rpms
/
pacemaker
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Rebase on upstream 2.1.0-rc3 release 

... and fix syntax error in gating.yaml

- Resolves: rhbz1936023
This commit is contained in:
Ken Gaillot 2021-06-01 12:23:20 -05:00
parent 457a59013b
commit 6acb138bce
4 changed files with 9 additions and 882 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

877
001-rollup.patch
View File

@ -1,877 +0,0 @@
From 8c2e95ab41ae11697ed08992c7687e68abd1d88d Mon Sep 17 00:00:00 2001
From: Kazunori INOUE <kazunori_inoue@newson.co.jp>
Date: Wed, 12 May 2021 18:18:11 +0900
Subject: [PATCH 01/11] Log: pcmk__pid_active: Lower the log level when
readlink() is EACCES
---
lib/common/pid.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/lib/common/pid.c b/lib/common/pid.c
index 90a24a6..2705228 100644
--- a/lib/common/pid.c
+++ b/lib/common/pid.c
@@ -73,8 +73,13 @@ pcmk__pid_active(pid_t pid, const char *daemon)
rc = readlink(proc_path, exe_path, sizeof(exe_path) - 1);
if (rc < 0) {
if (last_asked_pid != pid) {
- crm_err("Could not read from %s: %s " CRM_XS " errno=%d",
- proc_path, strerror(errno), errno);
+ if (errno == EACCES) {
+ crm_info("Could not read from %s: %s " CRM_XS " errno=%d",
+ proc_path, strerror(errno), errno);
+ } else {
+ crm_err("Could not read from %s: %s " CRM_XS " errno=%d",
+ proc_path, strerror(errno), errno);
+ }
last_asked_pid = pid;
}
if ((errno == EACCES) && checked_through_kill) {
--
1.8.3.1
From 29e9e68498189f7b5fb2e6e42eec306962376c8c Mon Sep 17 00:00:00 2001
From: Chris Lumens <clumens@redhat.com>
Date: Thu, 20 May 2021 11:32:57 -0400
Subject: [PATCH 02/11] Low: tools: Fix handling certain error codes in
crm_resource.
It is possible, at the bottom of crm_resource, to end up in a situation
where rc is pcmk_rc_ok, but exit_code contains some error value. This
results in an error message like "Error performing operation: OK", which
is obviously terrible.
The idea behind this fix is that when we get to the done label, we won't
use rc again. Any value contained in rc will have been converted to a
crm_exit_t beforehand, and so we only need to worry about exit_code when
doing the final error reporting.
The way to accomplish this is that anywhere in the code that there's a
"goto done", we need to use pcmk_rc2exitc to make sure exit_code is set
correctly and just forget about rc. And then throughout the big command
switch block, we use rc for just about everything and do the error code
conversion just before hitting the done label.
There's one extra wrinkle here - ban_or_move needs to be checked for
whether it returned EINVAL or not. If so, that needs to be converted to
CRM_EX_USAGE prior to running pcmk_rc2exitc. That function will map
EINVAL to CRM_EX_SOFTWARE, which is not right.
---
cts/cli/regression.acls.exp | 12 ++---
cts/cli/regression.tools.exp | 7 ++-
tools/crm_resource.c | 125 +++++++++++++++++++++++--------------------
3 files changed, 77 insertions(+), 67 deletions(-)
diff --git a/cts/cli/regression.acls.exp b/cts/cli/regression.acls.exp
index fa5ffee..b5630a1 100644
--- a/cts/cli/regression.acls.exp
+++ b/cts/cli/regression.acls.exp
@@ -742,15 +742,15 @@ Call failed: Permission denied
=#=#=#= End test: root: Create a resource - OK (0) =#=#=#=
* Passed: cibadmin - root: Create a resource
=#=#=#= Begin test: l33t-haxor: Create a resource meta attribute =#=#=#=
-crm_resource: Error performing operation: Permission denied
+crm_resource: Error performing operation: Insufficient privileges
=#=#=#= End test: l33t-haxor: Create a resource meta attribute - Insufficient privileges (4) =#=#=#=
* Passed: crm_resource - l33t-haxor: Create a resource meta attribute
=#=#=#= Begin test: l33t-haxor: Query a resource meta attribute =#=#=#=
-crm_resource: Error performing operation: Permission denied
+crm_resource: Error performing operation: Insufficient privileges
=#=#=#= End test: l33t-haxor: Query a resource meta attribute - Insufficient privileges (4) =#=#=#=
* Passed: crm_resource - l33t-haxor: Query a resource meta attribute
=#=#=#= Begin test: l33t-haxor: Remove a resource meta attribute =#=#=#=
-crm_resource: Error performing operation: Permission denied
+crm_resource: Error performing operation: Insufficient privileges
=#=#=#= End test: l33t-haxor: Remove a resource meta attribute - Insufficient privileges (4) =#=#=#=
* Passed: crm_resource - l33t-haxor: Remove a resource meta attribute
=#=#=#= Begin test: niceguy: Create a resource meta attribute =#=#=#=
