 ---- /dev/null -+++ b/systemd/Makefile.am -@@ -0,0 +1,24 @@ -+# -+# Copyright (C) 2017 Oyvind Albrigtsen -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License -+# as published by the Free Software Foundation; either version 2 -+# of the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+# -+ -+MAINTAINERCLEANFILES = Makefile.in -+ -+if HAVE_SYSTEMD -+tmpfilesdir = $(SYSTEMD_TMPFILES_DIR) -+tmpfiles_DATA = fence-agents.conf -+endif -diff --git a/systemd/fence-agents.conf.in b/systemd/fence-agents.conf.in -new file mode 100644 -index 000000000..4181287da ---- /dev/null -+++ b/systemd/fence-agents.conf.in -@@ -0,0 +1 @@ -+d @FENCETMPDIR@ 1755 root root - -From d5a12d9c30b66eb8720e037c4dce5fe0f3ad7dbb Mon Sep 17 00:00:00 2001 -From: Oyvind Albrigtsen -Date: Thu, 30 Jun 2022 13:20:37 +0200 -Subject: [PATCH 3/3] fence_ibm_vpc: add token cache support - ---- - agents/ibm_vpc/fence_ibm_vpc.py | 126 ++++++++++++++++++++---- - tests/data/metadata/fence_ibm_vpc.xml | 4 + - 3 files changed, 110 insertions(+), 22 deletions(-) - - def auth_connect(opt): -diff --git a/agents/ibm_vpc/fence_ibm_vpc.py b/agents/ibm_vpc/fence_ibm_vpc.py -index 3da3ce056..847010584 100755 ---- a/agents/ibm_vpc/fence_ibm_vpc.py -+++ b/agents/ibm_vpc/fence_ibm_vpc.py -@@ -4,9 +4,10 @@ - import pycurl, io, json - import logging - import atexit -+import hashlib - sys.path.append("@FENCEAGENTSLIBDIR@") - from fencing import * --from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS -+from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS, EC_GENERIC_ERROR - - state = { - "running": "on", -@@ -22,7 +23,7 @@ def get_list(conn, options): - - try: - command = "instances?version=2021-05-25&generation=2&limit={}".format(options["--limit"]) -- res = send_command(conn, command) -+ res = send_command(conn, options, command) - except Exception as e: - logging.debug("Failed: Unable to get list: {}".format(e)) - return outlets -@@ -38,7 +39,7 @@ def get_list(conn, options): - def get_power_status(conn, options): - try: - command = "instances/{}?version=2021-05-25&generation=2".format(options["--plug"]) -- res = send_command(conn, command) -+ res = send_command(conn, options, command) - result = state[res["status"]] - if options["--verbose-level"] > 1: - logging.debug("Result:\n{}".format(json.dumps(res, indent=2))) -@@ -57,27 +58,71 @@ def set_power_status(conn, options): - - try: - command = "instances/{}/actions?version=2021-05-25&generation=2".format(options["--plug"]) -- send_command(conn, command, "POST", action, 201) -+ send_command(conn, options, command, "POST", action, 201) - except Exception as e: - logging.debug("Failed: Unable to set power to {} for {}".format(options["--action"], e)) - fail(EC_STATUS) - - def get_bearer_token(conn, options): -+ import os, errno -+ -+ try: -+ # FIPS requires usedforsecurity=False and might not be -+ # available on all distros: https://bugs.python.org/issue9216 -+ hash = hashlib.sha256(options["--apikey"].encode("utf-8"), usedforsecurity=False).hexdigest() -+ except (AttributeError, TypeError): -+ hash = hashlib.sha256(options["--apikey"].encode("utf-8")).hexdigest() -+ file_path = options["--token-file"].replace("[hash]", hash) - token = None -+ -+ if not os.path.isdir(os.path.dirname(file_path)): -+ os.makedirs(os.path.dirname(file_path)) -+ -+ # For security, remove file with potentially elevated mode - try: -- conn.setopt(pycurl.HTTPHEADER, [ -- "Content-Type: application/x-www-form-urlencoded", -- "User-Agent: curl", -- ]) -- token = send_command(conn, "https://iam.cloud.ibm.com/identity/token", "POST", "grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey={}".format(options["--apikey"]))["access_token"] -- except Exception: -- logging.error("Failed: Unable to authenticate") -- fail(EC_LOGIN_DENIED) -+ os.remove(file_path) -+ except OSError: -+ pass -+ -+ try: -+ oldumask = os.umask(0) -+ file_handle = os.open(file_path, os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0o600) -+ except OSError as e: -+ if e.errno == errno.EEXIST: # Failed as the file already exists. -+ logging.error("Failed: File already exists: {}".format(e)) -+ sys.exit(EC_GENERIC_ERROR) -+ else: # Something unexpected went wrong -+ logging.error("Failed: Unable to open file: {}".format(e)) -+ sys.exit(EC_GENERIC_ERROR) -+ else: # No exception, so the file must have been created successfully. -+ with os.fdopen(file_handle, 'w') as file_obj: -+ try: -+ conn.setopt(pycurl.HTTPHEADER, [ -+ "Content-Type: application/x-www-form-urlencoded", -+ "User-Agent: curl", -+ ]) -+ token = send_command(conn, options, "https://iam.cloud.ibm.com/identity/token", "POST", "grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey={}".format(options["--apikey"]))["access_token"] -+ except Exception as e: -+ logging.error("Failed: Unable to authenticate: {}".format(e)) -+ fail(EC_LOGIN_DENIED) -+ file_obj.write(token) -+ finally: -+ os.umask(oldumask) - - return token - -+def set_bearer_token(conn, bearer_token): -+ conn.setopt(pycurl.HTTPHEADER, [ -+ "Content-Type: application/json", -+ "Authorization: Bearer {}".format(bearer_token), -+ "User-Agent: curl", -+ ]) -+ -+ return conn -+ - def connect(opt): - conn = pycurl.Curl() -+ bearer_token = "" - - ## setup correct URL - conn.base_url = "https://" + opt["--region"] + ".iaas.cloud.ibm.com/v1/" -@@ -91,21 +136,28 @@ def connect(opt): - conn.setopt(pycurl.PROXY, "{}".format(opt["--proxy"])) - - # get bearer token -- bearer_token = get_bearer_token(conn, opt) -+ try: -+ try: -+ # FIPS requires usedforsecurity=False and might not be -+ # available on all distros: https://bugs.python.org/issue9216 -+ hash = hashlib.sha256(opt["--apikey"].encode("utf-8"), usedforsecurity=False).hexdigest() -+ except (AttributeError, TypeError): -+ hash = hashlib.sha256(opt["--apikey"].encode("utf-8")).hexdigest() -+ f = open(opt["--token-file"].replace("[hash]", hash)) -+ bearer_token = f.read() -+ f.close() -+ except IOError: -+ bearer_token = get_bearer_token(conn, opt) - - # set auth token for later requests -- conn.setopt(pycurl.HTTPHEADER, [ -- "Content-Type: application/json", -- "Authorization: Bearer {}".format(bearer_token), -- "User-Agent: curl", -- ]) -+ conn = set_bearer_token(conn, bearer_token) - - return conn - - def disconnect(conn): - conn.close() - --def send_command(conn, command, method="GET", action=None, expected_rc=200): -+def send_command(conn, options, command, method="GET", action=None, expected_rc=200): - if not command.startswith("https"): - url = conn.base_url + command - else: -@@ -130,6 +182,26 @@ def send_command(conn, command, method="GET", action=None, expected_rc=200): - raise(e) - - rc = conn.getinfo(pycurl.HTTP_CODE) -+ -+ # auth if token has expired -+ if rc in [400, 401, 415]: -+ tokenconn = pycurl.Curl() -+ token = get_bearer_token(tokenconn, options) -+ tokenconn.close() -+ conn = set_bearer_token(conn, token) -+ -+ # flush web_buffer -+ web_buffer.close() -+ web_buffer = io.BytesIO() -+ conn.setopt(pycurl.WRITEFUNCTION, web_buffer.write) -+ -+ try: -+ conn.perform() -+ except Exception as e: -+ raise(e) -+ -+ rc = conn.getinfo(pycurl.HTTP_CODE) -+ - result = web_buffer.getvalue().decode("UTF-8") - - web_buffer.close() -@@ -173,7 +245,7 @@ def define_new_opts(): - all_opt["proxy"] = { - "getopt" : ":", - "longopt" : "proxy", -- "help" : "--proxy=[http://:] Proxy: 'http://:'", -+ "help" : "--proxy=[http://:] Proxy: 'http://:'", - "required" : "0", - "default": "", - "shortdesc" : "Network proxy", -@@ -188,14 +260,26 @@ def define_new_opts(): - "shortdesc" : "Number of nodes returned by API", - "order" : 0 - } -+ all_opt["token_file"] = { -+ "getopt" : ":", -+ "longopt" : "token-file", -+ "help" : "--token-file=[path] Path to the token cache file\n" -+ "\t\t\t\t (Default: @FENCETMPDIR@/fence_ibm_vpc/[hash].token)\n" -+ "\t\t\t\t [hash] will be replaced by a hashed value", -+ "required" : "0", -+ "default": "@FENCETMPDIR@/fence_ibm_vpc/[hash].token", -+ "shortdesc" : "Path to the token cache file", -+ "order" : 0 -+ } - - - def main(): - device_opt = [ - "apikey", - "region", -- "limit", - "proxy", -+ "limit", -+ "token_file", - "port", - "no_password", - ] -diff --git a/tests/data/metadata/fence_ibm_vpc.xml b/tests/data/metadata/fence_ibm_vpc.xml -index acf4925fc..c35bc4619 100644 ---- a/tests/data/metadata/fence_ibm_vpc.xml -+++ b/tests/data/metadata/fence_ibm_vpc.xml -@@ -23,6 +23,10 @@ - - Region - -+ -+ -+ Path to the token cache file -+ - - - diff --git a/SOURCES/bz2132008-fence_virt-add-note-reboot-action.patch b/SOURCES/bz2132008-fence_virt-add-note-reboot-action.patch new file mode 100644 index 0000000..212a051 --- /dev/null +++ b/SOURCES/bz2132008-fence_virt-add-note-reboot-action.patch @@ -0,0 +1,51 @@ +From d664c254608c9342785f92d3da2ff6ba2466df3b Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 4 Oct 2022 13:43:13 +0200 +Subject: [PATCH] fence_virt: add note that reboot-action doesnt power on nodes + that are powered off + +--- + agents/virt/client/options.c | 7 ++++--- + tests/data/metadata/fence_virt.xml | 4 +++- + 2 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/agents/virt/client/options.c b/agents/virt/client/options.c +index ff624481b..ddd6bc4e0 100644 +--- a/agents/virt/client/options.c ++++ b/agents/virt/client/options.c +@@ -734,9 +734,9 @@ args_usage(char *progname, const char *optstr, int print_stdin) + + if (!print_stdin) { + if (progname) { +- printf("usage: %s [args]\n", progname); ++ printf("usage: %s [args]\n\nNOTE: reboot-action does not power on nodes that are powered off.\n\n", progname); + } else { +- printf("usage: fence_virt [args]\n"); ++ printf("usage: fence_virt [args]\n\nNOTE: reboot-action does not power on nodes that are powered off.\n\n"); + } + } + +@@ -766,7 +766,8 @@ args_metadata(char *progname, const char *optstr) + printf("\n"); + printf("\n", basename(progname)); + printf("%s is an I/O Fencing agent which can be used with " +- "virtual machines.\n", basename(progname)); ++ "virtual machines.\n\nNOTE: reboot-action does not power on nodes that are powered off." ++ "\n", basename(progname)); + printf("https://libvirt.org\n"); + printf("\n"); + +diff --git a/tests/data/metadata/fence_virt.xml b/tests/data/metadata/fence_virt.xml +index eb1959a11..612d4d3cb 100644 +--- a/tests/data/metadata/fence_virt.xml ++++ b/tests/data/metadata/fence_virt.xml +@@ -1,6 +1,8 @@ + + +-fence_virt is an I/O Fencing agent which can be used with virtual machines. ++fence_virt is an I/O Fencing agent which can be used with virtual machines. ++ ++NOTE: reboot-action does not power on nodes that are powered off. + https://libvirt.org + + diff --git a/SOURCES/bz2134015-fence_lpar-only-output-additional-info-on-debug.patch b/SOURCES/bz2134015-fence_lpar-only-output-additional-info-on-debug.patch new file mode 100644 index 0000000..8d29594 --- /dev/null +++ b/SOURCES/bz2134015-fence_lpar-only-output-additional-info-on-debug.patch @@ -0,0 +1,33 @@ +From 46f94d4dbad868afc70b96bd612323221991d06e Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 11 Oct 2022 09:51:24 +0200 +Subject: [PATCH] fence_lpar: only output additional error output on DEBUG + level + +Without this patch we get ERROR logged with trace info when doing +status-action for nodes that doesnt exist. +--- + agents/lpar/fence_lpar.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/agents/lpar/fence_lpar.py b/agents/lpar/fence_lpar.py +index 2046b0e4e..975971a57 100644 +--- a/agents/lpar/fence_lpar.py ++++ b/agents/lpar/fence_lpar.py +@@ -12,6 +12,7 @@ + + import sys, re + import atexit ++import logging + sys.path.append("@FENCEAGENTSLIBDIR@") + from fencing import * + from fencing import fail, fail_usage, EC_STATUS_HMC +@@ -48,7 +49,7 @@ def get_power_status(conn, options): + elif options["--hmc-version"] in ["4", "IVM"]: + status = re.compile(",state=(.*?),", re.IGNORECASE).search(conn.before).group(1) + except AttributeError as e: +- fail_usage("Command on HMC failed: {}\n{}".format(command, str(e)), False) ++ logging.debug("Command on HMC failed: {}\n{}".format(command, str(e))) + fail(EC_STATUS_HMC) + + return _normalize_status(status) diff --git a/SOURCES/bz2136191-fence_ibm_powervs-improve-defaults.patch b/SOURCES/bz2136191-fence_ibm_powervs-improve-defaults.patch new file mode 100644 index 0000000..7f5e578 --- /dev/null +++ b/SOURCES/bz2136191-fence_ibm_powervs-improve-defaults.patch @@ -0,0 +1,46 @@ +From 3373431dc49d6e429bbf613765385cb33a56e917 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 25 Oct 2022 10:39:29 +0200 +Subject: [PATCH] fence_ibm_powervs: improve defaults based on testing + +--- + agents/ibm_powervs/fence_ibm_powervs.py | 4 ++-- + tests/data/metadata/fence_ibm_powervs.xml | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/agents/ibm_powervs/fence_ibm_powervs.py b/agents/ibm_powervs/fence_ibm_powervs.py +index b0caed7c5..183893616 100755 +--- a/agents/ibm_powervs/fence_ibm_powervs.py ++++ b/agents/ibm_powervs/fence_ibm_powervs.py +@@ -232,10 +232,10 @@ def main(): + atexit.register(atexit_handler) + define_new_opts() + +- all_opt["shell_timeout"]["default"] = "15" ++ all_opt["shell_timeout"]["default"] = "500" + all_opt["power_timeout"]["default"] = "30" + all_opt["power_wait"]["default"] = "1" +- all_opt["stonith_status_sleep"]["default"] = "3" ++ all_opt["stonith_status_sleep"]["default"] = "2" + all_opt["api-type"]["default"] = "private" + all_opt["proxy"]["default"] = "" + +diff --git a/tests/data/metadata/fence_ibm_powervs.xml b/tests/data/metadata/fence_ibm_powervs.xml +index 40c494110..326bc2378 100644 +--- a/tests/data/metadata/fence_ibm_powervs.xml ++++ b/tests/data/metadata/fence_ibm_powervs.xml +@@ -119,12 +119,12 @@ + + + +- ++ + Wait X seconds for cmd prompt after issuing command + + + +- ++ + Sleep X seconds between status calls during a STONITH action + + diff --git a/SOURCES/bz2138823-fence_virtd-update-manpage.patch b/SOURCES/bz2138823-fence_virtd-update-manpage.patch new file mode 100644 index 0000000..076992d --- /dev/null +++ b/SOURCES/bz2138823-fence_virtd-update-manpage.patch @@ -0,0 +1,29 @@ +From 6817d9ff018aa1af6fb9775bc9ae1f1cc07fa1ea Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 31 Oct 2022 10:54:10 +0100 +Subject: [PATCH] fence_virtd: add link and non-user socket