From 265928130cc838d9147a76795ffb2e2d44e7c05a Mon Sep 17 00:00:00 2001 From: Oyvind Albrigtsen Date: Fri, 11 Feb 2022 15:11:27 +0100 Subject: [PATCH] - fence_zvmip: add SSL/TLS support Resolves: rhbz#2022334 --- bz2022334-fence_zvmip-add-disable-ssl.patch | 98 +++++++++++++++++++++ fence-agents.spec | 12 +-- 2 files changed, 105 insertions(+), 5 deletions(-) create mode 100644 bz2022334-fence_zvmip-add-disable-ssl.patch diff --git a/bz2022334-fence_zvmip-add-disable-ssl.patch b/bz2022334-fence_zvmip-add-disable-ssl.patch new file mode 100644 index 0000000..916391d --- /dev/null +++ b/bz2022334-fence_zvmip-add-disable-ssl.patch @@ -0,0 +1,98 @@ +From 90c4f78e005ca4141039d1dce032b5f2c2ff4783 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 10 Feb 2022 12:22:58 +0100 +Subject: [PATCH 1/2] fencing: add ability to set bool parameters to 0 or false + +--- + lib/fencing.py.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/fencing.py.py b/lib/fencing.py.py +index 55e38c407..696388d55 100644 +--- a/lib/fencing.py.py ++++ b/lib/fencing.py.py +@@ -1502,6 +1502,8 @@ def _parse_input_stdin(avail_opt): + opt["--"+all_opt[name]["longopt"].rstrip(":")] = value + elif value.lower() in ["1", "yes", "on", "true"]: + opt["--"+all_opt[name]["longopt"]] = "1" ++ elif value.lower() in ["0", "no", "off", "false"]: ++ opt["--"+all_opt[name]["longopt"]] = "0" + else: + logging.warning("Parse error: Ignoring option '%s' because it does not have value\n", name) + + +From 249abc8e5620fb1a3d97a0af6db34b1f2cbf3ae5 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 10 Feb 2022 12:27:02 +0100 +Subject: [PATCH 2/2] fence_zvmip: add --disable-ssl + +--- + agents/zvm/fence_zvmip.py | 18 +++++++++++++++++- + tests/data/metadata/fence_zvmip.xml | 7 ++++++- + 2 files changed, 23 insertions(+), 2 deletions(-) + +diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py +index 96021b13e..e8f849eda 100644 +--- a/agents/zvm/fence_zvmip.py ++++ b/agents/zvm/fence_zvmip.py +@@ -156,11 +156,24 @@ def get_list_of_images(options, command, data_as_plug): + conn.close() + return (return_code, reason_code, images) + ++def define_new_opts(): ++ all_opt["disable_ssl"] = { ++ "getopt" : "", ++ "longopt" : "disable-ssl", ++ "help" : "--disable-ssl Don't use SSL connection", ++ "required" : "0", ++ "shortdesc" : "Don't use SSL", ++ "order": 2 ++ } ++ + def main(): + device_opt = ["ipaddr", "login", "passwd", "port", "method", "missing_as_off", +- "inet4_only", "inet6_only", "ssl"] ++ "inet4_only", "inet6_only", "ssl", "disable_ssl"] + + atexit.register(atexit_handler) ++ define_new_opts() ++ ++ all_opt["ssl"]["help"] = "-z, --ssl Use SSL connection with verifying certificate (Default)" + + all_opt["ipport"]["default"] = "44444" + all_opt["shell_timeout"]["default"] = "5" +@@ -168,6 +181,9 @@ def main(): + all_opt["ssl"]["default"] = "1" + options = check_input(device_opt, process_input(device_opt), other_conditions=True) + ++ if "--disable-ssl" in options or options["--ssl"] == "0": ++ del options["--ssl"] ++ + if len(options.get("--plug", "")) > 8: + fail_usage("Failed: Name of image can not be longer than 8 characters") + +diff --git a/tests/data/metadata/fence_zvmip.xml b/tests/data/metadata/fence_zvmip.xml +index f32fc159d..0b7ba4785 100644 +--- a/tests/data/metadata/fence_zvmip.xml ++++ b/tests/data/metadata/fence_zvmip.xml +@@ -94,7 +94,7 @@ to access the system's directory manager. + + + +- Use SSL connection with verifying certificate ++ Use SSL connection with verifying certificate (Default) + + + +@@ -111,6 +111,11 @@ to access the system's directory manager. + + Login name + ++ ++ ++ ++ Don't use SSL ++ + + + diff --git a/fence-agents.spec b/fence-agents.spec index 8117eed..3c514ae 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -59,7 +59,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 17%{?alphatag:.%{alphatag}}%{?dist} +Release: 18%{?alphatag:.%{alphatag}}%{?dist} License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -232,6 +232,7 @@ Patch15: bz2000954-3-fence_kubevirt-get-namespace-from-context.patch Patch16: bz2041933-bz2041935-1-fence_openstack-clouds-openrc.patch Patch17: bz2041933-bz2041935-2-fence_openstack-clouds-openrc.patch Patch18: bz2042496-fence_ibm_vpc-fence_ibm_powervs.patch +Patch19: bz2022334-fence_zvmip-add-disable-ssl.patch %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti %ifarch x86_64 @@ -361,6 +362,7 @@ BuildRequires: %{systemd_units} %patch16 -p1 -F1 %patch17 -p1 %patch18 -p1 +%patch19 -p1 # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -1440,6 +1442,10 @@ are located on corosync cluster nodes. %endif %changelog +* Fri Feb 11 2022 Oyvind Albrigtsen - 4.10.0-18 +- fence_zvmip: add SSL/TLS support + Resolves: rhbz#2022334 + * Mon Feb 7 2022 Oyvind Albrigtsen - 4.10.0-17 - fence_ibm_powervs: new fence agent Resolves: rhbz#2042496 @@ -1461,10 +1467,6 @@ are located on corosync cluster nodes. - fence_amt_ws: fix "or" causing dead code Resolves: rhbz#2010709 -* Thu Nov 11 2021 Oyvind Albrigtsen - 4.10.0-12 -- fence_zvmip: add SSL/TLS support - Resolves: rhbz#2022334 - * Tue Oct 5 2021 Oyvind Albrigtsen - 4.10.0-10 - fence_azure_arm: fix sovereign cloud and MSI support Resolves: rhbz#2010652