- fence_scsi: fix registration handling if ISID conflicts

Resolves: RHEL-5397
- fence_zvmip: document required user permissions in metadata/manpage
  Resolves: RHEL-14343
This commit is contained in:
Oyvind Albrigtsen 2024-01-03 13:55:42 +01:00
parent 381f73b986
commit dd1654c7bd
6 changed files with 251 additions and 7 deletions

View File

@ -0,0 +1,41 @@
From adac1d81c5758235b6df46d0a91f1e948655848a Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Wed, 3 Jan 2024 10:17:50 +0100
Subject: [PATCH] fence_zvmip: fix manpage formatting
---
agents/zvm/fence_zvmip.py | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py
index f1cea2652..bd8273c49 100644
--- a/agents/zvm/fence_zvmip.py
+++ b/agents/zvm/fence_zvmip.py
@@ -210,12 +210,12 @@ def main():
The NAMELIST entry assigns all the required functions to one nick and should
look similar to this:
-:nick.ZVM_FENCE
-:list.
-IMAGE_ACTIVATE
-IMAGE_DEACTIVATE
-IMAGE_STATUS_QUERY
-CHECK_AUTHENTICATION
+:nick.ZVM_FENCE\n.br\n\
+:list.\n.br\n\
+IMAGE_ACTIVATE\n.br\n\
+IMAGE_DEACTIVATE\n.br\n\
+IMAGE_STATUS_QUERY\n.br\n\
+CHECK_AUTHENTICATION\n.br\n\
IMAGE_NAME_QUERY_DM
@@ -224,7 +224,7 @@ def main():
Column 1 Column 66 Column 131
-| | |
+| | |\n.br\n\
V V V
XXXXXXXX ALL ZVM_FENCE

View File

@ -0,0 +1,84 @@
--- a/agents/scsi/fence_scsi.py 2024-01-03 14:06:10.155417318 +0100
+++ b/agents/scsi/fence_scsi.py 2024-01-03 14:07:40.737369588 +0100
@@ -84,14 +84,14 @@
# check if host is ready to execute actions
def do_action_monitor(options):
# Check if required binaries are installed
- if bool(run_cmd(options, options["--sg_persist-path"] + " -V")["err"]):
+ if bool(run_cmd(options, options["--sg_persist-path"] + " -V")["rc"]):
logging.error("Unable to run " + options["--sg_persist-path"])
return 1
- elif bool(run_cmd(options, options["--sg_turs-path"] + " -V")["err"]):
+ elif bool(run_cmd(options, options["--sg_turs-path"] + " -V")["rc"]):
logging.error("Unable to run " + options["--sg_turs-path"])
return 1
elif ("--devices" not in options and
- bool(run_cmd(options, options["--vgs-path"] + " --version")["err"])):
+ bool(run_cmd(options, options["--vgs-path"] + " --version")["rc"])):
logging.error("Unable to run " + options["--vgs-path"])
return 1
@@ -102,11 +102,13 @@
return 0
-#run command, returns dict, ret["err"] = exit code; ret["out"] = output
+# run command, returns dict, ret["rc"] = exit code; ret["out"] = output;
+# ret["err"] = error
def run_cmd(options, cmd):
ret = {}
- (ret["err"], ret["out"], _) = run_command(options, cmd)
+ (ret["rc"], ret["out"], ret["err"]) = run_command(options, cmd)
ret["out"] = "".join([i for i in ret["out"] if i is not None])
+ ret["err"] = "".join([i for i in ret["err"] if i is not None])
return ret
@@ -122,11 +124,11 @@
def preempt_abort(options, host, dev):
reset_dev(options,dev)
cmd = options["--sg_persist-path"] + " -n -o -A -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev
- return not bool(run_cmd(options, cmd)["err"])
+ return not bool(run_cmd(options, cmd)["rc"])
def reset_dev(options, dev):
- return run_cmd(options, options["--sg_turs-path"] + " " + dev)["err"]
+ return run_cmd(options, options["--sg_turs-path"] + " " + dev)["rc"]
def register_dev(options, dev, key):
@@ -171,13 +173,13 @@
reset_dev(options, dev)
cmd = options["--sg_persist-path"] + " -n -o -I -S " + key + " -d " + dev
cmd += " -Z" if "--aptpl" in options else ""
- return not bool(run_cmd(options, cmd)["err"])
+ return not bool(run_cmd(options, cmd)["rc"])
def reserve_dev(options, dev):
reset_dev(options,dev)
cmd = options["--sg_persist-path"] + " -n -o -R -T 5 -K " + options["--key"] + " -d " + dev
- return not bool(run_cmd(options, cmd)["err"])
+ return not bool(run_cmd(options, cmd)["rc"])
def get_reservation_key(options, dev, fail=True):
@@ -201,7 +203,7 @@
opts = "-y "
cmd = options["--sg_persist-path"] + " -n -i " + opts + "-k -d " + dev
out = run_cmd(options, cmd)
- if out["err"]:
+ if out["rc"]:
fail_usage("Cannot get registration keys", fail)
if not fail:
return []
@@ -319,7 +321,7 @@
"--options vg_attr,pv_name "+\
"--config 'global { locking_type = 0 } devices { preferred_names = [ \"^/dev/dm\" ] }'"
out = run_cmd(options, cmd)
- if out["err"]:
+ if out["rc"]:
fail_usage("Failed: Cannot get shared devices")
for line in out["out"].splitlines():
vg_attr, pv_name = line.strip().split(":")

