import pcp-6.0.1-4.el9

This commit is contained in:
CentOS Sources 2023-05-09 05:17:47 +00:00 committed by Stepan Oksanichenko
parent 997485d583
commit bbcb0b03f8
9 changed files with 231 additions and 750 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/pcp-5.3.7.src.tar.gz
SOURCES/pcp-6.0.1.src.tar.gz

View File

@ -1 +1 @@
a0a05bf501b016cb859fb211ae60ce18be2bbd99 SOURCES/pcp-5.3.7.src.tar.gz
4f405e26a6c651b2f094134e0648cd5fd201d310 SOURCES/pcp-6.0.1.src.tar.gz

View File

@ -1,459 +0,0 @@
diff --git a/qa/1927 b/qa/1927
new file mode 100755
index 000000000..46afa9509
--- /dev/null
+++ b/qa/1927
@@ -0,0 +1,88 @@
+#!/bin/sh
+# PCP QA Test No. 1927
+# Exercise the sockets PMDA Install/Remove and string metric bug.
+#
+# Copyright (c) 2022 Red Hat. All Rights Reserved.
+#
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+# get standard environment, filters and checks
+. ./common.product
+. ./common.filter
+. ./common.check
+
+[ -f $PCP_PMDAS_DIR/sockets/pmdasockets ] || _notrun "sockets pmda not installed"
+
+_cleanup()
+{
+ cd $here
+ $sudo rm -rf $tmp $tmp.*
+}
+
+status=0 # success is the default!
+$sudo rm -rf $tmp $tmp.* $seq.full
+
+_filter_sockets()
+{
+ grep -v 'No value(s) available'
+}
+
+pmdasockets_remove()
+{
+ echo
+ echo "=== remove sockets agent ==="
+ $sudo ./Remove >$tmp.out 2>&1
+ _filter_pmda_remove <$tmp.out
+}
+
+pmdasockets_install()
+{
+ # start from known starting points
+ cd $PCP_PMDAS_DIR/sockets
+ $sudo ./Remove >/dev/null 2>&1
+
+ echo
+ echo "=== sockets agent installation ==="
+ $sudo ./Install </dev/null >$tmp.out 2>&1
+ cat $tmp.out >>$here/$seq.full
+ # Check sockets metrics have appeared ... X metrics and Y values
+ _filter_pmda_install <$tmp.out \
+ | sed \
+ -e 's/[0-9][0-9]* warnings, //' \
+ | $PCP_AWK_PROG '
+/Check network.persocket metrics have appeared/ {
+ if ($7 >= 50 && $7 <= 99) $7 = "X"
+ if ($10 >= 0) $10 = "Y"
+ }
+ { print }'
+}
+
+_prepare_pmda sockets
+# note: _restore_auto_restart pmcd done in _cleanup_pmda()
+trap "_cleanup_pmda sockets; exit \$status" 0 1 2 3 15
+
+_stop_auto_restart pmcd
+
+# real QA test starts here
+pmdasockets_install
+
+# pmcd should have been started by the Install process - check
+if pminfo -v network.persocket > $tmp.info 2> $tmp.err
+then
+ :
+else
+ echo "... failed! ... here is the Install log ..."
+ cat $tmp.out
+fi
+cat $tmp.info $tmp.err | _filter_sockets
+
+echo "Check the values for v6only metric are 0 or 1 ..."
+pminfo -f network.persocket.v6only | egrep -v 'value [01]$' | sed -e '/^$/d'
+
+pmdasockets_remove
+status=0
+
+# success, all done
+exit
diff --git a/qa/1927.out b/qa/1927.out
new file mode 100644
index 000000000..2ae4385fd
--- /dev/null
+++ b/qa/1927.out
@@ -0,0 +1,17 @@
+QA output created by 1927
+
+=== sockets agent installation ===
+Updating the Performance Metrics Name Space (PMNS) ...
+Terminate PMDA if already installed ...
+[...install files, make output...]
+Updating the PMCD control file, and notifying PMCD ...
+Check network.persocket metrics have appeared ... X metrics and Y values
+Check the values for v6only metric are 0 or 1 ...
+network.persocket.v6only
+
+=== remove sockets agent ===
+Culling the Performance Metrics Name Space ...
+network.persocket ... done
+Updating the PMCD control file, and notifying PMCD ...
+[...removing files...]
+Check network.persocket metrics have gone away ... OK
diff --git a/qa/group b/qa/group
index acfc5d208..846c0c4bd 100644
--- a/qa/group
+++ b/qa/group
@@ -1967,6 +1967,7 @@ x11
1901 pmlogger local
1902 help local
1914 atop local
+1927 pmda.sockets local
1937 pmlogrewrite pmda.xfs local
1955 libpcp pmda pmda.pmcd local
1956 pmda.linux pmcd local
diff --git a/src/pmdas/linux_sockets/pmda.c b/src/pmdas/linux_sockets/pmda.c
index d10eacf29..5a3018d8a 100644
--- a/src/pmdas/linux_sockets/pmda.c
+++ b/src/pmdas/linux_sockets/pmda.c
@@ -1,7 +1,7 @@
/*
* Sockets PMDA
*
- * Copyright (c) 2021 Red Hat.
+ * Copyright (c) 2021-2022 Red Hat.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -14,6 +14,7 @@
* for more details.
*/
+#include <ctype.h>
#include "pmapi.h"
#include "pmda.h"
