import CS fence-agents-4.2.1-129.el8

This commit is contained in:
eabdullin 2024-03-27 19:39:04 +00:00
parent c2d304e1db
commit f9a870c155
14 changed files with 2489 additions and 158 deletions

View File

@ -6,7 +6,7 @@ c2a98b9a1562d223a76514f05028488ca000c395 SOURCES/aliyun-python-sdk-ecs-4.9.3.tar
f14647a4d37a9a254c4e711b95a7654fc418e41e SOURCES/aliyun-python-sdk-vpc-3.0.2.tar.gz
2512ff4ef016cad0b916006f6acf2a309f908c4d SOURCES/botocore-1.23.46.tar.gz
0d12f48faa727f0979e9ad5c4c80dfa32b73caff SOURCES/cachetools-4.2.4.tar.gz
b13e22d55867e2ca5f92e5289cfdc21ba6e343aa SOURCES/certifi-2021.10.8.tar.gz
ec7e8dd8ef95edfdb83a1ea040b8b88507b47615 SOURCES/certifi-2023.7.22.tar.gz
2384f6cfba4685d901262e073a4455d4cf76d102 SOURCES/chardet-4.0.0.tar.gz
865df92e66e5dc7b940144cbad8115c07dc8784f SOURCES/charset-normalizer-2.0.7.tar.gz
e2561df8e7ff9113dab118a651371dd88dab0142 SOURCES/fence-agents-4.2.1.tar.gz
@ -20,7 +20,7 @@ f6efa66f6106b069b5c0e0cf8cc677e4e96c91ca SOURCES/oauthlib-3.1.1.tar.gz
bccbc1bf76a9db46998eb8e1ffa2f2a2baf9237a SOURCES/packaging-21.2-py3-none-any.whl
e0fa19f8fda46a1fa2253477499b116b33f67175 SOURCES/pyasn1-0.4.8.tar.gz
43b89feb6864fe359aae89120627165219de313b SOURCES/pyasn1-modules-0.2.8.tar.gz
326a73f58a62ebee00c11a12cfdd838b196e0e8e SOURCES/pycryptodome-3.6.4.tar.gz
c55d177e9484d974c95078d4ae945f89ba2c7251 SOURCES/pycryptodome-3.20.0.tar.gz
c8307f47e3b75a2d02af72982a2dfefa3f56e407 SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl
c2ba10c775b7a52a4b57cac4d4110a0c0f812a82 SOURCES/python-dateutil-2.8.2.tar.gz
1dc2fa004aa6517f1620e55d8a7b8e68a9cf2a47 SOURCES/python-string-utils-1.0.0.tar.gz
@ -33,5 +33,5 @@ d5354718cb8c9330d3abc27445467ce8a5ed9d70 SOURCES/setuptools-58.3.0.tar.gz
a4f02fddae697614e356cadfddb6241cc7737f38 SOURCES/setuptools_scm-6.3.2.tar.gz
06fa0bb50f2a4e2917fd14c21e9d2d5508ce0163 SOURCES/six-1.16.0.tar.gz
b42b7960047441db7dc021cc20e14279bd836f8d SOURCES/tomli-1.0.1.tar.gz
eb35c3fd8b0867ae988a15917d6b80e8bdf60222 SOURCES/urllib3-1.26.7.tar.gz
84e2852d8da1655373f7ce5e7d5d3e256b62b4e4 SOURCES/urllib3-1.26.18.tar.gz
540f083782c584989c1a0f69ffd69ba7aae07db6 SOURCES/websocket-client-1.2.1.tar.gz

6
.gitignore vendored
View File

@ -6,7 +6,7 @@ SOURCES/aliyun-python-sdk-ecs-4.9.3.tar.gz
SOURCES/aliyun-python-sdk-vpc-3.0.2.tar.gz
SOURCES/botocore-1.23.46.tar.gz
SOURCES/cachetools-4.2.4.tar.gz
SOURCES/certifi-2021.10.8.tar.gz
SOURCES/certifi-2023.7.22.tar.gz
SOURCES/chardet-4.0.0.tar.gz
SOURCES/charset-normalizer-2.0.7.tar.gz
SOURCES/fence-agents-4.2.1.tar.gz
@ -20,7 +20,7 @@ SOURCES/openshift-0.12.1.tar.gz
SOURCES/packaging-21.2-py3-none-any.whl
SOURCES/pyasn1-0.4.8.tar.gz
SOURCES/pyasn1-modules-0.2.8.tar.gz
SOURCES/pycryptodome-3.6.4.tar.gz
SOURCES/pycryptodome-3.20.0.tar.gz
SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl
SOURCES/python-dateutil-2.8.2.tar.gz
SOURCES/python-string-utils-1.0.0.tar.gz
@ -33,5 +33,5 @@ SOURCES/setuptools-58.3.0.tar.gz
SOURCES/setuptools_scm-6.3.2.tar.gz
SOURCES/six-1.16.0.tar.gz
SOURCES/tomli-1.0.1.tar.gz
SOURCES/urllib3-1.26.7.tar.gz
SOURCES/urllib3-1.26.18.tar.gz
SOURCES/websocket-client-1.2.1.tar.gz

