diff --git a/.fence-agents.metadata b/.fence-agents.metadata index a0863d1..7d9aaa5 100644 --- a/.fence-agents.metadata +++ b/.fence-agents.metadata @@ -3,9 +3,11 @@ e1b766b2b1601fde67b3b19ed2f13b9746bb1cca SOURCES/MarkupSafe-2.0.1.tar.gz e1fb5dc6f95a85e7d1f93c6701b331201e8b5479 SOURCES/PyJWT-2.1.0-py3-none-any.whl 53fc16036940089ceadd4127381e40fd6106a7ed SOURCES/PyYAML-5.1.tar.gz b53cba68215f389dffaa51ee2afe10c943278646 SOURCES/adal-1.2.7-py2.py3-none-any.whl +f524069cc0d499c78034b66cf0e8e45344e89791 SOURCES/aliyun-cli-3.0.198.tar.gz +c6a6dd2c97adb5a22856ce78ad9e3fdc1cbb9760 SOURCES/aliyun-cli-go-vendor.tar.gz +87ad43ef7b7e1cbcba1d743541b3118cffda63f8 SOURCES/aliyun-openapi-meta-5cf98b660.tar.gz bda476965c380701795849179ed91e9d8134ec7c SOURCES/aliyun-python-sdk-core-2.11.5.tar.gz 2a3e6ee5713a3cfb47e63a739cc9a05580d95dd6 SOURCES/aliyun_python_sdk_ecs-4.24.7-py2.py3-none-any.whl -32a9b6bff51343ab89221da66f6f67ba798ddcd6 SOURCES/aliyuncli-2.1.10-py2.py3-none-any.whl 459383a3bcb16956030e302008a0f140a5fec0fb SOURCES/awscli-2.2.15.tar.gz a08c16f613cb0b9a9f8ce7cae782ea20c40ce2af SOURCES/awscrt-0.11.13-cp39-cp39-manylinux2014_x86_64.whl 46d2d17d958ae305ced32fdd6aa847b0cdf31989 SOURCES/azure-identity-1.10.0.zip diff --git a/.gitignore b/.gitignore index e0d9e2d..300bb6d 100644 --- a/.gitignore +++ b/.gitignore @@ -3,9 +3,11 @@ SOURCES/MarkupSafe-2.0.1.tar.gz SOURCES/PyJWT-2.1.0-py3-none-any.whl SOURCES/PyYAML-5.1.tar.gz SOURCES/adal-1.2.7-py2.py3-none-any.whl +SOURCES/aliyun-cli-3.0.198.tar.gz +SOURCES/aliyun-cli-go-vendor.tar.gz +SOURCES/aliyun-openapi-meta-5cf98b660.tar.gz SOURCES/aliyun-python-sdk-core-2.11.5.tar.gz SOURCES/aliyun_python_sdk_ecs-4.24.7-py2.py3-none-any.whl -SOURCES/aliyuncli-2.1.10-py2.py3-none-any.whl SOURCES/awscli-2.2.15.tar.gz SOURCES/awscrt-0.11.13-cp39-cp39-manylinux2014_x86_64.whl SOURCES/azure-identity-1.10.0.zip diff --git a/SOURCES/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch b/SOURCES/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch new file mode 100644 index 0000000..5f2027a --- /dev/null +++ b/SOURCES/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch @@ -0,0 +1,26 @@ +From fc7d7c4baef64f510bd3332c9f008d3e1128dc7b Mon Sep 17 00:00:00 2001 +From: Peter Varkoly +Date: Sun, 11 Feb 2024 09:13:51 +0100 +Subject: [PATCH] fence_vmware_rest : monitoring is not detecting if the API + user has sufficient right to manage the fence device. The call + https://{api_host}/api/vcenter/vm is subject to permission checks. If the + delivered list is empty the user has no rights. + +--- + agents/vmware_rest/fence_vmware_rest.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/agents/vmware_rest/fence_vmware_rest.py b/agents/vmware_rest/fence_vmware_rest.py +index 378771863..9dc9a12f4 100644 +--- a/agents/vmware_rest/fence_vmware_rest.py ++++ b/agents/vmware_rest/fence_vmware_rest.py +@@ -60,6 +60,9 @@ def get_list(conn, options): + else: + fail(EC_STATUS) + ++ if options.get("--original-action") == "monitor" and not res["value"]: ++ logging.error("API user does not have sufficient rights to manage the power status.") ++ fail(EC_STATUS) + for r in res["value"]: + outlets[r["name"]] = ("", state[r["power_state"]]) + diff --git a/SOURCES/RHEL-31488-RHEL-31485-RHEL-31483-fence_aliyun-update.patch b/SOURCES/RHEL-31488-RHEL-31485-RHEL-31483-fence_aliyun-update.patch new file mode 100644 index 0000000..b9bb334 --- /dev/null +++ b/SOURCES/RHEL-31488-RHEL-31485-RHEL-31483-fence_aliyun-update.patch @@ -0,0 +1,209 @@ +--- a/agents/aliyun/fence_aliyun.py 2024-04-04 10:22:53.720906183 +0200 ++++ b/agents/aliyun/fence_aliyun.py 2024-04-04 10:21:47.626425090 +0200 +@@ -1,53 +1,67 @@ + #!