- Resolves: RHEL-65699

2024-11-15 10:53:34 +01:00 · 2024-11-15 10:53:34 +01:00 · 6e1117bfad
commit 6e1117bfad
parent 67b12f1fb7
4 changed files with 11 additions and 255 deletions
--- a/.gitignore
+++ b/.gitignore
@ -49,3 +49,4 @@ corosync-1.2.7.tar.gz
 /corosync-3.1.5.tar.gz
 /corosync-3.1.7.tar.gz
 /corosync-3.1.8.tar.gz
+/corosync-3.1.9.tar.gz
--- a/RHEL-24163-1-Report-crypto-errors-back-to-cfg-reload.patch
+++ b/RHEL-24163-1-Report-crypto-errors-back-to-cfg-reload.patch
@ -1,246 +0,0 @@
-From ce03c68394517ea8782a03968e2507a1096e9efe Mon Sep 17 00:00:00 2001
-From: Christine Caulfield <ccaulfie@redhat.com>
-Date: Wed, 31 Jan 2024 10:29:05 +0000
-Subject: [PATCH 1/3] Report crypto errors back to cfg reload
-
-Because crypto changing happens in the 'commit' phase
-of the reload and we can't get sure that knet will
-allow the new parameters, the result gets ignored.
-This can happen in FIPS mode if a non-FIPS cipher
-is requested.
-
-This patch reports the errors back in a cmap key
-so that the command-line can spot those errors
-and report them back to the user.
-
-It also restores the internal values for crypto
-so that subsequent attempts to change things have
-predictable results. Otherwise further attempts can
-do nothing but not report any errors back.
-
-I've also added some error reporting back for the
-knet ping counters using this mechanism.
-
-The alternative to all of this would be to check for FIPS
-in totemconfig.c and then exclude certain options, but this
-would be duplicating code that could easily get out of sync.
-
-This system could also be a useful mechanism for reporting
-back other 'impossible' errors.
-
-Signed-off-by: Christine Caulfield <ccaulfie@redhat.com>
-Reviewed-by: Jan Friesse <jfriesse@redhat.com>
---
- exec/cfg.c               |  3 +++
- exec/totemconfig.c       |  8 ++++++-
- exec/totemknet.c         | 48 +++++++++++++++++++++++++++++++++++-----
- tools/corosync-cfgtool.c | 31 ++++++++++++++++++++++++++
- 4 files changed, 83 insertions(+), 7 deletions(-)
-
-diff --git a/exec/cfg.c b/exec/cfg.c
-index fe5f551d..4a3834b0 100644
--- a/exec/cfg.c
-+++ b/exec/cfg.c
-@@ -722,6 +722,9 @@ static void message_handler_req_exec_cfg_reload_config (
- 
- 	log_printf(LOGSYS_LEVEL_NOTICE, "Config reload requested by node " CS_PRI_NODE_ID, nodeid);
- 
-+	// Clear this out in case it all goes well
-+	icmap_delete("config.reload_error_message");
-+
- 	icmap_set_uint8("config.totemconfig_reload_in_progress", 1);
- 
- 	/* Make sure there is no rubbish in this that might be checked, even on error */
-diff --git a/exec/totemconfig.c b/exec/totemconfig.c
-index a6394a2f..505424e3 100644
--- a/exec/totemconfig.c
-+++ b/exec/totemconfig.c
-@@ -2439,7 +2439,13 @@ int totemconfig_commit_new_params(
- 	totempg_reconfigure();
- 
- 	free(new_interfaces);
-	return res; /* On a reload this is ignored */
-+
-+	/*
-+	 * On a reload this return is ignored because it's too late to do anything about it,
-+	 * but errors are reported back via cmap.
-+	 */
-+	return res;
-+
- }
- 
- static void add_totem_config_notification(struct totem_config *totem_config)
-diff --git a/exec/totemknet.c b/exec/totemknet.c
-index f280a094..916f4f8b 100644
--- a/exec/totemknet.c
-+++ b/exec/totemknet.c