@@ -147,6 +148,31 @@ sockets_fetchCallBack(pmdaMetric *metric, unsigned int inst, pmAtomValue *atom)
return PMDA_FETCH_STATIC;
}
+/*
+ * Restrict the allowed filter strings to only limited special
+ * characters (open and close brackets - everthing else can be
+ * done with alphanumerics) to limit any attack surface here.
+ * The ss filtering language is more complex than we ever want
+ * to be attempting to parse ourself, so we leave that side of
+ * things to the ss command itself.
+ */
+int
+sockets_check_filter(const char *string)
+{
+ const char *p;
+
+ for (p = string; *p; p++) {
+ if (isspace(*p))
+ continue;
+ if (isalnum(*p))
+ continue;
+ if (*p == '(' || *p == ')')
+ continue;
+ return 0; /* disallow */
+ }
+ return 1;
+}
+
static int
sockets_store(pmResult *result, pmdaExt *pmda)
{
@@ -165,9 +191,14 @@ sockets_store(pmResult *result, pmdaExt *pmda)
case 0: /* network.persocket.filter */
if ((sts = pmExtractValue(vsp->valfmt, &vsp->vlist[0],
PM_TYPE_STRING, &av, PM_TYPE_STRING)) >= 0) {
+ if (sockets_check_filter(av.cp)) {
+ sts = PM_ERR_BADSTORE;
+ free(av.cp);
+ break;
+ }
if (ss_filter)
free(ss_filter);
- ss_filter = av.cp; /* TODO filter syntax check */
+ ss_filter = av.cp;
}
break;
default:
diff --git a/src/pmdas/linux_sockets/ss_parse.c b/src/pmdas/linux_sockets/ss_parse.c
index 94c5e16e9..9f3afc691 100644
--- a/src/pmdas/linux_sockets/ss_parse.c
+++ b/src/pmdas/linux_sockets/ss_parse.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021 Red Hat.
+ * Copyright (c) 2021-2022 Red Hat.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -21,65 +21,70 @@ static ss_stats_t ss_p;
/* boolean value with no separate value, default 0 */
#define PM_TYPE_BOOL (PM_TYPE_UNKNOWN-1)
+/* helper macros to extract field address and size */
+#define SSFIELD(str,type,f) {(str), (sizeof(str)-1), type, (&(f)), (sizeof(f))}
+#define SSNULLFIELD(str) {(str), (sizeof(str)-1), PM_TYPE_UNKNOWN, NULL}
+
static struct {
char *field;
int len;
int type;
void *addr;
+ int size;
int found;
} parse_table[] = {
- { "timer:", 6, PM_TYPE_STRING, &ss_p.timer_str },
- { "uid:", 4, PM_TYPE_U32, &ss_p.uid },
- { "ino:", 4, PM_TYPE_64, &ss_p.inode },
- { "sk:", 3, PM_TYPE_U64, &ss_p.sk },
- { "cgroup:", 7, PM_TYPE_STRING, &ss_p.cgroup },
- { "v6only:", 7, PM_TYPE_32, &ss_p.v6only },
- { "--- ", 4, PM_TYPE_UNKNOWN, NULL },
- { "<-> ", 4, PM_TYPE_UNKNOWN, NULL },
- { "--> ", 4, PM_TYPE_UNKNOWN, NULL },
- { "skmem:", 6, PM_TYPE_STRING, &ss_p.skmem_str, },
- { "ts ", 3, PM_TYPE_BOOL, &ss_p.ts },
- { "sack ", 5, PM_TYPE_BOOL, &ss_p.sack },
- { "cubic ", 6, PM_TYPE_BOOL, &ss_p.cubic },
- { "wscale:", 7, PM_TYPE_STRING, &ss_p.wscale_str },
- { "rto:", 4, PM_TYPE_DOUBLE, &ss_p.rto },
- { "rtt:", 4, PM_TYPE_STRING, &ss_p.round_trip_str },
- { "ato:", 4, PM_TYPE_DOUBLE, &ss_p.ato },
- { "backoff:", 8, PM_TYPE_32, &ss_p.backoff },
- { "mss:", 4, PM_TYPE_U32, &ss_p.mss },
- { "pmtu:", 5, PM_TYPE_U32, &ss_p.pmtu },
- { "rcvmss:", 7, PM_TYPE_U32, &ss_p.rcvmss },
- { "advmss:", 7, PM_TYPE_U32, &ss_p.advmss },
- { "cwnd:", 5, PM_TYPE_U32, &ss_p.cwnd },
- { "lost:", 5, PM_TYPE_32, &ss_p.lost },
- { "ssthresh:", 9, PM_TYPE_U32, &ss_p.ssthresh },
- { "bytes_sent:", 11, PM_TYPE_U64, &ss_p.bytes_sent },
- { "bytes_retrans:", 14, PM_TYPE_U64, &ss_p.bytes_retrans },
- { "bytes_acked:", 12, PM_TYPE_U64, &ss_p.bytes_acked },
- { "bytes_received:", 15, PM_TYPE_U64, &ss_p.bytes_received },
- { "segs_out:", 9, PM_TYPE_U32, &ss_p.segs_out },
- { "segs_in:", 8, PM_TYPE_U32, &ss_p.segs_in },
- { "data_segs_out:", 14, PM_TYPE_U32, &ss_p.data_segs_out },
- { "data_segs_in:", 13, PM_TYPE_U32, &ss_p.data_segs_in },
- { "send ", 5, PM_TYPE_DOUBLE, &ss_p.send }, /* no ':' */
- { "lastsnd:", 8, PM_TYPE_U32, &ss_p.lastsnd },
- { "lastrcv:", 8, PM_TYPE_U32, &ss_p.lastrcv },
- { "lastack:", 8, PM_TYPE_U32, &ss_p.lastack },
- { "pacing_rate ", 12, PM_TYPE_DOUBLE, &ss_p.pacing_rate }, /* no ':' */
- { "delivery_rate ", 14, PM_TYPE_DOUBLE, &ss_p.delivery_rate }, /* no ':' */
- { "delivered:", 10, PM_TYPE_U32, &ss_p.delivered },
- { "app_limited ", 12, PM_TYPE_BOOL, &ss_p.app_limited },
- { "reord_seen:", 11, PM_TYPE_32, &ss_p.reord_seen },
- { "busy:", 5, PM_TYPE_U64, &ss_p.busy },
