import CS fence-agents-4.2.1-129.el8
This commit is contained in:
parent
c2d304e1db
commit
f9a870c155
@ -6,7 +6,7 @@ c2a98b9a1562d223a76514f05028488ca000c395 SOURCES/aliyun-python-sdk-ecs-4.9.3.tar
|
||||
f14647a4d37a9a254c4e711b95a7654fc418e41e SOURCES/aliyun-python-sdk-vpc-3.0.2.tar.gz
|
||||
2512ff4ef016cad0b916006f6acf2a309f908c4d SOURCES/botocore-1.23.46.tar.gz
|
||||
0d12f48faa727f0979e9ad5c4c80dfa32b73caff SOURCES/cachetools-4.2.4.tar.gz
|
||||
b13e22d55867e2ca5f92e5289cfdc21ba6e343aa SOURCES/certifi-2021.10.8.tar.gz
|
||||
ec7e8dd8ef95edfdb83a1ea040b8b88507b47615 SOURCES/certifi-2023.7.22.tar.gz
|
||||
2384f6cfba4685d901262e073a4455d4cf76d102 SOURCES/chardet-4.0.0.tar.gz
|
||||
865df92e66e5dc7b940144cbad8115c07dc8784f SOURCES/charset-normalizer-2.0.7.tar.gz
|
||||
e2561df8e7ff9113dab118a651371dd88dab0142 SOURCES/fence-agents-4.2.1.tar.gz
|
||||
@ -20,7 +20,7 @@ f6efa66f6106b069b5c0e0cf8cc677e4e96c91ca SOURCES/oauthlib-3.1.1.tar.gz
|
||||
bccbc1bf76a9db46998eb8e1ffa2f2a2baf9237a SOURCES/packaging-21.2-py3-none-any.whl
|
||||
e0fa19f8fda46a1fa2253477499b116b33f67175 SOURCES/pyasn1-0.4.8.tar.gz
|
||||
43b89feb6864fe359aae89120627165219de313b SOURCES/pyasn1-modules-0.2.8.tar.gz
|
||||
326a73f58a62ebee00c11a12cfdd838b196e0e8e SOURCES/pycryptodome-3.6.4.tar.gz
|
||||
c55d177e9484d974c95078d4ae945f89ba2c7251 SOURCES/pycryptodome-3.20.0.tar.gz
|
||||
c8307f47e3b75a2d02af72982a2dfefa3f56e407 SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl
|
||||
c2ba10c775b7a52a4b57cac4d4110a0c0f812a82 SOURCES/python-dateutil-2.8.2.tar.gz
|
||||
1dc2fa004aa6517f1620e55d8a7b8e68a9cf2a47 SOURCES/python-string-utils-1.0.0.tar.gz
|
||||
@ -33,5 +33,5 @@ d5354718cb8c9330d3abc27445467ce8a5ed9d70 SOURCES/setuptools-58.3.0.tar.gz
|
||||
a4f02fddae697614e356cadfddb6241cc7737f38 SOURCES/setuptools_scm-6.3.2.tar.gz
|
||||
06fa0bb50f2a4e2917fd14c21e9d2d5508ce0163 SOURCES/six-1.16.0.tar.gz
|
||||
b42b7960047441db7dc021cc20e14279bd836f8d SOURCES/tomli-1.0.1.tar.gz
|
||||
eb35c3fd8b0867ae988a15917d6b80e8bdf60222 SOURCES/urllib3-1.26.7.tar.gz
|
||||
84e2852d8da1655373f7ce5e7d5d3e256b62b4e4 SOURCES/urllib3-1.26.18.tar.gz
|
||||
540f083782c584989c1a0f69ffd69ba7aae07db6 SOURCES/websocket-client-1.2.1.tar.gz
|
||||
|
6
.gitignore
vendored
6
.gitignore
vendored
@ -6,7 +6,7 @@ SOURCES/aliyun-python-sdk-ecs-4.9.3.tar.gz
|
||||
SOURCES/aliyun-python-sdk-vpc-3.0.2.tar.gz
|
||||
SOURCES/botocore-1.23.46.tar.gz
|
||||
SOURCES/cachetools-4.2.4.tar.gz
|
||||
SOURCES/certifi-2021.10.8.tar.gz
|
||||
SOURCES/certifi-2023.7.22.tar.gz
|
||||
SOURCES/chardet-4.0.0.tar.gz
|
||||
SOURCES/charset-normalizer-2.0.7.tar.gz
|
||||
SOURCES/fence-agents-4.2.1.tar.gz
|
||||
@ -20,7 +20,7 @@ SOURCES/openshift-0.12.1.tar.gz
|
||||
SOURCES/packaging-21.2-py3-none-any.whl
|
||||
SOURCES/pyasn1-0.4.8.tar.gz
|
||||
SOURCES/pyasn1-modules-0.2.8.tar.gz
|
||||
SOURCES/pycryptodome-3.6.4.tar.gz
|
||||
SOURCES/pycryptodome-3.20.0.tar.gz
|
||||
SOURCES/pyparsing-2.4.7-py2.py3-none-any.whl
|
||||
SOURCES/python-dateutil-2.8.2.tar.gz
|
||||
SOURCES/python-string-utils-1.0.0.tar.gz
|
||||
@ -33,5 +33,5 @@ SOURCES/setuptools-58.3.0.tar.gz
|
||||
SOURCES/setuptools_scm-6.3.2.tar.gz
|
||||
SOURCES/six-1.16.0.tar.gz
|
||||
SOURCES/tomli-1.0.1.tar.gz
|
||||
SOURCES/urllib3-1.26.7.tar.gz
|
||||
SOURCES/urllib3-1.26.18.tar.gz
|
||||
SOURCES/websocket-client-1.2.1.tar.gz
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,35 @@
|
||||
From 639732ddca765b2f147ef0c0a896968e3304ca49 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Mon, 23 Oct 2023 09:28:55 +0200
|
||||
Subject: [PATCH] fence_cisco_mds: undo metadata change, as it is an I/O agent
|
||||
|
||||
---
|
||||
agents/cisco_mds/fence_cisco_mds.py | 2 +-
|
||||
tests/data/metadata/fence_cisco_mds.xml | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/agents/cisco_mds/fence_cisco_mds.py b/agents/cisco_mds/fence_cisco_mds.py
|
||||
index 04cd1f842..fbb876a94 100644
|
||||
--- a/agents/cisco_mds/fence_cisco_mds.py
|
||||
+++ b/agents/cisco_mds/fence_cisco_mds.py
|
||||
@@ -77,7 +77,7 @@ def main():
|
||||
|
||||
docs = {}
|
||||
docs["shortdesc"] = "Fence agent for Cisco MDS"
|
||||
- docs["longdesc"] = "fence_cisco_mds is a Power Fencing agent \
|
||||
+ docs["longdesc"] = "fence_cisco_mds is an I/O Fencing agent \
|
||||
which can be used with any Cisco MDS 9000 series with SNMP enabled device."