@@ -2769,15 +2769,15 @@ Call failed: Permission denied
=#=#=#= End test: root: Create a resource - OK (0) =#=#=#=
* Passed: cibadmin - root: Create a resource
=#=#=#= Begin test: l33t-haxor: Create a resource meta attribute =#=#=#=
-crm_resource: Error performing operation: Permission denied
+crm_resource: Error performing operation: Insufficient privileges
=#=#=#= End test: l33t-haxor: Create a resource meta attribute - Insufficient privileges (4) =#=#=#=
* Passed: crm_resource - l33t-haxor: Create a resource meta attribute
=#=#=#= Begin test: l33t-haxor: Query a resource meta attribute =#=#=#=
-crm_resource: Error performing operation: Permission denied
+crm_resource: Error performing operation: Insufficient privileges
=#=#=#= End test: l33t-haxor: Query a resource meta attribute - Insufficient privileges (4) =#=#=#=
* Passed: crm_resource - l33t-haxor: Query a resource meta attribute
=#=#=#= Begin test: l33t-haxor: Remove a resource meta attribute =#=#=#=
-crm_resource: Error performing operation: Permission denied
+crm_resource: Error performing operation: Insufficient privileges
=#=#=#= End test: l33t-haxor: Remove a resource meta attribute - Insufficient privileges (4) =#=#=#=
* Passed: crm_resource - l33t-haxor: Remove a resource meta attribute
=#=#=#= Begin test: niceguy: Create a resource meta attribute =#=#=#=
diff --git a/cts/cli/regression.tools.exp b/cts/cli/regression.tools.exp
index 3a3d8a9..5ce90e5 100644
--- a/cts/cli/regression.tools.exp
+++ b/cts/cli/regression.tools.exp
@@ -979,7 +979,6 @@ Resource XML:
=#=#=#= Begin test: Require a destination when migrating a resource that is stopped =#=#=#=
crm_resource: Resource 'dummy' not moved: active in 0 locations.
To prevent 'dummy' from running on a specific location, specify a node.
-Error performing operation: Invalid argument
=#=#=#= Current cib after: Require a destination when migrating a resource that is stopped =#=#=#=
<cib epoch="18" num_updates="0" admin_epoch="0">
<configuration>
@@ -1019,7 +1018,7 @@ Error performing operation: Invalid argument
=#=#=#= End test: Require a destination when migrating a resource that is stopped - Incorrect usage (64) =#=#=#=
* Passed: crm_resource - Require a destination when migrating a resource that is stopped
=#=#=#= Begin test: Don't support migration to non-existent locations =#=#=#=
-crm_resource: Error performing operation: Node not found
+crm_resource: Error performing operation: No such object
=#=#=#= Current cib after: Don't support migration to non-existent locations =#=#=#=
<cib epoch="18" num_updates="0" admin_epoch="0">
<configuration>
@@ -1174,7 +1173,7 @@ Revised Cluster Status:
=#=#=#= End test: Bring resources online - OK (0) =#=#=#=
* Passed: crm_simulate - Bring resources online
=#=#=#= Begin test: Try to move a resource to its existing location =#=#=#=
-crm_resource: Error performing operation: Already in requested state
+crm_resource: Error performing operation: Requested item already exists
=#=#=#= Current cib after: Try to move a resource to its existing location =#=#=#=
<cib epoch="19" num_updates="4" admin_epoch="0">
<configuration>
@@ -1755,7 +1754,7 @@ true
=#=#=#= End test: Delete ticket standby state - OK (0) =#=#=#=
* Passed: crm_ticket - Delete ticket standby state
=#=#=#= Begin test: Ban a resource on unknown node =#=#=#=
-crm_resource: Error performing operation: Node not found
+crm_resource: Error performing operation: No such object
=#=#=#= Current cib after: Ban a resource on unknown node =#=#=#=
<cib epoch="21" num_updates="5" admin_epoch="0">
<configuration>
diff --git a/tools/crm_resource.c b/tools/crm_resource.c
index 3b58978..cc230d5 100644
--- a/tools/crm_resource.c
+++ b/tools/crm_resource.c
@@ -952,8 +952,7 @@ why_cb(const gchar *option_name, const gchar *optarg, gpointer data, GError **er
}
static int
-ban_or_move(pcmk__output_t *out, pe_resource_t *rsc, const char *move_lifetime,
- crm_exit_t *exit_code)
+ban_or_move(pcmk__output_t *out, pe_resource_t *rsc, const char *move_lifetime)
{
int rc = pcmk_rc_ok;
pe_node_t *current = NULL;
@@ -988,8 +987,7 @@ ban_or_move(pcmk__output_t *out, pe_resource_t *rsc, const char *move_lifetime,
} else {
rc = EINVAL;
- *exit_code = CRM_EX_USAGE;
- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code,
+ g_set_error(&error, PCMK__EXITC_ERROR, CRM_EX_USAGE,
"Resource '%s' not moved: active in %d locations (promoted in %d).\n"
"To prevent '%s' from running on a specific location, "
"specify a node."
@@ -1000,8 +998,7 @@ ban_or_move(pcmk__output_t *out, pe_resource_t *rsc, const char *move_lifetime,
} else {
rc = EINVAL;
- *exit_code = CRM_EX_USAGE;
- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code,
+ g_set_error(&error, PCMK__EXITC_ERROR, CRM_EX_USAGE,
"Resource '%s' not moved: active in %d locations.\n"
"To prevent '%s' from running on a specific location, "
"specify a node.",
@@ -1124,7 +1121,7 @@ delete(void)
}
static int
-list_agents(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_code)
+list_agents(pcmk__output_t *out, const char *agent_spec)
{
int rc = pcmk_rc_ok;
char *provider = strchr(agent_spec, ':');
@@ -1144,12 +1141,11 @@ list_agents(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_code)
}
if (rc != pcmk_rc_ok) {
- *exit_code = CRM_EX_NOSUCH;
if (provider == NULL) {
- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code,
+ g_set_error(&error, PCMK__RC_ERROR, rc,
"No agents found for standard '%s'", agent_spec);
} else {
- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code,
+ g_set_error(&error, PCMK__RC_ERROR, rc,
"No agents found for standard '%s' and provider '%s'",
agent_spec, provider);
}
@@ -1160,7 +1156,7 @@ list_agents(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_code)
}
static int
-list_providers(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_code)
+list_providers(pcmk__output_t *out, const char *agent_spec)
{
int rc;
const char *text = NULL;
@@ -1202,23 +1198,20 @@ list_providers(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_cod
text = "OCF providers";
break;
default:
- *exit_code = CRM_EX_SOFTWARE;
- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code, "Bug");
+ g_set_error(&error, PCMK__RC_ERROR, pcmk_rc_error, "Bug");
lrmd_api_delete(lrmd_conn);
return pcmk_rc_error;
}
if (rc != pcmk_rc_ok) {
if (agent_spec != NULL) {
- *exit_code = CRM_EX_NOSUCH;
- rc = pcmk_rc_error;
- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code,
+ rc = ENXIO;
+ g_set_error(&error, PCMK__RC_ERROR, rc,
"No %s found for %s", text, agent_spec);
} else {
- *exit_code = CRM_EX_NOSUCH;
- rc = pcmk_rc_error;
- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code,
+ rc = ENXIO;
+ g_set_error(&error, PCMK__RC_ERROR, rc,
"No %s found", text);
}
}
@@ -1343,7 +1336,7 @@ set_property(void)
} else if (pcmk__str_empty(options.prop_value)) {
g_set_error(&error, PCMK__EXITC_ERROR, CRM_EX_USAGE,
"Must supply -v with new value");
- rc = EINVAL;
+ rc = ENXIO;
return rc;
}
@@ -1362,7 +1355,7 @@ set_property(void)
}
static int
-show_metadata(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_code)
+show_metadata(pcmk__output_t *out, const char *agent_spec)
{
int rc = pcmk_rc_ok;
char *standard = NULL;
@@ -1383,8 +1376,7 @@ show_metadata(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_code
if (metadata) {
out->output_xml(out, "metadata", metadata);
} else {
- *exit_code = crm_errno2exit(rc);
- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code,
+ g_set_error(&error, PCMK__RC_ERROR, rc,
"Metadata query for %s failed: %s",
agent_spec, pcmk_rc_str(rc));
}
@@ -1706,15 +1698,16 @@ main(int argc, char **argv)
if (options.require_cib) {
cib_conn = cib_new();
if ((cib_conn == NULL) || (cib_conn->cmds == NULL)) {
- rc = pcmk_rc_error;
- g_set_error(&error, PCMK__EXITC_ERROR, CRM_EX_DISCONNECT,
+ exit_code = CRM_EX_DISCONNECT;
+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code,
"Could not create CIB connection");
goto done;
}
rc = cib_conn->cmds->signon(cib_conn, crm_system_name, cib_command);
rc = pcmk_legacy2rc(rc);
if (rc != pcmk_rc_ok) {
- g_set_error(&error, PCMK__RC_ERROR, rc,
+ exit_code = pcmk_rc2exitc(rc);
+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code,
"Could not connect to the CIB: %s", pcmk_rc_str(rc));
goto done;
}
@@ -1724,6 +1717,7 @@ main(int argc, char **argv)
if (options.require_dataset) {
rc = populate_working_set(&cib_xml_copy);
if (rc != pcmk_rc_ok) {
+ exit_code = pcmk_rc2exitc(rc);
goto done;
}
}
@@ -1733,8 +1727,8 @@ main(int argc, char **argv)
rsc = pe_find_resource_with_flags(data_set->resources, options.rsc_id,
