Tree - rpms/pacemaker - CentOS Git server

rpms / pacemaker

Blame SOURCES/015-cibsecret.patch

Blob History Raw

		26ad17	`From 2e7a40570d6b21534ec0215ac5ebc174796cf17c Mon Sep 17 00:00:00 2001`
		26ad17	`From: Ken Gaillot <kgaillot@redhat.com>`
		26ad17	`Date: Thu, 20 Aug 2020 10:02:20 -0500`
		26ad17	`Subject: [PATCH 1/2] Refactor: tools: rename function in cibsecret to be more`
		26ad17	`clear`
		26ad17
		26ad17	`It led me to initially misdiagnose a problem.`
		26ad17	`---`
		26ad17	`tools/cibsecret.in \| 26 +++++++++++++-------------`
		26ad17	`1 file changed, 13 insertions(+), 13 deletions(-)`
		26ad17
		26ad17	`diff --git a/tools/cibsecret.in b/tools/cibsecret.in`
		26ad17	`index 9b74ba3..dabbfc0 100644`
		26ad17	`--- a/tools/cibsecret.in`
		26ad17	`+++ b/tools/cibsecret.in`
		26ad17	`@@ -162,28 +162,28 @@ check_env() {`
		26ad17	`}`
		26ad17
		26ad17	`# This must be called (and return success) before calling $rsh or $rcp_to_from`
		26ad17	`-get_live_nodes() {`
		26ad17	`- # Get a list of all cluster nodes`
		26ad17	`+get_live_peers() {`
		26ad17	`+ # Get a list of all other cluster nodes`
		26ad17	`GLN_ALL_NODES="$(crm_node -l \| awk '{print $2}' \| grep -v "$(uname -n)")"`
		26ad17
		26ad17	`# Make a list of those that respond to pings`
		26ad17	`if [ "$(id -u)" = "0" ] && which fping >/dev/null 2>&1; then`
		26ad17	`- LIVE_NODES=$(fping -a $GLN_ALL_NODES 2>/dev/null)`
		26ad17	`+ LIVE_NODES=$(fping -a $GLP_ALL_PEERS 2>/dev/null)`
		26ad17	`else`
		26ad17	`LIVE_NODES=""`
		26ad17	`- for GLN_NODE in $GLN_ALL_NODES; do \`
		26ad17	`- ping -c 2 -q "$GLN_NODE" >/dev/null 2>&1 &&`
		26ad17	`- LIVE_NODES="$LIVE_NODES $GLN_NODE"`
		26ad17	`+ for GLP_NODE in $GLP_ALL_PEERS; do \`
		26ad17	`+ ping -c 2 -q "$GLP_NODE" >/dev/null 2>&1 &&`
		26ad17	`+ LIVE_NODES="$LIVE_NODES $GLP_NODE"`
		26ad17	`done`
		26ad17	`fi`
		26ad17
		26ad17	`# Warn the user about any that didn't respond to pings`
		26ad17	`- GLN_DOWN="$( (for GLN_NODE in $LIVE_NODES $GLN_ALL_NODES; do echo "$GLN_NODE"; done) \| sort \| uniq -u)"`
		26ad17	`- if [ "$(echo "$GLN_DOWN" \| wc -w)" = "1" ]; then`
		26ad17	`- warn "node $GLN_DOWN is down"`
		26ad17	`+ GLP_DOWN="$( (for GLP_NODE in $LIVE_NODES $GLP_ALL_PEERS; do echo "$GLP_NODE"; done) \| sort \| uniq -u)"`
		26ad17	`+ if [ "$(echo "$GLP_DOWN" \| wc -w)" = "1" ]; then`
		26ad17	`+ warn "node $GLP_DOWN is down"`
		26ad17	`warn "you'll need to update it using \"$PROG sync\" later"`
		26ad17	`- elif [ -n "$GLN_DOWN" ]; then`
		26ad17	`- warn "nodes $(echo "$GLN_DOWN" \| tr '\n' ' ')are down"`
		26ad17	`+ elif [ -n "$GLP_DOWN" ]; then`
		26ad17	`+ warn "nodes $(echo "$GLP_DOWN" \| tr '\n' ' ')are down"`
		26ad17	`warn "you'll need to update them using \"$PROG sync\" later"`
		26ad17	`fi`
		26ad17
		26ad17	`@@ -235,7 +235,7 @@ scp_fun() {`
		26ad17	`# TODO: this procedure should be replaced with csync2`
		26ad17	`# provided that csync2 has already been configured`
		26ad17	`sync_files() {`
		26ad17	`- get_live_nodes \|\| return`