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,35 @@
From 639732ddca765b2f147ef0c0a896968e3304ca49 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Mon, 23 Oct 2023 09:28:55 +0200
Subject: [PATCH] fence_cisco_mds: undo metadata change, as it is an I/O agent
---
agents/cisco_mds/fence_cisco_mds.py | 2 +-
tests/data/metadata/fence_cisco_mds.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/agents/cisco_mds/fence_cisco_mds.py b/agents/cisco_mds/fence_cisco_mds.py
index 04cd1f842..fbb876a94 100644
--- a/agents/cisco_mds/fence_cisco_mds.py
+++ b/agents/cisco_mds/fence_cisco_mds.py
@@ -77,7 +77,7 @@ def main():
docs = {}
docs["shortdesc"] = "Fence agent for Cisco MDS"
- docs["longdesc"] = "fence_cisco_mds is a Power Fencing agent \
+ docs["longdesc"] = "fence_cisco_mds is an I/O Fencing agent \
which can be used with any Cisco MDS 9000 series with SNMP enabled device."
docs["vendorurl"] = "http://www.cisco.com"
show_docs(options, docs)
diff --git a/tests/data/metadata/fence_cisco_mds.xml b/tests/data/metadata/fence_cisco_mds.xml
index 2105ecccc..829c9dcbe 100644
--- a/tests/data/metadata/fence_cisco_mds.xml
+++ b/tests/data/metadata/fence_cisco_mds.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" ?>
<resource-agent name="fence_cisco_mds" shortdesc="Fence agent for Cisco MDS" >
-<longdesc>fence_cisco_mds is a Power Fencing agent which can be used with any Cisco MDS 9000 series with SNMP enabled device.</longdesc>
+<longdesc>fence_cisco_mds is an I/O Fencing agent which can be used with any Cisco MDS 9000 series with SNMP enabled device.</longdesc>
<vendor-url>http://www.cisco.com</vendor-url>
<parameters>
<parameter name="action" unique="0" required="1">

View File

@ -0,0 +1,159 @@
From dcb8ddd13c3dfad02e00c07f283251e0c2a60c46 Mon Sep 17 00:00:00 2001
From: Reid Wahl <nrwahl@protonmail.com>
Date: Mon, 16 Aug 2021 17:44:13 -0700
Subject: [PATCH] fence_zvmip: Update longdesc to document all required
functions
In RHBZ#1935641, IBM explained that the requesting user needs
authorization for more functions than what is currently documented.
They said:
"""
What we found is that you need rights from three different NICKS:
SERVER_MANAGEMENT, IMAGE_CHARACTERISTICS and IMAGE_OPERATIONS.
You won't be able to give a user all three NICKS.
Therefore, you have to create a new NICK with all capabilities from all
three NICKS together and then assign the new NICK to the USER
"ZCLUSTER".
Even better is to just use the needed Subset with a new NICK.
We found five commands which are used in the fencing code and on the
z/VM Log which should be enough for fencing to work.
We suggest creating following files:
File VSMWORK1 NAMELIST:
```
:nick.ZVM_FENCE
:list.
IMAGE_ACTIVATE
IMAGE_DEACTIVATE
IMAGE_STATUS_QUERY
CHECK_AUTHENTICATION
IMAGE_NAME_QUERY_DM
```
File VSMWORK1 AUTHLIST:
```
ZCLUSTER ALL ZVM_FENCE
```
For details, we suggest adding a link to the current z/VM docu:
- NAMELIST: https://www.ibm.com/support/knowledgecenter/de/SSB27U_7.2.0/com.ibm.zvm.v720.dmse6/namelst.htm
- AUTHLIST: https://www.ibm.com/support/knowledgecenter/de/SSB27U_7.2.0/com.ibm.zvm.v720.dmse6/auf.htm
"""
Resolves: RHBZ1935641
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
---
agents/zvm/fence_zvmip.py | 37 ++++++++++++++++++++++-------
tests/data/metadata/fence_zvmip.xml | 37 ++++++++++++++++++++++-------
2 files changed, 56 insertions(+), 18 deletions(-)
diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py
index 4f538e10d..c37950a20 100644
--- a/agents/zvm/fence_zvmip.py
+++ b/agents/zvm/fence_zvmip.py
@@ -199,21 +199,40 @@ def main():
docs = {}
docs["shortdesc"] = "Fence agent for use with z/VM Virtual Machines"
- docs["longdesc"] = """The fence_zvm agent is intended to be used with with z/VM SMAPI service via TCP/IP
+ docs["longdesc"] = """The fence_zvmip agent is intended to be used with the
+z/VM SMAPI service via TCP/IP.
-To use this agent the z/VM SMAPI service needs to be configured to allow the virtual machine running this agent to connect to it and issue
-the image_recycle operation. This involves updating the VSMWORK1 AUTHLIST VMSYS:VSMWORK1. file. The entry should look something similar to
-this:
+The z/VM SMAPI service must be configured so that the virtual machine running
+the agent can connect to the service, access the system's directory manager,
+and shortly thereafter run image_deactivate and image_activate. This involves
+updating the VSMWORK1 NAMELIST and VSMWORK1 AUTHLIST VMSYS:VSMWORK1 files.
+
+The NAMELIST entry assigns all the required functions to one nick and should
+look similar to this:
+
+:nick.ZVM_FENCE
+:list.
+IMAGE_ACTIVATE
+IMAGE_DEACTIVATE
+IMAGE_STATUS_QUERY
+CHECK_AUTHENTICATION
+IMAGE_NAME_QUERY_DM
+
+
+The AUTHLIST entry authorizes the user to perform all the functions associated
+with the nick, and should look similar to this:
Column 1 Column 66 Column 131
- | | |
- V V V
+| | |
+V V V
+
+XXXXXXXX ALL ZVM_FENCE
-XXXXXXXX ALL IMAGE_CHARACTERISTICS
+where XXXXXXXX is the name of the user in the authuser field of the request.
-Where XXXXXXX is the name of the virtual machine used in the authuser field of the request. This virtual machine also has to be authorized
-to access the system's directory manager.
+Refer to the official z/VM documentation for complete instructions and
+reference materials.
"""
docs["vendorurl"] = "http://www.ibm.com"
show_docs(options, docs)
diff --git a/tests/data/metadata/fence_zvmip.xml b/tests/data/metadata/fence_zvmip.xml
index 6996ab736..96393bdfa 100644
--- a/tests/data/metadata/fence_zvmip.xml
+++ b/tests/data/metadata/fence_zvmip.xml
@@ -1,20 +1,39 @@
<?xml version="1.0" ?>
<resource-agent name="fence_zvmip" shortdesc="Fence agent for use with z/VM Virtual Machines" >
-<longdesc>The fence_zvm agent is intended to be used with with z/VM SMAPI service via TCP/IP
+<longdesc>The fence_zvmip agent is intended to be used with the
+z/VM SMAPI service via TCP/IP.
-To use this agent the z/VM SMAPI service needs to be configured to allow the virtual machine running this agent to connect to it and issue
-the image_recycle operation. This involves updating the VSMWORK1 AUTHLIST VMSYS:VSMWORK1. file. The entry should look something similar to
-this:
+The z/VM SMAPI service must be configured so that the virtual machine running
+the agent can connect to the service, access the system's directory manager,
+and shortly thereafter run image_deactivate and image_activate. This involves
+updating the VSMWORK1 NAMELIST and VSMWORK1 AUTHLIST VMSYS:VSMWORK1 files.
+
+The NAMELIST entry assigns all the required functions to one nick and should
+look similar to this:
+
+:nick.ZVM_FENCE
+:list.
+IMAGE_ACTIVATE
+IMAGE_DEACTIVATE
+IMAGE_STATUS_QUERY
+CHECK_AUTHENTICATION
+IMAGE_NAME_QUERY_DM
+
+
+The AUTHLIST entry authorizes the user to perform all the functions associated
+with the nick, and should look similar to this:
Column 1 Column 66 Column 131
- | | |
- V V V
+| | |
+V V V
+
+XXXXXXXX ALL ZVM_FENCE
-XXXXXXXX ALL IMAGE_CHARACTERISTICS
+where XXXXXXXX is the name of the user in the authuser field of the request.
-Where XXXXXXX is the name of the virtual machine used in the authuser field of the request. This virtual machine also has to be authorized
-to access the system's directory manager.
+Refer to the official z/VM documentation for complete instructions and
+reference materials.
</longdesc>
<vendor-url>http://www.ibm.com</vendor-url>
<parameters>