options.find_flags);
if (rsc == NULL) {
- rc = ENXIO;
- g_set_error(&error, PCMK__RC_ERROR, rc,
+ exit_code = CRM_EX_NOSUCH;
+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code,
"Resource '%s' not found", options.rsc_id);
goto done;
}
@@ -1749,7 +1743,8 @@ main(int argc, char **argv)
if (options.require_crmd) {
rc = pcmk_new_ipc_api(&controld_api, pcmk_ipc_controld);
if (rc != pcmk_rc_ok) {
- g_set_error(&error, PCMK__RC_ERROR, rc,
+ exit_code = pcmk_rc2exitc(rc);
+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code,
"Error connecting to the controller: %s", pcmk_rc_str(rc));
goto done;
}
@@ -1757,7 +1752,8 @@ main(int argc, char **argv)
NULL);
rc = pcmk_connect_ipc(controld_api, pcmk_ipc_dispatch_main);
if (rc != pcmk_rc_ok) {
- g_set_error(&error, PCMK__RC_ERROR, rc,
+ exit_code = pcmk_rc2exitc(rc);
+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code,
"Error connecting to the controller: %s", pcmk_rc_str(rc));
goto done;
}
@@ -1794,15 +1790,15 @@ main(int argc, char **argv)
case cmd_list_standards:
case cmd_list_providers:
case cmd_list_alternatives:
- rc = list_providers(out, options.agent_spec, &exit_code);
+ rc = list_providers(out, options.agent_spec);
break;
case cmd_list_agents:
- rc = list_agents(out, options.agent_spec, &exit_code);
+ rc = list_agents(out, options.agent_spec);
break;
case cmd_metadata:
- rc = show_metadata(out, options.agent_spec, &exit_code);
+ rc = show_metadata(out, options.agent_spec);
break;
case cmd_restart:
@@ -1835,7 +1831,7 @@ main(int argc, char **argv)
options.timeout_ms, cib_conn, data_set,
args->verbosity, options.force);
}
- break;
+ goto done;
case cmd_digests:
node = pe_find_node(data_set->nodes, options.host_uname);
@@ -1918,7 +1914,7 @@ main(int argc, char **argv)
case cmd_move:
if (options.host_uname == NULL) {
- rc = ban_or_move(out, rsc, options.move_lifetime, &exit_code);
+ rc = ban_or_move(out, rsc, options.move_lifetime);
} else {
rc = cli_resource_move(rsc, options.rsc_id, options.host_uname,
options.move_lifetime, cib_conn,
@@ -1926,11 +1922,17 @@ main(int argc, char **argv)
options.promoted_role_only,
options.force);
}
+
+ if (rc == EINVAL) {
+ exit_code = CRM_EX_USAGE;
+ goto done;
+ }
+
break;
case cmd_ban:
if (options.host_uname == NULL) {
- rc = ban_or_move(out, rsc, options.move_lifetime, &exit_code);
+ rc = ban_or_move(out, rsc, options.move_lifetime);
} else if (node == NULL) {
rc = pcmk_rc_node_unknown;
} else {
@@ -1939,6 +1941,12 @@ main(int argc, char **argv)
options.cib_options,
options.promoted_role_only);
}
+
+ if (rc == EINVAL) {
+ exit_code = CRM_EX_USAGE;
+ goto done;
+ }
+
break;
case cmd_get_property:
@@ -1990,9 +1998,9 @@ main(int argc, char **argv)
case cmd_set_param:
if (pcmk__str_empty(options.prop_value)) {
- g_set_error(&error, PCMK__EXITC_ERROR, CRM_EX_USAGE,
+ exit_code = CRM_EX_USAGE;
+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code,
"You need to supply a value with the -v option");
- rc = EINVAL;
goto done;
}
@@ -2045,10 +2053,19 @@ main(int argc, char **argv)
break;
default:
- exit_code = CRM_EX_SOFTWARE;
+ exit_code = CRM_EX_USAGE;
g_set_error(&error, PCMK__EXITC_ERROR, exit_code,
"Unimplemented command: %d", (int) options.rsc_cmd);
- break;
+ goto done;
+ }
+
+ /* Convert rc into an exit code. */
+ if (rc != pcmk_rc_ok && rc != pcmk_rc_no_output) {
+ if (rc == pcmk_rc_no_quorum) {
+ g_prefix_error(&error, "To ignore quorum, use the force option.\n");
+ }
+
+ exit_code = pcmk_rc2exitc(rc);
}
/*
@@ -2056,32 +2073,26 @@ main(int argc, char **argv)
*/
done:
- /* Don't do any of this for pcmk_rc_no_output (doesn't make sense to show an
- * error message for no output) or for CRM_EX_USAGE (we don't want to show
- * an "error: OK" message from pcmk_rc_str).
+ /* When we get here, exit_code has been set one of two ways - either at one of
+ * the spots where there's a "goto done" (which itself could have happened either
+ * directly or by calling pcmk_rc2exitc), or just up above after any of the break
+ * statements.
+ *
+ * Thus, we can use just exit_code here to decide what to do.