example to man page + +--- + agents/virt/man/fence_virt.conf.5 | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/agents/virt/man/fence_virt.conf.5 b/agents/virt/man/fence_virt.conf.5 +index c23ffd943..c8434ed65 100644 +--- a/agents/virt/man/fence_virt.conf.5 ++++ b/agents/virt/man/fence_virt.conf.5 +@@ -230,6 +230,15 @@ by a user running a cluster of virtual machines on a single desktop computer. + . + the URI to use when connecting to libvirt. + ++All libvirt URIs are accepted and passed as-is. ++ ++See https://libvirt.org/uri.html#remote-uris for examples. ++ ++NOTE: When VMs are run as non-root user the socket path must be set as part ++of the URI. ++ ++Example: qemu:///session?socket=/run/user//libvirt/virtqemud-sock ++ + .SS libvirt-qmf + + The libvirt-qmf plugin acts as a QMFv2 Console to the libvirt-qmf daemon in diff --git a/SOURCES/bz2144531-fence_virtd-warn-files-not-mode-600.patch b/SOURCES/bz2144531-fence_virtd-warn-files-not-mode-600.patch new file mode 100644 index 0000000..5d72acb --- /dev/null +++ b/SOURCES/bz2144531-fence_virtd-warn-files-not-mode-600.patch @@ -0,0 +1,114 @@ +From 3b311a1b069cec59f3d47242282f5d9c67a82e06 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 21 Nov 2022 12:33:22 +0100 +Subject: [PATCH] fence_virtd: make fence_virtd.conf file mode 600 and fail if + fence_virtd.conf or key file are not mode 600 + +--- + agents/virt/config/Makefile.am | 3 +++ + agents/virt/include/simpleconfig.h | 2 ++ + agents/virt/server/config.c | 26 ++++++++++++++++++++++++++ + agents/virt/server/main.c | 16 ++++++++++++++++ + 4 files changed, 47 insertions(+) + +diff --git a/agents/virt/config/Makefile.am b/agents/virt/config/Makefile.am +index 86d8df415..19d974278 100644 +--- a/agents/virt/config/Makefile.am ++++ b/agents/virt/config/Makefile.am +@@ -37,5 +37,8 @@ y.tab.c: config.y + config.c: y.tab.c config.l + $(LEX) -oconfig.c $(srcdir)/config.l + ++install-exec-hook: ++ chmod 600 $(DESTDIR)$(sysconfdir)/fence_virt.conf ++ + clean-local: + rm -f config.tab.c config.tab.h config.c y.tab.c y.tab.h +diff --git a/agents/virt/include/simpleconfig.h b/agents/virt/include/simpleconfig.h +index 83d54377a..6aba85f02 100644 +--- a/agents/virt/include/simpleconfig.h ++++ b/agents/virt/include/simpleconfig.h +@@ -49,6 +49,8 @@ config_object_t *sc_init(void); + /* Frees a previously-allocated copy of our simple config object */ + void sc_release(config_object_t *c); + ++int check_file_permissions(const char *fname); ++ + int do_configure(config_object_t *config, const char *filename); + + #endif +diff -uNr a/agents/virt/server/config.c b/agents/virt/server/config.c +--- a/agents/virt/server/config.c 2021-07-08 13:09:05.000000000 +0200 ++++ b/agents/virt/server/config.c 2022-11-22 10:59:09.547919852 +0100 +@@ -11,6 +11,7 @@ + #include + #include + #include ++#include + + #include "simpleconfig.h" + #include "static_map.h" +@@ -595,6 +596,31 @@ listener_configure(config_object_t *config) + } + + ++int ++check_file_permissions(const char *fname) ++{ ++ struct stat st; ++ mode_t file_perms = 0600; ++ int ret; ++ ++ ret = stat(fname, &st); ++ if (ret != 0) { ++ printf("stat failed on file '%s': %s\n", ++ fname, strerror(errno)); ++ return 1; ++ } ++ ++ if ((st.st_mode & 0777) != file_perms) { ++ printf("WARNING: invalid permissions on file " ++ "'%s': has 0%o should be 0%o\n", fname, ++ (unsigned int)(st.st_mode & 0777), ++ (unsigned int)file_perms); ++ return 1; ++ } ++ ++ return 0; ++} ++ + int + do_configure(config_object_t *config, const char *config_file) + { +diff -uNr a/agents/virt/server/main.c b/agents/virt/server/main.c +--- a/agents/virt/server/main.c 2021-07-08 13:09:05.000000000 +0200 ++++ b/agents/virt/server/main.c 2022-11-22 10:58:05.894530187 +0100 +@@ -14,7 +14,9 @@ + /* Local includes */ + #include "simpleconfig.h" + #include "static_map.h" ++#include "xvm.h" + #include "server_plugin.h" ++#include "simple_auth.h" + #include "debug.h" + + /* configure.c */ +@@ -203,6 +205,18 @@ + snprintf(pid_file, PATH_MAX, "/var/run/%s.pid", basename(argv[0])); + } + ++ check_file_permissions(config_file); ++ ++ sprintf(val, "listeners/%s/@key_file", listener_name); ++ if (sc_get(config, val, ++ val, sizeof(val)-1) == 0) { ++ dbg_printf(1, "Got %s for key_file\n", val); ++ } else { ++ snprintf(val, sizeof(val), "%s", DEFAULT_KEY_FILE); ++ } ++ ++ check_file_permissions(val); ++ + openlog(basename(argv[0]), LOG_NDELAY | LOG_PID, LOG_DAEMON); + + daemon_init(basename(argv[0]), pid_file, foreground); diff --git a/SOURCES/bz2149655-fence_virtd-update-fence_virt.conf-manpage.patch b/SOURCES/bz2149655-fence_virtd-update-fence_virt.conf-manpage.patch new file mode 100644 index 0000000..8633a5f --- /dev/null +++ b/SOURCES/bz2149655-fence_virtd-update-fence_virt.conf-manpage.patch @@ -0,0 +1,55 @@ +From 6f213eb637bf7d957ba035e3aa09ce1f1bbccf84 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 29 Nov 2022 16:21:18 +0100 +Subject: [PATCH] fence_virtd: add info about using multiple uuid/ip entries + for groups + +--- + agents/virt/man/fence_virt.conf.5 | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/agents/virt/man/fence_virt.conf.5 b/agents/virt/man/fence_virt.conf.5 +index c8434ed65..dfb3504f5 100644 +--- a/agents/virt/man/fence_virt.conf.5 ++++ b/agents/virt/man/fence_virt.conf.5 +@@ -1,4 +1,4 @@ +-.TH fence_virtd.conf 5 ++.TH fence_virt.conf 5 + + .SH NAME + fence_virt.conf - configuration file for fence_virtd +@@ -304,15 +304,17 @@ This defines a group. + .TP + .B uuid + . +-defines UUID as a member of a group. ++Defines UUID as a member of a group. It can be used multiple times ++to specify both node name and UUID values that can be fenced. + + .TP + .B ip + . +-defines an IP which is allowed to send fencing requests +-for members of this group (e.g. for multicast). It is +-highly recommended that this be used in conjunction with +-a key file. ++Defines an IP which is allowed to send fencing requests ++for members of this group (e.g. for multicast). It can be used ++multiple times to allow more than 1 IP to send fencing requests to ++the group. It is highly recommended that this be used in conjunction ++with a key file. + + + +@@ -340,8 +342,11 @@ a key file. + groups { + group { + ip = "192.168.1.1"; ++ ip = "192.168.1.2"; + uuid = "44179d3f-6c63-474f-a212-20c8b4b25b16"; + uuid = "1ce02c4b-dfa1-42cb-b5b1-f0b1091ece60"; ++ uuid = "node1"; ++ uuid = "node2"; + } + } + diff --git a/SOURCES/bz2152107-fencing-1-add-plug_separator.patch b/SOURCES/bz2152107-fencing-1-add-plug_separator.patch new file mode 100644 index 0000000..e0a8f08 --- /dev/null +++ b/SOURCES/bz2152107-fencing-1-add-plug_separator.patch @@ -0,0 +1,74 @@ +From 90ea995038e560222f9345310f31a79b595a5219 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 24 Nov 2022 10:19:29 +0100 +Subject: [PATCH 1/2] fencing: add plug_separator parameter to be able to + specify one that isnt part of the plug name(s) + +--- + lib/fencing.py.py | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/lib/fencing.py.py b/lib/fencing.py.py +index 940bd01d1..cf1c48e78 100644 +--- a/lib/fencing.py.py ++++ b/lib/fencing.py.py +@@ -322,6 +322,13 @@ + "help" : "-6, --inet6-only Forces agent to use IPv6 addresses only", + "required" : "0", + "order" : 1}, ++ "plug_separator" : { ++ "getopt" : ":", ++ "longopt" : "plug-separator", ++ "help" : "--plug-separator=[char] Separator for plug parameter when specifying more than 1 plug", ++ "default" : ",", ++ "required" : "0", ++ "order" : 100}, + "separator" : { + "getopt" : "C:", + "longopt" : "separator", +@@ -934,7 +941,7 @@ def fence_action(connection, options, set_power_fn, get_power_fn, get_outlet_lis + + try: + if "--plug" in options: +- options["--plugs"] = options["--plug"].split(",") ++ options["--plugs"] = options["--plug"].split(options["--plug-separator"]) + + ## Process options that manipulate fencing device + ##### + +From 55e2a56b81ed2188dedfce07cc3155e2175183cd Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 28 Nov 2022 12:40:00 +0100 +Subject: [PATCH 2/2] fence_wti: increase login timeout to avoid random + timeouts + +--- + agents/wti/fence_wti.py | 1 + + tests/data/metadata/fence_wti.xml | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/agents/wti/fence_wti.py b/agents/wti/fence_wti.py +index 68640ae65..97cc66de2 100644 +--- a/agents/wti/fence_wti.py ++++ b/agents/wti/fence_wti.py +@@ -178,6 +178,7 @@ def main(): + atexit.register(atexit_handler) + + all_opt["cmd_prompt"]["default"] = ["RSM>", "MPC>", "IPS>", "TPS>", "NBB>", "NPS>", "VMR>"] ++ all_opt["login_timeout"]["default"] = "10" + + options = check_input(device_opt, process_input(device_opt)) + +diff --git a/tests/data/metadata/fence_wti.xml b/tests/data/metadata/fence_wti.xml +index 6bdccd2dc..8e15f4852 100644 +--- a/tests/data/metadata/fence_wti.xml ++++ b/tests/data/metadata/fence_wti.xml +@@ -153,7 +153,7 @@ + + + +- ++ + Wait X seconds for cmd prompt after login + + diff --git a/SOURCES/bz2152107-fencing-2-update-DEPENDENCY_OPT.patch b/SOURCES/bz2152107-fencing-2-update-DEPENDENCY_OPT.patch new file mode 100644 index 0000000..3a6b943 --- /dev/null +++ b/SOURCES/bz2152107-fencing-2-update-DEPENDENCY_OPT.patch @@ -0,0 +1,1382 @@ +From 0f280ea4a299037a7d4e99d80b0193fd6fcdbd79 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 24 Jan 2023 12:19:41 +0100 +Subject: [PATCH] fencing: add plug_separator to default DEPENDENCY_OPT + +--- + lib/fencing.py.py | 2 +- + tests/data/metadata/fence_aliyun.xml | 5 +++++ + tests/data/metadata/fence_alom.xml | 5 +++++ + tests/data/metadata/fence_amt.xml | 5 +++++ + tests/data/metadata/fence_amt_ws.xml | 5 +++++ + tests/data/metadata/fence_apc.xml | 5 +++++ + tests/data/metadata/fence_apc_snmp.xml | 5 +++++ + tests/data/metadata/fence_aws.xml | 5 +++++ + tests/data/metadata/fence_azure_arm.xml | 5 +++++ + tests/data/metadata/fence_bladecenter.xml | 5 +++++ + tests/data/metadata/fence_brocade.xml | 5 +++++ + tests/data/metadata/fence_cdu.xml | 5 +++++ + tests/data/metadata/fence_cisco_mds.xml | 5 +++++ + tests/data/metadata/fence_cisco_ucs.xml | 5 +++++ + tests/data/metadata/fence_compute.xml | 5 +++++ + tests/data/metadata/fence_crosslink.xml | 5 +++++ + tests/data/metadata/fence_docker.xml | 5 +++++ + tests/data/metadata/fence_drac.xml | 5 +++++ + tests/data/metadata/fence_drac5.xml | 5 +++++ + tests/data/metadata/fence_dummy.xml | 5 +++++ + tests/data/metadata/fence_eaton_snmp.xml | 5 +++++ + tests/data/metadata/fence_emerson.xml | 5 +++++ + tests/data/metadata/fence_eps.xml | 5 +++++ + tests/data/metadata/fence_evacuate.xml | 5 +++++ + tests/data/metadata/fence_gce.xml | 5 +++++ + tests/data/metadata/fence_hds_cb.xml | 5 +++++ + tests/data/metadata/fence_heuristics_ping.xml | 5 +++++ + tests/data/metadata/fence_hpblade.xml | 5 +++++ + tests/data/metadata/fence_ibm_powervs.xml | 5 +++++ + tests/data/metadata/fence_ibm_vpc.xml | 5 +++++ + tests/data/metadata/fence_ibmblade.xml | 5 +++++ + tests/data/metadata/fence_ibmz.xml | 5 +++++ + tests/data/metadata/fence_idrac.xml | 5 +++++ + tests/data/metadata/fence_ifmib.xml | 5 +++++ + tests/data/metadata/fence_ilo.xml | 5 +++++ + tests/data/metadata/fence_ilo2.xml | 5 +++++ + tests/data/metadata/fence_ilo3.xml | 5 +++++ + tests/data/metadata/fence_ilo3_ssh.xml | 5 +++++ + tests/data/metadata/fence_ilo4.xml | 5 +++++ + tests/data/metadata/fence_ilo4_ssh.xml | 5 +++++ + tests/data/metadata/fence_ilo5.xml | 5 +++++ + tests/data/metadata/fence_ilo5_ssh.xml | 5 +++++ + tests/data/metadata/fence_ilo_moonshot.xml | 5 +++++ + tests/data/metadata/fence_ilo_mp.xml | 5 +++++ + tests/data/metadata/fence_ilo_ssh.xml | 5 +++++ + tests/data/metadata/fence_imm.xml | 5 +++++ + tests/data/metadata/fence_intelmodular.xml | 5 +++++ + tests/data/metadata/fence_ipdu.xml | 5 +++++ + tests/data/metadata/fence_ipmilan.xml | 5 +++++ + tests/data/metadata/fence_ipmilanplus.xml | 5 +++++ + tests/data/metadata/fence_ironic.xml | 5 +++++ + tests/data/metadata/fence_kubevirt.xml | 5 +++++ + tests/data/metadata/fence_ldom.xml | 5 +++++ + tests/data/metadata/fence_lindypdu.xml | 5 +++++ + tests/data/metadata/fence_lpar.xml | 5 +++++ + tests/data/metadata/fence_mpath.xml | 5 +++++ + tests/data/metadata/fence_netio.xml | 5 +++++ + tests/data/metadata/fence_openstack.xml | 5 +++++ + tests/data/metadata/fence_ovh.xml | 5 +++++ + tests/data/metadata/fence_powerman.xml | 5 +++++ + tests/data/metadata/fence_pve.xml | 5 +++++ + tests/data/metadata/fence_raritan.xml | 5 +++++ + tests/data/metadata/fence_rcd_serial.xml | 5 +++++ + tests/data/metadata/fence_redfish.xml | 5 +++++ + tests/data/metadata/fence_rhevm.xml | 5 +++++ + tests/data/metadata/fence_rsa.xml | 5 +++++ + tests/data/metadata/fence_rsb.xml | 5 +++++ + tests/data/metadata/fence_sanbox2.xml | 5 +++++ + tests/data/metadata/fence_sbd.xml | 5 +++++ + tests/data/metadata/fence_scsi.xml | 5 +++++ + tests/data/metadata/fence_skalar.xml | 5 +++++ + tests/data/metadata/fence_tripplite_snmp.xml | 5 +++++ + tests/data/metadata/fence_vbox.xml | 5 +++++ + tests/data/metadata/fence_virsh.xml | 5 +++++ + tests/data/metadata/fence_vmware.xml | 5 +++++ + tests/data/metadata/fence_vmware_rest.xml | 5 +++++ + tests/data/metadata/fence_vmware_soap.xml | 5 +++++ + tests/data/metadata/fence_vmware_vcloud.xml | 5 +++++ + tests/data/metadata/fence_wti.xml | 5 +++++ + tests/data/metadata/fence_xenapi.xml | 5 +++++ + tests/data/metadata/fence_zvmip.xml | 5 +++++ + 84 files changed, 416 insertions(+), 1 deletion(-) + +diff --git a/lib/fencing.py.py b/lib/fencing.py.py +index cf1c48e78..c5b5e94a1 100644 +--- a/lib/fencing.py.py ++++ b/lib/fencing.py.py +@@ -494,7 +494,7 @@ + "version", "action", "agent", "power_timeout", + "shell_timeout", "login_timeout", "disable_timeout", + "power_wait", "stonith_status_sleep", "retry_on", "delay", +- "quiet"], ++ "plug_separator", "quiet"], + "passwd" : ["passwd_script"], + "sudo" : ["sudo_path"], + "secure" : ["identity_file", "ssh_options", "ssh_path", "inet4_only", "inet6_only"], +diff --git a/tests/data/metadata/fence_aliyun.xml b/tests/data/metadata/fence_aliyun.xml +index 35112eb68..56d792048 100644 +--- a/tests/data/metadata/fence_aliyun.xml ++++ b/tests/data/metadata/fence_aliyun.xml +@@ -72,6 +72,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_alom.xml