- { "unacked:", 8, PM_TYPE_32, &ss_p.unacked },
- { "rwnd_limited:", 13, PM_TYPE_U64, &ss_p.rwnd_limited },
- { "retrans:", 8, PM_TYPE_STRING, &ss_p.retrans_str },
- { "dsack_dups:", 11, PM_TYPE_U32, &ss_p.dsack_dups },
- { "rcv_rtt:", 8, PM_TYPE_DOUBLE, &ss_p.rcv_rtt },
- { "rcv_space:", 10, PM_TYPE_32, &ss_p.rcv_space },
- { "rcv_ssthresh:", 13, PM_TYPE_32, &ss_p.rcv_ssthresh },
- { "minrtt:", 7, PM_TYPE_DOUBLE, &ss_p.minrtt },
- { "notsent:", 8, PM_TYPE_U32, &ss_p.notsent },
+ SSFIELD("timer:", PM_TYPE_STRING, ss_p.timer_str),
+ SSFIELD("uid:", PM_TYPE_U32, ss_p.uid),
+ SSFIELD("ino:", PM_TYPE_64, ss_p.inode),
+ SSFIELD("sk:", PM_TYPE_U64, ss_p.sk),
+ SSFIELD("cgroup:", PM_TYPE_STRING, ss_p.cgroup),
+ SSFIELD("v6only:", PM_TYPE_32, ss_p.v6only),
+ SSNULLFIELD("--- "),
+ SSNULLFIELD("<-> "),
+ SSNULLFIELD("--> "),
+ SSFIELD("skmem:", PM_TYPE_STRING, ss_p.skmem_str),
+ SSFIELD("ts ", PM_TYPE_BOOL, ss_p.ts),
+ SSFIELD("sack ", PM_TYPE_BOOL, ss_p.sack),
+ SSFIELD("cubic ", PM_TYPE_BOOL, ss_p.cubic),
+ SSFIELD("wscale:", PM_TYPE_STRING, ss_p.wscale_str),
+ SSFIELD("rto:", PM_TYPE_DOUBLE, ss_p.rto),
+ SSFIELD("rtt:", PM_TYPE_STRING, ss_p.round_trip_str),
+ SSFIELD("ato:", PM_TYPE_DOUBLE, ss_p.ato),
+ SSFIELD("backoff:", PM_TYPE_32, ss_p.backoff),
+ SSFIELD("mss:", PM_TYPE_U32, ss_p.mss),
+ SSFIELD("pmtu:", PM_TYPE_U32, ss_p.pmtu),
+ SSFIELD("rcvmss:", PM_TYPE_U32, ss_p.rcvmss),
+ SSFIELD("advmss:", PM_TYPE_U32, ss_p.advmss),
+ SSFIELD("cwnd:", PM_TYPE_U32, ss_p.cwnd),
+ SSFIELD("lost:", PM_TYPE_32, ss_p.lost),
+ SSFIELD("ssthresh:", PM_TYPE_U32, ss_p.ssthresh),
+ SSFIELD("bytes_sent:", PM_TYPE_U64, ss_p.bytes_sent),
+ SSFIELD("bytes_retrans:", PM_TYPE_U64, ss_p.bytes_retrans),
+ SSFIELD("bytes_acked:", PM_TYPE_U64, ss_p.bytes_acked),
+ SSFIELD("bytes_received:", PM_TYPE_U64, ss_p.bytes_received),
+ SSFIELD("segs_out:", PM_TYPE_U32, ss_p.segs_out),
+ SSFIELD("segs_in:", PM_TYPE_U32, ss_p.segs_in),
+ SSFIELD("data_segs_out:", PM_TYPE_U32, ss_p.data_segs_out),
+ SSFIELD("data_segs_in:", PM_TYPE_U32, ss_p.data_segs_in),
+ SSFIELD("send ", PM_TYPE_DOUBLE, ss_p.send), /* no ':' */
+ SSFIELD("lastsnd:", PM_TYPE_U32, ss_p.lastsnd),
+ SSFIELD("lastrcv:", PM_TYPE_U32, ss_p.lastrcv),
+ SSFIELD("lastack:", PM_TYPE_U32, ss_p.lastack),
+ SSFIELD("pacing_rate ", PM_TYPE_DOUBLE, ss_p.pacing_rate), /* no ':' */
+ SSFIELD("delivery_rate ", PM_TYPE_DOUBLE, ss_p.delivery_rate), /* no ':' */
+ SSFIELD("delivered:", PM_TYPE_U32, ss_p.delivered),
+ SSFIELD("app_limited ", PM_TYPE_BOOL, ss_p.app_limited),
+ SSFIELD("reord_seen:", PM_TYPE_32, ss_p.reord_seen),
+ SSFIELD("busy:", PM_TYPE_U64, ss_p.busy),
+ SSFIELD("unacked:", PM_TYPE_32, ss_p.unacked),
+ SSFIELD("rwnd_limited:", PM_TYPE_U64, ss_p.rwnd_limited),
+ SSFIELD("retrans:", PM_TYPE_STRING, ss_p.retrans_str),
+ SSFIELD("dsack_dups:", PM_TYPE_U32, ss_p.dsack_dups),
+ SSFIELD("rcv_rtt:", PM_TYPE_DOUBLE, ss_p.rcv_rtt),
+ SSFIELD("rcv_space:", PM_TYPE_32, ss_p.rcv_space),
+ SSFIELD("rcv_ssthresh:", PM_TYPE_32, ss_p.rcv_ssthresh),
+ SSFIELD("minrtt:", PM_TYPE_DOUBLE, ss_p.minrtt),
+ SSFIELD("notsent:", PM_TYPE_U32, ss_p.notsent),
{ NULL }
};
@@ -225,8 +230,11 @@ ss_parse(char *line, int has_state_field, ss_stats_t *ss)
if (*p == '(')
p++;
r = (char *)parse_table[i].addr;
- for (s=p; *s && *s != ' ' && *s != '\n' && *s != ')'; s++)
- *r++ = *s; /* TODO check r len */
+ for (s=p; *s && *s != ' ' && *s != '\n' && *s != ')'; s++) {
+ *r++ = *s;
+ if (r - (char *)parse_table[i].addr >= parse_table[i].size - 1)
+ break;
+ }
*r = '\0';
break;
case PM_TYPE_32:
diff --git a/src/pmdas/linux_sockets/ss_stats.h b/src/pmdas/linux_sockets/ss_stats.h
index 183db5afa..009a00cd9 100644
--- a/src/pmdas/linux_sockets/ss_stats.h
+++ b/src/pmdas/linux_sockets/ss_stats.h
@@ -1,11 +1,11 @@
/*
- * Copyright (c) 2021 Red Hat.
- *
+ * Copyright (c) 2021-2022 Red Hat.
+ *
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
@@ -26,7 +26,7 @@ typedef struct ss_stats {
__int32_t timer_retrans;
__uint32_t uid;
__uint64_t sk;
- char cgroup[64];
+ char cgroup[128];
__int32_t v6only;
char skmem_str[64];
__int32_t skmem_rmem_alloc;
commit 77ba20d5e76ada83283a262dd2083b2fc284b5f8