@PYTHON@ -tt + +-import sys, re ++import sys + import logging + import atexit + import json ++ + sys.path.append("@FENCEAGENTSLIBDIR@") + from fencing import * +-from fencing import fail, fail_usage, EC_TIMED_OUT, run_delay ++from fencing import fail_usage, run_delay ++ + + try: + sys.path.insert(0, '/usr/lib/fence-agents/support/aliyun') + from aliyunsdkcore import client + from aliyunsdkcore.auth.credentials import EcsRamRoleCredential ++ from aliyunsdkcore.profile import region_provider ++except ImportError as e: ++ logging.warn("The 'aliyunsdkcore' module has been not installed or is unavailable, try to execute the command 'pip install aliyun-python-sdk-core --upgrade' to solve. error: %s" % e) ++ ++ ++try: + from aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest + from aliyunsdkecs.request.v20140526.StartInstanceRequest import StartInstanceRequest + from aliyunsdkecs.request.v20140526.StopInstanceRequest import StopInstanceRequest + from aliyunsdkecs.request.v20140526.RebootInstanceRequest import RebootInstanceRequest +- from aliyunsdkcore.profile import region_provider +-except ImportError: +- pass ++except ImportError as e: ++ logging.warn("The 'aliyunsdkecs' module has been not installed or is unavailable, try to execute the command 'pip install aliyun-python-sdk-ecs --upgrade' to solve. error: %s" % e) ++ + + def _send_request(conn, request): ++ logging.debug("send request action: %s" % request.get_action_name()) + request.set_accept_format('json') + try: + response_str = conn.do_action_with_exception(request) +- response_detail = json.loads(response_str) +- logging.debug("_send_request reponse: %s" % response_detail) +- return response_detail + except Exception as e: +- fail_usage("Failed: _send_request failed: %s" % e) ++ fail_usage("Failed: send request failed: Error: %s" % e) ++ ++ response_detail = json.loads(response_str) ++ logging.debug("reponse: %s" % response_detail) ++ return response_detail + + def start_instance(conn, instance_id): ++ logging.debug("start instance %s" % instance_id) + request = StartInstanceRequest() + request.set_InstanceId(instance_id) + _send_request(conn, request) + + def stop_instance(conn, instance_id): ++ logging.debug("stop instance %s" % instance_id) + request = StopInstanceRequest() + request.set_InstanceId(instance_id) + request.set_ForceStop('true') + _send_request(conn, request) + + def reboot_instance(conn, instance_id): ++ logging.debug("reboot instance %s" % instance_id) + request = RebootInstanceRequest() + request.set_InstanceId(instance_id) + request.set_ForceStop('true') + _send_request(conn, request) + + def get_status(conn, instance_id): ++ logging.debug("get instance %s status" % instance_id) + request = DescribeInstancesRequest() + request.set_InstanceIds(json.dumps([instance_id])) + response = _send_request(conn, request) +@@ -59,20 +73,30 @@ + return instance_status + + def get_nodes_list(conn, options): ++ logging.debug("start to get nodes list") + result = {} + request = DescribeInstancesRequest() + request.set_PageSize(100) ++ ++ if "--filter" in options: ++ filter_key = options["--filter"].split("=")[0].strip() ++ filter_value = options["--filter"].split("=")[1].strip() ++ params = request.get_query_params() ++ params[filter_key] = filter_value ++ request.set_query_params(params) ++ + response = _send_request(conn, request) +- instance_status = None + if response is not None: + instance_list = response.get('Instances').get('Instance') + for item in instance_list: + instance_id = item.get('InstanceId') + instance_name = item.get('InstanceName') + result[instance_id] = (instance_name, None) ++ logging.debug("get nodes list: %s" % result) + return result + + def get_power_status(conn, options): ++ logging.debug("start to get power(%s) status" % options["--plug"]) + state = get_status(conn, options["--plug"]) + + if state == "Running": +@@ -81,14 +105,11 @@ + status = "off" + else: + status = "unknown" +- +- logging.info("get_power_status: %s" % status) +- ++ logging.debug("the power(%s) status is %s" % (options["--plug"], status)) + return status + +- + def set_power_status(conn, options): +- logging.info("set_power_status: %s" % options["--action"]) ++ logging.info("start to set power(%s) status to %s" % (options["--plug"], options["--action"])) + + if (options["--action"]=="off"): + stop_instance(conn, options["--plug"]) +@@ -97,7 +118,6 @@ + elif (options["--action"]=="reboot"): + reboot_instance(conn, options["--plug"]) + +- + def define_new_opts(): + all_opt["region"] = { + "getopt" : "r:", +@@ -126,17 +146,42 @@ + all_opt["ram_role"] = { + "getopt": ":", + "longopt": "ram-role", +- "help": "--ram-role=[name] Ram Role", ++ "help": "--ram-role=[name] Ram Role", + "shortdesc": "Ram Role.", + "required": "0", + "order": 5 + } ++ all_opt["credentials_file"] = { ++ "getopt": ":", ++ "longopt": "credentials-file", ++ "help": "--credentials-file=[path] Path to aliyun-cli credentials file", ++ "shortdesc": "Path to credentials file", ++ "required": "0", ++ "order": 6 ++ } ++ all_opt["credentials_file_profile"] = { ++ "getopt": ":", ++ "longopt": "credentials-file-profile", ++ "help": "--credentials-file-profile=[profile] Credentials file profile", ++ "shortdesc": "Credentials file profile", ++ "required": "0", ++ "default": "default", ++ "order": 7 ++ } ++ all_opt["filter"] = { ++ "getopt": ":", ++ "longopt": "filter", ++ "help": "--filter=[key=value] Filter (e.g. InstanceIds=[\"i-XXYYZZAA1\",\"i-XXYYZZAA2\"]", ++ "shortdesc": "Filter for list-action.", ++ "required": "0", ++ "order": 8 ++ } + + # Main agent method + def main(): + conn = None + +- device_opt = ["port", "no_password", "region", "access_key", "secret_key", "ram_role"] ++ device_opt = ["port", "no_password", "region", "access_key", "secret_key", "ram_role", "credentials_file", "credentials_file_profile", "filter"] + + atexit.register(atexit_handler) + +@@ -164,8 +209,25 @@ + ram_role = options["--ram-role"] + role = EcsRamRoleCredential(ram_role) + conn = client.AcsClient(region_id=region, credential=role) +- region_provider.modify_point('Ecs', region, 'ecs.%s.aliyuncs.com' % region) +- ++ elif "--credentials-file" in options and "--credentials-file-profile" in options: ++ import os, configparser ++ try: ++ config = configparser.ConfigParser() ++ config.read(os.path.expanduser(options["--credentials-file"])) ++ access_key = config.get(options["--credentials-file-profile"], "aliyun_access_key_id") ++ secret_key = config.get(options["--credentials-file-profile"], "aliyun_access_key_secret") ++ conn = client.AcsClient(access_key, secret_key, region) ++ except Exception as e: ++ fail_usage("Failed: failed to read credentials file: %s" % e) ++ else: ++ fail_usage("Failed: User credentials are not set. Please set the Access Key and the Secret Key, or configure the RAM role.") ++ ++ # Use intranet endpoint to access ECS service ++ try: ++ region_provider.modify_point('Ecs', region, 'ecs.%s.aliyuncs.com' % region) ++ except Exception as e: ++ logging.warn("Failed: failed to modify endpoint to 'ecs.