*/
- if ((rc != pcmk_rc_ok && rc != pcmk_rc_no_output) ||
- (exit_code != CRM_EX_OK && exit_code != CRM_EX_USAGE)) {
- if (rc == pcmk_rc_no_quorum) {
- g_prefix_error(&error, "To ignore quorum, use the force option.\n");
- }
-
+ if (exit_code != CRM_EX_OK && exit_code != CRM_EX_USAGE) {
if (error != NULL) {
char *msg = crm_strdup_printf("%s\nError performing operation: %s",
- error->message, pcmk_rc_str(rc));
+ error->message, crm_exit_str(exit_code));
g_clear_error(&error);
- g_set_error(&error, PCMK__RC_ERROR, rc, "%s", msg);
+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code, "%s", msg);
free(msg);
} else {
- g_set_error(&error, PCMK__RC_ERROR, rc,
- "Error performing operation: %s", pcmk_rc_str(rc));
+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code,
+ "Error performing operation: %s", crm_exit_str(exit_code));
}
}
- if (exit_code == CRM_EX_OK) {
- exit_code = pcmk_rc2exitc(rc);
- }
-
g_free(options.host_uname);
g_free(options.interval_spec);
g_free(options.move_lifetime);
--
1.8.3.1
From 83a194d5927f42386adf236542ce2b24d3cce18c Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Thu, 20 May 2021 14:50:24 -0500
Subject: [PATCH 03/11] Log: executor: log OCF resource agent search path at
start-up
---
daemons/execd/pacemaker-execd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/daemons/execd/pacemaker-execd.c b/daemons/execd/pacemaker-execd.c
index 718afe5..ad838b6 100644
--- a/daemons/execd/pacemaker-execd.c
+++ b/daemons/execd/pacemaker-execd.c
@@ -525,6 +525,7 @@ main(int argc, char **argv, char **envp)
mainloop_add_signal(SIGTERM, lrmd_shutdown);
mainloop = g_main_loop_new(NULL, FALSE);
crm_notice("Pacemaker " EXECD_TYPE " executor successfully started and accepting connections");
+ crm_notice("OCF resource agent search path is %s", OCF_RA_PATH);
g_main_loop_run(mainloop);
/* should never get here */
--
1.8.3.1
From fd44a0c5536f54fb2fa432e053d711a561b574a2 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Thu, 20 May 2021 14:55:14 -0500
Subject: [PATCH 05/11] Build: rpm: enable CIB secrets by default except on
certain distro versions
---
rpm/pacemaker.spec.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/rpm/pacemaker.spec.in b/rpm/pacemaker.spec.in
index f7bdc20..78f6807 100644
--- a/rpm/pacemaker.spec.in
+++ b/rpm/pacemaker.spec.in
@@ -42,8 +42,12 @@
## Add option to enable support for stonith/external fencing agents
%bcond_with stonithd
-## Add option to enable support for storing sensitive information outside CIB
+## Add option for whether to support storing sensitive information outside CIB
+%if (0%{?fedora} && 0%{?fedora} <= 33) || (0%{?rhel} && 0%{?rhel} <= 8)
%bcond_with cibsecrets
+%else
+%bcond_without cibsecrets
+%endif
## Add option to create binaries suitable for use with profiling tools
%bcond_with profiling
--
1.8.3.1
From 918c71c34b7220a3c82f90b7520ea58428da8d7b Mon Sep 17 00:00:00 2001
From: Chris Lumens <clumens@redhat.com>
Date: Tue, 25 May 2021 15:11:04 -0400
Subject: [PATCH 06/11] Low: tools: Return ENOTUNIQ in find_resource_attr.
We were returning EINVAL in the case where multiple attributes were
found with a given name, but there's a more fitting error code that can
be used. This also starts to take care of a bunch of other functions
that could be returning EINVAL due to calling find_resource_attr.
---
tools/crm_resource_runtime.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/crm_resource_runtime.c b/tools/crm_resource_runtime.c
index fe0ec98..cf67203 100644
--- a/tools/crm_resource_runtime.c
+++ b/tools/crm_resource_runtime.c
@@ -157,7 +157,7 @@ find_resource_attr(pcmk__output_t *out, cib_t * the_cib, const char *attr,
if (xml_has_children(xml_search)) {
xmlNode *child = NULL;
- rc = EINVAL;
+ rc = ENOTUNIQ;
out->info(out, "Multiple attributes match name=%s", attr_name);
for (child = pcmk__xml_first_child(xml_search); child != NULL;
--
1.8.3.1
From ba9c7a89c597779a2c6f175e39b4b8f21fe784de Mon Sep 17 00:00:00 2001
From: Chris Lumens <clumens@redhat.com>
Date: Tue, 25 May 2021 15:31:37 -0400
Subject: [PATCH 07/11] Low: tools: Return ENXIO from show_metadata.
We could be given a validly formatted but nonexistent resource spec, in
which case ENXIO seems like the most fitting error code. This maps to
CRM_EX_NOSUCH. Returning EINVAL will result in the user seeing an
internal software error message.
---
tools/crm_resource.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/crm_resource.c b/tools/crm_resource.c
index cc230d5..83389b5 100644
--- a/tools/crm_resource.c
+++ b/tools/crm_resource.c
@@ -1376,6 +1376,12 @@ show_metadata(pcmk__output_t *out, const char *agent_spec)
if (metadata) {
out->output_xml(out, "metadata", metadata);
} else {
+ /* We were given a validly formatted spec, but it doesn't necessarily
+ * match up with anything that exists. Use ENXIO as the return code
+ * here because that maps to an exit code of CRM_EX_NOSUCH, which
+ * probably is the most common reason to get here.