Author: Nathan Scott <nathans@redhat.com>
Date: Thu May 5 09:33:46 2022 +1000
selinux: policy updates needed for the pmdasockets metrics
Thanks to Jan Kurík and Miloš Malík we have the additional
selinux policy requirements - without these we see QE test
failures for this agent with pcp-ss(1) on RHEL.
Related to Red Hat BZ #1981886.
diff --git a/qa/917.out.in b/qa/917.out.in
index 3bd1dc15e..6a4356a12 100644
--- a/qa/917.out.in
+++ b/qa/917.out.in
@@ -154,9 +154,9 @@ Checking policies.
# -- end logging_watch_journal_dirs(pcp_domain) expansion
allow [pcp_pmcd_t] [cluster_tmpfs_t] : [file] { write };
allow [pcp_pmcd_t] [drbd_exec_t] : [file] { execute execute_no_trans };
- allow [pcp_pmcd_t] self : [netlink_generic_socket] { bind create getattr setopt write read };
- allow [pcp_pmcd_t] [sbd_exec_t] : [file] { execute execute_no_trans };
- allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { bind create getattr nlmsg_read setopt };
+! allow [pcp_pmcd_t] self : [netlink_generic_socket] { bind create getattr setopt write read };
+! allow [pcp_pmcd_t] [sbd_exec_t] : [file] { execute execute_no_trans };
+! allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };
allow [syslogd_t] [pcp_log_t] : [fifo_file] { open read write };
allow [pcp_pmcd_t] [etc_t] : [dir] { open read search getattr lock ioctl };
allow [pcp_pmcd_t] [shadow_t] : [file] { getattr ioctl lock open read };
diff --git a/src/selinux/GNUlocaldefs b/src/selinux/GNUlocaldefs
index 1a1b1428c..1462c5ccb 100644
--- a/src/selinux/GNUlocaldefs
+++ b/src/selinux/GNUlocaldefs
@@ -138,8 +138,8 @@ PCP_NETLINK_GENERIC_SOCKET_RULE="allow pcp_pmcd_t self:netlink_generic_socket {
endif
ifeq "$(PCP_SELINUX_NETLINK_TCPDIAG_SOCKET_CLASS)" "true"
-PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { bind create getattr nlmsg_read setopt };"
-PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { bind create getattr nlmsg_read setopt };"
+PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };"
+PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };"
endif
ifeq "$(PCP_SELINUX_LOCKDOWN_CLASS)" "true"
commit a6222992fe5f97f94bdddd928ce9557be1918bfd
Author: Jan Kurik <jkurik@redhat.com>
Date: Fri May 6 08:04:46 2022 +1000
selinux: fine-tune netlink_tcpdiag_socket policy for all platforms
Previous policy set did not apply correctly on ppc64le and aarch64
architectures. After some tweaking the following set of permissions
was found to work on all the supported architectures and fixes the
behavior of the sockets PMDA.
Related to Red Hat BZ #1981886.
diff --git a/qa/917.out.in b/qa/917.out.in
index 6a4356a12..723193aa2 100644
--- a/qa/917.out.in
+++ b/qa/917.out.in
@@ -156,7 +156,7 @@ Checking policies.
allow [pcp_pmcd_t] [drbd_exec_t] : [file] { execute execute_no_trans };
! allow [pcp_pmcd_t] self : [netlink_generic_socket] { bind create getattr setopt write read };
! allow [pcp_pmcd_t] [sbd_exec_t] : [file] { execute execute_no_trans };
-! allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };
+! allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { append bind connect create getattr getopt ioctl lock nlmsg_read nlmsg_write read setattr setopt shutdown write };
allow [syslogd_t] [pcp_log_t] : [fifo_file] { open read write };
allow [pcp_pmcd_t] [etc_t] : [dir] { open read search getattr lock ioctl };
allow [pcp_pmcd_t] [shadow_t] : [file] { getattr ioctl lock open read };
diff --git a/src/selinux/GNUlocaldefs b/src/selinux/GNUlocaldefs
index 1462c5ccb..9733aead9 100644
--- a/src/selinux/GNUlocaldefs
+++ b/src/selinux/GNUlocaldefs
@@ -138,8 +138,8 @@ PCP_NETLINK_GENERIC_SOCKET_RULE="allow pcp_pmcd_t self:netlink_generic_socket {
endif
ifeq "$(PCP_SELINUX_NETLINK_TCPDIAG_SOCKET_CLASS)" "true"
-PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };"
-PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };"
+PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock nlmsg_read nlmsg_write read setattr setopt shutdown write };"
+PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock nlmsg_read nlmsg_write read setattr setopt shutdown write };"
endif
ifeq "$(PCP_SELINUX_LOCKDOWN_CLASS)" "true"