|
||||
docs["vendorurl"] = "http://www.cisco.com"
|
||||
show_docs(options, docs)
|
||||
diff --git a/tests/data/metadata/fence_cisco_mds.xml b/tests/data/metadata/fence_cisco_mds.xml
|
||||
index 2105ecccc..829c9dcbe 100644
|
||||
--- a/tests/data/metadata/fence_cisco_mds.xml
|
||||
+++ b/tests/data/metadata/fence_cisco_mds.xml
|
||||
@@ -1,6 +1,6 @@
|
||||
<?xml version="1.0" ?>
|
||||
<resource-agent name="fence_cisco_mds" shortdesc="Fence agent for Cisco MDS" >
|
||||
-<longdesc>fence_cisco_mds is a Power Fencing agent which can be used with any Cisco MDS 9000 series with SNMP enabled device.</longdesc>
|
||||
+<longdesc>fence_cisco_mds is an I/O Fencing agent which can be used with any Cisco MDS 9000 series with SNMP enabled device.</longdesc>
|
||||
<vendor-url>http://www.cisco.com</vendor-url>
|
||||
<parameters>
|
||||
<parameter name="action" unique="0" required="1">
|
159
SOURCES/RHEL-14343-fence_zvmip-1-document-user-permissions.patch
Normal file
159
SOURCES/RHEL-14343-fence_zvmip-1-document-user-permissions.patch
Normal file
@ -0,0 +1,159 @@
|
||||
From dcb8ddd13c3dfad02e00c07f283251e0c2a60c46 Mon Sep 17 00:00:00 2001
|
||||
From: Reid Wahl <nrwahl@protonmail.com>
|
||||
Date: Mon, 16 Aug 2021 17:44:13 -0700
|
||||
Subject: [PATCH] fence_zvmip: Update longdesc to document all required
|
||||
functions
|
||||
|
||||
In RHBZ#1935641, IBM explained that the requesting user needs
|
||||
authorization for more functions than what is currently documented.
|
||||
|
||||
They said:
|
||||
"""
|
||||
What we found is that you need rights from three different NICKS:
|
||||
SERVER_MANAGEMENT, IMAGE_CHARACTERISTICS and IMAGE_OPERATIONS.
|
||||
You won't be able to give a user all three NICKS.
|
||||
Therefore, you have to create a new NICK with all capabilities from all
|
||||
three NICKS together and then assign the new NICK to the USER
|
||||
"ZCLUSTER".
|
||||
Even better is to just use the needed Subset with a new NICK.
|
||||
We found five commands which are used in the fencing code and on the
|
||||
z/VM Log which should be enough for fencing to work.
|
||||
|
||||
We suggest creating following files:
|
||||
|
||||
File VSMWORK1 NAMELIST:
|
||||
```
|
||||
:nick.ZVM_FENCE
|
||||
:list.
|
||||
IMAGE_ACTIVATE
|
||||
IMAGE_DEACTIVATE
|
||||
IMAGE_STATUS_QUERY
|
||||
CHECK_AUTHENTICATION
|
||||
IMAGE_NAME_QUERY_DM
|
||||
```
|
||||
|
||||
File VSMWORK1 AUTHLIST:
|
||||
```
|
||||
ZCLUSTER ALL ZVM_FENCE
|
||||
```
|
||||
|
||||
For details, we suggest adding a link to the current z/VM docu:
|
||||
- NAMELIST: https://www.ibm.com/support/knowledgecenter/de/SSB27U_7.2.0/com.ibm.zvm.v720.dmse6/namelst.htm
|
||||
- AUTHLIST: https://www.ibm.com/support/knowledgecenter/de/SSB27U_7.2.0/com.ibm.zvm.v720.dmse6/auf.htm
|
||||
"""
|
||||
|
||||
Resolves: RHBZ1935641
|
||||
|
||||
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
|
||||
---
|
||||
agents/zvm/fence_zvmip.py | 37 ++++++++++++++++++++++-------
|
||||
tests/data/metadata/fence_zvmip.xml | 37 ++++++++++++++++++++++-------
|
||||
2 files changed, 56 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py
|
||||
index 4f538e10d..c37950a20 100644
|
||||
--- a/agents/zvm/fence_zvmip.py
|
||||
+++ b/agents/zvm/fence_zvmip.py
|
||||
@@ -199,21 +199,40 @@ def main():
|
||||
|
||||
docs = {}
|
||||
docs["shortdesc"] = "Fence agent for use with z/VM Virtual Machines"
|
||||
- docs["longdesc"] = """The fence_zvm agent is intended to be used with with z/VM SMAPI service via TCP/IP
|
||||
+ docs["longdesc"] = """The fence_zvmip agent is intended to be used with the
|
||||
+z/VM SMAPI service via TCP/IP.
|
||||
|
||||
-To use this agent the z/VM SMAPI service needs to be configured to allow the virtual machine running this agent to connect to it and issue
|
||||
-the image_recycle operation. This involves updating the VSMWORK1 AUTHLIST VMSYS:VSMWORK1. file. The entry should look something similar to
|
||||
-this:
|
||||
+The z/VM SMAPI service must be configured so that the virtual machine running
|
||||
+the agent can connect to the service, access the system's directory manager,
|
||||
+and shortly thereafter run image_deactivate and image_activate. This involves
|
||||
+updating the VSMWORK1 NAMELIST and VSMWORK1 AUTHLIST VMSYS:VSMWORK1 files.
|
||||
+
|
||||
+The NAMELIST entry assigns all the required functions to one nick and should
|
||||
+look similar to this:
|
||||
+
|
||||
+:nick.ZVM_FENCE
|
||||
+:list.
|
||||
+IMAGE_ACTIVATE
|
||||
+IMAGE_DEACTIVATE
|
||||
+IMAGE_STATUS_QUERY
|
||||
+CHECK_AUTHENTICATION
|
||||
+IMAGE_NAME_QUERY_DM
|
||||
+
|
||||
+
|
||||
+The AUTHLIST entry authorizes the user to perform all the functions associated
|
||||
+with the nick, and should look similar to this:
|
||||
|
||||
Column 1 Column 66 Column 131
|
||||
|
||||
- | | |
|
||||
- V V V
|
||||
+| | |
|
||||
+V V V
|
||||
+
|
||||
+XXXXXXXX ALL ZVM_FENCE
|
||||
|
||||
-XXXXXXXX ALL IMAGE_CHARACTERISTICS
|
||||
+where XXXXXXXX is the name of the user in the authuser field of the request.
|
||||
|
||||
-Where XXXXXXX is the name of the virtual machine used in the authuser field of the request. This virtual machine also has to be authorized
|
||||
-to access the system's directory manager.
|
||||
+Refer to the official z/VM documentation for complete instructions and
|
||||
+reference materials.