View File

@ -0,0 +1,41 @@
From adac1d81c5758235b6df46d0a91f1e948655848a Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Wed, 3 Jan 2024 10:17:50 +0100
Subject: [PATCH] fence_zvmip: fix manpage formatting
---
agents/zvm/fence_zvmip.py | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py
index f1cea2652..bd8273c49 100644
--- a/agents/zvm/fence_zvmip.py
+++ b/agents/zvm/fence_zvmip.py
@@ -210,12 +210,12 @@ def main():
The NAMELIST entry assigns all the required functions to one nick and should
look similar to this:
-:nick.ZVM_FENCE
-:list.
-IMAGE_ACTIVATE
-IMAGE_DEACTIVATE
-IMAGE_STATUS_QUERY
-CHECK_AUTHENTICATION
+:nick.ZVM_FENCE\n.br\n\
+:list.\n.br\n\
+IMAGE_ACTIVATE\n.br\n\
+IMAGE_DEACTIVATE\n.br\n\
+IMAGE_STATUS_QUERY\n.br\n\
+CHECK_AUTHENTICATION\n.br\n\
IMAGE_NAME_QUERY_DM
@@ -224,7 +224,7 @@ def main():
Column 1 Column 66 Column 131
-| | |
+| | |\n.br\n\
V V V
XXXXXXXX ALL ZVM_FENCE