View File

@ -1,11 +0,0 @@
diff -Naurp pcp-5.3.7.orig/src/pmie/GNUmakefile pcp-5.3.7/src/pmie/GNUmakefile
--- pcp-5.3.7.orig/src/pmie/GNUmakefile 2022-02-02 11:53:05.000000000 +1100
+++ pcp-5.3.7/src/pmie/GNUmakefile 2022-05-03 11:45:12.108743480 +1000
@@ -80,6 +80,7 @@ pmie.service : pmie.service.in
$(SED) <$< >$@ \
-e 's;@PCP_RC_DIR@;'$(PCP_RC_DIR)';' \
-e 's;@PCP_RUN_DIR@;'$(PCP_RUN_DIR)';' \
+ -e 's;@PCP_SYSCONFIG_DIR@;'$(PCP_SYSCONFIG_DIR)';' \
# END
pmie_farm.service : pmie_farm.service.in

View File

@ -1,146 +0,0 @@
commit f54eddf494e474531e5af609bcc376037a918977
Author: Nathan Scott <nathans@redhat.com>
Date: Tue Apr 26 14:32:59 2022 +1000
pmdapostfix: harden against a not-yet-running postfix
Ensure the postfix PMDA can start and service requests even
if postfix is not yet started.
diff --git a/src/perl/PMDA/local.c b/src/perl/PMDA/local.c
index e223bde7a..33130bc5d 100644
--- a/src/perl/PMDA/local.c
+++ b/src/perl/PMDA/local.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2017 Red Hat.
+ * Copyright (c) 2012-2017,2022 Red Hat.
* Copyright (c) 2008-2011 Aconex. All Rights Reserved.
*
* This program is free software; you can redistribute it and/or modify it
@@ -139,18 +139,15 @@ int
local_tail(char *file, scalar_t *callback, int cookie)
{
int fd = open(file, O_RDONLY | O_NDELAY);
- struct stat stats;
+ struct stat stats = {0};
int me;
- if (fd < 0) {
- pmNotifyErr(LOG_ERR, "open failed (%s): %s", file, osstrerror());
- exit(1);
- }
- if (fstat(fd, &stats) < 0) {
- pmNotifyErr(LOG_ERR, "fstat failed (%s): %s", file, osstrerror());
- exit(1);
- }
- lseek(fd, 0L, SEEK_END);
+ if (fd < 0)
+ pmNotifyErr(LOG_INFO, "open failed (%s): %s", file, osstrerror());
+ else if (fstat(fd, &stats) < 0)
+ pmNotifyErr(LOG_INFO, "fstat failed (%s): %s", file, osstrerror());
+ else
+ lseek(fd, 0L, SEEK_END);
me = local_file(FILE_TAIL, fd, callback, cookie);
files[me].me.tail.path = strdup(file);
files[me].me.tail.dev = stats.st_dev;
@@ -416,10 +413,11 @@ local_pmdaMain(pmdaInterface *self)
}
for (i = 0; i < nfiles; i++) {
- fd = files[i].fd;
/* check for log rotation or host reconnection needed */
if ((count % 10) == 0) /* but only once every 10 */
local_connection(&files[i]);
+ if ((fd = files[i].fd) < 0)
+ continue;
if (files[i].type != FILE_TAIL && !(__pmFD_ISSET(fd, &readyfds)))
continue;
offset = 0;
@@ -431,21 +429,16 @@ multiread:
(oserror() == EAGAIN) ||
(oserror() == EWOULDBLOCK)))
continue;
- if (files[i].type == FILE_SOCK) {
- close(files[i].fd);
- files[i].fd = -1;
- continue;
- }
- pmNotifyErr(LOG_ERR, "Data read error on %s: %s\n",
- local_filetype(files[i].type), osstrerror());
- exit(1);
+ close(files[i].fd);
+ files[i].fd = -1;
+ continue;
}
if (bytes == 0) {
if (files[i].type == FILE_TAIL)
continue;
- pmNotifyErr(LOG_ERR, "No data to read - %s may be closed\n",
- local_filetype(files[i].type));
- exit(1);
+ close(files[i].fd);
+ files[i].fd = -1;
+ continue;
}
/*
* good read ... data up to buffer + offset + bytes is all OK
diff --git a/src/pmdas/postfix/pmdapostfix.pl b/src/pmdas/postfix/pmdapostfix.pl
index ac46816bc..d6d3f4d3a 100644
--- a/src/pmdas/postfix/pmdapostfix.pl
+++ b/src/pmdas/postfix/pmdapostfix.pl
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2012-2015 Red Hat.
+# Copyright (c) 2012-2015,2022 Red Hat.
# Copyright (c) 2009-2010 Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
#
# This program is free software; you can redistribute it and/or modify it
@@ -56,8 +56,6 @@ my @postfix_received_dom = (
1 => 'smtp',
);
-my $setup = defined($ENV{'PCP_PERL_PMNS'}) || defined($ENV{'PCP_PERL_DOMAIN'});
-
sub postfix_do_refresh
{
QUEUE:
@@ -212,7 +210,7 @@ $logstats{"received"}{1} = 0;
# Note:
# Environment variables.
-# $PMDA_POSTFIX_QSHAPE: alternative executable qshape scrpipt (for QA)
+# $PMDA_POSTFIX_QSHAPE: alternative executable qshape script (for QA)
# ... over-rides default and command line argument.
# ... over-rides default arguments -b 10 -t $refresh
# $PMDA_POSTFIX_REFRESH: alternative refresh rate (for QA)
@@ -228,7 +226,7 @@ if (defined($ENV{'PMDA_POSTFIX_QSHAPE'})) {
$qshape = $ENV{'PMDA_POSTFIX_QSHAPE'};
$qshape_args = '';
}
-if (!$setup) { $pmda->log("qshape cmd: $qshape $qshape_args <qname>"); }
+unless (pmda_install()) { $pmda->log("qshape cmd: $qshape $qshape_args <qname>"); }
if (defined($ENV{'PMDA_POSTFIX_REFRESH'})) { $refresh = $ENV{'PMDA_POSTFIX_REFRESH'}; }
@@ -238,12 +236,15 @@ foreach my $file ( @logfiles ) {
}
}
if (defined($ENV{'PMDA_POSTFIX_LOG'})) { $logfile = $ENV{'PMDA_POSTFIX_LOG'}; }
-unless(defined($logfile))
-{
- $pmda->log("Fatal: No Postfix log file found in: @logfiles");
- die 'No Postfix log file found';
+unless (pmda_install()) {
+ if (defined($logfile)) {
+ $pmda->log("logfile: $logfile");
+ } else {
+ $pmda->log("Warning: assuming logfile: $logfiles[0] as no Postfix log found yet from: @logfiles");
+ }
}
-if (!$setup) { $pmda->log("logfile: $logfile"); }
+# set a good default if none found, before continuing
+unless (defined($logfile)) { $logfile = $logfiles[0]; }
$pmda->add_indom($postfix_queues_indom, \@postfix_queues_dom, '', '');
$pmda->add_indom($postfix_sent_indom, \@postfix_sent_dom, '', '');

