From 6acb138bced8261ede868ea13b98f4fef3ade5a1 Mon Sep 17 00:00:00 2001 From: Ken Gaillot Date: Tue, 1 Jun 2021 12:23:20 -0500 Subject: [PATCH] Rebase on upstream 2.1.0-rc3 release ... and fix syntax error in gating.yaml - Resolves: rhbz1936023 --- 001-rollup.patch | 877 ----------------------------------------------- gating.yaml | 2 +- pacemaker.spec | 10 +- sources | 2 +- 4 files changed, 9 insertions(+), 882 deletions(-) delete mode 100644 001-rollup.patch diff --git a/001-rollup.patch b/001-rollup.patch deleted file mode 100644 index 33fc178..0000000 --- a/001-rollup.patch +++ /dev/null @@ -1,877 +0,0 @@ -From 8c2e95ab41ae11697ed08992c7687e68abd1d88d Mon Sep 17 00:00:00 2001 -From: Kazunori INOUE -Date: Wed, 12 May 2021 18:18:11 +0900 -Subject: [PATCH 01/11] Log: pcmk__pid_active: Lower the log level when - readlink() is EACCES - ---- - lib/common/pid.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/lib/common/pid.c b/lib/common/pid.c -index 90a24a6..2705228 100644 ---- a/lib/common/pid.c -+++ b/lib/common/pid.c -@@ -73,8 +73,13 @@ pcmk__pid_active(pid_t pid, const char *daemon) - rc = readlink(proc_path, exe_path, sizeof(exe_path) - 1); - if (rc < 0) { - if (last_asked_pid != pid) { -- crm_err("Could not read from %s: %s " CRM_XS " errno=%d", -- proc_path, strerror(errno), errno); -+ if (errno == EACCES) { -+ crm_info("Could not read from %s: %s " CRM_XS " errno=%d", -+ proc_path, strerror(errno), errno); -+ } else { -+ crm_err("Could not read from %s: %s " CRM_XS " errno=%d", -+ proc_path, strerror(errno), errno); -+ } - last_asked_pid = pid; - } - if ((errno == EACCES) && checked_through_kill) { --- -1.8.3.1 - - -From 29e9e68498189f7b5fb2e6e42eec306962376c8c Mon Sep 17 00:00:00 2001 -From: Chris Lumens -Date: Thu, 20 May 2021 11:32:57 -0400 -Subject: [PATCH 02/11] Low: tools: Fix handling certain error codes in - crm_resource. - -It is possible, at the bottom of crm_resource, to end up in a situation -where rc is pcmk_rc_ok, but exit_code contains some error value. This -results in an error message like "Error performing operation: OK", which -is obviously terrible. - -The idea behind this fix is that when we get to the done label, we won't -use rc again. Any value contained in rc will have been converted to a -crm_exit_t beforehand, and so we only need to worry about exit_code when -doing the final error reporting. - -The way to accomplish this is that anywhere in the code that there's a -"goto done", we need to use pcmk_rc2exitc to make sure exit_code is set -correctly and just forget about rc. And then throughout the big command -switch block, we use rc for just about everything and do the error code -conversion just before hitting the done label. - -There's one extra wrinkle here - ban_or_move needs to be checked for -whether it returned EINVAL or not. If so, that needs to be converted to -CRM_EX_USAGE prior to running pcmk_rc2exitc. That function will map -EINVAL to CRM_EX_SOFTWARE, which is not right. ---- - cts/cli/regression.acls.exp | 12 ++--- - cts/cli/regression.tools.exp | 7 ++- - tools/crm_resource.c | 125 +++++++++++++++++++++++-------------------- - 3 files changed, 77 insertions(+), 67 deletions(-) - -diff --git a/cts/cli/regression.acls.exp b/cts/cli/regression.acls.exp -index fa5ffee..b5630a1 100644 ---- a/cts/cli/regression.acls.exp -+++ b/cts/cli/regression.acls.exp -@@ -742,15 +742,15 @@ Call failed: Permission denied - =#=#=#= End test: root: Create a resource - OK (0) =#=#=#= - * Passed: cibadmin - root: Create a resource - =#=#=#= Begin test: l33t-haxor: Create a resource meta attribute =#=#=#= --crm_resource: Error performing operation: Permission denied -+crm_resource: Error performing operation: Insufficient privileges - =#=#=#= End test: l33t-haxor: Create a resource meta attribute - Insufficient privileges (4) =#=#=#= - * Passed: crm_resource - l33t-haxor: Create a resource meta attribute - =#=#=#= Begin test: l33t-haxor: Query a resource meta attribute =#=#=#= --crm_resource: Error performing operation: Permission denied -+crm_resource: Error performing operation: Insufficient privileges - =#=#=#= End test: l33t-haxor: Query a resource meta attribute - Insufficient privileges (4) =#=#=#= - * Passed: crm_resource - l33t-haxor: Query a resource meta attribute - =#=#=#= Begin test: l33t-haxor: Remove a resource meta attribute =#=#=#= --crm_resource: Error performing