rpms
/
pacemaker
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import pacemaker-2.1.4-5.el8

This commit is contained in:
CentOS Sources 2022-09-27 06:46:02 -04:00 committed by Stepan Oksanichenko
parent 8f0a689453
commit 3ea4d85cd6
38 changed files with 3587 additions and 20431 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/nagios-agents-metadata-105ab8a.tar.gz
SOURCES/pacemaker-ada5c3b.tar.gz
SOURCES/pacemaker-dc6eb43.tar.gz

2
.pacemaker.metadata
View File

@ -1,2 +1,2 @@
ea6c0a27fd0ae8ce02f84a11f08a0d79377041c3 SOURCES/nagios-agents-metadata-105ab8a.tar.gz
f9fd69263d5b21446b530f9750c262f7b492cad4 SOURCES/pacemaker-ada5c3b.tar.gz
1dfac4c5f1958ce5f72bfcbb2a34890ab058c84c SOURCES/pacemaker-dc6eb43.tar.gz

230
SOURCES/001-acl-group-schema.patch
View File

@ -1,230 +0,0 @@
From f5ffbaf1f537d3d5b00e594211cd322f97df51ac Mon Sep 17 00:00:00 2001
From: Grace Chin <gchin@redhat.com>
Date: Fri, 5 Nov 2021 11:39:39 -0400
Subject: [PATCH 1/3] Low: xml: clone acls schema in preparation for changes
---
xml/acls-3.8.rng | 80 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 80 insertions(+)
create mode 100644 xml/acls-3.8.rng
diff --git a/xml/acls-3.8.rng b/xml/acls-3.8.rng
new file mode 100644
index 000000000..0fe6eed96
--- /dev/null
+++ b/xml/acls-3.8.rng
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+ datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+ <start>
+ <optional>
+ <ref name="element-acls"/>
+ </optional>
+ </start>
+
+ <define name="element-acls">
+ <element name="acls">
+ <zeroOrMore>
+ <choice>
+ <element name="acl_target">
+ <attribute name="id"><text/></attribute>
+ <zeroOrMore>
+ <element name="role">
+ <attribute name="id"><data type="IDREF"/></attribute>
+ </element>
+ </zeroOrMore>
+ </element>
+ <element name="acl_group">
+ <!-- Here 'id' is the name of a unix group -->
+ <attribute name="id"><data type="ID"/></attribute>
+ <zeroOrMore>
+ <element name="role">
+ <attribute name="id"><data type="IDREF"/></attribute>
+ </element>
+ </zeroOrMore>
+ </element>
+ <element name="acl_role">
+ <attribute name="id"><data type="ID"/></attribute>
+ <optional>
+ <attribute name="description"><text/></attribute>
+ </optional>
+ <zeroOrMore>
+ <ref name="element-permission"/>
+ </zeroOrMore>
+ </element>
+ </choice>
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="element-permission">
+ <element name="acl_permission">
+ <attribute name="id"><data type="ID"/></attribute>
+
+ <attribute name="kind">
+ <choice>
+ <value>read</value>
+ <value>write</value>
+ <value>deny</value>
+ </choice>
+ </attribute>
+
+ <choice>
+ <attribute name="xpath"><text/></attribute>
+ <!-- reference is already sufficiently specific without 'object-type' -->
+ <attribute name="reference"><data type="IDREF"/></attribute>
+ <group>
+ <!-- Use 'object-type' to avoid conflicting with the 'tag' configuration concept -->
+ <attribute name="object-type"><text/></attribute>
+ <optional>
+ <!--
+ does not make sense with anything other than object-type
+ xpath and reference are already sufficiently specific
+ -->
+ <attribute name="attribute"><text/></attribute>
+ </optional>
+ </group>
+ </choice>
+
+ <optional>
+ <attribute name="description"><text/></attribute>
+ </optional>
+ </element>
+ </define>
+
+</grammar>
--
2.27.0
From 7838213fc639236bdedf5f15320152d973f1bdad Mon Sep 17 00:00:00 2001
From: Grace Chin <gchin@redhat.com>
Date: Fri, 5 Nov 2021 11:40:48 -0400
Subject: [PATCH 2/3] Add a 'name' attribute to acl_target and acl_group
elements
---
xml/acls-3.8.rng | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/xml/acls-3.8.rng b/xml/acls-3.8.rng
index 0fe6eed96..48bcdffe3 100644
--- a/xml/acls-3.8.rng
+++ b/xml/acls-3.8.rng
@@ -13,6 +13,9 @@
<choice>
<element name="acl_target">
<attribute name="id"><text/></attribute>
+ <optional>
+ <attribute name="name"><text/></attribute>
+ </optional>
<zeroOrMore>
<element name="role">
<attribute name="id"><data type="IDREF"/></attribute>
@@ -22,6 +25,9 @@
<element name="acl_group">
<!-- Here 'id' is the name of a unix group -->
<attribute name="id"><data type="ID"/></attribute>
+ <optional>
+ <attribute name="name"><text/></attribute>
+ </optional>
<zeroOrMore>
<element name="role">
<attribute name="id"><data type="IDREF"/></attribute>
--
2.27.0
From c3c498f4636f57e29670f8e385b625024ed222d7 Mon Sep 17 00:00:00 2001
From: Grace Chin <gchin@redhat.com>
Date: Fri, 5 Nov 2021 11:42:48 -0400
Subject: [PATCH 3/3] Changes made by run of 'cts/cts-cli -s'
---
cts/cli/regression.upgrade.exp | 7 +++++--
cts/cli/regression.validity.exp | 22 ++++++++++++++++++----
2 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/cts/cli/regression.upgrade.exp b/cts/cli/regression.upgrade.exp
index e38adebdd..7ce7ec13b 100644
--- a/cts/cli/regression.upgrade.exp
+++ b/cts/cli/regression.upgrade.exp
@@ -91,8 +91,11 @@ update_validation debug: Configuration valid for schema: pacemaker-3.6
update_validation debug: pacemaker-3.6-style configuration is also valid for pacemaker-3.7
update_validation debug: Testing 'pacemaker-3.7' validation (21 of X)
update_validation debug: Configuration valid for schema: pacemaker-3.7
-update_validation trace: Stopping at pacemaker-3.7
-update_validation info: Transformed the configuration from pacemaker-2.10 to pacemaker-3.7
+update_validation debug: pacemaker-3.7-style configuration is also valid for pacemaker-3.8
+update_validation debug: Testing 'pacemaker-3.8' validation (22 of X)
+update_validation debug: Configuration valid for schema: pacemaker-3.8
+update_validation trace: Stopping at pacemaker-3.8
+update_validation info: Transformed the configuration from pacemaker-2.10 to pacemaker-3.8
=#=#=#= Current cib after: Upgrade to latest CIB schema (trigger 2.10.xsl + the wrapping) =#=#=#=
<cib epoch="2" num_updates="0" admin_epoch="1">
<configuration>
diff --git a/cts/cli/regression.validity.exp b/cts/cli/regression.validity.exp
index 5ace430e7..125035a47 100644
--- a/cts/cli/regression.validity.exp
+++ b/cts/cli/regression.validity.exp
@@ -121,7 +121,11 @@ update_validation debug: Testing 'pacemaker-3.7' validation (21 of X)
element rsc_order: Relax-NG validity error : Invalid attribute first-action for element rsc_order
element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
update_validation trace: pacemaker-3.7 validation failed
-Cannot upgrade configuration (claiming schema pacemaker-1.2) to at least pacemaker-3.0 because it does not validate with any schema from pacemaker-1.2 to pacemaker-3.7
+update_validation debug: Testing 'pacemaker-3.8' validation (22 of X)
+element rsc_order: Relax-NG validity error : Invalid attribute first-action for element rsc_order
+element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
+update_validation trace: pacemaker-3.8 validation failed
+Cannot upgrade configuration (claiming schema pacemaker-1.2) to at least pacemaker-3.0 because it does not validate with any schema from pacemaker-1.2 to pacemaker-3.8
=#=#=#= End test: Run crm_simulate with invalid CIB (enum violation) - Invalid configuration (78) =#=#=#=
* Passed: crm_simulate - Run crm_simulate with invalid CIB (enum violation)
=#=#=#= Begin test: Try to make resulting CIB invalid (unrecognized validate-with) =#=#=#=
@@ -226,7 +230,10 @@ update_validation trace: pacemaker-3.6 validation failed
update_validation debug: Testing 'pacemaker-3.7' validation (21 of X)
element cib: Relax-NG validity error : Invalid attribute validate-with for element cib
update_validation trace: pacemaker-3.7 validation failed
-Cannot upgrade configuration (claiming schema pacemaker-9999.0) to at least pacemaker-3.0 because it does not validate with any schema from unknown to pacemaker-3.7
+update_validation debug: Testing 'pacemaker-3.8' validation (22 of X)
+element cib: Relax-NG validity error : Invalid attribute validate-with for element cib
+update_validation trace: pacemaker-3.8 validation failed
+Cannot upgrade configuration (claiming schema pacemaker-9999.0) to at least pacemaker-3.0 because it does not validate with any schema from unknown to pacemaker-3.8
=#=#=#= End test: Run crm_simulate with invalid CIB (unrecognized validate-with) - Invalid configuration (78) =#=#=#=
* Passed: crm_simulate - Run crm_simulate with invalid CIB (unrecognized validate-with)
=#=#=#= Begin test: Try to make resulting CIB invalid, but possibly recoverable (valid with X.Y+1) =#=#=#=
@@ -326,8 +333,11 @@ update_validation debug: Configuration valid for schema: pacemaker-3.6
update_validation debug: pacemaker-3.6-style configuration is also valid for pacemaker-3.7
update_validation debug: Testing 'pacemaker-3.7' validation (21 of X)
update_validation debug: Configuration valid for schema: pacemaker-3.7
-update_validation trace: Stopping at pacemaker-3.7
-update_validation info: Transformed the configuration from pacemaker-1.2 to pacemaker-3.7
+update_validation debug: pacemaker-3.7-style configuration is also valid for pacemaker-3.8
+update_validation debug: Testing 'pacemaker-3.8' validation (22 of X)
+update_validation debug: Configuration valid for schema: pacemaker-3.8
+update_validation trace: Stopping at pacemaker-3.8
+update_validation info: Transformed the configuration from pacemaker-1.2 to pacemaker-3.8
unpack_resources error: Resource start-up disabled since no STONITH resources have been defined
unpack_resources error: Either configure some or disable STONITH with the stonith-enabled option
unpack_resources error: NOTE: Clusters with shared data need STONITH to ensure data integrity
@@ -437,6 +447,8 @@ element rsc_order: Relax-NG validity error : Invalid attribute first-action for
element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
element rsc_order: Relax-NG validity error : Invalid attribute first-action for element rsc_order
element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
+element rsc_order: Relax-NG validity error : Invalid attribute first-action for element rsc_order
+element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
=#=#=#= Current cib after: Make resulting CIB invalid, and without validate-with attribute =#=#=#=
<cib epoch="41" num_updates="0" admin_epoch="0" validate-with="none">
<configuration>
@@ -502,6 +514,8 @@ validity.bad.xml:10: element rsc_order: Relax-NG validity error : Invalid attrib
validity.bad.xml:10: element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
validity.bad.xml:10: element rsc_order: Relax-NG validity error : Invalid attribute first-action for element rsc_order
validity.bad.xml:10: element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
+validity.bad.xml:10: element rsc_order: Relax-NG validity error : Invalid attribute first-action for element rsc_order
+validity.bad.xml:10: element rsc_order: Relax-NG validity error : Element constraints has extra content: rsc_order
unpack_resources error: Resource start-up disabled since no STONITH resources have been defined
unpack_resources error: Either configure some or disable STONITH with the stonith-enabled option
unpack_resources error: NOTE: Clusters with shared data need STONITH to ensure data integrity
--
2.27.0

127
SOURCES/001-stonith-enabled.patch Normal file
View File

@ -0,0 +1,127 @@
From 243139b2ec0f6b17877a4e7f651fc3f70f76b11a Mon Sep 17 00:00:00 2001
From: Christine Caulfield <ccaulfie@redhat.com>
Date: Fri, 6 May 2022 15:23:43 +0100
Subject: [PATCH 1/2] fenced: Don't ignore CIB updates if stonith-enabled=false
Fixes: T378
---
daemons/fenced/pacemaker-fenced.c | 23 +++--------------------
1 file changed, 3 insertions(+), 20 deletions(-)
diff --git a/daemons/fenced/pacemaker-fenced.c b/daemons/fenced/pacemaker-fenced.c
index caab7de83..dadd187b6 100644
--- a/daemons/fenced/pacemaker-fenced.c
+++ b/daemons/fenced/pacemaker-fenced.c
@@ -1136,11 +1136,8 @@ static void
update_cib_cache_cb(const char *event, xmlNode * msg)
{
int rc = pcmk_ok;
- xmlNode *stonith_enabled_xml = NULL;
- static gboolean stonith_enabled_saved = TRUE;
long timeout_ms_saved = stonith_watchdog_timeout_ms;
gboolean need_full_refresh = FALSE;
- bool value = false;
if(!have_cib_devices) {
crm_trace("Skipping updates until we get a full dump");
@@ -1191,32 +1188,18 @@ update_cib_cache_cb(const char *event, xmlNode * msg)
return;
}
CRM_ASSERT(local_cib != NULL);
- stonith_enabled_saved = FALSE; /* Trigger a full refresh below */
+ need_full_refresh = TRUE;
}
pcmk__refresh_node_caches_from_cib(local_cib);
update_stonith_watchdog_timeout_ms(local_cib);
- stonith_enabled_xml = get_xpath_object("//nvpair[@name='stonith-enabled']",
- local_cib, LOG_NEVER);
- if (pcmk__xe_get_bool_attr(stonith_enabled_xml, XML_NVPAIR_ATTR_VALUE, &value) == pcmk_rc_ok && !value) {
- crm_trace("Ignoring CIB updates while fencing is disabled");
- stonith_enabled_saved = FALSE;
-
- } else if (stonith_enabled_saved == FALSE) {
- crm_info("Updating fencing device and topology lists "
- "now that fencing is enabled");
- stonith_enabled_saved = TRUE;
- need_full_refresh = TRUE;
-
- } else {
- if (timeout_ms_saved != stonith_watchdog_timeout_ms) {
+ if (timeout_ms_saved != stonith_watchdog_timeout_ms) {
need_full_refresh = TRUE;
- } else {
+ } else {
update_fencing_topology(event, msg);
update_cib_stonith_devices(event, msg);
watchdog_device_update();
- }
}
if (need_full_refresh) {
--
2.31.1
From c600ef49022e7473acbe121fae50a0c1aa2d7c03 Mon Sep 17 00:00:00 2001
From: Christine Caulfield <ccaulfie@redhat.com>
Date: Thu, 9 Jun 2022 11:08:43 +0100
Subject: [PATCH 2/2] Also don't check for stonith-disabled in
update_stonith_watchdog_timeout_ms
---
daemons/fenced/pacemaker-fenced.c | 34 +++++++++++--------------------
1 file changed, 12 insertions(+), 22 deletions(-)
diff --git a/daemons/fenced/pacemaker-fenced.c b/daemons/fenced/pacemaker-fenced.c
index dadd187b6..ec42d5bc2 100644
--- a/daemons/fenced/pacemaker-fenced.c
+++ b/daemons/fenced/pacemaker-fenced.c
@@ -643,31 +643,21 @@ watchdog_device_update(void)
static void
update_stonith_watchdog_timeout_ms(xmlNode *cib)
{
- xmlNode *stonith_enabled_xml = NULL;
- bool stonith_enabled = false;
- int rc = pcmk_rc_ok;
long timeout_ms = 0;
+ xmlNode *stonith_watchdog_xml = NULL;
+ const char *value = NULL;
- stonith_enabled_xml = get_xpath_object("//nvpair[@name='stonith-enabled']",
- cib, LOG_NEVER);
- rc = pcmk__xe_get_bool_attr(stonith_enabled_xml, XML_NVPAIR_ATTR_VALUE, &stonith_enabled);
-
- if (rc != pcmk_rc_ok || stonith_enabled) {
- xmlNode *stonith_watchdog_xml = NULL;
- const char *value = NULL;
-
- stonith_watchdog_xml = get_xpath_object("//nvpair[@name='stonith-watchdog-timeout']",
- cib, LOG_NEVER);
- if (stonith_watchdog_xml) {
- value = crm_element_value(stonith_watchdog_xml, XML_NVPAIR_ATTR_VALUE);
- }
- if (value) {
- timeout_ms = crm_get_msec(value);
- }
+ stonith_watchdog_xml = get_xpath_object("//nvpair[@name='stonith-watchdog-timeout']",
+ cib, LOG_NEVER);
+ if (stonith_watchdog_xml) {
+ value = crm_element_value(stonith_watchdog_xml, XML_NVPAIR_ATTR_VALUE);
+ }
+ if (value) {
+ timeout_ms = crm_get_msec(value);
+ }
- if (timeout_ms < 0) {
- timeout_ms = pcmk__auto_watchdog_timeout();
- }
+ if (timeout_ms < 0) {
+ timeout_ms = pcmk__auto_watchdog_timeout();
}
stonith_watchdog_timeout_ms = timeout_ms;
--
2.31.1