+ */
+ rc = ENXIO;
g_set_error(&error, PCMK__RC_ERROR, rc,
"Metadata query for %s failed: %s",
agent_spec, pcmk_rc_str(rc));
--
1.8.3.1
From dea4562594cb21900bbda66be87e6686d5b4418b Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Wed, 26 May 2021 11:43:05 -0500
Subject: [PATCH 08/11] Build: configure: make stack protection message more
readable
... and structure the code so it's easier to add more hardening options
---
configure.ac | 29 ++++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/configure.ac b/configure.ac
index 5743087..610393e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1808,6 +1808,7 @@ AS_CASE([$enable_hardening],
relro=0
pie=0
bindnow=0
+ stackprot="none"
# daemons incl. libs: partial RELRO
flag="-Wl,-z,relro"
CC_CHECK_LDFLAGS(["${flag}"],
@@ -1855,20 +1856,30 @@ AS_CASE([$enable_hardening],
# universal: prefer strong > all > default stack protector if possible
flag=
AS_IF([cc_supports_flag -fstack-protector-strong],
- [flag="-fstack-protector-strong"],
+ [
+ flag="-fstack-protector-strong"
+ stackprot="strong"
+ ],
[cc_supports_flag -fstack-protector-all],
- [flag="-fstack-protector-all"],
+ [
+ flag="-fstack-protector-all"
+ stackprot="all"
+ ],
[cc_supports_flag -fstack-protector],
- [flag="-fstack-protector"]
- )
- AS_IF([test -n "${flag}"],
[
- CC_EXTRAS="${CC_EXTRAS} ${flag}"
- stackprot=1
+ flag="-fstack-protector"
+ stackprot="default"
]
)
- AS_IF([test "${relro}" = 1 || test "${pie}" = 1 || test "${stackprot}" = 1],
- [AC_MSG_NOTICE([Hardening: relro=${relro} pie=${pie} bindnow=${bindnow} stackprot=${flag}])],
+ AS_IF([test -n "${flag}"], [CC_EXTRAS="${CC_EXTRAS} ${flag}"])
+ # Log a summary
+ AS_IF([test "${relro}" = 1 || test "${pie}" = 1 || test "${stackprot}" != "none"],
+ [AC_MSG_NOTICE(m4_normalize([Hardening:
+ relro=${relro}
+ pie=${pie}
+ bindnow=${bindnow}
+ stackprot=${stackprot}]))
+ ],
[AC_MSG_WARN([Hardening: no suitable features in the toolchain detected])]
)
],
--
1.8.3.1
From 884dc490c5261990cd3251e4ffcb4639384b753b Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Wed, 26 May 2021 11:56:24 -0500
Subject: [PATCH 09/11] Build: configure: add stack clash protection to
hardening flags
... by default, if supported by the compiler
---
configure.ac | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/configure.ac b/configure.ac
index 610393e..54fd913 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1872,6 +1872,16 @@ AS_CASE([$enable_hardening],
]
)
AS_IF([test -n "${flag}"], [CC_EXTRAS="${CC_EXTRAS} ${flag}"])
+ # universal: enable stack clash protection if possible
+ AS_IF([cc_supports_flag -fstack-clash-protection],
+ [
+ CC_EXTRAS="${CC_EXTRAS} -fstack-clash-protection"
+ AS_IF([test "${stackprot}" = "none"],
+ [stackprot="clash-only"],
+ [stackprot="${stackprot}+clash"]
+ )
+ ]
+ )
# Log a summary
AS_IF([test "${relro}" = 1 || test "${pie}" = 1 || test "${stackprot}" != "none"],
[AC_MSG_NOTICE(m4_normalize([Hardening:
--
1.8.3.1
From 59e7363ea845887521076e38b04276d694985af9 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Wed, 26 May 2021 12:16:25 -0500
Subject: [PATCH 10/11] Build: rpm: respect prefix when installing resource
agents
This defines a new user-overridable global ocf_root that defaults to
%{_prefix}/lib/ocf, used where /usr/lib/ocf was hardcoded previously,
and passed to the configure script's --with-ocfdir option.