View File

@ -1,44 +0,0 @@
commit d874d2e486c8a64fa9945ed7aa0048cccbd46f77
Author: Nathan Scott <nathans@redhat.com>
Date: Wed May 4 17:11:19 2022 +1000
pmdaproc: fix cgroup cpu metrics refresh structures
Jan Kurik encountered this issue when running the regression
testsuite (especially qa/359) on non-x86_64 architectures.
Something must've changed in the toolchain recently on these
platforms since we've not seen this before, but this bug has
been in our code for some time. It works everywhere else by
good fortune, when there just happen to be NULLs after these
cgroups CPU parsing data structures.
Resolves Red Hat BZ #2081262.
diff --git a/src/pmdas/linux_proc/cgroups.c b/src/pmdas/linux_proc/cgroups.c
index 413a72343..26d59863a 100644
--- a/src/pmdas/linux_proc/cgroups.c
+++ b/src/pmdas/linux_proc/cgroups.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2019 Red Hat.
+ * Copyright (c) 2012-2019,2022 Red Hat.
* Copyright (c) 2010 Aconex. All Rights Reserved.
*
* This program is free software; you can redistribute it and/or modify it
@@ -863,6 +863,7 @@ read_cpu_time(const char *file, cgroup_cputime_t *ccp)
{ "usage_usec", &cputime.usage },
{ "user_usec", &cputime.user },
{ "system_usec", &cputime.system },
+ { NULL, NULL }
};
char buffer[4096], name[64];
unsigned long long value;
@@ -903,6 +904,7 @@ read_cpu_stats(const char *file, cgroup_cpustat_t *ccp)
{ "nr_periods", &cpustat.nr_periods },
{ "nr_throttled", &cpustat.nr_throttled },
{ "throttled_time", &cpustat.throttled_time },
+ { NULL, NULL }
};
char buffer[4096], name[64];
unsigned long long value;

View File

@ -0,0 +1,88 @@
diff --git a/vendor/github.com/iovisor/bcc/libbpf-tools/arm64/vmlinux_510.h b/vendor/github.com/iovisor/bcc/libbpf-tools/arm64/vmlinux_510.h
index f84b1347bf..3c032f5230 100644
--- a/vendor/github.com/iovisor/bcc/libbpf-tools/arm64/vmlinux_510.h
+++ b/vendor/github.com/iovisor/bcc/libbpf-tools/arm64/vmlinux_510.h
@@ -1678,6 +1678,7 @@ struct perf_event {
int pending_wakeup;
int pending_kill;
int pending_disable;
+ long unsigned int pending_addr;
struct irq_work pending;
atomic_t event_limit;
struct perf_addr_filters_head addr_filters;
@@ -1693,6 +1694,7 @@ struct perf_event {
void *overflow_handler_context;
perf_overflow_handler_t orig_overflow_handler;
struct bpf_prog *prog;
+ u64 bpf_cookie;
struct trace_event_call *tp_event;
struct event_filter *filter;
struct ftrace_ops ftrace_ops;
@@ -26070,7 +26072,10 @@ enum bpf_link_type {
BPF_LINK_TYPE_ITER = 4,
BPF_LINK_TYPE_NETNS = 5,
BPF_LINK_TYPE_XDP = 6,
- MAX_BPF_LINK_TYPE = 7,
+ BPF_LINK_TYPE_PERF_EVENT = 7,
+ BPF_LINK_TYPE_KPROBE_MULTI = 8,
+ BPF_LINK_TYPE_STRUCT_OPS = 9,
+ MAX_BPF_LINK_TYPE = 10,
};
struct bpf_link_info {
@@ -30363,6 +30368,11 @@ struct bpf_raw_tp_link {
struct bpf_raw_event_map *btp;
};
+struct bpf_perf_link {
+ struct bpf_link link;
+ struct file *perf_file;
+};
+
struct btf_member {
__u32 name_off;
__u32 type;
diff --git a/vendor/github.com/iovisor/bcc/libbpf-tools/powerpc/vmlinux_510.h b/vendor/github.com/iovisor/bcc/libbpf-tools/powerpc/vmlinux_510.h
index 3b1b0127d1..052db391d4 100644
--- a/vendor/github.com/iovisor/bcc/libbpf-tools/powerpc/vmlinux_510.h
+++ b/vendor/github.com/iovisor/bcc/libbpf-tools/powerpc/vmlinux_510.h
@@ -4345,6 +4345,7 @@ struct perf_event {
int pending_wakeup;
int pending_kill;
int pending_disable;
+ long unsigned int pending_addr;
struct irq_work pending;
atomic_t event_limit;
struct perf_addr_filters_head addr_filters;
@@ -4360,6 +4361,7 @@ struct perf_event {
void *overflow_handler_context;
perf_overflow_handler_t orig_overflow_handler;
struct bpf_prog *prog;
+ u64 bpf_cookie;
struct trace_event_call *tp_event;
struct event_filter *filter;
struct ftrace_ops ftrace_ops;
@@ -36449,7 +36451,10 @@ enum bpf_link_type {
BPF_LINK_TYPE_ITER = 4,
BPF_LINK_TYPE_NETNS = 5,
BPF_LINK_TYPE_XDP = 6,
- MAX_BPF_LINK_TYPE = 7,
+ BPF_LINK_TYPE_PERF_EVENT = 7,
+ BPF_LINK_TYPE_KPROBE_MULTI = 8,
+ BPF_LINK_TYPE_STRUCT_OPS = 9,
+ MAX_BPF_LINK_TYPE = 10,
};
struct bpf_link_info {
@@ -40756,6 +40761,11 @@ struct bpf_raw_tp_link {
struct bpf_raw_event_map *btp;
};
+struct bpf_perf_link {
+ struct bpf_link link;
+ struct file *perf_file;
+};
+
struct btf_member {
__u32 name_off;
__u32 type;

View File

@ -0,0 +1,19 @@
commit 23bfdcbac0b0fb7bd33f092c6f2ad56889480335
Author: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Thu Oct 27 14:22:37 2022 +0200
build: use vendored vmlinux.h when compiling bpftool
diff --git a/vendor/GNUmakefile b/vendor/GNUmakefile
index a0c29d4b45..57151e4671 100644
--- a/vendor/GNUmakefile
+++ b/vendor/GNUmakefile
@@ -3,7 +3,7 @@ include $(TOPDIR)/src/include/builddefs
default_pcp default:
ifeq "$(PMDA_BPF)" "true"
- $(MAKE) -C github.com/libbpf/bpftool/src
+ $(MAKE) -C github.com/libbpf/bpftool/src VMLINUX_H=$(PMDABPF_VMLINUXH)
endif
install_pcp install:

View File

@ -1,20 +1,19 @@
Name: pcp
Version: 5.3.7
Release: 7%{?dist}
Version: 6.0.1
Release: 4%{?dist}
Summary: System-level performance monitoring and performance management
License: GPLv2+ and LGPLv2+ and CC-BY
URL: https://pcp.io
%global artifactory https://performancecopilot.jfrog.io/artifactory
Source0: %{artifactory}/pcp-source-release/pcp-%{version}.src.tar.gz
Patch0: redhat-bugzilla-1981886-pmdasockets-backporting.patch
Patch1: redhat-bugzilla-2059461-pmie-systemd-fixup.patch
Patch2: redhat-bugzilla-2081262-pmdaproc-cgroups-fix.patch
Patch3: redhat-bugzilla-2059463-pmdapostfix-harden.patch
Patch0: redhat-bugzilla-2117074-vendored_vmlinux.h.patch
Patch1: redhat-bugzilla-2117074-ppc_arm_vmlinux.h.patch
# The additional linker flags break out-of-tree PMDAs.
# https://bugzilla.redhat.com/show_bug.cgi?id=2043092
%undefine _package_note_flags
%undefine _package_note_flags
%if 0%{?fedora} >= 26 || 0%{?rhel} > 7
%global __python2 python2
@ -50,8 +49,6 @@ Patch3: redhat-bugzilla-2059463-pmdapostfix-harden.patch
%endif
%endif
%global disable_podman 0
# libchan, libhdr_histogram and pmdastatsd
%if 0%{?fedora} >= 29 || 0%{?rhel} > 7
%global disable_statsd 0
@ -98,7 +95,7 @@ Patch3: redhat-bugzilla-2059463-pmdapostfix-harden.patch
%global disable_bcc 1
%endif
# support for pmdabpf, check bpf.spec for supported architectures of bpf
# support for pmdabpf, check bcc.spec for supported architectures of libbpf-tools
%if 0%{?fedora} >= 33 || 0%{?rhel} > 8
%ifarch x86_64 ppc64 ppc64le aarch64
%global disable_bpf 0
@ -131,6 +128,13 @@ Patch3: redhat-bugzilla-2059463-pmdapostfix-harden.patch
%global disable_json 1
%endif
# support for pmdamongodb
%if !%{disable_python2} || !%{disable_python3}
%global disable_mongodb 0
%else
%global disable_mongodb 1
%endif
# No mssql ODBC driver on non-x86 platforms
%ifarch x86_64
%if !%{disable_python2} || !%{disable_python3}
@ -233,7 +237,6 @@ Obsoletes: pcp-pmda-nvidia < 3.10.5
BuildRequires: make
BuildRequires: gcc gcc-c++
BuildRequires: procps autoconf bison flex
BuildRequires: nss-devel
BuildRequires: avahi-devel
BuildRequires: xz-devel
BuildRequires: zlib-devel
@ -279,7 +282,7 @@ BuildRequires: perl(Time::HiRes) perl(Digest::MD5)
BuildRequires: perl(XML::LibXML) perl(File::Slurp)
BuildRequires: man %{_hostname_executable}
%if !%{disable_systemd}
BuildRequires: systemd-devel systemd-rpm-macros
BuildRequires: systemd-devel
%endif
%if !%{disable_qt}
BuildRequires: desktop-file-utils
@ -292,40 +295,28 @@ BuildRequires: qt5-qtsvg-devel
%endif
Requires: bash xz gawk sed grep findutils which %{_hostname_executable}
%if 0%{?rhel} > 8
Requires: cyrus-sasl-scram
%endif
Requires: pcp-libs = %{version}-%{release}
%if !%{disable_selinux}
%if !%{disable_selinux}
# rpm boolean dependencies are supported since RHEL 8
%if 0%{?fedora} >= 35 || 0%{?rhel} >= 8
# This ensures that the pcp-selinux package and all it's dependencies are not pulled
# into containers and other systems that do not use SELinux
# This ensures that the pcp-selinux package and all its dependencies are
# not pulled into containers and other systems that do not use SELinux
Requires: (pcp-selinux = %{version}-%{release} if selinux-policy-targeted)
%else
Requires: pcp-selinux = %{version}-%{release}
%endif
%endif
%global _confdir %{_sysconfdir}/pcp
%global _logsdir %{_localstatedir}/log/pcp
%global _pmnsdir %{_localstatedir}/lib/pcp/pmns
%global _pmnsexecdir %{_libexecdir}/pcp/pmns
%global _tempsdir %{_localstatedir}/lib/pcp/tmp
%global _pmdasdir %{_localstatedir}/lib/pcp/pmdas
%global _pmdasexecdir %{_libexecdir}/pcp/pmdas
%global _testsdir %{_localstatedir}/lib/pcp/testsuite
%global _selinuxdir %{_localstatedir}/lib/pcp/selinux
%global _selinuxexecdir %{_libexecdir}/pcp/selinux
%global _logconfdir %{_localstatedir}/lib/pcp/config/pmlogconf
%global _ieconfigdir %{_localstatedir}/lib/pcp/config/pmie
%global _ieconfdir %{_localstatedir}/lib/pcp/config/pmieconf
%global _tapsetdir %{_datadir}/systemtap/tapset
%global _bashcompdir %{_datadir}/bash-completion/completions
%global _pixmapdir %{_datadir}/pcp-gui/pixmaps
%global _hicolordir %{_datadir}/icons/hicolor
%global _booksdir %{_datadir}/doc/pcp-doc