-@@ -93,6 +93,8 @@ static int setup_nozzle(void *knet_context);
- struct totemknet_instance {
- 	struct crypto_instance *crypto_inst;
- 
-+	struct knet_handle_crypto_cfg last_good_crypto_cfg;
-+
- 	qb_loop_t *poll_handle;
- 
-         knet_handle_t knet_handle;
-@@ -995,6 +997,7 @@ static void totemknet_refresh_config(
- 	}
- 
- 	for (i=0; i<num_nodes; i++) {
-+		int linkerr = 0;
- 		for (link_no = 0; link_no < INTERFACE_MAX; link_no++) {
- 			if (host_ids[i] == instance->our_nodeid || !instance->totem_config->interfaces[link_no].configured) {
- 				continue;
-@@ -1006,19 +1009,25 @@ static void totemknet_refresh_config(
- 							instance->totem_config->interfaces[link_no].knet_ping_precision);
- 			if (err) {
- 				KNET_LOGSYS_PERROR(errno, LOGSYS_LEVEL_ERROR, "knet_link_set_ping_timers for node " CS_PRI_NODE_ID " link %d failed", host_ids[i], link_no);
-+				linkerr = err;
- 			}
- 			err = knet_link_set_pong_count(instance->knet_handle, host_ids[i], link_no,
- 						       instance->totem_config->interfaces[link_no].knet_pong_count);
- 			if (err) {
- 				KNET_LOGSYS_PERROR(errno, LOGSYS_LEVEL_ERROR, "knet_link_set_pong_count for node " CS_PRI_NODE_ID " link %d failed",host_ids[i], link_no);
-+				linkerr = err;
- 			}
- 			err = knet_link_set_priority(instance->knet_handle, host_ids[i], link_no,
- 						     instance->totem_config->interfaces[link_no].knet_link_priority);
- 			if (err) {
- 				KNET_LOGSYS_PERROR(errno, LOGSYS_LEVEL_ERROR, "knet_link_set_priority for node " CS_PRI_NODE_ID " link %d failed", host_ids[i], link_no);
-+				linkerr = err;
- 			}
- 
- 		}
-+		if (linkerr) {
-+			icmap_set_string("config.reload_error_message", "Failed to set knet ping timers(2)");
-+		}
- 	}
- 
- 	/* Log levels get reconfigured from logconfig.c as that happens last in the reload */
-@@ -1086,6 +1095,10 @@ static int totemknet_set_knet_crypto(struct totemknet_instance *instance)
- 
- 	/* use_config will be called later when all nodes are synced */
- 	res = knet_handle_crypto_set_config(instance->knet_handle, &crypto_cfg, instance->totem_config->crypto_index);
-+	if (res == 0) {
-+		/* Keep a copy in case it fails in future */
-+		memcpy(&instance->last_good_crypto_cfg, &crypto_cfg, sizeof(crypto_cfg));
-+	}
- 	if (res == -1) {
- 		knet_log_printf(LOGSYS_LEVEL_ERROR, "knet_handle_crypto_set_config (index %d) failed: %s", instance->totem_config->crypto_index, strerror(errno));
- 		goto exit_error;
-@@ -1112,8 +1125,24 @@ static int totemknet_set_knet_crypto(struct totemknet_instance *instance)
- 	}
- #endif
- 
-
- exit_error:
-+#ifdef HAVE_KNET_CRYPTO_RECONF
-+	if (res) {
-+		icmap_set_string("config.reload_error_message", "Failed to set crypto parameters");
-+
-+		/* Restore the old values in cmap & totem_config */
-+		icmap_set_string("totem.crypto_cipher", instance->last_good_crypto_cfg.crypto_cipher_type);
-+		icmap_set_string("totem.crypto_hash",  instance->last_good_crypto_cfg.crypto_hash_type);
-+		icmap_set_string("totem.crypto_model",  instance->last_good_crypto_cfg.crypto_model);
-+
-+		memcpy(instance->totem_config->crypto_hash_type, instance->last_good_crypto_cfg.crypto_hash_type,
-+		       sizeof(instance->last_good_crypto_cfg.crypto_hash_type));