---
rpm/pacemaker.spec.in | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/rpm/pacemaker.spec.in b/rpm/pacemaker.spec.in
index 78f6807..dbe1b58 100644
--- a/rpm/pacemaker.spec.in
+++ b/rpm/pacemaker.spec.in
@@ -22,6 +22,9 @@
## Where bug reports should be submitted
## Leave bug_url undefined to use ClusterLabs default, others define it here
+## What to use as the OCF resource agent root directory
+%global ocf_root %{_prefix}/lib/ocf
+
## Upstream pacemaker version, and its package version (specversion
## can be incremented to build packages reliably considered "newer"
## than previously built packages with the same pcmkversion)
@@ -498,6 +501,7 @@ export LDFLAGS_HARDENED_LIB="%{?_hardening_ldflags}"
%{?with_sbd_sync: --with-sbd-sync-default="true"} \
%{?gnutls_priorities: --with-gnutls-priorities="%{gnutls_priorities}"} \
%{?bug_url: --with-bug-url=%{bug_url}} \
+ %{?ocf_root: --with-ocfdir=%{ocf_root}} \
%{?concurrent_fencing} \
%{?resource_stickiness} \
%{?compat20} \
@@ -731,9 +735,9 @@ exit 0
%dir %attr (750, %{uname}, %{gname}) %{_var}/lib/pacemaker/cib
%dir %attr (750, %{uname}, %{gname}) %{_var}/lib/pacemaker/pengine
-/usr/lib/ocf/resource.d/pacemaker/controld
-/usr/lib/ocf/resource.d/pacemaker/o2cb
-/usr/lib/ocf/resource.d/pacemaker/remote
+%{ocf_root}/resource.d/pacemaker/controld
+%{ocf_root}/resource.d/pacemaker/o2cb
+%{ocf_root}/resource.d/pacemaker/remote
%if %{with upstart_job}
%config(noreplace) %{_sysconfdir}/init/pacemaker.conf
@@ -780,13 +784,13 @@ exit 0
# XXX "dirname" is not owned by any prerequisite
%{_datadir}/snmp/mibs/PCMK-MIB.txt
-%exclude /usr/lib/ocf/resource.d/pacemaker/controld
-%exclude /usr/lib/ocf/resource.d/pacemaker/o2cb
-%exclude /usr/lib/ocf/resource.d/pacemaker/remote
+%exclude %{ocf_root}/resource.d/pacemaker/controld
+%exclude %{ocf_root}/resource.d/pacemaker/o2cb
+%exclude %{ocf_root}/resource.d/pacemaker/remote
-%dir /usr/lib/ocf
-%dir /usr/lib/ocf/resource.d
-/usr/lib/ocf/resource.d/pacemaker
+%dir %{ocf_root}
+%dir %{ocf_root}/resource.d
+%{ocf_root}/resource.d/pacemaker
%doc %{_mandir}/man7/*
%exclude %{_mandir}/man7/pacemaker-controld.*
--
1.8.3.1
From 83da5ba61728064ecf24560cca27efc14ad67eff Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Wed, 26 May 2021 12:34:49 -0500
Subject: [PATCH 11/11] Doc: Pacemaker Development,README: update outdated URLs
Also, reference the new ClusterLabs wiki page created for IRC channel details
instead of IRC directly, so references to the channel don't have to be updated
anytime something changes.
---
README.markdown | 12 ++++++------
doc/crm_fencing.txt | 4 ++--
doc/sphinx/Pacemaker_Development/faq.rst | 4 ++--
doc/sphinx/conf.py.in | 2 +-
extra/cluster-init | 2 +-
5 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/README.markdown b/README.markdown
index 2ae7ae6..480b098 100644
--- a/README.markdown
+++ b/README.markdown
@@ -13,7 +13,7 @@ resource health.
## Who is Pacemaker?
-Pacemaker is distributed by [ClusterLabs](http://www.clusterlabs.org).
+Pacemaker is distributed by [ClusterLabs](https://www.clusterlabs.org/).
Pacemaker was initially created by main architect and lead developer
Andrew Beekhof <andrew@beekhof.net>, with the aid of
@@ -69,8 +69,8 @@ See [CONTRIBUTING.md](https://github.com/ClusterLabs/pacemaker/blob/master/CONTR
## Where can I find more information about Pacemaker?
-* [ClusterLabs website](http://www.clusterlabs.org/)
-* [Documentation](http://www.clusterlabs.org/doc/)
-* [Issues/Bugs](http://bugs.clusterlabs.org/)
-* Mailing lists for [users](http://oss.clusterlabs.org/mailman/listinfo/users) and [developers](http://oss.clusterlabs.org/mailman/listinfo/developers)
-* #clusterlabs IRC channel on [freenode](http://freenode.net/)
+* [ClusterLabs website](https://www.clusterlabs.org/)
+* [Documentation](https://www.clusterlabs.org/pacemaker/doc/)
+* [Issues/Bugs](https://bugs.clusterlabs.org/)
+* [Mailing lists](https://wiki.clusterlabs.org/wiki/Mailing_lists) for users and developers
+* [ClusterLabs IRC channel](https://wiki.clusterlabs.org/wiki/ClusterLabs_IRC_channel)
diff --git a/doc/crm_fencing.txt b/doc/crm_fencing.txt
index 22be35e..eb706c4 100644
--- a/doc/crm_fencing.txt
+++ b/doc/crm_fencing.txt
@@ -432,8 +432,8 @@ the CIB.
http://www.linux-ha.org/wiki/STONITH
-http://www.clusterlabs.org/doc/crm_fencing.html
+https://www.clusterlabs.org/doc/crm_fencing.html
-http://www.clusterlabs.org/doc/en-US/Pacemaker/1.0/html/Pacemaker_Explained
+https://www.clusterlabs.org/pacemaker/doc/en-US/Pacemaker/2.0/html/Pacemaker_Explained/
http://techthoughts.typepad.com/managing_computers/2007/10/split-brain-quo.html
diff --git a/doc/sphinx/Pacemaker_Development/faq.rst b/doc/sphinx/Pacemaker_Development/faq.rst
index 749c2e0..729c244 100644
--- a/doc/sphinx/Pacemaker_Development/faq.rst
+++ b/doc/sphinx/Pacemaker_Development/faq.rst
@@ -159,5 +159,5 @@ Frequently Asked Questions
mailing list for development-related questions, or on the
`users@ClusterLabs.org <https://lists.ClusterLabs.org/mailman/listinfo/users>`_
mailing list for general questions about using Pacemaker.