|
||||
"""
|
||||
docs["vendorurl"] = "http://www.ibm.com"
|
||||
show_docs(options, docs)
|
||||
diff --git a/tests/data/metadata/fence_zvmip.xml b/tests/data/metadata/fence_zvmip.xml
|
||||
index 6996ab736..96393bdfa 100644
|
||||
--- a/tests/data/metadata/fence_zvmip.xml
|
||||
+++ b/tests/data/metadata/fence_zvmip.xml
|
||||
@@ -1,20 +1,39 @@
|
||||
<?xml version="1.0" ?>
|
||||
<resource-agent name="fence_zvmip" shortdesc="Fence agent for use with z/VM Virtual Machines" >
|
||||
-<longdesc>The fence_zvm agent is intended to be used with with z/VM SMAPI service via TCP/IP
|
||||
+<longdesc>The fence_zvmip agent is intended to be used with the
|
||||
+z/VM SMAPI service via TCP/IP.
|
||||
|
||||
-To use this agent the z/VM SMAPI service needs to be configured to allow the virtual machine running this agent to connect to it and issue
|
||||
-the image_recycle operation. This involves updating the VSMWORK1 AUTHLIST VMSYS:VSMWORK1. file. The entry should look something similar to
|
||||
-this:
|
||||
+The z/VM SMAPI service must be configured so that the virtual machine running
|
||||
+the agent can connect to the service, access the system's directory manager,
|
||||
+and shortly thereafter run image_deactivate and image_activate. This involves
|
||||
+updating the VSMWORK1 NAMELIST and VSMWORK1 AUTHLIST VMSYS:VSMWORK1 files.
|
||||
+
|
||||
+The NAMELIST entry assigns all the required functions to one nick and should
|
||||
+look similar to this:
|
||||
+
|
||||
+:nick.ZVM_FENCE
|
||||
+:list.
|
||||
+IMAGE_ACTIVATE
|
||||
+IMAGE_DEACTIVATE
|
||||
+IMAGE_STATUS_QUERY
|
||||
+CHECK_AUTHENTICATION
|
||||
+IMAGE_NAME_QUERY_DM
|
||||
+
|
||||
+
|
||||
+The AUTHLIST entry authorizes the user to perform all the functions associated
|
||||
+with the nick, and should look similar to this:
|
||||
|
||||
Column 1 Column 66 Column 131
|
||||
|
||||
- | | |
|
||||
- V V V
|
||||
+| | |
|
||||
+V V V
|
||||
+
|
||||
+XXXXXXXX ALL ZVM_FENCE
|
||||
|
||||
-XXXXXXXX ALL IMAGE_CHARACTERISTICS
|
||||
+where XXXXXXXX is the name of the user in the authuser field of the request.
|
||||
|
||||
-Where XXXXXXX is the name of the virtual machine used in the authuser field of the request. This virtual machine also has to be authorized
|
||||
-to access the system's directory manager.
|
||||
+Refer to the official z/VM documentation for complete instructions and
|
||||
+reference materials.
|
||||
</longdesc>
|
||||
<vendor-url>http://www.ibm.com</vendor-url>
|
||||
<parameters>
|
@ -0,0 +1,41 @@
|
||||
From adac1d81c5758235b6df46d0a91f1e948655848a Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Wed, 3 Jan 2024 10:17:50 +0100
|
||||
Subject: [PATCH] fence_zvmip: fix manpage formatting
|
||||
|
||||
---
|
||||
agents/zvm/fence_zvmip.py | 14 +++++++-------
|
||||
1 file changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/agents/zvm/fence_zvmip.py b/agents/zvm/fence_zvmip.py
|
||||
index f1cea2652..bd8273c49 100644
|
||||
--- a/agents/zvm/fence_zvmip.py
|
||||
+++ b/agents/zvm/fence_zvmip.py
|
||||
@@ -210,12 +210,12 @@ def main():
|
||||
The NAMELIST entry assigns all the required functions to one nick and should
|
||||
look similar to this:
|
||||
|
||||
-:nick.ZVM_FENCE
|
||||
-:list.
|
||||
-IMAGE_ACTIVATE
|
||||
-IMAGE_DEACTIVATE
|
||||
-IMAGE_STATUS_QUERY
|
||||
-CHECK_AUTHENTICATION
|
||||
+:nick.ZVM_FENCE\n.br\n\
|
||||
+:list.\n.br\n\
|
||||
+IMAGE_ACTIVATE\n.br\n\
|
||||
+IMAGE_DEACTIVATE\n.br\n\
|
||||
+IMAGE_STATUS_QUERY\n.br\n\
|
||||
+CHECK_AUTHENTICATION\n.br\n\
|
||||
IMAGE_NAME_QUERY_DM
|
||||
|
||||
|
||||
@@ -224,7 +224,7 @@ def main():
|
||||
|
||||
Column 1 Column 66 Column 131
|
||||
|
||||
-| | |
|
||||
+| | |\n.br\n\
|
||||
V V V
|
||||
|
||||
XXXXXXXX ALL ZVM_FENCE
|
@ -0,0 +1,63 @@
|
||||
From 7dd3680e6eea0d77fde024763657aa4d884ddb23 Mon Sep 17 00:00:00 2001
|
||||
From: Calum Hutton <calum.hutton@snyk.io>
|
||||
Date: Thu, 26 Oct 2023 12:08:53 +0100
|
||||
Subject: [PATCH] xmlattr filter disallows keys with spaces
|
||||
|
||||
---
|
||||
CHANGES.rst | 1 +
|
||||
src/jinja2/filters.py | 28 +++++++++++++++++++++-------
|
||||
tests/test_filters.py | 6 ++++++
|
||||
3 files changed, 28 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/jinja2/filters.py b/src/jinja2/filters.py
|
||||
index ed07c4c0e..c7ecc9bb6 100644
|
||||
--- a/kubevirt/jinja2/filters.py
|
||||
+++ b/kubevirt/jinja2/filters.py
|
||||
@@ -248,13 +248,17 @@ def do_items(value: t.Union[t.Mapping[K, V], Undefined]) -> t.Iterator[t.Tuple[K
|
||||
yield from value.items()
|
||||
|
||||
|
||||
+_space_re = re.compile(r"\s", flags=re.ASCII)
|
||||
+
|
||||
+
|
||||
@pass_eval_context
|
||||
def do_xmlattr(
|
||||
eval_ctx: "EvalContext", d: t.Mapping[str, t.Any], autospace: bool = True
|
||||
) -> str:
|
||||
"""Create an SGML/XML attribute string based on the items in a dict.
|
||||
- All values that are neither `none` nor `undefined` are automatically
|
||||
- escaped:
|
||||
+
|
||||
+ If any key contains a space, this fails with a ``ValueError``. Values that
|
||||
+ are neither ``none`` nor ``undefined`` are automatically escaped.
|
||||
|
||||
.. sourcecode:: html+jinja
|
||||
|
||||
@@ -273,12 +277,22 @@ def do_xmlattr(
|
||||
|
||||
As you can see it automatically prepends a space in front of the item
|
||||
if the filter returned something unless the second parameter is false.