		26ad17	`+ get_live_peers \|\| return`
		26ad17	`info "syncing $LRM_CIBSECRETS to $(echo "$LIVE_NODES" \| tr '\n' ' ') ..."`
		26ad17	`$rsh rm -rf "$LRM_CIBSECRETS" &&`
		26ad17	`$rsh mkdir -p "$(dirname "$LRM_CIBSECRETS")" &&`
		26ad17	`@@ -244,7 +244,7 @@ sync_files() {`
		26ad17
		26ad17	`sync_one() {`
		26ad17	`SO_FILE="$1"`
		26ad17	`- get_live_nodes \|\| return`
		26ad17	`+ get_live_peers \|\| return`
		26ad17	`info "syncing $SO_FILE to $(echo "$LIVE_NODES" \| tr '\n' ' ') ..."`
		26ad17	`$rsh mkdir -p "$(dirname "$SO_FILE")" &&`
		26ad17	`if [ -f "$SO_FILE" ]; then`
		26ad17	`--`
		26ad17	`1.8.3.1`
		26ad17
		26ad17
		26ad17	`From 9c1517e6a681f35d62b4714e854b258c17ab5e59 Mon Sep 17 00:00:00 2001`
		26ad17	`From: Ken Gaillot <kgaillot@redhat.com>`
		26ad17	`Date: Thu, 20 Aug 2020 10:03:23 -0500`
		26ad17	`Subject: [PATCH 2/2] Fix: tools: properly detect local node name`
		26ad17
		26ad17	`cibsecret had two serious problems when generating a list of other nodes to`
		26ad17	`sync secrets to:`
		26ad17
		26ad17	* It used `uname -n` to remove the local node from the list. If the local node
		26ad17	`name is different from its uname, this could cause local secrets to be`
		26ad17	`removed from the local node rather than synced to other nodes.`
		26ad17
		26ad17	`* It removed not just the local node name, but any node name that contained`
		26ad17	`the local node name as a substring (e.g. "node1" and "node10"). This could`
		26ad17	`cause secrets to not be synced to such nodes.`
		26ad17
		26ad17	Now, use `crm_node -n` to determine the local node name, check crm_node for
		26ad17	`errors to get better error messages, and remove only the node name that matches`
		26ad17	`the local node name in its entirety.`
		26ad17	`---`
		26ad17	`tools/cibsecret.in \| 8 +++++++-`
		26ad17	`1 file changed, 7 insertions(+), 1 deletion(-)`
		26ad17
		26ad17	`diff --git a/tools/cibsecret.in b/tools/cibsecret.in`
		26ad17	`index dabbfc0..568833c 100644`
		26ad17	`--- a/tools/cibsecret.in`
		26ad17	`+++ b/tools/cibsecret.in`
		26ad17	`@@ -163,8 +163,14 @@ check_env() {`
		26ad17
		26ad17	`# This must be called (and return success) before calling $rsh or $rcp_to_from`
		26ad17	`get_live_peers() {`
		26ad17	`+ # Get local node name`
		26ad17	`+ GLP_LOCAL_NODE="$(crm_node -n)"`
		26ad17	`+ [ $? -eq 0 ] \|\| fatal "couldn't get local node name"`
		26ad17	`+`
		26ad17	`# Get a list of all other cluster nodes`
		26ad17	`- GLN_ALL_NODES="$(crm_node -l \| awk '{print $2}' \| grep -v "$(uname -n)")"`
		26ad17	`+ GLP_ALL_PEERS="$(crm_node -l)"`
		26ad17	`+ [ $? -eq 0 ] \|\| fatal "couldn't determine cluster nodes"`
		26ad17	`+ GLP_ALL_PEERS="$(echo "$GLP_ALL_PEERS" \| awk '{print $2}' \| grep -v "^${GLP_LOCAL_NODE}$")"`
		26ad17
		26ad17	`# Make a list of those that respond to pings`
		26ad17	`if [ "$(id -u)" = "0" ] && which fping >/dev/null 2>&1; then`
		26ad17	`--`
		26ad17	`1.8.3.1`
		26ad17

rpms / pacemaker

Source Code

Blame SOURCES/015-cibsecret.patch