- fence_aws: add skip_os_shutdown parameter

Resolves: RHEL-109814
2025-08-21 09:21:29 +02:00 · 2025-08-21 09:21:29 +02:00 · d96e9a88fd
commit d96e9a88fd
parent 4d46b33394
3 changed files with 132 additions and 1 deletions
--- a/RHEL-109814-1-fence_aws-add-skipshutdown-parameter.patch
+++ b/RHEL-109814-1-fence_aws-add-skipshutdown-parameter.patch
@ -0,0 +1,92 @@
+From 5cf006ffa3a948ccded3a55c15669f1d5efef5f5 Mon Sep 17 00:00:00 2001
+From: gguifelixamz <45173771+gguifelixamz@users.noreply.github.com>
+Date: Tue, 19 Aug 2025 02:04:53 -0700
+Subject: [PATCH] fence_aws: Add new skip_os_shutdown flag (#632)
+
+---
+ agents/aws/fence_aws.py           | 29 ++++++++++++++++++++++++++---
+ tests/data/metadata/fence_aws.xml |  5 +++++
+ 2 files changed, 31 insertions(+), 3 deletions(-)
+
+diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py
+index 5459a06c4..cddca4580 100644
+--- a/agents/aws/fence_aws.py
+++ b/agents/aws/fence_aws.py
+@@ -12,7 +12,7 @@
+ import requests
+ import boto3
+ from requests import HTTPError
+-from botocore.exceptions import ConnectionError, ClientError, EndpointConnectionError, NoRegionError
+from botocore.exceptions import ConnectionError, ClientError, EndpointConnectionError, NoRegionError, ParamValidationError
+ 
+ logger = logging.getLogger()
+ logger.propagate = False
+@@ -120,14 +120,28 @@ def get_self_power_status(conn, instance_id):
+ def set_power_status(conn, options):
+ 	my_instance = get_instance_id(options)
+ 	try:
+		if options.get("--skip-os-shutdown", "false").lower() in ["1", "yes", "on", "true"]:
+			shutdown_option = {
+				"SkipOsShutdown": True,
+				"Force": True
+			}
+		else:
+			shutdown_option = {
+				"SkipOsShutdown": False,
+				"Force": True
+			}
+ 		if (options["--action"]=="off"):
+ 			if "--skip-race-check" in options or get_self_power_status(conn,my_instance) == "ok":
+-				conn.instances.filter(InstanceIds=[options["--plug"]]).stop(Force=True)
+				conn.instances.filter(InstanceIds=[options["--plug"]]).stop(**shutdown_option)
+ 				logger.debug("Called StopInstance API call for %s", options["--plug"])
+ 			else:
+ 				logger.debug("Skipping fencing as instance is not in running status")
+ 		elif (options["--action"]=="on"):
+ 			conn.instances.filter(InstanceIds=[options["--plug"]]).start()
+	except ParamValidationError:
+		if (options["--action"] == "off"):
+			logger.warning(f"SkipOsShutdown not supported with the current boto3 version {boto3.__version__} - falling back to graceful shutdown")
+			conn.instances.filter(InstanceIds=[options["--plug"]]).stop(Force=True)
+ 	except Exception as e:
+ 		logger.debug("Failed to power %s %s: %s", \
+ 				options["--action"], options["--plug"], e)
+@@ -183,12 +197,21 @@ def define_new_opts():
+ 		"required": "0",
+ 		"order": 7
+ 	}
+	all_opt["skip_os_shutdown"] = {
+		"getopt" : ":",
+		"longopt" : "skip-os-shutdown",
+		"help" : "--skip-os-shutdown=[true|false]    Uses SkipOsShutdown flag",
+		"shortdesc" : "Use SkipOsShutdown flag to stop the EC2 instance",
+		"required" : "0",
+		"default" : "false",
+		"order" : 8
+	}
+ 
+ # Main agent method
+ def main():
+ 	conn = None
+ 
+-	device_opt = ["port", "no_password", "region", "access_key", "secret_key", "filter", "boto3_debug", "skip_race_check"]
+	device_opt = ["port", "no_password", "region", "access_key", "secret_key", "filter", "boto3_debug", "skip_race_check", "skip_os_shutdown"]
+ 
+ 	atexit.register(atexit_handler)
+ 
+diff --git a/tests/data/metadata/fence_aws.xml b/tests/data/metadata/fence_aws.xml
+index ad471c797..c53873bbe 100644
+--- a/tests/data/metadata/fence_aws.xml
+++ b/tests/data/metadata/fence_aws.xml
+@@ -51,6 +51,11 @@ For instructions see: https://boto3.readthedocs.io/en/latest/guide/quickstart.ht
+ 		<content type="boolean"  />
+ 		<shortdesc lang="en">Skip race condition check</shortdesc>
+ 	</parameter>
+	<parameter name="skip_os_shutdown" unique="0" required="0">
+		<getopt mixed="--skip-os-shutdown=[true|false]" />
+		<content type="string" default="false"  />
+		<shortdesc lang="en">Use SkipOsShutdown flag to stop the EC2 instance</shortdesc>
+	</parameter>
+ 	<parameter name="quiet" unique="0" required="0">
+ 		<getopt mixed="-q, --quiet" />
+ 		<content type="boolean"  />
--- a/RHEL-109814-2-botocore-add-SkipOsShutdown.patch
+++ b/RHEL-109814-2-botocore-add-SkipOsShutdown.patch
@ -0,0 +1,31 @@
+diff -uNr a/aws/botocore/data/ec2/2016-11-15/service-2.json b/aws/botocore/data/ec2/2016-11-15/service-2.json
+--- a/aws/botocore/data/ec2/2016-11-15/service-2.json	2025-08-19 11:21:50.328630448 +0200
+++ b/aws/botocore/data/ec2/2016-11-15/service-2.json	2025-08-19 11:25:37.767261040 +0200
+@@ -45844,7 +45844,11 @@
+         },
+         "Hibernate":{
+           "shape":"Boolean",
+-          "documentation":"<p>Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html\">Hibernate your instance</a> in the <i>Amazon EC2 User Guide</i>.</p> <p> Default: <code>false</code> </p>"
+          "documentation":"<p>Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html\">Hibernate your Amazon EC2 instance</a> in the <i>Amazon EC2 User Guide</i>.</p> <p> Default: <code>false</code> </p>"
+        },
+        "SkipOsShutdown":{
+          "shape":"Boolean",
+          "documentation":"<p>Specifies whether to bypass the graceful OS shutdown process when the instance is stopped.</p> <important> <p>Bypassing the graceful OS shutdown might result in data loss or corruption (for example, memory contents not flushed to disk or loss of in-flight IOs) or skipped shutdown scripts.</p> </important> <p>Default: <code>false</code> </p>"
+         },
+         "DryRun":{
+           "shape":"Boolean",
+@@ -46648,6 +46652,14 @@
+           "documentation":"<p>The IDs of the instances.</p> <p>Constraints: Up to 1000 instance IDs. We recommend breaking up this request into smaller batches.</p>",
+           "locationName":"InstanceId"
+         },
+        "Force":{
+          "shape":"Boolean",
+          "documentation":"<p>Forces the instances to terminate. The instance will first attempt a graceful shutdown, which includes flushing file system caches and metadata. If the graceful shutdown fails to complete within the timeout period, the instance shuts down forcibly without flushing the file system caches and metadata.</p>"
+        },
+        "SkipOsShutdown":{
+          "shape":"Boolean",
+          "documentation":"<p>Specifies whether to bypass the graceful OS shutdown process when the instance is terminated.</p> <p>Default: <code>false</code> </p>"
+        },
+         "DryRun":{
+           "shape":"Boolean",
+           "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>",
--- a/fence-agents.spec
+++ b/fence-agents.spec
@ -87,7 +87,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.2.1
-Release: 129%{?alphatag:.%{alphatag}}%{?dist}.13
+Release: 129%{?alphatag:.%{alphatag}}%{?dist}.14
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Base
 URL: https://github.com/ClusterLabs/fence-agents
@ -318,6 +318,7 @@ Patch145: RHEL-76492-fence_azure_arm-use-azure-identity.patch
 Patch146: RHEL-65025-fence_ibm_powervs-add-private-endpoint-and-token-file-support.patch
 Patch147: RHEL-99338-fence_aliyun-update.patch
 Patch148: RHEL-107506-fence_ibm_vpc-add-apikey-file-support.patch
+Patch149: RHEL-109814-1-fence_aws-add-skipshutdown-parameter.patch