425
SOURCES/002-acl_group.patch Normal file
View File

@ -0,0 +1,425 @@
From 80c64be80f2bffdcf5d2432e1e59d633fd68d516 Mon Sep 17 00:00:00 2001
From: Grace Chin <gchin@redhat.com>
Date: Mon, 13 Jun 2022 09:02:32 -0400
Subject: [PATCH 1/4] Add pcmk__is_user_in_group()
---
lib/common/crmcommon_private.h | 3 +++
lib/common/utils.c | 33 +++++++++++++++++++++++++++++++++
2 files changed, 36 insertions(+)
diff --git a/lib/common/crmcommon_private.h b/lib/common/crmcommon_private.h
index 6b7be9c68..c2fcb0adf 100644
--- a/lib/common/crmcommon_private.h
+++ b/lib/common/crmcommon_private.h
@@ -96,6 +96,9 @@ void pcmk__free_acls(GList *acls);
G_GNUC_INTERNAL
void pcmk__unpack_acl(xmlNode *source, xmlNode *target, const char *user);
+G_GNUC_INTERNAL
+bool pcmk__is_user_in_group(const char *user, const char *group);
+
G_GNUC_INTERNAL
void pcmk__apply_acl(xmlNode *xml);
diff --git a/lib/common/utils.c b/lib/common/utils.c
index 2dfbef278..f23583acb 100644
--- a/lib/common/utils.c
+++ b/lib/common/utils.c
@@ -27,6 +27,7 @@
#include <time.h>
#include <libgen.h>
#include <signal.h>
+#include <grp.h>
#include <qb/qbdefs.h>
@@ -53,6 +54,38 @@ gboolean crm_config_error = FALSE;
gboolean crm_config_warning = FALSE;
char *crm_system_name = NULL;
+bool
+pcmk__is_user_in_group(const char *user, const char *group)
+{
+ struct group *grent;
+ char **gr_mem;
+
+ if (user == NULL || group == NULL) {
+ return false;
+ }
+
+ setgrent();
+ while ((grent = getgrent()) != NULL) {
+ if (grent->gr_mem == NULL) {
+ continue;
+ }
+
+ if(strcmp(group, grent->gr_name) != 0) {
+ continue;
+ }
+
+ gr_mem = grent->gr_mem;
+ while (*gr_mem != NULL) {
+ if (!strcmp(user, *gr_mem++)) {
+ endgrent();
+ return true;
+ }
+ }
+ }
+ endgrent();
+ return false;
+}
+
int
crm_user_lookup(const char *name, uid_t * uid, gid_t * gid)
{
--
2.31.1
From 5fbe5c310de00390fb36d866823a7745ba4812e3 Mon Sep 17 00:00:00 2001
From: Grace Chin <gchin@redhat.com>
Date: Mon, 13 Jun 2022 09:04:57 -0400
Subject: [PATCH 2/4] Add unit test for pcmk__is_user_in_group()
---
lib/common/Makefile.am | 2 +-
lib/common/mock.c | 31 +++++--
lib/common/mock_private.h | 11 +++
lib/common/tests/acl/Makefile.am | 11 ++-
.../tests/acl/pcmk__is_user_in_group_test.c | 92 +++++++++++++++++++
5 files changed, 137 insertions(+), 10 deletions(-)
create mode 100644 lib/common/tests/acl/pcmk__is_user_in_group_test.c
diff --git a/lib/common/Makefile.am b/lib/common/Makefile.am
index d7aae53bf..04d56dc3c 100644
--- a/lib/common/Makefile.am
+++ b/lib/common/Makefile.am
@@ -94,7 +94,7 @@ libcrmcommon_la_SOURCES += watchdog.c
libcrmcommon_la_SOURCES += xml.c
libcrmcommon_la_SOURCES += xpath.c
-WRAPPED = calloc getenv getpwnam_r uname
+WRAPPED = calloc getenv getpwnam_r uname setgrent getgrent endgrent
WRAPPED_FLAGS = $(foreach fn,$(WRAPPED),-Wl,--wrap=$(fn))
libcrmcommon_test_la_SOURCES = $(libcrmcommon_la_SOURCES)
diff --git a/lib/common/mock.c b/lib/common/mock.c
index 55812ddbc..fa9431e6d 100644
--- a/lib/common/mock.c
+++ b/lib/common/mock.c
@@ -11,6 +11,7 @@
#include <stdlib.h>
#include <sys/types.h>
#include <sys/utsname.h>
+#include <grp.h>
#include "mock_private.h"
@@ -18,13 +19,13 @@
* libcrmcommon_test.a, not into libcrmcommon.so. It is used to support
* constructing mock versions of library functions for unit testing.
*
- * Each unit test will only ever want to use a mocked version of one or two
- * library functions. However, we need to mark all the mocked functions as
- * wrapped (with -Wl,--wrap= in the LDFLAGS) in libcrmcommon_test.a so that
- * all those unit tests can share the same special test library. The unit
- * test then defines its own wrapped function. Because a unit test won't
- * define every single wrapped function, there will be undefined references
- * at link time.
+ * Each unit test will only ever want to use a mocked version of a few
+ * library functions (i.e. not all of them). However, we need to mark all
+ * the mocked functions as wrapped (with -Wl,--wrap= in the LDFLAGS) in
+ * libcrmcommon_test.a so that all those unit tests can share the same
+ * special test library. The unit test then defines its own wrapped
+ * function. Because a unit test won't define every single wrapped
+ * function, there will be undefined references at link time.
*
* This file takes care of those undefined references. It defines a
* wrapped version of every function that simply calls the real libc
@@ -74,3 +75,19 @@ int __attribute__((weak))
__wrap_uname(struct utsname *buf) {
return __real_uname(buf);
}
+
+void __attribute__((weak))
+__wrap_setgrent(void) {
+ __real_setgrent();
+}
+
+struct group * __attribute__((weak))
+__wrap_getgrent(void) {
+ return __real_getgrent();
+}
+
+void __attribute__((weak))
+__wrap_endgrent(void) {
+ __real_endgrent();
+}
+
diff --git a/lib/common/mock_private.h b/lib/common/mock_private.h
index 3df7c9839..0c1134cc3 100644
--- a/lib/common/mock_private.h
+++ b/lib/common/mock_private.h
@@ -14,6 +14,7 @@
#include <stdlib.h>
#include <sys/types.h>
#include <sys/utsname.h>
+#include <grp.h>
/* This header is for the sole use of libcrmcommon_test. */
@@ -31,4 +32,14 @@ int __wrap_getpwnam_r(const char *name, struct passwd *pwd,
int __real_uname(struct utsname *buf);
int __wrap_uname(struct utsname *buf);
+void __real_setgrent(void);
+void __wrap_setgrent(void);
+
+struct group *__real_getgrent(void);
+struct group *__wrap_getgrent(void);
+
+void __real_endgrent(void);
+void __wrap_endgrent(void);
+
+
#endif // MOCK_PRIVATE__H
diff --git a/lib/common/tests/acl/Makefile.am b/lib/common/tests/acl/Makefile.am
index 679c9cb8e..a73fc354c 100644
--- a/lib/common/tests/acl/Makefile.am
+++ b/lib/common/tests/acl/Makefile.am
@@ -1,19 +1,26 @@
#
-# Copyright 2021 the Pacemaker project contributors
+# Copyright 2021-2022 the Pacemaker project contributors
#
# The version control history for this file may have further details.
#
# This source code is licensed under the GNU General Public License version 2
# or later (GPLv2+) WITHOUT ANY WARRANTY.
#
-AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include
+AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir)/lib/common
LDADD = $(top_builddir)/lib/common/libcrmcommon.la -lcmocka
+pcmk__is_user_in_group_test_LDADD = $(top_builddir)/lib/common/libcrmcommon_test.la -lcmocka
+pcmk__is_user_in_group_test_LDFLAGS = \
+ -Wl,--wrap=setgrent \
+ -Wl,--wrap=getgrent \
+ -Wl,--wrap=endgrent
+
include $(top_srcdir)/mk/tap.mk
# Add "_test" to the end of all test program names to simplify .gitignore.
check_PROGRAMS = \
+ pcmk__is_user_in_group_test \
pcmk_acl_required_test \
xml_acl_denied_test \
xml_acl_enabled_test
diff --git a/lib/common/tests/acl/pcmk__is_user_in_group_test.c b/lib/common/tests/acl/pcmk__is_user_in_group_test.c
new file mode 100644
index 000000000..67b8c2c7c
--- /dev/null
+++ b/lib/common/tests/acl/pcmk__is_user_in_group_test.c
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2020-2022 the Pacemaker project contributors
+ *
+ * The version control history for this file may have further details.
+ *
+ * This source code is licensed under the GNU Lesser General Public License
+ * version 2.1 or later (LGPLv2.1+) WITHOUT ANY WARRANTY.
+ */
+
+#include <crm_internal.h>
+#include <crm/common/acl.h>
+#include "../../crmcommon_private.h"
+
+#include "mock_private.h"
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+// THe index of the group that is going to be returned next from "get group entry" (getgrent)
+static int group_idx = 0;
+
+// Data used for testing
+static const char* grp0_members[] = {
+ "user0", "user1", NULL
+};
+
+static const char* grp1_members[] = {
+ "user1", NULL
+};
+
+static const char* grp2_members[] = {
+ "user2", "user1", NULL
+};
+
+// an array of "groups" (a struct from grp.h), the members of the groups are initalized here to some testing data.
+// Casting away the consts to make the compiler happy and simplify initialization.
+// We never actually change these variables during the test!
+// string literal = const char* (cannot be changed b/c ? ) vs. char* (its getting casted to this)
+static const int NUM_GROUPS = 3;
+static struct group groups[] = {
+ {(char*)"grp0", (char*)"", 0, (char**)grp0_members},
+ {(char*)"grp1", (char*)"", 1, (char**)grp1_members},
+ {(char*)"grp2", (char*)"", 2, (char**)grp2_members},
+};
+
+// This function resets the group_idx to 0.
+void
+__wrap_setgrent(void) {
+ group_idx = 0;
+}
+
+// This function returns the next group entry in the list of groups, or
+// NULL if there aren't any left.
+// group_idx is a global variable which keeps track of where you are in the list
+struct group *
+__wrap_getgrent(void) {
+ if(group_idx >= NUM_GROUPS) return NULL;
+ return &groups[group_idx++];
+}
+
+void
+__wrap_endgrent(void) {
+}
+
+static void
+is_pcmk__is_user_in_group(void **state)
+{
+ // null user
+ assert_false(pcmk__is_user_in_group(NULL, "grp0"));
+ // null group
+ assert_false(pcmk__is_user_in_group("user0", NULL));
+ // nonexistent group
+ assert_false(pcmk__is_user_in_group("user0", "nonexistent_group"));
+ // user is in group
+ assert_true(pcmk__is_user_in_group("user0", "grp0"));
+ // user is not in group
+ assert_false(pcmk__is_user_in_group("user2", "grp0"));
+}
+
+int
+main(int argc, char **argv)
+{
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(is_pcmk__is_user_in_group)
+ };
+
+ cmocka_set_message_output(CM_OUTPUT_TAP);
+ return cmocka_run_group_tests(tests, NULL, NULL);
+}
--
2.31.1
From 1bb7fda60f5b8547d7457f20543b7e50089cf06b Mon Sep 17 00:00:00 2001
From: Grace Chin <gchin@redhat.com>
Date: Mon, 13 Jun 2022 09:17:36 -0400
Subject: [PATCH 3/4] Add ACL group support
closes T61
---
lib/common/acl.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/lib/common/acl.c b/lib/common/acl.c
index f68069bbd..d7f8469b1 100644
--- a/lib/common/acl.c
+++ b/lib/common/acl.c
@@ -320,6 +320,13 @@ pcmk__unpack_acl(xmlNode *source, xmlNode *target, const char *user)
crm_debug("Unpacking ACLs for user '%s'", id);
p->acls = parse_acl_entry(acls, child, p->acls);
}
+ } else if (!strcmp(tag, XML_ACL_TAG_GROUP)) {
+ const char *id = crm_element_value(child, XML_ATTR_ID);
+
+ if (id && pcmk__is_user_in_group(user,id)) {
+ crm_debug("Unpacking ACLs for group '%s'", id);
+ p->acls = parse_acl_entry(acls, child, p->acls);
+ }
}
}
}
--
2.31.1
From f4efd55d9424d34908ba3e2bcffe16c00b2cf660 Mon Sep 17 00:00:00 2001
From: Grace Chin <gchin@redhat.com>
Date: Mon, 13 Jun 2022 09:20:36 -0400
Subject: [PATCH 4/4] Allow acl_target and acl_group elements to take a 'name'
attribute to use a name different from 'id'
closes T60
---
include/crm/msg_xml.h | 1 +
lib/common/acl.c | 21 +++++++++++++++++----
2 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/include/crm/msg_xml.h b/include/crm/msg_xml.h
index b36dcf060..6470520b1 100644
--- a/include/crm/msg_xml.h
+++ b/include/crm/msg_xml.h
@@ -133,6 +133,7 @@ extern "C" {
# define XML_ATTR_VERSION "version"
# define XML_ATTR_DESC "description"
# define XML_ATTR_ID "id"
+# define XML_ATTR_NAME "name"
# define XML_ATTR_IDREF "id-ref"
# define XML_ATTR_ID_LONG "long-id"
# define XML_ATTR_TYPE "type"
diff --git a/lib/common/acl.c b/lib/common/acl.c
index d7f8469b1..b9f7472ee 100644
--- a/lib/common/acl.c
+++ b/lib/common/acl.c
@@ -278,8 +278,13 @@ pcmk__apply_acl(xmlNode *xml)
/*!
* \internal
- * \brief Unpack ACLs for a given user
- *
+ * \brief Unpack ACLs for a given user into the
+ * metadata of the target XML tree
+ *
+ * Taking the description of ACLs from the source XML tree and
+ * marking up the target XML tree with access information for the
+ * given user by tacking it onto the relevant nodes
+ *
* \param[in] source XML with ACL definitions
* \param[in,out] target XML that ACLs will be applied to
* \param[in] user Username whose ACLs need to be unpacked
@@ -314,14 +319,22 @@ pcmk__unpack_acl(xmlNode *source, xmlNode *target, const char *user)
if (!strcmp(tag, XML_ACL_TAG_USER)
|| !strcmp(tag, XML_ACL_TAG_USERv1)) {
- const char *id = crm_element_value(child, XML_ATTR_ID);
+ const char *id = crm_element_value(child, XML_ATTR_NAME);
+
+ if (id == NULL) {
+ id = crm_element_value(child, XML_ATTR_ID);
+ }
if (id && strcmp(id, user) == 0) {
crm_debug("Unpacking ACLs for user '%s'", id);
p->acls = parse_acl_entry(acls, child, p->acls);
}
} else if (!strcmp(tag, XML_ACL_TAG_GROUP)) {
- const char *id = crm_element_value(child, XML_ATTR_ID);
+ const char *id = crm_element_value(child, XML_ATTR_NAME);
+
+ if (id == NULL) {
+ id = crm_element_value(child, XML_ATTR_ID);
+ }
if (id && pcmk__is_user_in_group(user,id)) {
crm_debug("Unpacking ACLs for group '%s'", id);
--
2.31.1

2100
SOURCES/002-fencing-reasons.patch
View File

File diff suppressed because it is too large Load Diff

2476
SOURCES/003-fencing-reasons.patch
View File

File diff suppressed because it is too large Load Diff

88
SOURCES/003-regression.patch Normal file
View File

@ -0,0 +1,88 @@
From 9853f4d05a376062d60f2e4c90938e587992237b Mon Sep 17 00:00:00 2001
From: Chris Lumens <clumens@redhat.com>
Date: Mon, 27 Jun 2022 12:06:24 -0400
Subject: [PATCH 1/2] Fix: tools: Don't output "(null)" in crm_attribute's
quiet mode.
If the attribute queried for has no value, simply do not output
anything.
Regression in 2.1.3 introduced by 8c03553bbf
Fixes T502
See: rhbz#2099331
---
tools/crm_attribute.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tools/crm_attribute.c b/tools/crm_attribute.c
index 0bd9dee81..b1463f906 100644
--- a/tools/crm_attribute.c
+++ b/tools/crm_attribute.c
@@ -56,7 +56,9 @@ attribute_text(pcmk__output_t *out, va_list args)
char *host G_GNUC_UNUSED = va_arg(args, char *);
if (out->quiet) {
- pcmk__formatted_printf(out, "%s\n", value);
+ if (value != NULL) {
+ pcmk__formatted_printf(out, "%s\n", value);
+ }
} else {
out->info(out, "%s%s %s%s %s%s value=%s",
scope ? "scope=" : "", scope ? scope : "",
--
2.31.1
From 16d00a9b3ef27afd09f5c046ea1be50fc664ed84 Mon Sep 17 00:00:00 2001
From: Chris Lumens <clumens@redhat.com>
Date: Mon, 27 Jun 2022 12:18:06 -0400
Subject: [PATCH 2/2] Test: cts: Add a test for querying an attribute that does
not exist.
---
cts/cli/regression.tools.exp | 4 ++++
cts/cts-cli.in | 5 +++++
2 files changed, 9 insertions(+)
diff --git a/cts/cli/regression.tools.exp b/cts/cli/regression.tools.exp
index 0d1cfa2ab..464472d42 100644
--- a/cts/cli/regression.tools.exp
+++ b/cts/cli/regression.tools.exp
@@ -24,6 +24,10 @@ A new shadow instance was created. To begin using it paste the following into y
</cib>
=#=#=#= End test: Validate CIB - OK (0) =#=#=#=
* Passed: cibadmin - Validate CIB
+=#=#=#= Begin test: Query the value of an attribute that does not exist =#=#=#=
+crm_attribute: Error performing operation: No such device or address
+=#=#=#= End test: Query the value of an attribute that does not exist - No such object (105) =#=#=#=
+* Passed: crm_attribute - Query the value of an attribute that does not exist
=#=#=#= Begin test: Configure something before erasing =#=#=#=
=#=#=#= Current cib after: Configure something before erasing =#=#=#=
<cib epoch="2" num_updates="0" admin_epoch="0">
diff --git a/cts/cts-cli.in b/cts/cts-cli.in
index 8565c485a..b895d36ec 100755
--- a/cts/cts-cli.in
+++ b/cts/cts-cli.in
@@ -511,6 +511,10 @@ function test_tools() {
cmd="cibadmin -Q"
test_assert $CRM_EX_OK
+ desc="Query the value of an attribute that does not exist"
+ cmd="crm_attribute -n ABCD --query --quiet"
+ test_assert $CRM_EX_NOSUCH 0
+
desc="Configure something before erasing"
cmd="crm_attribute -n cluster-delay -v 60s"
test_assert $CRM_EX_OK
@@ -1980,6 +1984,7 @@ for t in $tests; do
-e 's/ end=\"[0-9][-+: 0-9]*Z*\"/ end=\"\"/' \
-e 's/ start=\"[0-9][-+: 0-9]*Z*\"/ start=\"\"/' \
-e 's/^Error checking rule: Device not configured/Error checking rule: No such device or address/' \
+ -e 's/Error performing operation: Device not configured/Error performing operation: No such device or address/' \
-e 's/\(Injecting attribute last-failure-ping#monitor_10000=\)[0-9]*/\1/' \
-e 's/^lt-//' \
-e 's/ocf::/ocf:/' \
--
2.31.1

624
SOURCES/004-schema.patch Normal file
View File

@ -0,0 +1,624 @@
From e8f96dec79bb33c11d39c9037ac623f18a67b539 Mon Sep 17 00:00:00 2001
From: Petr Pavlu <petr.pavlu@suse.com>
Date: Tue, 24 May 2022 18:08:57 +0200
Subject: [PATCH] Low: schemas: copy API schemas in preparation for changes
Copy crm_mon, crm_simulate and nodes API schemas in preparation for
changes and bump the external reference version in crm_mon and
crm_simulate to point to the new nodes schema.
---
include/crm/common/output_internal.h | 2 +-
xml/api/crm_mon-2.21.rng | 183 +++++++++++++++
xml/api/crm_simulate-2.21.rng | 338 +++++++++++++++++++++++++++
xml/api/nodes-2.21.rng | 51 ++++
4 files changed, 573 insertions(+), 1 deletion(-)
create mode 100644 xml/api/crm_mon-2.21.rng
create mode 100644 xml/api/crm_simulate-2.21.rng
create mode 100644 xml/api/nodes-2.21.rng
diff --git a/include/crm/common/output_internal.h b/include/crm/common/output_internal.h
index 577fd5247..74ee833c1 100644
--- a/include/crm/common/output_internal.h
+++ b/include/crm/common/output_internal.h
@@ -28,7 +28,7 @@ extern "C" {
*/
-# define PCMK__API_VERSION "2.20"
+# define PCMK__API_VERSION "2.21"
#if defined(PCMK__WITH_ATTRIBUTE_OUTPUT_ARGS)
# define PCMK__OUTPUT_ARGS(ARGS...) __attribute__((output_args(ARGS)))
diff --git a/xml/api/crm_mon-2.21.rng b/xml/api/crm_mon-2.21.rng
new file mode 100644
index 000000000..37036d665
--- /dev/null
+++ b/xml/api/crm_mon-2.21.rng
@@ -0,0 +1,183 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+ datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+
+ <start>
+ <ref name="element-crm-mon"/>
+ </start>
+
+ <define name="element-crm-mon">
+ <optional>
+ <ref name="element-summary" />
+ </optional>
+ <optional>
+ <ref name="nodes-list" />
+ </optional>
+ <optional>
+ <ref name="resources-list" />
+ </optional>
+ <optional>
+ <ref name="node-attributes-list" />
+ </optional>
+ <optional>
+ <externalRef href="node-history-2.12.rng"/>
+ </optional>
+ <optional>
+ <ref name="failures-list" />
+ </optional>
+ <optional>
+ <ref name="fence-event-list" />
+ </optional>
+ <optional>
+ <ref name="tickets-list" />
+ </optional>
+ <optional>
+ <ref name="bans-list" />
+ </optional>
+ </define>
+
+ <define name="element-summary">
+ <element name="summary">
+ <optional>
+ <element name="stack">
+ <attribute name="type"> <text /> </attribute>
+ </element>
+ </optional>
+ <optional>
+ <element name="current_dc">
+ <attribute name="present"> <data type="boolean" /> </attribute>
+ <optional>
+ <group>
+ <attribute name="version"> <text /> </attribute>
+ <attribute name="name"> <text /> </attribute>
+ <attribute name="id"> <text /> </attribute>
+ <attribute name="with_quorum"> <data type="boolean" /> </attribute>
+ </group>
+ </optional>
+ </element>
+ </optional>
+ <optional>
+ <element name="last_update">
+ <attribute name="time"> <text /> </attribute>
+ </element>
+ <element name="last_change">
+ <attribute name="time"> <text /> </attribute>
+ <attribute name="user"> <text /> </attribute>
+ <attribute name="client"> <text /> </attribute>
+ <attribute name="origin"> <text /> </attribute>
+ </element>
+ </optional>
+ <optional>
+ <element name="nodes_configured">
+ <attribute name="number"> <data type="nonNegativeInteger" /> </attribute>
+ </element>
+ <element name="resources_configured">
+ <attribute name="number"> <data type="nonNegativeInteger" /> </attribute>
+ <attribute name="disabled"> <data type="nonNegativeInteger" /> </attribute>
+ <attribute name="blocked"> <data type="nonNegativeInteger" /> </attribute>
+ </element>
+ </optional>
+ <optional>
+ <element name="cluster_options">
+ <attribute name="stonith-enabled"> <data type="boolean" /> </attribute>
+ <attribute name="symmetric-cluster"> <data type="boolean" /> </attribute>
+ <attribute name="no-quorum-policy"> <text /> </attribute>
+ <attribute name="maintenance-mode"> <data type="boolean" /> </attribute>
+ <attribute name="stop-all-resources"> <data type="boolean" /> </attribute>
+ <attribute name="stonith-timeout-ms"> <data type="integer" /> </attribute>
+ <attribute name="priority-fencing-delay-ms"> <data type="integer" /> </attribute>
+ </element>
+ </optional>
+ </element>
+ </define>
+
+ <define name="resources-list">
+ <element name="resources">
+ <zeroOrMore>
+ <externalRef href="resources-2.4.rng" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="nodes-list">
+ <element name="nodes">
+ <zeroOrMore>
+ <externalRef href="nodes-2.21.rng" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="node-attributes-list">
+ <element name="node_attributes">
+ <zeroOrMore>
+ <externalRef href="node-attrs-2.8.rng" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="failures-list">
+ <element name="failures">
+ <zeroOrMore>
+ <externalRef href="failure-2.8.rng" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="fence-event-list">
+ <element name="fence_history">
+ <optional>
+ <attribute name="status"> <data type="integer" /> </attribute>
+ </optional>
+ <zeroOrMore>
+ <externalRef href="fence-event-2.15.rng" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="tickets-list">
+ <element name="tickets">
+ <zeroOrMore>
+ <ref name="element-ticket" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="bans-list">
+ <element name="bans">
+ <zeroOrMore>
+ <ref name="element-ban" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="element-ticket">
+ <element name="ticket">
+ <attribute name="id"> <text /> </attribute>
+ <attribute name="status">
+ <choice>
+ <value>granted</value>
+ <value>revoked</value>
+ </choice>
+ </attribute>
+ <attribute name="standby"> <data type="boolean" /> </attribute>
+ <optional>
+ <attribute name="last-granted"> <text /> </attribute>
+ </optional>
+ </element>
+ </define>
+
+ <define name="element-ban">
+ <element name="ban">
+ <attribute name="id"> <text /> </attribute>
+ <attribute name="resource"> <text /> </attribute>
+ <attribute name="node"> <text /> </attribute>
+ <attribute name="weight"> <data type="integer" /> </attribute>
+ <attribute name="promoted-only"> <data type="boolean" /> </attribute>
+ <!-- DEPRECATED: master_only is a duplicate of promoted-only that is
+ provided solely for API backward compatibility. It will be
+ removed in a future release. Check promoted-only instead.
+ -->
+ <attribute name="master_only"> <data type="boolean" /> </attribute>
+ </element>
+ </define>
+</grammar>
diff --git a/xml/api/crm_simulate-2.21.rng b/xml/api/crm_simulate-2.21.rng
new file mode 100644
index 000000000..75a9b399b
--- /dev/null
+++ b/xml/api/crm_simulate-2.21.rng
@@ -0,0 +1,338 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+ datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+
+ <start>
+ <ref name="element-crm-simulate"/>
+ </start>
+
+ <define name="element-crm-simulate">
+ <choice>
+ <ref name="timings-list" />
+ <group>
+ <ref name="cluster-status" />
+ <optional>
+ <ref name="modifications-list" />
+ </optional>
+ <optional>
+ <ref name="allocations-utilizations-list" />
+ </optional>
+ <optional>
+ <ref name="action-list" />
+ </optional>
+ <optional>
+ <ref name="cluster-injected-actions-list" />
+ <ref name="revised-cluster-status" />
+ </optional>
+ </group>
+ </choice>
+ </define>
+
+ <define name="allocations-utilizations-list">
+ <choice>
+ <element name="allocations">
+ <zeroOrMore>
+ <choice>
+ <ref name="element-allocation" />
+ <ref name="element-promotion" />
+ </choice>
+ </zeroOrMore>
+ </element>
+ <element name="utilizations">
+ <zeroOrMore>
+ <choice>
+ <ref name="element-capacity" />
+ <ref name="element-utilization" />
+ </choice>
+ </zeroOrMore>
+ </element>
+ <element name="allocations_utilizations">
+ <zeroOrMore>
+ <choice>
+ <ref name="element-allocation" />
+ <ref name="element-promotion" />
+ <ref name="element-capacity" />
+ <ref name="element-utilization" />
+ </choice>
+ </zeroOrMore>
+ </element>
+ </choice>
+ </define>
+
+ <define name="cluster-status">
+ <element name="cluster_status">
+ <ref name="nodes-list" />
+ <ref name="resources-list" />
+ <optional>
+ <ref name="node-attributes-list" />
+ </optional>
+ <optional>
+ <externalRef href="node-history-2.12.rng" />
+ </optional>
+ <optional>
+ <ref name="failures-list" />
+ </optional>
+ </element>
+ </define>
+
+ <define name="modifications-list">
+ <element name="modifications">
+ <optional>
+ <attribute name="quorum"> <text /> </attribute>
+ </optional>
+ <optional>
+ <attribute name="watchdog"> <text /> </attribute>
+ </optional>
+ <zeroOrMore>
+ <ref name="element-inject-modify-node" />
+ </zeroOrMore>
+ <zeroOrMore>
+ <ref name="element-inject-modify-ticket" />
+ </zeroOrMore>
+ <zeroOrMore>
+ <ref name="element-inject-spec" />
+ </zeroOrMore>
+ <zeroOrMore>
+ <ref name="element-inject-attr" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="revised-cluster-status">
+ <element name="revised_cluster_status">
+ <ref name="nodes-list" />
+ <ref name="resources-list" />
+ <optional>
+ <ref name="node-attributes-list" />
+ </optional>
+ <optional>
+ <ref name="failures-list" />
+ </optional>
+ </element>
+ </define>
+
+ <define name="element-inject-attr">
+ <element name="inject_attr">
+ <attribute name="cib_node"> <text /> </attribute>
+ <attribute name="name"> <text /> </attribute>
+ <attribute name="node_path"> <text /> </attribute>
+ <attribute name="value"> <text /> </attribute>
+ </element>
+ </define>
+
+ <define name="element-inject-modify-node">
+ <element name="modify_node">
+ <attribute name="action"> <text /> </attribute>
+ <attribute name="node"> <text /> </attribute>
+ </element>
+ </define>
+
+ <define name="element-inject-spec">
+ <element name="inject_spec">
+ <attribute name="spec"> <text /> </attribute>
+ </element>
+ </define>
+
+ <define name="element-inject-modify-ticket">
+ <element name="modify_ticket">
+ <attribute name="action"> <text /> </attribute>
+ <attribute name="ticket"> <text /> </attribute>
+ </element>
+ </define>
+
+ <define name="cluster-injected-actions-list">
+ <element name="transition">
+ <zeroOrMore>
+ <ref name="element-injected-actions" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="node-attributes-list">
+ <element name="node_attributes">
+ <zeroOrMore>
+ <externalRef href="node-attrs-2.8.rng" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="failures-list">
+ <element name="failures">
+ <zeroOrMore>
+ <externalRef href="failure-2.8.rng" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="nodes-list">
+ <element name="nodes">
+ <zeroOrMore>
+ <externalRef href="nodes-2.21.rng" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="resources-list">
+ <element name="resources">
+ <zeroOrMore>
+ <externalRef href="resources-2.4.rng" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="timings-list">
+ <element name="timings">
+ <zeroOrMore>
+ <ref name="element-timing" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="action-list">
+ <element name="actions">
+ <zeroOrMore>
+ <ref name="element-node-action" />
+ </zeroOrMore>
+ <zeroOrMore>
+ <ref name="element-rsc-action" />
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="element-allocation">
+ <element name="node_weight">
+ <attribute name="function"> <text /> </attribute>
+ <attribute name="node"> <text /> </attribute>
+ <externalRef href="../score.rng" />
+ <optional>
+ <attribute name="id"> <text /> </attribute>
+ </optional>
+ </element>
+ </define>
+
+ <define name="element-capacity">
+ <element name="capacity">
+ <attribute name="comment"> <text /> </attribute>
+ <attribute name="node"> <text /> </attribute>
+ <zeroOrMore>
+ <element>
+ <anyName />
+ <text />
+ </element>
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <define name="element-inject-cluster-action">
+ <element name="cluster_action">
+ <attribute name="node"> <text /> </attribute>
+ <attribute name="task"> <text /> </attribute>
+ <optional>
+ <attribute name="id"> <text /> </attribute>
+ </optional>
+ </element>
+ </define>
+
+ <define name="element-injected-actions">
+ <choice>
+ <ref name="element-inject-cluster-action" />
+ <ref name="element-inject-fencing-action" />
+ <ref name="element-inject-pseudo-action" />
+ <ref name="element-inject-rsc-action" />
+ </choice>
+ </define>
+
+ <define name="element-inject-fencing-action">
+ <element name="fencing_action">
+ <attribute name="op"> <text /> </attribute>
+ <attribute name="target"> <text /> </attribute>
+ </element>
+ </define>
+
+ <define name="element-node-action">
+ <element name="node_action">
+ <attribute name="node"> <text /> </attribute>
+ <attribute name="reason"> <text /> </attribute>
+ <attribute name="task"> <text /> </attribute>
+ </element>
+ </define>
+
+ <define name="element-promotion">
+ <element name="promotion_score">
+ <attribute name="id"> <text /> </attribute>
+ <externalRef href="../score.rng" />
+ <optional>
+ <attribute name="node"> <text /> </attribute>
+ </optional>
+ </element>
+ </define>
+
+ <define name="element-inject-pseudo-action">
+ <element name="pseudo_action">
+ <attribute name="task"> <text /> </attribute>
+ <optional>
+ <attribute name="node"> <text /> </attribute>
+ </optional>
+ </element>
+ </define>
+
+ <define name="element-inject-rsc-action">
+ <element name="rsc_action">
+ <attribute name="node"> <text /> </attribute>
+ <attribute name="op"> <text /> </attribute>
+ <attribute name="resource"> <text /> </attribute>
+ <optional>
+ <attribute name="interval"> <data type="integer" /> </attribute>
+ </optional>
+ </element>
+ </define>
+
+ <define name="element-timing">
+ <element name="timing">
+ <attribute name="file"> <text /> </attribute>
+ <attribute name="duration"> <data type="double" /> </attribute>
+ </element>
+ </define>
+
+ <define name="element-rsc-action">
+ <element name="rsc_action">
+ <attribute name="action"> <text /> </attribute>
+ <attribute name="resource"> <text /> </attribute>
+ <optional>
+ <attribute name="blocked"> <data type="boolean" /> </attribute>
+ </optional>
+ <optional>
+ <attribute name="dest"> <text /> </attribute>
+ </optional>
+ <optional>
+ <attribute name="next-role"> <text /> </attribute>
+ </optional>
+ <optional>
+ <attribute name="node"> <text /> </attribute>
+ </optional>
+ <optional>
+ <attribute name="reason"> <text /> </attribute>
+ </optional>
+ <optional>
+ <attribute name="role"> <text /> </attribute>
+ </optional>
+ <optional>
+ <attribute name="source"> <text /> </attribute>
+ </optional>
+ </element>
+ </define>
+
+ <define name="element-utilization">
+ <element name="utilization">
+ <attribute name="function"> <text /> </attribute>
+ <attribute name="node"> <text /> </attribute>
+ <attribute name="resource"> <text /> </attribute>
+ <zeroOrMore>
+ <element>
+ <anyName />
+ <text />
+ </element>
+ </zeroOrMore>
+ </element>
+ </define>
+</grammar>
diff --git a/xml/api/nodes-2.21.rng b/xml/api/nodes-2.21.rng
new file mode 100644
index 000000000..df4c77f37
--- /dev/null
+++ b/xml/api/nodes-2.21.rng
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<grammar xmlns="http://relaxng.org/ns/structure/1.0"
+ datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+
+ <start>
+ <ref name="element-full-node"/>
+ </start>
+
+ <define name="element-full-node">
+ <element name="node">
+ <attribute name="name"> <text/> </attribute>
+ <attribute name="id"> <text/> </attribute>
+ <attribute name="online"> <data type="boolean" /> </attribute>
+ <attribute name="standby"> <data type="boolean" /> </attribute>
+ <attribute name="standby_onfail"> <data type="boolean" /> </attribute>
+ <attribute name="maintenance"> <data type="boolean" /> </attribute>
+ <attribute name="pending"> <data type="boolean" /> </attribute>
+ <attribute name="unclean"> <data type="boolean" /> </attribute>
+ <optional>
+ <attribute name="health">
+ <choice>
+ <value>red</value>
+ <value>yellow</value>
+ <value>green</value>
+ </choice>
+ </attribute>
+ </optional>
+ <attribute name="shutdown"> <data type="boolean" /> </attribute>
+ <attribute name="expected_up"> <data type="boolean" /> </attribute>
+ <attribute name="is_dc"> <data type="boolean" /> </attribute>
+ <attribute name="resources_running"> <data type="nonNegativeInteger" /> </attribute>
+ <attribute name="type">
+ <choice>
+ <value>unknown</value>
+ <value>member</value>
+ <value>remote</value>
+ <value>ping</value>
+ </choice>
+ </attribute>
+ <optional>
+ <!-- for virtualized pacemaker_remote nodes, crm_mon 1.1.13 uses
+ "container_id" while later versions use "id_as_resource" -->
+ <choice>
+ <attribute name="container_id"> <text/> </attribute>
+ <attribute name="id_as_resource"> <text/> </attribute>
+ </choice>
+ </optional>
+ <externalRef href="resources-2.4.rng" />
+ </element>
+ </define>
+</grammar>
--
2.31.1

