diff --git a/SOURCES/bz1673468-fence_aws-improve-parameter-logic.patch b/SOURCES/bz1673468-fence_aws-improve-parameter-logic.patch new file mode 100644 index 0000000..5b01675 --- /dev/null +++ b/SOURCES/bz1673468-fence_aws-improve-parameter-logic.patch @@ -0,0 +1,48 @@ +From 1c2f791b6b2be13bcceaa096df52654164b1f6cb Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 5 Mar 2020 14:10:29 +0100 +Subject: [PATCH] fence_aws: improve connect parameter logic, so region can be + specified as parameter, while using role or keys from ~/.aws/config + +--- + agents/aws/fence_aws.py | 27 +++++++++------------------ + 1 file changed, 9 insertions(+), 18 deletions(-) + +diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py +index 74321e8e..4a4d9de2 100644 +--- a/agents/aws/fence_aws.py ++++ b/agents/aws/fence_aws.py +@@ -99,24 +99,15 @@ + + run_delay(options) + +- if "--region" in options and "--access-key" in options and "--secret-key" in options: +- region = options["--region"] +- access_key = options["--access-key"] +- secret_key = options["--secret-key"] +- try: +- conn = boto3.resource('ec2', region_name=region, +- aws_access_key_id=access_key, +- aws_secret_access_key=secret_key) +- except: +- fail_usage("Failed: Unable to connect to AWS. Check your configuration.") +- else: +- # If setup with "aws configure" or manually in +- # ~/.aws/credentials +- try: +- conn = boto3.resource('ec2') +- except: +- # If any of region/access/secret are missing +- fail_usage("Failed: Unable to connect to AWS. Check your configuration.") ++ region = options.get("--region") ++ access_key = options.get("--access-key") ++ secret_key = options.get("--secret-key") ++ try: ++ conn = boto3.resource('ec2', region_name=region, ++ aws_access_key_id=access_key, ++ aws_secret_access_key=secret_key) ++ except: ++ fail_usage("Failed: Unable to connect to AWS. Check your configuration.") + + # Operate the fencing device + result = fence_action(conn, options, set_power_status, get_power_status, get_nodes_list) diff --git a/SOURCES/bz1722004-1-fencing-inetX_only-SSH-fence_zvmip.patch b/SOURCES/bz1722004-1-fencing-inetX_only-SSH-fence_zvmip.patch new file mode 100644 index 0000000..6ee722d --- /dev/null +++ b/SOURCES/bz1722004-1-fencing-inetX_only-SSH-fence_zvmip.patch @@ -0,0 +1,756 @@ +From cecf3b3edeccbac6293b95073b0c0ad4f02a8652 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 12 Nov 2019 17:25:57 +0100 +Subject: [PATCH] fencing: only use inetX_only parameters for SSH based agents + and fence_zvmip, and fixed syntax issue for Gawk v5+ + +--- + agents/zvm/fence_zvmip.py | 2 +- + lib/fencing.py.py | 4 ++-- + make/agentpycheck.mk | 2 +- + tests/data/metadata/fence_amt.xml | 10 ---------- + tests/data/metadata/fence_amt_ws.xml | 10 ---------- + tests/data/metadata/fence_apc_snmp.xml | 10 ---------- + tests/data/metadata/fence_cisco_mds.xml | 10 ---------- + tests/data/metadata/fence_cisco_ucs.xml | 10 ---------- + tests/data/metadata/fence_docker.xml | 10 ---------- + tests/data/metadata/fence_drac.xml | 10 ---------- + tests/data/metadata/fence_eaton_snmp.xml | 10 ---------- + tests/data/metadata/fence_emerson.xml | 10 ---------- + tests/data/metadata/fence_eps.xml | 10 ---------- + tests/data/metadata/fence_ibmblade.xml | 10 ---------- + tests/data/metadata/fence_idrac.xml | 10 ---------- + tests/data/metadata/fence_ifmib.xml | 10 ---------- + tests/data/metadata/fence_ilo.xml | 10 ---------- + tests/data/metadata/fence_ilo2.xml | 10 ---------- + tests/data/metadata/fence_ilo3.xml | 10 ---------- + tests/data/metadata/fence_ilo4.xml | 10 ---------- + tests/data/metadata/fence_imm.xml | 10 ---------- + tests/data/metadata/fence_intelmodular.xml | 10 ---------- + tests/data/metadata/fence_ipdu.xml | 10 ---------- + tests/data/metadata/fence_ipmilan.xml | 10 ---------- + tests/data/metadata/fence_netio.xml | 10 ---------- + tests/data/metadata/fence_powerman.xml | 10 ---------- + tests/data/metadata/fence_pve.xml | 10 ---------- + tests/data/metadata/fence_raritan.xml | 10 ---------- + tests/data/metadata/fence_redfish.xml | 10 ---------- + tests/data/metadata/fence_rhevm.xml | 10 ---------- + tests/data/metadata/fence_sanbox2.xml | 10 ---------- + tests/data/metadata/fence_tripplite_snmp.xml | 10 ---------- + tests/data/metadata/fence_vmware_rest.xml | 10 ---------- + tests/data/metadata/fence_vmware_soap.xml | 10 ---------- + tests/data/metadata/fence_vmware_vcloud.xml | 10 ---------- + 36 files changed, 4 insertions(+), 334 deletions(-) + +diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py +index e6bb01d1..5b272bb9 100644 +--- a/agents/zvm/fence_zvmip.py ++++ b/agents/zvm/fence_zvmip.py +@@ -146,7 +146,7 @@ def get_list_of_images(options, command, data_as_plug): + return (return_code, reason_code, images) + + def main(): +- device_opt = ["ipaddr", "login", "passwd", "port", "method", "missing_as_off"] ++ device_opt = ["ipaddr", "login", "passwd", "port", "method", "missing_as_off", "inet4_only", "inet6_only"] + + atexit.register(atexit_handler) + +diff --git a/lib/fencing.py.py b/lib/fencing.py.py +index 2a0b0b91..4b54aa7c 100644 +--- a/lib/fencing.py.py ++++ b/lib/fencing.py.py +@@ -459,9 +459,9 @@ + "delay", "quiet"], + "passwd" : ["passwd_script"], + "sudo" : ["sudo_path"], +- "secure" : ["identity_file", "ssh_options", "ssh_path"], ++ "secure" : ["identity_file", "ssh_options", "ssh_path", "inet4_only", "inet6_only"], + "telnet" : ["telnet_path"], +- "ipaddr" : ["ipport", "inet4_only", "inet6_only"], ++ "ipaddr" : ["ipport"], + "port" : ["separator"], + "ssl" : ["ssl_secure", "ssl_insecure", "gnutlscli_path"], + "snmp" : ["snmp_auth_prot", "snmp_sec_level", "snmp_priv_prot", \ +diff --git a/make/agentpycheck.mk b/make/agentpycheck.mk +index 58122c65..13482bf2 100644 +--- a/make/agentpycheck.mk ++++ b/make/agentpycheck.mk +@@ -1,5 +1,5 @@ + DATADIR:=$(abs_top_srcdir)/tests/data/metadata +-AWK_VAL='BEGIN {store=-1} /name=\".*_path\"/ {store=2} {if (store!=0) {print}; store--}' ++AWK_VAL='BEGIN {store=-1} /name=".*_path"/ {store=2} {if (store!=0) {print}; store--}' + + TEST_TARGET=$(filter-out $(TEST_TARGET_SKIP),$(TARGET)) + +diff --git a/tests/data/metadata/fence_amt.xml b/tests/data/metadata/fence_amt.xml +index c1e24db9..5f0adc98 100644 +--- a/tests/data/metadata/fence_amt.xml ++++ b/tests/data/metadata/fence_amt.xml +@@ -19,16 +19,6 @@ + + Change the default boot behavior of the machine. + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_amt_ws.xml b/tests/data/metadata/fence_amt_ws.xml +index 07c22db3..86f36f6c 100644 +--- a/tests/data/metadata/fence_amt_ws.xml ++++ b/tests/data/metadata/fence_amt_ws.xml +@@ -19,16 +19,6 @@ + + Change the default boot behavior of the machine. + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_apc_snmp.xml b/tests/data/metadata/fence_apc_snmp.xml +index 26661d6a..7f1c616c 100644 +--- a/tests/data/metadata/fence_apc_snmp.xml ++++ b/tests/data/metadata/fence_apc_snmp.xml +@@ -14,16 +14,6 @@ + + Set the community string + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_cisco_mds.xml b/tests/data/metadata/fence_cisco_mds.xml +index 1917595e..15d7798c 100644 +--- a/tests/data/metadata/fence_cisco_mds.xml ++++ b/tests/data/metadata/fence_cisco_mds.xml +@@ -13,16 +13,6 @@ + + Set the community string + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_cisco_ucs.xml b/tests/data/metadata/fence_cisco_ucs.xml +index 40581da7..848e72f8 100644 +--- a/tests/data/metadata/fence_cisco_ucs.xml ++++ b/tests/data/metadata/fence_cisco_ucs.xml +@@ -8,16 +8,6 @@ + + Fencing action + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_docker.xml b/tests/data/metadata/fence_docker.xml +index fdd6324c..3285314c 100644 +--- a/tests/data/metadata/fence_docker.xml ++++ b/tests/data/metadata/fence_docker.xml +@@ -8,16 +8,6 @@ + + Fencing action + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_drac.xml b/tests/data/metadata/fence_drac.xml +index 405d660a..2184ee0c 100644 +--- a/tests/data/metadata/fence_drac.xml ++++ b/tests/data/metadata/fence_drac.xml +@@ -18,16 +18,6 @@ + + Force Python regex for command prompt + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_eaton_snmp.xml b/tests/data/metadata/fence_eaton_snmp.xml +index 33957ed1..3dd92dd2 100644 +--- a/tests/data/metadata/fence_eaton_snmp.xml ++++ b/tests/data/metadata/fence_eaton_snmp.xml +@@ -13,16 +13,6 @@ + + Set the community string + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_emerson.xml b/tests/data/metadata/fence_emerson.xml +index 87205c1b..f6886469 100644 +--- a/tests/data/metadata/fence_emerson.xml ++++ b/tests/data/metadata/fence_emerson.xml +@@ -13,16 +13,6 @@ + + Set the community string + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_eps.xml b/tests/data/metadata/fence_eps.xml +index 68d8fb69..26e75477 100644 +--- a/tests/data/metadata/fence_eps.xml ++++ b/tests/data/metadata/fence_eps.xml +@@ -15,16 +15,6 @@ Agent basically works by connecting to hidden page and pass appropriate argument + + Name of hidden page + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_ibmblade.xml b/tests/data/metadata/fence_ibmblade.xml +index eff551f6..5084b3a0 100644 +--- a/tests/data/metadata/fence_ibmblade.xml ++++ b/tests/data/metadata/fence_ibmblade.xml +@@ -13,16 +13,6 @@ + + Set the community string + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_idrac.xml b/tests/data/metadata/fence_idrac.xml +index f4588b35..55d9ced3 100644 +--- a/tests/data/metadata/fence_idrac.xml ++++ b/tests/data/metadata/fence_idrac.xml +@@ -32,16 +32,6 @@ + + Hexadecimal-encoded Kg key for IPMIv2 authentication + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_ifmib.xml b/tests/data/metadata/fence_ifmib.xml +index b5f3b1d4..c07a6e1f 100644 +--- a/tests/data/metadata/fence_ifmib.xml ++++ b/tests/data/metadata/fence_ifmib.xml +@@ -15,16 +15,6 @@ It was written with managed ethernet switches in mind, in order to fence iSCSI S + + Set the community string + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_ilo.xml b/tests/data/metadata/fence_ilo.xml +index eb2e7a72..44b3c43a 100644 +--- a/tests/data/metadata/fence_ilo.xml ++++ b/tests/data/metadata/fence_ilo.xml +@@ -9,16 +9,6 @@ + + Fencing action + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_ilo2.xml b/tests/data/metadata/fence_ilo2.xml +index b14aa2fb..e9cae6d2 100644 +--- a/tests/data/metadata/fence_ilo2.xml ++++ b/tests/data/metadata/fence_ilo2.xml +@@ -9,16 +9,6 @@ + + Fencing action + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_ilo3.xml b/tests/data/metadata/fence_ilo3.xml +index deaeaaf0..2a99e0a4 100644 +--- a/tests/data/metadata/fence_ilo3.xml ++++ b/tests/data/metadata/fence_ilo3.xml +@@ -32,16 +32,6 @@ + + Hexadecimal-encoded Kg key for IPMIv2 authentication + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_ilo4.xml b/tests/data/metadata/fence_ilo4.xml +index bbf0833b..68790266 100644 +--- a/tests/data/metadata/fence_ilo4.xml ++++ b/tests/data/metadata/fence_ilo4.xml +@@ -32,16 +32,6 @@ + + Hexadecimal-encoded Kg key for IPMIv2 authentication + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_imm.xml b/tests/data/metadata/fence_imm.xml +index 22cb54e7..e22e4723 100644 +--- a/tests/data/metadata/fence_imm.xml ++++ b/tests/data/metadata/fence_imm.xml +@@ -32,16 +32,6 @@ + + Hexadecimal-encoded Kg key for IPMIv2 authentication + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_intelmodular.xml b/tests/data/metadata/fence_intelmodular.xml +index 4f2e8c49..5e0d3b19 100644 +--- a/tests/data/metadata/fence_intelmodular.xml ++++ b/tests/data/metadata/fence_intelmodular.xml +@@ -15,16 +15,6 @@ Note: Since firmware update version 2.7, SNMP v2 write support is removed, and r + + Set the community string + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_ipdu.xml b/tests/data/metadata/fence_ipdu.xml +index 0b615852..546e372c 100644 +--- a/tests/data/metadata/fence_ipdu.xml ++++ b/tests/data/metadata/fence_ipdu.xml +@@ -13,16 +13,6 @@ + + Set the community string + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_ipmilan.xml b/tests/data/metadata/fence_ipmilan.xml +index b9ce66f8..3e13d288 100644 +--- a/tests/data/metadata/fence_ipmilan.xml ++++ b/tests/data/metadata/fence_ipmilan.xml +@@ -32,16 +32,6 @@ + + Hexadecimal-encoded Kg key for IPMIv2 authentication + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_netio.xml b/tests/data/metadata/fence_netio.xml +index e6350ed4..79d27af3 100644 +--- a/tests/data/metadata/fence_netio.xml ++++ b/tests/data/metadata/fence_netio.xml +@@ -8,16 +8,6 @@ + + Fencing action + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_powerman.xml b/tests/data/metadata/fence_powerman.xml +index f0499d86..ce72e002 100644 +--- a/tests/data/metadata/fence_powerman.xml ++++ b/tests/data/metadata/fence_powerman.xml +@@ -8,16 +8,6 @@ + + Fencing action + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_pve.xml b/tests/data/metadata/fence_pve.xml +index b727a7e8..5d744903 100644 +--- a/tests/data/metadata/fence_pve.xml ++++ b/tests/data/metadata/fence_pve.xml +@@ -8,16 +8,6 @@ + + Fencing action + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_raritan.xml b/tests/data/metadata/fence_raritan.xml +index c75783fd..565eebc7 100644 +--- a/tests/data/metadata/fence_raritan.xml ++++ b/tests/data/metadata/fence_raritan.xml +@@ -8,16 +8,6 @@ + + Fencing action + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_redfish.xml b/tests/data/metadata/fence_redfish.xml +index e1c18584..91b483b7 100644 +--- a/tests/data/metadata/fence_redfish.xml ++++ b/tests/data/metadata/fence_redfish.xml +@@ -8,16 +8,6 @@ + + Fencing action + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_rhevm.xml b/tests/data/metadata/fence_rhevm.xml +index 2b6b02b2..73c9906f 100644 +--- a/tests/data/metadata/fence_rhevm.xml ++++ b/tests/data/metadata/fence_rhevm.xml +@@ -8,16 +8,6 @@ + + Fencing action + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_sanbox2.xml b/tests/data/metadata/fence_sanbox2.xml +index 9832841e..7e20c8ce 100644 +--- a/tests/data/metadata/fence_sanbox2.xml ++++ b/tests/data/metadata/fence_sanbox2.xml +@@ -18,16 +18,6 @@ + + Force Python regex for command prompt + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_tripplite_snmp.xml b/tests/data/metadata/fence_tripplite_snmp.xml +index 22d3db5d..d3769133 100644 +--- a/tests/data/metadata/fence_tripplite_snmp.xml ++++ b/tests/data/metadata/fence_tripplite_snmp.xml +@@ -14,16 +14,6 @@ + + Set the community string + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_vmware_rest.xml b/tests/data/metadata/fence_vmware_rest.xml +index 1e1f790f..5b497a6a 100644 +--- a/tests/data/metadata/fence_vmware_rest.xml ++++ b/tests/data/metadata/fence_vmware_rest.xml +@@ -8,16 +8,6 @@ + + Fencing action + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_vmware_soap.xml b/tests/data/metadata/fence_vmware_soap.xml +index 46d29116..da6a1002 100644 +--- a/tests/data/metadata/fence_vmware_soap.xml ++++ b/tests/data/metadata/fence_vmware_soap.xml +@@ -10,16 +10,6 @@ Name of virtual machine (-n / port) has to be used in inventory path format (e.g + + Fencing action + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + +diff --git a/tests/data/metadata/fence_vmware_vcloud.xml b/tests/data/metadata/fence_vmware_vcloud.xml +index 69269a2d..505eaf2b 100644 +--- a/tests/data/metadata/fence_vmware_vcloud.xml ++++ b/tests/data/metadata/fence_vmware_vcloud.xml +@@ -8,16 +8,6 @@ + + Fencing action + +- +- +- +- Forces agent to use IPv4 addresses only +- +- +- +- +- Forces agent to use IPv6 addresses only +- + + + diff --git a/SOURCES/bz1722004-2-fence_redfish-fence_vmware_soap-suppress-warning.patch b/SOURCES/bz1722004-2-fence_redfish-fence_vmware_soap-suppress-warning.patch new file mode 100644 index 0000000..889c6f9 --- /dev/null +++ b/SOURCES/bz1722004-2-fence_redfish-fence_vmware_soap-suppress-warning.patch @@ -0,0 +1,51 @@ +From 559771f2c5a638f7e14ec9c0ef1068c86ee9d40e Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 26 Nov 2019 14:09:14 +0100 +Subject: [PATCH] fence_redfish/fence_vmware_soap: suppress warnings correctly + with new python-requests + +python-requests doesnt suppress warnings anymore, so it needs to be done in urllib3: https://stackoverflow.com/questions/27981545/suppress-insecurerequestwarning-unverified-https-request-is-being-made-in-pytho/28002687#28002687 +--- + agents/redfish/fence_redfish.py | 4 ++-- + agents/vmware_soap/fence_vmware_soap.py | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/agents/redfish/fence_redfish.py b/agents/redfish/fence_redfish.py +index 390a4827..c7c6492c 100644 +--- a/agents/redfish/fence_redfish.py ++++ b/agents/redfish/fence_redfish.py +@@ -12,7 +12,6 @@ + import atexit + sys.path.append("@FENCEAGENTSLIBDIR@") + +-from requests.packages.urllib3.exceptions import InsecureRequestWarning + from fencing import * + from fencing import fail_usage, run_delay + +@@ -143,7 +142,8 @@ def main(): + + # Disable insecure-certificate-warning message + if "--ssl-insecure" in opt: +- requests.packages.urllib3.disable_warnings(InsecureRequestWarning) ++ import urllib3 ++ urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + # backwards compatibility for : + if options["--ip"].count(":") == 1: +diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py +index dd1a4ed6..53e8d8f4 100644 +--- a/agents/vmware_soap/fence_vmware_soap.py ++++ b/agents/vmware_soap/fence_vmware_soap.py +@@ -37,10 +37,10 @@ def soap_login(options): + if "--ssl" in options or "--ssl-secure" in options or "--ssl-insecure" in options: + if "--ssl-insecure" in options: + import ssl +- from requests.packages.urllib3.exceptions import InsecureRequestWarning ++ import urllib3 + if hasattr(ssl, '_create_unverified_context'): + ssl._create_default_https_context = ssl._create_unverified_context +- requests.packages.urllib3.disable_warnings(InsecureRequestWarning) ++ urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + verify = False + else: + verify = True diff --git a/SOURCES/bz1760203-fence_compute-fence_evacuate-1-fix-region_name-type.patch b/SOURCES/bz1760203-fence_compute-fence_evacuate-1-fix-region_name-type.patch new file mode 100644 index 0000000..2d8ba1c --- /dev/null +++ b/SOURCES/bz1760203-fence_compute-fence_evacuate-1-fix-region_name-type.patch @@ -0,0 +1,66 @@ +From 32d2aa2cea22bb38fc3eeded1f6682daad097908 Mon Sep 17 00:00:00 2001 +From: Gauvain Pocentek +Date: Tue, 13 Aug 2019 20:11:21 +0200 +Subject: [PATCH] Fix argument parsing for region_name + +The region_name attribute for fence_compute and fence_evacuate is not a boolean +and should expect a string argument. +--- + agents/compute/fence_compute.py | 2 +- + agents/evacuate/fence_evacuate.py | 2 +- + tests/data/metadata/fence_compute.xml | 2 +- + tests/data/metadata/fence_evacuate.xml | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/agents/compute/fence_compute.py b/agents/compute/fence_compute.py +index 0e6c8044..a94bdc46 100644 +--- a/agents/compute/fence_compute.py ++++ b/agents/compute/fence_compute.py +@@ -381,7 +381,7 @@ def define_new_opts(): + "order": 1, + } + all_opt["region_name"] = { +- "getopt" : "", ++ "getopt" : ":", + "longopt" : "region-name", + "help" : "--region-name=[region] Region Name", + "required" : "0", +diff --git a/agents/evacuate/fence_evacuate.py b/agents/evacuate/fence_evacuate.py +index 2b9af273..76e78b87 100644 +--- a/agents/evacuate/fence_evacuate.py ++++ b/agents/evacuate/fence_evacuate.py +@@ -318,7 +318,7 @@ def define_new_opts(): + "order": 1, + } + all_opt["region_name"] = { +- "getopt" : "", ++ "getopt" : ":", + "longopt" : "region-name", + "help" : "--region-name=[region] Region Name", + "required" : "0", +diff --git a/tests/data/metadata/fence_compute.xml b/tests/data/metadata/fence_compute.xml +index 1dcbfc54..abc276ca 100644 +--- a/tests/data/metadata/fence_compute.xml ++++ b/tests/data/metadata/fence_compute.xml +@@ -55,7 +55,7 @@ + + + +- ++ + Region Name + + +diff --git a/tests/data/metadata/fence_evacuate.xml b/tests/data/metadata/fence_evacuate.xml +index 4f1f6a58..7decb05c 100644 +--- a/tests/data/metadata/fence_evacuate.xml ++++ b/tests/data/metadata/fence_evacuate.xml +@@ -55,7 +55,7 @@ + + + +- ++ + Region Name + + diff --git a/SOURCES/bz1760203-fence_compute-fence_evacuate-2-fix-project-shortopt.patch b/SOURCES/bz1760203-fence_compute-fence_evacuate-2-fix-project-shortopt.patch new file mode 100644 index 0000000..1458956 --- /dev/null +++ b/SOURCES/bz1760203-fence_compute-fence_evacuate-2-fix-project-shortopt.patch @@ -0,0 +1,77 @@ +From 708d0a8e4e45d4f4a6bee67f0a9ebc0ff573e1ff Mon Sep 17 00:00:00 2001 +From: Kumabuchi Kenji +Date: Fri, 25 Oct 2019 16:34:40 +0900 +Subject: [PATCH] fix shortopt in fence-compute / fence_evacuate help messages + +Signed-off-by: Kumabuchi Kenji +--- + agents/compute/fence_compute.py | 2 +- + agents/evacuate/fence_evacuate.py | 2 +- + tests/data/metadata/fence_compute.xml | 4 ++-- + tests/data/metadata/fence_evacuate.xml | 4 ++-- + 4 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/agents/compute/fence_compute.py b/agents/compute/fence_compute.py +index c08a9dbe..d0e012e6 100644 +--- a/agents/compute/fence_compute.py ++++ b/agents/compute/fence_compute.py +@@ -365,7 +365,7 @@ def define_new_opts(): + all_opt["project-domain"] = { + "getopt" : "P:", + "longopt" : "project-domain", +- "help" : "-d, --project-domain=[name] Keystone v3 Project Domain", ++ "help" : "-P, --project-domain=[name] Keystone v3 Project Domain", + "required" : "0", + "shortdesc" : "Keystone