From dd1654c7bd06fc6660c444ad4f0e225b24a1cba7 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Wed, 3 Jan 2024 13:55:42 +0100
Subject: [PATCH] - fence_scsi: fix registration handling if ISID conflicts  
 Resolves: RHEL-5397 - fence_zvmip: document required user permissions in
 metadata/manpage   Resolves: RHEL-14343

---
 ...ce_zvmip-1-document-user-permissions.patch |  0
 ...fence_zvmip-2-fix-manpage-formatting.patch | 41 ++++++++
 RHEL-5397-3-fence_scsi-fix-run_cmd.patch      | 84 +++++++++++++++++
 RHEL-5397-4-fence_scsi-log-err.patch          | 22 +++++
 RHEL-5397-fence_scsi-3-fix-run_cmd.patch      | 93 +++++++++++++++++++
 fence-agents.spec                             | 18 ++--
 6 files changed, 251 insertions(+), 7 deletions(-)
 rename RHEL-14343-fence_zvmip-document-user-permissions.patch => RHEL-14343-fence_zvmip-1-document-user-permissions.patch (100%)
 create mode 100644 RHEL-14343-fence_zvmip-2-fix-manpage-formatting.patch
 create mode 100644 RHEL-5397-3-fence_scsi-fix-run_cmd.patch
 create mode 100644 RHEL-5397-4-fence_scsi-log-err.patch
 create mode 100644 RHEL-5397-fence_scsi-3-fix-run_cmd.patch