73
SOURCES/004-systemd-metadata.patch
View File

@ -1,73 +0,0 @@
From 09ef95a2eed48b4eb7488788a1b655d67eafe783 Mon Sep 17 00:00:00 2001
From: Chris Lumens <clumens@redhat.com>
Date: Tue, 30 Nov 2021 14:47:12 -0500
Subject: [PATCH] Low: libcrmservice: Handle systemd service templates.
These unit files (which have an @ sign at the end) expect to be
parameterized by an instance name. Not providing an instance name
causes the dbus lookup to fail, and we fall back to assume this is an
LSB service. If the user doesn't provide an instance name, just add a
fake one. It doesn't seem to matter what name is given for the lookup.
See: rhbz#2003151
---
lib/services/systemd.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/lib/services/systemd.c b/lib/services/systemd.c
index 8e9fff484..27a3b376d 100644
--- a/lib/services/systemd.c
+++ b/lib/services/systemd.c
@@ -206,17 +206,27 @@ systemd_unit_extension(const char *name)
}
static char *
-systemd_service_name(const char *name)
+systemd_service_name(const char *name, bool add_instance_name)
{
- if (name == NULL) {
+ if (pcmk__str_empty(name)) {
return NULL;
}
if (systemd_unit_extension(name)) {
return strdup(name);
- }
- return crm_strdup_printf("%s.service", name);
+ /* Services that end with an @ sign are systemd templates. They expect an
+ * instance name to follow the service name. If no instance name was
+ * provided, just add "x" to the string as the instance name. It doesn't
+ * seem to matter for purposes of looking up whether a service exists or
+ * not.
+ */
+ } else if (add_instance_name && *(name+strlen(name)-1) == '@') {
+ return crm_strdup_printf("%sx.service", name);
+
+ } else {
+ return crm_strdup_printf("%s.service", name);
+ }
}
static void
@@ -427,7 +437,7 @@ invoke_unit_by_name(const char *arg_name, svc_action_t *op, char **path)
CRM_ASSERT(msg != NULL);
// Add the (expanded) unit name as the argument
- name = systemd_service_name(arg_name);
+ name = systemd_service_name(arg_name, op == NULL || pcmk__str_eq(op->action, "meta-data", pcmk__str_none));
CRM_LOG_ASSERT(dbus_message_append_args(msg, DBUS_TYPE_STRING, &name,
DBUS_TYPE_INVALID));
free(name);
@@ -944,7 +954,7 @@ invoke_unit_by_path(svc_action_t *op, const char *unit)
/* (ss) */
{
const char *replace_s = "replace";
- char *name = systemd_service_name(op->agent);
+ char *name = systemd_service_name(op->agent, pcmk__str_eq(op->action, "meta-data", pcmk__str_none));
CRM_LOG_ASSERT(dbus_message_append_args(msg, DBUS_TYPE_STRING, &name, DBUS_TYPE_INVALID));
CRM_LOG_ASSERT(dbus_message_append_args(msg, DBUS_TYPE_STRING, &replace_s, DBUS_TYPE_INVALID));
--
2.27.0

2200
SOURCES/005-fencing-reasons.patch
View File

File diff suppressed because it is too large Load Diff

46
SOURCES/005-schema.patch Normal file
View File

@ -0,0 +1,46 @@
From 5b6280ac1a213e176aee6d61945b3283ea060a88 Mon Sep 17 00:00:00 2001
From: Petr Pavlu <petr.pavlu@suse.com>
Date: Tue, 24 May 2022 18:02:31 +0200
Subject: [PATCH] Feature: tools: report CRM feature set of nodes by crm_mon
Enable crm_mon to report when CRM feature set is not consistent among
online nodes and output a version of each node if --show-detail is
specified.
---
xml/api/crm_mon-2.21.rng | 3 +
xml/api/nodes-2.21.rng | 3 +
9 files changed, 508 insertions(+), 125 deletions(-)
create mode 100644 cts/cli/crm_mon-feature_set.xml
create mode 100644 cts/cli/regression.feature_set.exp
diff --git a/xml/api/crm_mon-2.21.rng b/xml/api/crm_mon-2.21.rng
index 37036d665..e99bcc3d7 100644
--- a/xml/api/crm_mon-2.21.rng
+++ b/xml/api/crm_mon-2.21.rng
@@ -54,6 +54,9 @@
<attribute name="with_quorum"> <data type="boolean" /> </attribute>
</group>
</optional>
+ <optional>
+ <attribute name="mixed_version"> <data type="boolean" /> </attribute>
+ </optional>
</element>
</optional>
<optional>
diff --git a/xml/api/nodes-2.21.rng b/xml/api/nodes-2.21.rng
index df4c77f37..7e236ba63 100644
--- a/xml/api/nodes-2.21.rng
+++ b/xml/api/nodes-2.21.rng
@@ -25,6 +25,9 @@
</choice>
</attribute>
</optional>
+ <optional>
+ <attribute name="feature_set"> <text/> </attribute>
+ </optional>
<attribute name="shutdown"> <data type="boolean" /> </attribute>
<attribute name="expected_up"> <data type="boolean" /> </attribute>
<attribute name="is_dc"> <data type="boolean" /> </attribute>
--
2.31.1

1686
SOURCES/006-crm_resource.patch Normal file
View File

File diff suppressed because it is too large Load Diff

143
SOURCES/006-stateful-metadata.patch
View File

@ -1,143 +0,0 @@
From b52fe799c89637e2a761a5725c2376db5c05f2d1 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Tue, 30 Nov 2021 15:51:54 -0600
Subject: [PATCH 1/2] Low: resources: remove DOCTYPE from OCF 1.1-compliant
agents
OCF 1.1 replaced the DTD schema with RNG, but DOCTYPE still refers to the DTD.
There's no DOCTYPE for RNG, and DOCTYPE is optional, so just remove it.
---
extra/resources/Dummy | 3 +--
extra/resources/HealthIOWait | 3 +--
extra/resources/Stateful | 3 +--
extra/resources/attribute | 3 +--
extra/resources/ping | 3 +--
extra/resources/remote | 3 +--
6 files changed, 6 insertions(+), 12 deletions(-)
diff --git a/extra/resources/Dummy b/extra/resources/Dummy
index a344deac0..56584e564 100755
--- a/extra/resources/Dummy
+++ b/extra/resources/Dummy
@@ -58,8 +58,7 @@
meta_data() {
cat <<END
<?xml version="1.0"?>
-<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
-<resource-agent name="Dummy" version="2.0">
+<resource-agent name="Dummy" version="2.1">
<version>1.1</version>
<longdesc lang="en">
diff --git a/extra/resources/HealthIOWait b/extra/resources/HealthIOWait
index 43a8b70c4..5f1483ef7 100755
--- a/extra/resources/HealthIOWait
+++ b/extra/resources/HealthIOWait
@@ -25,8 +25,7 @@
meta_data() {
cat <<END
<?xml version="1.0"?>
-<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
-<resource-agent name="HealthIOWait" version="1.1">
+<resource-agent name="HealthIOWait" version="1.2">
<version>1.1</version>
<longdesc lang="en">
diff --git a/extra/resources/Stateful b/extra/resources/Stateful
index ae3424bbf..0d2062d51 100755
--- a/extra/resources/Stateful
+++ b/extra/resources/Stateful
@@ -39,8 +39,7 @@ SCORE_PROMOTED=10
meta_data() {
cat <<END
<?xml version="1.0"?>
-<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
-<resource-agent name="Stateful" version="1.1">
+<resource-agent name="Stateful" version="1.2">
<version>1.1</version>
<longdesc lang="en">
diff --git a/extra/resources/attribute b/extra/resources/attribute
index 1800dff8f..a2bd353e0 100755
--- a/extra/resources/attribute
+++ b/extra/resources/attribute
@@ -57,8 +57,7 @@ END
meta_data() {
cat <<END
<?xml version="1.0"?>
-<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
-<resource-agent name="attribute" version="1.1">
+<resource-agent name="attribute" version="1.2">
<version>1.1</version>
<shortdesc lang="en">Manages a node attribute</shortdesc>
<longdesc lang="en">
diff --git a/extra/resources/ping b/extra/resources/ping
index 6e296979f..7cc6b802d 100755
--- a/extra/resources/ping
+++ b/extra/resources/ping
@@ -36,8 +36,7 @@
meta_data() {
cat <<END
<?xml version="1.0"?>
-<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
-<resource-agent name="ping" version="1.1">
+<resource-agent name="ping" version="1.2">
<version>1.1</version>
<longdesc lang="en">
diff --git a/extra/resources/remote b/extra/resources/remote
index a53262bb6..f7e40dc81 100755
--- a/extra/resources/remote
+++ b/extra/resources/remote
@@ -24,8 +24,7 @@
meta_data() {
cat <<END
<?xml version="1.0"?>
-<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
-<resource-agent name="remote" version="1.0">
+<resource-agent name="remote" version="1.1">
<version>1.1</version>
<shortdesc lang="en">Pacemaker Remote connection</shortdesc>
<parameters>
--
2.27.0
From 70f469120f8db6a024c786466ee74a6c7fbd1f43 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Tue, 30 Nov 2021 15:53:39 -0600
Subject: [PATCH 2/2] Fix: resources: use correct syntax in Stateful meta-data
The OCF standard only allows "0" or "1" for booleans.
This fixes incorrect ocf:pacemaker:Stateful meta-data syntax introduced by
7024398 as a regression in the 2.1.0 release.
---
extra/resources/Stateful | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/extra/resources/Stateful b/extra/resources/Stateful
index 0d2062d51..2ebe6725f 100755
--- a/extra/resources/Stateful
+++ b/extra/resources/Stateful
@@ -57,7 +57,7 @@ Location to store the resource state in
<content type="string" default="${HA_VARRUN%%/}/Stateful-${OCF_RESOURCE_INSTANCE}.state" />
</parameter>
-<parameter name="envfile" reloadable="true">
+<parameter name="envfile" reloadable="1">
<longdesc lang="en">
If this is set, the environment will be dumped to this file for every call.
</longdesc>
@@ -65,7 +65,7 @@ If this is set, the environment will be dumped to this file for every call.
<content type="string" default="" />
</parameter>
-<parameter name="notify_delay" reloadable="true">
+<parameter name="notify_delay" reloadable="1">
<longdesc lang="en">
The notify action will sleep for this many seconds before returning,
to simulate a long-running notify.
--
2.27.0

39
SOURCES/007-memory-leak.patch
View File

@ -1,39 +0,0 @@
From f491d9d5a7ed554fed985de356bb085fdec3421c Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Tue, 7 Dec 2021 09:01:00 -0600
Subject: [PATCH] Fix: fencer: avoid memory leak when broadcasting history
differences
Regression introduced in 2.1.0 by dbc27b2
---
daemons/fenced/fenced_history.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/daemons/fenced/fenced_history.c b/daemons/fenced/fenced_history.c
index bc159383c..a9c57dc86 100644
--- a/daemons/fenced/fenced_history.c
+++ b/daemons/fenced/fenced_history.c
@@ -484,8 +484,6 @@ stonith_fence_history(xmlNode *msg, xmlNode **output,
!pcmk__str_eq(remote_peer, stonith_our_uname, pcmk__str_casei)) {
xmlNode *history = get_xpath_object("//" F_STONITH_HISTORY_LIST,
msg, LOG_NEVER);
- GHashTable *received_history =
- history?stonith_xml_history_to_list(history):NULL;
/* either a broadcast created directly upon stonith-API request
* or a diff as response to such a thing
@@ -497,6 +495,11 @@ stonith_fence_history(xmlNode *msg, xmlNode **output,
if (!history ||
!crm_is_true(crm_element_value(history,
F_STONITH_DIFFERENTIAL))) {
+ GHashTable *received_history = NULL;
+
+ if (history != NULL) {
+ received_history = stonith_xml_history_to_list(history);
+ }
out_history =
stonith_local_history_diff_and_merge(received_history, TRUE, NULL);
if (out_history) {
--
2.27.0

108
SOURCES/007-stonith_admin.patch Normal file
View File

@ -0,0 +1,108 @@
From d6294dd28b6d95ad3844824996717f9959d97ac6 Mon Sep 17 00:00:00 2001
From: Reid Wahl <nrwahl@protonmail.com>
Date: Thu, 30 Jun 2022 11:07:32 -0700
Subject: [PATCH 1/2] Fix: Use correct boolean in stonith__validate_agent_xml
This fixes a regression introduced by 91a2b2e that flips the boolean
values for "valid" in the XML output.
Resolves: RHBZ#2102292 (partial)
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
---
lib/fencing/st_output.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/lib/fencing/st_output.c b/lib/fencing/st_output.c
index e0ff848c2..eb10ad0c5 100644
--- a/lib/fencing/st_output.c
+++ b/lib/fencing/st_output.c
@@ -528,10 +528,9 @@ validate_agent_xml(pcmk__output_t *out, va_list args) {
char *error_output = va_arg(args, char *);
int rc = va_arg(args, int);
- xmlNodePtr node = pcmk__output_create_xml_node(out, "validate",
- "agent", agent,
- "valid", pcmk__btoa(rc),
- NULL);
+ xmlNodePtr node = pcmk__output_create_xml_node(
+ out, "validate", "agent", agent, "valid", pcmk__btoa(rc == pcmk_ok),
+ NULL);
if (device != NULL) {
crm_xml_add(node, "device", device);
--
2.31.1
From 81e83683e69b4f147f40f5353f8e68032758a104 Mon Sep 17 00:00:00 2001
From: Reid Wahl <nrwahl@protonmail.com>
Date: Wed, 29 Jun 2022 18:15:33 -0700
Subject: [PATCH 2/2] Fix: Use failed action result in rhcs_validate and
_get_metadata
If an action failed but has a non-NULL result, get the rc and other
attributes from that result.
This fixes a regression introduced by b441925, in which failure XML
output now contains a CRM_EX_CONNECTED rc instead of the correct one and
does not contain stdout/stderr. That commit caused
services__execute_file() to return a proper rc instead of TRUE. A
non-pcmk_ok bubbled up the call chain causing
internal_stonith_action_execute() to return -ECONNABORTED. Then
rhcs_validate() and _get_metadata() would use this rc instead of the one
attached to the result.
Resolves: RHBZ#2102292
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
---
lib/fencing/st_rhcs.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/fencing/st_rhcs.c b/lib/fencing/st_rhcs.c
index 39485013e..029c97eea 100644
--- a/lib/fencing/st_rhcs.c
+++ b/lib/fencing/st_rhcs.c
@@ -130,16 +130,15 @@ stonith__rhcs_get_metadata(const char *agent, int timeout, xmlNode **metadata)
stonith_action_t *action = stonith_action_create(agent, "metadata", NULL, 0,
5, NULL, NULL, NULL);
int rc = stonith__execute(action);
+ result = stonith__action_result(action);
- if (rc < 0) {
+ if (rc < 0 && result == NULL) {
crm_warn("Could not execute metadata action for %s: %s "
CRM_XS " rc=%d", agent, pcmk_strerror(rc), rc);
stonith__destroy_action(action);
return rc;
}
- result = stonith__action_result(action);
-
if (result->execution_status != PCMK_EXEC_DONE) {
crm_warn("Could not execute metadata action for %s: %s",
agent, pcmk_exec_status_str(result->execution_status));
@@ -262,6 +261,7 @@ stonith__rhcs_validate(stonith_t *st, int call_options, const char *target,
int remaining_timeout = timeout;
xmlNode *metadata = NULL;
stonith_action_t *action = NULL;
+ pcmk__action_result_t *result = NULL;
if (host_arg == NULL) {
time_t start_time = time(NULL);
@@ -298,9 +298,9 @@ stonith__rhcs_validate(stonith_t *st, int call_options, const char *target,
NULL, host_arg);
rc = stonith__execute(action);
- if (rc == pcmk_ok) {
- pcmk__action_result_t *result = stonith__action_result(action);
+ result = stonith__action_result(action);
+ if (result != NULL) {
rc = pcmk_rc2legacy(stonith__result2rc(result));
// Take ownership of output so stonith__destroy_action() doesn't free it
--
2.31.1