v3 Project Domain", + "default" : "Default", +diff --git a/agents/evacuate/fence_evacuate.py b/agents/evacuate/fence_evacuate.py +index 76e78b87..60bb130e 100644 +--- a/agents/evacuate/fence_evacuate.py ++++ b/agents/evacuate/fence_evacuate.py +@@ -302,7 +302,7 @@ def define_new_opts(): + all_opt["project-domain"] = { + "getopt" : "P:", + "longopt" : "project-domain", +- "help" : "-d, --project-domain=[name] Keystone v3 Project Domain", ++ "help" : "-P, --project-domain=[name] Keystone v3 Project Domain", + "required" : "0", + "shortdesc" : "Keystone v3 Project Domain", + "default" : "Default", +diff --git a/tests/data/metadata/fence_compute.xml b/tests/data/metadata/fence_compute.xml +index abc276ca..99d56af0 100644 +--- a/tests/data/metadata/fence_compute.xml ++++ b/tests/data/metadata/fence_compute.xml +@@ -74,12 +74,12 @@ + Allow Insecure TLS Requests + + +- ++ + + Keystone v3 Project Domain + + +- ++ + + Keystone v3 Project Domain + +diff --git a/tests/data/metadata/fence_evacuate.xml b/tests/data/metadata/fence_evacuate.xml +index 7decb05c..8c720b80 100644 +--- a/tests/data/metadata/fence_evacuate.xml ++++ b/tests/data/metadata/fence_evacuate.xml +@@ -74,12 +74,12 @@ + Allow Insecure TLS Requests + + +- ++ + + Keystone v3 Project Domain + + +- ++ + + Keystone v3 Project Domain + diff --git a/SOURCES/bz1763675-fence_rhevm-add-cookie-support.patch b/SOURCES/bz1763675-fence_rhevm-add-cookie-support.patch new file mode 100644 index 0000000..d4f7be9 --- /dev/null +++ b/SOURCES/bz1763675-fence_rhevm-add-cookie-support.patch @@ -0,0 +1,109 @@ +From b885e0f65af626154096a49554e9765e18bfbbd9 Mon Sep 17 00:00:00 2001 +From: Frank Toth +Date: Wed, 16 Oct 2019 13:58:50 +0800 +Subject: [PATCH 1/3] Added cookie file management to properly reuse session + and do not create new one every time. + +--- + agents/rhevm/fence_rhevm.py | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/agents/rhevm/fence_rhevm.py b/agents/rhevm/fence_rhevm.py +index 9e4650cd..defa35e6 100644 +--- a/agents/rhevm/fence_rhevm.py ++++ b/agents/rhevm/fence_rhevm.py +@@ -117,7 +117,12 @@ def send_command(opt, command, method="GET"): + conn.setopt(pycurl.HTTPAUTH, pycurl.HTTPAUTH_BASIC) + conn.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"]) + if "--use-cookies" in opt: +- conn.setopt(pycurl.COOKIEFILE, "") ++ if "--cookie-file" in opt: ++ cookie_file = opt["--cookie-file"] ++ else: ++ cookie_file = "/tmp/fence_rhevm_" + opt["--ip"] + "_" + opt["--username"] + "_cookie.dat" ++ conn.setopt(pycurl.COOKIEFILE, cookie_file) ++ conn.setopt(pycurl.COOKIEJAR, cookie_file) + + conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"])) + if "--ssl" in opt or "--ssl-secure" in opt: +@@ -166,6 +171,14 @@ def define_new_opts(): + "required" : "0", + "shortdesc" : "Reuse cookies for authentication", + "order" : 1} ++ all_opt["cookie_file"] = { ++ "getopt" : ":", ++ "longopt" : "cookie-file", ++ "help" : "--cookie-file Path to cookie file for authentication\n" ++ "\t\t\t\t (Default: /tmp/fence_rhevm_ip_username_cookie.dat)", ++ "required" : "0", ++ "shortdesc" : "Path to cookie file for authentication", ++ "order" : 2} + all_opt["api_version"] = { + "getopt" : ":", + "longopt" : "api-version", + +From 874344acbfee5f774b320e384a46e1ce953a34ce Mon Sep 17 00:00:00 2001 +From: Frank Toth +Date: Wed, 16 Oct 2019 23:41:50 +0800 +Subject: [PATCH 2/3] Added cookie_file to device_opt array. Use + tempfile.gettempdir() to get the TMP dir instead of hardcoded /tmp + +--- + agents/rhevm/fence_rhevm.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/agents/rhevm/fence_rhevm.py b/agents/rhevm/fence_rhevm.py +index defa35e6..25aecbe5 100644 +--- a/agents/rhevm/fence_rhevm.py ++++ b/agents/rhevm/fence_rhevm.py +@@ -4,6 +4,7 @@ + import pycurl, io + import logging + import atexit ++import tempfile + sys.path.append("@FENCEAGENTSLIBDIR@") + from fencing import * + from fencing import fail, EC_FETCH_VM_UUID, run_delay +@@ -120,7 +121,7 @@ def send_command(opt, command, method="GET"): + if "--cookie-file" in opt: + cookie_file = opt["--cookie-file"] + else: +- cookie_file = "/tmp/fence_rhevm_" + opt["--ip"] + "_" + opt["--username"] + "_cookie.dat" ++ cookie_file = tempfile.gettempdir() + "/fence_rhevm_" + opt["--ip"] + "_" + opt["--username"] + "_cookie.dat" + conn.setopt(pycurl.COOKIEFILE, cookie_file) + conn.setopt(pycurl.COOKIEJAR, cookie_file) + +@@ -215,6 +216,7 @@ def main(): + "web", + "port", + "use_cookies", ++ "cookie_file", + "api_version", + "api_path", + "disable_http_filter", + +From 196513cfc0edfd28f483a00b4adfa230b666a47d Mon Sep 17 00:00:00 2001 +From: Frank Toth +Date: Fri, 18 Oct 2019 05:16:18 +0200 +Subject: [PATCH 3/3] After 'make xml-upload' + +--- + tests/data/metadata/fence_rhevm.xml | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/tests/data/metadata/fence_rhevm.xml b/tests/data/metadata/fence_rhevm.xml +index c56cf64b..2b6b02b2 100644 +--- a/tests/data/metadata/fence_rhevm.xml ++++ b/tests/data/metadata/fence_rhevm.xml +@@ -103,6 +103,11 @@ + + Version of RHEV API (default: auto) + ++ ++ ++ ++ Path to cookie file for authentication ++ + + + The path part of the API URL diff --git a/SOURCES/bz1769784-fencing-improve-stdin-quote-parsing.patch b/SOURCES/bz1769784-fencing-improve-stdin-quote-parsing.patch new file mode 100644 index 0000000..adf0754 --- /dev/null +++ b/SOURCES/bz1769784-fencing-improve-stdin-quote-parsing.patch @@ -0,0 +1,23 @@ +From 82626dbdb12519e95a5df70ae6ae21bc17112f43 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Wed, 13 Feb 2019 13:28:25 +0100 +Subject: [PATCH] fencing: improve stdin parse function + +- Remove quotes around stdin parameters for consistency with CLI +parameters and to be able to quote number and time parameters +--- + lib/fencing.py.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/fencing.py.py b/lib/fencing.py.py +index 287cd01f..8cd0a813 100644 +--- a/lib/fencing.py.py ++++ b/lib/fencing.py.py +@@ -1389,6 +1389,7 @@ def _parse_input_stdin(avail_opt): + + (name, value) = (line + "=").split("=", 1) + value = value[:-1] ++ value = re.sub("^\"(.*)\"$", "\\1", value) + + if name.replace("-", "_") in mapping_longopt_names: + name = mapping_longopt_names[name.replace("-", "_")] diff --git a/SOURCES/bz1793738-fence_vmware_rest-fix-encoding.patch b/SOURCES/bz1793738-fence_vmware_rest-fix-encoding.patch new file mode 100644 index 0000000..c215ab1 --- /dev/null +++ b/SOURCES/bz1793738-fence_vmware_rest-fix-encoding.patch @@ -0,0 +1,23 @@ +From 06cba4aa30322f410b0b2fec5785be39d0953433 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Wed, 12 Feb 2020 14:21:54 +0100 +Subject: [PATCH] fence_vmware_rest: fix encoding to avoid issues with UTF-8 + encoded comments + +--- + agents/vmware_rest/fence_vmware_rest.