From 2e7a40570d6b21534ec0215ac5ebc174796cf17c Mon Sep 17 00:00:00 2001 From: Ken Gaillot Date: Thu, 20 Aug 2020 10:02:20 -0500 Subject: [PATCH 1/2] Refactor: tools: rename function in cibsecret to be more clear It led me to initially misdiagnose a problem. --- tools/cibsecret.in | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tools/cibsecret.in b/tools/cibsecret.in index 9b74ba3..dabbfc0 100644 --- a/tools/cibsecret.in +++ b/tools/cibsecret.in @@ -162,28 +162,28 @@ check_env() { } # This must be called (and return success) before calling $rsh or $rcp_to_from -get_live_nodes() { - # Get a list of all cluster nodes +get_live_peers() { + # Get a list of all other cluster nodes GLN_ALL_NODES="$(crm_node -l | awk '{print $2}' | grep -v "$(uname -n)")" # Make a list of those that respond to pings if [ "$(id -u)" = "0" ] && which fping >/dev/null 2>&1; then - LIVE_NODES=$(fping -a $GLN_ALL_NODES 2>/dev/null) + LIVE_NODES=$(fping -a $GLP_ALL_PEERS 2>/dev/null) else LIVE_NODES="" - for GLN_NODE in $GLN_ALL_NODES; do \ - ping -c 2 -q "$GLN_NODE" >/dev/null 2>&1 && - LIVE_NODES="$LIVE_NODES $GLN_NODE" + for GLP_NODE in $GLP_ALL_PEERS; do \ + ping -c 2 -q "$GLP_NODE" >/dev/null 2>&1 && + LIVE_NODES="$LIVE_NODES $GLP_NODE" done fi # Warn the user about any that didn't respond to pings - GLN_DOWN="$( (for GLN_NODE in $LIVE_NODES $GLN_ALL_NODES; do echo "$GLN_NODE"; done) | sort | uniq -u)" - if [ "$(echo "$GLN_DOWN" | wc -w)" = "1" ]; then - warn "node $GLN_DOWN is down" + GLP_DOWN="$( (for GLP_NODE in $LIVE_NODES $GLP_ALL_PEERS; do echo "$GLP_NODE"; done) | sort | uniq -u)" + if [ "$(echo "$GLP_DOWN" | wc -w)" = "1" ]; then + warn "node $GLP_DOWN is down" warn "you'll need to update it using \"$PROG sync\" later" - elif [ -n "$GLN_DOWN" ]; then - warn "nodes $(echo "$GLN_DOWN" | tr '\n' ' ')are down" + elif [ -n "$GLP_DOWN" ]; then + warn "nodes $(echo "$GLP_DOWN" | tr '\n' ' ')are down" warn "you'll need to update them using \"$PROG sync\" later" fi @@ -235,7 +235,7 @@ scp_fun() { # TODO: this procedure should be replaced with csync2 # provided that csync2 has already been configured sync_files() { - get_live_nodes || return + get_live_peers || return info "syncing $LRM_CIBSECRETS to $(echo "$LIVE_NODES" | tr '\n' ' ') ..." $rsh rm -rf "$LRM_CIBSECRETS" && $rsh mkdir -p "$(dirname "$LRM_CIBSECRETS")" && @@ -244,7 +244,7 @@ sync_files() { sync_one() { SO_FILE="$1" - get_live_nodes || return + get_live_peers || return info "syncing $SO_FILE to $(echo "$LIVE_NODES" | tr '\n' ' ') ..." $rsh mkdir -p "$(dirname "$SO_FILE")" && if [ -f "$SO_FILE" ]; then -- 1.8.3.1 From 9c1517e6a681f35d62b4714e854b258c17ab5e59 Mon Sep 17 00:00:00 2001 From: Ken Gaillot Date: Thu, 20 Aug 2020 10:03:23 -0500 Subject: [PATCH 2/2] Fix: tools: properly detect local node name cibsecret had two serious problems when generating a list of other nodes to sync secrets to: * It used `uname -n` to remove the local node from the list. If the local node name is different from its uname, this could cause local secrets to be removed from the local node rather than synced to other nodes. * It removed not just the local node name, but any node name that contained the local node name as a substring (e.g. "node1" and "node10"). This could cause secrets to not be synced to such nodes. Now, use `crm_node -n` to determine the local node name, check crm_node for errors to get better error messages, and remove only the node name that matches the local node name in its entirety. --- tools/cibsecret.in | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/cibsecret.in b/tools/cibsecret.in index dabbfc0..568833c 100644 --- a/tools/cibsecret.in +++ b/tools/cibsecret.in @@ -163,8 +163,14 @@ check_env() { # This must be called (and return success) before calling $rsh or $rcp_to_from get_live_peers() { + # Get local node name + GLP_LOCAL_NODE="$(crm_node -n)" + [ $? -eq 0 ] || fatal "couldn't get local node name" + # Get a list of all other cluster nodes - GLN_ALL_NODES="$(crm_node -l | awk '{print $2}' | grep -v "$(uname -n)")" + GLP_ALL_PEERS="$(crm_node -l)" + [ $? -eq 0 ] || fatal "couldn't determine cluster nodes" + GLP_ALL_PEERS="$(echo "$GLP_ALL_PEERS" | awk '{print $2}' | grep -v "^${GLP_LOCAL_NODE}$")" # Make a list of those that respond to pings if [ "$(id -u)" = "0" ] && which fping >/dev/null 2>&1; then -- 1.8.3.1