43
SOURCES/008-fencing-history.patch
View File

@ -1,43 +0,0 @@
From 0339e89f3238b31df78b864dae8684b82c370741 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Mon, 13 Dec 2021 15:22:40 -0600
Subject: [PATCH] Fix: fencer: get current time correctly
f52bc8e1ce (2.1.2) introduced a regression by using clock_gettime() with
CLOCK_MONOTONIC to get the current time. Use qb_util_timespec_from_epoch_get()
instead (which as of this writing uses clock_gettime() with CLOCK_REALTIME if
available, and falls back to gettimeofday() if not).
---
daemons/fenced/fenced_commands.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/daemons/fenced/fenced_commands.c b/daemons/fenced/fenced_commands.c
index f34cb4f13..7685cb8c3 100644
--- a/daemons/fenced/fenced_commands.c
+++ b/daemons/fenced/fenced_commands.c
@@ -2746,19 +2746,14 @@ bool fencing_peer_active(crm_node_t *peer)
return FALSE;
}
-void set_fencing_completed(remote_fencing_op_t * op)
+void
+set_fencing_completed(remote_fencing_op_t *op)
{
-#ifdef CLOCK_MONOTONIC
struct timespec tv;
- clock_gettime(CLOCK_MONOTONIC, &tv);
-
+ qb_util_timespec_from_epoch_get(&tv);
op->completed = tv.tv_sec;
op->completed_nsec = tv.tv_nsec;
-#else
- op->completed = time(NULL);
- op->completed_nsec = 0L;
-#endif
}
/*!
--
2.27.0

34
SOURCES/008-metadata.patch Normal file
View File

@ -0,0 +1,34 @@
From e4d9c795dfe2d6737c777a265292864da98dae8f Mon Sep 17 00:00:00 2001
From: Reid Wahl <nrwahl@protonmail.com>
Date: Thu, 30 Jun 2022 14:40:31 -0700
Subject: [PATCH] Low: Always null-check result in stonith__rhcs_get_metadata
Null-check result even if rc == 0.
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
---
lib/fencing/st_rhcs.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/lib/fencing/st_rhcs.c b/lib/fencing/st_rhcs.c
index 029c97eea..dfccff2cb 100644
--- a/lib/fencing/st_rhcs.c
+++ b/lib/fencing/st_rhcs.c
@@ -132,9 +132,11 @@ stonith__rhcs_get_metadata(const char *agent, int timeout, xmlNode **metadata)
int rc = stonith__execute(action);
result = stonith__action_result(action);
- if (rc < 0 && result == NULL) {
- crm_warn("Could not execute metadata action for %s: %s "
- CRM_XS " rc=%d", agent, pcmk_strerror(rc), rc);
+ if (result == NULL) {
+ if (rc < 0) {
+ crm_warn("Could not execute metadata action for %s: %s "
+ CRM_XS " rc=%d", agent, pcmk_strerror(rc), rc);
+ }
stonith__destroy_action(action);
return rc;
}
--
2.31.1

2985
SOURCES/009-fencing-reasons.patch
View File

File diff suppressed because it is too large Load Diff

94
SOURCES/009-validate.patch Normal file
View File

@ -0,0 +1,94 @@
From d00a6abde7e6a41f8bc6085c875cb8072aff499b Mon Sep 17 00:00:00 2001
From: Chris Lumens <clumens@redhat.com>
Date: Thu, 30 Jun 2022 09:25:05 -0400
Subject: [PATCH 1/2] Fix: libstonithd: Add the "Agent not found..." message to
formatted output.
---
lib/fencing/st_client.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/lib/fencing/st_client.c b/lib/fencing/st_client.c
index 137642af7..971bbe9a5 100644
--- a/lib/fencing/st_client.c
+++ b/lib/fencing/st_client.c
@@ -1763,9 +1763,14 @@ stonith_api_validate(stonith_t *st, int call_options, const char *rsc_id,
default:
rc = -EINVAL;
errno = EINVAL;
- crm_perror(LOG_ERR,
- "Agent %s not found or does not support validation",
- agent);
+
+ if (error_output) {
+ *error_output = crm_strdup_printf("Agent %s not found or does not support validation",
+ agent);
+ } else {
+ crm_err("Agent %s not found or does not support validation", agent);
+ }
+
break;
}
g_hash_table_destroy(params_table);
--
2.31.1
From f3a5fc961c30556b975011773e4cebf323bec38e Mon Sep 17 00:00:00 2001
From: Chris Lumens <clumens@redhat.com>
Date: Fri, 1 Jul 2022 10:38:45 -0400
Subject: [PATCH 2/2] Refactor: libstonithd: Split apart error conditions when
validating.
The "not found" and "can't validate" cases were previously jumbled
together. Now, return ENOENT if the agent is not found and EOPNOTSUPP
if it can't validate. The only caller appears to be handling both cases
correctly already, so no changes are needed there.
---
lib/fencing/st_client.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/lib/fencing/st_client.c b/lib/fencing/st_client.c
index 971bbe9a5..192334812 100644
--- a/lib/fencing/st_client.c
+++ b/lib/fencing/st_client.c
@@ -1760,19 +1760,32 @@ stonith_api_validate(stonith_t *st, int call_options, const char *rsc_id,
break;
#endif
+ case st_namespace_invalid:
+ errno = ENOENT;
+ rc = -errno;
+
+ if (error_output) {
+ *error_output = crm_strdup_printf("Agent %s not found", agent);
+ } else {
+ crm_err("Agent %s not found", agent);
+ }
+
+ break;
+
default:
- rc = -EINVAL;
- errno = EINVAL;
+ errno = EOPNOTSUPP;
+ rc = -errno;
if (error_output) {
- *error_output = crm_strdup_printf("Agent %s not found or does not support validation",
+ *error_output = crm_strdup_printf("Agent %s does not support validation",
agent);
} else {
- crm_err("Agent %s not found or does not support validation", agent);
+ crm_err("Agent %s does not support validation", agent);
}
break;
}
+
g_hash_table_destroy(params_table);
return rc;
}
--
2.31.1

4157
SOURCES/010-probe-failures.patch
View File

File diff suppressed because it is too large Load Diff

47
SOURCES/010-regression.patch Normal file
View File

@ -0,0 +1,47 @@
From e5f80059c7f1c0ad3264dc2a2a61e64cded0fe0f Mon Sep 17 00:00:00 2001
From: Hideo Yamauchi <renayama19661014@ybb.ne.jp>
Date: Tue, 12 Jul 2022 14:45:55 +0900
Subject: [PATCH] High: scheduler: Resolves an issue where STONITH devices
cannot be registered.
---
lib/pacemaker/pcmk_sched_allocate.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/lib/pacemaker/pcmk_sched_allocate.c b/lib/pacemaker/pcmk_sched_allocate.c
index 85df6ace8..a7fe9c8d6 100644
--- a/lib/pacemaker/pcmk_sched_allocate.c
+++ b/lib/pacemaker/pcmk_sched_allocate.c
@@ -724,12 +724,18 @@ log_unrunnable_actions(pe_working_set_t *data_set)
static void
unpack_cib(xmlNode *cib, unsigned long long flags, pe_working_set_t *data_set)
{
+ const char* localhost_save = NULL;
+
if (pcmk_is_set(data_set->flags, pe_flag_have_status)) {
crm_trace("Reusing previously calculated cluster status");
pe__set_working_set_flags(data_set, flags);
return;
}
+ if (data_set->localhost) {
+ localhost_save = data_set->localhost;
+ }
+
CRM_ASSERT(cib != NULL);
crm_trace("Calculating cluster status");
@@ -740,6 +746,10 @@ unpack_cib(xmlNode *cib, unsigned long long flags, pe_working_set_t *data_set)
*/
set_working_set_defaults(data_set);
+ if (localhost_save) {
+ data_set->localhost = localhost_save;
+ }
+
pe__set_working_set_flags(data_set, flags);
data_set->input = cib;
cluster_status(data_set); // Sets pe_flag_have_status
--
2.31.1

1450
SOURCES/011-fencing-reasons.patch
View File

File diff suppressed because it is too large Load Diff

178
SOURCES/011-unfencing.patch Normal file
View File

@ -0,0 +1,178 @@
From b1094468ab0f7c6d2f5b457b721f3a852a9cae2c Mon Sep 17 00:00:00 2001
From: Klaus Wenninger <klaus.wenninger@aon.at>
Date: Thu, 14 Jul 2022 13:09:51 +0200
Subject: [PATCH 1/2] Fix: do unfencing equally for cluster-nodes & remotes
Fixes T28
---
lib/pengine/utils.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/lib/pengine/utils.c b/lib/pengine/utils.c
index 0c2eb3c16..83f76cccf 100644
--- a/lib/pengine/utils.c
+++ b/lib/pengine/utils.c
@@ -1201,12 +1201,8 @@ pe_fence_op(pe_node_t * node, const char *op, bool optional, const char *reason,
add_hash_param(stonith_op->meta, XML_LRM_ATTR_TARGET_UUID, node->details->id);
add_hash_param(stonith_op->meta, "stonith_action", op);
- if (pe__is_guest_or_remote_node(node)
- && pcmk_is_set(data_set->flags, pe_flag_enable_unfencing)) {
- /* Extra work to detect device changes on remotes
- *
- * We may do this for all nodes in the future, but for now
- * the pcmk__check_action_config() based stuff works fine.
+ if (pcmk_is_set(data_set->flags, pe_flag_enable_unfencing)) {
+ /* Extra work to detect device changes
*/
long max = 1024;
long digests_all_offset = 0;
--
2.31.1
From f5db6e2c94273623a49f36f1bdb6c39315c53cab Mon Sep 17 00:00:00 2001
From: Klaus Wenninger <klaus.wenninger@aon.at>
Date: Thu, 14 Jul 2022 11:29:05 +0200
Subject: [PATCH 2/2] Test: cts-scheduler: update expected output for changes
in unfencing
---
cts/scheduler/exp/start-then-stop-with-unfence.exp | 2 +-
cts/scheduler/exp/unfence-definition.exp | 6 +++---
cts/scheduler/exp/unfence-device.exp | 6 +++---
cts/scheduler/exp/unfence-parameters.exp | 6 +++---
cts/scheduler/exp/unfence-startup.exp | 4 ++--
5 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/cts/scheduler/exp/start-then-stop-with-unfence.exp b/cts/scheduler/exp/start-then-stop-with-unfence.exp
index b1868586f..69cfb63de 100644
--- a/cts/scheduler/exp/start-then-stop-with-unfence.exp
+++ b/cts/scheduler/exp/start-then-stop-with-unfence.exp
@@ -151,7 +151,7 @@
<synapse id="11">
<action_set>
<crm_event id="5" operation="stonith" operation_key="stonith-rhel7-node1.example.com-on" on_node="rhel7-node1.example.com" on_node_uuid="1">
- <attributes CRM_meta_on_node="rhel7-node1.example.com" CRM_meta_on_node_uuid="1" CRM_meta_probe_complete="true" CRM_meta_shutdown="0" CRM_meta_stonith_action="on" />
+ <attributes CRM_meta_digests_all="mpath-node1:fence_mpath:019ed48e26413030411da3ae8888a649,mpath-node2:fence_mpath:b97ef86afabe0426040d1bef247023ee," CRM_meta_digests_secure="mpath-node1:fence_mpath:21f9562fe6837f7357aab98ba69f71fb,mpath-node2:fence_mpath:563e5d6a67b7dcdb65d2f0325aed9fc1," CRM_meta_on_node="rhel7-node1.example.com" CRM_meta_on_node_uuid="1" CRM_meta_probe_complete="true" CRM_meta_shutdown="0" CRM_meta_stonith_action="on" />
</crm_event>
</action_set>
<inputs/>
diff --git a/cts/scheduler/exp/unfence-definition.exp b/cts/scheduler/exp/unfence-definition.exp
index 840a8d212..6a098ed3c 100644
--- a/cts/scheduler/exp/unfence-definition.exp
+++ b/cts/scheduler/exp/unfence-definition.exp
@@ -373,7 +373,7 @@
<synapse id="22">
<action_set>
<crm_event id="29" operation="stonith" operation_key="stonith-virt-4-reboot" on_node="virt-4" on_node_uuid="4">
- <attributes CRM_meta_on_node="virt-4" CRM_meta_on_node_uuid="4" CRM_meta_stonith_action="reboot" />
+ <attributes CRM_meta_digests_all="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_digests_secure="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_on_node="virt-4" CRM_meta_on_node_uuid="4" CRM_meta_stonith_action="reboot" />
<downed>
<node id="4"/>
</downed>
@@ -384,7 +384,7 @@
<synapse id="23">
<action_set>
<crm_event id="3" operation="stonith" operation_key="stonith-virt-3-on" on_node="virt-3" on_node_uuid="3">
- <attributes CRM_meta_on_node="virt-3" CRM_meta_on_node_uuid="3" CRM_meta_stonith_action="on" />
+ <attributes CRM_meta_digests_all="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_digests_secure="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_on_node="virt-3" CRM_meta_on_node_uuid="3" CRM_meta_stonith_action="on" />
</crm_event>
</action_set>
<inputs/>
@@ -392,7 +392,7 @@
<synapse id="24">
<action_set>
<crm_event id="1" operation="stonith" operation_key="stonith-virt-1-on" on_node="virt-1" on_node_uuid="1">
- <attributes CRM_meta_on_node="virt-1" CRM_meta_on_node_uuid="1" CRM_meta_stonith_action="on" />
+ <attributes CRM_meta_digests_all="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_digests_secure="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_on_node="virt-1" CRM_meta_on_node_uuid="1" CRM_meta_stonith_action="on" />
</crm_event>
</action_set>
<inputs>
diff --git a/cts/scheduler/exp/unfence-device.exp b/cts/scheduler/exp/unfence-device.exp
index a39fc758f..452351d98 100644
--- a/cts/scheduler/exp/unfence-device.exp
+++ b/cts/scheduler/exp/unfence-device.exp
@@ -76,7 +76,7 @@
<synapse id="5">
<action_set>
<crm_event id="6" operation="stonith" operation_key="stonith-virt-013-on" on_node="virt-013" on_node_uuid="3">
- <attributes CRM_meta_on_node="virt-013" CRM_meta_on_node_uuid="3" CRM_meta_shutdown="0" CRM_meta_stonith_action="on" />
+ <attributes CRM_meta_digests_all="fence_scsi:fence_scsi:5950f402238c1e5058a556fe39bb09de," CRM_meta_digests_secure="fence_scsi:fence_scsi:a911b9a554cdc5844d863a91b1ef283a," CRM_meta_on_node="virt-013" CRM_meta_on_node_uuid="3" CRM_meta_shutdown="0" CRM_meta_stonith_action="on" />
</crm_event>
</action_set>
<inputs/>
@@ -84,7 +84,7 @@
<synapse id="6">
<action_set>
<crm_event id="4" operation="stonith" operation_key="stonith-virt-009-on" on_node="virt-009" on_node_uuid="2">
- <attributes CRM_meta_on_node="virt-009" CRM_meta_on_node_uuid="2" CRM_meta_shutdown="0" CRM_meta_stonith_action="on" />
+ <attributes CRM_meta_digests_all="fence_scsi:fence_scsi:5950f402238c1e5058a556fe39bb09de," CRM_meta_digests_secure="fence_scsi:fence_scsi:a911b9a554cdc5844d863a91b1ef283a," CRM_meta_on_node="virt-009" CRM_meta_on_node_uuid="2" CRM_meta_shutdown="0" CRM_meta_stonith_action="on" />
</crm_event>
</action_set>
<inputs/>
@@ -92,7 +92,7 @@
<synapse id="7">
<action_set>
<crm_event id="2" operation="stonith" operation_key="stonith-virt-008-on" on_node="virt-008" on_node_uuid="1">
- <attributes CRM_meta_on_node="virt-008" CRM_meta_on_node_uuid="1" CRM_meta_shutdown="0" CRM_meta_stonith_action="on" />
+ <attributes CRM_meta_digests_all="fence_scsi:fence_scsi:5950f402238c1e5058a556fe39bb09de," CRM_meta_digests_secure="fence_scsi:fence_scsi:a911b9a554cdc5844d863a91b1ef283a," CRM_meta_on_node="virt-008" CRM_meta_on_node_uuid="1" CRM_meta_shutdown="0" CRM_meta_stonith_action="on" />
</crm_event>
</action_set>
<inputs/>
diff --git a/cts/scheduler/exp/unfence-parameters.exp b/cts/scheduler/exp/unfence-parameters.exp
index 3e70cb8e9..268bf008e 100644
--- a/cts/scheduler/exp/unfence-parameters.exp
+++ b/cts/scheduler/exp/unfence-parameters.exp
@@ -357,7 +357,7 @@
<synapse id="21">
<action_set>
<crm_event id="28" operation="stonith" operation_key="stonith-virt-4-reboot" on_node="virt-4" on_node_uuid="4">
- <attributes CRM_meta_on_node="virt-4" CRM_meta_on_node_uuid="4" CRM_meta_stonith_action="reboot" />
+ <attributes CRM_meta_digests_all="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_digests_secure="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_on_node="virt-4" CRM_meta_on_node_uuid="4" CRM_meta_stonith_action="reboot" />
<downed>
<node id="4"/>
</downed>
@@ -368,7 +368,7 @@
<synapse id="22">
<action_set>
<crm_event id="3" operation="stonith" operation_key="stonith-virt-3-on" on_node="virt-3" on_node_uuid="3">
- <attributes CRM_meta_on_node="virt-3" CRM_meta_on_node_uuid="3" CRM_meta_stonith_action="on" />
+ <attributes CRM_meta_digests_all="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_digests_secure="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_on_node="virt-3" CRM_meta_on_node_uuid="3" CRM_meta_stonith_action="on" />
</crm_event>
</action_set>
<inputs/>
@@ -376,7 +376,7 @@
<synapse id="23">
<action_set>
<crm_event id="1" operation="stonith" operation_key="stonith-virt-1-on" on_node="virt-1" on_node_uuid="1">
- <attributes CRM_meta_on_node="virt-1" CRM_meta_on_node_uuid="1" CRM_meta_stonith_action="on" />
+ <attributes CRM_meta_digests_all="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_digests_secure="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_on_node="virt-1" CRM_meta_on_node_uuid="1" CRM_meta_stonith_action="on" />
</crm_event>
</action_set>
<inputs>
diff --git a/cts/scheduler/exp/unfence-startup.exp b/cts/scheduler/exp/unfence-startup.exp
index 6745bff4b..f2d38e80c 100644
--- a/cts/scheduler/exp/unfence-startup.exp
+++ b/cts/scheduler/exp/unfence-startup.exp
@@ -173,7 +173,7 @@
<synapse id="11">
<action_set>
<crm_event id="28" operation="stonith" operation_key="stonith-virt-4-reboot" on_node="virt-4" on_node_uuid="4">
- <attributes CRM_meta_on_node="virt-4" CRM_meta_on_node_uuid="4" CRM_meta_stonith_action="reboot" />
+ <attributes CRM_meta_digests_all="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_digests_secure="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_on_node="virt-4" CRM_meta_on_node_uuid="4" CRM_meta_stonith_action="reboot" />
<downed>
<node id="4"/>
</downed>
@@ -184,7 +184,7 @@
<synapse id="12">
<action_set>
<crm_event id="3" operation="stonith" operation_key="stonith-virt-3-on" on_node="virt-3" on_node_uuid="3">
- <attributes CRM_meta_on_node="virt-3" CRM_meta_on_node_uuid="3" CRM_meta_stonith_action="on" />
+ <attributes CRM_meta_digests_all="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_digests_secure="fencing:fence_scsi:f2317cad3d54cec5d7d7aa7d0bf35cf8," CRM_meta_on_node="virt-3" CRM_meta_on_node_uuid="3" CRM_meta_stonith_action="on" />
</crm_event>
</action_set>
<inputs/>
--
2.31.1

38
SOURCES/012-crm_resource.patch Normal file
View File

@ -0,0 +1,38 @@
From fe9150bc4b740b3748fec34fe668df4f8c0d0e25 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Tue, 9 Aug 2022 15:38:03 -0500
Subject: [PATCH] Fix: tools: correct minimum execution status shown by
crm_resource -O
regression introduced in 2.1.0 by 5ef28b946
Fixes T533
---
lib/pengine/pe_output.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/pengine/pe_output.c b/lib/pengine/pe_output.c
index 5d716fe6cb..dbb49637c9 100644
--- a/lib/pengine/pe_output.c
+++ b/lib/pengine/pe_output.c
@@ -1878,7 +1878,7 @@ node_and_op(pcmk__output_t *out, va_list args) {
time_t last_change = 0;
pcmk__scan_min_int(crm_element_value(xml_op, XML_LRM_ATTR_OPSTATUS),
- &status, 0);
+ &status, PCMK_EXEC_UNKNOWN);
rsc = pe_find_resource(data_set->resources, op_rsc);
@@ -1932,7 +1932,7 @@ node_and_op_xml(pcmk__output_t *out, va_list args) {
xmlNode *node = NULL;
pcmk__scan_min_int(crm_element_value(xml_op, XML_LRM_ATTR_OPSTATUS),
- &status, 0);
+ &status, PCMK_EXEC_UNKNOWN);
node = pcmk__output_create_xml_node(out, "operation",
"op", op_key ? op_key : ID(xml_op),
"node", crm_element_value(xml_op, XML_ATTR_UNAME),
--
2.31.1