View File

@ -0,0 +1,22 @@
--- a/agents/scsi/fence_scsi.py 2024-01-03 14:15:20.755284113 +0100
+++ b/agents/scsi/fence_scsi.py 2024-01-03 12:32:01.598598127 +0100
@@ -190,7 +190,8 @@
cmd = options["--sg_persist-path"] + " -n -i " + opts + "-r -d " + dev
out = run_cmd(options, cmd)
if out["rc"] and fail:
- fail_usage("Cannot get reservation key")
+ fail_usage('Cannot get reservation key on device "' + dev
+ + '": ' + out["err"])
match = re.search(r"\s+key=0x(\S+)\s+", out["out"], re.IGNORECASE)
return match.group(1) if match else None
@@ -204,7 +205,8 @@
cmd = options["--sg_persist-path"] + " -n -i " + opts + "-k -d " + dev
out = run_cmd(options, cmd)
if out["rc"]:
- fail_usage("Cannot get registration keys", fail)
+ fail_usage('Cannot get registration keys on device "' + dev
+ + '": ' + out["err"], fail)
if not fail:
return []
for line in out["out"].split("\n"):

View File

@ -0,0 +1,93 @@
--- fence-agents-4.2.1/agents/scsi/fence_scsi.py.old 2024-01-02 12:22:30.198853290 +0100
+++ fence-agents-4.2.1/agents/scsi/fence_scsi.py 2024-01-02 12:24:35.509549785 +0100
@@ -84,14 +84,14 @@
# check if host is ready to execute actions
def do_action_monitor(options):
# Check if required binaries are installed
- if bool(run_cmd(options, options["--sg_persist-path"] + " -V")["err"]):
+ if bool(run_cmd(options, options["--sg_persist-path"] + " -V")["rc"]):
logging.error("Unable to run " + options["--sg_persist-path"])
return 1
- elif bool(run_cmd(options, options["--sg_turs-path"] + " -V")["err"]):
+ elif bool(run_cmd(options, options["--sg_turs-path"] + " -V")["rc"]):
logging.error("Unable to run " + options["--sg_turs-path"])
return 1
elif ("--devices" not in options and
- bool(run_cmd(options, options["--vgs-path"] + " --version")["err"])):
+ bool(run_cmd(options, options["--vgs-path"] + " --version")["rc"])):
logging.error("Unable to run " + options["--vgs-path"])
return 1
@@ -102,11 +102,13 @@
return 0
-#run command, returns dict, ret["err"] = exit code; ret["out"] = output
+# run command, returns dict, ret["rc"] = exit code; ret["out"] = output;
+# ret["err"] = error
def run_cmd(options, cmd):
ret = {}
- (ret["err"], ret["out"], _) = run_command(options, cmd)
+ (ret["rc"], ret["out"], ret["err"]) = run_command(options, cmd)
ret["out"] = "".join([i for i in ret["out"] if i is not None])
+ ret["err"] = "".join([i for i in ret["err"] if i is not None])
return ret
@@ -122,11 +124,11 @@
def preempt_abort(options, host, dev):
reset_dev(options,dev)
cmd = options["--sg_persist-path"] + " -n -o -A -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev
- return not bool(run_cmd(options, cmd)["err"])
+ return not bool(run_cmd(options, cmd)["rc"])
def reset_dev(options, dev):
- return run_cmd(options, options["--sg_turs-path"] + " " + dev)["err"]
+ return run_cmd(options, options["--sg_turs-path"] + " " + dev)["rc"]
def register_dev(options, dev, key):
@@ -171,13 +173,13 @@
reset_dev(options, dev)
cmd = options["--sg_persist-path"] + " -n -o -I -S " + key + " -d " + dev
cmd += " -Z" if "--aptpl" in options else ""
- return not bool(run_cmd(options, cmd)["err"])
+ return not bool(run_cmd(options, cmd)["rc"])
def reserve_dev(options, dev):
reset_dev(options,dev)
cmd = options["--sg_persist-path"] + " -n -o -R -T 5 -K " + options["--key"] + " -d " + dev
- return not bool(run_cmd(options, cmd)["err"])
+ return not bool(run_cmd(options, cmd)["rc"])
def get_reservation_key(options, dev, fail=True):
@@ -187,7 +189,7 @@
opts = "-y "
cmd = options["--sg_persist-path"] + " -n -i " + opts + "-r -d " + dev
out = run_cmd(options, cmd)
- if out["err"] and fail:
+ if out["rc"] and fail:
fail_usage("Cannot get reservation key")
match = re.search(r"\s+key=0x(\S+)\s+", out["out"], re.IGNORECASE)
return match.group(1) if match else None
@@ -201,7 +203,7 @@
opts = "-y "
cmd = options["--sg_persist-path"] + " -n -i " + opts + "-k -d " + dev
out = run_cmd(options, cmd)
- if out["err"]:
+ if out["rc"]:
fail_usage("Cannot get registration keys", fail)
if not fail:
return []
@@ -319,7 +321,7 @@
"--options vg_attr,pv_name "+\
"--config 'global { locking_type = 0 } devices { preferred_names = [ \"^/dev/dm\" ] }'"
out = run_cmd(options, cmd)
- if out["err"]:
+ if out["rc"]:
fail_usage("Failed: Cannot get shared devices")
for line in out["out"].splitlines():
vg_attr, pv_name = line.strip().split(":")