|
||||
+
|
||||
+ .. versionchanged:: 3.1.3
|
||||
+ Keys with spaces are not allowed.
|
||||
"""
|
||||
- rv = " ".join(
|
||||
- f'{escape(key)}="{escape(value)}"'
|
||||
- for key, value in d.items()
|
||||
- if value is not None and not isinstance(value, Undefined)
|
||||
- )
|
||||
+ items = []
|
||||
+
|
||||
+ for key, value in d.items():
|
||||
+ if value is None or isinstance(value, Undefined):
|
||||
+ continue
|
||||
+
|
||||
+ if _space_re.search(key) is not None:
|
||||
+ raise ValueError(f"Spaces are not allowed in attributes: '{key}'")
|
||||
+
|
||||
+ items.append(f'{escape(key)}="{escape(value)}"')
|
||||
+
|
||||
+ rv = " ".join(items)
|
||||
|
||||
if autospace and rv:
|
||||
rv = " " + rv
|
22
SOURCES/RHEL-5397-4-fence_scsi-log-err.patch
Normal file
22
SOURCES/RHEL-5397-4-fence_scsi-log-err.patch
Normal file
@ -0,0 +1,22 @@
|
||||
--- a/agents/scsi/fence_scsi.py 2024-01-03 14:15:20.755284113 +0100
|
||||
+++ b/agents/scsi/fence_scsi.py 2024-01-03 12:32:01.598598127 +0100
|
||||
@@ -190,7 +190,8 @@
|
||||
cmd = options["--sg_persist-path"] + " -n -i " + opts + "-r -d " + dev
|
||||
out = run_cmd(options, cmd)
|
||||
if out["rc"] and fail:
|
||||
- fail_usage("Cannot get reservation key")
|
||||
+ fail_usage('Cannot get reservation key on device "' + dev
|
||||
+ + '": ' + out["err"])
|
||||
match = re.search(r"\s+key=0x(\S+)\s+", out["out"], re.IGNORECASE)
|
||||
return match.group(1) if match else None
|
||||
|
||||
@@ -204,7 +205,8 @@
|
||||
cmd = options["--sg_persist-path"] + " -n -i " + opts + "-k -d " + dev
|
||||
out = run_cmd(options, cmd)
|
||||
if out["rc"]:
|
||||
- fail_usage("Cannot get registration keys", fail)
|
||||
+ fail_usage('Cannot get registration keys on device "' + dev
|
||||
+ + '": ' + out["err"], fail)
|
||||
if not fail:
|
||||
return []
|
||||
for line in out["out"].split("\n"):
|
68
SOURCES/RHEL-5397-fence_scsi-1-fix-ISID-reg-handling.patch
Normal file
68
SOURCES/RHEL-5397-fence_scsi-1-fix-ISID-reg-handling.patch
Normal file
@ -0,0 +1,68 @@
|
||||
From 9d0d0d013c7edae43a4ebc5f46bf2e7a4f127654 Mon Sep 17 00:00:00 2001
|
||||
From: "sreejit.mohanan" <sreejit.mohanan@nutanix.com>
|
||||
Date: Fri, 17 Feb 2023 18:04:03 -0800
|
||||
Subject: [PATCH] fence_scsi: fix registration handling if ISID conflicts ISID
|
||||
(Initiator Session ID) belonging to I_T Nexus changes for RHEL based on the
|
||||
session ID. This means that the connection to the device can be set up with
|
||||
different ISID on reconnects.
|
||||
|
||||
fence_scsi treats same key as a tip to ignore issuing registration
|
||||
to the device but if the device was registered using a different
|
||||
ISID, the key would be the same but the I_T Nexus (new ISID) would
|
||||
not have access to the device.
|
||||
|
||||
Fixing this by preempting the old key and replacing with the current
|
||||
one.
|
||||
---
|
||||
agents/scsi/fence_scsi.py | 35 ++++++++++++++++++++++++++++++++---
|
||||
1 file changed, 32 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py
|
||||
index f9e6823b2..85e4f29e6 100644
|
||||
--- a/agents/scsi/fence_scsi.py
|
||||
+++ b/agents/scsi/fence_scsi.py
|
||||
@@ -137,12 +137,41 @@ def register_dev(options, dev):
|
||||
for slave in get_mpath_slaves(dev):
|
||||
register_dev(options, slave)
|
||||
return True
|
||||
- if get_reservation_key(options, dev, False) == options["--key"]:
|
||||
- return True
|
||||
+
|
||||
+ # Check if any registration exists for the key already. We track this in
|
||||
+ # order to decide whether the existing registration needs to be cleared.
|
||||
+ # This is needed since the previous registration could be for a
|
||||
+ # different I_T nexus (different ISID).
|
||||
+ registration_key_exists = False
|
||||
+ if options["--key"] in get_registration_keys(options, dev):
|
||||
+ registration_key_exists = True
|
||||
+ if not register_helper(options, options["--key"], dev):
|
||||
+ return False
|
||||
+
|
||||
+ if registration_key_exists:
|
||||
+ # If key matches, make sure it matches with the connection that
|
||||
+ # exists right now. To do this, we can issue a preempt with same key
|
||||
+ # which should replace the old invalid entries from the target.
|
||||
+ if not preempt(options, options["--key"], dev):
|
||||
+ return False
|
||||
+
|
||||
+ # If there was no reservation, we need to issue another registration
|
||||
+ # since the previous preempt would clear registration made above.
|
||||
+ if get_reservation_key(options, dev, False) != options["--key"]:
|
||||
+ return register_helper(options, options["--key"], dev)
|
||||
+ return True
|
||||
+
|
||||
+# cancel registration without aborting tasks
|
||||
+def preempt(options, host, dev):
|
||||
+ reset_dev(options,dev)
|
||||
+ cmd = options["--sg_persist-path"] + " -n -o -P -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev
|
||||
+ return not bool(run_cmd(options, cmd)["rc"])
|
||||
+
|
||||
+# helper function to send the register command
|
||||
+def register_helper(options, host, dev):
|
||||
reset_dev(options, dev)
|
||||
cmd = options["--sg_persist-path"] + " -n -o -I -S " + options["--key"] + " -d " + dev
|
||||
cmd += " -Z" if "--aptpl" in options else ""
|
||||
- #cmd return code != 0 but registration can be successful
|
||||
return not bool(run_cmd(options, cmd)["err"])
|
||||
|
||||
|
103
SOURCES/RHEL-5397-fence_scsi-2-fix-ISID-reg-handling-off.patch
Normal file
103
SOURCES/RHEL-5397-fence_scsi-2-fix-ISID-reg-handling-off.patch
Normal file
@ -0,0 +1,103 @@
|
||||
From 34baef58db442148b8e067509d2cdd37b7a91ef4 Mon Sep 17 00:00:00 2001
|
||||
From: "sreejit.mohanan" <sreejit.mohanan@nutanix.com>
|
||||
Date: Thu, 7 Sep 2023 15:57:51 -0700
|
||||
Subject: [PATCH] fence_scsi: fix registration handling in device 'off'
|
||||
workflows
|
||||
|
||||
ISID (Initiator Session ID) belonging to I_T Nexus changes for
|
||||
RHEL based on the session ID. This means that the connection to
|
||||
the device can be set up with different ISID on reconnects.