65
SOURCES/012-notify-crash.patch
View File

@ -1,65 +0,0 @@
From ed8b2c86ab77aaa3d7fd688c049ad5e1b922a9c6 Mon Sep 17 00:00:00 2001
From: Reid Wahl <nrwahl@protonmail.com>
Date: Thu, 13 Jan 2022 02:56:55 -0800
Subject: [PATCH] Fix: liblrmd: Avoid double-free during notify operation
This commit fixes a regression introduced by 31c7fa8a, causing a
double-free in notify operations. lrmd_dispatch_internal() assigns the
exit_reason string directly from an XML node to a new lrmd_event_data_t
object (without duplicating), and this string gets freed twice.
Free #1: pcmk__create_history_xml() (reached via callback) calls
lrmd__set_result(), which frees event.exit_reason and sets it to NULL.
Free #2: lrmd_ipc_dispatch() frees the XML node, which contains a
pointer to the exit_reason string just freed, after
lrmd_dispatch_internal() returns.
Prior to 31c7fa8a, pcmk__create_history_xml reset event.rc and
event.op_status but **not** event.exit_reason.
In this commit we simply make a copy of event.exit_reason in
lrmd_dispatch_internal() before the callback. This way we don't have to
worry about whatever happens in the callback, and we can continue to
unset the exit_reason alongside the rc and op_status. The added overhead
should be minimal.
This commit also makes a copy of output. That's not strictly necessary
but adds some futureproofing and allows us to call lrmd__reset_result()
at the end of lrmd_dispatch_internal().
Resolves: RHBZ#2039675
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
---
lib/lrmd/lrmd_client.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/lib/lrmd/lrmd_client.c b/lib/lrmd/lrmd_client.c
index ee31bb5ae9..5131a648b7 100644
--- a/lib/lrmd/lrmd_client.c
+++ b/lib/lrmd/lrmd_client.c
@@ -305,9 +305,10 @@ lrmd_dispatch_internal(lrmd_t * lrmd, xmlNode * msg)
event.user_data = crm_element_value(msg, F_LRMD_RSC_USERDATA_STR);
event.type = lrmd_event_exec_complete;
- // No need to duplicate the memory, so don't use setter functions
- event.output = crm_element_value(msg, F_LRMD_RSC_OUTPUT);
- event.exit_reason = crm_element_value(msg, F_LRMD_RSC_EXIT_REASON);
+ /* output and exit_reason may be freed by a callback */
+ event.output = crm_element_value_copy(msg, F_LRMD_RSC_OUTPUT);
+ lrmd__set_result(&event, event.rc, event.op_status,
+ crm_element_value(msg, F_LRMD_RSC_EXIT_REASON));
event.params = xml2list(msg);
} else if (pcmk__str_eq(type, LRMD_OP_NEW_CLIENT, pcmk__str_none)) {
@@ -324,6 +325,7 @@ lrmd_dispatch_internal(lrmd_t * lrmd, xmlNode * msg)
if (event.params) {
g_hash_table_destroy(event.params);
}
+ lrmd__reset_result(&event);
}
// \return Always 0, to indicate that IPC mainloop source should be kept
--
2.27.0

26
SOURCES/013-probe-failures.patch
View File

@ -1,26 +0,0 @@
From 186d5a02fba919c455fd6eeb050b4be107f82159 Mon Sep 17 00:00:00 2001
From: Chris Lumens <clumens@redhat.com>
Date: Thu, 13 Jan 2022 17:02:47 -0500
Subject: [PATCH] Low: scheduler: Use the old RC code to log maskable probe
failures.
---
lib/pengine/unpack.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/pengine/unpack.c b/lib/pengine/unpack.c
index 8a2d2a6d6d..b01f86257a 100644
--- a/lib/pengine/unpack.c
+++ b/lib/pengine/unpack.c
@@ -3780,7 +3780,7 @@ unpack_rsc_op(pe_resource_t *rsc, pe_node_t *node, xmlNode *xml_op,
if (maskable_probe_failure) {
crm_notice("Treating probe result '%s' for %s on %s as 'not running'",
- services_ocf_exitcode_str(rc), rsc->id, node->details->uname);
+ services_ocf_exitcode_str(old_rc), rsc->id, node->details->uname);
update_resource_state(rsc, node, xml_op, task, target_rc, *last_failure,
on_fail, data_set);
crm_xml_add(xml_op, XML_ATTR_UNAME, node->details->uname);
--
2.27.0

43
SOURCES/014-pcmk_delay_base.patch
View File

@ -1,43 +0,0 @@
From 9d812b0401d4cedef53a3cc3653ec782a5c49e37 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Thu, 13 Jan 2022 10:42:02 -0600
Subject: [PATCH] Doc: fencer: improve pcmk_delay_base meta-data
Update its type, since its value can now be a node map as well as a string,
and add more detail to its description.
---
daemons/fenced/pacemaker-fenced.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/daemons/fenced/pacemaker-fenced.c b/daemons/fenced/pacemaker-fenced.c
index 1b954be5a4..12f331496c 100644
--- a/daemons/fenced/pacemaker-fenced.c
+++ b/daemons/fenced/pacemaker-fenced.c
@@ -1548,13 +1548,17 @@ main(int argc, char **argv)
PCMK_STONITH_DELAY_BASE);
printf(" <shortdesc lang=\"en\">Enable a base delay for "
"fencing actions and specify base delay value.</shortdesc>\n");
- printf(" <longdesc lang=\"en\">This prevents double fencing when "
- "different delays are configured on the nodes.\nUse this to "
- "enable a static delay for fencing actions.\nThe overall delay "
- "is derived from a random delay value adding this static delay "
- "so that the sum is kept below the maximum delay.\nSet to eg. "
- "node1:1s;node2:5 to set different value per node.</longdesc>\n");
- printf(" <content type=\"time\" default=\"0s\"/>\n");
+ printf(" <longdesc lang=\"en\">This enables a static delay for "
+ "fencing actions, which can help avoid \"death matches\" where "
+ "two nodes try to fence each other at the same time. If "
+ PCMK_STONITH_DELAY_MAX " is also used, a random delay will be "
+ "added such that the total delay is kept below that value.\n"
+ "This can be set to a single time value to apply to any node "
+ "targeted by this device (useful if a separate device is "
+ "configured for each target), or to a node map (for example, "
+ "\"node1:1s;node2:5\") to set a different value per target.\n"
+ " </longdesc>\n");
+ printf(" <content type=\"string\" default=\"0s\"/>\n");
printf(" </parameter>\n");
printf(" <parameter name=\"%s\" unique=\"0\">\n",
--
2.27.0

1093
SOURCES/015-fencing-reasons.patch
View File

File diff suppressed because it is too large Load Diff

56
SOURCES/016-fencing-crash.patch
View File

@ -1,56 +0,0 @@
From e330568504ec379ea42460d21a2e20b1652d9445 Mon Sep 17 00:00:00 2001
From: Reid Wahl <nrwahl@protonmail.com>
Date: Fri, 14 Jan 2022 01:35:35 -0800
Subject: [PATCH] Fix: fencing: Don't set stonith action to pending if fork
fails
Currently, we set a stonith action to pending if
services_action_async_fork_notify() returns true. However, "true" means
that the svc_action should not be freed. This might be because the
svc_action forked successfully and is pending, or it might be because
the svc_action has already been freed.
In the case of stonith actions, if we fail to fork, the stonith_action_t
object stored in svc_action->cb_data gets freed by the done callback,
and services_action_async_fork_notify() returns true. If we try to set
the action to pending, it causes a segfault.
This commit moves the "set to pending" step to the
stonith_action_async_forked() callback. We avoid the segfault and only
set it to pending if it's actually pending.
A slight difference in ordering was required to achieve this. Now, the
action gets set to pending immediately before being added to the
mainloop, instead of immediately after.
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
---
lib/fencing/st_actions.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/fencing/st_actions.c b/lib/fencing/st_actions.c
index e4e43225cd..306001af69 100644
--- a/lib/fencing/st_actions.c
+++ b/lib/fencing/st_actions.c
@@ -550,6 +550,9 @@ stonith_action_async_forked(svc_action_t *svc_action)
(action->fork_cb) (svc_action->pid, action->userdata);
}
+ pcmk__set_result(&(action->result), PCMK_OCF_UNKNOWN, PCMK_EXEC_PENDING,
+ NULL);
+
crm_trace("Child process %d performing action '%s' successfully forked",
action->pid, action->action);
}
@@ -619,8 +622,6 @@ internal_stonith_action_execute(stonith_action_t * action)
if (services_action_async_fork_notify(svc_action,
&stonith_action_async_done,
&stonith_action_async_forked)) {
- pcmk__set_result(&(action->result), PCMK_OCF_UNKNOWN,
- PCMK_EXEC_PENDING, NULL);
return pcmk_ok;
}
--
2.27.0

