From d96e9a88fddf590c6d0aec874112fd2f90addf04 Mon Sep 17 00:00:00 2001 From: Oyvind Albrigtsen Date: Thu, 21 Aug 2025 09:21:29 +0200 Subject: [PATCH] - fence_aws: add skip_os_shutdown parameter Resolves: RHEL-109814 --- ...fence_aws-add-skipshutdown-parameter.patch | 92 +++++++++++++++++++ ...109814-2-botocore-add-SkipOsShutdown.patch | 31 +++++++ fence-agents.spec | 10 +- 3 files changed, 132 insertions(+), 1 deletion(-) create mode 100644 RHEL-109814-1-fence_aws-add-skipshutdown-parameter.patch create mode 100644 RHEL-109814-2-botocore-add-SkipOsShutdown.patch diff --git a/RHEL-109814-1-fence_aws-add-skipshutdown-parameter.patch b/RHEL-109814-1-fence_aws-add-skipshutdown-parameter.patch new file mode 100644 index 0000000..28a7c43 --- /dev/null +++ b/RHEL-109814-1-fence_aws-add-skipshutdown-parameter.patch @@ -0,0 +1,92 @@ +From 5cf006ffa3a948ccded3a55c15669f1d5efef5f5 Mon Sep 17 00:00:00 2001 +From: gguifelixamz <45173771+gguifelixamz@users.noreply.github.com> +Date: Tue, 19 Aug 2025 02:04:53 -0700 +Subject: [PATCH] fence_aws: Add new skip_os_shutdown flag (#632) + +--- + agents/aws/fence_aws.py | 29 ++++++++++++++++++++++++++--- + tests/data/metadata/fence_aws.xml | 5 +++++ + 2 files changed, 31 insertions(+), 3 deletions(-) + +diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py +index 5459a06c4..cddca4580 100644 +--- a/agents/aws/fence_aws.py ++++ b/agents/aws/fence_aws.py +@@ -12,7 +12,7 @@ + import requests + import boto3 + from requests import HTTPError +-from botocore.exceptions import ConnectionError, ClientError, EndpointConnectionError, NoRegionError ++from botocore.exceptions import ConnectionError, ClientError, EndpointConnectionError, NoRegionError, ParamValidationError + + logger = logging.getLogger() + logger.propagate = False +@@ -120,14 +120,28 @@ def get_self_power_status(conn, instance_id): + def set_power_status(conn, options): + my_instance = get_instance_id(options) + try: ++ if options.get("--skip-os-shutdown", "false").lower() in ["1", "yes", "on", "true"]: ++ shutdown_option = { ++ "SkipOsShutdown": True, ++ "Force": True ++ } ++ else: ++ shutdown_option = { ++ "SkipOsShutdown": False, ++ "Force": True ++ } + if (options["--action"]=="off"): + if "--skip-race-check" in options or get_self_power_status(conn,my_instance) == "ok": +- conn.instances.filter(InstanceIds=[options["--plug"]]).stop(Force=True) ++ conn.instances.filter(InstanceIds=[options["--plug"]]).stop(**shutdown_option) + logger.debug("Called StopInstance API call for %s", options["--plug"]) + else: + logger.debug("Skipping fencing as instance is not in running status") + elif (options["--action"]=="on"): + conn.instances.filter(InstanceIds=[options["--plug"]]).start() ++ except ParamValidationError: ++ if (options["--action"] == "off"): ++ logger.warning(f"SkipOsShutdown not supported with the current boto3 version {boto3.__version__} - falling back to graceful shutdown") ++ conn.instances.filter(InstanceIds=[options["--plug"]]).stop(Force=True) + except Exception as e: + logger.debug("Failed to power %s %s: %s", \ + options["--action"], options["--plug"], e) +@@ -183,12 +197,21 @@ def define_new_opts(): + "required": "0", + "order": 7 + } ++ all_opt["skip_os_shutdown"] = { ++ "getopt" : ":", ++ "longopt" : "skip-os-shutdown", ++ "help" : "--skip-os-shutdown=[true|false] Uses SkipOsShutdown flag", ++ "shortdesc" : "Use SkipOsShutdown flag to stop the EC2 instance", ++ "required" : "0", ++ "default" : "false", ++ "order" : 8 ++ } + + # Main agent method + def main(): + conn = None + +- device_opt = ["port", "no_password", "region", "access_key", "secret_key", "filter", "boto3_debug", "skip_race_check"] ++ device_opt = ["port", "no_password", "region", "access_key", "secret_key", "filter", "boto3_debug", "skip_race_check", "skip_os_shutdown"] + + atexit.register(atexit_handler) + +diff --git a/tests/data/metadata/fence_aws.xml b/tests/data/metadata/fence_aws.xml +index ad471c797..c53873bbe 100644 +--- a/tests/data/metadata/fence_aws.xml ++++ b/tests/data/metadata/fence_aws.xml +@@ -51,6 +51,11 @@ For instructions see: https://boto3.readthedocs.io/en/latest/guide/quickstart.ht + + Skip race condition check + ++ ++ ++ ++ Use SkipOsShutdown flag to stop the EC2 instance ++ + + + diff --git a/RHEL-109814-2-botocore-add-SkipOsShutdown.patch b/RHEL-109814-2-botocore-add-SkipOsShutdown.patch new file mode 100644 index 0000000..81b51a5 --- /dev/null +++ b/RHEL-109814-2-botocore-add-SkipOsShutdown.patch @@ -0,0 +1,31 @@ +diff -uNr a/aws/botocore/data/ec2/2016-11-15/service-2.json b/aws/botocore/data/ec2/2016-11-15/service-2.json +--- a/aws/botocore/data/ec2/2016-11-15/service-2.json 2025-08-19 11:21:50.328630448 +0200 ++++ b/aws/botocore/data/ec2/2016-11-15/service-2.json 2025-08-19 11:25:37.767261040 +0200 +@@ -45844,7 +45844,11 @@ + }, + "Hibernate":{ + "shape":"Boolean", +- "documentation":"

Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see Hibernate your instance in the Amazon EC2 User Guide.

Default: false

" ++ "documentation":"

Hibernates the instance if the instance was enabled for hibernation at launch. If the instance cannot hibernate successfully, a normal shutdown occurs. For more information, see Hibernate your Amazon EC2 instance in the Amazon EC2 User Guide.

Default: false

" ++ }, ++ "SkipOsShutdown":{ ++ "shape":"Boolean", ++ "documentation":"

Specifies whether to bypass the graceful OS shutdown process when the instance is stopped.

Bypassing the graceful OS shutdown might result in data loss or corruption (for example, memory contents not flushed to disk or loss of in-flight IOs) or skipped shutdown scripts.

Default: false

" + }, + "DryRun":{ + "shape":"Boolean", +@@ -46648,6 +46652,14 @@ + "documentation":"

The IDs of the instances.

Constraints: Up to 1000 instance IDs. We recommend breaking up this request into smaller batches.

", + "locationName":"InstanceId" + }, ++ "Force":{ ++ "shape":"Boolean", ++ "documentation":"

Forces the instances to terminate. The instance will first attempt a graceful shutdown, which includes flushing file system caches and metadata. If the graceful shutdown fails to complete within the timeout period, the instance shuts down forcibly without flushing the file system caches and metadata.

" ++ }, ++ "SkipOsShutdown":{ ++ "shape":"Boolean", ++ "documentation":"

Specifies whether to bypass the graceful OS shutdown process when the instance is terminated.

Default: false

" ++ }, + "DryRun":{ + "shape":"Boolean", + "documentation":"

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", diff --git a/fence-agents.spec b/fence-agents.spec index 88548c9..f3196dc 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -87,7 +87,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.2.1 -Release: 129%{?alphatag:.%{alphatag}}%{?dist}.13 +Release: 129%{?alphatag:.%{alphatag}}%{?dist}.14 License: GPLv2+ and LGPLv2+ Group: System Environment/Base URL: https://github.com/ClusterLabs/fence-agents @@ -318,6 +318,7 @@ Patch145: RHEL-76492-fence_azure_arm-use-azure-identity.patch Patch146: RHEL-65025-fence_ibm_powervs-add-private-endpoint-and-token-file-support.patch Patch147: RHEL-99338-fence_aliyun-update.patch Patch148: RHEL-107506-fence_ibm_vpc-add-apikey-file-support.patch +Patch149: RHEL-109814-1-fence_aws-add-skipshutdown-parameter.patch ### HA support libs/utils ### # all archs @@ -331,6 +332,7 @@ Patch1005: RHEL-104741-1-kubevirt-fix-bundled-requests-CVE-2024-47081.patch Patch2000: bz2218234-2-aws-fix-bundled-dateutil-CVE-2007-4559.patch Patch2001: RHEL-43568-2-aws-fix-bundled-urllib3-CVE-2024-37891.patch Patch2002: RHEL-104741-2-aliyun-aws-azure-fix-bundled-requests-CVE-2024-47081.patch +Patch2003: RHEL-109814-2-botocore-add-SkipOsShutdown.patch %if 0%{?fedora} || 0%{?rhel} > 7 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti @@ -557,6 +559,7 @@ BuildRequires: python3-google-api-client python3-pip python3-wheel python3-jinja %patch -p1 -P 146 %patch -p1 -P 147 %patch -p1 -P 148 +%patch -p1 -P 149 # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -685,6 +688,7 @@ pushd %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir} /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000} /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2001} /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2002} +/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2003} %endif popd @@ -1605,6 +1609,10 @@ Fence agent for IBM z/VM over IP. %endif %changelog +* Thu Aug 21 2025 Oyvind Albrigtsen - 4.2.1-129.14 +- fence_aws: add skip_os_shutdown parameter + Resolves: RHEL-109814 + * Fri Aug 15 2025 Oyvind Albrigtsen - 4.2.1-129.13 - bundled requests: fix CVE-2024-47081 Resolves: RHEL-104741