|
||||
|
||||
When a device is powered off, fence_scsi assumes that the client
|
||||
has a registration to the device and sends a preempt-and-abort
|
||||
request which ends up failing due to reservation conflict.
|
||||
|
||||
Fixing this by registering the host key with the device and preempting
|
||||
the old registration (if it exists). This should make sure that the
|
||||
host is able to preempt the other key successfully.
|
||||
---
|
||||
agents/scsi/fence_scsi.py | 29 +++++++++++++++--------------
|
||||
1 file changed, 15 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py
|
||||
index 42530ceb5..519319bf5 100644
|
||||
--- a/agents/scsi/fence_scsi.py
|
||||
+++ b/agents/scsi/fence_scsi.py
|
||||
@@ -41,7 +41,7 @@ def set_status(conn, options):
|
||||
for dev in options["devices"]:
|
||||
is_block_device(dev)
|
||||
|
||||
- register_dev(options, dev)
|
||||
+ register_dev(options, dev, options["--key"])
|
||||
if options["--key"] not in get_registration_keys(options, dev):
|
||||
count += 1
|
||||
logging.debug("Failed to register key "\
|
||||
@@ -62,7 +62,7 @@ def set_status(conn, options):
|
||||
fail_usage("Failed: keys cannot be same. You can not fence yourself.")
|
||||
for dev in options["devices"]:
|
||||
is_block_device(dev)
|
||||
-
|
||||
+ register_dev(options, dev, host_key)
|
||||
if options["--key"] in get_registration_keys(options, dev):
|
||||
preempt_abort(options, host_key, dev)
|
||||
|
||||
@@ -131,11 +131,11 @@ def reset_dev(options, dev):
|
||||
return run_cmd(options, options["--sg_turs-path"] + " " + dev)["rc"]
|
||||
|
||||
|
||||
-def register_dev(options, dev):
|
||||
+def register_dev(options, dev, key):
|
||||
dev = os.path.realpath(dev)
|
||||
if re.search(r"^dm", dev[5:]):
|
||||
for slave in get_mpath_slaves(dev):
|
||||
- register_dev(options, slave)
|
||||
+ register_dev(options, slave, key)
|
||||
return True
|
||||
|
||||
# Check if any registration exists for the key already. We track this in
|
||||
@@ -143,34 +143,35 @@ def register_dev(options, dev):
|
||||
# This is needed since the previous registration could be for a
|
||||
# different I_T nexus (different ISID).
|
||||
registration_key_exists = False
|
||||
- if options["--key"] in get_registration_keys(options, dev):
|
||||
+ if key in get_registration_keys(options, dev):
|
||||
+ logging.debug("Registration key exists for device " + dev)
|
||||
registration_key_exists = True
|
||||
- if not register_helper(options, options["--key"], dev):
|
||||
+ if not register_helper(options, dev, key):
|
||||
return False
|
||||
|
||||
if registration_key_exists:
|
||||
# If key matches, make sure it matches with the connection that
|
||||
# exists right now. To do this, we can issue a preempt with same key
|
||||
# which should replace the old invalid entries from the target.
|
||||
- if not preempt(options, options["--key"], dev):
|
||||
+ if not preempt(options, key, dev, key):
|
||||
return False
|
||||
|
||||
# If there was no reservation, we need to issue another registration
|
||||
# since the previous preempt would clear registration made above.
|
||||
- if get_reservation_key(options, dev, False) != options["--key"]:
|
||||
- return register_helper(options, options["--key"], dev)
|
||||
+ if get_reservation_key(options, dev, False) != key:
|
||||
+ return register_helper(options, dev, key)
|
||||
return True
|
||||
|
||||
-# cancel registration without aborting tasks
|
||||
-def preempt(options, host, dev):
|
||||
+# helper function to preempt host with 'key' using 'host_key' without aborting tasks
|
||||
+def preempt(options, host_key, dev, key):
|
||||
reset_dev(options,dev)
|
||||
- cmd = options["--sg_persist-path"] + " -n -o -P -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev
|
||||
+ cmd = options["--sg_persist-path"] + " -n -o -P -T 5 -K " + host_key + " -S " + key + " -d " + dev
|
||||
return not bool(run_cmd(options, cmd)["rc"])
|
||||
|
||||
# helper function to send the register command
|
||||
-def register_helper(options, host, dev):
|
||||
+def register_helper(options, dev, key):
|
||||
reset_dev(options, dev)
|
||||
- cmd = options["--sg_persist-path"] + " -n -o -I -S " + options["--key"] + " -d " + dev
|
||||
+ cmd = options["--sg_persist-path"] + " -n -o -I -S " + key + " -d " + dev
|
||||
cmd += " -Z" if "--aptpl" in options else ""
|
||||
return not bool(run_cmd(options, cmd)["rc"])
|
||||
|
93
SOURCES/RHEL-5397-fence_scsi-3-fix-run_cmd.patch
Normal file
93
SOURCES/RHEL-5397-fence_scsi-3-fix-run_cmd.patch
Normal file
@ -0,0 +1,93 @@
|
||||
--- fence-agents-4.2.1/agents/scsi/fence_scsi.py.old 2024-01-02 12:22:30.198853290 +0100
|
||||
+++ fence-agents-4.2.1/agents/scsi/fence_scsi.py 2024-01-02 12:24:35.509549785 +0100
|
||||
@@ -84,14 +84,14 @@
|
||||
# check if host is ready to execute actions
|
||||
def do_action_monitor(options):
|
||||
# Check if required binaries are installed
|
||||
- if bool(run_cmd(options, options["--sg_persist-path"] + " -V")["err"]):
|
||||
+ if bool(run_cmd(options, options["--sg_persist-path"] + " -V")["rc"]):
|
||||
logging.error("Unable to run " + options["--sg_persist-path"])
|
||||
return 1
|
||||
- elif bool(run_cmd(options, options["--sg_turs-path"] + " -V")["err"]):