operation: Permission denied -+crm_resource: Error performing operation: Insufficient privileges - =#=#=#= End test: l33t-haxor: Remove a resource meta attribute - Insufficient privileges (4) =#=#=#= - * Passed: crm_resource - l33t-haxor: Remove a resource meta attribute - =#=#=#= Begin test: niceguy: Create a resource meta attribute =#=#=#= -@@ -2769,15 +2769,15 @@ Call failed: Permission denied - =#=#=#= End test: root: Create a resource - OK (0) =#=#=#= - * Passed: cibadmin - root: Create a resource - =#=#=#= Begin test: l33t-haxor: Create a resource meta attribute =#=#=#= --crm_resource: Error performing operation: Permission denied -+crm_resource: Error performing operation: Insufficient privileges - =#=#=#= End test: l33t-haxor: Create a resource meta attribute - Insufficient privileges (4) =#=#=#= - * Passed: crm_resource - l33t-haxor: Create a resource meta attribute - =#=#=#= Begin test: l33t-haxor: Query a resource meta attribute =#=#=#= --crm_resource: Error performing operation: Permission denied -+crm_resource: Error performing operation: Insufficient privileges - =#=#=#= End test: l33t-haxor: Query a resource meta attribute - Insufficient privileges (4) =#=#=#= - * Passed: crm_resource - l33t-haxor: Query a resource meta attribute - =#=#=#= Begin test: l33t-haxor: Remove a resource meta attribute =#=#=#= --crm_resource: Error performing operation: Permission denied -+crm_resource: Error performing operation: Insufficient privileges - =#=#=#= End test: l33t-haxor: Remove a resource meta attribute - Insufficient privileges (4) =#=#=#= - * Passed: crm_resource - l33t-haxor: Remove a resource meta attribute - =#=#=#= Begin test: niceguy: Create a resource meta attribute =#=#=#= -diff --git a/cts/cli/regression.tools.exp b/cts/cli/regression.tools.exp -index 3a3d8a9..5ce90e5 100644 ---- a/cts/cli/regression.tools.exp -+++ b/cts/cli/regression.tools.exp -@@ -979,7 +979,6 @@ Resource XML: - =#=#=#= Begin test: Require a destination when migrating a resource that is stopped =#=#=#= - crm_resource: Resource 'dummy' not moved: active in 0 locations. - To prevent 'dummy' from running on a specific location, specify a node. --Error performing operation: Invalid argument - =#=#=#= Current cib after: Require a destination when migrating a resource that is stopped =#=#=#= - - -@@ -1019,7 +1018,7 @@ Error performing operation: Invalid argument - =#=#=#= End test: Require a destination when migrating a resource that is stopped - Incorrect usage (64) =#=#=#= - * Passed: crm_resource - Require a destination when migrating a resource that is stopped - =#=#=#= Begin test: Don't support migration to non-existent locations =#=#=#= --crm_resource: Error performing operation: Node not found -+crm_resource: Error performing operation: No such object - =#=#=#= Current cib after: Don't support migration to non-existent locations =#=#=#= - - -@@ -1174,7 +1173,7 @@ Revised Cluster Status: - =#=#=#= End test: Bring resources online - OK (0) =#=#=#= - * Passed: crm_simulate - Bring resources online - =#=#=#= Begin test: Try to move a resource to its existing location =#=#=#= --crm_resource: Error performing operation: Already in requested state -+crm_resource: Error performing operation: Requested item already exists - =#=#=#= Current cib after: Try to move a resource to its existing location =#=#=#= - - -@@ -1755,7 +1754,7 @@ true - =#=#=#= End test: Delete ticket standby state - OK (0) =#=#=#= - * Passed: crm_ticket - Delete ticket standby state - =#=#=#= Begin test: Ban a resource on unknown node =#=#=#= --crm_resource: Error performing operation: Node not found -+crm_resource: Error performing operation: No such object - =#=#=#= Current cib after: Ban a resource on unknown node =#=#=#= - - -diff --git a/tools/crm_resource.c b/tools/crm_resource.c -index 3b58978..cc230d5 100644 ---- a/tools/crm_resource.c -+++ b/tools/crm_resource.c -@@ -952,8 +952,7 @@ why_cb(const gchar *option_name, const gchar *optarg, gpointer data, GError **er - } - - static int --ban_or_move(pcmk__output_t *out, pe_resource_t *rsc, const char *move_lifetime, -- crm_exit_t *exit_code) -+ban_or_move(pcmk__output_t *out, pe_resource_t *rsc, const char *move_lifetime) - { - int rc = pcmk_rc_ok; - pe_node_t *current = NULL; -@@ -988,8 +987,7 @@ ban_or_move(pcmk__output_t *out, pe_resource_t *rsc, const char *move_lifetime, - - } else { - rc = EINVAL; -- *exit_code = CRM_EX_USAGE; -- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code, -+ g_set_error(&error, PCMK__EXITC_ERROR, CRM_EX_USAGE, - "Resource '%s' not moved: active in %d locations (promoted in %d).