diff --git a/RHEL-14343-fence_zvmip-document-user-permissions.patch b/RHEL-14343-fence_zvmip-1-document-user-permissions.patch
similarity index 100%
rename from RHEL-14343-fence_zvmip-document-user-permissions.patch
rename to RHEL-14343-fence_zvmip-1-document-user-permissions.patch
diff --git a/RHEL-14343-fence_zvmip-2-fix-manpage-formatting.patch b/RHEL-14343-fence_zvmip-2-fix-manpage-formatting.patch
new file mode 100644
index 0000000..e650b0f
--- /dev/null
+++ b/RHEL-14343-fence_zvmip-2-fix-manpage-formatting.patch
@@ -0,0 +1,41 @@
+From adac1d81c5758235b6df46d0a91f1e948655848a Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Wed, 3 Jan 2024 10:17:50 +0100
+Subject: [PATCH] fence_zvmip: fix manpage formatting
+
+---
+ agents/zvm/fence_zvmip.py | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py
+index f1cea2652..bd8273c49 100644
+--- a/agents/zvm/fence_zvmip.py
++++ b/agents/zvm/fence_zvmip.py
+@@ -210,12 +210,12 @@ def main():
+ The NAMELIST entry assigns all the required functions to one nick and should
+ look similar to this:
+ 
+-:nick.ZVM_FENCE
+-:list.
+-IMAGE_ACTIVATE
+-IMAGE_DEACTIVATE
+-IMAGE_STATUS_QUERY
+-CHECK_AUTHENTICATION
++:nick.ZVM_FENCE\n.br\n\
++:list.\n.br\n\
++IMAGE_ACTIVATE\n.br\n\
++IMAGE_DEACTIVATE\n.br\n\
++IMAGE_STATUS_QUERY\n.br\n\
++CHECK_AUTHENTICATION\n.br\n\
+ IMAGE_NAME_QUERY_DM
+ 
+ 
+@@ -224,7 +224,7 @@ def main():
+ 
+ Column 1                   Column 66                Column 131
+ 
+-|                          |                        |
++|                          |                        |\n.br\n\
+ V                          V                        V
+ 
+ XXXXXXXX                   ALL                      ZVM_FENCE
diff --git a/RHEL-5397-3-fence_scsi-fix-run_cmd.patch b/RHEL-5397-3-fence_scsi-fix-run_cmd.patch
new file mode 100644
index 0000000..396fb7d
--- /dev/null
+++ b/RHEL-5397-3-fence_scsi-fix-run_cmd.patch
@@ -0,0 +1,84 @@
+--- a/agents/scsi/fence_scsi.py 2024-01-03 14:06:10.155417318 +0100
++++ b/agents/scsi/fence_scsi.py 2024-01-03 14:07:40.737369588 +0100
+@@ -84,14 +84,14 @@
+ # check if host is ready to execute actions
+ def do_action_monitor(options):
+ 	# Check if required binaries are installed
+-	if bool(run_cmd(options, options["--sg_persist-path"] + " -V")["err"]):
++	if bool(run_cmd(options, options["--sg_persist-path"] + " -V")["rc"]):
+ 		logging.error("Unable to run " + options["--sg_persist-path"])
+ 		return 1
+-	elif bool(run_cmd(options, options["--sg_turs-path"] + " -V")["err"]):
++	elif bool(run_cmd(options, options["--sg_turs-path"] + " -V")["rc"]):
+ 		logging.error("Unable to run " + options["--sg_turs-path"])
+ 		return 1
+ 	elif ("--devices" not in options and 
+-			bool(run_cmd(options,	options["--vgs-path"] + " --version")["err"])):
++			bool(run_cmd(options, options["--vgs-path"] + " --version")["rc"])):
+ 		logging.error("Unable to run " + options["--vgs-path"])
+ 		return 1
+ 
+@@ -102,11 +102,13 @@
+ 	return 0
+ 
+ 
+-#run command, returns dict, ret["err"] = exit code; ret["out"] = output
++# run command, returns dict, ret["rc"] = exit code; ret["out"] = output;
++# ret["err"] = error
+ def run_cmd(options, cmd):
+ 	ret = {}
+-	(ret["err"], ret["out"], _) = run_command(options, cmd)
++	(ret["rc"], ret["out"], ret["err"]) = run_command(options, cmd)
+ 	ret["out"] = "".join([i for i in ret["out"] if i is not None])
++	ret["err"] = "".join([i for i in ret["err"] if i is not None])
+ 	return ret
+ 
+ 
+@@ -122,11 +124,11 @@
+ def preempt_abort(options, host, dev):
+ 	reset_dev(options,dev)
+ 	cmd = options["--sg_persist-path"] + " -n -o -A -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev
+-	return not bool(run_cmd(options, cmd)["err"])
++	return not bool(run_cmd(options, cmd)["rc"])
+ 
+ 
+ def reset_dev(options, dev):
+-	return run_cmd(options, options["--sg_turs-path"] + " " + dev)["err"]
++	return run_cmd(options, options["--sg_turs-path"] + " " + dev)["rc"]
+ 
+ 
+ def register_dev(options, dev, key):
+@@ -171,13 +173,13 @@
+ 	reset_dev(options, dev)
+ 	cmd = options["--sg_persist-path"] + " -n -o -I -S " + key + " -d " + dev
+ 	cmd += " -Z" if "--aptpl" in options else ""
+-	return not bool(run_cmd(options, cmd)["err"])
++	return not bool(run_cmd(options, cmd)["rc"])