b/tests/data/metadata/fence_alom.xml +index 939b3a56e..6532ad6dd 100644 +--- a/tests/data/metadata/fence_alom.xml ++++ b/tests/data/metadata/fence_alom.xml +@@ -136,6 +136,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_amt.xml b/tests/data/metadata/fence_amt.xml +index 98b5ceeb4..809c2dfea 100644 +--- a/tests/data/metadata/fence_amt.xml ++++ b/tests/data/metadata/fence_amt.xml +@@ -106,6 +106,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + Path to amttool binary +diff --git a/tests/data/metadata/fence_amt_ws.xml b/tests/data/metadata/fence_amt_ws.xml +index af7c433f0..97a222526 100644 +--- a/tests/data/metadata/fence_amt_ws.xml ++++ b/tests/data/metadata/fence_amt_ws.xml +@@ -106,6 +106,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_apc.xml b/tests/data/metadata/fence_apc.xml +index da029bbb0..6081b1ff5 100644 +--- a/tests/data/metadata/fence_apc.xml ++++ b/tests/data/metadata/fence_apc.xml +@@ -141,6 +141,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_apc_snmp.xml b/tests/data/metadata/fence_apc_snmp.xml +index 5f5a33398..02efbb0b0 100644 +--- a/tests/data/metadata/fence_apc_snmp.xml ++++ b/tests/data/metadata/fence_apc_snmp.xml +@@ -147,6 +147,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_aws.xml b/tests/data/metadata/fence_aws.xml +index 682b9f0de..76995ecf2 100644 +--- a/tests/data/metadata/fence_aws.xml ++++ b/tests/data/metadata/fence_aws.xml +@@ -80,6 +80,11 @@ For instructions see: https://boto3.readthedocs.io/en/latest/guide/quickstart.ht + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_azure_arm.xml b/tests/data/metadata/fence_azure_arm.xml +index f7882fa23..c6e1f203b 100644 +--- a/tests/data/metadata/fence_azure_arm.xml ++++ b/tests/data/metadata/fence_azure_arm.xml +@@ -132,6 +132,11 @@ When using network fencing the reboot-action will cause a quick-return once the + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_bladecenter.xml b/tests/data/metadata/fence_bladecenter.xml +index 656d12b8b..3cc415355 100644 +--- a/tests/data/metadata/fence_bladecenter.xml ++++ b/tests/data/metadata/fence_bladecenter.xml +@@ -136,6 +136,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_brocade.xml b/tests/data/metadata/fence_brocade.xml +index e6265b68f..a78738d96 100644 +--- a/tests/data/metadata/fence_brocade.xml ++++ b/tests/data/metadata/fence_brocade.xml +@@ -136,6 +136,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_cdu.xml b/tests/data/metadata/fence_cdu.xml +index 7505b1bd9..ef87d795d 100644 +--- a/tests/data/metadata/fence_cdu.xml ++++ b/tests/data/metadata/fence_cdu.xml +@@ -102,6 +102,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_cisco_mds.xml b/tests/data/metadata/fence_cisco_mds.xml +index e2f5c5b6a..829c9dcbe 100644 +--- a/tests/data/metadata/fence_cisco_mds.xml ++++ b/tests/data/metadata/fence_cisco_mds.xml +@@ -146,6 +146,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_cisco_ucs.xml b/tests/data/metadata/fence_cisco_ucs.xml +index e232f33bc..76d15e9f4 100644 +--- a/tests/data/metadata/fence_cisco_ucs.xml ++++ b/tests/data/metadata/fence_cisco_ucs.xml +@@ -122,6 +122,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_compute.xml b/tests/data/metadata/fence_compute.xml +index 1b25910f5..f6aa1920b 100644 +--- a/tests/data/metadata/fence_compute.xml ++++ b/tests/data/metadata/fence_compute.xml +@@ -157,6 +157,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_crosslink.xml b/tests/data/metadata/fence_crosslink.xml +index 7f67337cd..1102b4e6b 100644 +--- a/tests/data/metadata/fence_crosslink.xml ++++ b/tests/data/metadata/fence_crosslink.xml +@@ -62,6 +62,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_docker.xml b/tests/data/metadata/fence_docker.xml +index 12725b95a..f685b1162 100644 +--- a/tests/data/metadata/fence_docker.xml ++++ b/tests/data/metadata/fence_docker.xml +@@ -110,6 +110,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_drac.xml b/tests/data/metadata/fence_drac.xml +index bb83f5860..a99126132 100644 +--- a/tests/data/metadata/fence_drac.xml ++++ b/tests/data/metadata/fence_drac.xml +@@ -107,6 +107,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_drac5.xml b/tests/data/metadata/fence_drac5.xml +index c539923c0..a0c73ebf8 100644 +--- a/tests/data/metadata/fence_drac5.xml ++++ b/tests/data/metadata/fence_drac5.xml +@@ -145,6 +145,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_dummy.xml b/tests/data/metadata/fence_dummy.xml +index a711d3869..0651f5ae0 100644 +--- a/tests/data/metadata/fence_dummy.xml ++++ b/tests/data/metadata/fence_dummy.xml +@@ -56,6 +56,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_eaton_snmp.xml b/tests/data/metadata/fence_eaton_snmp.xml +index b3e870b95..1d89b5272 100644 +--- a/tests/data/metadata/fence_eaton_snmp.xml ++++ b/tests/data/metadata/fence_eaton_snmp.xml +@@ -146,6 +146,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_emerson.xml b/tests/data/metadata/fence_emerson.xml +index b46ef8293..1ed792e2b 100644 +--- a/tests/data/metadata/fence_emerson.xml ++++ b/tests/data/metadata/fence_emerson.xml +@@ -146,6 +146,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_eps.xml b/tests/data/metadata/fence_eps.xml +index 6cf772895..a8cf8ad41 100644 +--- a/tests/data/metadata/fence_eps.xml ++++ b/tests/data/metadata/fence_eps.xml +@@ -109,6 +109,11 @@ Agent basically works by connecting to hidden page and pass appropriate argument + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_evacuate.xml b/tests/data/metadata/fence_evacuate.xml +index 10b84abca..df2181eb6 100644 +--- a/tests/data/metadata/fence_evacuate.xml ++++ b/tests/data/metadata/fence_evacuate.xml +@@ -152,6 +152,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_gce.xml b/tests/data/metadata/fence_gce.xml +index c7d400e10..2a89b16c2 100644 +--- a/tests/data/metadata/fence_gce.xml ++++ b/tests/data/metadata/fence_gce.xml +@@ -147,6 +147,11 @@ For instructions see: https://cloud.google.com/compute/docs/tutorials/python-gui + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_hds_cb.xml b/tests/data/metadata/fence_hds_cb.xml +index 90f4d2809..e25d889e3 100644 +--- a/tests/data/metadata/fence_hds_cb.xml ++++ b/tests/data/metadata/fence_hds_cb.xml +@@ -136,6 +136,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_heuristics_ping.xml b/tests/data/metadata/fence_heuristics_ping.xml +index 3832e3c9d..b10189b91 100644 +--- a/tests/data/metadata/fence_heuristics_ping.xml ++++ b/tests/data/metadata/fence_heuristics_ping.xml +@@ -82,6 +82,11 @@ This is not a fence agent by itself! Its only purpose is to enable/disable anoth + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_hpblade.xml b/tests/data/metadata/fence_hpblade.xml +index 6f190f3f3..0957fcdd4 100644 +--- a/tests/data/metadata/fence_hpblade.xml ++++ b/tests/data/metadata/fence_hpblade.xml +@@ -136,6 +136,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ibm_powervs.xml b/tests/data/metadata/fence_ibm_powervs.xml +index 326bc2378..79878a9a7 100644 +--- a/tests/data/metadata/fence_ibm_powervs.xml ++++ b/tests/data/metadata/fence_ibm_powervs.xml +@@ -87,6 +87,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ibm_vpc.xml