View File

@ -0,0 +1,63 @@
From 7dd3680e6eea0d77fde024763657aa4d884ddb23 Mon Sep 17 00:00:00 2001
From: Calum Hutton <calum.hutton@snyk.io>
Date: Thu, 26 Oct 2023 12:08:53 +0100
Subject: [PATCH] xmlattr filter disallows keys with spaces
---
CHANGES.rst | 1 +
src/jinja2/filters.py | 28 +++++++++++++++++++++-------
tests/test_filters.py | 6 ++++++
3 files changed, 28 insertions(+), 7 deletions(-)
diff --git a/src/jinja2/filters.py b/src/jinja2/filters.py
index ed07c4c0e..c7ecc9bb6 100644
--- a/kubevirt/jinja2/filters.py
+++ b/kubevirt/jinja2/filters.py
@@ -248,13 +248,17 @@ def do_items(value: t.Union[t.Mapping[K, V], Undefined]) -> t.Iterator[t.Tuple[K
yield from value.items()
+_space_re = re.compile(r"\s", flags=re.ASCII)
+
+
@pass_eval_context
def do_xmlattr(
eval_ctx: "EvalContext", d: t.Mapping[str, t.Any], autospace: bool = True
) -> str:
"""Create an SGML/XML attribute string based on the items in a dict.
- All values that are neither `none` nor `undefined` are automatically
- escaped:
+
+ If any key contains a space, this fails with a ``ValueError``. Values that
+ are neither ``none`` nor ``undefined`` are automatically escaped.
.. sourcecode:: html+jinja
@@ -273,12 +277,22 @@ def do_xmlattr(
As you can see it automatically prepends a space in front of the item
if the filter returned something unless the second parameter is false.
+
+ .. versionchanged:: 3.1.3
+ Keys with spaces are not allowed.
"""
- rv = " ".join(
- f'{escape(key)}="{escape(value)}"'
- for key, value in d.items()
- if value is not None and not isinstance(value, Undefined)
- )
+ items = []
+
+ for key, value in d.items():
+ if value is None or isinstance(value, Undefined):
+ continue
+
+ if _space_re.search(key) is not None:
+ raise ValueError(f"Spaces are not allowed in attributes: '{key}'")
+
+ items.append(f'{escape(key)}="{escape(value)}"')
+
+ rv = " ".join(items)
if autospace and rv:
rv = " " + rv

View File

@ -0,0 +1,22 @@
--- a/agents/scsi/fence_scsi.py 2024-01-03 14:15:20.755284113 +0100
+++ b/agents/scsi/fence_scsi.py 2024-01-03 12:32:01.598598127 +0100
@@ -190,7 +190,8 @@
cmd = options["--sg_persist-path"] + " -n -i " + opts + "-r -d " + dev
out = run_cmd(options, cmd)
if out["rc"] and fail:
- fail_usage("Cannot get reservation key")
+ fail_usage('Cannot get reservation key on device "' + dev
+ + '": ' + out["err"])
match = re.search(r"\s+key=0x(\S+)\s+", out["out"], re.IGNORECASE)
return match.group(1) if match else None
@@ -204,7 +205,8 @@
cmd = options["--sg_persist-path"] + " -n -i " + opts + "-k -d " + dev
out = run_cmd(options, cmd)
if out["rc"]:
- fail_usage("Cannot get registration keys", fail)
+ fail_usage('Cannot get registration keys on device "' + dev
+ + '": ' + out["err"], fail)
if not fail:
return []
for line in out["out"].split("\n"):

View File

@ -0,0 +1,68 @@
From 9d0d0d013c7edae43a4ebc5f46bf2e7a4f127654 Mon Sep 17 00:00:00 2001
From: "sreejit.mohanan" <sreejit.mohanan@nutanix.com>
Date: Fri, 17 Feb 2023 18:04:03 -0800
Subject: [PATCH] fence_scsi: fix registration handling if ISID conflicts ISID
(Initiator Session ID) belonging to I_T Nexus changes for RHEL based on the
session ID. This means that the connection to the device can be set up with
different ISID on reconnects.
fence_scsi treats same key as a tip to ignore issuing registration
to the device but if the device was registered using a different
ISID, the key would be the same but the I_T Nexus (new ISID) would
not have access to the device.
Fixing this by preempting the old key and replacing with the current
one.
---
agents/scsi/fence_scsi.py | 35 ++++++++++++++++++++++++++++++++---
1 file changed, 32 insertions(+), 3 deletions(-)
diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py
index f9e6823b2..85e4f29e6 100644
--- a/agents/scsi/fence_scsi.py
+++ b/agents/scsi/fence_scsi.py
@@ -137,12 +137,41 @@ def register_dev(options, dev):
for slave in get_mpath_slaves(dev):
register_dev(options, slave)
return True
- if get_reservation_key(options, dev, False) == options["--key"]:
- return True
+
+ # Check if any registration exists for the key already. We track this in
+ # order to decide whether the existing registration needs to be cleared.
+ # This is needed since the previous registration could be for a
+ # different I_T nexus (different ISID).
+ registration_key_exists = False
+ if options["--key"] in get_registration_keys(options, dev):
+ registration_key_exists = True
+ if not register_helper(options, options["--key"], dev):
+ return False
+
+ if registration_key_exists:
+ # If key matches, make sure it matches with the connection that
+ # exists right now. To do this, we can issue a preempt with same key
+ # which should replace the old invalid entries from the target.
+ if not preempt(options, options["--key"], dev):
+ return False
+
+ # If there was no reservation, we need to issue another registration
+ # since the previous preempt would clear registration made above.
+ if get_reservation_key(options, dev, False) != options["--key"]:
+ return register_helper(options, options["--key"], dev)
+ return True
+
+# cancel registration without aborting tasks
+def preempt(options, host, dev):
+ reset_dev(options,dev)
+ cmd = options["--sg_persist-path"] + " -n -o -P -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev
+ return not bool(run_cmd(options, cmd)["rc"])
+
+# helper function to send the register command
+def register_helper(options, host, dev):
reset_dev(options, dev)
cmd = options["--sg_persist-path"] + " -n -o -I -S " + options["--key"] + " -d " + dev
cmd += " -Z" if "--aptpl" in options else ""
- #cmd return code != 0 but registration can be successful
return not bool(run_cmd(options, cmd)["err"])

