Tree - rpms/pacemaker - CentOS Git server

rpms / pacemaker

Blame SOURCES/015-cibsecret.patch

Blob History Raw

		b62b44	`From 2e7a40570d6b21534ec0215ac5ebc174796cf17c Mon Sep 17 00:00:00 2001`
		b62b44	`From: Ken Gaillot <kgaillot@redhat.com>`
		b62b44	`Date: Thu, 20 Aug 2020 10:02:20 -0500`
		b62b44	`Subject: [PATCH 1/2] Refactor: tools: rename function in cibsecret to be more`
		b62b44	`clear`
		b62b44
		b62b44	`It led me to initially misdiagnose a problem.`
		b62b44	`---`
		b62b44	`tools/cibsecret.in \| 26 +++++++++++++-------------`
		b62b44	`1 file changed, 13 insertions(+), 13 deletions(-)`
		b62b44
		b62b44	`diff --git a/tools/cibsecret.in b/tools/cibsecret.in`
		b62b44	`index 9b74ba3..dabbfc0 100644`
		b62b44	`--- a/tools/cibsecret.in`
		b62b44	`+++ b/tools/cibsecret.in`
		b62b44	`@@ -162,28 +162,28 @@ check_env() {`
		b62b44	`}`
		b62b44
		b62b44	`# This must be called (and return success) before calling $rsh or $rcp_to_from`
		b62b44	`-get_live_nodes() {`
		b62b44	`- # Get a list of all cluster nodes`
		b62b44	`+get_live_peers() {`
		b62b44	`+ # Get a list of all other cluster nodes`
		b62b44	`GLN_ALL_NODES="$(crm_node -l \| awk '{print $2}' \| grep -v "$(uname -n)")"`
		b62b44
		b62b44	`# Make a list of those that respond to pings`
		b62b44	`if [ "$(id -u)" = "0" ] && which fping >/dev/null 2>&1; then`
		b62b44	`- LIVE_NODES=$(fping -a $GLN_ALL_NODES 2>/dev/null)`
		b62b44	`+ LIVE_NODES=$(fping -a $GLP_ALL_PEERS 2>/dev/null)`
		b62b44	`else`
		b62b44	`LIVE_NODES=""`
		b62b44	`- for GLN_NODE in $GLN_ALL_NODES; do \`
		b62b44	`- ping -c 2 -q "$GLN_NODE" >/dev/null 2>&1 &&`
		b62b44	`- LIVE_NODES="$LIVE_NODES $GLN_NODE"`
		b62b44	`+ for GLP_NODE in $GLP_ALL_PEERS; do \`
		b62b44	`+ ping -c 2 -q "$GLP_NODE" >/dev/null 2>&1 &&`
		b62b44	`+ LIVE_NODES="$LIVE_NODES $GLP_NODE"`
		b62b44	`done`
		b62b44	`fi`
		b62b44
		b62b44	`# Warn the user about any that didn't respond to pings`
		b62b44	`- GLN_DOWN="$( (for GLN_NODE in $LIVE_NODES $GLN_ALL_NODES; do echo "$GLN_NODE"; done) \| sort \| uniq -u)"`
		b62b44	`- if [ "$(echo "$GLN_DOWN" \| wc -w)" = "1" ]; then`
		b62b44	`- warn "node $GLN_DOWN is down"`
		b62b44	`+ GLP_DOWN="$( (for GLP_NODE in $LIVE_NODES $GLP_ALL_PEERS; do echo "$GLP_NODE"; done) \| sort \| uniq -u)"`
		b62b44	`+ if [ "$(echo "$GLP_DOWN" \| wc -w)" = "1" ]; then`
		b62b44	`+ warn "node $GLP_DOWN is down"`
		b62b44	`warn "you'll need to update it using \"$PROG sync\" later"`
		b62b44	`- elif [ -n "$GLN_DOWN" ]; then`
		b62b44	`- warn "nodes $(echo "$GLN_DOWN" \| tr '\n' ' ')are down"`
		b62b44	`+ elif [ -n "$GLP_DOWN" ]; then`
		b62b44	`+ warn "nodes $(echo "$GLP_DOWN" \| tr '\n' ' ')are down"`
		b62b44	`warn "you'll need to update them using \"$PROG sync\" later"`
		b62b44	`fi`
		b62b44
		b62b44	`@@ -235,7 +235,7 @@ scp_fun() {`
		b62b44	`# TODO: this procedure should be replaced with csync2`
		b62b44	`# provided that csync2 has already been configured`
		b62b44	`sync_files() {`
		b62b44	`- get_live_nodes \|\| return`