- Developers often also hang out on `freenode's <http://freenode.net/>`_
- #clusterlabs IRC channel.
+ Developers often also hang out on the
+ [ClusterLabs IRC channel](https://wiki.clusterlabs.org/wiki/ClusterLabs_IRC_channel).
diff --git a/doc/sphinx/conf.py.in b/doc/sphinx/conf.py.in
index d181147..9da32d5 100644
--- a/doc/sphinx/conf.py.in
+++ b/doc/sphinx/conf.py.in
@@ -282,7 +282,7 @@ epub_scheme = 'URL'
# The unique identifier of the text. This can be a ISBN number
# or the project homepage.
-epub_identifier = 'http://www.clusterlabs.org/pacemaker/doc/2.0/%BOOK_ID%/epub/%BOOK_ID%.epub'
+epub_identifier = 'https://www.clusterlabs.org/pacemaker/doc/2.0/%BOOK_ID%/epub/%BOOK_ID%.epub'
# A unique identification for the text.
epub_uid = 'ClusterLabs.org-Pacemaker-%BOOK_ID%'
diff --git a/extra/cluster-init b/extra/cluster-init
index 52949f6..aca7489 100755
--- a/extra/cluster-init
+++ b/extra/cluster-init
@@ -378,7 +378,7 @@ case $INSTALL in
info Configuring Clusterlabs repo: $REPO
yum install -y wget
rm -f /etc/yum.repos.d/clusterlabs.repo
- wget -O /etc/yum.repos.d/clusterlabs.repo http://www.clusterlabs.org/$REPO/clusterlabs.repo &>/dev/null
+ wget -O /etc/yum.repos.d/clusterlabs.repo https://www.clusterlabs.org/$REPO/clusterlabs.repo &>/dev/null
yum clean all
fi
--
1.8.3.1

2
gating.yaml
View File

@ -14,7 +14,7 @@ subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
-- !Policy
--- !Policy
product_versions:
- rhel-*
decision_context: osci_compose_gate

10
pacemaker.spec
View File

@ -32,10 +32,10 @@
## can be incremented to build packages reliably considered "newer"
## than previously built packages with the same pcmkversion)
%global pcmkversion 2.1.0
%global specversion 2
%global specversion 3
## Upstream commit (full commit ID, abbreviated commit ID, or tag) to build
%global commit 4edf50cc97b29f0bb6a62bd449027327fbe9c882
%global commit b7762381d5c247951eaf68738b731b5c4e2b12ee
## Since git v2.11, the extent of abbreviation is autoscaled by default
## (used to be constant of 7), so we need to convey it for non-tags, too.
@ -235,7 +235,7 @@ Source0: https://codeload.github.com/%{github_owner}/%{name}/tar.gz/%{arch
Source1: https://codeload.github.com/%{github_owner}/%{nagios_name}/tar.gz/%{nagios_archive_github_url}
# upstream commits
Patch1: 001-rollup.patch
Patch1: 001-header-guard.patch
Patch2: 002-ping-agent.patch
Patch3: 003-pacemakerd-options.patch
Patch4: 004-pacemakerd-output.patch
@ -816,6 +816,10 @@ exit 0
%license %{nagios_name}-%{nagios_hash}/COPYING
%changelog
* Tue Jun 1 2021 Ken Gaillot <kgaillot@redhat.com> - 2.1.0-3
- Rebase on upstream 2.1.0-rc3 release
- Resolves: rhbz1936023
* Wed May 26 2021 Ken Gaillot <kgaillot@redhat.com> - 2.1.0-2
- Include recent post-rc2 fixes with rebase
- Resolves: rhbz1936023

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (nagios-agents-metadata-105ab8a7b2c16b9a29cf1c1596b80136eeef332b.tar.gz) = 11ddeb48a4929e7642b6dfa9c7962aa1d7a1af1c569830f55ed6cd6773abac13377317327bc1db8411c8077884f83f81cc54d746c834b63a99fa6dc219b5caad
SHA512 (pacemaker-4edf50cc9.tar.gz) = 622ace9de427b5f994312d8661f309eb94e0fd6f8d712cee3c16b6fcf9c826d4af4d55d4d1588d14d5b5b1a5bbcad3eebf04b044bacdff74d4e08f0d7733e097
SHA512 (pacemaker-b7762381d.tar.gz) = 15f7d3705e062943233295aee3b43697639ca37d8f8690902be1c2d312b3c1903474bc1ecca66031f134d6e64f573e29d42b51c219da04479541e90a5562aff4