View File

@ -0,0 +1,103 @@
From 34baef58db442148b8e067509d2cdd37b7a91ef4 Mon Sep 17 00:00:00 2001
From: "sreejit.mohanan" <sreejit.mohanan@nutanix.com>
Date: Thu, 7 Sep 2023 15:57:51 -0700
Subject: [PATCH] fence_scsi: fix registration handling in device 'off'
workflows
ISID (Initiator Session ID) belonging to I_T Nexus changes for
RHEL based on the session ID. This means that the connection to
the device can be set up with different ISID on reconnects.
When a device is powered off, fence_scsi assumes that the client
has a registration to the device and sends a preempt-and-abort
request which ends up failing due to reservation conflict.
Fixing this by registering the host key with the device and preempting
the old registration (if it exists). This should make sure that the
host is able to preempt the other key successfully.
---
agents/scsi/fence_scsi.py | 29 +++++++++++++++--------------
1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py
index 42530ceb5..519319bf5 100644
--- a/agents/scsi/fence_scsi.py
+++ b/agents/scsi/fence_scsi.py
@@ -41,7 +41,7 @@ def set_status(conn, options):
for dev in options["devices"]:
is_block_device(dev)
- register_dev(options, dev)
+ register_dev(options, dev, options["--key"])
if options["--key"] not in get_registration_keys(options, dev):
count += 1
logging.debug("Failed to register key "\
@@ -62,7 +62,7 @@ def set_status(conn, options):
fail_usage("Failed: keys cannot be same. You can not fence yourself.")
for dev in options["devices"]:
is_block_device(dev)
-
+ register_dev(options, dev, host_key)
if options["--key"] in get_registration_keys(options, dev):
preempt_abort(options, host_key, dev)
@@ -131,11 +131,11 @@ def reset_dev(options, dev):
return run_cmd(options, options["--sg_turs-path"] + " " + dev)["rc"]
-def register_dev(options, dev):
+def register_dev(options, dev, key):
dev = os.path.realpath(dev)
if re.search(r"^dm", dev[5:]):
for slave in get_mpath_slaves(dev):
- register_dev(options, slave)
+ register_dev(options, slave, key)
return True
# Check if any registration exists for the key already. We track this in
@@ -143,34 +143,35 @@ def register_dev(options, dev):
# This is needed since the previous registration could be for a
# different I_T nexus (different ISID).
registration_key_exists = False
- if options["--key"] in get_registration_keys(options, dev):
+ if key in get_registration_keys(options, dev):
+ logging.debug("Registration key exists for device " + dev)
registration_key_exists = True
- if not register_helper(options, options["--key"], dev):
+ if not register_helper(options, dev, key):
return False
if registration_key_exists:
# If key matches, make sure it matches with the connection that
# exists right now. To do this, we can issue a preempt with same key
# which should replace the old invalid entries from the target.
- if not preempt(options, options["--key"], dev):
+ if not preempt(options, key, dev, key):
return False
# If there was no reservation, we need to issue another registration
# since the previous preempt would clear registration made above.
- if get_reservation_key(options, dev, False) != options["--key"]:
- return register_helper(options, options["--key"], dev)
+ if get_reservation_key(options, dev, False) != key:
+ return register_helper(options, dev, key)
return True
-# cancel registration without aborting tasks
-def preempt(options, host, dev):
+# helper function to preempt host with 'key' using 'host_key' without aborting tasks
+def preempt(options, host_key, dev, key):
reset_dev(options,dev)
- cmd = options["--sg_persist-path"] + " -n -o -P -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev
+ cmd = options["--sg_persist-path"] + " -n -o -P -T 5 -K " + host_key + " -S " + key + " -d " + dev
return not bool(run_cmd(options, cmd)["rc"])
# helper function to send the register command
-def register_helper(options, host, dev):
+def register_helper(options, dev, key):
reset_dev(options, dev)
- cmd = options["--sg_persist-path"] + " -n -o -I -S " + options["--key"] + " -d " + dev
+ cmd = options["--sg_persist-path"] + " -n -o -I -S " + key + " -d " + dev
cmd += " -Z" if "--aptpl" in options else ""
return not bool(run_cmd(options, cmd)["rc"])