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/agents/vmware_rest/fence_vmware_rest.py b/agents/vmware_rest/fence_vmware_rest.py +index cd99b4ac..d07bc10d 100644 +--- a/agents/vmware_rest/fence_vmware_rest.py ++++ b/agents/vmware_rest/fence_vmware_rest.py +@@ -127,7 +127,7 @@ def send_command(conn, command, method="GET"): + raise Exception(e[1]) + + rc = conn.getinfo(pycurl.HTTP_CODE) +- result = web_buffer.getvalue().decode() ++ result = web_buffer.getvalue().decode("UTF-8") + + web_buffer.close() + diff --git a/SOURCES/bz1816205-fence_aws-fix-race-condition.patch b/SOURCES/bz1816205-fence_aws-fix-race-condition.patch new file mode 100644 index 0000000..7ddfae8 --- /dev/null +++ b/SOURCES/bz1816205-fence_aws-fix-race-condition.patch @@ -0,0 +1,202 @@ +--- a/agents/aws/fence_aws.py 2020-03-26 10:31:03.653171381 +0100 ++++ b/agents/aws/fence_aws.py 2020-03-24 16:21:16.942155519 +0100 +@@ -3,14 +3,33 @@ + import sys, re + import logging + import atexit ++import requests + sys.path.append("@FENCEAGENTSLIBDIR@") + from fencing import * +-from fencing import fail, fail_usage, EC_TIMED_OUT, run_delay ++from fencing import fail, fail_usage, run_delay, EC_STATUS, SyslogLibHandler + + import boto3 + from botocore.exceptions import ClientError, EndpointConnectionError, NoRegionError + ++logger = logging.getLogger("fence_aws") ++logger.propagate = False ++logger.setLevel(logging.INFO) ++logger.addHandler(SyslogLibHandler()) ++logging.getLogger('botocore.vendored').propagate = False ++ ++def get_instance_id(): ++ try: ++ r = requests.get('http://169.254.169.254/latest/meta-data/instance-id') ++ return r.content.decode("UTF-8") ++ except HTTPError as http_err: ++ logger.error('HTTP error occurred while trying to access EC2 metadata server: %s', http_err) ++ except Exception as err: ++ logger.error('A fatal error occurred while trying to access EC2 metadata server: %s', err) ++ return None ++ ++ + def get_nodes_list(conn, options): ++ logger.info("Starting monitor operation") + result = {} + try: + for instance in conn.instances.all(): +@@ -19,13 +38,17 @@ + fail_usage("Failed: Incorrect Access Key or Secret Key.") + except EndpointConnectionError: + fail_usage("Failed: Incorrect Region.") +- ++ except Exception as e: ++ logger.error("Failed to get node list: %s", e) ++ logger.debug("Monitor operation OK: %s",result) + return result + + def get_power_status(conn, options): ++ logger.debug("Starting status operation") + try: + instance = conn.instances.filter(Filters=[{"Name": "instance-id", "Values": [options["--plug"]]}]) + state = list(instance)[0].state["Name"] ++ logger.info("Status operation for EC2 instance %s returned state: %s",options["--plug"],state.upper()) + if state == "running": + return "on" + elif state == "stopped": +@@ -38,20 +61,49 @@ + except EndpointConnectionError: + fail_usage("Failed: Incorrect Region.") + except IndexError: ++ fail(EC_STATUS) ++ except Exception as e: ++ logging.error("Failed to get power status: %s", e) ++ fail(EC_STATUS) ++ ++def get_self_power_status(conn, instance_id): ++ try: ++ instance = conn.instances.filter(Filters=[{"Name": "instance-id", "Values": [instance_id]}]) ++ state = list(instance)[0].state["Name"] ++ if state == "running": ++ logging.debug("Captured my (%s) state and it %s - returning OK - Proceeding with fencing",instance_id,state.upper()) ++ return "ok" ++ else: ++ logging.debug("Captured my (%s) state it is %s - returning Alert - Unable to fence other nodes",instance_id,state.upper()) ++ return "alert" ++ ++ except ClientError: ++ fail_usage("Failed: Incorrect Access Key or Secret Key.") ++ except EndpointConnectionError: ++ fail_usage("Failed: Incorrect Region.") ++ except IndexError: + return "fail" + + def set_power_status(conn, options): +- if (options["--action"]=="off"): +- conn.instances.filter(InstanceIds=[options["--plug"]]).stop(Force=True) +- elif (options["--action"]=="on"): +- conn.instances.filter(InstanceIds=[options["--plug"]]).start() +- ++ my_instance = get_instance_id() ++ try: ++ if (options["--action"]=="off"): ++ if (get_self_power_status(conn,my_instance) == "ok"): ++ conn.instances.filter(InstanceIds=[options["--plug"]]).stop(Force=True) ++ logger.info("Called StopInstance API call for %s", options["--plug"]) ++ else: ++ logger.info("Skipping fencing as instance is not in running status") ++ elif (options["--action"]=="on"): ++ conn.instances.filter(InstanceIds=[options["--plug"]]).start() ++ except Exception as e: ++ logger.error("Failed to power %s %s: %s", \ ++ options["--action"], options["--plug"], e) + + def define_new_opts(): + all_opt["region"] = { + "getopt" : "r:", + "longopt" : "region", +- "help" : "-r, --region=[name] Region, e.g. us-east-1", ++ "help" : "-r, --region=[region] Region, e.g. us-east-1", + "shortdesc" : "Region.", + "required" : "0", + "order" : 2 +@@ -59,7 +111,7 @@ + all_opt["access_key"] = { + "getopt" : "a:", + "longopt" : "access-key", +- "help" : "-a, --access-key=[name] Access Key", ++ "help" : "-a, --access-key=[key] Access Key", + "shortdesc" : "Access Key.", + "required" : "0", + "order" : 3 +@@ -67,23 +119,32 @@ + all_opt["secret_key"] = { + "getopt" : "s:", + "longopt" : "secret-key", +- "help" : "-s, --secret-key=[name] Secret Key", ++ "help" : "-s, --secret-key=[key] Secret Key", + "shortdesc" : "Secret Key.", + "required" : "0", + "order" : 4 + } ++ all_opt["boto3_debug"] = { ++ "getopt" : "b:", ++ "longopt" : "boto3_debug", ++ "help" : "-b, --boto3_debug=[option] Boto3 and Botocore library debug logging", ++ "shortdesc": "Boto Lib debug", ++ "required": "0", ++ "order": 5 ++ } + + # Main agent method + def main(): + conn = None + +- device_opt = ["port", "no_password", "region", "access_key", "secret_key"] ++ device_opt = ["port", "no_password", "region", "access_key", "secret_key", "boto3_debug"] + + atexit.register(atexit_handler) + + define_new_opts() + + all_opt["power_timeout"]["default"] = "60" ++ all_opt["boto3_debug"]["default"] = "off" + + options = check_input(device_opt, process_input(device_opt)) + +@@ -99,6 +160,28 @@ + + run_delay(options) + ++ if options.get("--verbose") is not None: ++ lh = logging.FileHandler('/var/log/fence_aws_debug.log') ++ logger.addHandler(lh) ++ lhf = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s') ++ lh.setFormatter(lhf) ++ logger.setLevel(logging.DEBUG) ++ ++ if options["--boto3_debug"] != "on": ++ boto3.set_stream_logger('boto3',logging.INFO) ++ boto3.set_stream_logger('botocore',logging.INFO) ++ logging.getLogger('botocore').propagate = False ++ logging.getLogger('boto3').propagate = False ++ else: ++ log_format = logging.Formatter('%(asctime)s %(name)-12s %(levelname)-8s %(message)s') ++ logging.getLogger('botocore').propagate = False ++ logging.getLogger('boto3').propagate = False ++ fdh = logging.FileHandler('/var/log/fence_aws_boto3.log') ++ fdh.setFormatter(log_format) ++ logging.getLogger('boto3').addHandler(fdh) ++ logging.getLogger('botocore').addHandler(fdh) ++ logging.debug("Boto debug level is %s and sending debug info to /var/log/fence_aws_boto3.log", options["--boto3_debug"]) ++ + region = options.get("--region") + access_key = options.get("--access-key") + secret_key = options.get("--secret-key") +@@ -106,12 +189,12 @@ + conn = boto3.resource('ec2', region_name=region, + aws_access_key_id=access_key, + aws_secret_access_key=secret_key) +- except: +- fail_usage("Failed: Unable to connect to AWS. Check your configuration.") ++ except Exception as e: ++ fail_usage("Failed: Unable to connect to AWS: " + str(e)) + + # Operate the fencing device + result = fence_action(conn, options, set_power_status, get_power_status, get_nodes_list) + sys.exit(result) + + if __name__ == "__main__": +- main() ++ main() +\ No newline at end of file diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec index 0d8db4e..f7f4d01 100644 --- a/SPECS/fence-agents.spec +++ b/SPECS/fence-agents.spec @@ -13,6 +13,7 @@ # keep around ready for later user ## global alphatag git0a6184070 +# bundles %global bundled_lib_dir bundled # google cloud @@ -66,7 +67,7 @@ Name: fence-agents Summary: Fence Agents for Red Hat Cluster Version: 4.2.1 -Release: 28%{?alphatag:.