%s.aliyuncs.com': %s" % (region, e)) ++ + # Operate the fencing device + result = fence_action(conn, options, set_power_status, get_power_status, get_nodes_list) + sys.exit(result) diff --git a/SOURCES/RHEL-35273-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch b/SOURCES/RHEL-35263-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch similarity index 100% rename from SOURCES/RHEL-35273-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch rename to SOURCES/RHEL-35263-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch diff --git a/SOURCES/RHEL-36482-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch b/SOURCES/RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch similarity index 100% rename from SOURCES/RHEL-36482-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch rename to SOURCES/RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch diff --git a/SOURCES/RHEL-43235-fence_aws-1-list-add-instance-name-status.patch b/SOURCES/RHEL-43235-fence_aws-1-list-add-instance-name-status.patch new file mode 100644 index 0000000..0cf8961 --- /dev/null +++ b/SOURCES/RHEL-43235-fence_aws-1-list-add-instance-name-status.patch @@ -0,0 +1,99 @@ +From a4502b3bf15a3be2ebd64b6829cd4f6641f2506b Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 14 Jun 2024 15:28:28 +0200 +Subject: [PATCH 1/2] fencing: use formatted strings to avoid failing when plug + is int + +--- + lib/fencing.py.py | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/lib/fencing.py.py b/lib/fencing.py.py +index 66e2ff156..9c090100d 100644 +--- a/lib/fencing.py.py ++++ b/lib/fencing.py.py +@@ -985,9 +985,9 @@ + status = status.upper() + + if options["--action"] == "list": +- print(outlet_id + options["--separator"] + alias) ++ print("{}{}{}".format(outlet_id, options["--separator"], alias)) + elif options["--action"] == "list-status": +- print(outlet_id + options["--separator"] + alias + options["--separator"] + status) ++ print("{}{}{}{}{}".format(outlet_id, options["--separator"], alias, options["--separator"], status)) + + return + + +From f1ef26c885cdedb17eb366e4c8922ffb01aefc7c Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 14 Jun 2024 15:29:12 +0200 +Subject: [PATCH 2/2] fence_aws: improve list, list-status and status actions + +--- + agents/aws/fence_aws.py | 31 +++++++++++++++++++------------ + 1 file changed, 19 insertions(+), 12 deletions(-) + +diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py +index a9308dd9c..b8d38462e 100644 +--- a/agents/aws/fence_aws.py ++++ b/agents/aws/fence_aws.py +@@ -22,6 +22,15 @@ + logger.addHandler(SyslogLibHandler()) + logging.getLogger('botocore.vendored').propagate = False + ++status = { ++ "running": "on", ++ "stopped": "off", ++ "pending": "unknown", ++ "stopping": "unknown", ++ "shutting-down": "unknown", ++ "terminated": "unknown" ++} ++ + def get_instance_id(options): + try: + token = requests.put('http://169.254.169.254/latest/api/token', headers={"X-aws-ec2-metadata-token-ttl-seconds" : "21600"}).content.decode("UTF-8") +@@ -45,11 +54,14 @@ def get_nodes_list(conn, options): + filter_key = options["--filter"].split("=")[0].strip() + filter_value = options["--filter"].split("=")[1].strip() + filter = [{ "Name": filter_key, "Values": [filter_value] }] +- for instance in conn.instances.filter(Filters=filter): +- result[instance.id] = ("", None) +- else: +- for instance in conn.instances.all(): +- result[instance.id] = ("", None) ++ logging.debug("Filter: {}".format(filter)) ++ ++ for instance in conn.instances.filter(Filters=filter if 'filter' in vars() else []): ++ instance_name = "" ++ for tag in instance.tags or []: ++ if tag.get("Key") == "Name": ++ instance_name = tag["Value"] ++ result[instance.id] = (instance_name, status[instance.state["Name"]]) + except ClientError: + fail_usage("Failed: Incorrect Access Key or Secret Key.") + except EndpointConnectionError: +@@ -67,12 +79,7 @@ def get_power_status(conn, options): + instance = conn.instances.filter(Filters=[{"Name": "instance-id", "Values": [options["--plug"]]}]) + state = list(instance)[0].state["Name"] + logger.debug("Status