View File

@ -0,0 +1,93 @@
--- fence-agents-4.2.1/agents/scsi/fence_scsi.py.old 2024-01-02 12:22:30.198853290 +0100
+++ fence-agents-4.2.1/agents/scsi/fence_scsi.py 2024-01-02 12:24:35.509549785 +0100
@@ -84,14 +84,14 @@
# check if host is ready to execute actions
def do_action_monitor(options):
# Check if required binaries are installed
- if bool(run_cmd(options, options["--sg_persist-path"] + " -V")["err"]):
+ if bool(run_cmd(options, options["--sg_persist-path"] + " -V")["rc"]):
logging.error("Unable to run " + options["--sg_persist-path"])
return 1
- elif bool(run_cmd(options, options["--sg_turs-path"] + " -V")["err"]):
+ elif bool(run_cmd(options, options["--sg_turs-path"] + " -V")["rc"]):
logging.error("Unable to run " + options["--sg_turs-path"])
return 1
elif ("--devices" not in options and
- bool(run_cmd(options, options["--vgs-path"] + " --version")["err"])):
+ bool(run_cmd(options, options["--vgs-path"] + " --version")["rc"])):
logging.error("Unable to run " + options["--vgs-path"])
return 1
@@ -102,11 +102,13 @@
return 0
-#run command, returns dict, ret["err"] = exit code; ret["out"] = output
+# run command, returns dict, ret["rc"] = exit code; ret["out"] = output;
+# ret["err"] = error
def run_cmd(options, cmd):
ret = {}
- (ret["err"], ret["out"], _) = run_command(options, cmd)
+ (ret["rc"], ret["out"], ret["err"]) = run_command(options, cmd)
ret["out"] = "".join([i for i in ret["out"] if i is not None])
+ ret["err"] = "".join([i for i in ret["err"] if i is not None])
return ret
@@ -122,11 +124,11 @@
def preempt_abort(options, host, dev):
reset_dev(options,dev)
cmd = options["--sg_persist-path"] + " -n -o -A -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev
- return not bool(run_cmd(options, cmd)["err"])
+ return not bool(run_cmd(options, cmd)["rc"])
def reset_dev(options, dev):
- return run_cmd(options, options["--sg_turs-path"] + " " + dev)["err"]
+ return run_cmd(options, options["--sg_turs-path"] + " " + dev)["rc"]
def register_dev(options, dev, key):
@@ -171,13 +173,13 @@
reset_dev(options, dev)
cmd = options["--sg_persist-path"] + " -n -o -I -S " + key + " -d " + dev
cmd += " -Z" if "--aptpl" in options else ""
- return not bool(run_cmd(options, cmd)["err"])
+ return not bool(run_cmd(options, cmd)["rc"])
def reserve_dev(options, dev):
reset_dev(options,dev)
cmd = options["--sg_persist-path"] + " -n -o -R -T 5 -K " + options["--key"] + " -d " + dev
- return not bool(run_cmd(options, cmd)["err"])
+ return not bool(run_cmd(options, cmd)["rc"])
def get_reservation_key(options, dev, fail=True):
@@ -187,7 +189,7 @@
opts = "-y "
cmd = options["--sg_persist-path"] + " -n -i " + opts + "-r -d " + dev
out = run_cmd(options, cmd)
- if out["err"] and fail:
+ if out["rc"] and fail:
fail_usage("Cannot get reservation key")
match = re.search(r"\s+key=0x(\S+)\s+", out["out"], re.IGNORECASE)
return match.group(1) if match else None
@@ -201,7 +203,7 @@
opts = "-y "
cmd = options["--sg_persist-path"] + " -n -i " + opts + "-k -d " + dev
out = run_cmd(options, cmd)
- if out["err"]:
+ if out["rc"]:
fail_usage("Cannot get registration keys", fail)
if not fail:
return []
@@ -319,7 +321,7 @@
"--options vg_attr,pv_name "+\
"--config 'global { locking_type = 0 } devices { preferred_names = [ \"^/dev/dm\" ] }'"
out = run_cmd(options, cmd)
- if out["err"]:
+ if out["rc"]:
fail_usage("Failed: Cannot get shared devices")
for line in out["out"].splitlines():
vg_attr, pv_name = line.strip().split(":")