%{alphatag}}%{?dist} +Release: 35%{?alphatag:.%{alphatag}}%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Base URL: https://github.com/ClusterLabs/fence-agents @@ -120,6 +121,15 @@ Patch34: bz1734812-fence_iloX_ssh-monitor-timeout-warning.patch Patch35: bz1751702-fence_mpath-fix-watchdog-trigger-multipath-disconnect.patch Patch36: bz1753229-fence_mpath-1-add-plug-parameter-support.patch Patch37: bz1753229-fence_mpath-2-fix-plug-parameter-issues.patch +Patch38: bz1722004-1-fencing-inetX_only-SSH-fence_zvmip.patch +Patch39: bz1722004-2-fence_redfish-fence_vmware_soap-suppress-warning.patch +Patch40: bz1760203-fence_compute-fence_evacuate-1-fix-region_name-type.patch +Patch41: bz1760203-fence_compute-fence_evacuate-2-fix-project-shortopt.patch +Patch42: bz1763675-fence_rhevm-add-cookie-support.patch +Patch43: bz1769784-fencing-improve-stdin-quote-parsing.patch +Patch44: bz1793738-fence_vmware_rest-fix-encoding.patch +Patch45: bz1673468-fence_aws-improve-parameter-logic.patch +Patch58: bz1816205-fence_aws-fix-race-condition.patch # bundle patches Patch1000: bz1568753-4-fence_gce-bundled-libs.patch Patch1001: bz1568753-5-%{oauth2client}-docs-build-fix.patch @@ -132,12 +142,12 @@ Patch1007: python-%{httplib2}-0.9-cve-2013-2037.patch Patch1008: bz1568753-7-%{keyring}-fix-gnome-version-warning.patch %if 0%{?rhel} -%global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan mpath kdump redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti +%global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan lpar mpath kdump redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti %ifarch x86_64 %global testagents virsh heuristics_ping aliyun aws azure_arm gce %endif %ifarch ppc64le -%global testagents virsh lpar heuristics_ping +%global testagents virsh heuristics_ping %endif %ifarch s390x %global testagents virsh zvm heuristics_ping @@ -207,6 +217,18 @@ BuildRequires: python-six >= 1.6.1 %patch35 -p1 %patch36 -p1 %patch37 -p1 +%patch38 -p1 +%patch39 -p1 +%patch40 -p1 +%patch41 -p1 +%patch42 -p1 -F1 +%patch43 -p1 +%patch44 -p1 +%patch45 -p1 +%patch58 -p1 + +# prevent compilation of something that won't get used anyway +sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac %ifarch x86_64 # bundles @@ -235,7 +257,7 @@ cp %{fasteners_dir}/LICENSE %{fasteners}_LICENSE cp %{fasteners_dir}/README.rst %{fasteners}_README.rst # python-keyring bundle -unzip %SOURCE5 -d %{bundled_lib_dir} +unzip -q %SOURCE5 -d %{bundled_lib_dir} mv %{bundled_lib_dir}/%{keyring}-%{keyring_version} %{keyring_dir} cp %{keyring_dir}/README.rst %{keyring}_README.rst @@ -316,7 +338,7 @@ popd # python-keyring bundle pushd %{keyring_dir} %patch1008 -p1 -rm -frv keyring.egg-info +rm -fr keyring.egg-info # Drop redundant shebangs. sed -i '1{\@^#!/usr/bin/env python@d}' keyring/cli.py # Drop slags from upstream of using his own versioning system. @@ -507,8 +529,8 @@ Requires: fence-agents-lpar >= %{version}-%{release} %ifarch s390x Requires: fence-agents-zvm >= %{version}-%{release} %endif -Provides: fence-agents = %{version}-%{release} -Obsoletes: fence-agents < 3.1.13 +Provides: %{name} >= %{version}-%{release} +Obsoletes: %{name} < %{version}-%{release} %description all Red Hat Fence Agents is a collection of all supported fence agents. %files all @@ -527,7 +549,7 @@ Provides: bundled(python-aliyun-sdk-core) = %{aliyunsdkcore_version} Provides: bundled(python-aliyun-sdk-ecs) = %{aliyunsdkecs_version} # python-aliyun-sdk-vpc bundle Provides: bundled(python-aliyun-sdk-vpc) = %{aliyunsdkvpc_version} -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description aliyun The fence-agents-aliyun package contains a fence agent for Alibaba Cloud (Aliyun) instances. %files aliyun @@ -547,7 +569,7 @@ Group: System Environment/Base Summary: Fence agent for AMT (WS-Man) devices Requires: fence-agents-common >= %{version}-%{release} Requires: openwsman-python >= 2.6.3-1.git4391e5c.el7 -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description amt-ws The fence-agents-amt-ws package contains a fence agent for AMT (WS-Man) devices. %files amt-ws @@ -561,7 +583,7 @@ Group: System Environment/Base Summary: Fence agent for APC devices Requires: fence-agents-common >= %{version}-%{release} Requires: telnet openssh-clients -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description apc The fence-agents-apc package contains a fence agent for APC devices that are accessed via telnet or SSH. %files apc @@ -575,7 +597,7 @@ Group: System Environment/Base Summary: Fence agent for APC devices (SNMP) Requires: fence-agents-common >= %{version}-%{release} Requires: net-snmp-utils -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description apc-snmp The fence-agents-apc-snmp package contains a fence agent for APC devices that are accessed via the SNMP protocol. %files apc-snmp @@ -590,7 +612,7 @@ Group: System Environment/Base Summary: Fence agent for Amazon AWS Requires: fence-agents-common >= %{version}-%{release} Requires: python-boto3 -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description aws The fence-agents-aws package contains a fence agent for Amazon AWS instances. %files aws @@ -606,7 +628,7 @@ Group: System Environment/Base Summary: Fence agent for Azure Resource Manager Requires: fence-agents-common >= %{version}-%{release} Requires: python-azure-sdk >= 4.0.0 -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description azure-arm The fence-agents-azure-arm package contains a fence agent for Azure instances. %files azure-arm @@ -622,7 +644,7 @@ Group: System Environment/Base Summary: Fence agent for IBM BladeCenter Requires: fence-agents-common >= %{version}-%{release} Requires: telnet openssh-clients -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description bladecenter The fence-agents-bladecenter package contains a fence agent for IBM BladeCenter devices that are accessed via telnet or SSH. %files bladecenter @@ -636,7 +658,7 @@ Group: System Environment/Base Summary: Fence agent for HP Brocade Requires: fence-agents-common >= %{version}-%{release} Requires: telnet openssh-clients -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description brocade The fence-agents-brocade package contains a fence agent for HP Brocade devices that are accessed via telnet or SSH. %files brocade @@ -650,7 +672,7 @@ Group: System Environment/Base Summary: Fence agent for Cisco MDS 9000 series Requires: fence-agents-common >= %{version}-%{release} Requires: net-snmp-utils -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description