\n" - "To prevent '%s' from running on a specific location, " - "specify a node." -@@ -1000,8 +998,7 @@ ban_or_move(pcmk__output_t *out, pe_resource_t *rsc, const char *move_lifetime, - - } else { - rc = EINVAL; -- *exit_code = CRM_EX_USAGE; -- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code, -+ g_set_error(&error, PCMK__EXITC_ERROR, CRM_EX_USAGE, - "Resource '%s' not moved: active in %d locations.\n" - "To prevent '%s' from running on a specific location, " - "specify a node.", -@@ -1124,7 +1121,7 @@ delete(void) - } - - static int --list_agents(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_code) -+list_agents(pcmk__output_t *out, const char *agent_spec) - { - int rc = pcmk_rc_ok; - char *provider = strchr(agent_spec, ':'); -@@ -1144,12 +1141,11 @@ list_agents(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_code) - } - - if (rc != pcmk_rc_ok) { -- *exit_code = CRM_EX_NOSUCH; - if (provider == NULL) { -- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code, -+ g_set_error(&error, PCMK__RC_ERROR, rc, - "No agents found for standard '%s'", agent_spec); - } else { -- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code, -+ g_set_error(&error, PCMK__RC_ERROR, rc, - "No agents found for standard '%s' and provider '%s'", - agent_spec, provider); - } -@@ -1160,7 +1156,7 @@ list_agents(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_code) - } - - static int --list_providers(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_code) -+list_providers(pcmk__output_t *out, const char *agent_spec) - { - int rc; - const char *text = NULL; -@@ -1202,23 +1198,20 @@ list_providers(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_cod - text = "OCF providers"; - break; - default: -- *exit_code = CRM_EX_SOFTWARE; -- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code, "Bug"); -+ g_set_error(&error, PCMK__RC_ERROR, pcmk_rc_error, "Bug"); - lrmd_api_delete(lrmd_conn); - return pcmk_rc_error; - } - - if (rc != pcmk_rc_ok) { - if (agent_spec != NULL) { -- *exit_code = CRM_EX_NOSUCH; -- rc = pcmk_rc_error; -- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code, -+ rc = ENXIO; -+ g_set_error(&error, PCMK__RC_ERROR, rc, - "No %s found for %s", text, agent_spec); - - } else { -- *exit_code = CRM_EX_NOSUCH; -- rc = pcmk_rc_error; -- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code, -+ rc = ENXIO; -+ g_set_error(&error, PCMK__RC_ERROR, rc, - "No %s found", text); - } - } -@@ -1343,7 +1336,7 @@ set_property(void) - } else if (pcmk__str_empty(options.prop_value)) { - g_set_error(&error, PCMK__EXITC_ERROR, CRM_EX_USAGE, - "Must supply -v with new value"); -- rc = EINVAL; -+ rc = ENXIO; - return rc; - } - -@@ -1362,7 +1355,7 @@ set_property(void) - } - - static int --show_metadata(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_code) -+show_metadata(pcmk__output_t *out, const char *agent_spec) - { - int rc = pcmk_rc_ok; - char *standard = NULL; -@@ -1383,8 +1376,7 @@ show_metadata(pcmk__output_t *out, const char *agent_spec, crm_exit_t *exit_code - if (metadata) { - out->output_xml(out, "metadata", metadata); - } else { -- *exit_code = crm_errno2exit(rc); -- g_set_error(&error, PCMK__EXITC_ERROR, *exit_code, -+ g_set_error(&error, PCMK__RC_ERROR, rc, - "Metadata query for %s failed: %s", - agent_spec, pcmk_rc_str(rc)); - } -@@ -1706,15 +1698,16 @@ main(int argc, char **argv) - if (options.require_cib) { - cib_conn = cib_new(); - if ((cib_conn == NULL) || (cib_conn->cmds == NULL)) { -- rc = pcmk_rc_error; -- g_set_error(&error, PCMK__EXITC_ERROR, CRM_EX_DISCONNECT, -+ exit_code = CRM_EX_DISCONNECT; -+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code, - "Could not create CIB connection"); - goto done; - } - rc = cib_conn->cmds->signon(cib_conn, crm_system_name, cib_command); - rc = pcmk_legacy2rc(rc); - if (rc != pcmk_rc_ok) { -- g_set_error(&error, PCMK__RC_ERROR, rc, -+ exit_code = pcmk_rc2exitc(rc); -+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code, - "Could not connect to the CIB: %s", pcmk_rc_str(rc)); - goto done; - } -@@ -1724,6 +1717,7 @@ main(int argc, char **argv) - if (options.require_dataset) { - rc = populate_working_set(&cib_xml_copy); - if (rc != pcmk_rc_ok) { -+ exit_code = pcmk_rc2exitc(rc); - goto done; - } - } -@@ -1733,8 +1727,8 @@ main(int argc, char **argv) - rsc = pe_find_resource_with_flags(data_set->resources, options.rsc_id, - options.find_flags); - if (rsc == NULL) { -- rc = ENXIO; -- g_set_error(&error, PCMK__RC_ERROR, rc, -+ exit_code = CRM_EX_NOSUCH; -+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code, - "Resource '%s' not found", options.rsc_id); - goto done; - } -@@ -1749,7 +1743,8 @@ main(int argc, char **argv) - if (options.require_crmd) { - rc = pcmk_new_ipc_api(&controld_api, pcmk_ipc_controld); - if (rc != pcmk_rc_ok) { -- g_set_error(&error, PCMK__RC_ERROR, rc, -+ exit_code = pcmk_rc2exitc(rc); -+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code, - "Error connecting to the controller: %s", pcmk_rc_str(rc)); - goto done; - } -@@ -1757,7 +1752,8 @@ main(int argc, char **argv) - NULL); - rc = pcmk_connect_ipc(controld_api, pcmk_ipc_dispatch_main); - if (rc != pcmk_rc_ok) { -- g_set_error(&error, PCMK__RC_ERROR, rc, -+ exit_code = pcmk_rc2exitc(rc); -+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code, - "Error connecting to the controller: %s", pcmk_rc_str(rc)); - goto done; - } -@@ -1794,15 +1790,15 @@ main(int argc, char **argv) - case cmd_list_standards: - case cmd_list_providers: - case cmd_list_alternatives: -- rc = list_providers(out, options.agent_spec, &exit_code); -+ rc = list_providers(out, options.agent_spec); - break; - - case cmd_list_agents: -- rc = list_agents(out, options.agent_spec, &exit_code); -+ rc = list_agents(out, options.agent_spec); - break; - - case cmd_metadata: -- rc = show_metadata(out, options.agent_spec, &exit_code); -+ rc = show_metadata(out, options.agent_spec); - break; - - case cmd_restart: -@@ -1835,7 +1831,7 @@ main(int argc, char **argv) - options.timeout_ms, cib_conn, data_set, - args->verbosity, options.force); - } -- break; -+ goto done; - - case cmd_digests: - node = pe_find_node(data_set->nodes, options.host_uname); -@@ -1918,7 +1914,7 @@ main(int argc, char **argv) - - case cmd_move: - if (options.host_uname == NULL) { -- rc = ban_or_move(out, rsc, options.move_lifetime, &exit_code); -+ rc = ban_or_move(out, rsc, options.move_lifetime); - } else { - rc = cli_resource_move(rsc, options.rsc_id, options.host_uname, - options.move_lifetime, cib_conn, -@@ -1926,11 +1922,17 @@ main(int argc, char **argv) - options.promoted_role_only, - options.force); - } -+ -+ if (rc == EINVAL) { -+ exit_code = CRM_EX_USAGE; -+ goto done; -+ } -+ - break; - - case cmd_ban: - if (options.host_uname == NULL) { -- rc = ban_or_move(out, rsc, options.move_lifetime, &exit_code); -+ rc = ban_or_move(out, rsc, options.move_lifetime); - } else if (node == NULL) { - rc = pcmk_rc_node_unknown; - } else { -@@ -1939,6 +1941,12 @@ main(int argc, char **argv) - options.cib_options, - options.promoted_role_only); - } -+ -+ if (rc == EINVAL) { -+ exit_code = CRM_EX_USAGE; -+ goto done; -+ } -+ - break; - - case cmd_get_property: -@@ -1990,9 +1998,9 @@ main(int argc, char **argv) - - case cmd_set_param: - if (pcmk__str_empty(options.prop_value)) { -- g_set_error(&error, PCMK__EXITC_ERROR, CRM_EX_USAGE, -+ exit_code = CRM_EX_USAGE; -+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code, - "You need to supply a value with the -v option"); -- rc = EINVAL; - goto done; - } - -@@ -2045,10 +2053,19 @@ main(int argc, char **argv) - break; - - default: -- exit_code = CRM_EX_SOFTWARE; -+ exit_code = CRM_EX_USAGE; - g_set_error(&error, PCMK__EXITC_ERROR, exit_code, - "Unimplemented command: %d", (int) options.rsc_cmd); -- break; -+ goto done; -+ } -+ -+ /* Convert rc into an exit code. */ -+ if (rc != pcmk_rc_ok && rc != pcmk_rc_no_output) { -+ if (rc == pcmk_rc_no_quorum) { -+ g_prefix_error(&error, "To ignore quorum, use the force option.\n"); -+ } -+ -+ exit_code = pcmk_rc2exitc(rc); - } - - /* -@@ -2056,32 +2073,26 @@ main(int argc, char **argv) - */ - - done: -- /* Don't do any of this for pcmk_rc_no_output (doesn't make sense to show an -- * error message for no output) or for CRM_EX_USAGE (we don't want to show -- * an "error: OK" message from pcmk_rc_str). -+ /* When we get here, exit_code has been set one of two ways - either at one of -+ * the spots where there's a "goto done" (which itself could have happened either -+ * directly or by calling pcmk_rc2exitc), or just up above after any of the break -+ * statements. -+ * -+ * Thus, we can use just exit_code here to decide what to do. - */ -- if ((rc != pcmk_rc_ok && rc != pcmk_rc_no_output) || -- (exit_code != CRM_EX_OK && exit_code != CRM_EX_USAGE)) { -- if (rc == pcmk_rc_no_quorum) { -- g_prefix_error(&error, "To ignore quorum, use the force option.