From 35e97c4bc26b607b1fb2203356df6784db1020c2 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 13 Dec 2023 08:53:28 +0000 Subject: [PATCH] import CS fence-agents-4.10.0-55.el9_3 --- SOURCES/bz2000954-2-fence_kubevirt.patch | 2 +- ..._aws-1-add-skip-race-check-parameter.patch | 165 +++++++++++++++++ ...fail-when-power-action-request-fails.patch | 21 +++ ..._scsi-1-detect-devices-in-shared-vgs.patch | 58 ++++++ ...si-2-support-space-separated-devices.patch | 92 ++++++++++ ...30-fence_azure-arm-stack-hub-support.patch | 170 ++++++++++++++++++ ...e-fix-bundled-dateutil-CVE-2007-4559.patch | 50 ++++++ ...t-fix-bundled-dateutil-CVE-2007-4559.patch | 17 ++ ...ibm_powervs-performance-improvements.patch | 150 ++++++++++++++++ ...-fence_ipmilan-fix-typos-in-metadata.patch | 123 +++++++++++++ SPECS/fence-agents.spec | 69 ++++++- 11 files changed, 908 insertions(+), 9 deletions(-) create mode 100644 SOURCES/bz2183162-fence_aws-1-add-skip-race-check-parameter.patch create mode 100644 SOURCES/bz2183162-fence_aws-2-fail-when-power-action-request-fails.patch create mode 100644 SOURCES/bz2187327-fence_scsi-1-detect-devices-in-shared-vgs.patch create mode 100644 SOURCES/bz2187327-fence_scsi-2-support-space-separated-devices.patch create mode 100644 SOURCES/bz2211930-fence_azure-arm-stack-hub-support.patch create mode 100644 SOURCES/bz2217902-1-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch create mode 100644 SOURCES/bz2217902-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch create mode 100644 SOURCES/bz2221643-fence_ibm_powervs-performance-improvements.patch create mode 100644 SOURCES/bz2224267-fence_ipmilan-fix-typos-in-metadata.patch diff --git a/SOURCES/bz2000954-2-fence_kubevirt.patch b/SOURCES/bz2000954-2-fence_kubevirt.patch index f7de84a..44ac751 100644 --- a/SOURCES/bz2000954-2-fence_kubevirt.patch +++ b/SOURCES/bz2000954-2-fence_kubevirt.patch @@ -11,7 +11,7 @@ +from fencing import fail, fail_usage, run_delay, EC_STATUS, EC_FETCH_VM_UUID try: -+ sys.path.insert(0, '/usr/lib/fence-agents/bundled/kubevirt') ++ sys.path.insert(0, '/usr/lib/fence-agents/support/kubevirt') from kubernetes.client.exceptions import ApiException except ImportError: logging.error("Couldn\'t import kubernetes.client.exceptions.ApiException - not found or not accessible") diff --git a/SOURCES/bz2183162-fence_aws-1-add-skip-race-check-parameter.patch b/SOURCES/bz2183162-fence_aws-1-add-skip-race-check-parameter.patch new file mode 100644 index 0000000..254e4ff --- /dev/null +++ b/SOURCES/bz2183162-fence_aws-1-add-skip-race-check-parameter.patch @@ -0,0 +1,165 @@ +From 73fdae1b9da5aa1ba1d371dcc47fe31a4d22bb31 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 30 Mar 2023 12:20:05 +0200 +Subject: [PATCH] fence_aws: fixes to allow running outside of AWS network + +- add --skip-race-check parameter to allow running outside of AWS + network e.g. for openshift +- fixed and improved logging logic +- use --debug-file parameter for file logging +--- + agents/aws/fence_aws.py | 50 ++++++++++++++++++++----------- + tests/data/metadata/fence_aws.xml | 5 ++++ + 2 files changed, 37 insertions(+), 18 deletions(-) + +diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py +index c947bf29c..5d1677144 100644 +--- a/agents/aws/fence_aws.py ++++ b/agents/aws/fence_aws.py +@@ -16,13 +16,13 @@ + except ImportError: + pass + +-logger = logging.getLogger("fence_aws") ++logger = logging.getLogger() + logger.propagate = False + logger.setLevel(logging.INFO) + logger.addHandler(SyslogLibHandler()) + logging.getLogger('botocore.vendored').propagate = False + +-def get_instance_id(): ++def get_instance_id(options): + try: + token = requests.put('http://169.254.169.254/latest/api/token', headers={"X-aws-ec2-metadata-token-ttl-seconds" : "21600"}).content.decode("UTF-8") + r = requests.get('http://169.254.169.254/latest/meta-data/instance-id', headers={"X-aws-ec2-metadata-token" : token}).content.decode("UTF-8") +@@ -30,12 +30,15 @@ def get_instance_id(): + except HTTPError as http_err: + logger.error('HTTP error occurred while trying to access EC2 metadata server: %s', http_err) + except Exception as err: +- logger.error('A fatal error occurred while trying to access EC2 metadata server: %s', err) ++ if "--skip-race-check" not in options: ++ logger.error('A fatal error occurred while trying to access EC2 metadata server: %s', err) ++ else: ++ logger.debug('A fatal error occurred while trying to access EC2 metadata server: %s', err) + return None +- ++ + + def get_nodes_list(conn, options): +- logger.info("Starting monitor operation") ++ logger.debug("Starting monitor operation") + result = {} + try: + if "--filter" in options: +@@ -63,7 +66,7 @@ def get_power_status(conn, options): + try: + instance = conn.instances.filter(Filters=[{"Name": "instance-id", "Values": [options["--plug"]]}]) + state = list(instance)[0].state["Name"] +- logger.info("Status operation for EC2 instance %s returned state: %s",options["--plug"],state.upper()) ++ logger.debug("Status operation for EC2 instance %s returned state: %s",options["--plug"],state.upper()) + if