View File

@ -87,7 +87,7 @@
Name: fence-agents Name: fence-agents
Summary: Set of unified programs capable of host isolation ("fencing") Summary: Set of unified programs capable of host isolation ("fencing")
Version: 4.2.1 Version: 4.2.1
Release: 126%{?alphatag:.%{alphatag}}%{?dist} Release: 127%{?alphatag:.%{alphatag}}%{?dist}
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
Group: System Environment/Base Group: System Environment/Base
URL: https://github.com/ClusterLabs/fence-agents URL: https://github.com/ClusterLabs/fence-agents
@ -274,11 +274,14 @@ Patch131: bz2187329-fence_scsi-2-support-space-separated-devices.patch
Patch132: bz2211460-fence_azure-arm-1-stack-hub-support.patch Patch132: bz2211460-fence_azure-arm-1-stack-hub-support.patch
Patch133: bz2211460-fence_azure-arm-2-metadata-endpoint-error-message.patch Patch133: bz2211460-fence_azure-arm-2-metadata-endpoint-error-message.patch
Patch134: bz2155453-fence_ibm_powervs-performance-improvements.patch Patch134: bz2155453-fence_ibm_powervs-performance-improvements.patch
Patch135: RHEL-14343-fence_zvmip-document-user-permissions.patch Patch135: RHEL-14343-fence_zvmip-1-document-user-permissions.patch
Patch136: RHEL-14031-1-all-agents-metadata-update-IO-Power-Network.patch Patch136: RHEL-14031-1-all-agents-metadata-update-IO-Power-Network.patch
Patch137: RHEL-14031-2-fence_cisco_mds-undo-metadata-change.patch Patch137: RHEL-14031-2-fence_cisco_mds-undo-metadata-change.patch
Patch138: RHEL-5397-fence_scsi-1-fix-ISID-reg-handling.patch Patch138: RHEL-5397-fence_scsi-1-fix-ISID-reg-handling.patch
Patch139: RHEL-5397-fence_scsi-2-fix-ISID-reg-handling-off.patch Patch139: RHEL-5397-fence_scsi-2-fix-ISID-reg-handling-off.patch
Patch140: RHEL-5397-fence_scsi-3-fix-run_cmd.patch
Patch141: RHEL-5397-4-fence_scsi-log-err.patch
Patch142: RHEL-14343-fence_zvmip-2-fix-manpage-formatting.patch
### HA support libs/utils ### ### HA support libs/utils ###
# all archs # all archs
@ -504,6 +507,9 @@ BuildRequires: python3-google-api-client python3-pip python3-wheel python3-jinja
%patch -p1 -P 137 %patch -p1 -P 137
%patch -p1 -P 138 %patch -p1 -P 138
%patch -p1 -P 139 -F2 %patch -p1 -P 139 -F2
%patch -p1 -P 140
%patch -p1 -P 141
%patch -p1 -P 142
# prevent compilation of something that won't get used anyway # prevent compilation of something that won't get used anyway
sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
@ -1512,19 +1518,17 @@ Fence agent for IBM z/VM over IP.
%endif %endif
%changelog %changelog
* Tue Oct 24 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-126 * Wed Jan 3 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-127
- fence_scsi: fix registration handling if ISID conflicts - fence_scsi: fix registration handling if ISID conflicts
Resolves: RHEL-5397 Resolves: RHEL-5397
- fence_zvmip: document required user permissions in metadata/manpage
Resolves: RHEL-14343
* Mon Oct 23 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-125 * Mon Oct 23 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-125
- all agents: update metadata in non-I/O agents to Power or Network - all agents: update metadata in non-I/O agents to Power or Network
fencing fencing
Resolves: RHEL-14031 Resolves: RHEL-14031
* Fri Oct 20 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-124
- fence_zvmip: document required user permissions in metadata/manpage
Resolves: RHEL-14343
* Thu Oct 12 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-123 * Thu Oct 12 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-123
- bundled urllib3: fix CVE-2023-43804 - bundled urllib3: fix CVE-2023-43804
Resolves: RHEL-11988 Resolves: RHEL-11988