\n"); -- } -- -+ if (exit_code != CRM_EX_OK && exit_code != CRM_EX_USAGE) { - if (error != NULL) { - char *msg = crm_strdup_printf("%s\nError performing operation: %s", -- error->message, pcmk_rc_str(rc)); -+ error->message, crm_exit_str(exit_code)); - g_clear_error(&error); -- g_set_error(&error, PCMK__RC_ERROR, rc, "%s", msg); -+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code, "%s", msg); - free(msg); - } else { -- g_set_error(&error, PCMK__RC_ERROR, rc, -- "Error performing operation: %s", pcmk_rc_str(rc)); -+ g_set_error(&error, PCMK__EXITC_ERROR, exit_code, -+ "Error performing operation: %s", crm_exit_str(exit_code)); - } - } - -- if (exit_code == CRM_EX_OK) { -- exit_code = pcmk_rc2exitc(rc); -- } -- - g_free(options.host_uname); - g_free(options.interval_spec); - g_free(options.move_lifetime); --- -1.8.3.1 - - -From 83a194d5927f42386adf236542ce2b24d3cce18c Mon Sep 17 00:00:00 2001 -From: Ken Gaillot -Date: Thu, 20 May 2021 14:50:24 -0500 -Subject: [PATCH 03/11] Log: executor: log OCF resource agent search path at - start-up - ---- - daemons/execd/pacemaker-execd.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/daemons/execd/pacemaker-execd.c b/daemons/execd/pacemaker-execd.c -index 718afe5..ad838b6 100644 ---- a/daemons/execd/pacemaker-execd.c -+++ b/daemons/execd/pacemaker-execd.c -@@ -525,6 +525,7 @@ main(int argc, char **argv, char **envp) - mainloop_add_signal(SIGTERM, lrmd_shutdown); - mainloop = g_main_loop_new(NULL, FALSE); - crm_notice("Pacemaker " EXECD_TYPE " executor successfully started and accepting connections"); -+ crm_notice("OCF resource agent search path is %s", OCF_RA_PATH); - g_main_loop_run(mainloop); - - /* should never get here */ --- -1.8.3.1 - - -From fd44a0c5536f54fb2fa432e053d711a561b574a2 Mon Sep 17 00:00:00 2001 -From: Ken Gaillot -Date: Thu, 20 May 2021 14:55:14 -0500 -Subject: [PATCH 05/11] Build: rpm: enable CIB secrets by default except on - certain distro versions - ---- - rpm/pacemaker.spec.in | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/rpm/pacemaker.spec.in b/rpm/pacemaker.spec.in -index f7bdc20..78f6807 100644 ---- a/rpm/pacemaker.spec.in -+++ b/rpm/pacemaker.spec.in -@@ -42,8 +42,12 @@ - ## Add option to enable support for stonith/external fencing agents - %bcond_with stonithd - --## Add option to enable support for storing sensitive information outside CIB -+## Add option for whether to support storing sensitive information outside CIB -+%if (0%{?fedora} && 0%{?fedora} <= 33) || (0%{?rhel} && 0%{?rhel} <= 8) - %bcond_with cibsecrets -+%else -+%bcond_without cibsecrets -+%endif - - ## Add option to create binaries suitable for use with profiling tools - %bcond_with profiling --- -1.8.3.1 - - -From 918c71c34b7220a3c82f90b7520ea58428da8d7b Mon Sep 17 00:00:00 2001 -From: Chris Lumens -Date: Tue, 25 May 2021 15:11:04 -0400 -Subject: [PATCH 06/11] Low: tools: Return ENOTUNIQ in find_resource_attr. - -We were returning EINVAL in the case where multiple attributes were -found with a given name, but there's a more fitting error code that can -be used. This also starts to take care of a bunch of other functions -that could be returning EINVAL due to calling find_resource_attr. ---- - tools/crm_resource_runtime.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/crm_resource_runtime.c b/tools/crm_resource_runtime.c -index fe0ec98..cf67203 100644 ---- a/tools/crm_resource_runtime.c -+++ b/tools/crm_resource_runtime.c -@@ -157,7 +157,7 @@ find_resource_attr(pcmk__output_t *out, cib_t * the_cib, const char *attr, - if (xml_has_children(xml_search)) { - xmlNode *child = NULL; - -- rc = EINVAL; -+ rc = ENOTUNIQ; - out->info(out, "Multiple attributes match name=%s", attr_name); - - for (child = pcmk__xml_first_child(xml_search); child != NULL; --- -1.8.3.1 - - -From ba9c7a89c597779a2c6f175e39b4b8f21fe784de Mon Sep 17 00:00:00 2001 -From: Chris Lumens -Date: Tue, 25 May 2021 15:31:37 -0400 -Subject: [PATCH 07/11] Low: tools: Return ENXIO from show_metadata. - -We could be given a validly formatted but nonexistent resource spec, in -which case ENXIO seems like the most fitting error code. This maps to -CRM_EX_NOSUCH. Returning EINVAL will result in the user seeing an -internal software error message. ---- - tools/crm_resource.