875
SOURCES/017-fencing-reasons.patch
View File

@ -1,875 +0,0 @@
From 523f62eb235836a01ea039c23ada261a494f7b32 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Wed, 10 Nov 2021 15:22:47 -0600
Subject: [PATCH 01/11] Feature: libpacemaker: improve result for high-level
fencing API
Previously, pcmk__fencing_action()'s helpers for asynchronous fencing actions
initialized the result to a generic error, and then overrode that only on
success.
Now, set a detailed result for early failures, and use the full result when
available from the fencing API.
A standard return code is still returned to callers at this point.
---
lib/pacemaker/pcmk_fence.c | 31 ++++++++++++++++++-------------
1 file changed, 18 insertions(+), 13 deletions(-)
diff --git a/lib/pacemaker/pcmk_fence.c b/lib/pacemaker/pcmk_fence.c
index 7d6acd0de6..125e1b268b 100644
--- a/lib/pacemaker/pcmk_fence.c
+++ b/lib/pacemaker/pcmk_fence.c
@@ -32,8 +32,8 @@ static struct {
unsigned int timeout;
unsigned int tolerance;
int delay;
- int rc;
-} async_fence_data;
+ pcmk__action_result_t result;
+} async_fence_data = { NULL, };
static int
handle_level(stonith_t *st, char *target, int fence_level,
@@ -76,14 +76,13 @@ handle_level(stonith_t *st, char *target, int fence_level,
static void
notify_callback(stonith_t * st, stonith_event_t * e)
{
- if (e->result != pcmk_ok) {
- return;
- }
+ if (pcmk__str_eq(async_fence_data.target, e->target, pcmk__str_casei)
+ && pcmk__str_eq(async_fence_data.action, e->action, pcmk__str_casei)) {
- if (pcmk__str_eq(async_fence_data.target, e->target, pcmk__str_casei) &&
- pcmk__str_eq(async_fence_data.action, e->action, pcmk__str_casei)) {
-
- async_fence_data.rc = e->result;
+ pcmk__set_result(&async_fence_data.result,
+ stonith__event_exit_status(e),
+ stonith__event_execution_status(e),
+ stonith__event_exit_reason(e));
g_main_loop_quit(mainloop);
}
}
@@ -91,8 +90,9 @@ notify_callback(stonith_t * st, stonith_event_t * e)
static void
fence_callback(stonith_t * stonith, stonith_callback_data_t * data)
{
- async_fence_data.rc = data->rc;
-
+ pcmk__set_result(&async_fence_data.result, stonith__exit_status(data),
+ stonith__execution_status(data),
+ stonith__exit_reason(data));
g_main_loop_quit(mainloop);
}
@@ -106,6 +106,8 @@ async_fence_helper(gpointer user_data)
if (rc != pcmk_ok) {
fprintf(stderr, "Could not connect to fencer: %s\n", pcmk_strerror(rc));
g_main_loop_quit(mainloop);
+ pcmk__set_result(&async_fence_data.result, CRM_EX_ERROR,
+ PCMK_EXEC_NOT_CONNECTED, NULL);
return TRUE;
}
@@ -121,6 +123,8 @@ async_fence_helper(gpointer user_data)
if (call_id < 0) {
g_main_loop_quit(mainloop);
+ pcmk__set_result(&async_fence_data.result, CRM_EX_ERROR,
+ PCMK_EXEC_ERROR, pcmk_strerror(call_id));
return TRUE;
}
@@ -146,7 +150,8 @@ pcmk__fence_action(stonith_t *st, const char *target, const char *action,
async_fence_data.timeout = timeout;
async_fence_data.tolerance = tolerance;
async_fence_data.delay = delay;
- async_fence_data.rc = pcmk_err_generic;
+ pcmk__set_result(&async_fence_data.result, CRM_EX_ERROR, PCMK_EXEC_UNKNOWN,
+ NULL);
trig = mainloop_add_trigger(G_PRIORITY_HIGH, async_fence_helper, NULL);
mainloop_set_trigger(trig);
@@ -156,7 +161,7 @@ pcmk__fence_action(stonith_t *st, const char *target, const char *action,
free(async_fence_data.name);
- return pcmk_legacy2rc(async_fence_data.rc);
+ return stonith__result2rc(&async_fence_data.result);
}
#ifdef BUILD_PUBLIC_LIBPACEMAKER
--
2.27.0
From 008868fae5d1b0d6d8dc61f7acfb3856801ddd52 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Fri, 10 Dec 2021 15:36:10 -0600
Subject: [PATCH 02/11] Refactor: libpacemaker: add exit reason to high-level
fencing API
Nothing uses it as of this commit
---
include/pacemaker.h | 5 ++++-
include/pcmki/pcmki_fence.h | 5 ++++-
lib/pacemaker/pcmk_fence.c | 10 +++++++---
tools/stonith_admin.c | 6 +++---
4 files changed, 18 insertions(+), 8 deletions(-)
diff --git a/include/pacemaker.h b/include/pacemaker.h
index a8523c969e..0daa4c5945 100644
--- a/include/pacemaker.h
+++ b/include/pacemaker.h
@@ -189,12 +189,15 @@ int pcmk_list_nodes(xmlNodePtr *xml, char *node_types);
* again.
* \param[in] delay Apply a fencing delay. Value -1 means disable also any
* static/random fencing delays from pcmk_delay_base/max.
+ * \param[out] reason If not NULL, where to put descriptive failure reason
*
* \return Standard Pacemaker return code
+ * \note If \p reason is not NULL, the caller is responsible for freeing its
+ * returned value.
*/
int pcmk_fence_action(stonith_t *st, const char *target, const char *action,
const char *name, unsigned int timeout, unsigned int tolerance,
- int delay);
+ int delay, char **reason);
/*!
* \brief List the fencing operations that have occurred for a specific node.
diff --git a/include/pcmki/pcmki_fence.h b/include/pcmki/pcmki_fence.h
index d4cef68f5c..c3da0361d7 100644
--- a/include/pcmki/pcmki_fence.h
+++ b/include/pcmki/pcmki_fence.h
@@ -28,12 +28,15 @@
* again.
* \param[in] delay Apply a fencing delay. Value -1 means disable also any
* static/random fencing delays from pcmk_delay_base/max
+ * \param[out] reason If not NULL, where to put descriptive failure reason
*
* \return Standard Pacemaker return code
+ * \note If \p reason is not NULL, the caller is responsible for freeing its
+ * returned value.
*/
int pcmk__fence_action(stonith_t *st, const char *target, const char *action,
const char *name, unsigned int timeout, unsigned int tolerance,
- int delay);
+ int delay, char **reason);
/*!
* \brief List the fencing operations that have occurred for a specific node.
diff --git a/lib/pacemaker/pcmk_fence.c b/lib/pacemaker/pcmk_fence.c
index 125e1b268b..dbf084fb6b 100644
--- a/lib/pacemaker/pcmk_fence.c
+++ b/lib/pacemaker/pcmk_fence.c
@@ -139,7 +139,7 @@ async_fence_helper(gpointer user_data)
int
pcmk__fence_action(stonith_t *st, const char *target, const char *action,
const char *name, unsigned int timeout, unsigned int tolerance,
- int delay)
+ int delay, char **reason)
{
crm_trigger_t *trig;
@@ -161,6 +161,9 @@ pcmk__fence_action(stonith_t *st, const char *target, const char *action,
free(async_fence_data.name);
+ if ((reason != NULL) && (async_fence_data.result.exit_reason != NULL)) {
+ *reason = strdup(async_fence_data.result.exit_reason);
+ }
return stonith__result2rc(&async_fence_data.result);
}
@@ -168,9 +171,10 @@ pcmk__fence_action(stonith_t *st, const char *target, const char *action,
int
pcmk_fence_action(stonith_t *st, const char *target, const char *action,
const char *name, unsigned int timeout, unsigned int tolerance,
- int delay)
+ int delay, char **reason)
{
- return pcmk__fence_action(st, target, action, name, timeout, tolerance, delay);
+ return pcmk__fence_action(st, target, action, name, timeout, tolerance,
+ delay, reason);
}
#endif
diff --git a/tools/stonith_admin.c b/tools/stonith_admin.c
index 2d48326e1b..fdc7c46d49 100644
--- a/tools/stonith_admin.c
+++ b/tools/stonith_admin.c
@@ -571,17 +571,17 @@ main(int argc, char **argv)
case 'B':
rc = pcmk__fence_action(st, target, "reboot", name, options.timeout*1000,
- options.tolerance*1000, options.delay);
+ options.tolerance*1000, options.delay, NULL);
break;
case 'F':
rc = pcmk__fence_action(st, target, "off", name, options.timeout*1000,
- options.tolerance*1000, options.delay);
+ options.tolerance*1000, options.delay, NULL);
break;
case 'U':
rc = pcmk__fence_action(st, target, "on", name, options.timeout*1000,
- options.tolerance*1000, options.delay);
+ options.tolerance*1000, options.delay, NULL);
break;
case 'h':
--
2.27.0
From 7570510f9985ba75ef73fb824f28109e135ace0a Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Fri, 10 Dec 2021 15:40:48 -0600
Subject: [PATCH 03/11] Refactor: libpacemaker: rename high-level fencing API
Rename pcmk_fence_action() to pcmk_request_fencing(), and its internal
equivalent pcmk__fence_action() to pcmk__request_fencing(). The change is
backward-compatible because pcmk_fence_action() has not been exposed publicly
yet.
"Fence action" can be easily confused with libcrmservice actions, liblrmd
actions, libstonithd actions, scheduler actions, and so forth.
Also, the new name makes it clearer that the caller is requesting that the
cluster perform fencing, and not directly performing fencing.
---
include/pacemaker.h | 20 ++++++++++----------
include/pcmki/pcmki_fence.h | 16 ++++++++--------
lib/pacemaker/pcmk_fence.c | 16 ++++++++--------
tools/stonith_admin.c | 18 ++++++++++++------
4 files changed, 38 insertions(+), 32 deletions(-)
diff --git a/include/pacemaker.h b/include/pacemaker.h
index 0daa4c5945..e581f975a9 100644
--- a/include/pacemaker.h
+++ b/include/pacemaker.h
@@ -177,27 +177,27 @@ int pcmk_list_nodes(xmlNodePtr *xml, char *node_types);
#ifdef BUILD_PUBLIC_LIBPACEMAKER
/*!
- * \brief Perform a STONITH action.
+ * \brief Ask the cluster to perform fencing
*
- * \param[in] st A connection to the STONITH API.
- * \param[in] target The node receiving the action.
- * \param[in] action The action to perform.
+ * \param[in] st A connection to the fencer API
+ * \param[in] target The node that should be fenced
+ * \param[in] action The fencing action (on, off, reboot) to perform
* \param[in] name Who requested the fence action?
- * \param[in] timeout How long to wait for the operation to complete (in ms).
+ * \param[in] timeout How long to wait for the operation to complete (in ms)
* \param[in] tolerance If a successful action for \p target happened within
* this many ms, return 0 without performing the action
- * again.
+ * again
* \param[in] delay Apply a fencing delay. Value -1 means disable also any
- * static/random fencing delays from pcmk_delay_base/max.
+ * static/random fencing delays from pcmk_delay_base/max
* \param[out] reason If not NULL, where to put descriptive failure reason
*
* \return Standard Pacemaker return code
* \note If \p reason is not NULL, the caller is responsible for freeing its
* returned value.
*/
-int pcmk_fence_action(stonith_t *st, const char *target, const char *action,
- const char *name, unsigned int timeout, unsigned int tolerance,
- int delay, char **reason);
+int pcmk_request_fencing(stonith_t *st, const char *target, const char *action,
+ const char *name, unsigned int timeout,
+ unsigned int tolerance, int delay, char **reason);
/*!
* \brief List the fencing operations that have occurred for a specific node.
diff --git a/include/pcmki/pcmki_fence.h b/include/pcmki/pcmki_fence.h
index c3da0361d7..e3a7e27264 100644
--- a/include/pcmki/pcmki_fence.h
+++ b/include/pcmki/pcmki_fence.h
@@ -13,14 +13,14 @@
# include <crm/common/output_internal.h>
/*!
- * \brief Perform a STONITH action.
+ * \brief Ask the cluster to perform fencing
*
- * \note This is the internal version of pcmk_fence_action(). External users
+ * \note This is the internal version of pcmk_request_fencing(). External users
* of the pacemaker API should use that function instead.
*
- * \param[in] st A connection to the STONITH API.
- * \param[in] target The node receiving the action.
- * \param[in] action The action to perform.
+ * \param[in] st A connection to the fencer API
+ * \param[in] target The node that should be fenced
+ * \param[in] action The fencing action (on, off, reboot) to perform
* \param[in] name Who requested the fence action?
* \param[in] timeout How long to wait for the operation to complete (in ms).
* \param[in] tolerance If a successful action for \p target happened within
@@ -34,9 +34,9 @@
* \note If \p reason is not NULL, the caller is responsible for freeing its
* returned value.
*/
-int pcmk__fence_action(stonith_t *st, const char *target, const char *action,
- const char *name, unsigned int timeout, unsigned int tolerance,
- int delay, char **reason);
+int pcmk__request_fencing(stonith_t *st, const char *target, const char *action,
+ const char *name, unsigned int timeout,
+ unsigned int tolerance, int delay, char **reason);
/*!
* \brief List the fencing operations that have occurred for a specific node.
diff --git a/lib/pacemaker/pcmk_fence.c b/lib/pacemaker/pcmk_fence.c
index dbf084fb6b..1b7feb54b2 100644
--- a/lib/pacemaker/pcmk_fence.c
+++ b/lib/pacemaker/pcmk_fence.c
@@ -137,9 +137,9 @@ async_fence_helper(gpointer user_data)
}
int
-pcmk__fence_action(stonith_t *st, const char *target, const char *action,
- const char *name, unsigned int timeout, unsigned int tolerance,
- int delay, char **reason)
+pcmk__request_fencing(stonith_t *st, const char *target, const char *action,
+ const char *name, unsigned int timeout,
+ unsigned int tolerance, int delay, char **reason)
{
crm_trigger_t *trig;
@@ -169,12 +169,12 @@ pcmk__fence_action(stonith_t *st, const char *target, const char *action,
#ifdef BUILD_PUBLIC_LIBPACEMAKER
int
-pcmk_fence_action(stonith_t *st, const char *target, const char *action,
- const char *name, unsigned int timeout, unsigned int tolerance,
- int delay, char **reason)
+pcmk_request_fencing(stonith_t *st, const char *target, const char *action,
+ const char *name, unsigned int timeout,
+ unsigned int tolerance, int delay, char **reason)
{
- return pcmk__fence_action(st, target, action, name, timeout, tolerance,
- delay, reason);
+ return pcmk__request_fencing(st, target, action, name, timeout, tolerance,
+ delay, reason);
}
#endif
diff --git a/tools/stonith_admin.c b/tools/stonith_admin.c
index fdc7c46d49..56948b3875 100644
--- a/tools/stonith_admin.c
+++ b/tools/stonith_admin.c
@@ -570,18 +570,24 @@ main(int argc, char **argv)
break;
case 'B':
- rc = pcmk__fence_action(st, target, "reboot", name, options.timeout*1000,
- options.tolerance*1000, options.delay, NULL);
+ rc = pcmk__request_fencing(st, target, "reboot", name,
+ options.timeout * 1000,
+ options.tolerance * 1000,
+ options.delay, NULL);
break;
case 'F':
- rc = pcmk__fence_action(st, target, "off", name, options.timeout*1000,
- options.tolerance*1000, options.delay, NULL);
+ rc = pcmk__request_fencing(st, target, "off", name,
+ options.timeout * 1000,
+ options.tolerance * 1000,
+ options.delay, NULL);
break;
case 'U':
- rc = pcmk__fence_action(st, target, "on", name, options.timeout*1000,
- options.tolerance*1000, options.delay, NULL);
+ rc = pcmk__request_fencing(st, target, "on", name,
+ options.timeout * 1000,
+ options.tolerance * 1000,
+ options.delay, NULL);
break;
case 'h':
--
2.27.0
From 247eb303df934944c0b72b162bb661cee6e0ed8b Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Fri, 10 Dec 2021 15:52:37 -0600
Subject: [PATCH 04/11] Refactor: tools: drop unnecessary string duplication in
stonith_admin
---
tools/stonith_admin.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/tools/stonith_admin.c b/tools/stonith_admin.c
index 56948b3875..c11e302e76 100644
--- a/tools/stonith_admin.c
+++ b/tools/stonith_admin.c
@@ -360,8 +360,6 @@ main(int argc, char **argv)
pcmk__cli_init_logging("stonith_admin", args->verbosity);
- name = strdup(crm_system_name);
-
rc = pcmk__output_new(&out, args->output_ty, args->output_dest, argv);
if (rc != pcmk_rc_ok) {
exit_code = CRM_EX_ERROR;
@@ -496,7 +494,7 @@ main(int argc, char **argv)
if (st == NULL) {
rc = -ENOMEM;
} else if (!no_connect) {
- rc = st->cmds->connect(st, name, NULL);
+ rc = st->cmds->connect(st, crm_system_name, NULL);
}
if (rc < 0) {
out->err(out, "Could not connect to fencer: %s", pcmk_strerror(rc));
@@ -570,21 +568,21 @@ main(int argc, char **argv)
break;
case 'B':
- rc = pcmk__request_fencing(st, target, "reboot", name,
+ rc = pcmk__request_fencing(st, target, "reboot", crm_system_name,
options.timeout * 1000,
options.tolerance * 1000,
options.delay, NULL);
break;
case 'F':
- rc = pcmk__request_fencing(st, target, "off", name,
+ rc = pcmk__request_fencing(st, target, "off", crm_system_name,
options.timeout * 1000,
options.tolerance * 1000,
options.delay, NULL);
break;
case 'U':
- rc = pcmk__request_fencing(st, target, "on", name,
+ rc = pcmk__request_fencing(st, target, "on", crm_system_name,
options.timeout * 1000,
options.tolerance * 1000,
options.delay, NULL);
@@ -619,7 +617,6 @@ main(int argc, char **argv)
out->finish(out, exit_code, true, NULL);
pcmk__output_free(out);
}
- free(name);
stonith_key_value_freeall(options.params, 1, 1);
if (st != NULL) {
--
2.27.0
From a7888bf6868d8d9d9c77f65ae9983cf748bb0548 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Fri, 10 Dec 2021 15:56:34 -0600
Subject: [PATCH 05/11] Refactor: tools: functionize requesting fencing in
stonith_admin
... to reduce code duplication and improve readability
---
tools/stonith_admin.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/tools/stonith_admin.c b/tools/stonith_admin.c
index c11e302e76..f738a9c888 100644
--- a/tools/stonith_admin.c
+++ b/tools/stonith_admin.c
@@ -331,6 +331,18 @@ build_arg_context(pcmk__common_args_t *args, GOptionGroup **group) {
return context;
}
+// \return Standard Pacemaker return code
+static int
+request_fencing(stonith_t *st, const char *target, const char *command)
+{
+ int rc = pcmk__request_fencing(st, target, command, crm_system_name,
+ options.timeout * 1000,
+ options.tolerance * 1000,
+ options.delay, NULL);
+
+ return rc;
+}
+
int
main(int argc, char **argv)
{
@@ -568,24 +580,15 @@ main(int argc, char **argv)
break;
case 'B':
- rc = pcmk__request_fencing(st, target, "reboot", crm_system_name,
- options.timeout * 1000,
- options.tolerance * 1000,
- options.delay, NULL);
+ rc = request_fencing(st, target, "reboot");
break;
case 'F':
- rc = pcmk__request_fencing(st, target, "off", crm_system_name,
- options.timeout * 1000,
- options.tolerance * 1000,
- options.delay, NULL);
+ rc = request_fencing(st, target, "off");
break;
case 'U':
- rc = pcmk__request_fencing(st, target, "on", crm_system_name,
- options.timeout * 1000,
- options.tolerance * 1000,
- options.delay, NULL);
+ rc = request_fencing(st, target, "on");
break;
case 'h':
--
2.27.0
From 2da32df780983ec1197e857eed5eeb5bf1101889 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Fri, 10 Dec 2021 16:05:19 -0600
Subject: [PATCH 06/11] Feature: tools: display failure reasons for
stonith_admin fencing commands
Previously, stonith_admin's --fence/--unfence/--reboot options did not output
any error message on failure. Now, they do, including the exit reason, if
available.
---
tools/stonith_admin.c | 30 +++++++++++++++++++++++++-----
1 file changed, 25 insertions(+), 5 deletions(-)
diff --git a/tools/stonith_admin.c b/tools/stonith_admin.c
index f738a9c888..5590faf11e 100644
--- a/tools/stonith_admin.c
+++ b/tools/stonith_admin.c
@@ -333,13 +333,33 @@ build_arg_context(pcmk__common_args_t *args, GOptionGroup **group) {
// \return Standard Pacemaker return code
static int
-request_fencing(stonith_t *st, const char *target, const char *command)
+request_fencing(stonith_t *st, const char *target, const char *command,
+ GError **error)
{
+ char *reason = NULL;
int rc = pcmk__request_fencing(st, target, command, crm_system_name,
options.timeout * 1000,
options.tolerance * 1000,
- options.delay, NULL);
+ options.delay, &reason);
+ if (rc != pcmk_rc_ok) {
+ const char *rc_str = pcmk_rc_str(rc);
+
+ // If reason is identical to return code string, don't display it twice
+ if (pcmk__str_eq(rc_str, reason, pcmk__str_none)) {
+ free(reason);
+ reason = NULL;
+ }
+
+ g_set_error(error, PCMK__RC_ERROR, rc,
+ "Couldn't %sfence %s: %s%s%s%s",
+ ((strcmp(command, "on") == 0)? "un" : ""),
+ target, pcmk_rc_str(rc),
+ ((reason == NULL)? "" : " ("),
+ ((reason == NULL)? "" : reason),
+ ((reason == NULL)? "" : ")"));
+ }
+ free(reason);
return rc;
}
@@ -580,15 +600,15 @@ main(int argc, char **argv)
break;
case 'B':
- rc = request_fencing(st, target, "reboot");
+ rc = request_fencing(st, target, "reboot", &error);
break;
case 'F':
- rc = request_fencing(st, target, "off");
+ rc = request_fencing(st, target, "off", &error);
break;
case 'U':
- rc = request_fencing(st, target, "on");
+ rc = request_fencing(st, target, "on", &error);
break;
case 'h':
--
2.27.0
From 2d99eba4c326d3b13dbbe446971ea5febd5d05be Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Fri, 10 Dec 2021 16:08:49 -0600
Subject: [PATCH 07/11] Feature: libpacemaker: return exit reason for fencer
connection failures
... instead of outputting to stderr directly, so that the caller (i.e.
stonith_admin) can output the error in the correct output format.
---
lib/pacemaker/pcmk_fence.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/pacemaker/pcmk_fence.c b/lib/pacemaker/pcmk_fence.c
index 1b7feb54b2..d17b07cda2 100644
--- a/lib/pacemaker/pcmk_fence.c
+++ b/lib/pacemaker/pcmk_fence.c
@@ -104,10 +104,9 @@ async_fence_helper(gpointer user_data)
int rc = stonith_api_connect_retry(st, async_fence_data.name, 10);
if (rc != pcmk_ok) {
- fprintf(stderr, "Could not connect to fencer: %s\n", pcmk_strerror(rc));
g_main_loop_quit(mainloop);
pcmk__set_result(&async_fence_data.result, CRM_EX_ERROR,
- PCMK_EXEC_NOT_CONNECTED, NULL);
+ PCMK_EXEC_NOT_CONNECTED, pcmk_strerror(rc));
return TRUE;
}
--
2.27.0
From 4480ef0602f47450bdddfbde360a6a8327710927 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Mon, 17 Jan 2022 09:39:39 -0600
Subject: [PATCH 08/11] Low: libpacemaker: compare fence action names
case-sensitively
---
lib/pacemaker/pcmk_fence.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/pacemaker/pcmk_fence.c b/lib/pacemaker/pcmk_fence.c
index d17b07cda2..2a8f50a555 100644
--- a/lib/pacemaker/pcmk_fence.c
+++ b/lib/pacemaker/pcmk_fence.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2009-2021 the Pacemaker project contributors
+ * Copyright 2009-2022 the Pacemaker project contributors
*
* The version control history for this file may have further details.
*
@@ -77,7 +77,7 @@ static void
notify_callback(stonith_t * st, stonith_event_t * e)
{
if (pcmk__str_eq(async_fence_data.target, e->target, pcmk__str_casei)
- && pcmk__str_eq(async_fence_data.action, e->action, pcmk__str_casei)) {
+ && pcmk__str_eq(async_fence_data.action, e->action, pcmk__str_none)) {
pcmk__set_result(&async_fence_data.result,
stonith__event_exit_status(e),
@@ -549,7 +549,7 @@ pcmk__reduce_fence_history(stonith_history_t *history)
if ((hp->state == st_done) || (hp->state == st_failed)) {
/* action not in progress */
if (pcmk__str_eq(hp->target, np->target, pcmk__str_casei) &&
- pcmk__str_eq(hp->action, np->action, pcmk__str_casei) &&
+ pcmk__str_eq(hp->action, np->action, pcmk__str_none) &&
(hp->state == np->state) &&
((hp->state == st_done) ||
pcmk__str_eq(hp->delegate, np->delegate, pcmk__str_casei))) {
--
2.27.0
From fe4c65a3b9e715c2b535709f989f2369d3637b78 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Mon, 17 Jan 2022 09:45:24 -0600
Subject: [PATCH 09/11] Refactor: libpacemaker: avoid unnecessary string
duplication
... and don't leave any dynamic memory hanging around
---
lib/pacemaker/pcmk_fence.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/lib/pacemaker/pcmk_fence.c b/lib/pacemaker/pcmk_fence.c
index 2a8f50a555..260fa5ab8e 100644
--- a/lib/pacemaker/pcmk_fence.c
+++ b/lib/pacemaker/pcmk_fence.c
@@ -141,6 +141,7 @@ pcmk__request_fencing(stonith_t *st, const char *target, const char *action,
unsigned int tolerance, int delay, char **reason)
{
crm_trigger_t *trig;
+ int rc = pcmk_rc_ok;
async_fence_data.st = st;
async_fence_data.name = strdup(name);
@@ -160,10 +161,14 @@ pcmk__request_fencing(stonith_t *st, const char *target, const char *action,
free(async_fence_data.name);
- if ((reason != NULL) && (async_fence_data.result.exit_reason != NULL)) {
- *reason = strdup(async_fence_data.result.exit_reason);
+ if (reason != NULL) {
+ // Give the caller ownership of the exit reason
+ *reason = async_fence_data.result.exit_reason;
+ async_fence_data.result.exit_reason = NULL;
}
- return stonith__result2rc(&async_fence_data.result);
+ rc = stonith__result2rc(&async_fence_data.result);
+ pcmk__reset_result(&async_fence_data.result);
+ return rc;
}
#ifdef BUILD_PUBLIC_LIBPACEMAKER
--
2.27.0
From 7b7af07796f05a1adabdac655582be2e17106f81 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Mon, 17 Jan 2022 10:07:10 -0600
Subject: [PATCH 10/11] Doc: libpacemaker: improve pcmk__request_fencing()
doxygen block
---
include/pacemaker.h | 6 ++++--
include/pcmki/pcmki_fence.h | 15 +++++++++------
2 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/include/pacemaker.h b/include/pacemaker.h
index e581f975a9..266a844892 100644
--- a/include/pacemaker.h
+++ b/include/pacemaker.h
@@ -187,8 +187,10 @@ int pcmk_list_nodes(xmlNodePtr *xml, char *node_types);
* \param[in] tolerance If a successful action for \p target happened within
* this many ms, return 0 without performing the action
* again
- * \param[in] delay Apply a fencing delay. Value -1 means disable also any
- * static/random fencing delays from pcmk_delay_base/max
+ * \param[in] delay Apply this delay (in milliseconds) before initiating the
+ * fencing action (a value of -1 applies no delay and also
+ * disables any fencing delay from pcmk_delay_base and
+ * pcmk_delay_max)
* \param[out] reason If not NULL, where to put descriptive failure reason
*
* \return Standard Pacemaker return code
diff --git a/include/pcmki/pcmki_fence.h b/include/pcmki/pcmki_fence.h
index e3a7e27264..4a2fe3c481 100644
--- a/include/pcmki/pcmki_fence.h
+++ b/include/pcmki/pcmki_fence.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2021 the Pacemaker project contributors
+ * Copyright 2019-2022 the Pacemaker project contributors
*
* The version control history for this file may have further details.
*
@@ -22,17 +22,20 @@
* \param[in] target The node that should be fenced
* \param[in] action The fencing action (on, off, reboot) to perform
* \param[in] name Who requested the fence action?
- * \param[in] timeout How long to wait for the operation to complete (in ms).
+ * \param[in] timeout How long to wait for the operation to complete (in ms)
* \param[in] tolerance If a successful action for \p target happened within
- * this many ms, return 0 without performing the action
- * again.
- * \param[in] delay Apply a fencing delay. Value -1 means disable also any
- * static/random fencing delays from pcmk_delay_base/max
+ * this many milliseconds, return success without
+ * performing the action again
+ * \param[in] delay Apply this delay (in milliseconds) before initiating the
+ * fencing action (a value of -1 applies no delay and also
+ * disables any fencing delay from pcmk_delay_base and
+ * pcmk_delay_max)
* \param[out] reason If not NULL, where to put descriptive failure reason
*
* \return Standard Pacemaker return code
* \note If \p reason is not NULL, the caller is responsible for freeing its
* returned value.
+ * \todo delay is eventually used with g_timeout_add() and should be guint
*/
int pcmk__request_fencing(stonith_t *st, const char *target, const char *action,
const char *name, unsigned int timeout,
--
2.27.0
From 61fb7271712e1246eb6d9472dc1afc7cd10e0a79 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Mon, 17 Jan 2022 10:18:02 -0600
Subject: [PATCH 11/11] Fix: tools: get stonith_admin -T option working again
Regression introduced in 2.0.3 by 3910b6fec
This reverts commit 247eb303df934944c0b72b162bb661cee6e0ed8b
("Refactor: tools: drop unnecessary string duplication in stonith_admin")
and fixes a regression introduced when stonith_admin was converted to use
GOption.
The -T option is intended to override the client name passed to the fencer API,
but the client name was set to the default (crm_system_name) after option
processing had already been done, so any value for -T was overwritten by the
default, and its memory was leaked.
This commit sets the default only if -T was not used.
---
tools/stonith_admin.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/tools/stonith_admin.c b/tools/stonith_admin.c
index 5590faf11e..54774b6fee 100644
--- a/tools/stonith_admin.c
+++ b/tools/stonith_admin.c
@@ -337,10 +337,10 @@ request_fencing(stonith_t *st, const char *target, const char *command,
GError **error)
{
char *reason = NULL;
- int rc = pcmk__request_fencing(st, target, command, crm_system_name,
- options.timeout * 1000,
- options.tolerance * 1000,
- options.delay, &reason);
+ int rc = pcmk__request_fencing(st, target, command, name,
+ options.timeout * 1000,
+ options.tolerance * 1000,
+ options.delay, &reason);
if (rc != pcmk_rc_ok) {
const char *rc_str = pcmk_rc_str(rc);
@@ -392,6 +392,10 @@ main(int argc, char **argv)
pcmk__cli_init_logging("stonith_admin", args->verbosity);
+ if (name == NULL) {
+ name = strdup(crm_system_name);
+ }
+
rc = pcmk__output_new(&out, args->output_ty, args->output_dest, argv);
if (rc != pcmk_rc_ok) {
exit_code = CRM_EX_ERROR;
@@ -526,7 +530,7 @@ main(int argc, char **argv)
if (st == NULL) {
rc = -ENOMEM;
} else if (!no_connect) {
- rc = st->cmds->connect(st, crm_system_name, NULL);
+ rc = st->cmds->connect(st, name, NULL);
}
if (rc < 0) {
out->err(out, "Could not connect to fencer: %s", pcmk_strerror(rc));
@@ -640,6 +644,7 @@ main(int argc, char **argv)
out->finish(out, exit_code, true, NULL);
pcmk__output_free(out);
}
+ free(name);
stonith_key_value_freeall(options.params, 1, 1);
if (st != NULL) {
--
2.27.0