|
||||
+ elif bool(run_cmd(options, options["--sg_turs-path"] + " -V")["rc"]):
|
||||
logging.error("Unable to run " + options["--sg_turs-path"])
|
||||
return 1
|
||||
elif ("--devices" not in options and
|
||||
- bool(run_cmd(options, options["--vgs-path"] + " --version")["err"])):
|
||||
+ bool(run_cmd(options, options["--vgs-path"] + " --version")["rc"])):
|
||||
logging.error("Unable to run " + options["--vgs-path"])
|
||||
return 1
|
||||
|
||||
@@ -102,11 +102,13 @@
|
||||
return 0
|
||||
|
||||
|
||||
-#run command, returns dict, ret["err"] = exit code; ret["out"] = output
|
||||
+# run command, returns dict, ret["rc"] = exit code; ret["out"] = output;
|
||||
+# ret["err"] = error
|
||||
def run_cmd(options, cmd):
|
||||
ret = {}
|
||||
- (ret["err"], ret["out"], _) = run_command(options, cmd)
|
||||
+ (ret["rc"], ret["out"], ret["err"]) = run_command(options, cmd)
|
||||
ret["out"] = "".join([i for i in ret["out"] if i is not None])
|
||||
+ ret["err"] = "".join([i for i in ret["err"] if i is not None])
|
||||
return ret
|
||||
|
||||
|
||||
@@ -122,11 +124,11 @@
|
||||
def preempt_abort(options, host, dev):
|
||||
reset_dev(options,dev)
|
||||
cmd = options["--sg_persist-path"] + " -n -o -A -T 5 -K " + host + " -S " + options["--key"] + " -d " + dev
|
||||
- return not bool(run_cmd(options, cmd)["err"])
|
||||
+ return not bool(run_cmd(options, cmd)["rc"])
|
||||
|
||||
|
||||
def reset_dev(options, dev):
|
||||
- return run_cmd(options, options["--sg_turs-path"] + " " + dev)["err"]
|
||||
+ return run_cmd(options, options["--sg_turs-path"] + " " + dev)["rc"]
|
||||
|
||||
|
||||
def register_dev(options, dev, key):
|
||||
@@ -171,13 +173,13 @@
|
||||
reset_dev(options, dev)
|
||||
cmd = options["--sg_persist-path"] + " -n -o -I -S " + key + " -d " + dev
|
||||
cmd += " -Z" if "--aptpl" in options else ""
|
||||
- return not bool(run_cmd(options, cmd)["err"])
|
||||
+ return not bool(run_cmd(options, cmd)["rc"])
|
||||
|
||||
|
||||
def reserve_dev(options, dev):
|
||||
reset_dev(options,dev)
|
||||
cmd = options["--sg_persist-path"] + " -n -o -R -T 5 -K " + options["--key"] + " -d " + dev
|
||||
- return not bool(run_cmd(options, cmd)["err"])
|
||||
+ return not bool(run_cmd(options, cmd)["rc"])
|
||||
|
||||
|
||||
def get_reservation_key(options, dev, fail=True):
|
||||
@@ -187,7 +189,7 @@
|
||||
opts = "-y "
|
||||
cmd = options["--sg_persist-path"] + " -n -i " + opts + "-r -d " + dev
|
||||
out = run_cmd(options, cmd)
|
||||
- if out["err"] and fail:
|
||||
+ if out["rc"] and fail:
|
||||
fail_usage("Cannot get reservation key")
|
||||
match = re.search(r"\s+key=0x(\S+)\s+", out["out"], re.IGNORECASE)
|
||||
return match.group(1) if match else None
|
||||
@@ -201,7 +203,7 @@
|
||||
opts = "-y "
|
||||
cmd = options["--sg_persist-path"] + " -n -i " + opts + "-k -d " + dev
|
||||
out = run_cmd(options, cmd)
|
||||
- if out["err"]:
|
||||
+ if out["rc"]:
|
||||
fail_usage("Cannot get registration keys", fail)
|
||||
if not fail:
|
||||
return []
|
||||
@@ -319,7 +321,7 @@
|
||||
"--options vg_attr,pv_name "+\
|
||||
"--config 'global { locking_type = 0 } devices { preferred_names = [ \"^/dev/dm\" ] }'"
|
||||
out = run_cmd(options, cmd)
|
||||
- if out["err"]:
|
||||
+ if out["rc"]:
|
||||
fail_usage("Failed: Cannot get shared devices")
|
||||
for line in out["out"].splitlines():
|
||||
vg_attr, pv_name = line.strip().split(":")
|
@ -11,7 +11,7 @@
|
||||
# alibaba
|
||||
# python-pycryptodome bundle
|
||||
%global pycryptodome pycryptodome
|
||||
%global pycryptodome_version 3.6.4
|
||||
%global pycryptodome_version 3.20.0
|
||||
%global pycryptodome_dir %{bundled_lib_dir}/aliyun/%{pycryptodome}
|
||||
# python-aliyun-sdk-core bundle
|
||||
%global aliyunsdkcore aliyun-python-sdk-core
|
||||
@ -44,7 +44,7 @@
|
||||
%global kubernetes kubernetes
|
||||
%global kubernetes_version 12.0.1
|
||||
%global certifi certifi
|
||||
%global certifi_version 2021.10.8
|
||||
%global certifi_version 2023.7.22
|
||||
%global googleauth google-auth
|
||||
%global googleauth_version 2.3.0
|
||||
%global cachetools cachetools
|
||||
@ -59,10 +59,10 @@
|
||||
%global pyyaml_version 6.0
|
||||
%global six six
|
||||
%global six_version 1.16.0
|
||||
%global urllib3 urllib3
|
||||
%global urllib3_version 1.26.7
|
||||
%global websocketclient websocket-client
|
||||
%global websocketclient_version 1.2.1
|
||||
%global urllib3 urllib3
|
||||
%global urllib3_version 1.26.18
|
||||
%global websocketclient websocket-client
|
||||
%global websocketclient_version 1.2.1
|
||||
%global jinja2 Jinja2
|
||||
%global jinja2_version 3.0.2
|
||||
%global markupsafe MarkupSafe
|
||||
@ -87,7 +87,7 @@
|
||||
Name: fence-agents
|
||||
Summary: Set of unified programs capable of host isolation ("fencing")
|
||||
Version: 4.2.1
|
||||
Release: 121%{?alphatag:.%{alphatag}}%{?dist}
|
||||
Release: 129%{?alphatag:.%{alphatag}}%{?dist}
|
||||
License: GPLv2+ and LGPLv2+
|
||||
Group: System Environment/Base
|
||||
URL: https://github.com/ClusterLabs/fence-agents
|
||||
@ -274,10 +274,21 @@ Patch131: bz2187329-fence_scsi-2-support-space-separated-devices.patch
|
||||
Patch132: bz2211460-fence_azure-arm-1-stack-hub-support.patch
|
||||