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/tools/crm_resource.c b/tools/crm_resource.c -index cc230d5..83389b5 100644 ---- a/tools/crm_resource.c -+++ b/tools/crm_resource.c -@@ -1376,6 +1376,12 @@ show_metadata(pcmk__output_t *out, const char *agent_spec) - if (metadata) { - out->output_xml(out, "metadata", metadata); - } else { -+ /* We were given a validly formatted spec, but it doesn't necessarily -+ * match up with anything that exists. Use ENXIO as the return code -+ * here because that maps to an exit code of CRM_EX_NOSUCH, which -+ * probably is the most common reason to get here. -+ */ -+ rc = ENXIO; - g_set_error(&error, PCMK__RC_ERROR, rc, - "Metadata query for %s failed: %s", - agent_spec, pcmk_rc_str(rc)); --- -1.8.3.1 - - -From dea4562594cb21900bbda66be87e6686d5b4418b Mon Sep 17 00:00:00 2001 -From: Ken Gaillot -Date: Wed, 26 May 2021 11:43:05 -0500 -Subject: [PATCH 08/11] Build: configure: make stack protection message more - readable - -... and structure the code so it's easier to add more hardening options ---- - configure.ac | 29 ++++++++++++++++++++--------- - 1 file changed, 20 insertions(+), 9 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 5743087..610393e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1808,6 +1808,7 @@ AS_CASE([$enable_hardening], - relro=0 - pie=0 - bindnow=0 -+ stackprot="none" - # daemons incl. libs: partial RELRO - flag="-Wl,-z,relro" - CC_CHECK_LDFLAGS(["${flag}"], -@@ -1855,20 +1856,30 @@ AS_CASE([$enable_hardening], - # universal: prefer strong > all > default stack protector if possible - flag= - AS_IF([cc_supports_flag -fstack-protector-strong], -- [flag="-fstack-protector-strong"], -+ [ -+ flag="-fstack-protector-strong" -+ stackprot="strong" -+ ], - [cc_supports_flag -fstack-protector-all], -- [flag="-fstack-protector-all"], -+ [ -+ flag="-fstack-protector-all" -+ stackprot="all" -+ ], - [cc_supports_flag -fstack-protector], -- [flag="-fstack-protector"] -- ) -- AS_IF([test -n "${flag}"], - [ -- CC_EXTRAS="${CC_EXTRAS} ${flag}" -- stackprot=1 -+ flag="-fstack-protector" -+ stackprot="default" - ] - ) -- AS_IF([test "${relro}" = 1 || test "${pie}" = 1 || test "${stackprot}" = 1], -- [AC_MSG_NOTICE([Hardening: relro=${relro} pie=${pie} bindnow=${bindnow} stackprot=${flag}])], -+ AS_IF([test -n "${flag}"], [CC_EXTRAS="${CC_EXTRAS} ${flag}"]) -+ # Log a summary -+ AS_IF([test "${relro}" = 1 || test "${pie}" = 1 || test "${stackprot}" != "none"], -+ [AC_MSG_NOTICE(m4_normalize([Hardening: -+ relro=${relro} -+ pie=${pie} -+ bindnow=${bindnow} -+ stackprot=${stackprot}])) -+ ], - [AC_MSG_WARN([Hardening: no suitable features in the toolchain detected])] - ) - ], --- -1.8.3.1 - - -From 884dc490c5261990cd3251e4ffcb4639384b753b Mon Sep 17 00:00:00 2001 -From: Ken Gaillot -Date: Wed, 26 May 2021 11:56:24 -0500 -Subject: [PATCH 09/11] Build: configure: add stack clash protection to - hardening flags - -... by default, if supported by the compiler ---- - configure.ac | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/configure.ac b/configure.ac -index 610393e..54fd913 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1872,6 +1872,16 @@ AS_CASE([$enable_hardening], - ] - ) - AS_IF([test -n "${flag}"], [CC_EXTRAS="${CC_EXTRAS} ${flag}"]) -+ # universal: enable stack clash protection if possible -+ AS_IF([cc_supports_flag -fstack-clash-protection], -+ [ -+ CC_EXTRAS="${CC_EXTRAS} -fstack-clash-protection" -+ AS_IF([test "${stackprot}" = "none"], -+ [stackprot="clash-only"], -+ [stackprot="${stackprot}+clash"] -+ ) -+ ] -+ ) - # Log a summary - AS_IF([test "${relro}" = 1 || test "${pie}" = 1 || test "${stackprot}" != "none"], - [AC_MSG_NOTICE(m4_normalize([Hardening: --- -1.8.3.1 - - -From 59e7363ea845887521076e38b04276d694985af9 Mon Sep 17 00:00:00 2001 -From: Ken Gaillot -Date: Wed, 26 May 2021 12:16:25 -0500 -Subject: [PATCH 10/11] Build: rpm: respect prefix when installing resource - agents - -This defines a new user-overridable global ocf_root that defaults to -%{_prefix}/lib/ocf, used where /usr/lib/ocf was hardcoded previously, -and passed to the configure script's --with-ocfdir option. ---- - rpm/pacemaker.spec.in | 22 +++++++++++++--------- - 1 file