 ### HA support libs/utils ###
 # all archs
@ -331,6 +332,7 @@ Patch1005: RHEL-104741-1-kubevirt-fix-bundled-requests-CVE-2024-47081.patch
 Patch2000: bz2218234-2-aws-fix-bundled-dateutil-CVE-2007-4559.patch
 Patch2001: RHEL-43568-2-aws-fix-bundled-urllib3-CVE-2024-37891.patch
 Patch2002: RHEL-104741-2-aliyun-aws-azure-fix-bundled-requests-CVE-2024-47081.patch
+Patch2003: RHEL-109814-2-botocore-add-SkipOsShutdown.patch

 %if 0%{?fedora} || 0%{?rhel} > 7
 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
@ -557,6 +559,7 @@ BuildRequires: python3-google-api-client python3-pip python3-wheel python3-jinja
 %patch -p1 -P 146
 %patch -p1 -P 147
 %patch -p1 -P 148
+%patch -p1 -P 149

 # prevent compilation of something that won't get used anyway
 sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
@ -685,6 +688,7 @@ pushd %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000}
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2001}
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2002}
+/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2003}
 %endif
 popd

@ -1605,6 +1609,10 @@ Fence agent for IBM z/VM over IP.
 %endif

 %changelog
+* Thu Aug 21 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129.14
+- fence_aws: add skip_os_shutdown parameter
+  Resolves: RHEL-109814
+
 * Fri Aug 15 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129.13
 - bundled requests: fix CVE-2024-47081
  Resolves: RHEL-104741