-+		memcpy(instance->totem_config->crypto_cipher_type, instance->last_good_crypto_cfg.crypto_cipher_type,
-+		       sizeof(instance->last_good_crypto_cfg.crypto_cipher_type));
-+		memcpy(instance->totem_config->crypto_model, instance->last_good_crypto_cfg.crypto_model,
-+		       sizeof(instance->last_good_crypto_cfg.crypto_model));
-+	}
-+#endif
- 	return res;
- }
- 
-@@ -1656,6 +1685,9 @@ int totemknet_member_add (
- 			log_flush_messages(instance);
- 			errno = saved_errno;
- 			KNET_LOGSYS_PERROR(errno, LOGSYS_LEVEL_ERROR, "knet_link_set_ping_timers for nodeid " CS_PRI_NODE_ID ", link %d failed", member->nodeid, link_no);
-+
-+			icmap_set_string("config.reload_error_message", "Failed to set knet ping timers");
-+
- 			return -1;
- 		}
- 		err = knet_link_set_pong_count(instance->knet_handle, member->nodeid, link_no,
-@@ -1666,6 +1698,7 @@ int totemknet_member_add (
- 			log_flush_messages(instance);
- 			errno = saved_errno;
- 			KNET_LOGSYS_PERROR(errno, LOGSYS_LEVEL_ERROR, "knet_link_set_pong_count for nodeid " CS_PRI_NODE_ID ", link %d failed", member->nodeid, link_no);
-+			icmap_set_string("config.reload_error_message", "Failed to set knet pong count");
- 			return -1;
- 		}
- 	}
-@@ -1774,11 +1807,14 @@ int totemknet_reconfigure (
- 		/* Flip crypto_index */
- 		totem_config->crypto_index = 3-totem_config->crypto_index;
- 		res = totemknet_set_knet_crypto(instance);
-
-		knet_log_printf(LOG_INFO, "kronosnet crypto reconfigured on index %d: %s/%s/%s", totem_config->crypto_index,
-				totem_config->crypto_model,
-				totem_config->crypto_cipher_type,
-				totem_config->crypto_hash_type);
-+		if (res == 0) {
-+			knet_log_printf(LOG_INFO, "kronosnet crypto reconfigured on index %d: %s/%s/%s", totem_config->crypto_index,
-+					totem_config->crypto_model,
-+					totem_config->crypto_cipher_type,
-+					totem_config->crypto_hash_type);
-+		} else {
-+			icmap_set_string("config.reload_error_message", "Failed to set knet crypto");
-+		}
- 	}
- 	return (res);
- }
-diff --git a/tools/corosync-cfgtool.c b/tools/corosync-cfgtool.c
-index d04d5bea..d35f6d90 100644
--- a/tools/corosync-cfgtool.c
-+++ b/tools/corosync-cfgtool.c
-@@ -332,6 +332,33 @@ nodestatusget_do (enum user_action action, int brief)
- 	return rc;
- }
- 
-+
-+static int check_for_reload_errors(void)
-+{
-+	cmap_handle_t cmap_handle;
-+	cs_error_t result;
-+	char *str;
-+	int res;
-+
-+	result = cmap_initialize (&cmap_handle);
-+	if (result != CS_OK) {
-+		fprintf (stderr, "Could not initialize corosync cmap API error %d\n", result);
-+		exit (EXIT_FAILURE);
-+	}
-+
-+	result = cmap_get_string(cmap_handle, "config.reload_error_message", &str);
-+	if (result == CS_OK) {
-+		printf("ERROR from reload: %s - see syslog for more information\n", str);
-+		free(str);
-+		res = 1;
-+	}
-+	else {
-+		res = 0;
-+	}
-+	cmap_finalize(cmap_handle);
-+	return res;
-+}
-+
- static int reload_config_do (void)
- {
- 	cs_error_t result;
-@@ -358,6 +385,10 @@ static int reload_config_do (void)
- 
- 	(void)corosync_cfg_finalize (handle);
- 
-+	if ((rc = check_for_reload_errors())) {
-+		fprintf(stderr, "Errors in appying config, corosync.conf might not match the running system\n");
-+	}
-+
- 	return (rc);
- }
- 
-- 
-2.39.3
-
--- a/corosync.spec
+++ b/corosync.spec
@ -17,14 +17,12 @@