state == "running": + return "on" + elif state == "stopped": +@@ -78,7 +81,7 @@ def get_power_status(conn, options): + except IndexError: + fail(EC_STATUS) + except Exception as e: +- logging.error("Failed to get power status: %s", e) ++ logger.error("Failed to get power status: %s", e) + fail(EC_STATUS) + + def get_self_power_status(conn, instance_id): +@@ -86,10 +89,10 @@ def get_self_power_status(conn, instance_id): + instance = conn.instances.filter(Filters=[{"Name": "instance-id", "Values": [instance_id]}]) + state = list(instance)[0].state["Name"] + if state == "running": +- logging.debug("Captured my (%s) state and it %s - returning OK - Proceeding with fencing",instance_id,state.upper()) ++ logger.debug("Captured my (%s) state and it %s - returning OK - Proceeding with fencing",instance_id,state.upper()) + return "ok" + else: +- logging.debug("Captured my (%s) state it is %s - returning Alert - Unable to fence other nodes",instance_id,state.upper()) ++ logger.debug("Captured my (%s) state it is %s - returning Alert - Unable to fence other nodes",instance_id,state.upper()) + return "alert" + + except ClientError: +@@ -100,18 +103,18 @@ def get_self_power_status(conn, instance_id): + return "fail" + + def set_power_status(conn, options): +- my_instance = get_instance_id() ++ my_instance = get_instance_id(options) + try: + if (options["--action"]=="off"): +- if (get_self_power_status(conn,my_instance) == "ok"): ++ if "--skip-race-check" in options or get_self_power_status(conn,my_instance) == "ok": + conn.instances.filter(InstanceIds=[options["--plug"]]).stop(Force=True) +- logger.info("Called StopInstance API call for %s", options["--plug"]) ++ logger.debug("Called StopInstance API call for %s", options["--plug"]) + else: +- logger.info("Skipping fencing as instance is not in running status") ++ logger.debug("Skipping fencing as instance is not in running status") + elif (options["--action"]=="on"): + conn.instances.filter(InstanceIds=[options["--plug"]]).start() + except Exception as e: +- logger.error("Failed to power %s %s: %s", \ ++ logger.debug("Failed to power %s %s: %s", \ + options["--action"], options["--plug"], e) + + def define_new_opts(): +@@ -156,12 +159,20 @@ def define_new_opts(): + "default": "False", + "order": 6 + } ++ all_opt["skip_race_check"] = { ++ "getopt" : "", ++ "longopt" : "skip-race-check", ++ "help" : "--skip-race-check Skip race condition check", ++ "shortdesc": "Skip race condition check", ++ "required": "0", ++ "order": 7 ++ } + + # Main agent method + def main(): + conn = None + +- device_opt = ["port", "no_password", "region", "access_key", "secret_key", "filter", "boto3_debug"] ++ device_opt = ["port", "no_password", "region", "access_key", "secret_key", "filter", "boto3_debug", "skip_race_check"] + + atexit.register(atexit_handler) + +@@ -183,12 +194,15 @@ def main(): + + run_delay(options) + +- if options.get("--verbose") is not None: +- lh = logging.FileHandler('/var/log/fence_aws_debug.log') ++ if "--debug-file" in options: ++ for handler in logger.handlers: ++ if isinstance(handler, logging.FileHandler): ++ logger.removeHandler(handler) ++ lh = logging.FileHandler(options["--debug-file"]) + logger.addHandler(lh) + lhf = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s') + lh.setFormatter(lhf) +- logger.setLevel(logging.DEBUG) ++ lh.setLevel(logging.DEBUG) + + if options["--boto3_debug"].lower() not in ["1", "yes", "on", "true"]: + boto3.set_stream_logger('boto3',logging.INFO) +diff --git a/tests/data/metadata/fence_aws.xml b/tests/data/metadata/fence_aws.xml +index 76995ecf2..32de4418a 100644 +--- a/tests/data/metadata/fence_aws.xml ++++ b/tests/data/metadata/fence_aws.xml +@@ -46,6 +46,11 @@ For instructions see: https://boto3.readthedocs.io/en/latest/guide/quickstart.ht + + Boto Lib debug + ++ ++ ++ ++ Skip race condition check ++ + + + diff --git a/SOURCES/bz2183162-fence_aws-2-fail-when-power-action-request-fails.patch b/SOURCES/bz2183162-fence_aws-2-fail-when-power-action-request-fails.patch new file mode 100644 index 0000000..63ebe1a --- /dev/null +++ b/SOURCES/bz2183162-fence_aws-2-fail-when-power-action-request-fails.patch @@ -0,0 +1,21 @@ +From a2e2432cfec0af9a8a90f9d7fed18759da6f9b0c Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 13 Apr 2023 10:14:31 +0200 +Subject: [PATCH] fence_aws: fail when power action request fails + +--- + agents/aws/fence_aws.