cisco-mds The fence-agents-cisco-mds package contains a fence agent for Cisco MDS 9000 series devices that are accessed via the SNMP protocol. %files cisco-mds @@ -663,7 +685,7 @@ License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for Cisco UCS series Requires: fence-agents-common >= %{version}-%{release} -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description cisco-ucs The fence-agents-cisco-ucs package contains a fence agent for Cisco UCS series devices that are accessed via the SNMP protocol. %files cisco-ucs @@ -677,7 +699,7 @@ Group: System Environment/Base Summary: Fence agent for Nova compute nodes Requires: fence-agents-common >= %{version}-%{release} Requires: python-requests -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description compute The fence-agents-compute package contains a fence agent for Nova compute nodes. %files compute @@ -693,7 +715,7 @@ Group: System Environment/Base Summary: Fence agent for Dell DRAC 5 Requires: fence-agents-common >= %{version}-%{release} Requires: telnet openssh-clients -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description drac5 The fence-agents-drac5 package contains a fence agent for Dell DRAC 5 series devices that are accessed via telnet or SSH. %files drac5 @@ -707,7 +729,7 @@ Group: System Environment/Base Summary: Fence agent for Eaton network power switches Requires: fence-agents-common >= %{version}-%{release} Requires: net-snmp-utils -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description eaton-snmp The fence-agents-eaton-snmp package contains a fence agent for Eaton network power switches that are accessed via the SNMP protocol. %files eaton-snmp @@ -720,7 +742,7 @@ License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for Emerson devices (SNMP) Requires: fence-agents-common >= %{version}-%{release} -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description emerson The fence-agents-emerson package contains a fence agent for Emerson devices that are accessed via the SNMP protocol. %files emerson @@ -733,7 +755,7 @@ License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for ePowerSwitch 8M+ power switches Requires: fence-agents-common >= %{version}-%{release} -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description eps The fence-agents-eps package contains a fence agent for ePowerSwitch 8M+ power switches that are accessed via the HTTP(s) protocol. %files eps @@ -760,7 +782,7 @@ Provides: bundled(python-%{fasteners}) = %{fasteners_version} Provides: bundled(python-%{keyring}) = %{keyring_version} # python-uritemplate bundle Provides: bundled(python-%{uritemplate}) = %{uritemplate_version} -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description gce The fence-agents-gce package contains a fence agent for GCE (Google Cloud Engine) instances. %files gce @@ -781,7 +803,7 @@ License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent used to control other fence agents based on ping-heuristics Requires: fence-agents-common >= %{version}-%{release} -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description heuristics-ping The fence-agents-heuristics-ping package contains fence agent used to control other fence agents based on ping-heuristics @@ -796,7 +818,7 @@ Group: System Environment/Base Summary: Fence agent for HP BladeSystem devices Requires: fence-agents-common >= %{version}-%{release} Requires: telnet openssh-clients -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description hpblade The fence-agents-hpblade package contains a fence agent for HP BladeSystem devices that are accessed via telnet or SSH. %files hpblade @@ -810,7 +832,7 @@ Group: System Environment/Base Summary: Fence agent for IBM BladeCenter Requires: fence-agents-common >= %{version}-%{release} Requires: net-snmp-utils -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description ibmblade The fence-agents-ibmblade package contains a fence agent for IBM BladeCenter devices that are accessed via the SNMP protocol. %files ibmblade @@ -824,7 +846,7 @@ Group: System Environment/Base Summary: Fence agent for devices with IF-MIB interfaces Requires: fence-agents-common >= %{version}-%{release} Requires: net-snmp-utils -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description ifmib The fence-agents-ifmib package contains a fence agent for IF-MIB interfaces that are accessed via the SNMP protocol. %files ifmib @@ -838,7 +860,7 @@ Group: System Environment/Base Summary: Fence agent for HP iLO2 devices Requires: fence-agents-common >= %{version}-%{release} Requires: gnutls-utils -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description ilo2 The fence-agents-ilo2 package contains a fence agent for HP iLO2 devices that are accessed via the HTTP(s) protocol. %files ilo2 @@ -854,7 +876,7 @@ Group: System Environment/Base Summary: Fence agent for HP iLO Moonshot devices Requires: telnet openssh-clients Requires: fence-agents-common >= %{version}-%{release} -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description ilo-moonshot The fence-agents-ilo-moonshot package contains a fence agent for HP iLO Moonshot devices that are accessed via telnet or SSH. %files ilo-moonshot @@ -868,7 +890,7 @@ Group: System Environment/Base Summary: Fence agent for HP iLO MP devices Requires: fence-agents-common >= %{version}-%{release} Requires: telnet openssh-clients -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description ilo-mp The fence-agents-ilo-mp package contains a fence agent for HP iLO MP devices that are accessed via telnet or SSH. %files ilo-mp @@ -882,7 +904,7 @@ Group: System Environment/Base Summary: Fence agent for HP iLO devices via SSH Requires: fence-agents-common >= %{version}-%{release} Requires: telnet openssh-clients -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description ilo-ssh The fence-agents-ilo-ssh package contains a fence agent for HP iLO devices that are accessed via SSH. %files ilo-ssh @@ -902,7 +924,7 @@ Group: System Environment/Base Summary: Fence agent for devices with Intel Modular interfaces Requires: fence-agents-common >= %{version}-%{release} Requires: net-snmp-utils -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description intelmodular The fence-agents-intelmodular package contains a fence agent for Intel Modular interfaces that are accessed via the SNMP protocol. %files intelmodular @@ -916,7 +938,7 @@ Group: System Environment/Base Summary: Fence agent for IBM iPDU network power switches Requires: fence-agents-common >= %{version}-%{release} Requires: net-snmp-utils -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description ipdu The fence-agents-ipdu package contains a fence agent for IBM iPDU network power switches that are accessed via the SNMP protocol. %files ipdu @@ -930,7 +952,7 @@ Group: System Environment/Base Summary: Fence agent for devices with IPMI interface Requires: fence-agents-common >= %{version}-%{release} Requires: /usr/bin/ipmitool -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description ipmilan The fence-agents-ipmilan package contains a fence agent for devices with IPMI