		b62b44	`+ get_live_peers \|\| return`
		b62b44	`info "syncing $LRM_CIBSECRETS to $(echo "$LIVE_NODES" \| tr '\n' ' ') ..."`
		b62b44	`$rsh rm -rf "$LRM_CIBSECRETS" &&`
		b62b44	`$rsh mkdir -p "$(dirname "$LRM_CIBSECRETS")" &&`
		b62b44	`@@ -244,7 +244,7 @@ sync_files() {`
		b62b44
		b62b44	`sync_one() {`
		b62b44	`SO_FILE="$1"`
		b62b44	`- get_live_nodes \|\| return`
		b62b44	`+ get_live_peers \|\| return`
		b62b44	`info "syncing $SO_FILE to $(echo "$LIVE_NODES" \| tr '\n' ' ') ..."`
		b62b44	`$rsh mkdir -p "$(dirname "$SO_FILE")" &&`
		b62b44	`if [ -f "$SO_FILE" ]; then`
		b62b44	`--`
		b62b44	`1.8.3.1`
		b62b44
		b62b44
		b62b44	`From 9c1517e6a681f35d62b4714e854b258c17ab5e59 Mon Sep 17 00:00:00 2001`
		b62b44	`From: Ken Gaillot <kgaillot@redhat.com>`
		b62b44	`Date: Thu, 20 Aug 2020 10:03:23 -0500`
		b62b44	`Subject: [PATCH 2/2] Fix: tools: properly detect local node name`
		b62b44
		b62b44	`cibsecret had two serious problems when generating a list of other nodes to`
		b62b44	`sync secrets to:`
		b62b44
		b62b44	* It used `uname -n` to remove the local node from the list. If the local node
		b62b44	`name is different from its uname, this could cause local secrets to be`
		b62b44	`removed from the local node rather than synced to other nodes.`
		b62b44
		b62b44	`* It removed not just the local node name, but any node name that contained`
		b62b44	`the local node name as a substring (e.g. "node1" and "node10"). This could`
		b62b44	`cause secrets to not be synced to such nodes.`
		b62b44
		b62b44	Now, use `crm_node -n` to determine the local node name, check crm_node for
		b62b44	`errors to get better error messages, and remove only the node name that matches`
		b62b44	`the local node name in its entirety.`
		b62b44	`---`
		b62b44	`tools/cibsecret.in \| 8 +++++++-`
		b62b44	`1 file changed, 7 insertions(+), 1 deletion(-)`
		b62b44
		b62b44	`diff --git a/tools/cibsecret.in b/tools/cibsecret.in`
		b62b44	`index dabbfc0..568833c 100644`
		b62b44	`--- a/tools/cibsecret.in`
		b62b44	`+++ b/tools/cibsecret.in`
		b62b44	`@@ -163,8 +163,14 @@ check_env() {`
		b62b44
		b62b44	`# This must be called (and return success) before calling $rsh or $rcp_to_from`
		b62b44	`get_live_peers() {`
		b62b44	`+ # Get local node name`
		b62b44	`+ GLP_LOCAL_NODE="$(crm_node -n)"`
		b62b44	`+ [ $? -eq 0 ] \|\| fatal "couldn't get local node name"`
		b62b44	`+`
		b62b44	`# Get a list of all other cluster nodes`
		b62b44	`- GLN_ALL_NODES="$(crm_node -l \| awk '{print $2}' \| grep -v "$(uname -n)")"`
		b62b44	`+ GLP_ALL_PEERS="$(crm_node -l)"`
		b62b44	`+ [ $? -eq 0 ] \|\| fatal "couldn't determine cluster nodes"`
		b62b44	`+ GLP_ALL_PEERS="$(echo "$GLP_ALL_PEERS" \| awk '{print $2}' \| grep -v "^${GLP_LOCAL_NODE}$")"`
		b62b44
		b62b44	`# Make a list of those that respond to pings`
		b62b44	`if [ "$(id -u)" = "0" ] && which fping >/dev/null 2>&1; then`
		b62b44	`--`
		b62b44	`1.8.3.1`
		b62b44

rpms / pacemaker

Source Code

Blame SOURCES/015-cibsecret.patch