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py +index 5d1677144..0a375bbec 100644 +--- a/agents/aws/fence_aws.py ++++ b/agents/aws/fence_aws.py +@@ -116,6 +116,7 @@ def set_power_status(conn, options): + except Exception as e: + logger.debug("Failed to power %s %s: %s", \ + options["--action"], options["--plug"], e) ++ fail(EC_STATUS) + + def define_new_opts(): + all_opt["region"] = { diff --git a/SOURCES/bz2187327-fence_scsi-1-detect-devices-in-shared-vgs.patch b/SOURCES/bz2187327-fence_scsi-1-detect-devices-in-shared-vgs.patch new file mode 100644 index 0000000..c3f953d --- /dev/null +++ b/SOURCES/bz2187327-fence_scsi-1-detect-devices-in-shared-vgs.patch @@ -0,0 +1,58 @@ +From 4661b6f625c57a728ec58023da89ba378d4d1c27 Mon Sep 17 00:00:00 2001 +From: Arslan Ahmad +Date: Mon, 17 Apr 2023 15:59:49 +0530 +Subject: [PATCH] fence_scsi: Automatically detect devices for shared VGs + +Currently, if no devices option is given, fence_scsi automatically +builds a device list containing all LVM PVs that back VGs with the +clustered ('c') bit set. With this commit, fence_scsi will also consider +VGs with the shared ('s') bit set. + +Additionally, the existing check is too broad. We should consider a +volume group to be clustered or shared only if the 6th bit is set to 'c' +or 's'. This way, we can avoid false positives. + +Closes RHBZ#2187327 +Closes RHBZ#2187329 +--- + agents/scsi/fence_scsi.py | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py +index 85e4f29e6..3de4ba0b2 100644 +--- a/agents/scsi/fence_scsi.py ++++ b/agents/scsi/fence_scsi.py +@@ -314,7 +314,7 @@ def dev_read(fail=True, opt=None): + return devs + + +-def get_clvm_devices(options): ++def get_shared_devices(options): + devs = [] + cmd = options["--vgs-path"] + " " +\ + "--noheadings " +\ +@@ -324,10 +324,11 @@ def get_clvm_devices(options): + "--config 'global { locking_type = 0 } devices { preferred_names = [ \"^/dev/dm\" ] }'" + out = run_cmd(options, cmd) + if out["rc"]: +- fail_usage("Failed: Cannot get clvm devices") +- for line in out["out"].split("\n"): +- if 'c' in line.split(":")[0]: +- devs.append(line.split(":")[1]) ++ fail_usage("Failed: Cannot get shared devices") ++ for line in out["out"].splitlines(): ++ vg_attr, pv_name = line.strip().split(":") ++ if vg_attr[5] in "cs": ++ devs.append(pv_name) + return devs + + +@@ -612,7 +613,7 @@ def main(): + options["--key"] = options["--key"].lstrip('0') + + if not ("--devices" in options and options["--devices"].split(",")): +- options["devices"] = get_clvm_devices(options) ++ options["devices"] = get_shared_devices(options) + else: + options["devices"] = options["--devices"].split(",") + diff --git a/SOURCES/bz2187327-fence_scsi-2-support-space-separated-devices.patch b/SOURCES/bz2187327-fence_scsi-2-support-space-separated-devices.patch new file mode 100644 index 0000000..ab33efc --- /dev/null +++ b/SOURCES/bz2187327-fence_scsi-2-support-space-separated-devices.patch @@ -0,0 +1,92 @@ +From e363e55169a7be1cbeac5568fe2a32692867d4c6 Mon Sep 17 00:00:00 2001 +From: Arslan Ahmad +Date: Thu, 4 May 2023 12:55:41 +0530 +Subject: [PATCH] fence_scsi: Add support for space-separated devices and + update in meta-data + +Currently the devices associated with fence_scsi should be +comma-separated. With this commit, fence_scsi will also work if the +'devices' are space-separated. + +Additionally, this commit includes meta-data update: +1. For fence_scsi: + - The 'devices' parameter is optional if the cluster is configured with +clvm/lvmlock. + - The 'devices' parameter can be comma or space-separated. + +2. For fence_mpath: + - The 'devices' parameter can be comma or space-separated. +--- + agents/mpath/fence_mpath.py | 2 +- + agents/scsi/fence_scsi.py | 8 ++++---- + tests/data/metadata/fence_mpath.xml | 2 +- + tests/data/metadata/fence_scsi.xml | 2 +- + 4 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/agents/mpath/fence_mpath.py b/agents/mpath/fence_mpath.py +index ee81eab3a..6976fee90 100644 +--- a/agents/mpath/fence_mpath.py ++++ b/agents/mpath/fence_mpath.py +@@ -226,7 +226,7 @@ def define_new_opts(): + "help" : "-d, --devices=[devices] List of devices to use for current operation", + "required" : "0", + "shortdesc" : "List of devices to use for current operation. Devices can \ +-be comma-separated list of device-mapper multipath devices (eg. /dev/mapper/3600508b400105df70000e00000ac0000 or /dev/mapper/mpath1). \ ++be comma or space separated list of device-mapper multipath devices (eg. /dev/mapper/3600508b400105df70000e00000ac0000 or /dev/mapper/mpath1). \ + Each device must support SCSI-3 persistent reservations.", + "order": 1 + } +diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py +index 3de4ba0b2..42530ceb5 100644 +--- a/agents/scsi/fence_scsi.py ++++ b/agents/scsi/fence_scsi.py +@@ -350,8 +350,8 @@ def define_new_opts(): + "help" : "-d, --devices=[devices] List of devices to use for current operation", + "required" : "0", + "shortdesc" : "List of devices to use for current operation. Devices can \ +-be comma-separated list of raw devices (eg. /dev/sdc). Each device must support SCSI-3 \ +-persistent reservations.", ++be comma or space separated list of raw devices (eg. /dev/sdc). Each device must support SCSI-3 \ ++persistent reservations. Optional if cluster is configured with clvm or lvmlockd.", + "order": 1 + } + all_opt["nodename"] = { +@@ -612,10 +612,10 @@ def main(): + + options["--key"] = options["--key"].lstrip('0') + +- if not ("--devices" in options and options["--devices"].split(",")): ++ if not ("--devices" in options and [d for d in re.split("\s*,\s*|\s+", options["--devices"].strip()) if d]): + options["devices"] = get_shared_devices(options) + else: +- options["devices"] = options["--devices"].split(",") ++ options["devices"] = [d for d in re.split("\s*,\s*|\s+", options["--devices"].strip()) if d] + + if not options["devices"]: + fail_usage("Failed: No devices found") +diff --git a/tests/data/metadata/fence_mpath.xml b/tests/data/metadata/fence_mpath.xml +index e22d3a1f9..262956dca 100644 +--- a/tests/data/metadata/fence_mpath.xml ++++ b/tests/data/metadata/fence_mpath.xml +@@ -14,7 +14,7 @@ When used as a watchdog device you can define e.g. retry=1, retry-sleep=2 and ve + + + +- List of devices to use for current operation. Devices can be comma-separated list of device-mapper multipath devices (eg. /dev/mapper/3600508b400105df70000e00000ac0000 or /dev/mapper/mpath1). Each device must support SCSI-3 persistent reservations. ++ List of devices to use for current operation. Devices can be comma or space separated list of device-mapper multipath devices (eg. /dev/mapper/3600508b400105df70000e00000ac0000 or /dev/mapper/mpath1). Each device must support SCSI-3 persistent reservations. + + + +diff --git a/tests/data/metadata/fence_scsi.xml b/tests/data/metadata/fence_scsi.xml +index 4fa86189c..facb2f52e 100644 +--- a/tests/data/metadata/fence_scsi.xml ++++ b/tests/data/metadata/fence_scsi.xml +@@ -19,7 +19,7 @@ When used as a watchdog device you can define e.g. retry=1, retry-sleep=2 and ve + + + +- List of devices to use for current operation. Devices can be comma-separated list of raw devices (eg. /dev/sdc). Each device must support SCSI-3 persistent reservations. ++ List of devices to use for current operation. Devices can be comma or space separated list of raw devices (eg. /dev/sdc). Each device must support SCSI-3 persistent reservations. Optional if cluster is configured with clvm or lvmlockd. + + + diff --git a/SOURCES/bz2211930-fence_azure-arm-stack-hub-support.patch b/SOURCES/bz2211930-fence_azure-arm-stack-hub-support.patch new file mode 100644 index 0000000..9afa1cc --- /dev/null +++ b/SOURCES/bz2211930-fence_azure-arm-stack-hub-support.patch @@ -0,0 +1,170 @@ +From 6e0228536d30ca1bd95bfd1628c0247f094ecaa8 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Wed, 2 Mar 2022 13:49:16 +0100 +Subject: [PATCH 1/2] fence_azure_arm: add stack cloud support + +--- + agents/azure_arm/fence_azure_arm.py | 18 ++++++++++++++---- + lib/azure_fence.py.py | 10 ++++++++++ + tests/data/metadata/fence_azure_arm.xml | 10 ++++++++++ + 3 files changed, 34 insertions(+), 4 deletions(-) + +diff --git a/agents/azure_arm/fence_azure_arm.py b/agents/azure_arm/fence_azure_arm.py +index 6908169c8..e3b7c85c7 100755 +--- a/agents/azure_arm/fence_azure_arm.py ++++ b/agents/azure_arm/fence_azure_arm.py +@@ -183,20 +183,30 @@ def define_new_opts(): + "getopt" : ":", + "longopt" : "cloud", + "help" : "--cloud=[name] Name of the cloud you want to use. Supported\n\ +- values are china, germany or usgov. Do not use\n\ +- this parameter if you want to use public\n\ +- Azure.", ++ values are china, germany, usgov, or stack. Do\n\ ++ not use this parameter if you want to use\n\ ++ public Azure.", + "shortdesc" : "Name of the cloud you want to use.", + "required" : "0", + "order" : 7 + } ++ all_opt["metadata-endpoint"] = { ++ "getopt" : ":", ++ "longopt" : "metadata-endpoint", ++ "help" : "--metadata-endpoint=[URL] URL to metadata endpoint (used when cloud=stack).", ++ "shortdesc" : "URL to metadata endpoint (used when cloud=stack).", ++ "required" : "0", ++ "order" : 8 ++ } + + # Main agent method + def main(): + compute_client = None + network_client = None + +- device_opt = ["login", "no_login", "no_password", "passwd", "port", "resourceGroup", "tenantId", "subscriptionId", "network-fencing", "msi", "cloud"] ++ device_opt = ["login", "no_login", "no_password", "passwd", "port", ++ "resourceGroup", "tenantId", "subscriptionId", ++ "network-fencing", "msi", "cloud", "metadata-endpoint"] + + atexit.register(atexit_handler) + +diff --git a/lib/azure_fence.py.py b/lib/azure_fence.py.py +index 5ca71eb42..6f1eee5b9 100644 +--- a/lib/azure_fence.py.py ++++ b/lib/azure_fence.py.py +@@ -251,6 +251,7 @@ def get_azure_config(options): + config.VMName = options.get("--plug") + config.SubscriptionId = options.get("--subscriptionId") + config.Cloud = options.get("--cloud") ++ config.MetadataEndpoint = options.get("--metadata-endpoint") + config.UseMSI = "--msi" in options + config.Tenantid = options.get("--tenantId") + config.ApplicationId = options.get("--username") +@@ -279,6 +280,9 @@ def get_azure_cloud_environment(config): + elif (config.Cloud.lower() == "usgov"): + from msrestazure.azure_cloud import AZURE_US_GOV_CLOUD + cloud_environment = AZURE_US_GOV_CLOUD ++ elif (config.Cloud.lower() == "stack"): ++ from msrestazure.azure_cloud import get_cloud_from_metadata_endpoint ++ cloud_environment = get_cloud_from_metadata_endpoint(config.MetadataEndpoint) + + return cloud_environment + +@@ -345,6 +349,9 @@ def get_azure_compute_client(config): + credentials = get_azure_credentials(config) + + if cloud_environment: ++ if (config.Cloud.lower() == "stack") and not config.MetadataEndpoint: ++ fail_usage("metadata-endpoint not specified") ++ + try: + compute_client = ComputeManagementClient( + credentials, +@@ -372,6 +379,9 @@ def get_azure_network_client(config): + credentials = get_azure_credentials(config) + + if cloud_environment: ++ if (config.Cloud.lower() == "stack") and not config.MetadataEndpoint: ++ fail_usage("metadata-endpoint not specified") ++ + try: + network_client = NetworkManagementClient( + credentials, +diff --git a/tests/data/metadata/fence_azure_arm.xml b/tests/data/metadata/fence_azure_arm.xml +index c6e1f203b..8b7450762 100644 +--- a/tests/data/metadata/fence_azure_arm.xml ++++ b/tests/data/metadata/fence_azure_arm.xml +@@ -98,6 +98,16 @@ When using network fencing the reboot-action will cause a quick-return once the + + Name of the cloud you want to use. + ++ ++ ++ ++ URL to metadata endpoint (used when cloud=stack). ++ ++ ++ ++ ++ URL to metadata endpoint (used when cloud=stack). ++ + + + + +From 9087760db005abfd9b3e07319846232214d8dae2 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 16 Jun 2023 16:03:11 +0200 +Subject: [PATCH 2/2] azure_fence: use correct credential_scope and profile for + stack hub + +--- + lib/azure_fence.py.py | 20 ++++++++++++++++++-- + 1 file changed, 18 insertions(+), 2 deletions(-) + +diff --git a/lib/azure_fence.py.py b/lib/azure_fence.py.py +index 6f1eee5b9..ab40b483a 100644 +--- a/lib/azure_fence.py.py ++++ b/lib/azure_fence.py.py +@@ -353,11 +353,19 @@ def get_azure_compute_client(config): + fail_usage("metadata-endpoint not specified") + + try: ++ from azure.profiles import KnownProfiles ++ if (config.Cloud.lower() == "stack"): ++ client_profile = KnownProfiles.v2020_09_01_hybrid ++ credential_scope = cloud_environment.endpoints.active_directory_resource_id + "/.default" ++ else: ++ client_profile = KnownProfiles.default ++ credential_scope = cloud_environment.endpoints.resource_manager + "/.default" + compute_client = ComputeManagementClient( + credentials, + config.SubscriptionId, + base_url=cloud_environment.endpoints.resource_manager, +- credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"] ++ profile=client_profile, ++ credential_scopes=[credential_scope], + ) + except TypeError: + compute_client = ComputeManagementClient( +@@ -383,11 +391,19 @@ def get_azure_network_client(config): + fail_usage("metadata-endpoint not specified") + + try: ++ from azure.profiles import KnownProfiles ++ if (config.Cloud.lower() == "stack"): ++ client_profile = KnownProfiles.v2020_09_01_hybrid ++ credential_scope = cloud_environment.endpoints.active_directory_resource_id + "/.default" ++ else: ++ client_profile = KnownProfiles.default ++ credential_scope = cloud_environment.endpoints.resource_manager + "/.default" + network_client = NetworkManagementClient( + credentials, + config.SubscriptionId, + base_url=cloud_environment.endpoints.resource_manager, +- credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"] ++ profile=client_profile, ++ credential_scopes=[credential_scope], + ) + except TypeError: + network_client = NetworkManagementClient( diff --git a/SOURCES/bz2217902-1-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch b/SOURCES/bz2217902-1-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch new file mode 100644 index 0000000..9706cec --- /dev/null +++ b/SOURCES/bz2217902-1-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch @@ -0,0 +1,50 @@ +--- a/aws/dateutil/zoneinfo/rebuild.py 2023-01-26 16:29:30.000000000 +0100 ++++ b/aws/dateutil/zoneinfo/rebuild.py 2023-07-19 10:12:42.277559948 +0200 +@@ -21,7 +21,12 @@ + try: + with TarFile.open(filename) as tf: + for name in zonegroups: +- tf.extract(name, tmpdir) ++ if hasattr(tarfile, 'data_filter'): ++ # Python with CVE-2007-4559 mitigation (PEP 706) ++ tf.extract(name, tmpdir, filter='data') ++ else: ++ # Fallback to a possibly dangerous extraction (before PEP 706) ++ tf.extract(name, tmpdir) + filepaths = [os.path.join(tmpdir, n) for n in zonegroups] + + _run_zic(zonedir, filepaths) + +--- a/awscli/dateutil/zoneinfo/rebuild.py 2023-01-26 16:29:30.000000000 +0100 ++++ b/awscli/dateutil/zoneinfo/rebuild.py 2023-07-19 10:12:42.277559948 +0200 +@@ -21,7 +21,12 @@ + try: + with TarFile.open(filename) as tf: + for name in zonegroups: +- tf.extract(name, tmpdir) ++ if hasattr(tarfile, 'data_filter'): ++ # Python with CVE-2007-4559 mitigation (PEP 706) ++ tf.extract(name, tmpdir, filter='data') ++ else: ++ # Fallback to a possibly dangerous extraction (before PEP 706) ++ tf.extract(name, tmpdir) + filepaths = [os.path.join(tmpdir, n) for n in zonegroups] + + _run_zic(zonedir, filepaths) + +--- a/azure/dateutil/zoneinfo/rebuild.py 2023-01-26 16:29:30.000000000 +0100 ++++ b/azure/dateutil/zoneinfo/rebuild.py 2023-07-19 10:12:42.277559948 +0200 +@@ -21,7 +21,12 @@ + try: + with TarFile.open(filename) as tf: + for name in zonegroups: +- tf.extract(name, tmpdir) ++ if hasattr(tarfile, 'data_filter'): ++ # Python with CVE-2007-4559 mitigation (PEP 706) ++ tf.extract(name, tmpdir, filter='data') ++ else: ++ # Fallback to a possibly dangerous extraction (before PEP 706) ++ tf.extract(name, tmpdir) + filepaths = [os.path.join(tmpdir, n) for n in zonegroups] + + _run_zic(zonedir, filepaths) diff --git a/SOURCES/bz2217902-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch b/SOURCES/bz2217902-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch new file mode 100644 index 0000000..97707a5 --- /dev/null +++ b/SOURCES/bz2217902-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch @@ -0,0 +1,17 @@ +--- a/kubevirt/dateutil/zoneinfo/rebuild.py 2023-01-26 16:29:30.000000000 +0100 ++++ b/kubevirt/dateutil/zoneinfo/rebuild.py 2023-07-19 10:12:42.277559948 +0200 +@@ -21,7 +21,12 @@ + try: + with TarFile.open(filename) as tf: + for name in zonegroups: +- tf.extract(name, tmpdir) ++ if hasattr(tarfile, 'data_filter'): ++ # Python with CVE-2007-4559 mitigation (PEP 706) ++ tf.extract(name, tmpdir, filter='data') ++ else: ++ # Fallback to a possibly dangerous extraction (before PEP 706) ++ tf.extract(name, tmpdir) + filepaths = [os.path.join(tmpdir, n) for n in zonegroups] + + _run_zic(zonedir, filepaths) + diff --git a/SOURCES/bz2221643-fence_ibm_powervs-performance-improvements.patch b/SOURCES/bz2221643-fence_ibm_powervs-performance-improvements.patch new file mode 100644 index 0000000..c232a3c --- /dev/null +++ b/SOURCES/bz2221643-fence_ibm_powervs-performance-improvements.patch @@ -0,0 +1,150 @@ +From 22935608247816be0ccec85fc590f19b509f3614 Mon Sep 17 00:00:00 2001 +From: Andreas Schauberer <74912604+andscha@users.noreply.github.com> +Date: Thu, 15 Jun 2023 16:34:13 +0200 +Subject: [PATCH 1/3] fence_ibm_powervs: improved performance + +fence_ibm_powervs: improved performance +- improved performance using less power-iaas.cloud.ibm.com API calls +- add support for reboot_cycle, method to fence (onoff|cycle) (Default: onoff) + +Addressed comments by oalbrigt in ClusterLabs #PR542 +- you can use if options["--verbose-level"] > 1: to only print it when -vv or more or verbose_level is set to 2 or higher. +- Removed all_opt["method"] defaults +--- + agents/ibm_powervs/fence_ibm_powervs.py | 70 ++++++++++++++++++------- + 1 file changed, 51 insertions(+), 19 deletions(-) + +diff --git a/agents/ibm_powervs/fence_ibm_powervs.py b/agents/ibm_powervs/fence_ibm_powervs.py +index 183893616..e65462cb9 100755 +--- a/agents/ibm_powervs/fence_ibm_powervs.py ++++ b/agents/ibm_powervs/fence_ibm_powervs.py +@@ -12,6 +12,8 @@ + state = { + "ACTIVE": "on", + "SHUTOFF": "off", ++ "HARD_REBOOT": "on", ++ "SOFT_REBOOT": "on", + "ERROR": "unknown" + } + +@@ -37,21 +39,30 @@ def get_list(conn, options): + return outlets + + for r in res["pvmInstances"]: +- if "--verbose" in options: ++ if options["--verbose-level"] > 1: + logging.debug(json.dumps(r, indent=2)) + outlets[r["pvmInstanceID"]] = (r["serverName"], state[r["status"]]) + + return outlets + + def get_power_status(conn, options): ++ outlets = {} ++ logging.debug("Info: getting power status for LPAR " + options["--plug"] + " instance " + options["--instance"]) + try: + command = "cloud-instances/{}/pvm-instances/{}".format( + options["--instance"], options["--plug"]) + res = send_command(conn, command) +- result = get_list(conn, options)[options["--plug"]][1] ++ outlets[res["pvmInstanceID"]] = (res["serverName"], state[res["status"]]) ++ if options["--verbose-level"] > 1: ++ logging.debug(json.dumps(res, indent=2)) ++ result = outlets[options["--plug"]][1] ++ logging.debug("Info: Status: {}".format(result)) + except KeyError as e: +- logging.debug("Failed: Unable to get status for {}".format(e)) +- fail(EC_STATUS) ++ try: ++ result = get_list(conn, options)[options["--plug"]][1] ++ except KeyError as ex: ++ logging.debug("Failed: Unable to get status for {}".format(ex)) ++ fail(EC_STATUS) + + return result + +@@ -61,6 +72,7 @@ def set_power_status(conn, options): + "off" : '{"action" : "immediate-shutdown"}', + }[options["--action"]] + ++ logging.debug("Info: set power status to " + options["--action"] + " for LPAR " + options["--plug"] + " instance " + options["--instance"]) + try: + send_command(conn, "cloud-instances/{}/pvm-instances/{}/action".format( + options["--instance"], options["--plug"]), "POST", action) +@@ -68,6 +80,25 @@ def set_power_status(conn, options): + logging.debug("Failed: Unable to set power to {} for {}".format(options["--action"], e)) + fail(EC_STATUS) + ++def reboot_cycle(conn, options): ++ action = { ++ "reboot" : '{"action" : "hard-reboot"}', ++ }[options["--action"]] ++ ++ logging.debug("Info: start reboot cycle with action " + options["--action"] + " for LPAR " + options["--plug"] + " instance " + options["--instance"]) ++ try: ++ send_command(conn, "cloud-instances/{}/pvm-instances/{}/action".format( ++ options["--instance"], options["--plug"]), "POST", action) ++ except Exception as e: ++ result = get_power_status(conn, options) ++ logging.debug("Info: Status {}".format(result)) ++ if result == "off": ++ return True ++ else: ++ logging.debug("Failed: Unable to cycle with {} for {}".format(options["--action"], e)) ++ fail(EC_STATUS) ++ return True ++ + def connect(opt, token): + conn = pycurl.Curl() + +@@ -200,21 +231,21 @@ def define_new_opts(): + "order" : 