 Name: corosync
 Summary: The Corosync Cluster Engine and Application Programming Interfaces
-Version: 3.1.8
-Release: 2%{?gitver}%{?dist}
+Version: 3.1.9
+Release: 1%{?gitver}%{?dist}
 License: BSD
 URL: http://corosync.github.io/corosync/
 Source0: http://build.clusterlabs.org/corosync/releases/%{name}-%{version}%{?gittarver}.tar.gz

-Patch0: RHEL-24163-1-Report-crypto-errors-back-to-cfg-reload.patch
-
 # Runtime bits
 # The automatic dependency overridden in favor of explicit version lock
 Requires: corosynclib%{?_isa} = %{version}-%{release}
@ -74,8 +72,6 @@ BuildRequires: make
 %prep
 %setup -q -n %{name}-%{version}%{?gittarver}

-%patch0 -p1 -b .RHEL-24163-1
-
 %build
 %if %{with runautogen}
 ./autogen.sh
@ -120,7 +116,7 @@ BuildRequires: make

 %if %{with dbus}
 mkdir -p -m 0700 %{buildroot}/%{_sysconfdir}/dbus-1/system.d
-install -m 644 %{_builddir}/%{name}-%{version}%{?gittarver}/conf/corosync-signals.conf %{buildroot}/%{_sysconfdir}/dbus-1/system.d/corosync-signals.conf
+install -m 644 %{_builddir}/%{name}-%{version}%{?gittarver}/conf/corosync-signals.conf %{buildroot}/%{_datadir}/dbus-1/system.d/corosync-signals.conf
 %endif

 ## tree fixup
@ -189,7 +185,7 @@ fi
 %config(noreplace) %{_sysconfdir}/sysconfig/corosync
 %config(noreplace) %{_sysconfdir}/logrotate.d/corosync
 %if %{with dbus}
-%{_sysconfdir}/dbus-1/system.d/corosync-signals.conf
+%{_datadir}/dbus-1/system.d/corosync-signals.conf
 %endif
 %if %{with snmp}
 %{_datadir}/snmp/mibs/COROSYNC-MIB.txt
@ -293,6 +289,11 @@ network splits)
 %endif

 %changelog
+* Fri Nov 15 2024 Jan Friesse <jfriesse@redhat.com> - 3.1.9-1
+- Resolves: RHEL-65699
+
+- New upstream release (RHEL-65699)
+
 * Tue May 21 2024 Jan Friesse <jfriesse@redhat.com> - 3.1.8-2
 - Resolves: RHEL-24163

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (corosync-3.1.8.tar.gz) = 6325ae39bada33dbc0c85eb07d137af78235a1c0f8a4d1f90a20088e011bff65263903e5688956256ddfb58daec45f6d96c04624ff320be0c00ec36aa5d568f8
+SHA512 (corosync-3.1.9.tar.gz) = d5332c65535dd40e3bee48912ebf2e71c55380b3dba93c36ff8b74090edf3ec44b69685cd11fda3732e4b0dab0b2954f08be94d772fcff6aaf9a4a846ef2e4cc