changed, 13 insertions(+), 9 deletions(-) - -diff --git a/rpm/pacemaker.spec.in b/rpm/pacemaker.spec.in -index 78f6807..dbe1b58 100644 ---- a/rpm/pacemaker.spec.in -+++ b/rpm/pacemaker.spec.in -@@ -22,6 +22,9 @@ - ## Where bug reports should be submitted - ## Leave bug_url undefined to use ClusterLabs default, others define it here - -+## What to use as the OCF resource agent root directory -+%global ocf_root %{_prefix}/lib/ocf -+ - ## Upstream pacemaker version, and its package version (specversion - ## can be incremented to build packages reliably considered "newer" - ## than previously built packages with the same pcmkversion) -@@ -498,6 +501,7 @@ export LDFLAGS_HARDENED_LIB="%{?_hardening_ldflags}" - %{?with_sbd_sync: --with-sbd-sync-default="true"} \ - %{?gnutls_priorities: --with-gnutls-priorities="%{gnutls_priorities}"} \ - %{?bug_url: --with-bug-url=%{bug_url}} \ -+ %{?ocf_root: --with-ocfdir=%{ocf_root}} \ - %{?concurrent_fencing} \ - %{?resource_stickiness} \ - %{?compat20} \ -@@ -731,9 +735,9 @@ exit 0 - - %dir %attr (750, %{uname}, %{gname}) %{_var}/lib/pacemaker/cib - %dir %attr (750, %{uname}, %{gname}) %{_var}/lib/pacemaker/pengine --/usr/lib/ocf/resource.d/pacemaker/controld --/usr/lib/ocf/resource.d/pacemaker/o2cb --/usr/lib/ocf/resource.d/pacemaker/remote -+%{ocf_root}/resource.d/pacemaker/controld -+%{ocf_root}/resource.d/pacemaker/o2cb -+%{ocf_root}/resource.d/pacemaker/remote - - %if %{with upstart_job} - %config(noreplace) %{_sysconfdir}/init/pacemaker.conf -@@ -780,13 +784,13 @@ exit 0 - # XXX "dirname" is not owned by any prerequisite - %{_datadir}/snmp/mibs/PCMK-MIB.txt - --%exclude /usr/lib/ocf/resource.d/pacemaker/controld --%exclude /usr/lib/ocf/resource.d/pacemaker/o2cb --%exclude /usr/lib/ocf/resource.d/pacemaker/remote -+%exclude %{ocf_root}/resource.d/pacemaker/controld -+%exclude %{ocf_root}/resource.d/pacemaker/o2cb -+%exclude %{ocf_root}/resource.d/pacemaker/remote - --%dir /usr/lib/ocf --%dir /usr/lib/ocf/resource.d --/usr/lib/ocf/resource.d/pacemaker -+%dir %{ocf_root} -+%dir %{ocf_root}/resource.d -+%{ocf_root}/resource.d/pacemaker - - %doc %{_mandir}/man7/* - %exclude %{_mandir}/man7/pacemaker-controld.* --- -1.8.3.1 - - -From 83da5ba61728064ecf24560cca27efc14ad67eff Mon Sep 17 00:00:00 2001 -From: Ken Gaillot -Date: Wed, 26 May 2021 12:34:49 -0500 -Subject: [PATCH 11/11] Doc: Pacemaker Development,README: update outdated URLs - -Also, reference the new ClusterLabs wiki page created for IRC channel details -instead of IRC directly, so references to the channel don't have to be updated -anytime something changes. ---- - README.markdown | 12 ++++++------ - doc/crm_fencing.txt | 4 ++-- - doc/sphinx/Pacemaker_Development/faq.rst | 4 ++-- - doc/sphinx/conf.py.in | 2 +- - extra/cluster-init | 2 +- - 5 files changed, 12 insertions(+), 12 deletions(-) - -diff --git a/README.markdown b/README.markdown -index 2ae7ae6..480b098 100644 ---- a/README.markdown -+++ b/README.markdown -@@ -13,7 +13,7 @@ resource health. - - ## Who is Pacemaker? - --Pacemaker is distributed by [ClusterLabs](http://www.clusterlabs.org). -+Pacemaker is distributed by [ClusterLabs](https://www.clusterlabs.org/). - - Pacemaker was initially created by main architect and lead developer - Andrew Beekhof , with the aid of -@@ -69,8 +69,8 @@ See [CONTRIBUTING.md](https://github.com/ClusterLabs/pacemaker/blob/master/CONTR - - ## Where can I find more information about Pacemaker? - --* [ClusterLabs website](http://www.clusterlabs.org/) --* [Documentation](http://www.clusterlabs.org/doc/) --* [Issues/Bugs](http://bugs.clusterlabs.org/) --* Mailing lists for [users](http://oss.clusterlabs.org/mailman/listinfo/users) and [developers](http://oss.clusterlabs.org/mailman/listinfo/developers) --* #clusterlabs IRC channel on [freenode](http://freenode.net/) -+* [ClusterLabs website](https://www.clusterlabs.org/) -+* [Documentation](https://www.clusterlabs.org/pacemaker/doc/) -+* [Issues/Bugs](https://bugs.clusterlabs.org/) -+* [Mailing lists](https://wiki.clusterlabs.org/wiki/Mailing_lists) for users and developers -+* [ClusterLabs IRC channel](https://wiki.clusterlabs.org/wiki/ClusterLabs_IRC_channel) -diff --git a/doc/crm_fencing.txt b/doc/crm_fencing.txt -index 22be35e..eb706c4 100644 ---- a/doc/crm_fencing.txt -+++ b/doc/crm_fencing.txt -@@ -432,8 +432,8 @@ the CIB. - - http://www.linux-ha.org/wiki/STONITH - --http://www.clusterlabs.org/doc/crm_fencing.html -+https://www.clusterlabs.org/doc/crm_fencing.html - --http://www.clusterlabs.org/doc/en-US/Pacemaker/1.0/html/Pacemaker_Explained -+https://www.clusterlabs.org/pacemaker/doc/en-US/Pacemaker/2.0/html/Pacemaker_Explained/ - - http://techthoughts.typepad.com/managing_computers/2007/10/split-brain-quo.html -diff --git a/doc/sphinx/Pacemaker_Development/faq.rst b/doc/sphinx/Pacemaker_Development/faq.rst -index 749c2e0..729c244 100644 ---- a/doc/sphinx/Pacemaker_Development/faq.rst -+++ b/doc/sphinx/Pacemaker_Development/faq.rst -@@ -159,5 +159,5 @@ Frequently Asked Questions - mailing list for development-related questions, or on the - `users@ClusterLabs.org `_ - mailing list for general questions about using Pacemaker. -- Developers often also hang out on `freenode's `_ -- #clusterlabs IRC channel. -+ Developers often also hang out on the -+ [ClusterLabs IRC channel](https://wiki.clusterlabs.org/wiki/ClusterLabs_IRC_channel). -diff --git a/doc/sphinx/conf.py.in b/doc/sphinx/conf.py.in -index d181147..9da32d5 100644 ---- a/doc/sphinx/conf.py.in -+++ b/doc/sphinx/conf.py.in -@@ -282,7 +282,7 @@ epub_scheme = 'URL' - - # The unique identifier of the text. This can be a ISBN number - # or the project homepage. --epub_identifier = 'http://www.clusterlabs.org/pacemaker/doc/2.0/%BOOK_ID%/epub/%BOOK_ID%.epub' -+epub_identifier = 'https://www.clusterlabs.org/pacemaker/doc/2.0/%BOOK_ID%/epub/%BOOK_ID%.epub' - - # A unique identification for the text. - epub_uid = 'ClusterLabs.org-Pacemaker-%BOOK_ID%' -diff --git a/extra/cluster-init b/extra/cluster-init -index 52949f6..aca7489 100755 ---- a/extra/cluster-init -+++ b/extra/cluster-init -@@ -378,7 +378,7 @@ case $INSTALL in - info Configuring Clusterlabs repo: $REPO - yum install -y wget - rm -f /etc/yum.repos.d/clusterlabs.repo -- wget -O /etc/yum.repos.d/clusterlabs.repo http://www.clusterlabs.org/$REPO/clusterlabs.repo &>/dev/null -+ wget -O /etc/yum.repos.d/clusterlabs.repo https://www.clusterlabs.org/$REPO/clusterlabs.repo &>/dev/null - yum clean all - fi - --- -1.8.3.1 - diff --git a/gating.yaml b/gating.yaml index 52d3d61..e8aadb9 100644 --- a/gating.yaml +++ b/gating.yaml @@ -14,7 +14,7 @@ subject_type: koji_build rules: - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} --- !Policy +--- !Policy product_versions: - rhel-* decision_context: osci_compose_gate diff --git a/pacemaker.spec b/pacemaker.spec index 3e567a8..2c6334d 100644 --- a/pacemaker.spec +++ b/pacemaker.spec @@ -32,10 +32,10 @@ ## can be incremented to build packages reliably considered "newer" ## than previously built packages with the same pcmkversion) %global pcmkversion 2.1.0 -%global specversion 2 +%global specversion 3 ## Upstream commit (full commit ID, abbreviated commit ID, or tag) to build -%global commit 4edf50cc97b29f0bb6a62bd449027327fbe9c882 +%global commit b7762381d5c247951eaf68738b731b5c4e2b12ee ## Since git v2.11, the extent of abbreviation is autoscaled by default ## (used to be constant of 7), so we need to convey it for non-tags, too. @@ -235,7 +235,7 @@ Source0: https://codeload.github.com/%{github_owner}/%{name}/tar.gz/%{arch Source1: https://codeload.github.com/%{github_owner}/%{nagios_name}/tar.gz/%{nagios_archive_github_url} # upstream commits -Patch1: 001-rollup.patch +Patch1: 001-header-guard.patch Patch2: 002-ping-agent.patch Patch3: 003-pacemakerd-options.patch Patch4: 004-pacemakerd-output.patch @@ -816,6 +816,10 @@ exit 0 %license %{nagios_name}-%{nagios_hash}/COPYING %changelog +* Tue Jun 1 2021 Ken Gaillot - 2.1.0-3 +- Rebase on upstream 2.1.0-rc3 release +- Resolves: rhbz1936023 + * Wed May 26 2021 Ken Gaillot - 2.1.0-2 - Include recent post-rc2 fixes with rebase - Resolves: rhbz1936023 diff --git a/sources b/sources index 9b198e9..642b709 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (nagios-agents-metadata-105ab8a7b2c16b9a29cf1c1596b80136eeef332b.tar.gz) = 11ddeb48a4929e7642b6dfa9c7962aa1d7a1af1c569830f55ed6cd6773abac13377317327bc1db8411c8077884f83f81cc54d746c834b63a99fa6dc219b5caad -SHA512 (pacemaker-4edf50cc9.tar.gz) = 622ace9de427b5f994312d8661f309eb94e0fd6f8d712cee3c16b6fcf9c826d4af4d55d4d1588d14d5b5b1a5bbcad3eebf04b044bacdff74d4e08f0d7733e097 +SHA512 (pacemaker-b7762381d.tar.gz) = 15f7d3705e062943233295aee3b43697639ca37d8f8690902be1c2d312b3c1903474bc1ecca66031f134d6e64f573e29d42b51c219da04479541e90a5562aff4