View File

@ -11,7 +11,7 @@
# alibaba
# python-pycryptodome bundle
%global pycryptodome pycryptodome
%global pycryptodome_version 3.6.4
%global pycryptodome_version 3.20.0
%global pycryptodome_dir %{bundled_lib_dir}/aliyun/%{pycryptodome}
# python-aliyun-sdk-core bundle
%global aliyunsdkcore aliyun-python-sdk-core
@ -44,7 +44,7 @@
%global kubernetes kubernetes
%global kubernetes_version 12.0.1
%global certifi certifi
%global certifi_version 2021.10.8
%global certifi_version 2023.7.22
%global googleauth google-auth
%global googleauth_version 2.3.0
%global cachetools cachetools
@ -59,10 +59,10 @@
%global pyyaml_version 6.0
%global six six
%global six_version 1.16.0
%global urllib3 urllib3
%global urllib3_version 1.26.7
%global websocketclient websocket-client
%global websocketclient_version 1.2.1
%global urllib3 urllib3
%global urllib3_version 1.26.18
%global websocketclient websocket-client
%global websocketclient_version 1.2.1
%global jinja2 Jinja2
%global jinja2_version 3.0.2
%global markupsafe MarkupSafe
@ -87,7 +87,7 @@
Name: fence-agents
Summary: Set of unified programs capable of host isolation ("fencing")
Version: 4.2.1
Release: 121%{?alphatag:.%{alphatag}}%{?dist}
Release: 129%{?alphatag:.%{alphatag}}%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Base
URL: https://github.com/ClusterLabs/fence-agents
@ -274,10 +274,21 @@ Patch131: bz2187329-fence_scsi-2-support-space-separated-devices.patch
Patch132: bz2211460-fence_azure-arm-1-stack-hub-support.patch
Patch133: bz2211460-fence_azure-arm-2-metadata-endpoint-error-message.patch
Patch134: bz2155453-fence_ibm_powervs-performance-improvements.patch
Patch135: RHEL-14343-fence_zvmip-1-document-user-permissions.patch
Patch136: RHEL-14031-1-all-agents-metadata-update-IO-Power-Network.patch
Patch137: RHEL-14031-2-fence_cisco_mds-undo-metadata-change.patch
Patch138: RHEL-5397-fence_scsi-1-fix-ISID-reg-handling.patch
Patch139: RHEL-5397-fence_scsi-2-fix-ISID-reg-handling-off.patch
Patch140: RHEL-5397-fence_scsi-3-fix-run_cmd.patch
Patch141: RHEL-5397-4-fence_scsi-log-err.patch
Patch142: RHEL-14343-fence_zvmip-2-fix-manpage-formatting.patch
### HA support libs/utils ###
Patch1000: bz2218234-1-aws-fix-bundled-dateutil-CVE-2007-4559.patch
Patch1001: bz2218234-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
# all archs
Patch1000: bz2218234-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
Patch1001: RHEL-22174-kubevirt-fix-bundled-jinja2-CVE-2024-22195.patch
# cloud (x86_64 only)
Patch2000: bz2218234-2-aws-fix-bundled-dateutil-CVE-2007-4559.patch
%if 0%{?fedora} || 0%{?rhel} > 7
%global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
@ -355,141 +366,149 @@ BuildRequires: python3-google-api-client python3-pip python3-wheel python3-jinja
%prep
%setup -q -n %{name}-%{version}
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1 -F2
%patch31 -p1 -F2
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
%patch36 -p1 -F1
%patch37 -p1
%patch38 -p1
%patch39 -p1
%patch40 -p1 -F2
%patch41 -p1
%patch42 -p1
%patch43 -p1
%patch44 -p1
%patch45 -p1
%patch46 -p1
%patch47 -p1
%patch48 -p1 -F1
%patch49 -p1
%patch50 -p1
%patch51 -p1
%patch52 -p1
%patch53 -p1
%patch54 -p1
%patch55 -p1
%patch56 -p1
%patch57 -p1
%patch58 -p1
%patch59 -p1
%patch60 -p1 -F1
%patch61 -p1
%patch62 -p1
%patch63 -p1
%patch64 -p1
%patch65 -p1 -F1
%patch66 -p1
%patch67 -p1
%patch68 -p1
%patch69 -p1
%patch70 -p1
%patch71 -p1
%patch72 -p1
%patch73 -p1
%patch74 -p1
%patch75 -p1
%patch76 -p1
%patch77 -p1
%patch78 -p1
%patch79 -p1
%patch80 -p1
%patch81 -p1
%patch82 -p1
%patch83 -p1
%patch84 -p1
%patch85 -p1
%patch86 -p1 -F1
%patch87 -p1
%patch88 -p1
%patch89 -p1
%patch90 -p1
%patch91 -p1
%patch92 -p1
%patch93 -p1
%patch94 -p1
%patch95 -p1
%patch96 -p1 -F2
%patch97 -p1
%patch98 -p1
%patch99 -p1
%patch100 -p1
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1 -F1
%patch105 -p1
%patch106 -p1
%patch107 -p1
%patch108 -p1
%patch109 -p1
%patch110 -p1
%patch111 -p1
%patch112 -p1
%patch113 -p1
%patch114 -p1
%patch115 -p1
%patch116 -p1
%patch117 -p1
%patch118 -p1
%patch119 -p1
%patch120 -p1
%patch121 -p1
%patch122 -p1 -F2
%patch123 -p1
%patch124 -p1
%patch125 -p1
%patch126 -p1
%patch127 -p1
%patch128 -p1 -F2
%patch129 -p1
%patch130 -p1
%patch131 -p1
%patch132 -p1
%patch133 -p1
%patch134 -p1
%patch -p1 -P 0
%patch -p1 -P 1
%patch -p1 -P 2
%patch -p1 -P 3
%patch -p1 -P 4
%patch -p1 -P 5
%patch -p1 -P 6
%patch -p1 -P 7
%patch -p1 -P 8
%patch -p1 -P 9
%patch -p1 -P 10
%patch -p1 -P 11
%patch -p1 -P 12
%patch -p1 -P 13
%patch -p1 -P 14
%patch -p1 -P 15
%patch -p1 -P 16
%patch -p1 -P 17
%patch -p1 -P 18
%patch -p1 -P 19