Patch133: bz2211460-fence_azure-arm-2-metadata-endpoint-error-message.patch
|
||||
Patch134: bz2155453-fence_ibm_powervs-performance-improvements.patch
|
||||
Patch135: RHEL-14343-fence_zvmip-1-document-user-permissions.patch
|
||||
Patch136: RHEL-14031-1-all-agents-metadata-update-IO-Power-Network.patch
|
||||
Patch137: RHEL-14031-2-fence_cisco_mds-undo-metadata-change.patch
|
||||
Patch138: RHEL-5397-fence_scsi-1-fix-ISID-reg-handling.patch
|
||||
Patch139: RHEL-5397-fence_scsi-2-fix-ISID-reg-handling-off.patch
|
||||
Patch140: RHEL-5397-fence_scsi-3-fix-run_cmd.patch
|
||||
Patch141: RHEL-5397-4-fence_scsi-log-err.patch
|
||||
Patch142: RHEL-14343-fence_zvmip-2-fix-manpage-formatting.patch
|
||||
|
||||
### HA support libs/utils ###
|
||||
Patch1000: bz2218234-1-aws-fix-bundled-dateutil-CVE-2007-4559.patch
|
||||
Patch1001: bz2218234-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
|
||||
# all archs
|
||||
Patch1000: bz2218234-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
|
||||
Patch1001: RHEL-22174-kubevirt-fix-bundled-jinja2-CVE-2024-22195.patch
|
||||
# cloud (x86_64 only)
|
||||
Patch2000: bz2218234-2-aws-fix-bundled-dateutil-CVE-2007-4559.patch
|
||||
|
||||
%if 0%{?fedora} || 0%{?rhel} > 7
|
||||
%global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
|
||||
@ -355,141 +366,149 @@ BuildRequires: python3-google-api-client python3-pip python3-wheel python3-jinja
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
%patch20 -p1
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
%patch23 -p1
|
||||
%patch24 -p1
|
||||
%patch25 -p1
|
||||
%patch26 -p1
|
||||
%patch27 -p1
|
||||
%patch28 -p1
|
||||
%patch29 -p1
|
||||
%patch30 -p1 -F2
|
||||
%patch31 -p1 -F2
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
%patch34 -p1
|
||||
%patch35 -p1
|
||||
%patch36 -p1 -F1
|
||||
%patch37 -p1
|
||||
%patch38 -p1
|
||||
%patch39 -p1
|
||||
%patch40 -p1 -F2
|
||||
%patch41 -p1
|
||||
%patch42 -p1
|
||||
%patch43 -p1
|
||||
%patch44 -p1
|
||||
%patch45 -p1
|
||||
%patch46 -p1
|
||||
%patch47 -p1
|
||||
%patch48 -p1 -F1
|
||||
%patch49 -p1
|
||||
%patch50 -p1
|
||||
%patch51 -p1
|
||||
%patch52 -p1
|
||||
%patch53 -p1
|
||||
%patch54 -p1
|
||||
%patch55 -p1
|
||||
%patch56 -p1
|
||||
%patch57 -p1
|
||||
%patch58 -p1
|
||||
%patch59 -p1
|
||||
%patch60 -p1 -F1
|
||||
%patch61 -p1
|
||||
%patch62 -p1
|
||||
%patch63 -p1
|
||||
%patch64 -p1
|
||||
%patch65 -p1 -F1
|
||||
%patch66 -p1
|
||||
%patch67 -p1
|
||||
%patch68 -p1
|
||||
%patch69 -p1
|
||||
%patch70 -p1
|
||||
%patch71 -p1
|
||||
%patch72 -p1
|
||||
%patch73 -p1
|
||||
%patch74 -p1
|
||||
%patch75 -p1
|
||||
%patch76 -p1
|
||||
%patch77 -p1
|
||||
%patch78 -p1
|
||||
%patch79 -p1
|
||||
%patch80 -p1
|
||||
%patch81 -p1
|
||||
%patch82 -p1
|
||||
%patch83 -p1
|
||||
%patch84 -p1
|
||||
%patch85 -p1
|
||||
%patch86 -p1 -F1
|
||||
%patch87 -p1
|
||||
%patch88 -p1
|
||||
%patch89 -p1
|
||||
%patch90 -p1
|
||||
%patch91 -p1
|
||||
%patch92 -p1
|
||||
%patch93 -p1
|
||||
%patch94 -p1
|
||||
%patch95 -p1
|
||||
%patch96 -p1 -F2
|
||||
%patch97 -p1
|
||||
%patch98 -p1
|
||||
%patch99 -p1
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch102 -p1
|
||||
%patch103 -p1
|
||||
%patch104 -p1 -F1
|
||||
%patch105 -p1
|
||||
%patch106 -p1
|
||||
%patch107 -p1
|
||||
%patch108 -p1
|
||||
%patch109 -p1
|
||||
%patch110 -p1
|
||||
%patch111 -p1
|
||||
%patch112 -p1
|
||||
%patch113 -p1
|
||||
%patch114 -p1
|
||||
%patch115 -p1
|
||||
%patch116 -p1
|
||||
%patch117 -p1
|
||||
%patch118 -p1
|
||||
%patch119 -p1
|
||||
%patch120 -p1
|
||||
%patch121 -p1
|
||||
%patch122 -p1 -F2
|
||||
%patch123 -p1
|
||||
%patch124 -p1
|
||||
%patch125 -p1
|
||||
%patch126 -p1
|
||||
%patch127 -p1
|
||||
%patch128 -p1 -F2
|
||||
%patch129 -p1
|
||||
%patch130 -p1
|
||||
%patch131 -p1
|
||||
%patch132 -p1
|
||||
%patch133 -p1
|
||||
%patch134 -p1
|
||||
%patch -p1 -P 0
|
||||
%patch -p1 -P 1
|
||||
%patch -p1 -P 2
|
||||
%patch -p1 -P 3
|
||||
%patch -p1 -P 4
|
||||
%patch -p1 -P 5
|
||||
%patch -p1 -P 6
|
||||
%patch -p1 -P 7
|
||||
%patch -p1 -P 8
|
||||
%patch -p1 -P 9
|
||||
%patch -p1 -P 10
|
||||
%patch -p1 -P 11
|
||||
%patch -p1 -P 12
|
||||
%patch -p1 -P 13
|
||||
%patch -p1 -P 14
|
||||
%patch -p1 -P 15
|
||||
%patch -p1 -P 16
|
||||
%patch -p1 -P 17
|
||||
%patch -p1 -P 18
|
||||
%patch -p1 -P 19
|
||||
%patch -p1 -P 20
|
||||
%patch -p1 -P 21
|
||||
%patch -p1 -P 22
|
||||
%patch -p1 -P 23
|
||||
%patch -p1 -P 24
|
||||
%patch -p1 -P 25
|
||||
%patch -p1 -P 26
|
||||
%patch -p1 -P 27
|
||||
%patch -p1 -P 28
|
||||
%patch -p1 -P 29
|
||||
%patch -p1 -P 30 -F2
|
||||
%patch -p1 -P 31 -F2
|
||||
%patch -p1 -P 32
|
||||
%patch -p1 -P 33
|
||||
%patch -p1 -P 34
|
||||
%patch -p1 -P 35
|
||||
%patch -p1 -P 36 -F1
|
||||
%patch -p1 -P 37
|
||||
%patch -p1 -P 38
|
||||
%patch -p1 -P 39
|
||||
%patch -p1 -P 40 -F2
|
||||
%patch -p1 -P 41
|
||||
%patch -p1 -P 42
|
||||
%patch -p1 -P 43
|
||||
%patch -p1 -P 44
|
||||
%patch -p1 -P 45
|
||||
%patch -p1 -P 46
|
||||
%patch -p1 -P 47
|
||||
%patch -p1 -P 48 -F1
|
||||
%patch -p1 -P 49
|
||||
%patch -p1 -P 50
|
||||
%patch -p1 -P 51
|
||||
%patch -p1 -P 52
|
||||
%patch -p1 -P 53
|
||||
%patch -p1 -P 54
|
||||
%patch -p1 -P 55
|
||||
%patch -p1 -P 56
|
||||
%patch -p1 -P 57
|
||||