+ 
+ 
+ def reserve_dev(options, dev):
+ 	reset_dev(options,dev)
+ 	cmd = options["--sg_persist-path"] + " -n -o -R -T 5 -K " + options["--key"] + " -d " + dev
+-	return not bool(run_cmd(options, cmd)["err"])
++	return not bool(run_cmd(options, cmd)["rc"])
+ 
+ 
+ def get_reservation_key(options, dev, fail=True):
+@@ -201,7 +203,7 @@
+ 		opts = "-y "
+ 	cmd = options["--sg_persist-path"] + " -n -i " + opts + "-k -d " + dev
+ 	out = run_cmd(options, cmd)
+-	if out["err"]:
++	if out["rc"]:
+ 		fail_usage("Cannot get registration keys", fail)
+ 		if not fail:
+ 			return []
+@@ -319,7 +321,7 @@
+ 	"--options vg_attr,pv_name "+\
+ 	"--config 'global { locking_type = 0 } devices { preferred_names = [ \"^/dev/dm\" ] }'"
+ 	out = run_cmd(options, cmd)
+-	if out["err"]:
++	if out["rc"]:
+ 		fail_usage("Failed: Cannot get shared devices")
+ 	for line in out["out"].splitlines():
+ 		vg_attr, pv_name = line.strip().split(":")
diff --git a/RHEL-5397-4-fence_scsi-log-err.patch b/RHEL-5397-4-fence_scsi-log-err.patch
new file mode 100644
index 0000000..47b7e32
--- /dev/null
+++ b/RHEL-5397-4-fence_scsi-log-err.patch
@@ -0,0 +1,22 @@
+--- a/agents/scsi/fence_scsi.py 2024-01-03 14:15:20.755284113 +0100
++++ b/agents/scsi/fence_scsi.py 2024-01-03 12:32:01.598598127 +0100
+@@ -190,7 +190,8 @@
+ 	cmd = options["--sg_persist-path"] + " -n -i " + opts + "-r -d " + dev
+ 	out = run_cmd(options, cmd)
+ 	if out["rc"] and fail:
+-		fail_usage("Cannot get reservation key")
++		fail_usage('Cannot get reservation key on device "' + dev
++                        + '": ' + out["err"])
+ 	match = re.search(r"\s+key=0x(\S+)\s+", out["out"], re.IGNORECASE)
+ 	return match.group(1) if match else None
+ 
+@@ -204,7 +205,8 @@
+ 	cmd = options["--sg_persist-path"] + " -n -i " + opts + "-k -d " + dev
+ 	out = run_cmd(options, cmd)
+ 	if out["rc"]:
+-		fail_usage("Cannot get registration keys", fail)
++		fail_usage('Cannot get registration keys on device "' + dev
++                        + '": ' + out["err"], fail)
+ 		if not fail:
+ 			return []
+ 	for line in out["out"].split("\n"):
diff --git a/RHEL-5397-fence_scsi-3-fix-run_cmd.patch b/RHEL-5397-fence_scsi-3-fix-run_cmd.patch
new file mode 100644
index 0000000..0bf0833
--- /dev/null
+++ b/RHEL-5397-fence_scsi-3-fix-run_cmd.patch
@@ -0,0 +1,93 @@
+--- fence-agents-4.2.1/agents/scsi/fence_scsi.py.old	2024-01-02 12:22:30.198853290 +0100
++++ fence-agents-4.2.1/agents/scsi/fence_scsi.py	2024-01-02 12:24:35.509549785 +0100
+@@ -84,14 +84,14 @@
+ # check if host is ready to execute actions
+ def do_action_monitor(options):
+ 	# Check if required binaries are installed
+-	if bool(run_cmd(options, options["--sg_persist-path"] + " -V")["err"]):
++	if bool(run_cmd(options, options["--sg_persist-path"] + " -V")["rc"]):
+ 		logging.error("Unable to run " + options["--sg_persist-path"])
+ 		return 1
+-	elif bool(run_cmd(options, options["--sg_turs-path"] + " -V")["err"]):
++	elif bool(run_cmd(options, options["--sg_turs-path"] + " -V")["rc"]):
+ 		logging.error("Unable to run " + options["--sg_turs-path"])
+ 		return 1
+ 	elif ("--devices" not in options and 
+-			bool(run_cmd(options,	options["--vgs-path"] + " --version")["err"])):
++			bool(run_cmd(options, options["--vgs-path"] + " --version")["rc"])):
+ 		logging.error("Unable to run " + options["--vgs-path"])
+ 		return 1
+ 
+@@ -102,11 +102,13 @@
+ 	return 0
+ 
+ 
+-#run command, returns dict, ret["err"] = exit code; ret["out"] = output
++# run command, returns dict, ret["rc"] = exit code; ret["out"] = output;
++# ret["err"] = error
+ def run_cmd(options, cmd):
+ 	ret = {}
+-	(ret["err"], ret["out"], _) = run_command(options, cmd)
++	(ret["rc"], ret["out"], ret["err"]) = run_command(options, cmd)
+ 	ret["out"] = "".join([i for i in ret["out"] if i is not None])
++	ret["err"] = "".join([i for i in ret["err"] if i is not None])
+ 	return ret
+ 
+ 
+@@ -122,11 +124,11 @@
+ def preempt_abort(options, host, dev):
+ 	reset_dev(options,dev)
+ 	cmd = options["--sg_persist-path"] + " -n -o -A -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev
+-	return not bool(run_cmd(options, cmd)["err"])
++	return not bool(run_cmd(options, cmd)["rc"])
+ 
+ 
+ def reset_dev(options, dev):