0 + } + all_opt["api-type"] = { +- "getopt" : ":", +- "longopt" : "api-type", +- "help" : "--api-type=[public|private] API-type: 'public' (default) or 'private'", +- "required" : "0", +- "shortdesc" : "API-type (public|private)", +- "order" : 0 +- } ++ "getopt" : ":", ++ "longopt" : "api-type", ++ "help" : "--api-type=[public|private] API-type: 'public' (default) or 'private'", ++ "required" : "0", ++ "shortdesc" : "API-type (public|private)", ++ "order" : 0 ++ } + all_opt["proxy"] = { +- "getopt" : ":", +- "longopt" : "proxy", +- "help" : "--proxy=[http://:] Proxy: 'http://:'", +- "required" : "0", +- "shortdesc" : "Network proxy", +- "order" : 0 +- } ++ "getopt" : ":", ++ "longopt" : "proxy", ++ "help" : "--proxy=[http://:] Proxy: 'http://:'", ++ "required" : "0", ++ "shortdesc" : "Network proxy", ++ "order" : 0 ++ } + + + def main(): +@@ -227,6 +258,7 @@ def main(): + "proxy", + "port", + "no_password", ++ "method", + ] + + atexit.register(atexit_handler) +@@ -259,7 +291,7 @@ def main(): + conn = connect(options, token) + atexit.register(disconnect, conn) + +- result = fence_action(conn, options, set_power_status, get_power_status, get_list) ++ result = fence_action(conn, options, set_power_status, get_power_status, get_list, reboot_cycle) + + sys.exit(result) diff --git a/SOURCES/bz2224267-fence_ipmilan-fix-typos-in-metadata.patch b/SOURCES/bz2224267-fence_ipmilan-fix-typos-in-metadata.patch new file mode 100644 index 0000000..61342cf --- /dev/null +++ b/SOURCES/bz2224267-fence_ipmilan-fix-typos-in-metadata.patch @@ -0,0 +1,123 @@ +From ddfaa29150d0d6fd8841b3e39fa5e806812542b5 Mon Sep 17 00:00:00 2001 +From: razo7 +Date: Wed, 19 Jul 2023 16:33:01 +0300 +Subject: [PATCH] Fix typo in fence_ipmilan description + +Add spaces in the long description +--- + agents/ipmilan/fence_ipmilan.py | 4 ++-- + tests/data/metadata/fence_idrac.xml | 2 +- + tests/data/metadata/fence_ilo3.xml | 2 +- + tests/data/metadata/fence_ilo4.xml | 2 +- + tests/data/metadata/fence_ilo5.xml | 2 +- + tests/data/metadata/fence_imm.xml | 2 +- + tests/data/metadata/fence_ipmilan.xml | 2 +- + tests/data/metadata/fence_ipmilanplus.xml | 2 +- + 8 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/agents/ipmilan/fence_ipmilan.py b/agents/ipmilan/fence_ipmilan.py +index 0acf977da..91e09ac7d 100644 +--- a/agents/ipmilan/fence_ipmilan.py ++++ b/agents/ipmilan/fence_ipmilan.py +@@ -203,8 +203,8 @@ def main(): + + docs = {} + docs["shortdesc"] = "Fence agent for IPMI" +- docs["longdesc"] = "fence_ipmilan is an I/O Fencing agent\ +-which can be used with machines controlled by IPMI.\ ++ docs["longdesc"] = "fence_ipmilan is an I/O Fencing agent \ ++which can be used with machines controlled by IPMI. \ + This agent calls support software ipmitool (http://ipmitool.sf.net/). \ + WARNING! This fence agent might report success before the node is powered off. \ + You should use -m/method onoff if your fence device works correctly with that option." +diff --git a/tests/data/metadata/fence_idrac.xml b/tests/data/metadata/fence_idrac.xml +index 2d4876493..d1f283e4a 100644 +--- a/tests/data/metadata/fence_idrac.xml ++++ b/tests/data/metadata/fence_idrac.xml +@@ -6,7 +6,7 @@ + + + +-fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. ++fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. + + + +diff --git a/tests/data/metadata/fence_ilo3.xml b/tests/data/metadata/fence_ilo3.xml +index 0567b539c..5aca0211b 100644 +--- a/tests/data/metadata/fence_ilo3.xml ++++ b/tests/data/metadata/fence_ilo3.xml +@@ -6,7 +6,7 @@ + + + +-fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. ++fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. + + + +diff --git a/tests/data/metadata/fence_ilo4.xml b/tests/data/metadata/fence_ilo4.xml +index 647bb1021..3aa001ad2 100644 +--- a/tests/data/metadata/fence_ilo4.xml ++++ b/tests/data/metadata/fence_ilo4.xml +@@ -6,7 +6,7 @@ + + + +-fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. ++fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. + + + +diff --git a/tests/data/metadata/fence_ilo5.xml b/tests/data/metadata/fence_ilo5.xml +index 6c99db22a..262787905 100644 +--- a/tests/data/metadata/fence_ilo5.xml ++++ b/tests/data/metadata/fence_ilo5.xml +@@ -6,7 +6,7 @@ + + + +-fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. ++fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. + + + +diff --git a/tests/data/metadata/fence_imm.xml b/tests/data/metadata/fence_imm.xml +index 5c5bf910f..26f9a76d3 100644 +--- a/tests/data/metadata/fence_imm.xml ++++ b/tests/data/metadata/fence_imm.xml +@@ -6,7 +6,7 @@ + + + +-fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. ++fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. + + + +diff --git a/tests/data/metadata/fence_ipmilan.xml b/tests/data/metadata/fence_ipmilan.xml +index a31afcfd4..daad65a70 100644 +--- a/tests/data/metadata/fence_ipmilan.xml ++++ b/tests/data/metadata/fence_ipmilan.xml +@@ -6,7 +6,7 @@ + + + +-fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. ++fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. + + + +diff --git a/tests/data/metadata/fence_ipmilanplus.xml b/tests/data/metadata/fence_ipmilanplus.xml +index 19c252933..7b678b245 100644 +--- a/tests/data/metadata/fence_ipmilanplus.xml ++++ b/tests/data/metadata/fence_ipmilanplus.xml +@@ -6,7 +6,7 @@ + + + +-fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. ++fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option. + + + diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec index 1cbfbaa..20fe6e2 100644 --- a/SPECS/fence-agents.spec +++ b/SPECS/fence-agents.spec @@ -7,7 +7,6 @@ ## global alphatag git0a6184070 # bundles -%global bundled_lib_dir bundled # azure %global oauthlib oauthlib %global oauthlib_version 3.2.2 @@ -60,7 +59,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 43%{?alphatag:.