796
SOURCES/018-failure-messages.patch
View File

@ -1,796 +0,0 @@
From 08c3420f2c857e7b27cd960f355d787af534da7d Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Tue, 18 Jan 2022 16:04:49 -0600
Subject: [PATCH 01/12] Log: libcrmcommon: improve description for "not
connected" status
PCMK_EXEC_NOT_CONNECTED was originally added to represent "No executor
connection", but it can also now mean no fencer connection, so change it to
"Internal communication failure" which is probably less mysterious to end users
anyway (especially since it should be accompanied by a more descriptive exit
reason).
---
include/crm/common/results.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/crm/common/results.h b/include/crm/common/results.h
index 873faf5c43..3d322a7ce6 100644
--- a/include/crm/common/results.h
+++ b/include/crm/common/results.h
@@ -349,7 +349,7 @@ pcmk_exec_status_str(enum pcmk_exec_status status)
case PCMK_EXEC_ERROR_HARD: return "Hard error";
case PCMK_EXEC_ERROR_FATAL: return "Fatal error";
case PCMK_EXEC_NOT_INSTALLED: return "Not installed";
- case PCMK_EXEC_NOT_CONNECTED: return "No executor connection";
+ case PCMK_EXEC_NOT_CONNECTED: return "Internal communication failure";
case PCMK_EXEC_INVALID: return "Cannot execute now";
case PCMK_EXEC_NO_FENCE_DEVICE: return "No fence device";
case PCMK_EXEC_NO_SECRETS: return "CIB secrets unavailable";
--
2.27.0
From 7c345cf8cf0cb054f5634206880df035bfef7311 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Mon, 20 Dec 2021 15:12:36 -0600
Subject: [PATCH 02/12] Refactor: libcrmcommon: drop unnecessary system error
redefinitions
portability.h defines some system error codes that might not be present on
non-Linux systems.
This was a bad idea, since there's no way to ensure the defined values don't
conflict with existing system codes. However, we use a number of them, so it's
probably best to keep them, at least until we can make a backward compatibility
break.
However, we don't use EUNATCH, ENOSR, or ENOSTR, so we can delete those.
---
include/portability.h | 12 ------------
lib/common/results.c | 9 ++++++---
2 files changed, 6 insertions(+), 15 deletions(-)
diff --git a/include/portability.h b/include/portability.h
index 9a60c583a7..ee065a376d 100644
--- a/include/portability.h
+++ b/include/portability.h
@@ -131,10 +131,6 @@ typedef union
# define EREMOTEIO 193
# endif
-# ifndef EUNATCH
-# define EUNATCH 194
-# endif
-
# ifndef ENOKEY
# define ENOKEY 195
# endif
@@ -147,14 +143,6 @@ typedef union
# define ETIME 197
# endif
-# ifndef ENOSR
-# define ENOSR 198
-# endif
-
-# ifndef ENOSTR
-# define ENOSTR 199
-# endif
-
# ifndef EKEYREJECTED
# define EKEYREJECTED 200
# endif
diff --git a/lib/common/results.c b/lib/common/results.c
index 6d120694cd..96cd4e5659 100644
--- a/lib/common/results.c
+++ b/lib/common/results.c
@@ -118,9 +118,6 @@ pcmk_strerror(int rc)
case EREMOTEIO:
return "Remote I/O error";
/* coverity[dead_error_condition] False positive on non-Linux */
- case EUNATCH:
- return "Protocol driver not attached";
- /* coverity[dead_error_condition] False positive on non-Linux */
case ENOKEY:
return "Required key not available";
}
@@ -342,8 +339,12 @@ pcmk_rc_name(int rc)
case ENOMSG: return "ENOMSG";
case ENOPROTOOPT: return "ENOPROTOOPT";
case ENOSPC: return "ENOSPC";
+#ifdef ENOSR
case ENOSR: return "ENOSR";
+#endif
+#ifdef ENOSTR
case ENOSTR: return "ENOSTR";
+#endif
case ENOSYS: return "ENOSYS";
case ENOTBLK: return "ENOTBLK";
case ENOTCONN: return "ENOTCONN";
@@ -376,7 +377,9 @@ pcmk_rc_name(int rc)
case ETIME: return "ETIME";
case ETIMEDOUT: return "ETIMEDOUT";
case ETXTBSY: return "ETXTBSY";
+#ifdef EUNATCH
case EUNATCH: return "EUNATCH";
+#endif
case EUSERS: return "EUSERS";
/* case EWOULDBLOCK: return "EWOULDBLOCK"; */
case EXDEV: return "EXDEV";
--
2.27.0
From eac8d1ca51eac3f437e18584f7e013d976ecee2c Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Mon, 20 Dec 2021 15:33:12 -0600
Subject: [PATCH 03/12] Log: libcrmcommon: improve handling of portability.h
error codes
portability.h defines some system error codes that might not be present on
non-Linux systems.
Define a constant for each one (for example, PCMK__ECOMM for ECOMM) when
the system doesn't have the value, so we can detect that when relevant.
Also, make sure pcmk_rc_name() and pcmk_rc_str() handle all of these values.
---
include/portability.h | 8 ++++++++
lib/common/results.c | 32 ++++++++++++++++++++++++++++++--
2 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/include/portability.h b/include/portability.h
index ee065a376d..5d5fbf21cb 100644
--- a/include/portability.h
+++ b/include/portability.h
@@ -116,34 +116,42 @@ typedef union
# include <errno.h>
# ifndef ENOTUNIQ
+# define PCMK__ENOTUNIQ
# define ENOTUNIQ 190
# endif
# ifndef ECOMM
+# define PCMK__ECOMM
# define ECOMM 191
# endif
# ifndef ELIBACC
+# define PCMK__ELIBACC
# define ELIBACC 192
# endif
# ifndef EREMOTEIO
+# define PCMK__EREMOTIO
# define EREMOTEIO 193
# endif
# ifndef ENOKEY
+# define PCMK__ENOKEY
# define ENOKEY 195
# endif
# ifndef ENODATA
+# define PCMK__ENODATA
# define ENODATA 196
# endif
# ifndef ETIME
+# define PCMK__ETIME
# define ETIME 197
# endif
# ifndef EKEYREJECTED
+# define PCMK__EKEYREJECTED
# define EKEYREJECTED 200
# endif
diff --git a/lib/common/results.c b/lib/common/results.c
index 96cd4e5659..bcf289d0d6 100644
--- a/lib/common/results.c
+++ b/lib/common/results.c
@@ -395,9 +395,9 @@ pcmk_rc_name(int rc)
#ifdef EISNAM // Not available on OS X, Illumos, Solaris
case EISNAM: return "EISNAM";
case EKEYEXPIRED: return "EKEYEXPIRED";
- case EKEYREJECTED: return "EKEYREJECTED";
case EKEYREVOKED: return "EKEYREVOKED";
#endif
+ case EKEYREJECTED: return "EKEYREJECTED";
case EL2HLT: return "EL2HLT";
case EL2NSYNC: return "EL2NSYNC";
case EL3HLT: return "EL3HLT";
@@ -443,7 +443,35 @@ pcmk_rc_str(int rc)
if (rc < 0) {
return "Unknown error";
}
- return strerror(rc);
+
+ // Handle values that could be defined by system or by portability.h
+ switch (rc) {
+#ifdef PCMK__ENOTUNIQ
+ case ENOTUNIQ: return "Name not unique on network";
+#endif
+#ifdef PCMK__ECOMM
+ case ECOMM: return "Communication error on send";
+#endif
+#ifdef PCMK__ELIBACC
+ case ELIBACC: return "Can not access a needed shared library";
+#endif
+#ifdef PCMK__EREMOTEIO
+ case EREMOTEIO: return "Remote I/O error";
+#endif
+#ifdef PCMK__ENOKEY
+ case ENOKEY: return "Required key not available";
+#endif
+#ifdef PCMK__ENODATA
+ case ENODATA: return "No data available";
+#endif
+#ifdef PCMK__ETIME
+ case ETIME: return "Timer expired";
+#endif
+#ifdef PCMK__EKEYREJECTED
+ case EKEYREJECTED: return "Key was rejected by service";
+#endif
+ default: return strerror(rc);
+ }
}
// This returns negative values for errors
--
2.27.0
From 32a38ac6374f85c43e7f4051f5e519822cc481e6 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Mon, 20 Dec 2021 15:39:19 -0600
Subject: [PATCH 04/12] Log: libcrmcommon: redefine pcmk_strerror() in terms of
pcmk_rc_str()
... to reduce code duplication. This causes minor differences in the string for
a few values.
---
lib/common/results.c | 67 +-------------------------------------------
1 file changed, 1 insertion(+), 66 deletions(-)
diff --git a/lib/common/results.c b/lib/common/results.c
index bcf289d0d6..b2c6e8d553 100644
--- a/lib/common/results.c
+++ b/lib/common/results.c
@@ -57,72 +57,7 @@ pcmk_errorname(int rc)
const char *
pcmk_strerror(int rc)
{
- if (rc == 0) {
- return "OK";
- }
-
- rc = abs(rc);
-
- // Of course rc > 0 ... unless someone passed INT_MIN as rc
- if ((rc > 0) && (rc < PCMK_ERROR_OFFSET)) {
- return strerror(rc);
- }
-
- switch (rc) {
- case pcmk_err_generic:
- return "Generic Pacemaker error";
- case pcmk_err_no_quorum:
- return "Operation requires quorum";
- case pcmk_err_schema_validation:
- return "Update does not conform to the configured schema";
- case pcmk_err_transform_failed:
- return "Schema transform failed";
- case pcmk_err_old_data:
- return "Update was older than existing configuration";
- case pcmk_err_diff_failed:
- return "Application of an update diff failed";
- case pcmk_err_diff_resync:
- return "Application of an update diff failed, requesting a full refresh";
- case pcmk_err_cib_modified:
- return "The on-disk configuration was manually modified";
- case pcmk_err_cib_backup:
- return "Could not archive the previous configuration";
- case pcmk_err_cib_save:
- return "Could not save the new configuration to disk";
- case pcmk_err_cib_corrupt:
- return "Could not parse on-disk configuration";
- case pcmk_err_multiple:
- return "Resource active on multiple nodes";
- case pcmk_err_node_unknown:
- return "Node not found";
- case pcmk_err_already:
- return "Situation already as requested";
- case pcmk_err_bad_nvpair:
- return "Bad name/value pair given";
- case pcmk_err_schema_unchanged:
- return "Schema is already the latest available";
- case pcmk_err_unknown_format:
- return "Unknown output format";
-
- /* The following cases will only be hit on systems for which they are non-standard */
- /* coverity[dead_error_condition] False positive on non-Linux */
- case ENOTUNIQ:
- return "Name not unique on network";
- /* coverity[dead_error_condition] False positive on non-Linux */
- case ECOMM:
- return "Communication error on send";
- /* coverity[dead_error_condition] False positive on non-Linux */
- case ELIBACC:
- return "Can not access a needed shared library";
- /* coverity[dead_error_condition] False positive on non-Linux */
- case EREMOTEIO:
- return "Remote I/O error";
- /* coverity[dead_error_condition] False positive on non-Linux */
- case ENOKEY:
- return "Required key not available";
- }
- crm_err("Unknown error code: %d", rc);
- return "Unknown error";
+ return pcmk_rc_str(pcmk_legacy2rc(rc));
}
// Standard Pacemaker API return codes
--
2.27.0
From 7c331d7e2275ffebbfd5e2f6432a6137a66ee5db Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Mon, 20 Dec 2021 15:41:24 -0600
Subject: [PATCH 05/12] Log: libcrmcommon: don't say "Unknown error"
... which is unhelpful and annoying to users
---
lib/common/results.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/common/results.c b/lib/common/results.c
index b2c6e8d553..5ffac76549 100644
--- a/lib/common/results.c
+++ b/lib/common/results.c
@@ -376,7 +376,7 @@ pcmk_rc_str(int rc)
return pcmk__rcs[pcmk_rc_error - rc].desc;
}
if (rc < 0) {
- return "Unknown error";
+ return "Error";
}
// Handle values that could be defined by system or by portability.h
@@ -768,7 +768,7 @@ bz2_strerror(int rc)
case BZ_OUTBUFF_FULL:
return "output data will not fit into the buffer provided";
}
- return "Unknown error";
+ return "Data compression error";
}
crm_exit_t
--
2.27.0
From 26883b4edda7d81bfcb79bd7b33bb3210beff110 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Mon, 20 Dec 2021 16:01:39 -0600
Subject: [PATCH 06/12] Log: fencing: don't warn if cluster has no watchdog
device
---
lib/fencing/st_client.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/fencing/st_client.c b/lib/fencing/st_client.c
index b1de912b2a..a0f3119f3b 100644
--- a/lib/fencing/st_client.c
+++ b/lib/fencing/st_client.c
@@ -187,7 +187,12 @@ stonith__watchdog_fencing_enabled_for_node_api(stonith_t *st, const char *node)
* we drop in here - so as not to make remote nodes
* panic on that answer
*/
- crm_warn("watchdog-fencing-query failed");
+ if (rc == -ENODEV) {
+ crm_notice("Cluster does not have watchdog fencing device");
+ } else {
+ crm_warn("Could not check for watchdog fencing device: %s",
+ pcmk_strerror(rc));
+ }
} else if (list[0] == '\0') {
rv = TRUE;
} else {
--
2.27.0
From 72b3c42232deaca64ffba9582598c59331203761 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Mon, 20 Dec 2021 16:22:49 -0600
Subject: [PATCH 07/12] Test: libcrmcommon: update pcmk_rc_str() unit test for
recent change
---
lib/common/tests/results/pcmk__results_test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/common/tests/results/pcmk__results_test.c b/lib/common/tests/results/pcmk__results_test.c
index 57a520c501..e08d4b6261 100644
--- a/lib/common/tests/results/pcmk__results_test.c
+++ b/lib/common/tests/results/pcmk__results_test.c
@@ -30,7 +30,7 @@ static void
test_for_pcmk_rc_str(void **state) {
assert_string_equal(pcmk_rc_str(pcmk_rc_error-1), "Unknown output format");
assert_string_equal(pcmk_rc_str(pcmk_rc_ok), "OK");
- assert_string_equal(pcmk_rc_str(-1), "Unknown error");
+ assert_string_equal(pcmk_rc_str(-1), "Error");
}
static void
--
2.27.0
From c1ad3d6640f695321a83183c95fae2f105adc429 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Tue, 21 Dec 2021 10:20:38 -0600
Subject: [PATCH 08/12] Test: cts-lab: update expected patterns for recent
changes
---
cts/lab/CTStests.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cts/lab/CTStests.py b/cts/lab/CTStests.py
index 62c832eb45..f4be998cfb 100644
--- a/cts/lab/CTStests.py
+++ b/cts/lab/CTStests.py
@@ -3055,7 +3055,7 @@ class RemoteStonithd(RemoteDriver):
r"pacemaker-controld.*:\s+error.*: Operation remote-.*_monitor",
r"pacemaker-controld.*:\s+error.*: Result of monitor operation for remote-.*",
r"schedulerd.*:\s+Recover remote-.*\s*\(.*\)",
- r"error: Result of monitor operation for .* on remote-.*: No executor connection",
+ r"error: Result of monitor operation for .* on remote-.*: Internal communication failure",
]
ignore_pats.extend(RemoteDriver.errorstoignore(self))
--
2.27.0
From f272e2f526633c707e894b39c7c7bce3c14de898 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Tue, 21 Dec 2021 15:40:49 -0600
Subject: [PATCH 09/12] Log: controller,libpacemaker: make history XML creation
less chatty
Other messages with the same info will already be logged at higher severity
---
daemons/controld/controld_execd.c | 3 +--
daemons/controld/controld_te_actions.c | 7 ++-----
include/pcmki/pcmki_sched_utils.h | 3 +--
lib/pacemaker/pcmk_injections.c | 3 +--
lib/pacemaker/pcmk_sched_actions.c | 12 +++++-------
5 files changed, 10 insertions(+), 18 deletions(-)
diff --git a/daemons/controld/controld_execd.c b/daemons/controld/controld_execd.c
index 15784e7687..52157fa5d4 100644
--- a/daemons/controld/controld_execd.c
+++ b/daemons/controld/controld_execd.c
@@ -693,9 +693,8 @@ build_operation_update(xmlNode * parent, lrmd_rsc_info_t * rsc, lrmd_event_data_
caller_version = CRM_FEATURE_SET;
}
- crm_trace("Building %s operation update with originator version: %s", op->rsc_id, caller_version);
xml_op = pcmk__create_history_xml(parent, op, caller_version, target_rc,
- fsa_our_uname, src, LOG_DEBUG);
+ fsa_our_uname, src);
if (xml_op == NULL) {
return TRUE;
}
diff --git a/daemons/controld/controld_te_actions.c b/daemons/controld/controld_te_actions.c
index 63b7c72359..b0bcb8b2e4 100644
--- a/daemons/controld/controld_te_actions.c
+++ b/daemons/controld/controld_te_actions.c
@@ -181,7 +181,6 @@ controld_record_action_timeout(crm_action_t *action)
lrmd_event_data_t *op = NULL;
xmlNode *state = NULL;
xmlNode *rsc = NULL;
- xmlNode *xml_op = NULL;
xmlNode *action_rsc = NULL;
int rc = pcmk_ok;
@@ -245,12 +244,10 @@ controld_record_action_timeout(crm_action_t *action)
op->user_data = pcmk__transition_key(transition_graph->id, action->id,
target_rc, te_uuid);
- xml_op = pcmk__create_history_xml(rsc, op, CRM_FEATURE_SET, target_rc,
- target, __func__, LOG_INFO);
+ pcmk__create_history_xml(rsc, op, CRM_FEATURE_SET, target_rc, target,
+ __func__);
lrmd_free_event(op);
- crm_log_xml_trace(xml_op, "Action timeout");
-
rc = fsa_cib_conn->cmds->update(fsa_cib_conn, XML_CIB_TAG_STATUS, state, call_options);
fsa_register_cib_callback(rc, FALSE, NULL, cib_action_updated);
free_xml(state);
diff --git a/include/pcmki/pcmki_sched_utils.h b/include/pcmki/pcmki_sched_utils.h
index 68d60fc7db..144424a609 100644
--- a/include/pcmki/pcmki_sched_utils.h
+++ b/include/pcmki/pcmki_sched_utils.h
@@ -52,8 +52,7 @@ extern void process_utilization(pe_resource_t * rsc, pe_node_t ** prefer, pe_wor
xmlNode *pcmk__create_history_xml(xmlNode *parent, lrmd_event_data_t *event,
const char *caller_version, int target_rc,
- const char *node, const char *origin,
- int level);
+ const char *node, const char *origin);
# define LOAD_STOPPED "load_stopped"
diff --git a/lib/pacemaker/pcmk_sched_transition.c b/lib/pacemaker/pcmk_sched_transition.c
index 678c3f5dd2..1aa90a5a0b 100644
--- a/lib/pacemaker/pcmk_sched_transition.c
+++ b/lib/pacemaker/pcmk_sched_transition.c
@@ -201,8 +201,7 @@ inject_op(xmlNode * cib_resource, lrmd_event_data_t * op, int target_rc)
inject_op(xmlNode * cib_resource, lrmd_event_data_t * op, int target_rc)
{
return pcmk__create_history_xml(cib_resource, op, CRM_FEATURE_SET,
- target_rc, NULL, crm_system_name,
- LOG_TRACE);
+ target_rc, NULL, crm_system_name);
}
static xmlNode *
diff --git a/lib/pacemaker/pcmk_sched_actions.c b/lib/pacemaker/pcmk_sched_actions.c
index f8200b0efc..4f63d3374d 100644
--- a/lib/pacemaker/pcmk_sched_utils.c
+++ b/lib/pacemaker/pcmk_sched_utils.c
@@ -892,14 +892,13 @@ add_op_digest_to_xml(lrmd_event_data_t *op, xmlNode *update)
* \param[in] target_rc Expected result of operation
* \param[in] node Name of node on which operation was performed
* \param[in] origin Arbitrary description of update source
- * \param[in] level A log message will be logged at this level
*
* \return Newly created XML node for history update
*/
xmlNode *
pcmk__create_history_xml(xmlNode *parent, lrmd_event_data_t *op,
const char *caller_version, int target_rc,
- const char *node, const char *origin, int level)
+ const char *node, const char *origin)
{
char *key = NULL;
char *magic = NULL;
@@ -912,11 +911,10 @@ pcmk__create_history_xml(xmlNode *parent, lrmd_event_data_t *op,
const char *task = NULL;
CRM_CHECK(op != NULL, return NULL);
- do_crm_log(level, "%s: Updating resource %s after %s op %s (interval=%u)",
- origin, op->rsc_id, op->op_type,
- pcmk_exec_status_str(op->op_status), op->interval_ms);
-
- crm_trace("DC version: %s", caller_version);
+ crm_trace("Creating history XML for %s-interval %s action for %s on %s "
+ "(DC version: %s, origin: %s)",
+ pcmk__readable_interval(op->interval_ms), op->op_type, op->rsc_id,
+ ((node == NULL)? "no node" : node), caller_version, origin);
task = op->op_type;
--
2.27.0
From 06b1da9e5345e0d1571042c11646fd7157961279 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Tue, 21 Dec 2021 17:09:44 -0600
Subject: [PATCH 10/12] Feature: controller: improve exit reason for internal
timeouts
Functionize the part of controld_record_action_timeout() that creates a fake
executor event, into a new function synthesize_timeout_event(), and have it set
a more detailed exit reason describing what timed out.
---
daemons/controld/controld_te_actions.c | 61 ++++++++++++++++++++------
1 file changed, 48 insertions(+), 13 deletions(-)
diff --git a/daemons/controld/controld_te_actions.c b/daemons/controld/controld_te_actions.c
index b0bcb8b2e4..de2fbb82bf 100644
--- a/daemons/controld/controld_te_actions.c
+++ b/daemons/controld/controld_te_actions.c
@@ -175,6 +175,53 @@ te_crm_command(crm_graph_t * graph, crm_action_t * action)
return TRUE;
}
+/*!
+ * \internal
+ * \brief Synthesize an executor event for a resource action timeout
+ *
+ * \param[in] action Resource action that timed out
+ * \param[in] target_rc Expected result of action that timed out
+ *
+ * Synthesize an executor event for a resource action timeout. (If the executor
+ * gets a timeout while waiting for a resource action to complete, that will be
+ * reported via the usual callback. This timeout means we didn't hear from the
+ * executor itself or the controller that relayed the action to the executor.)
+ *
+ * \return Newly created executor event for result of \p action
+ * \note The caller is responsible for freeing the return value using
+ * lrmd_free_event().
+ */
+static lrmd_event_data_t *
+synthesize_timeout_event(crm_action_t *action, int target_rc)
+{
+ lrmd_event_data_t *op = NULL;
+ const char *target = crm_element_value(action->xml, XML_LRM_ATTR_TARGET);
+ const char *reason = NULL;
+ char *dynamic_reason = NULL;
+
+ if (pcmk__str_eq(target, get_local_node_name(), pcmk__str_casei)) {
+ reason = "Local executor did not return result in time";
+ } else {
+ const char *router_node = NULL;
+
+ router_node = crm_element_value(action->xml, XML_LRM_ATTR_ROUTER_NODE);
+ if (router_node == NULL) {
+ router_node = target;
+ }
+ dynamic_reason = crm_strdup_printf("Controller on %s did not return "
+ "result in time", router_node);
+ reason = dynamic_reason;
+ }
+
+ op = pcmk__event_from_graph_action(NULL, action, PCMK_EXEC_TIMEOUT,
+ PCMK_OCF_UNKNOWN_ERROR, reason);
+ op->call_id = -1;
+ op->user_data = pcmk__transition_key(transition_graph->id, action->id,
+ target_rc, te_uuid);
+ free(dynamic_reason);
+ return op;
+}
+
void
controld_record_action_timeout(crm_action_t *action)
{
@@ -231,19 +278,7 @@ controld_record_action_timeout(crm_action_t *action)
crm_copy_xml_element(action_rsc, rsc, XML_AGENT_ATTR_CLASS);
crm_copy_xml_element(action_rsc, rsc, XML_AGENT_ATTR_PROVIDER);
- /* If the executor gets a timeout while waiting for the action to complete,
- * that will be reported via the usual callback. This timeout means that we
- * didn't hear from the executor or the controller that relayed the action
- * to the executor.
- */
- op = pcmk__event_from_graph_action(NULL, action, PCMK_EXEC_TIMEOUT,
- PCMK_OCF_UNKNOWN_ERROR,
- "Cluster communication timeout "
- "(no response from executor)");
- op->call_id = -1;
- op->user_data = pcmk__transition_key(transition_graph->id, action->id,
- target_rc, te_uuid);
-
+ op = synthesize_timeout_event(action, target_rc);
pcmk__create_history_xml(rsc, op, CRM_FEATURE_SET, target_rc, target,
__func__);
lrmd_free_event(op);
--
2.27.0
From be620d206faefab967d4c8567d6554d10c9e72ba Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Wed, 22 Dec 2021 16:35:06 -0600
Subject: [PATCH 11/12] Feature: fencing: improve exit reason for fencing
timeouts
Troubleshooting timeouts is one of the more difficult aspects of cluster
maintenance. We want to give as much of a hint as possible, but for fencing in
particular it is difficult because an operation might involve multiple retries
of multiple devices.
Barring another major project to track exactly which devices, retries, etc.,
were used in a given operation, these changes in wording are probably the best
we can do.
---
daemons/fenced/fenced_remote.c | 8 +++++---
lib/fencing/st_client.c | 2 +-
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/daemons/fenced/fenced_remote.c b/daemons/fenced/fenced_remote.c
index 1e237150c5..6eebb7381e 100644
--- a/daemons/fenced/fenced_remote.c
+++ b/daemons/fenced/fenced_remote.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2009-2021 the Pacemaker project contributors
+ * Copyright 2009-2022 the Pacemaker project contributors
*
* The version control history for this file may have further details.
*
@@ -715,8 +715,10 @@ remote_op_timeout(gpointer userdata)
CRM_XS " id=%.8s",
op->action, op->target, op->client_name, op->id);
} else {
- finalize_timed_out_op(userdata, "Fencing could not be completed "
- "within overall timeout");
+ finalize_timed_out_op(userdata, "Fencing did not complete within a "
+ "total timeout based on the "
+ "configured timeout and retries for "
+ "any devices attempted");
}
return G_SOURCE_REMOVE;
}
diff --git a/lib/fencing/st_client.c b/lib/fencing/st_client.c
index a0f3119f3b..718739b321 100644
--- a/lib/fencing/st_client.c
+++ b/lib/fencing/st_client.c
@@ -906,7 +906,7 @@ invoke_registered_callbacks(stonith_t *stonith, xmlNode *msg, int call_id)
if (msg == NULL) {
// Fencer didn't reply in time
pcmk__set_result(&result, CRM_EX_ERROR, PCMK_EXEC_TIMEOUT,
- "Timeout waiting for reply from fencer");
+ "Fencer accepted request but did not reply in time");
CRM_LOG_ASSERT(call_id > 0);
} else {
--
2.27.0
From 0fe8ede2f8e838e335fe42846bdf147111ce9955 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Wed, 22 Dec 2021 17:09:09 -0600
Subject: [PATCH 12/12] Feature: libcrmservice: improve exit reason for
timeouts
The services library doesn't have enough information about an action to say
(for example) what configuration parameters might be relevant, but we can at
least distinguish what kind of agent timed out.
---
lib/services/services_linux.c | 12 +++++++++++-
lib/services/systemd.c | 2 +-
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/lib/services/services_linux.c b/lib/services/services_linux.c
index f15eee860e..d6aafcfe46 100644
--- a/lib/services/services_linux.c
+++ b/lib/services/services_linux.c
@@ -677,9 +677,19 @@ async_action_complete(mainloop_child_t *p, pid_t pid, int core, int signo,
parse_exit_reason_from_stderr(op);
} else if (mainloop_child_timeout(p)) {
+ const char *reason = NULL;
+
+ if (op->rsc != NULL) {
+ reason = "Resource agent did not complete in time";
+ } else if (pcmk__str_eq(op->standard, PCMK_RESOURCE_CLASS_STONITH,
+ pcmk__str_none)) {
+ reason = "Fence agent did not complete in time";
+ } else {
+ reason = "Process did not complete in time";
+ }
crm_info("%s[%d] timed out after %dms", op->id, op->pid, op->timeout);
services__set_result(op, services__generic_error(op), PCMK_EXEC_TIMEOUT,
- "Process did not exit within specified timeout");
+ reason);
} else if (op->cancel) {
/* If an in-flight recurring operation was killed because it was
diff --git a/lib/services/systemd.c b/lib/services/systemd.c
index 27a3b376db..d87b287424 100644
--- a/lib/services/systemd.c
+++ b/lib/services/systemd.c
@@ -995,7 +995,7 @@ systemd_timeout_callback(gpointer p)
crm_info("%s action for systemd unit %s named '%s' timed out",
op->action, op->agent, op->rsc);
services__set_result(op, PCMK_OCF_UNKNOWN_ERROR, PCMK_EXEC_TIMEOUT,
- "Systemd action did not complete within specified timeout");
+ "Systemd unit action did not complete in time");
services__finalize_async_op(op);
return FALSE;
}
--
2.27.0

