rpms/pacemaker
7
0
Fork 0
Code Issues Pull Requests Releases Activity
f50b06c409
pacemaker/SOURCES/015-cibsecret.patch
CentOS Sources f50b06c409 import pacemaker-2.0.4-6.el8 
# Conflicts:
#	.gitignore
#	.pacemaker.metadata
#	SPECS/pacemaker.spec
2021-08-28 18:45:35 +00:00

124 lines
4.7 KiB
Diff
Raw Blame History

From 2e7a40570d6b21534ec0215ac5ebc174796cf17c Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Thu, 20 Aug 2020 10:02:20 -0500
Subject: [PATCH 1/2] Refactor: tools: rename function in cibsecret to be more
clear
It led me to initially misdiagnose a problem.
---
tools/cibsecret.in | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/tools/cibsecret.in b/tools/cibsecret.in
index 9b74ba3..dabbfc0 100644
--- a/tools/cibsecret.in
+++ b/tools/cibsecret.in
@@ -162,28 +162,28 @@ check_env() {
}
# This must be called (and return success) before calling $rsh or $rcp_to_from
-get_live_nodes() {
- # Get a list of all cluster nodes
+get_live_peers() {
+ # Get a list of all other cluster nodes
GLN_ALL_NODES="$(crm_node -l | awk '{print $2}' | grep -v "$(uname -n)")"
# Make a list of those that respond to pings
if [ "$(id -u)" = "0" ] && which fping >/dev/null 2>&1; then
- LIVE_NODES=$(fping -a $GLN_ALL_NODES 2>/dev/null)
+ LIVE_NODES=$(fping -a $GLP_ALL_PEERS 2>/dev/null)
else
LIVE_NODES=""
- for GLN_NODE in $GLN_ALL_NODES; do \
- ping -c 2 -q "$GLN_NODE" >/dev/null 2>&1 &&
- LIVE_NODES="$LIVE_NODES $GLN_NODE"
+ for GLP_NODE in $GLP_ALL_PEERS; do \
+ ping -c 2 -q "$GLP_NODE" >/dev/null 2>&1 &&
+ LIVE_NODES="$LIVE_NODES $GLP_NODE"
done
fi
# Warn the user about any that didn't respond to pings
- GLN_DOWN="$( (for GLN_NODE in $LIVE_NODES $GLN_ALL_NODES; do echo "$GLN_NODE"; done) | sort | uniq -u)"
- if [ "$(echo "$GLN_DOWN" | wc -w)" = "1" ]; then
- warn "node $GLN_DOWN is down"
+ GLP_DOWN="$( (for GLP_NODE in $LIVE_NODES $GLP_ALL_PEERS; do echo "$GLP_NODE"; done) | sort | uniq -u)"
+ if [ "$(echo "$GLP_DOWN" | wc -w)" = "1" ]; then
+ warn "node $GLP_DOWN is down"
warn "you'll need to update it using \"$PROG sync\" later"
- elif [ -n "$GLN_DOWN" ]; then
- warn "nodes $(echo "$GLN_DOWN" | tr '\n' ' ')are down"
+ elif [ -n "$GLP_DOWN" ]; then
+ warn "nodes $(echo "$GLP_DOWN" | tr '\n' ' ')are down"
warn "you'll need to update them using \"$PROG sync\" later"
fi
@@ -235,7 +235,7 @@ scp_fun() {
# TODO: this procedure should be replaced with csync2
# provided that csync2 has already been configured
sync_files() {
- get_live_nodes || return
+ get_live_peers || return
info "syncing $LRM_CIBSECRETS to $(echo "$LIVE_NODES" | tr '\n' ' ') ..."
$rsh rm -rf "$LRM_CIBSECRETS" &&
$rsh mkdir -p "$(dirname "$LRM_CIBSECRETS")" &&
@@ -244,7 +244,7 @@ sync_files() {
sync_one() {
SO_FILE="$1"
- get_live_nodes || return
+ get_live_peers || return
info "syncing $SO_FILE to $(echo "$LIVE_NODES" | tr '\n' ' ') ..."
$rsh mkdir -p "$(dirname "$SO_FILE")" &&
if [ -f "$SO_FILE" ]; then
--
1.8.3.1
From 9c1517e6a681f35d62b4714e854b258c17ab5e59 Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Thu, 20 Aug 2020 10:03:23 -0500
Subject: [PATCH 2/2] Fix: tools: properly detect local node name
cibsecret had two serious problems when generating a list of other nodes to
sync secrets to:
* It used `uname -n` to remove the local node from the list. If the local node
name is different from its uname, this could cause local secrets to be
removed from the local node rather than synced to other nodes.
* It removed not just the local node name, but any node name that contained
the local node name as a substring (e.g. "node1" and "node10"). This could
cause secrets to not be synced to such nodes.
Now, use `crm_node -n` to determine the local node name, check crm_node for
errors to get better error messages, and remove only the node name that matches
the local node name in its entirety.
---
tools/cibsecret.in | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/tools/cibsecret.in b/tools/cibsecret.in
index dabbfc0..568833c 100644
--- a/tools/cibsecret.in
+++ b/tools/cibsecret.in
@@ -163,8 +163,14 @@ check_env() {
# This must be called (and return success) before calling $rsh or $rcp_to_from
get_live_peers() {
+ # Get local node name
+ GLP_LOCAL_NODE="$(crm_node -n)"
+ [ $? -eq 0 ] || fatal "couldn't get local node name"
+
# Get a list of all other cluster nodes
- GLN_ALL_NODES="$(crm_node -l | awk '{print $2}' | grep -v "$(uname -n)")"
+ GLP_ALL_PEERS="$(crm_node -l)"
+ [ $? -eq 0 ] || fatal "couldn't determine cluster nodes"
+ GLP_ALL_PEERS="$(echo "$GLP_ALL_PEERS" | awk '{print $2}' | grep -v "^${GLP_LOCAL_NODE}$")"
# Make a list of those that respond to pings
if [ "$(id -u)" = "0" ] && which fping >/dev/null 2>&1; then
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink