diff --git a/.gitignore b/.gitignore index 81b6d47..49a6633 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ /pacemaker-ada5c3b.tar.gz /pacemaker-dff7c3a.tar.gz /pacemaker-da2fd79.tar.gz +/pacemaker-dc6eb43.tar.gz diff --git a/001-stonith-enabled.patch b/001-stonith-enabled.patch new file mode 100644 index 0000000..ebeb650 --- /dev/null +++ b/001-stonith-enabled.patch @@ -0,0 +1,127 @@ +From 243139b2ec0f6b17877a4e7f651fc3f70f76b11a Mon Sep 17 00:00:00 2001 +From: Christine Caulfield +Date: Fri, 6 May 2022 15:23:43 +0100 +Subject: [PATCH 1/2] fenced: Don't ignore CIB updates if stonith-enabled=false + +Fixes: T378 +--- + daemons/fenced/pacemaker-fenced.c | 23 +++-------------------- + 1 file changed, 3 insertions(+), 20 deletions(-) + +diff --git a/daemons/fenced/pacemaker-fenced.c b/daemons/fenced/pacemaker-fenced.c +index caab7de83..dadd187b6 100644 +--- a/daemons/fenced/pacemaker-fenced.c ++++ b/daemons/fenced/pacemaker-fenced.c +@@ -1136,11 +1136,8 @@ static void + update_cib_cache_cb(const char *event, xmlNode * msg) + { + int rc = pcmk_ok; +- xmlNode *stonith_enabled_xml = NULL; +- static gboolean stonith_enabled_saved = TRUE; + long timeout_ms_saved = stonith_watchdog_timeout_ms; + gboolean need_full_refresh = FALSE; +- bool value = false; + + if(!have_cib_devices) { + crm_trace("Skipping updates until we get a full dump"); +@@ -1191,32 +1188,18 @@ update_cib_cache_cb(const char *event, xmlNode * msg) + return; + } + CRM_ASSERT(local_cib != NULL); +- stonith_enabled_saved = FALSE; /* Trigger a full refresh below */ ++ need_full_refresh = TRUE; + } + + pcmk__refresh_node_caches_from_cib(local_cib); + update_stonith_watchdog_timeout_ms(local_cib); + +- stonith_enabled_xml = get_xpath_object("//nvpair[@name='stonith-enabled']", +- local_cib, LOG_NEVER); +- if (pcmk__xe_get_bool_attr(stonith_enabled_xml, XML_NVPAIR_ATTR_VALUE, &value) == pcmk_rc_ok && !value) { +- crm_trace("Ignoring CIB updates while fencing is disabled"); +- stonith_enabled_saved = FALSE; +- +- } else if (stonith_enabled_saved == FALSE) { +- crm_info("Updating fencing device and topology lists " +- "now that fencing is enabled"); +- stonith_enabled_saved = TRUE; +- need_full_refresh = TRUE; +- +- } else { +- if (timeout_ms_saved != stonith_watchdog_timeout_ms) { ++ if (timeout_ms_saved != stonith_watchdog_timeout_ms) { + need_full_refresh = TRUE; +- } else { ++ } else { + update_fencing_topology(event, msg); + update_cib_stonith_devices(event, msg); + watchdog_device_update(); +- } + } + + if (need_full_refresh) { +-- +2.31.1 + + +From c600ef49022e7473acbe121fae50a0c1aa2d7c03 Mon Sep 17 00:00:00 2001 +From: Christine Caulfield +Date: Thu, 9 Jun 2022 11:08:43 +0100 +Subject: [PATCH 2/2] Also don't check for stonith-disabled in + update_stonith_watchdog_timeout_ms + +--- + daemons/fenced/pacemaker-fenced.c | 34 +++++++++++-------------------- + 1 file changed, 12 insertions(+), 22 deletions(-) + +diff --git a/daemons/fenced/pacemaker-fenced.c b/daemons/fenced/pacemaker-fenced.c +index dadd187b6..ec42d5bc2 100644 +--- a/daemons/fenced/pacemaker-fenced.c ++++ b/daemons/fenced/pacemaker-fenced.c +@@ -643,31 +643,21 @@ watchdog_device_update(void) + static void + update_stonith_watchdog_timeout_ms(xmlNode *cib) + { +- xmlNode *stonith_enabled_xml = NULL; +- bool stonith_enabled = false; +- int