operation for EC2 instance %s returned state: %s",options["--plug"],state.upper()) +- if state == "running": +- return "on" +- elif state == "stopped": +- return "off" +- else: +- return "unknown" ++ return status[state] + + except ClientError: + fail_usage("Failed: Incorrect Access Key or Secret Key.") +@@ -146,7 +153,7 @@ def define_new_opts(): + all_opt["filter"] = { + "getopt" : ":", + "longopt" : "filter", +- "help" : "--filter=[key=value] Filter (e.g. vpc-id=[vpc-XXYYZZAA]", ++ "help" : "--filter=[key=value] Filter (e.g. vpc-id=[vpc-XXYYZZAA])", + "shortdesc": "Filter for list-action", + "required": "0", + "order": 5 diff --git a/SOURCES/RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch b/SOURCES/RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch new file mode 100644 index 0000000..edc7d35 --- /dev/null +++ b/SOURCES/RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch @@ -0,0 +1,41 @@ +From c2753c1882b5892b8b7a0fd093baded4a359b2a5 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 17 Jun 2024 11:19:12 +0200 +Subject: [PATCH] fence_aws: log error if unknown state returned + +--- + agents/aws/fence_aws.py | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py +index b8d38462e..5459a06c4 100644 +--- a/agents/aws/fence_aws.py ++++ b/agents/aws/fence_aws.py +@@ -61,7 +61,12 @@ def get_nodes_list(conn, options): + for tag in instance.tags or []: + if tag.get("Key") == "Name": + instance_name = tag["Value"] +- result[instance.id] = (instance_name, status[instance.state["Name"]]) ++ try: ++ result[instance.id] = (instance_name, status[instance.state["Name"]]) ++ except KeyError as e: ++ if options.get("--original-action") == "list-status": ++ logger.error("Unknown status \"{}\" returned for {} ({})".format(instance.state["Name"], instance.id, instance_name)) ++ result[instance.id] = (instance_name, "unknown") + except ClientError: + fail_usage("Failed: Incorrect Access Key or Secret Key.") + except EndpointConnectionError: +@@ -79,8 +84,11 @@ def get_power_status(conn, options): + instance = conn.instances.filter(Filters=[{"Name": "instance-id", "Values": [options["--plug"]]}]) + state = list(instance)[0].state["Name"] + logger.debug("Status operation for EC2 instance %s returned state: %s",options["--plug"],state.upper()) +- return status[state] +- ++ try: ++ return status[state] ++ except KeyError as e: ++ logger.error("Unknown status \"{}\" returned".format(state)) ++ return "unknown" + except ClientError: + fail_usage("Failed: Incorrect Access Key or Secret Key.") + except EndpointConnectionError: diff --git a/SOURCES/RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch b/SOURCES/RHEL-43562-fix-bundled-urllib3-CVE-2024-37891.patch similarity index 100% rename from SOURCES/RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch rename to SOURCES/RHEL-43562-fix-bundled-urllib3-CVE-2024-37891.patch diff --git a/SOURCES/requirements-aliyun.txt b/SOURCES/requirements-aliyun.txt index 3cf97ac..2ccf5b4 100644 --- a/SOURCES/requirements-aliyun.txt +++ b/SOURCES/requirements-aliyun.txt @@ -1,3 +1 @@ aliyun-python-sdk-ecs -# for resource-agents-cloud -aliyuncli>=2.1.5 diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec index b165234..7be5335 100644 --- a/SPECS/fence-agents.spec +++ b/SPECS/fence-agents.spec @@ -57,7 +57,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 62%{?alphatag:.%{alphatag}}%{?dist}.5 +Release: 76%{?alphatag:.%{alphatag}}%{?dist} License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -77,12 +77,21 @@ Source901: botocore-2.0.0dev123.zip # aliyun Source1000: aliyun-python-sdk-core-2.11.5.tar.gz Source1001: aliyun_python_sdk_ecs-4.24.7-py2.py3-none-any.whl -Source1002: aliyuncli-2.1.10-py2.py3-none-any.whl -Source1003: cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl -Source1004: colorama-0.3.3.tar.gz -Source1005: jmespath-0.7.1-py2.py3-none-any.whl -Source1006: pycryptodome-3.20.0.tar.gz -Source1007: pycparser-2.20-py2.py3-none-any.whl +Source1002: cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl +Source1003: colorama-0.3.3.tar.gz +Source1004: jmespath-0.7.1-py2.py3-none-any.whl +Source1005: pycryptodome-3.20.0.tar.gz +Source1006: pycparser-2.20-py2.py3-none-any.whl +# aliyun-cli +Source2000: aliyun-cli-3.0.198.tar.gz +## TAG=$(git log --pretty="format:%h" -n 1) +## distdir="aliyun-openapi-meta-${TAG}" +## TARFILE="${distdir}.tar.gz" +## rm -rf $TARFILE $distdir +## git archive --prefix=$distdir/ HEAD | gzip > $TARFILE +Source2001: aliyun-openapi-meta-5cf98b660.tar.gz +## go mod vendor +Source2002: aliyun-cli-go-vendor.tar.gz # awscli Source1008: awscrt-0.11.13-cp39-cp39-manylinux2014_x86_64.whl Source1009: colorama-0.4.3-py2.py3-none-any.whl @@ -240,15 +249,19 @@ Patch49: RHEL-14344-fence_zvmip-1-document-user-permissions.patch Patch50: RHEL-14030-1-all-agents-metadata-update-IO-Power-Network.patch Patch51: RHEL-14030-2-fence_cisco_mds-undo-metadata-change.patch Patch52: RHEL-14344-fence_zvmip-2-fix-manpage-formatting.patch -Patch53: RHEL-35273-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch +Patch53: RHEL-31488-RHEL-31485-RHEL-31483-fence_aliyun-update.patch +Patch54: RHEL-35263-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patch +Patch55: RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch +Patch56: RHEL-43235-fence_aws-1-list-add-instance-name-status.patch +Patch57: RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch ### HA support libs/utils ### # all archs Patch1000: bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch -Patch1001: RHEL-36482-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch +Patch1001: RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch # cloud (x86_64 only) Patch2000: bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch -Patch2001: RHEL-43956-fix-bundled-urllib3-CVE-2024-37891.patch +Patch2001: RHEL-43562-fix-bundled-urllib3-CVE-2024-37891.patch %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti %ifarch x86_64 @@ -319,9 +332,12 @@ BuildRequires: gcc BuildRequires: libxslt ## Python dependencies %if 0%{?fedora} || 0%{?centos} > 7 || 0%{?rhel} > 7 || 0%{?suse_version} -BuildRequires: python3-devel python3-pip -# wheel for HA support subpackages -BuildRequires: python3-wheel +BuildRequires: python3-devel +# dependencies for building HA support subpackages +BuildRequires: python3-pip python3-wheel +%ifarch x86_64 +BuildRequires: golang git +%endif BuildRequires: python3-pycurl python3-requests %if 0%{?fedora} || 0%{?centos} > 7 || 0%{?rhel} > 7 BuildRequires: openwsman-python3 @@ -412,7 +428,11 @@ BuildRequires: %{systemd_units} %patch -p1 -P 50 %patch -p1 -P 51 %patch -p1 -P 52 -%patch -p1 -P 53 -F2 +%patch -p1 -P 53 +%patch -p1 -P 54 -F2 +%patch -p1 -P 55 +%patch -p1 -P 56 +%patch -p1 -P 57 # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -422,6 +442,24 @@ sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac export PYTHON="%{__python3}" %endif +# aliyun-cli +%ifarch x86_64 +tar zxf %SOURCE2000 +pushd aliyun-cli-* +git init +rmdir aliyun-openapi-meta +tar zxf %SOURCE2001 +tar zxf %SOURCE2002 +mv aliyun-openapi-meta-* aliyun-openapi-meta +%define aliyun_cli_version 3.0.198 +# based on https://github.com/containers/podman/blob/main/rpm/podman.spec +%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags' -X github.com/aliyun/aliyun-cli/cli.Version=%{aliyun_cli_version}" -a -v -x -mod=vendor %{?