interface. %files ipmilan @@ -954,7 +976,7 @@ Group: System Environment/Base Summary: Fence agent for reservations over Device Mapper Multipath Requires: fence-agents-common >= %{version}-%{release} Requires: device-mapper-multipath -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description mpath The fence-agents-mpath package contains fence agent for SCSI persistent reservation over Device Mapper Multipath %files mpath @@ -968,7 +990,7 @@ License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for use with kdump crash recovery service Requires: fence-agents-common >= %{version}-%{release} -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description kdump The fence-agents-kdump package contains a fence agent for use with kdump crash recovery service. %files kdump @@ -978,21 +1000,19 @@ The fence-agents-kdump package contains a fence agent for use with kdump crash r %{_mandir}/man8/fence_kdump.8* %{_mandir}/man8/fence_kdump_send.8* -%ifarch ppc64le %package lpar License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for IBM LPAR Requires: fence-agents-common >= %{version}-%{release} Requires: telnet openssh-clients -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description lpar The fence-agents-lpar package contains a fence agent for IBM LPAR devices that are accessed via telnet or SSH. %files lpar %defattr(-,root,root,-) %{_sbindir}/fence_lpar %{_mandir}/man8/fence_lpar.8* -%endif %package redfish License: GPLv2+ and LGPLv2+ @@ -1000,7 +1020,7 @@ Group: System Environment/Base Summary: Fence agent for Redfish Requires: fence-agents-common >= %{version}-%{release} Requires: python-requests -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description redfish The fence-agents-redfish package contains a fence agent for Redfish %files redfish @@ -1013,7 +1033,7 @@ License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for RHEV-M Requires: fence-agents-common >= %{version}-%{release} -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description rhevm The fence-agents-rhevm package contains a fence agent for RHEV-M via REST API %files rhevm @@ -1027,7 +1047,7 @@ Group: System Environment/Base Summary: Fence agent for IBM RSA II Requires: fence-agents-common >= %{version}-%{release} Requires: telnet openssh-clients -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description rsa The fence-agents-rsa package contains a fence agent for IBM RSA II devices that are accessed via telnet or SSH. %files rsa @@ -1041,7 +1061,7 @@ Group: System Environment/Base Summary: Fence agent for Fujitsu RSB Requires: fence-agents-common >= %{version}-%{release} Requires: telnet openssh-clients -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description rsb The fence-agents-rsb package contains a fence agent for Fujitsu RSB devices that are accessed via telnet or SSH. %files rsb @@ -1056,7 +1076,7 @@ Group: System Environment/Base Summary: Fence agent for QLogic SANBox2 FC switches Requires: fence-agents-common >= %{version}-%{release} Requires: telnet -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description sanbox2 The fence-agents-sanbox2 package contains a fence agent for QLogic SANBox2 switches that are accessed via telnet. %files sanbox2 @@ -1070,7 +1090,7 @@ License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for SBD (storage-based death) Requires: fence-agents-common >= %{version}-%{release} -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description sbd The fence-agents-sbd package contains fence agent for SBD (storage-based death) %files sbd @@ -1083,7 +1103,7 @@ License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for SCSI persistent reservations Requires: sg3_utils fence-agents-common >= %{version}-%{release} -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description scsi The fence-agents-scsi package contains fence agent for SCSI persistent reservations %files scsi @@ -1100,7 +1120,7 @@ Group: System Environment/Base Summary: Fence agent for virtual machines based on libvirt Requires: fence-agents-common >= %{version}-%{release} Requires: openssh-clients /usr/bin/virsh -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description virsh The fence-agents-virsh package contains a fence agent for virtual machines that are accessed via SSH. %files virsh @@ -1113,7 +1133,7 @@ License: GPLv2+ and LGPLv2+ Group: System Environment/Base Summary: Fence agent for VMWare with REST API Requires: fence-agents-common >= %{version}-%{release} -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description vmware-rest The fence-agents-vmware-rest package contains a fence agent for VMWare with REST API %files vmware-rest @@ -1127,7 +1147,7 @@ Group: System Environment/Base Summary: Fence agent for VMWare with SOAP API v4.1+ Requires: fence-agents-common >= %{version}-%{release} Requires: python-suds python-requests -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description vmware-soap The fence-agents-vmware-soap package contains a fence agent for VMWare with SOAP API v4.1+ %files vmware-soap @@ -1141,7 +1161,7 @@ Group: System Environment/Base Summary: Fence agent for WTI Network power switches Requires: fence-agents-common >= %{version}-%{release} Requires: telnet openssh-clients -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description wti The fence-agents-wti package contains a fence agent for WTI network power switches that are accessed via telnet or SSH. %files wti @@ -1156,18 +1176,48 @@ Group: System Environment/Base Summary: Fence agent for z/VM hypervisors Requires: fence-agents-common >= %{version}-%{release} Requires: telnet openssh-clients -Obsoletes: fence-agents +Obsoletes: %{name} < %{version}-%{release} %description zvm The fence-agents-zvm package contains a fence agent for z/VM hypervisors %files zvm %defattr(-,root,root,-) %{_sbindir}/fence_zvmip %{_mandir}/man8/fence_zvmip.8* -%exclude %{_sbindir}/fence_zvm -%exclude %{_mandir}/man8/fence_zvm.8* %endif %changelog +* Thu Mar 26 2020 Oyvind Albrigtsen - 4.2.1-35 +- fence_aws: fix possible race condition + + Resolves: rhbz#1816205 + +* Tue Mar 10 2020 Oyvind Albrigtsen - 4.2.1-34 +- fence_aws: improve parameter logic to allow setting region parameter + while using credentials from ~/.aws/config + Resolves: rhbz#1673468 +- +* Tue Feb 25 2020 Oyvind Albrigtsen - 4.2.1-33 +- fence-agents-lpar: build on non-ppc64le arch's + Resolves: rhbz#1801818 + +* Wed Feb 12 2020 Oyvind Albrigtsen - 4.2.1-32 +- fence_vmware_rest: fix encoding issues + Resolves: rhbz#1793738 + +* Wed Jan 15 2020 Oyvind Albrigtsen - 4.2.1-31 +- fence_compute/fence_evacuate: fix region_name content type and + project shortopt in usage text and project-domain shortopt + Resolves: rhbz#1760203 +- fence_rhevm: add cookie support + Resolves: rhbz#1763675 +- fencing: improve stdin quote parsing + Resolves: rhbz#1769784 + +* Tue Nov 26 2019 Oyvind Albrigtsen - 4.2.1-30 +- fencing: only use inetX_only parameters for SSH based agents and + fence_zvmip + Resolves: rhbz#1722004 + * Fri Sep 20 2019 Oyvind Albrigtsen - 4.2.1-28 - fence_mpath: add plug parameter support to be able to use pcmk_host_map Resolves: rhbz#1753229