%patch -p1 -P 58
|
||||
%patch -p1 -P 59
|
||||
%patch -p1 -P 60 -F1
|
||||
%patch -p1 -P 61
|
||||
%patch -p1 -P 62
|
||||
%patch -p1 -P 63
|
||||
%patch -p1 -P 64
|
||||
%patch -p1 -P 65 -F1
|
||||
%patch -p1 -P 66
|
||||
%patch -p1 -P 67
|
||||
%patch -p1 -P 68
|
||||
%patch -p1 -P 69
|
||||
%patch -p1 -P 70
|
||||
%patch -p1 -P 71
|
||||
%patch -p1 -P 72
|
||||
%patch -p1 -P 73
|
||||
%patch -p1 -P 74
|
||||
%patch -p1 -P 75
|
||||
%patch -p1 -P 76
|
||||
%patch -p1 -P 77
|
||||
%patch -p1 -P 78
|
||||
%patch -p1 -P 79
|
||||
%patch -p1 -P 80
|
||||
%patch -p1 -P 81
|
||||
%patch -p1 -P 82
|
||||
%patch -p1 -P 83
|
||||
%patch -p1 -P 84
|
||||
%patch -p1 -P 85
|
||||
%patch -p1 -P 86 -F1
|
||||
%patch -p1 -P 87
|
||||
%patch -p1 -P 88
|
||||
%patch -p1 -P 89
|
||||
%patch -p1 -P 90
|
||||
%patch -p1 -P 91
|
||||
%patch -p1 -P 92
|
||||
%patch -p1 -P 93
|
||||
%patch -p1 -P 94
|
||||
%patch -p1 -P 95
|
||||
%patch -p1 -P 96 -F2
|
||||
%patch -p1 -P 97
|
||||
%patch -p1 -P 98
|
||||
%patch -p1 -P 99
|
||||
%patch -p1 -P 100
|
||||
%patch -p1 -P 101
|
||||
%patch -p1 -P 102
|
||||
%patch -p1 -P 103
|
||||
%patch -p1 -P 104 -F1
|
||||
%patch -p1 -P 105
|
||||
%patch -p1 -P 106
|
||||
%patch -p1 -P 107
|
||||
%patch -p1 -P 108
|
||||
%patch -p1 -P 109
|
||||
%patch -p1 -P 110
|
||||
%patch -p1 -P 111
|
||||
%patch -p1 -P 112
|
||||
%patch -p1 -P 113
|
||||
%patch -p1 -P 114
|
||||
%patch -p1 -P 115
|
||||
%patch -p1 -P 116
|
||||
%patch -p1 -P 117
|
||||
%patch -p1 -P 118
|
||||
%patch -p1 -P 119
|
||||
%patch -p1 -P 120
|
||||
%patch -p1 -P 121
|
||||
%patch -p1 -P 122 -F2
|
||||
%patch -p1 -P 123
|
||||
%patch -p1 -P 124
|
||||
%patch -p1 -P 125
|
||||
%patch -p1 -P 126
|
||||
%patch -p1 -P 127
|
||||
%patch -p1 -P 128 -F2
|
||||
%patch -p1 -P 129
|
||||
%patch -p1 -P 130
|
||||
%patch -p1 -P 131
|
||||
%patch -p1 -P 132
|
||||
%patch -p1 -P 133
|
||||
%patch -p1 -P 134
|
||||
%patch -p1 -P 135
|
||||
%patch -p1 -P 136 -F2
|
||||
%patch -p1 -P 137
|
||||
%patch -p1 -P 138
|
||||
%patch -p1 -P 139 -F2
|
||||
%patch -p1 -P 140
|
||||
%patch -p1 -P 141
|
||||
%patch -p1 -P 142
|
||||
|
||||
# prevent compilation of something that won't get used anyway
|
||||
sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
|
||||
@ -594,20 +613,20 @@ popd
|
||||
%{__python3} -m pip install --user --no-index --find-links %{_sourcedir} jmespath
|
||||
%{__python3} -m pip install --target %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/aws --no-index --find-links %{_sourcedir} botocore
|
||||
%{__python3} -m pip install --target %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/aws --no-index --find-links %{_sourcedir} requests
|
||||
|
||||
# regular patch doesnt work in install-section
|
||||
# Patch1000
|
||||
pushd %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}
|
||||
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{_sourcedir}/bz2218234-1-aws-fix-bundled-dateutil-CVE-2007-4559.patch
|
||||
popd
|
||||
%endif
|
||||
|
||||
# kubevirt
|
||||
%{__python3} -m pip install --target %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt --no-index --find-links %{_sourcedir} openshift
|
||||
rm -rf %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt/rsa*
|
||||
# Patch1001
|
||||
|
||||
# regular patch doesnt work in build-section
|
||||
pushd %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}
|
||||
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{_sourcedir}/bz2218234-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
|
||||
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1000}
|
||||
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=1 < %{PATCH1001}
|
||||
|
||||
%ifarch x86_64
|
||||
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH2000}
|
||||
%endif
|
||||
popd
|
||||
|
||||
## tree fix up
|
||||
@ -1497,6 +1516,33 @@ Fence agent for IBM z/VM over IP.
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Jan 19 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-129
|
||||
- bundled urllib3: fix CVE-2023-45803
|
||||
Resolves: RHEL-18132
|
||||
- bundled pycryptodome: fix CVE-2023-52323
|
||||
Resolves: RHEL-20915
|
||||
- bundled jinja2: fix CVE-2024-22195
|
||||
Resolves: RHEL-22174
|
||||
|
||||
* Wed Jan 3 2024 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-127
|
||||
- fence_scsi: fix registration handling if ISID conflicts
|
||||
Resolves: RHEL-5397
|
||||
- fence_zvmip: document required user permissions in metadata/manpage
|
||||
Resolves: RHEL-14343
|
||||
|
||||
* Mon Oct 23 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-125
|
||||
- all agents: update metadata in non-I/O agents to Power or Network
|
||||
fencing
|
||||
Resolves: RHEL-14031
|
||||
|
||||
* Thu Oct 12 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-123
|
||||
- bundled urllib3: fix CVE-2023-43804
|
||||
Resolves: RHEL-11988
|
||||
|
||||
* Tue Sep 26 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-122
|
||||
- bundled certifi: fix CVE-2023-37920
|
||||
Resolves: RHEL-6972
|
||||
|
||||
* Thu Aug 3 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-121
|
||||
- bundled dateutil: fix tarfile CVE-2007-4559
|
||||
Resolves: rhbz#2218234
|
||||
|
Loading…
Reference in New Issue
Block a user