rc = pcmk_rc_ok; + long timeout_ms = 0; ++ xmlNode *stonith_watchdog_xml = NULL; ++ const char *value = NULL; + +- stonith_enabled_xml = get_xpath_object("//nvpair[@name='stonith-enabled']", +- cib, LOG_NEVER); +- rc = pcmk__xe_get_bool_attr(stonith_enabled_xml, XML_NVPAIR_ATTR_VALUE, &stonith_enabled); +- +- if (rc != pcmk_rc_ok || stonith_enabled) { +- xmlNode *stonith_watchdog_xml = NULL; +- const char *value = NULL; +- +- stonith_watchdog_xml = get_xpath_object("//nvpair[@name='stonith-watchdog-timeout']", +- cib, LOG_NEVER); +- if (stonith_watchdog_xml) { +- value = crm_element_value(stonith_watchdog_xml, XML_NVPAIR_ATTR_VALUE); +- } +- if (value) { +- timeout_ms = crm_get_msec(value); +- } ++ stonith_watchdog_xml = get_xpath_object("//nvpair[@name='stonith-watchdog-timeout']", ++ cib, LOG_NEVER); ++ if (stonith_watchdog_xml) { ++ value = crm_element_value(stonith_watchdog_xml, XML_NVPAIR_ATTR_VALUE); ++ } ++ if (value) { ++ timeout_ms = crm_get_msec(value); ++ } + +- if (timeout_ms < 0) { +- timeout_ms = pcmk__auto_watchdog_timeout(); +- } ++ if (timeout_ms < 0) { ++ timeout_ms = pcmk__auto_watchdog_timeout(); + } + + stonith_watchdog_timeout_ms = timeout_ms; +-- +2.31.1 + diff --git a/002-acl_group.patch b/002-acl_group.patch new file mode 100644 index 0000000..3114887 --- /dev/null +++ b/002-acl_group.patch @@ -0,0 +1,425 @@ +From 80c64be80f2bffdcf5d2432e1e59d633fd68d516 Mon Sep 17 00:00:00 2001 +From: Grace Chin +Date: Mon, 13 Jun 2022 09:02:32 -0400 +Subject: [PATCH 1/4] Add pcmk__is_user_in_group() + +--- + lib/common/crmcommon_private.h | 3 +++ + lib/common/utils.c | 33 +++++++++++++++++++++++++++++++++ + 2 files changed, 36 insertions(+) + +diff --git a/lib/common/crmcommon_private.h b/lib/common/crmcommon_private.h +index 6b7be9c68..c2fcb0adf 100644 +--- a/lib/common/crmcommon_private.h ++++ b/lib/common/crmcommon_private.h +@@ -96,6 +96,9 @@ void pcmk__free_acls(GList *acls); + G_GNUC_INTERNAL + void pcmk__unpack_acl(xmlNode *source, xmlNode *target, const char *user); + ++G_GNUC_INTERNAL ++bool pcmk__is_user_in_group(const char *user, const char *group); ++ + G_GNUC_INTERNAL + void pcmk__apply_acl(xmlNode *xml); + +diff --git a/lib/common/utils.c b/lib/common/utils.c +index 2dfbef278..f23583acb 100644 +--- a/lib/common/utils.c ++++ b/lib/common/utils.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + #include + +@@ -53,6 +54,38 @@ gboolean crm_config_error = FALSE; + gboolean crm_config_warning = FALSE; + char *crm_system_name = NULL; + ++bool ++pcmk__is_user_in_group(const char *user, const char *group) ++{ ++ struct group *grent; ++ char **gr_mem; ++ ++ if (user == NULL || group == NULL) { ++ return false; ++ } ++ ++ setgrent(); ++ while ((grent = getgrent()) != NULL) { ++ if (grent->gr_mem == NULL) { ++ continue; ++ } ++ ++ if(strcmp(group, grent->gr_name) != 0) { ++ continue; ++ } ++ ++ gr_mem = grent->gr_mem; ++ while (*gr_mem != NULL) { ++ if (!strcmp(user, *gr_mem++)) { ++ endgrent(); ++ return true; ++ } ++ } ++ } ++ endgrent(); ++ return false; ++} ++ + int + crm_user_lookup(const char *name, uid_t * uid, gid_t * gid) + { +-- +2.31.1 + + +From 5fbe5c310de00390fb36d866823a7745ba4812e3 Mon Sep 17 00:00:00 2001 +From: Grace Chin +Date: Mon, 13 Jun 2022 09:04:57 -0400 +Subject: [PATCH 2/4] Add unit test for pcmk__is_user_in_group() + +--- + lib/common/Makefile.am | 2 +- + lib/common/mock.c | 31 +++++-- + lib/common/mock_private.h | 11 +++ + lib/common/tests/acl/Makefile.am | 11 ++- + .../tests/acl/pcmk__is_user_in_group_test.c | 92 +++++++++++++++++++ + 5 files changed, 137 insertions(+), 10 deletions(-) + create mode 100644 lib/common/tests/acl/pcmk__is_user_in_group_test.c + +diff --git a/lib/common/Makefile.am b/lib/common/Makefile.am +index d7aae53bf..04d56dc3c 100644 +--- a/lib/common/Makefile.am ++++ b/lib/common/Makefile.am +@@ -94,7 +94,7 @@ libcrmcommon_la_SOURCES += watchdog.c + libcrmcommon_la_SOURCES += xml.c + libcrmcommon_la_SOURCES += xpath.c + +-WRAPPED = calloc getenv getpwnam_r uname ++WRAPPED = calloc getenv getpwnam_r uname setgrent getgrent endgrent + WRAPPED_FLAGS = $(foreach fn,$(WRAPPED),-Wl,--wrap=$(fn)) + + libcrmcommon_test_la_SOURCES = $(libcrmcommon_la_SOURCES) +diff --git a/lib/common/mock.c b/lib/common/mock.c +index 55812ddbc..fa9431e6d 100644 +--- a/lib/common/mock.c ++++ b/lib/common/mock.c +@@ -11,6 +11,7 @@ + #include + #include + #include ++#include + + #include "mock_private.h" + +@@ -18,13 +19,13 @@ + * libcrmcommon_test.a, not into libcrmcommon.so. It is used to support + * constructing mock versions of library functions for unit testing. + * +- * Each unit test will only ever want to use a mocked version of one or two +- * library functions. However, we need to mark all the mocked functions as +- * wrapped (with -Wl,--wrap= in the LDFLAGS) in libcrmcommon_test.a so that +- * all those unit tests can share the same special test library. The unit +- * test then defines its own wrapped function. Because a unit test won't +- * define every single wrapped function, there will be undefined references +- * at link time. ++ * Each unit test will only ever want to use a mocked version of a few ++ * library functions (i.e. not all of them). However, we need to mark all ++ * the mocked functions as wrapped (with -Wl,--wrap= in the LDFLAGS) in ++ * libcrmcommon_test.a so that all those unit tests can share the same ++ * special test library. The unit test then defines its own wrapped ++ * function. Because a unit test won't define every single wrapped ++ * function, there will be undefined references at link time. + * + * This file takes care of those undefined references. It defines a + * wrapped version of every function that simply calls the real libc +@@ -74,3 +75,19 @@ int __attribute__((weak)) + __wrap_uname(struct utsname *buf) { + return __real_uname(buf); + } ++ ++void __attribute__((weak)) ++__wrap_setgrent(void) { ++ __real_setgrent(); ++} ++ ++struct group * __attribute__((weak)) ++__wrap_getgrent(void) { ++ return __real_getgrent(); ++} ++ ++void __attribute__((weak)) ++__wrap_endgrent(void) { ++ __real_endgrent(); ++} ++ +diff --git a/lib/common/mock_private.h b/lib/common/mock_private.h +index 3df7c9839..0c1134cc3 100644 +--- a/lib/common/mock_private.h ++++ b/lib/common/mock_private.h +@@ -14,6 +14,7 @@ + #include + #include + #include ++#include + + /* This header is for the sole use of libcrmcommon_test. */ + +@@ -31,4 +32,14 @@ int __wrap_getpwnam_r(const char *name, struct passwd *pwd, + int __real_uname(struct utsname *buf); + int __wrap_uname(struct utsname *buf); + ++void __real_setgrent(void); ++void __wrap_setgrent(void); ++ ++struct group *__real_getgrent(void); ++struct group *__wrap_getgrent(void); ++ ++void __real_endgrent(void); ++void __wrap_endgrent(void); ++ ++ + #endif // MOCK_PRIVATE__H +diff --git a/lib/common/tests/acl/Makefile.am b/lib/common/tests/acl/Makefile.am +index 679c9cb8e..a73fc354c 100644 +--- a/lib/common/tests/acl/Makefile.am ++++ b/lib/common/tests/acl/Makefile.am +@@ -1,19 +1,26 @@ + # +-# Copyright 2021 the Pacemaker project contributors ++# Copyright 2021-2022 the Pacemaker project contributors + # + # The version control history for this file may have further details. + # + # This source code is licensed under the GNU General Public License version 2 + # or later (GPLv2+) WITHOUT ANY WARRANTY. + # +-AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include ++AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir)/lib/common + LDADD = $(top_builddir)/lib/common/libcrmcommon.la -lcmocka + ++pcmk__is_user_in_group_test_LDADD = $(top_builddir)/lib/common/libcrmcommon_test.la -lcmocka ++pcmk__is_user_in_group_test_LDFLAGS = \ ++ -Wl,--wrap=setgrent \ ++ -Wl,--wrap=getgrent \ ++ -Wl,--wrap=endgrent ++ + include $(top_srcdir)/mk/tap.mk + + # Add "_test" to the end of all test program names to simplify .gitignore. + + check_PROGRAMS = \ ++ pcmk__is_user_in_group_test \ + pcmk_acl_required_test \ + xml_acl_denied_test \ + xml_acl_enabled_test +diff --git a/lib/common/tests/acl/pcmk__is_user_in_group_test.c b/lib/common/tests/acl/pcmk__is_user_in_group_test.c +new file mode 100644 +index 000000000..67b8c2c7c +--- /dev/null ++++ b/lib/common/tests/acl/pcmk__is_user_in_group_test.c +@@ -0,0 +1,92 @@ ++/* ++ * Copyright 2020-2022 the Pacemaker project contributors ++ * ++ * The version control history for this file may have further details. ++ * ++ * This source code is licensed under the GNU Lesser General Public License ++ * version 2.1 or later (LGPLv2.1+) WITHOUT ANY WARRANTY. ++ */ ++ ++#include ++#include ++#include "../../crmcommon_private.h" ++ ++#include "mock_private.h" ++ ++#include ++#include ++#include ++#include ++#include ++ ++// THe index of the group that is going to be returned next from "get group entry" (getgrent) ++static int group_idx = 0; ++ ++// Data used for testing ++static const char* grp0_members[] = { ++ "user0", "user1", NULL ++}; ++ ++static const char* grp1_members[] = { ++ "user1", NULL ++}; ++ ++static const char* grp2_members[] = { ++ "user2", "user1", NULL ++}; ++ ++// an array of "groups" (a struct from grp.h), the members of the groups are initalized here to some testing data. ++// Casting away the consts to make the compiler happy and simplify initialization. ++// We never actually change these variables during the test! ++// string literal = const char* (cannot be changed b/c ? ) vs. char* (its getting casted to this) ++static const int NUM_GROUPS = 3; ++static struct group groups[] = { ++ {(char*)"grp0", (char*)"", 0, (char**)grp0_members}, ++ {(char*)"grp1", (char*)"", 1, (char**)grp1_members}, ++ {(char*)"grp2", (char*)"", 2, (char**)grp2_members}, ++}; ++ ++// This function resets the group_idx to 0. ++void ++__wrap_setgrent(void) { ++ group_idx = 0; ++} ++ ++// This function returns the next group entry in the list of groups, or ++// NULL if there aren't any left. ++// group_idx is a global variable which keeps track of where you