b/tests/data/metadata/fence_ibm_vpc.xml +index c35bc4619..fe29ffb89 100644 +--- a/tests/data/metadata/fence_ibm_vpc.xml ++++ b/tests/data/metadata/fence_ibm_vpc.xml +@@ -76,6 +76,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ibmblade.xml b/tests/data/metadata/fence_ibmblade.xml +index 9598abf6f..3286ca6de 100644 +--- a/tests/data/metadata/fence_ibmblade.xml ++++ b/tests/data/metadata/fence_ibmblade.xml +@@ -146,6 +146,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ibmz.xml b/tests/data/metadata/fence_ibmz.xml +index 0671efc0e..ba74fa6fe 100644 +--- a/tests/data/metadata/fence_ibmz.xml ++++ b/tests/data/metadata/fence_ibmz.xml +@@ -132,6 +132,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_idrac.xml b/tests/data/metadata/fence_idrac.xml +index a38345629..2d4876493 100644 +--- a/tests/data/metadata/fence_idrac.xml ++++ b/tests/data/metadata/fence_idrac.xml +@@ -150,6 +150,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ifmib.xml b/tests/data/metadata/fence_ifmib.xml +index c9328797e..4b56e2335 100644 +--- a/tests/data/metadata/fence_ifmib.xml ++++ b/tests/data/metadata/fence_ifmib.xml +@@ -148,6 +148,11 @@ It was written with managed ethernet switches in mind, in order to fence iSCSI S + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ilo.xml b/tests/data/metadata/fence_ilo.xml +index 384b40dc6..0bac03c83 100644 +--- a/tests/data/metadata/fence_ilo.xml ++++ b/tests/data/metadata/fence_ilo.xml +@@ -133,6 +133,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ilo2.xml b/tests/data/metadata/fence_ilo2.xml +index 3c98719d9..3d954a345 100644 +--- a/tests/data/metadata/fence_ilo2.xml ++++ b/tests/data/metadata/fence_ilo2.xml +@@ -133,6 +133,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ilo3.xml b/tests/data/metadata/fence_ilo3.xml +index b0183ecee..0567b539c 100644 +--- a/tests/data/metadata/fence_ilo3.xml ++++ b/tests/data/metadata/fence_ilo3.xml +@@ -150,6 +150,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ilo3_ssh.xml b/tests/data/metadata/fence_ilo3_ssh.xml +index 1a9e56c50..e2a25661d 100644 +--- a/tests/data/metadata/fence_ilo3_ssh.xml ++++ b/tests/data/metadata/fence_ilo3_ssh.xml +@@ -149,6 +149,11 @@ WARNING: The monitor-action is prone to timeouts. Use the fence_ilo-equivalent t + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ilo4.xml b/tests/data/metadata/fence_ilo4.xml +index 22df71375..647bb1021 100644 +--- a/tests/data/metadata/fence_ilo4.xml ++++ b/tests/data/metadata/fence_ilo4.xml +@@ -150,6 +150,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ilo4_ssh.xml b/tests/data/metadata/fence_ilo4_ssh.xml +index 78aed1c4e..4fd6b2ef1 100644 +--- a/tests/data/metadata/fence_ilo4_ssh.xml ++++ b/tests/data/metadata/fence_ilo4_ssh.xml +@@ -149,6 +149,11 @@ WARNING: The monitor-action is prone to timeouts. Use the fence_ilo-equivalent t + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ilo5.xml b/tests/data/metadata/fence_ilo5.xml +index 2648c4bbc..6c99db22a 100644 +--- a/tests/data/metadata/fence_ilo5.xml ++++ b/tests/data/metadata/fence_ilo5.xml +@@ -150,6 +150,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ilo5_ssh.xml b/tests/data/metadata/fence_ilo5_ssh.xml +index d0d1096e8..036aec5c6 100644 +--- a/tests/data/metadata/fence_ilo5_ssh.xml ++++ b/tests/data/metadata/fence_ilo5_ssh.xml +@@ -149,6 +149,11 @@ WARNING: The monitor-action is prone to timeouts. Use the fence_ilo-equivalent t + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ilo_moonshot.xml b/tests/data/metadata/fence_ilo_moonshot.xml +index b38be58f3..c88c5922f 100644 +--- a/tests/data/metadata/fence_ilo_moonshot.xml ++++ b/tests/data/metadata/fence_ilo_moonshot.xml +@@ -136,6 +136,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ilo_mp.xml b/tests/data/metadata/fence_ilo_mp.xml +index ea0a8e69c..7d4fd22d5 100644 +--- a/tests/data/metadata/fence_ilo_mp.xml ++++ b/tests/data/metadata/fence_ilo_mp.xml +@@ -136,6 +136,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ilo_ssh.xml b/tests/data/metadata/fence_ilo_ssh.xml +index b8ffe3c6d..2e1cb84b2 100644 +--- a/tests/data/metadata/fence_ilo_ssh.xml ++++ b/tests/data/metadata/fence_ilo_ssh.xml +@@ -149,6 +149,11 @@ WARNING: The monitor-action is prone to timeouts. Use the fence_ilo-equivalent t + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_imm.xml b/tests/data/metadata/fence_imm.xml +index 5ed4e8c30..5c5bf910f 100644 +--- a/tests/data/metadata/fence_imm.xml ++++ b/tests/data/metadata/fence_imm.xml +@@ -150,6 +150,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_intelmodular.xml b/tests/data/metadata/fence_intelmodular.xml +index 03c7c55d8..5dad0d0bd 100644 +--- a/tests/data/metadata/fence_intelmodular.xml ++++ b/tests/data/metadata/fence_intelmodular.xml +@@ -148,6 +148,11 @@ Note: Since firmware update version 2.7, SNMP v2 write support is removed, and r + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ipdu.xml b/tests/data/metadata/fence_ipdu.xml +index d9a44dd0f..22024a7a1 100644 +--- a/tests/data/metadata/fence_ipdu.xml ++++ b/tests/data/metadata/fence_ipdu.xml +@@ -146,6 +146,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ipmilan.xml b/tests/data/metadata/fence_ipmilan.xml +index f8ede91cd..a31afcfd4 100644 +--- a/tests/data/metadata/fence_ipmilan.xml ++++ b/tests/data/metadata/fence_ipmilan.xml +@@ -150,6 +150,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ipmilanplus.xml b/tests/data/metadata/fence_ipmilanplus.xml +index 92f0cf8cf..19c252933 100644 +--- a/tests/data/metadata/fence_ipmilanplus.xml ++++ b/tests/data/metadata/fence_ipmilanplus.xml +@@ -150,6 +150,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ironic.xml b/tests/data/metadata/fence_ironic.xml +index 4da784826..813b03732 100644 +--- a/tests/data/metadata/fence_ironic.xml ++++ b/tests/data/metadata/fence_ironic.xml +@@ -102,6 +102,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_kubevirt.xml b/tests/data/metadata/fence_kubevirt.xml +index 66701099a..e6b42aa55 100644 +--- a/tests/data/metadata/fence_kubevirt.xml ++++ b/tests/data/metadata/fence_kubevirt.xml +@@ -72,6 +72,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ldom.xml b/tests/data/metadata/fence_ldom.xml +index 0c8c45e24..59facad6f 100644 +--- a/tests/data/metadata/fence_ldom.xml ++++ b/tests/data/metadata/fence_ldom.xml +@@ -138,6 +138,11 @@ Very useful parameter is -c (or cmd_prompt in stdin mode). This must be set to s + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_lindypdu.xml b/tests/data/metadata/fence_lindypdu.xml +index 2e1d5c760..56f81f4cb 100644 +--- a/tests/data/metadata/fence_lindypdu.xml ++++ b/tests/data/metadata/fence_lindypdu.xml +@@ -151,6 +151,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_lpar.xml b/tests/data/metadata/fence_lpar.xml +index e2adbc334..22f12dc23 100644 +--- a/tests/data/metadata/fence_lpar.xml ++++ b/tests/data/metadata/fence_lpar.xml +@@ -150,6 +150,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_mpath.xml b/tests/data/metadata/fence_mpath.xml +index d656013bb..e22d3a1f9 100644 +--- a/tests/data/metadata/fence_mpath.xml ++++ b/tests/data/metadata/fence_mpath.xml +@@ -75,6 +75,11 @@ When used as a watchdog device you can define e.g. retry=1, retry-sleep=2 and ve + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_netio.xml b/tests/data/metadata/fence_netio.xml +index 7d8a4c723..95f3cf34a 100644 +--- a/tests/data/metadata/fence_netio.xml ++++ b/tests/data/metadata/fence_netio.xml +@@ -97,6 +97,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_openstack.xml b/tests/data/metadata/fence_openstack.xml +index 2e5bd9ff4..0bf1a78e2 100644 +--- a/tests/data/metadata/fence_openstack.xml ++++ b/tests/data/metadata/fence_openstack.xml +@@ -152,6 +152,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_ovh.xml b/tests/data/metadata/fence_ovh.xml +index 5913e49ad..79d5eda94 100644 +--- a/tests/data/metadata/fence_ovh.xml ++++ b/tests/data/metadata/fence_ovh.xml +@@ -87,6 +87,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_powerman.xml b/tests/data/metadata/fence_powerman.xml +index eb2509452..10514fd3c 100644 +--- a/tests/data/metadata/fence_powerman.xml ++++ b/tests/data/metadata/fence_powerman.xml +@@ -67,6 +67,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_pve.xml b/tests/data/metadata/fence_pve.xml +index ec1405448..1ed3cda4f 100644 +--- a/tests/data/metadata/fence_pve.xml ++++ b/tests/data/metadata/fence_pve.xml +@@ -145,6 +145,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_raritan.xml b/tests/data/metadata/fence_raritan.xml +index 9983cc08c..5e387c784 100644 +--- a/tests/data/metadata/fence_raritan.xml ++++ b/tests/data/metadata/fence_raritan.xml +@@ -97,6 +97,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_rcd_serial.xml b/tests/data/metadata/fence_rcd_serial.xml +index 2d0a49d9f..c14d342f7 100644 +--- a/tests/data/metadata/fence_rcd_serial.xml ++++ b/tests/data/metadata/fence_rcd_serial.xml +@@ -55,6 +55,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_redfish.xml b/tests/data/metadata/fence_redfish.xml +index 5bdb32365..76a23af30 100644 +--- a/tests/data/metadata/fence_redfish.xml ++++ b/tests/data/metadata/fence_redfish.xml +@@ -132,6 +132,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_rhevm.xml b/tests/data/metadata/fence_rhevm.xml +index 372c1bbca..0b2239931 100644 +--- a/tests/data/metadata/fence_rhevm.xml ++++ b/tests/data/metadata/fence_rhevm.xml +@@ -140,6 +140,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_rsa.xml b/tests/data/metadata/fence_rsa.xml +index 6dfb0925c..284f9184d 100644 +--- a/tests/data/metadata/fence_rsa.xml ++++ b/tests/data/metadata/fence_rsa.xml +@@ -136,6 +136,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_rsb.xml b/tests/data/metadata/fence_rsb.xml +index 52978583c..e3d6e1096 100644 +--- a/tests/data/metadata/fence_rsb.xml ++++ b/tests/data/metadata/fence_rsb.xml +@@ -136,6 +136,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_sanbox2.xml b/tests/data/metadata/fence_sanbox2.xml +index 2fa3f295b..b29b8bb75 100644 +--- a/tests/data/metadata/fence_sanbox2.xml ++++ b/tests/data/metadata/fence_sanbox2.xml +@@ -107,6 +107,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_sbd.xml b/tests/data/metadata/fence_sbd.xml +index 7248b864a..d5600b7ce 100644 +--- a/tests/data/metadata/fence_sbd.xml ++++ b/tests/data/metadata/fence_sbd.xml +@@ -65,6 +65,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_scsi.xml b/tests/data/metadata/fence_scsi.xml +index 97c44cc21..4fa86189c 100644 +--- a/tests/data/metadata/fence_scsi.xml ++++ b/tests/data/metadata/fence_scsi.xml +@@ -90,6 +90,11 @@ When used as a watchdog device you can define e.g. retry=1, retry-sleep=2 and ve + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_skalar.xml b/tests/data/metadata/fence_skalar.xml +index 5e9f94264..84f3f4ea6 100644 +--- a/tests/data/metadata/fence_skalar.xml ++++ b/tests/data/metadata/fence_skalar.xml +@@ -122,6 +122,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_tripplite_snmp.xml b/tests/data/metadata/fence_tripplite_snmp.xml +index b767597c5..c5f66d56f 100644 +--- a/tests/data/metadata/fence_tripplite_snmp.xml ++++ b/tests/data/metadata/fence_tripplite_snmp.xml +@@ -147,6 +147,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_vbox.xml b/tests/data/metadata/fence_vbox.xml +index daf8ee98a..35577a6b6 100644 +--- a/tests/data/metadata/fence_vbox.xml ++++ b/tests/data/metadata/fence_vbox.xml +@@ -138,6 +138,11 @@ By default, vbox needs to log in as a user that is a member of the vboxusers gro + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_virsh.xml b/tests/data/metadata/fence_virsh.xml +index b9b4082fe..82fe9b6d1 100644 +--- a/tests/data/metadata/fence_virsh.xml ++++ b/tests/data/metadata/fence_virsh.xml +@@ -138,6 +138,11 @@ By default, virsh needs root account to do properly work. So you must allow ssh + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_vmware.xml b/tests/data/metadata/fence_vmware.xml +index 8d6eabc6f..a46ffdb0f 100644 +--- a/tests/data/metadata/fence_vmware.xml ++++ b/tests/data/metadata/fence_vmware.xml +@@ -149,6 +149,11 @@ After you have successfully installed VI Perl Toolkit or VIX API, you should be + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_vmware_rest.xml b/tests/data/metadata/fence_vmware_rest.xml +index e46c7a993..5c69c2f21 100644 +--- a/tests/data/metadata/fence_vmware_rest.xml ++++ b/tests/data/metadata/fence_vmware_rest.xml +@@ -128,6 +128,11 @@ NOTE: If there's more than 1000 VMs there is a filter parameter to work around t + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_vmware_soap.xml b/tests/data/metadata/fence_vmware_soap.xml +index 1327abac6..72b27e351 100644 +--- a/tests/data/metadata/fence_vmware_soap.xml ++++ b/tests/data/metadata/fence_vmware_soap.xml +@@ -119,6 +119,11 @@ Name of virtual machine (-n / port) has to be used in inventory path format (e.g + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_vmware_vcloud.xml b/tests/data/metadata/fence_vmware_vcloud.xml +index 85d970e0a..3c8bb74a3 100644 +--- a/tests/data/metadata/fence_vmware_vcloud.xml ++++ b/tests/data/metadata/fence_vmware_vcloud.xml +@@ -121,6 +121,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_wti.xml b/tests/data/metadata/fence_wti.xml +index 8e15f4852..b9eb9c6bc 100644 +--- a/tests/data/metadata/fence_wti.xml ++++ b/tests/data/metadata/fence_wti.xml +@@ -136,6 +136,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_xenapi.xml b/tests/data/metadata/fence_xenapi.xml +index 83c83fff0..380ac28da 100644 +--- a/tests/data/metadata/fence_xenapi.xml ++++ b/tests/data/metadata/fence_xenapi.xml +@@ -87,6 +87,11 @@ + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + +diff --git a/tests/data/metadata/fence_zvmip.xml b/tests/data/metadata/fence_zvmip.xml +index 192d1e76b..6996ab736 100644 +--- a/tests/data/metadata/fence_zvmip.xml ++++ b/tests/data/metadata/fence_zvmip.xml +@@ -150,6 +150,11 @@ to access the system's directory manager. + + Display help and exit + ++ ++ ++ ++ Separator for plug parameter when specifying more than 1 plug ++ + + + diff --git a/SOURCES/bz2160480-fence_scsi-fix-validate-all.patch b/SOURCES/bz2160480-fence_scsi-fix-validate-all.patch new file mode 100644 index 0000000..1aadca1 --- /dev/null +++ b/SOURCES/bz2160480-fence_scsi-fix-validate-all.patch @@ -0,0 +1,30 @@ +From a416a367a804f1e5abaf142c629fe6ab5572d3b6 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 12 Jan 2023 15:46:41 +0100 +Subject: [PATCH] fence_scsi: skip key generation during validate-all action + +--- + agents/scsi/fence_scsi.py | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py +index e33339614..f9e6823b2 100644 +--- a/agents/scsi/fence_scsi.py ++++ b/agents/scsi/fence_scsi.py +@@ -566,11 +566,12 @@ def main(): + or ("--key" in options and options["--key"])): + fail_usage("Failed: nodename or key is required", stop_after_error) + +- if not ("--key" in options and options["--key"]): +- options["--key"] = generate_key(options) ++ if options["--action"] != "validate-all": ++ if not ("--key" in options and options["--key"]): ++ options["--key"] = generate_key(options) + +- if options["--key"] == "0" or not options["--key"]: +- fail_usage("Failed: key cannot be 0", stop_after_error) ++ if options["--key"] == "0" or not options["--key"]: ++ fail_usage("Failed: key cannot be 0", stop_after_error) + + if "--key-value" in options\ + and (options["--key-value"] != "id" and options["--key-value"] != "hash"): diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec index 6dd1b0c..1cbfbaa 100644 --- a/SPECS/fence-agents.spec +++ b/SPECS/fence-agents.spec @@ -8,6 +8,9 @@ # bundles %global bundled_lib_dir bundled +# azure +%global oauthlib oauthlib +%global oauthlib_version 3.2.2 # kubevirt %global openshift openshift %global openshift_version 0.12.1 @@ -49,8 +52,6 @@ %global idna_version 3.3 %global reqstsoauthlib requests-oauthlib %global reqstsoauthlib_version 1.3.0 -%global oauthlib oauthlib -%global oauthlib_version 3.1.1 %global ruamelyaml ruamel.yaml %global ruamelyaml_version 0.17.16 %global setuptools setuptools @@ -59,7 +60,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 30%{?alphatag:.%{alphatag}}%{?dist}.1 +Release: 43%{?alphatag:.%{alphatag}}%{?dist} License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -115,7 +116,7 @@ Source1031: idna-2.10-py2.py3-none-any.whl Source1032: isodate-0.6.0-py2.py3-none-any.whl Source1033: msrest-0.6.21-py2.py3-none-any.whl Source1034: msrestazure-0.6.4-py2.py3-none-any.whl -Source1035: oauthlib-3.1.1-py2.py3-none-any.whl +Source1035: %{oauthlib}-%{oauthlib_version}.tar.gz Source1036: PyJWT-2.1.0-py3-none-any.whl Source1037: requests-2.25.1-py2.py3-none-any.whl Source1038: requests_oauthlib-1.3.0-py2.py3-none-any.whl @@ -179,16 +180,15 @@ Source1087: %{requests}-%{requests_version}.tar.gz Source1088: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz Source1089: %{idna}-%{idna_version}.tar.gz Source1090: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz -Source1091: %{oauthlib}-%{oauthlib_version}.tar.gz -Source1092: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz -Source1093: %{setuptools}-%{setuptools_version}.tar.gz +Source1091: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz +Source1092: %{setuptools}-%{setuptools_version}.tar.gz ## required for installation -Source1094: setuptools_scm-6.3.2.tar.gz -Source1095: packaging-21.2-py3-none-any.whl -Source1096: poetry-core-1.0.7.tar.gz -Source1097: pyparsing-3.0.1.tar.gz -Source1098: tomli-1.0.1.tar.gz -Source1099: wheel-0.37.0-py2.py3-none-any.whl +Source1093: setuptools_scm-6.3.2.tar.gz +Source1094: packaging-21.2-py3-none-any.whl +Source1095: poetry-core-1.0.7.tar.gz +Source1096: pyparsing-3.0.1.tar.gz +Source1097: tomli-1.0.1.tar.gz +Source1098: wheel-0.37.0-py2.py3-none-any.whl ### END Patch0: ha-cloud-support-aliyun.patch @@ -219,7 +219,18 @@ Patch24: bz2072420-2-fence_zvmip-connect-error.patch Patch25: bz2092385-fence_ibm_vpc-add-proxy-support.patch Patch26: bz2093216-fence_ibm_powervs-proxy-private-api-servers.patch Patch27: bz2041933-bz2041935-3-fencing-source_env-dont-process-empty-lines.patch -Patch28: bz2127878-fence_ibm_vpc-add-token-cache-support.patch +Patch28: bz2122944-1-fence_vmware_soap-set-timeout-cleanup-tmp-dirs.patch +Patch29: bz2122944-2-fence_vmware_soap-login-timeout-15s.patch +Patch30: bz2111998-fence_ibm_vpc-add-token-cache-support.patch +Patch31: bz2132008-fence_virt-add-note-reboot-action.patch +Patch32: bz2134015-fence_lpar-only-output-additional-info-on-debug.patch +Patch33: bz2136191-fence_ibm_powervs-improve-defaults.patch +Patch34: bz2138823-fence_virtd-update-manpage.patch +Patch35: bz2144531-fence_virtd-warn-files-not-mode-600.patch +Patch36: bz2149655-fence_virtd-update-fence_virt.conf-manpage.patch +Patch37: bz2160480-fence_scsi-fix-validate-all.patch +Patch38: bz2152107-fencing-1-add-plug_separator.patch +Patch39: bz2152107-fencing-2-update-DEPENDENCY_OPT.patch %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti %ifarch x86_64 @@ -359,6 +370,17 @@ BuildRequires: %{systemd_units} %patch26 -p1 %patch27 -p1 %patch28 -p1 +%patch29 -p1 +%patch30 -p1 +%patch31 -p1 +%patch32 -p1 +%patch33 -p1 +%patch34 -p1 +%patch35 -p1 +%patch36 -p1 +%patch37 -p1 +%patch38 -p1 +%patch39 -p1 # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -1425,11 +1447,59 @@ are located on corosync cluster nodes. %endif %changelog -* Mon Sep 19 2022 Oyvind Albrigtsen - 4.10.0-30.1 -- fence_ibm_vpc: add token cache support - Resolves: rhbz#2127878 +* Thu Jan 26 2023 Oyvind Albrigtsen - 4.10.0-43 +- fence_vmware_soap: set login_timeout lower than default + pcmk_monitor_timeout (20s) to remove tmp dirs + Resolves: rhbz#2122944 + +* Tue Jan 24 2023 Oyvind Albrigtsen - 4.10.0-42 +- fencing/fence_wti: add --plug-separator to be able to avoid + characters that are in node name(s) + Resolves: rhbz#2152107 + +* Fri Jan 13 2023 Oyvind Albrigtsen - 4.10.0-41 +- fence_scsi: skip key generation during validate-all action + Resolves: rhbz#2160480 + +* Fri Dec 2 2022 Oyvind Albrigtsen - 4.10.0-40 +- fence_virtd: add info about multiple uuid/ip entries to manpage + + Resolves: rhbz#2149655 + +* Tue Nov 22 2022 Oyvind Albrigtsen - 4.10.0-39 +- fence_virtd: warn if config or key file(s) are not mode 600 + + Resolves: rhbz#2144531 + +* Tue Nov 8 2022 Oyvind Albrigtsen - 4.10.0-37 +- Upgrade bundled python-oauthlib + Resolves: rhbz#2128564 + +* Mon Oct 31 2022 Oyvind Albrigtsen - 4.10.0-36 +- fence_virtd: add link to uri examples and uri w/socket path + example for when VMS are run as non-root user to manpage + Resolves: rhbz#2138823 + +* Tue Oct 25 2022 Oyvind Albrigtsen - 4.10.0-35 +- fence_ibm_powervs: improve defaults + Resolves: rhbz#2136191 + +* Wed Oct 12 2022 Oyvind Albrigtsen - 4.10.0-34 +- fence_lpar: only output additional output info on DEBUG level + Resolves: rhbz#2134015 + +* Wed Oct 5 2022 Oyvind Albrigtsen - 4.10.0-33 +- fence_virt: add note that reboot-action doesnt power on nodes that + are powered off + Resolves: rhbz#2132008 + +* Fri Sep 9 2022 Oyvind Albrigtsen - 4.10.0-32 - add azure-identity and dependencies - Resolves: rhbz#2127882 + Resolves: rhbz#2121546 + +* Tue Aug 16 2022 Oyvind Albrigtsen - 4.10.0-31 +- fence_ibm_vpc: add token cache support + Resolves: rhbz#2111998 * Tue Aug 16 2022 Oyvind Albrigtsen - 4.10.0-30 - fence_openstack: add support for reading config from clouds.yaml