%{alphatag}}%{?dist} +Release: 55%{?alphatag:.%{alphatag}}%{?dist} License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -231,6 +230,17 @@ Patch36: bz2149655-fence_virtd-update-fence_virt.conf-manpage.patch Patch37: bz2160480-fence_scsi-fix-validate-all.patch Patch38: bz2152107-fencing-1-add-plug_separator.patch Patch39: bz2152107-fencing-2-update-DEPENDENCY_OPT.patch +Patch40: bz2183162-fence_aws-1-add-skip-race-check-parameter.patch +Patch41: bz2183162-fence_aws-2-fail-when-power-action-request-fails.patch +Patch42: bz2187327-fence_scsi-1-detect-devices-in-shared-vgs.patch +Patch43: bz2187327-fence_scsi-2-support-space-separated-devices.patch +Patch44: bz2211930-fence_azure-arm-stack-hub-support.patch +Patch45: bz2221643-fence_ibm_powervs-performance-improvements.patch +Patch46: bz2224267-fence_ipmilan-fix-typos-in-metadata.patch + +### HA support libs/utils ### +Patch1000: bz2217902-1-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch +Patch1001: bz2217902-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti %ifarch x86_64 @@ -381,6 +391,13 @@ BuildRequires: %{systemd_units} %patch37 -p1 %patch38 -p1 %patch39 -p1 +%patch40 -p1 +%patch41 -p1 +%patch42 -p1 +%patch43 -p1 +%patch44 -p1 +%patch45 -p1 +%patch46 -p1 # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -411,6 +428,23 @@ sed -i -e "/^#\!\/Users/c#\!%{__python3}" support/aws/bin/jp support/aliyun/bin/ sed -i -e "/^import awscli.clidriver/isys.path.insert(0, '/usr/lib/%{name}/support/awscli')" support/awscli/bin/aws %endif +# regular patch doesnt work in build-section +# Patch1000 +%ifarch x86_64 +pushd support +/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{_sourcedir}/bz2217902-1-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch +popd +%endif + +# kubevirt +%{__python3} -m pip install --user --no-index --find-links %{_sourcedir} setuptools-scm +%{__python3} -m pip install --target support/kubevirt --no-index --find-links %{_sourcedir} openshift +rm -rf kubevirt/rsa* +# Patch1001 +pushd support +/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{_sourcedir}/bz2217902-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch +popd + ./autogen.sh %{configure} --disable-libvirt-qmf-plugin PYTHONPATH="support/aliyun:support/aws:support/azure:support/google:support/common" \ %if %{defined _tmpfilesdir} @@ -440,11 +474,6 @@ install -m 0644 agents/virt/fence_virtd.service %{buildroot}/%{_unitdir}/ %endif # XXX unsure if /usr/sbin/fence_* should be compiled as well -# kubevirt -%{__python3} -m pip install --user --no-index --find-links %{_sourcedir} setuptools-scm -%{__python3} -m pip install --target %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt --no-index --find-links %{_sourcedir} openshift -rm -rf %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt/rsa* - ## tree fix up # fix libfence permissions chmod 0755 %{buildroot}%{_datadir}/fence/*.py @@ -613,6 +642,7 @@ Support libraries for Fence Agents. %dir %{_usr}/lib/%{name} %{_usr}/lib/%{name}/support %exclude %{_usr}/lib/%{name}/support/common +%exclude %{_usr}/lib/%{name}/support/kubevirt %endif %package all @@ -1148,7 +1178,7 @@ Fence agent for KubeVirt platform. %{_sbindir}/fence_kubevirt %{_mandir}/man8/fence_kubevirt.8* # bundled libraries -/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt +%{_usr}/lib/%{name}/support/kubevirt %package lpar License: GPLv2+ and LGPLv2+ @@ -1447,6 +1477,29 @@ are located on corosync cluster nodes. %endif %changelog +* Thu Aug 3 2023 Oyvind Albrigtsen - 4.10.0-55 +- bundled dateutil: fix tarfile CVE-2007-4559 + Resolves: rhbz#2217902 +- fence_ipmilan: fix typos in metadata + Resolves: rhbz#2224267 + +* Tue Jul 11 2023 Oyvind Albrigtsen - 4.10.0-48 +- fence_ibm_powervs: performance improvements + Resolves: rhbz#2221643 + +* Tue Jun 20 2023 Oyvind Albrigtsen - 4.10.0-47 +- fence_azure_arm: add Stack Hub support + Resolves: rhbz#2211930 + +* Thu May 4 2023 Oyvind Albrigtsen - 4.10.0-46 +- fence_scsi: detect devices in shared VGs + Resolves: rhbz#2187327 + +* Wed May 3 2023 Oyvind Albrigtsen - 4.10.0-45 +- fence_aws: add --skip-race-check parameter to allow running outside + of AWS network + Resolves: rhbz#2183162 + * Thu Jan 26 2023 Oyvind Albrigtsen - 4.10.0-43 - fence_vmware_soap: set login_timeout lower than default pcmk_monitor_timeout (20s) to remove tmp dirs