are in the list ++struct group * ++__wrap_getgrent(void) { ++ if(group_idx >= NUM_GROUPS) return NULL; ++ return &groups[group_idx++]; ++} ++ ++void ++__wrap_endgrent(void) { ++} ++ ++static void ++is_pcmk__is_user_in_group(void **state) ++{ ++ // null user ++ assert_false(pcmk__is_user_in_group(NULL, "grp0")); ++ // null group ++ assert_false(pcmk__is_user_in_group("user0", NULL)); ++ // nonexistent group ++ assert_false(pcmk__is_user_in_group("user0", "nonexistent_group")); ++ // user is in group ++ assert_true(pcmk__is_user_in_group("user0", "grp0")); ++ // user is not in group ++ assert_false(pcmk__is_user_in_group("user2", "grp0")); ++} ++ ++int ++main(int argc, char **argv) ++{ ++ const struct CMUnitTest tests[] = { ++ cmocka_unit_test(is_pcmk__is_user_in_group) ++ }; ++ ++ cmocka_set_message_output(CM_OUTPUT_TAP); ++ return cmocka_run_group_tests(tests, NULL, NULL); ++} +-- +2.31.1 + + +From 1bb7fda60f5b8547d7457f20543b7e50089cf06b Mon Sep 17 00:00:00 2001 +From: Grace Chin +Date: Mon, 13 Jun 2022 09:17:36 -0400 +Subject: [PATCH 3/4] Add ACL group support + +closes T61 +--- + lib/common/acl.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/lib/common/acl.c b/lib/common/acl.c +index f68069bbd..d7f8469b1 100644 +--- a/lib/common/acl.c ++++ b/lib/common/acl.c +@@ -320,6 +320,13 @@ pcmk__unpack_acl(xmlNode *source, xmlNode *target, const char *user) + crm_debug("Unpacking ACLs for user '%s'", id); + p->acls = parse_acl_entry(acls, child, p->acls); + } ++ } else if (!strcmp(tag, XML_ACL_TAG_GROUP)) { ++ const char *id = crm_element_value(child, XML_ATTR_ID); ++ ++ if (id && pcmk__is_user_in_group(user,id)) { ++ crm_debug("Unpacking ACLs for group '%s'", id); ++ p->acls = parse_acl_entry(acls, child, p->acls); ++ } + } + } + } +-- +2.31.1 + + +From f4efd55d9424d34908ba3e2bcffe16c00b2cf660 Mon Sep 17 00:00:00 2001 +From: Grace Chin +Date: Mon, 13 Jun 2022 09:20:36 -0400 +Subject: [PATCH 4/4] Allow acl_target and acl_group elements to take a 'name' + attribute to use a name different from 'id' + +closes T60 +--- + include/crm/msg_xml.h | 1 + + lib/common/acl.c | 21 +++++++++++++++++---- + 2 files changed, 18 insertions(+), 4 deletions(-) + +diff --git a/include/crm/msg_xml.h b/include/crm/msg_xml.h +index b36dcf060..6470520b1 100644 +--- a/include/crm/msg_xml.h ++++ b/include/crm/msg_xml.h +@@ -133,6 +133,7 @@ extern "C" { + # define XML_ATTR_VERSION "version" + # define XML_ATTR_DESC "description" + # define XML_ATTR_ID "id" ++# define XML_ATTR_NAME "name" + # define XML_ATTR_IDREF "id-ref" + # define XML_ATTR_ID_LONG "long-id" + # define XML_ATTR_TYPE "type" +diff --git a/lib/common/acl.c b/lib/common/acl.c +index d7f8469b1..b9f7472ee 100644 +--- a/lib/common/acl.c ++++ b/lib/common/acl.c +@@ -278,8 +278,13 @@ pcmk__apply_acl(xmlNode *xml) + + /*! + * \internal +- * \brief Unpack ACLs for a given user +- * ++ * \brief Unpack ACLs for a given user into the ++ * metadata of the target XML tree ++ * ++ * Taking the description of ACLs from the source XML tree and ++ * marking up the target XML tree with access information for the ++ * given user by tacking it onto the relevant nodes ++ * + * \param[in] source XML with ACL definitions + * \param[in,out] target XML that ACLs will be applied to + * \param[in] user Username whose ACLs need to be unpacked +@@ -314,14 +319,22 @@ pcmk__unpack_acl(xmlNode *source, xmlNode *target, const char *user) + + if (!strcmp(tag, XML_ACL_TAG_USER) + || !strcmp(tag, XML_ACL_TAG_USERv1)) { +- const char *id = crm_element_value(child, XML_ATTR_ID); ++ const char *id = crm_element_value(child, XML_ATTR_NAME); ++ ++ if (id == NULL) { ++ id = crm_element_value(child, XML_ATTR_ID); ++ } + + if (id && strcmp(id, user) == 0) { + crm_debug("Unpacking ACLs for user '%s'", id); + p->acls = parse_acl_entry(acls, child, p->acls); + } + } else if (!strcmp(tag, XML_ACL_TAG_GROUP)) { +- const char *id = crm_element_value(child, XML_ATTR_ID); ++ const char *id = crm_element_value(child, XML_ATTR_NAME); ++ ++ if (id == NULL) { ++ id = crm_element_value(child, XML_ATTR_ID); ++ } + + if (id && pcmk__is_user_in_group(user,id)) { + crm_debug("Unpacking ACLs for group '%s'", id); +-- +2.31.1 + diff --git a/003-regression.patch b/003-regression.patch new file mode 100644 index 0000000..0185c2d --- /dev/null +++ b/003-regression.patch @@ -0,0 +1,88 @@ +From 9853f4d05a376062d60f2e4c90938e587992237b Mon Sep 17 00:00:00 2001 +From: Chris Lumens +Date: Mon, 27 Jun 2022 12:06:24 -0400 +Subject: [PATCH 1/2] Fix: tools: Don't output "(null)" in crm_attribute's + quiet mode. + +If the attribute queried for has no value, simply do not output +anything. + +Regression in 2.1.3 introduced by 8c03553bbf + +Fixes T502 +See: rhbz#2099331 +--- + tools/crm_attribute.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tools/crm_attribute.c b/tools/crm_attribute.c +index 0bd9dee81..b1463f906 100644 +--- a/tools/crm_attribute.c ++++ b/tools/crm_attribute.c +@@ -56,7 +56,9 @@ attribute_text(pcmk__output_t *out, va_list args) + char *host G_GNUC_UNUSED = va_arg(args, char *); + + if (out->quiet) { +- pcmk__formatted_printf(out, "%s\n", value); ++ if (value != NULL) { ++ pcmk__formatted_printf(out, "%s\n", value); ++ } + } else { + out->info(out, "%s%s %s%s %s%s value=%s", + scope ? "scope=" : "", scope ? scope : "", +-- +2.31.1 + + +From 16d00a9b3ef27afd09f5c046ea1be50fc664ed84 Mon Sep 17 00:00:00 2001 +From: Chris Lumens +Date: Mon, 27 Jun 2022 12:18:06 -0400 +Subject: [PATCH 2/2] Test: cts: Add a test for querying an attribute that does + not exist. + +--- + cts/cli/regression.tools.exp | 4 ++++ + cts/cts-cli.in | 5 +++++ + 2 files changed, 9 insertions(+) + +diff --git a/cts/cli/regression.tools.exp b/cts/cli/regression.tools.exp +index 0d1cfa2ab..464472d42 100644 +--- a/cts/cli/regression.tools.exp ++++ b/cts/cli/regression.tools.exp +@@ -24,6 +24,10 @@ A new shadow instance was created. To begin using it paste the following into y + + =#=#=#= End test: Validate CIB - OK (0) =#=#=#= + * Passed: cibadmin - Validate CIB ++=#=#=#= Begin test: Query the value of an attribute that does not exist =#=#=#= ++crm_attribute: Error performing operation: No such device or address ++=#=#=#= End test: Query the value of an attribute that does not exist - No such object (105) =#=#=#= ++* Passed: crm_attribute - Query the value of an attribute that does not exist + =#=#=#= Begin test: Configure something before erasing =#=#=#= + =#=#=#= Current cib after: Configure something before erasing =#=#=#= + +diff --git a/cts/cts-cli.in b/cts/cts-cli.in +index 8565c485a..b895d36ec 100755 +--- a/cts/cts-cli.in ++++ b/cts/cts-cli.in +@@ -511,6 +511,10 @@ function test_tools() { + cmd="cibadmin -Q" + test_assert $CRM_EX_OK + ++ desc="Query the value of an attribute that does not exist" ++ cmd="crm_attribute -n ABCD --query --quiet" ++ test_assert $CRM_EX_NOSUCH 0 ++ + desc="Configure something before erasing" + cmd="crm_attribute -n cluster-delay -v 60s" + test_assert $CRM_EX_OK +@@ -1980,6 +1984,7 @@ for t in $tests; do + -e 's/ end=\"[0-9][-+: 0-9]*Z*\"/ end=\"\"/' \ + -e 's/ start=\"[0-9][-+: 0-9]*Z*\"/ start=\"\"/' \ + -e 's/^Error checking rule: Device not configured/Error checking rule: No such device or address/' \ ++ -e 's/Error performing operation: Device not configured/Error performing operation: No such device or address/' \ + -e 's/\(Injecting attribute last-failure-ping#monitor_10000=\)[0-9]*/\1/' \ + -e 's/^lt-//' \ + -e 's/ocf::/ocf:/' \ +-- +2.31.1 + diff --git a/pacemaker.spec b/pacemaker.spec index e496600..8c70a95 100644 --- a/pacemaker.spec +++ b/pacemaker.spec @@ -35,11 +35,11 @@ ## Upstream pacemaker version, and its package version (specversion ## can be incremented to build packages reliably considered "newer" ## than previously built packages with the same pcmkversion) -%global pcmkversion 2.1.3 -%global specversion 2 +%global pcmkversion 2.1.4 +%global specversion 3 ## Upstream commit (full commit ID, abbreviated commit ID, or tag) to build -%global commit da2fd79c89a8b148a2505b57b31e22a187c10d4f +%global commit dc6eb4362e67c1497a413434eba097063bf1ef83 ## Since git v2.11, the extent of abbreviation is autoscaled by default ## (used to be constant of 7), so we need to convey it for non-tags, too. @@ -264,7 +264,9 @@ Source0: https://codeload.github.com/%{github_owner}/%{name}/tar.gz/%{arch Source1: nagios-agents-metadata-%{nagios_hash}.tar.gz # upstream commits -#Patch001: 001-xxxx.patch +Patch001: 001-stonith-enabled.patch +Patch002: 002-acl_group.patch +Patch003: 003-regression.patch # downstream-only commits #Patch1xx: 1xx-xxxx.patch @@ -953,6 +955,22 @@ exit 0 %license %{nagios_name}-%{nagios_hash}/COPYING %changelog +* Wed Jun 29 2022 Ken Gaillot - 2.1.4-3 +- Add support for ACL groups +- Resolves: rhbz1724310 + +* Tue Jun 28 2022 Ken Gaillot - 2.1.4-2 +- Restore crm_attribute query behavior when attribute does not exist +- Resolves: rhbz2072107 + +* Wed Jun 15 2022 Ken Gaillot - 2.1.4-1 +- Fencer should not ignore CIB updates when stonith is disabled +- Rebase pacemaker on upstream 2.1.4 final release +- Fix typo in ocf:pacemaker:HealthSMART meta-data +- Resolves: rhbz2055935 +- Resolves: rhbz2072107 +- Resolves: rhbz2094855 + * Wed Jun 1 2022 Ken Gaillot - 2.1.3-2 - crm_attribute works on remote node command line when hostname differs - Rebase pacemaker on upstream 2.1.3 final release diff --git a/sources b/sources index 07a6ff3..813d125 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (nagios-agents-metadata-105ab8a.tar.gz) = 3b8a57de69f53cee1e4c0355ccd23fda49c72d06a802c3d6dc33f0fd1823766356b44f9eb14fb00f47678e522e8679a638f3850857ed7e8123dfea525151d1d5 -SHA512 (pacemaker-da2fd79.tar.gz) = a50ec9b3177e1ad106dbd08d81c87a18db39c73a39c25a4fcb90912a07f4532c051285db8c8b9509c8dcab5e6252260d67542e93acdd373d5b22fb2f3b8f524e +SHA512 (pacemaker-dc6eb43.tar.gz) = 2eca2bc4714486e7111ad0a25824af060faf17e94a44e305b3b4ba327353f236aa7091bc0105f77ea921f6178d9805fb4e75cfe6811541c845503d7c5ad6e73c