**}; +%gobuild -o out/aliyun main/main.go +mkdir -p ../support/aliyun/aliyun-cli +install -m 0755 out/aliyun ../support/aliyun/aliyun-cli/ +popd +%endif + # support libs %ifarch x86_64 LIBS="%{_sourcedir}/requirements-*.txt" @@ -436,7 +474,7 @@ done # fix incorrect #! detected by CI %ifarch x86_64 -sed -i -e "/^#\!\/Users/c#\!%{__python3}" support/aws/bin/jp support/aliyun/bin/jp support/awscli/bin/jp +sed -i -e "/^#\!\/Users/c#\!%{__python3}" support/aws/bin/jp support/awscli/bin/jp %endif %ifarch x86_64 @@ -535,7 +573,7 @@ network, storage, or similar. They operate through a unified interface (calling conventions) devised for the original Red Hat clustering solution. %package common -License: GPLv2+ and LGPLv2+ +License: GPL-2.0-or-later AND LGPL-2.0-or-later AND LGPL-3.0-or-later AND ISC Summary: Common base for Fence Agents %if 0%{?fedora} || 0%{?centos} > 7 || 0%{?rhel} > 7 || 0%{?suse_version} Requires: python3-pycurl @@ -579,17 +617,18 @@ This package contains support files including the Python fencing library. %ifarch x86_64 %package -n ha-cloud-support -License: GPLv2+ and LGPLv2+ +License: GPL-2.0-or-later AND LGPL-2.0-or-later AND LGPL-2.1-or-later AND Apache-2.0 AND MIT AND BSD-2-Clause AND BSD-3-Clause AND MPL-2.0 AND Apache-2.0 AND PSF-2.0 AND Unlicense AND ISC Summary: Support libraries for HA Cloud agents # aliyun Provides: bundled(python-aliyun-python-sdk-core) = 2.11.5 Provides: bundled(python-aliyun-python-sdk-ecs) = 4.24.7 -Provides: bundled(aliyuncli) = 2.1.10 Provides: bundled(python-cffi) = 1.14.5 Provides: bundled(python-colorama) = 0.3.3 Provides: bundled(python-jmespath) = 0.7.1 Provides: bundled(python-pycryptodome) = 3.20.0 Provides: bundled(python-pycparser) = 2.20 +Provides: bundled(aliyun-cli) = 3.0.198 +Provides: bundled(aliyun-openapi-meta) = 5cf98b660 # awscli Provides: bundled(awscli) = 2.2.15 Provides: bundled(python-awscrt) = 0.11.13 @@ -1491,27 +1530,47 @@ are located on corosync cluster nodes. %endif %changelog -* Mon Aug 19 2024 Diaa Sami - 4.10.0-62.5 +* Tue Jul 23 2024 Oyvind Albrigtsen - 4.10.0-76 - bundled setuptools: fix CVE-2024-6345 - Resolves: RHEL-49657 + Resolves: RHEL-49658 -* Mon Jun 24 2024 Oyvind Albrigtsen - 4.10.0-62.4 +* Fri Jun 21 2024 Oyvind Albrigtsen - 4.10.0-75 - bundled urllib3: fix CVE-2024-37891 - Resolves: RHEL-43956 + Resolves: RHEL-43562 -* Thu May 16 2024 Oyvind Albrigtsen - 4.10.0-62.3 +* Wed Jun 19 2024 Oyvind Albrigtsen - 4.10.0-74 +- fence_aws: add instance name and status to list/list-status actions + Resolves: RHEL-43235 + +* Thu May 23 2024 Oyvind Albrigtsen - 4.10.0-73 +- fence_vmware_rest: detect if the API user has sufficient rights to + manage the fence device + Resolves: RHEL-25256 + +* Wed May 15 2024 Oyvind Albrigtsen - 4.10.0-72 - bundled jinja2: fix CVE-2024-34064 - Resolves: RHEL-36482 + Resolves: RHEL-35649 -* Fri May 3 2024 Oyvind Albrigtsen - 4.10.0-62.2 +* Fri May 3 2024 Oyvind Albrigtsen - 4.10.0-71 - fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer - Resolves: RHEL-35273 + Resolves: RHEL-35263 -* Thu Mar 21 2024 Oyvind Albrigtsen - 4.10.0-62.1 +* Thu Apr 4 2024 Oyvind Albrigtsen - 4.10.0-70 +- fence_aliyun: add credentials file support, filter parameter, and + optimize log output + Resolves: RHEL-31488, RHEL-31485, RHEL-31483 + +* Thu Mar 21 2024 Oyvind Albrigtsen - 4.10.0-69 - ha-cloud-support: upgrade bundled pyroute2 libs to fix issue in gcp-vpc-move-route's stop-action - Resolves: RHEL-29668 + Resolves: RHEL-29649 + +* Thu Mar 14 2024 Oyvind Albrigtsen - 4.10.0-66 +- Add missing licenses to spec-file + Resolves: RHEL-27929 +- ha-cloud-support: fix aliyun-cli + Resolves: RHEL-28097 * Thu Jan 18 2024 Oyvind Albrigtsen - 4.10.0-62 - bundled urllib3: fix CVE-2023-45803