+-	return run_cmd(options, options["--sg_turs-path"] + " " + dev)["err"]
++	return run_cmd(options, options["--sg_turs-path"] + " " + dev)["rc"]
+ 
+ 
+ def register_dev(options, dev, key):
+@@ -171,13 +173,13 @@
+ 	reset_dev(options, dev)
+ 	cmd = options["--sg_persist-path"] + " -n -o -I -S " + key + " -d " + dev
+ 	cmd += " -Z" if "--aptpl" in options else ""
+-	return not bool(run_cmd(options, cmd)["err"])
++	return not bool(run_cmd(options, cmd)["rc"])
+ 
+ 
+ def reserve_dev(options, dev):
+ 	reset_dev(options,dev)
+ 	cmd = options["--sg_persist-path"] + " -n -o -R -T 5 -K " + options["--key"] + " -d " + dev
+-	return not bool(run_cmd(options, cmd)["err"])
++	return not bool(run_cmd(options, cmd)["rc"])
+ 
+ 
+ def get_reservation_key(options, dev, fail=True):
+@@ -187,7 +189,7 @@
+ 		opts = "-y "
+ 	cmd = options["--sg_persist-path"] + " -n -i " + opts + "-r -d " + dev
+ 	out = run_cmd(options, cmd)
+-	if out["err"] and fail:
++	if out["rc"] and fail:
+ 		fail_usage("Cannot get reservation key")
+ 	match = re.search(r"\s+key=0x(\S+)\s+", out["out"], re.IGNORECASE)
+ 	return match.group(1) if match else None
+@@ -201,7 +203,7 @@
+ 		opts = "-y "
+ 	cmd = options["--sg_persist-path"] + " -n -i " + opts + "-k -d " + dev
+ 	out = run_cmd(options, cmd)
+-	if out["err"]:
++	if out["rc"]:
+ 		fail_usage("Cannot get registration keys", fail)
+ 		if not fail:
+ 			return []
+@@ -319,7 +321,7 @@
+ 	"--options vg_attr,pv_name "+\
+ 	"--config 'global { locking_type = 0 } devices { preferred_names = [ \"^/dev/dm\" ] }'"
+ 	out = run_cmd(options, cmd)
+-	if out["err"]:
++	if out["rc"]:
+ 		fail_usage("Failed: Cannot get shared devices")
+ 	for line in out["out"].splitlines():
+ 		vg_attr, pv_name = line.strip().split(":")
diff --git a/fence-agents.spec b/fence-agents.spec
index b919076..c00ec43 100644
--- a/fence-agents.spec
+++ b/fence-agents.spec
@@ -87,7 +87,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.2.1
-Release: 126%{?alphatag:.%{alphatag}}%{?dist}
+Release: 127%{?alphatag:.%{alphatag}}%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Base
 URL: https://github.com/ClusterLabs/fence-agents
@@ -274,11 +274,14 @@ Patch131: bz2187329-fence_scsi-2-support-space-separated-devices.patch
 Patch132: bz2211460-fence_azure-arm-1-stack-hub-support.patch
 Patch133: bz2211460-fence_azure-arm-2-metadata-endpoint-error-message.patch
 Patch134: bz2155453-fence_ibm_powervs-performance-improvements.patch
-Patch135: RHEL-14343-fence_zvmip-document-user-permissions.patch
+Patch135: RHEL-14343-fence_zvmip-1-document-user-permissions.patch
 Patch136: RHEL-14031-1-all-agents-metadata-update-IO-Power-Network.patch
 Patch137: RHEL-14031-2-fence_cisco_mds-undo-metadata-change.patch
 Patch138: RHEL-5397-fence_scsi-1-fix-ISID-reg-handling.patch
 Patch139: RHEL-5397-fence_scsi-2-fix-ISID-reg-handling-off.patch
+Patch140: RHEL-5397-fence_scsi-3-fix-run_cmd.patch
+Patch141: RHEL-5397-4-fence_scsi-log-err.patch
+Patch142: RHEL-14343-fence_zvmip-2-fix-manpage-formatting.patch
 
 ### HA support libs/utils ###
 # all archs
@@ -504,6 +507,9 @@ BuildRequires: python3-google-api-client python3-pip python3-wheel python3-jinja
 %patch -p1 -P 137
 %patch -p1 -P 138
 %patch -p1 -P 139 -F2
+%patch -p1 -P 140
+%patch -p1 -P 141
+%patch -p1 -P 142
 
 # prevent compilation of something that won't get used anyway
 sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
@@ -1512,19 +1518,17 @@ Fence agent for IBM z/VM over IP.
 %endif
 
 %changelog
-* Tue Oct 24 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-126
+* Wed Jan  3 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-127
 - fence_scsi: fix registration handling if ISID conflicts
   Resolves: RHEL-5397
+- fence_zvmip: document required user permissions in metadata/manpage
+  Resolves: RHEL-14343
 
 * Mon Oct 23 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-125
 - all agents: update metadata in non-I/O agents to Power or Network
   fencing
   Resolves: RHEL-14031
 
-* Fri Oct 20 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-124
-- fence_zvmip: document required user permissions in metadata/manpage
-  Resolves: RHEL-14343
-
 * Thu Oct 12 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-123
 - bundled urllib3: fix CVE-2023-43804
   Resolves: RHEL-11988