%patch -p1 -P 20
%patch -p1 -P 21
%patch -p1 -P 22
%patch -p1 -P 23
%patch -p1 -P 24
%patch -p1 -P 25
%patch -p1 -P 26
%patch -p1 -P 27
%patch -p1 -P 28
%patch -p1 -P 29
%patch -p1 -P 30 -F2
%patch -p1 -P 31 -F2
%patch -p1 -P 32
%patch -p1 -P 33
%patch -p1 -P 34
%patch -p1 -P 35
%patch -p1 -P 36 -F1
%patch -p1 -P 37
%patch -p1 -P 38
%patch -p1 -P 39
%patch -p1 -P 40 -F2
%patch -p1 -P 41
%patch -p1 -P 42
%patch -p1 -P 43
%patch -p1 -P 44
%patch -p1 -P 45
%patch -p1 -P 46
%patch -p1 -P 47
%patch -p1 -P 48 -F1
%patch -p1 -P 49
%patch -p1 -P 50
%patch -p1 -P 51
%patch -p1 -P 52
%patch -p1 -P 53
%patch -p1 -P 54
%patch -p1 -P 55
%patch -p1 -P 56
%patch -p1 -P 57
%patch -p1 -P 58
%patch -p1 -P 59
%patch -p1 -P 60 -F1
%patch -p1 -P 61
%patch -p1 -P 62
%patch -p1 -P 63
%patch -p1 -P 64
%patch -p1 -P 65 -F1
%patch -p1 -P 66
%patch -p1 -P 67
%patch -p1 -P 68
%patch -p1 -P 69
%patch -p1 -P 70
%patch -p1 -P 71
%patch -p1 -P 72
%patch -p1 -P 73
%patch -p1 -P 74
%patch -p1 -P 75
%patch -p1 -P 76
%patch -p1 -P 77
%patch -p1 -P 78
%patch -p1 -P 79
%patch -p1 -P 80
%patch -p1 -P 81
%patch -p1 -P 82
%patch -p1 -P 83
%patch -p1 -P 84
%patch -p1 -P 85
%patch -p1 -P 86 -F1
%patch -p1 -P 87
%patch -p1 -P 88
%patch -p1 -P 89
%patch -p1 -P 90
%patch -p1 -P 91
%patch -p1 -P 92
%patch -p1 -P 93
%patch -p1 -P 94
%patch -p1 -P 95
%patch -p1 -P 96 -F2
%patch -p1 -P 97
%patch -p1 -P 98
%patch -p1 -P 99
%patch -p1 -P 100
%patch -p1 -P 101
%patch -p1 -P 102
%patch -p1 -P 103
%patch -p1 -P 104 -F1
%patch -p1 -P 105
%patch -p1 -P 106
%patch -p1 -P 107
%patch -p1 -P 108
%patch -p1 -P 109
%patch -p1 -P 110
%patch -p1 -P 111
%patch -p1 -P 112
%patch -p1 -P 113
%patch -p1 -P 114
%patch -p1 -P 115
%patch -p1 -P 116
%patch -p1 -P 117
%patch -p1 -P 118
%patch -p1 -P 119
%patch -p1 -P 120
%patch -p1 -P 121
%patch -p1 -P 122 -F2
%patch -p1 -P 123
%patch -p1 -P 124
%patch -p1 -P 125
%patch -p1 -P 126
%patch -p1 -P 127
%patch -p1 -P 128 -F2
%patch -p1 -P 129
%patch -p1 -P 130
%patch -p1 -P 131
%patch -p1 -P 132
%patch -p1 -P 133
%patch -p1 -P 134
%patch -p1 -P 135
%patch -p1 -P 136 -F2
%patch -p1 -P 137
%patch -p1 -P 138
%patch -p1 -P 139 -F2
%patch -p1 -P 140
%patch -p1 -P 141
%patch -p1 -P 142
# prevent compilation of something that won't get used anyway
sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
@ -594,20 +613,20 @@ popd
%{__python3} -m pip install --user --no-index --find-links %{_sourcedir} jmespath
%{__python3} -m pip install --target %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/aws --no-index --find-links %{_sourcedir} botocore
%{__python3} -m pip install --target %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/aws --no-index --find-links %{_sourcedir} requests
# regular patch doesnt work in install-section
# Patch1000
pushd %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{_sourcedir}/bz2218234-1-aws-fix-bundled-dateutil-CVE-2007-4559.patch
popd
%endif
# kubevirt
%{__python3} -m pip install --target %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt --no-index --find-links %{_sourcedir} openshift
rm -rf %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt/rsa*
# Patch1001
# regular patch doesnt work in build-section
pushd %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{_sourcedir}/bz2218234-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1000}
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=1 < %{PATCH1001}
%ifarch x86_64
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000}
%endif
popd
## tree fix up
@ -1497,6 +1516,33 @@ Fence agent for IBM z/VM over IP.
%endif
%changelog
* Fri Jan 19 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129
- bundled urllib3: fix CVE-2023-45803
Resolves: RHEL-18132
- bundled pycryptodome: fix CVE-2023-52323
Resolves: RHEL-20915
- bundled jinja2: fix CVE-2024-22195
Resolves: RHEL-22174
* Wed Jan 3 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-127
- fence_scsi: fix registration handling if ISID conflicts
Resolves: RHEL-5397
- fence_zvmip: document required user permissions in metadata/manpage
Resolves: RHEL-14343
* Mon Oct 23 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-125
- all agents: update metadata in non-I/O agents to Power or Network
fencing
Resolves: RHEL-14031
* Thu Oct 12 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-123
- bundled urllib3: fix CVE-2023-43804
Resolves: RHEL-11988
* Tue Sep 26 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-122
- bundled certifi: fix CVE-2023-37920
Resolves: RHEL-6972
* Thu Aug 3 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-121
- bundled dateutil: fix tarfile CVE-2007-4559
Resolves: rhbz#2218234