29
SOURCES/019-corosync-tracking.patch
View File

@ -1,29 +0,0 @@
From e8bf0161b872267f1bb7143a9866fdc15ec218f2 Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Tue, 18 Jan 2022 16:35:24 +0100
Subject: [PATCH] Fix: corosync: Repeat corosync_cfg_trackstart
corosync_cfg_trackstart can fail with CS_ERR_TRY_AGAIN failure so
(similarly as for corosync_cfg_local_get, ...) handle failure with
using cs_repeat macro.
---
daemons/pacemakerd/pcmkd_corosync.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/daemons/pacemakerd/pcmkd_corosync.c b/daemons/pacemakerd/pcmkd_corosync.c
index 7990bc43c5..cd7a40321d 100644
--- a/daemons/pacemakerd/pcmkd_corosync.c
+++ b/daemons/pacemakerd/pcmkd_corosync.c
@@ -186,7 +186,8 @@ cluster_connect_cfg(void)
crm_debug("Corosync reports local node ID is %lu", (unsigned long) nodeid);
#ifdef HAVE_COROSYNC_CFG_TRACKSTART
- rc = corosync_cfg_trackstart(cfg_handle, 0);
+ retries = 0;
+ cs_repeat(retries, 30, rc = corosync_cfg_trackstart(cfg_handle, 0));
if (rc != CS_OK) {
crm_crit("Could not enable Corosync CFG shutdown tracker: %s " CRM_XS " rc=%d",
cs_strerror(rc), rc);
--
2.27.0

41
SOURCES/020-systemd-unit.patch
View File

@ -1,41 +0,0 @@
From e316840a7e1d2a72e3089ee194334244c959905a Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Wed, 19 Jan 2022 09:53:53 -0600
Subject: [PATCH] Fix: pacemakerd: tweak systemd unit respawn settings
If pacemaker exits immediately after starting, wait 1 second before trying to
respawn, since the default of 100ms is a bit aggressive for a Pacemaker
cluster.
Also, allow 5 attempts in 25 seconds before giving up.
---
daemons/pacemakerd/pacemaker.service.in | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/daemons/pacemakerd/pacemaker.service.in b/daemons/pacemakerd/pacemaker.service.in
index 0363a2259c..3fd53d9ffb 100644
--- a/daemons/pacemakerd/pacemaker.service.in
+++ b/daemons/pacemakerd/pacemaker.service.in
@@ -31,6 +31,9 @@ After=rsyslog.service
After=corosync.service
Requires=corosync.service
+# If Pacemaker respawns repeatedly, give up after this many tries in this time
+StartLimitBurst=5
+StartLimitIntervalSec=25s
[Install]
WantedBy=multi-user.target
@@ -57,6 +60,9 @@ TasksMax=infinity
# resource. Sending -KILL will just get the node fenced
SendSIGKILL=no
+# Systemd's default of respawning a failed service after 100ms is too aggressive
+RestartSec=1s
+
# If we ever hit the StartLimitInterval/StartLimitBurst limit, and the
# admin wants to stop the cluster while pacemakerd is not running, it
# might be a good idea to enable the ExecStopPost directive below.
--
2.27.0

1338
SOURCES/021-failure-messages.patch
View File

File diff suppressed because it is too large Load Diff

82
SOURCES/022-memory-leak.patch
View File

@ -1,82 +0,0 @@
From 8034a203bbff0aa3b53f2946dc58e409bd7246c9 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Thu, 20 Jan 2022 15:03:31 -0600
Subject: [PATCH] Fix: scheduler: avoid memory leak when displaying clones
Previously, pe__clone_default() unconditionally created a hash table for
stopped instances, but didn't free it in every code path.
Now, only create the table when we have something to put in it and might
actually use it, and ensure it always gets freed.
---
lib/pengine/clone.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/lib/pengine/clone.c b/lib/pengine/clone.c
index 742e2920b0..920a04c32c 100644
--- a/lib/pengine/clone.c
+++ b/lib/pengine/clone.c
@@ -761,7 +761,7 @@ pe__clone_default(pcmk__output_t *out, va_list args)
GList *only_node = va_arg(args, GList *);
GList *only_rsc = va_arg(args, GList *);
- GHashTable *stopped = pcmk__strkey_table(free, free);
+ GHashTable *stopped = NULL;
char *list_text = NULL;
size_t list_text_len = 0;
@@ -818,7 +818,11 @@ pe__clone_default(pcmk__output_t *out, va_list args)
} else if (partially_active == FALSE) {
// List stopped instances when requested (except orphans)
if (!pcmk_is_set(child_rsc->flags, pe_rsc_orphan)
+ && !pcmk_is_set(show_opts, pcmk_show_clone_detail)
&& pcmk_is_set(show_opts, pcmk_show_inactive_rscs)) {
+ if (stopped == NULL) {
+ stopped = pcmk__strkey_table(free, free);
+ }
g_hash_table_insert(stopped, strdup(child_rsc->id), strdup("Stopped"));
}
@@ -873,7 +877,6 @@ pe__clone_default(pcmk__output_t *out, va_list args)
}
if (pcmk_is_set(show_opts, pcmk_show_clone_detail)) {
- g_hash_table_destroy(stopped);
PCMK__OUTPUT_LIST_FOOTER(out, rc);
return pcmk_rc_ok;
}
@@ -948,8 +951,10 @@ pe__clone_default(pcmk__output_t *out, va_list args)
GList *list = g_hash_table_get_values(rsc->allowed_nodes);
/* Custom stopped table for non-unique clones */
- g_hash_table_destroy(stopped);
- stopped = pcmk__strkey_table(free, free);
+ if (stopped != NULL) {
+ g_hash_table_destroy(stopped);
+ stopped = NULL;
+ }
if (list == NULL) {
/* Clusters with symmetrical=false haven't calculated allowed_nodes yet
@@ -972,6 +977,9 @@ pe__clone_default(pcmk__output_t *out, va_list args)
state = "Stopped (disabled)";
}
+ if (stopped == NULL) {
+ stopped = pcmk__strkey_table(free, free);
+ }
if (probe_op != NULL) {
int rc;
@@ -987,7 +995,7 @@ pe__clone_default(pcmk__output_t *out, va_list args)
g_list_free(list);
}
- if (g_hash_table_size(stopped) > 0) {
+ if (stopped != NULL) {
GList *list = sorted_hash_table_values(stopped);
clone_header(out, &rc, rsc, clone_data);
--
2.27.0

30
SOURCES/023-regression.patch
View File

@ -1,30 +0,0 @@
From 16928cfc69136bc56b1574bee9966e0d5de73abd Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Wed, 26 Jan 2022 09:15:43 -0600
Subject: [PATCH] Fix: controller: correctly match "node down" events
regression introduced in 2.1.2 by 03ce7376e
The symptom that led to this was that removing a remote node connection
resource would lead to the remote node getting fenced when the connection stop
was not recognized as an expected down event.
---
daemons/controld/controld_te_events.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/daemons/controld/controld_te_events.c b/daemons/controld/controld_te_events.c
index 36fd832ba0..1fd7129922 100644
--- a/daemons/controld/controld_te_events.c
+++ b/daemons/controld/controld_te_events.c
@@ -304,7 +304,7 @@ match_down_event(const char *target)
gIter2 = gIter2->next) {
match = (crm_action_t*)gIter2->data;
- if (pcmk_is_set(match->flags, pcmk__graph_action_confirmed)) {
+ if (pcmk_is_set(match->flags, pcmk__graph_action_executed)) {
xpath_ret = xpath_search(match->xml, xpath);
if (numXpathResults(xpath_ret) < 1) {
match = NULL;
--
2.27.0

149
SPECS/pacemaker.spec
View File

@ -35,11 +35,11 @@
## Upstream pacemaker version, and its package version (specversion
## can be incremented to build packages reliably considered "newer"
## than previously built packages with the same pcmkversion)
%global pcmkversion 2.1.2
%global specversion 4
%global pcmkversion 2.1.4
%global specversion 5
## Upstream commit (full commit ID, abbreviated commit ID, or tag) to build
%global commit ada5c3b36e2adf1703d54d39f40a4b8628eca175
%global commit dc6eb4362e67c1497a413434eba097063bf1ef83
## Since git v2.11, the extent of abbreviation is autoscaled by default
## (used to be constant of 7), so we need to convey it for non-tags, too.
@ -63,14 +63,13 @@
## Add option for whether to support storing sensitive information outside CIB
%bcond_without cibsecrets
## Add option to enable Native Language Support (experimental)
%bcond_with nls
## Add option to create binaries suitable for use with profiling tools
%bcond_with profiling
## Add option to create binaries with coverage analysis
%bcond_with coverage
## Add option to skip (or enable, on RHEL) generating documentation
## (the build tools aren't available everywhere)
## Allow deprecated option to skip (or enable, on RHEL) documentation
%if 0%{?rhel}
%bcond_with doc
%else
@ -159,6 +158,7 @@
%if 0%{?suse_version} > 0
%global pkgname_bzip2_devel libbz2-devel
%global pkgname_docbook_xsl docbook-xsl-stylesheets
%global pkgname_gettext gettext-tools
%global pkgname_gnutls_devel libgnutls-devel
%global pkgname_shadow_utils shadow
%global pkgname_procps procps
@ -170,6 +170,7 @@
%global pkgname_libtool_devel_arch libtool-ltdl-devel%{?_isa}
%global pkgname_bzip2_devel bzip2-devel
%global pkgname_docbook_xsl docbook-style-xsl
%global pkgname_gettext gettext-devel
%global pkgname_gnutls_devel gnutls-devel
%global pkgname_shadow_utils shadow-utils
%global pkgname_procps procps-ng
@ -263,29 +264,18 @@ Source0: https://codeload.github.com/%{github_owner}/%{name}/tar.gz/%{arch
Source1: nagios-agents-metadata-%{nagios_hash}.tar.gz
# upstream commits
Patch1: 001-acl-group-schema.patch
Patch2: 002-fencing-reasons.patch
Patch3: 003-fencing-reasons.patch
Patch4: 004-systemd-metadata.patch
Patch5: 005-fencing-reasons.patch
Patch6: 006-stateful-metadata.patch
Patch7: 007-memory-leak.patch
Patch8: 008-fencing-history.patch
Patch9: 009-fencing-reasons.patch
Patch10: 010-probe-failures.patch
Patch11: 011-fencing-reasons.patch
Patch12: 012-notify-crash.patch
Patch13: 013-probe-failures.patch
Patch14: 014-pcmk_delay_base.patch
Patch15: 015-fencing-reasons.patch
Patch16: 016-fencing-crash.patch
Patch17: 017-fencing-reasons.patch
Patch18: 018-failure-messages.patch
Patch19: 019-corosync-tracking.patch
Patch20: 020-systemd-unit.patch
Patch21: 021-failure-messages.patch
Patch22: 022-memory-leak.patch
Patch23: 023-regression.patch
Patch001: 001-stonith-enabled.patch
Patch002: 002-acl_group.patch
Patch003: 003-regression.patch
Patch004: 004-schema.patch
Patch005: 005-schema.patch
Patch006: 006-crm_resource.patch
Patch007: 007-stonith_admin.patch
Patch008: 008-metadata.patch
Patch009: 009-validate.patch
Patch010: 010-regression.patch
Patch011: 011-unfencing.patch
Patch012: 012-crm_resource.patch
# downstream-only commits
#Patch1xx: 1xx-xxxx.patch
@ -344,6 +334,7 @@ BuildRequires: %{pkgname_gnutls_devel}
BuildRequires: help2man
BuildRequires: ncurses-devel
BuildRequires: pam-devel
BuildRequires: %{pkgname_gettext} >= 0.18
# Required for "make check"
BuildRequires: libcmocka-devel
@ -392,7 +383,7 @@ when related resources fail and can be configured to periodically check
resource health.
Available rpmbuild rebuild options:
--with(out) : cibsecrets coverage doc hardening pre_release profiling stonithd
--with(out) : cibsecrets doc hardening nls pre_release profiling stonithd
%package cli
License: GPLv2+ and LGPLv2+
@ -581,8 +572,8 @@ export LDFLAGS_HARDENED_LIB="%{?_hardening_ldflags}"
%{!?with_hardening: --disable-hardening} \
%{?with_legacy_links: --enable-legacy-links} \
%{?with_profiling: --with-profiling} \
%{?with_coverage: --with-coverage} \
%{?with_cibsecrets: --with-cibsecrets} \
%{?with_nls: --enable-nls} \
%{?with_sbd_sync: --with-sbd-sync-default="true"} \
%{?gnutls_priorities: --with-gnutls-priorities="%{gnutls_priorities}"} \
%{?bug_url: --with-bug-url=%{bug_url}} \
@ -641,10 +632,14 @@ done
mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/lib/rpm-state/%{name}
%endif
%if %{with nls}
%find_lang %{name}
%endif
# Don't package libtool archives
find %{buildroot} -name '*.la' -type f -print0 | xargs -0 rm -f
# Do not package these either
# Do not package these either on RHEL
rm -f %{buildroot}/%{_sbindir}/fence_legacy
rm -f %{buildroot}/%{_mandir}/man8/fence_legacy.*
find %{buildroot} -name '*o2cb*' -type f -print0 | xargs -0 rm -f
@ -663,16 +658,6 @@ rm -f %{buildroot}/%{_sbindir}/ipmiservicelogd
%endif
%endif
%if %{with coverage}
GCOV_BASE=%{buildroot}/%{_var}/lib/pacemaker/gcov
mkdir -p $GCOV_BASE
find . -name '*.gcno' -type f | while read F ; do
D=`dirname $F`
mkdir -p ${GCOV_BASE}/$D
cp $F ${GCOV_BASE}/$D
done
%endif
%post
%if %{defined _unitdir}
%systemd_post pacemaker.service
@ -805,7 +790,6 @@ exit 0
%exclude %{_datadir}/pacemaker/nagios
%{_libexecdir}/pacemaker/*
%{_sbindir}/crm_attribute
%{_sbindir}/crm_master
%{_sbindir}/fence_watchdog
@ -814,7 +798,6 @@ exit 0
%doc %{_mandir}/man7/pacemaker-fenced.*
%doc %{_mandir}/man7/ocf_pacemaker_controld.*
%doc %{_mandir}/man7/ocf_pacemaker_remote.*
%doc %{_mandir}/man8/crm_attribute.*
%doc %{_mandir}/man8/crm_master.*
%doc %{_mandir}/man8/fence_watchdog.*
%doc %{_mandir}/man8/pacemakerd.*
@ -853,6 +836,7 @@ exit 0
%if %{with cibsecrets}
%{_sbindir}/cibsecret
%endif
%{_sbindir}/crm_attribute
%{_sbindir}/crm_diff
%{_sbindir}/crm_error
%{_sbindir}/crm_failcount
@ -889,7 +873,6 @@ exit 0
%exclude %{_mandir}/man7/ocf_pacemaker_controld.*
%exclude %{_mandir}/man7/ocf_pacemaker_remote.*
%doc %{_mandir}/man8/*
%exclude %{_mandir}/man8/crm_attribute.*
%exclude %{_mandir}/man8/crm_master.*
%exclude %{_mandir}/man8/fence_watchdog.*
%exclude %{_mandir}/man8/pacemakerd.*
@ -905,7 +888,7 @@ exit 0
%dir %attr (770, %{uname}, %{gname}) %{_var}/log/pacemaker
%dir %attr (770, %{uname}, %{gname}) %{_var}/log/pacemaker/bundles
%files -n %{pkgname_pcmk_libs}
%files -n %{pkgname_pcmk_libs} %{?with_nls:-f %{name}.lang}
%{_libdir}/libcib.so.*
%{_libdir}/liblrmd.so.*
%{_libdir}/libcrmservice.so.*
@ -961,9 +944,6 @@ exit 0
%files -n %{pkgname_pcmk_libs}-devel
%{_includedir}/pacemaker
%{_libdir}/*.so
%if %{with coverage}
%{_var}/lib/pacemaker/gcov
%endif
%{_libdir}/pkgconfig/*.pc
%license licenses/LGPLv2.1
%doc COPYING
@ -975,6 +955,7 @@ exit 0
%{_datadir}/pacemaker/*.rng
%{_datadir}/pacemaker/*.xsl
%{_datadir}/pacemaker/api
%{_datadir}/pacemaker/base
%{_datadir}/pkgconfig/pacemaker-schemas.pc
%files nagios-plugins-metadata
@ -983,6 +964,56 @@ exit 0
%license %{nagios_name}-%{nagios_hash}/COPYING
%changelog
* Wed Aug 10 2022 Ken Gaillot <kgaillot@redhat.com> - 2.1.4-5
- Fix regression in crm_resource -O
- Resolves: rhbz2118337
* Wed Jul 20 2022 Ken Gaillot <kgaillot@redhat.com> - 2.1.4-4
- Ensure all nodes are re-unfenced after device configuration change
- crm_resource --why now checks node health status
- Resolves: rhbz1872483
- Resolves: rhbz2065818
* Wed Jun 29 2022 Ken Gaillot <kgaillot@redhat.com> - 2.1.4-3
- Add support for ACL groups
- Resolves: rhbz1724310
* Tue Jun 28 2022 Ken Gaillot <kgaillot@redhat.com> - 2.1.4-2
- Restore crm_attribute query behavior when attribute does not exist
- Resolves: rhbz2072107
* Wed Jun 15 2022 Ken Gaillot <kgaillot@redhat.com> - 2.1.4-1
- Fencer should not ignore CIB updates when stonith is disabled
- Rebase pacemaker on upstream 2.1.4 final release
- Fix typo in ocf:pacemaker:HealthSMART meta-data
- Resolves: rhbz2055935
- Resolves: rhbz2072107
- Resolves: rhbz2094855
* Wed Jun 1 2022 Ken Gaillot <kgaillot@redhat.com> - 2.1.3-2
- crm_attribute works on remote node command line when hostname differs
- Rebase pacemaker on upstream 2.1.3 final release
- Resolves: rhbz1384172
- Resolves: rhbz2072107
* Wed May 18 2022 Ken Gaillot <kgaillot@redhat.com> - 2.1.3-1
- crm_resource --restart fails to restart clone instances except instance 0
- Add new multiple-active option for "stop unexpected instances"
- Unable to show metadata for "service" agents with "@" and "." in the name
- Resource ocf:pacemaker:attribute does not comply with the OCF 1.1 standard
- Allow resource meta-attribute to exempt resource from node health restrictions
- Show node health states in crm_mon
- Rebase pacemaker on upstream 2.1.3-rc2 release
- crm_mon API result does not validate against schema if fence event has exit-reason
- Resolves: rhbz1930578
- Resolves: rhbz2036815
- Resolves: rhbz2045096
- Resolves: rhbz2049722
- Resolves: rhbz2059638
- Resolves: rhbz2065812
- Resolves: rhbz2072107
- Resolves: rhbz2086230
* Wed Jan 26 2022 Ken Gaillot <kgaillot@redhat.com> - 2.1.2-4
- Fix regression in down event detection that affects remote nodes
- Resolves: rhbz2046446
@ -1045,7 +1076,7 @@ exit 0
- Show better error messages in crm_resource with invalid resource types
- Avoid selecting wrong device when dynamic-list fencing is used with host map
- Do not schedule probes of unmanaged resources on pending nodes
- Fix regressions in crm_attribute and crm_master argument handling
- Fix argument handling regressions in crm_attribute and wrappers
- Resolves: rhbz1447918
- Resolves: rhbz1978010
- Resolves: rhbz1982453
@ -1314,7 +1345,7 @@ exit 0
- Resolves: rhbz#1622969
* Mon Aug 13 2018 Ken Gaillot <kgaillot@redhat.com> - 2.0.0-7
- Include upstream master branch commits through 975347d4
- Include upstream main branch commits through 975347d4
- Resolves: rhbz#1543494
- Resolves: rhbz#1602650
- Resolves: rhbz#1608369
@ -1485,7 +1516,7 @@ exit 0
* Thu Aug 20 2015 Andrew Beekhof <abeekhof@redhat.com> - 1.1.13-2
- Update for new upstream tarball: Pacemaker-1.1.13
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/master/ChangeLog for full details
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/main/ChangeLog for full details
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.12-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
@ -1495,7 +1526,7 @@ exit 0
* Tue Oct 28 2014 Andrew Beekhof <abeekhof@redhat.com> - 1.1.12-1
- Update for new upstream tarball: Pacemaker-1.1.12+ (a9c8177)
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/master/ChangeLog for full details
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/main/ChangeLog for full details
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.11-1.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
@ -1505,11 +1536,11 @@ exit 0
* Tue Feb 18 2014 Andrew Beekhof <abeekhof@redhat.com> - 1.1.11-1
- Update for new upstream tarball: Pacemaker-1.1.11 (9d39a6b)
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/master/ChangeLog for full details
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/main/ChangeLog for full details
* Thu Jun 20 2013 Andrew Beekhof <abeekhof@redhat.com> - 1.1.9-3
- Update to upstream 7d8acec
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/master/ChangeLog for full details
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/main/ChangeLog for full details
+ Feature: Turn off auto-respawning of systemd services when the cluster starts them
+ Fix: crmd: Ensure operations for cleaned up resources don't block recovery
@ -1517,11 +1548,11 @@ exit 0
* Mon Jun 17 2013 Andrew Beekhof <abeekhof@redhat.com> - 1.1.9-2
- Update for new upstream tarball: 781a388
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/master/ChangeLog for full details
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/main/ChangeLog for full details
* Wed May 12 2010 Andrew Beekhof <andrew@beekhof.net> - 1.1.2-1
- Update the tarball from the upstream 1.1.2 release
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/master/ChangeLog for full details
- See included ChangeLog file or https://raw.github.com/ClusterLabs/pacemaker/main/ChangeLog for full details
* Tue Jul 14 2009 Andrew Beekhof <andrew@beekhof.net> - 1.0.4-1
- Initial checkin