%global _selinuxdir %{_datadir}/selinux/packages/targeted
%if 0%{?fedora} >= 20 || 0%{?rhel} >= 8
%global _with_doc --with-docdir=%{_docdir}/%{name}
@ -368,12 +359,6 @@ Requires: pcp-selinux = %{version}-%{release}
%global _with_perfevent --with-perfevent=yes
%endif
%if %{disable_podman}
%global _with_podman --with-podman=no
%else
%global _with_podman --with-podman=yes
%endif
%if %{disable_statsd}
%global _with_statsd --with-pmdastatsd=no
%else
@ -404,6 +389,12 @@ Requires: pcp-selinux = %{version}-%{release}
%global _with_json --with-pmdajson=yes
%endif
%if %{disable_mongodb}
%global _with_mongodb --with-pmdamongodb=no
%else
%global _with_mongodb --with-pmdamongodb=yes
%endif
%if %{disable_nutcracker}
%global _with_nutcracker --with-pmdanutcracker=no
%else
@ -446,13 +437,12 @@ else
fi
}
%global selinux_handle_policy() %{expand:
if [ %1 -ge 1 ]
%global run_pmieconf() %{expand:
if [ -w "%1" ]
then
%{_libexecdir}/pcp/bin/selinux-setup %{_selinuxdir} install %2
elif [ %1 -eq 0 ]
then
%{_libexecdir}/pcp/bin/selinux-setup %{_selinuxdir} remove %2
pmieconf -c enable "%2"
else
echo "WARNING: Cannot write to %1, skipping pmieconf enable of %2." >&2
fi
}
@ -487,6 +477,9 @@ Summary: Performance Co-Pilot run-time libraries
URL: https://pcp.io
Requires: pcp-conf = %{version}-%{release}
# prevent conflicting library (libpcp.so.N) installation
Conflicts: postgresql-pgpool-II
%description libs
Performance Co-Pilot (PCP) run-time libraries
@ -499,6 +492,9 @@ Summary: Performance Co-Pilot (PCP) development headers
URL: https://pcp.io
Requires: pcp = %{version}-%{release} pcp-libs = %{version}-%{release}
# prevent conflicting library (libpcp.so) installation
Conflicts: postgresql-pgpool-II-devel
%description libs-devel
Performance Co-Pilot (PCP) headers for development.
@ -539,10 +535,7 @@ Requires: pcp-pmda-dm pcp-pmda-apache
Requires: pcp-pmda-bash pcp-pmda-cisco pcp-pmda-gfs2 pcp-pmda-mailq pcp-pmda-mounts
Requires: pcp-pmda-nvidia-gpu pcp-pmda-roomtemp pcp-pmda-sendmail pcp-pmda-shping pcp-pmda-smart
Requires: pcp-pmda-hacluster pcp-pmda-lustrecomm pcp-pmda-logger pcp-pmda-denki pcp-pmda-docker pcp-pmda-bind2
Requires: pcp-pmda-sockets
%if !%{disable_podman}
Requires: pcp-pmda-podman
%endif
Requires: pcp-pmda-sockets pcp-pmda-podman
%if !%{disable_statsd}
Requires: pcp-pmda-statsd
%endif
@ -562,7 +555,10 @@ Requires: pcp-pmda-bpftrace
Requires: pcp-pmda-gluster pcp-pmda-zswap pcp-pmda-unbound pcp-pmda-mic
Requires: pcp-pmda-libvirt pcp-pmda-lio pcp-pmda-openmetrics pcp-pmda-haproxy
Requires: pcp-pmda-lmsensors pcp-pmda-netcheck pcp-pmda-rabbitmq
Requires: pcp-pmda-openvswitch pcp-pmda-mongodb
Requires: pcp-pmda-openvswitch
%endif
%if !%{disable_mongodb}
Requires: pcp-pmda-mongodb
%endif
%if !%{disable_mssql}
Requires: pcp-pmda-mssql
@ -903,7 +899,6 @@ Performance Co-Pilot (PCP) front-end tools for exporting metric values
to the Zabbix (https://www.zabbix.org/) monitoring software.
%endif
%if !%{disable_podman}
#
# pcp-pmda-podman
#
@ -916,7 +911,6 @@ Requires: pcp = %{version}-%{release} pcp-libs = %{version}-%{release}
%description pmda-podman
This package contains the PCP Performance Metrics Domain Agent (PMDA) for
collecting podman container and pod statistics via the podman REST API.
%endif
%if !%{disable_statsd}
#
@ -1805,7 +1799,9 @@ Requires: %{__python2}-pcp
This package contains the PCP Performance Metrics Domain Agent (PMDA) for
collecting metrics from simple network checks.
# end pcp-pmda-netcheck
%endif
%if !%{disable_mongodb}
#
# pcp-pmda-mongodb
#
@ -1818,11 +1814,13 @@ Requires: pcp = %{version}-%{release} pcp-libs = %{version}-%{release}
Requires: python3-pcp
%if 0%{?rhel} == 0
Requires: python3-pymongo
BuildRequires: python3-pymongo
%endif
%else
Requires: %{__python2}-pcp
%if 0%{?rhel} == 0
Requires: %{__python2}-pymongo
BuildRequires: %{__python2}-pymongo
%endif
%endif
%description pmda-mongodb
@ -2294,11 +2292,9 @@ updated policy package.
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%build
# the buildsubdir macro gets defined in %setup and is apparently only available in the next step (i.e. the %build step)
# the buildsubdir macro gets defined in %%setup and is apparently only available in the next step (i.e. the %%build step)
%global __strip %{_builddir}/%{?buildsubdir}/build/rpm/custom-strip
# fix up build version
@ -2308,7 +2304,7 @@ sed -i "/PACKAGE_BUILD/s/=[0-9]*/=$_build/" VERSION.pcp
%if !%{disable_python2} && 0%{?default_python} != 3
export PYTHON=python%{?default_python}
%endif
%configure %{?_with_initd} %{?_with_doc} %{?_with_dstat} %{?_with_ib} %{?_with_podman} %{?_with_statsd} %{?_with_perfevent} %{?_with_bcc} %{?_with_bpf} %{?_with_bpftrace} %{?_with_json} %{?_with_snmp} %{?_with_nutcracker} %{?_with_python2}
%configure %{?_with_initd} %{?_with_doc} %{?_with_dstat} %{?_with_ib} %{?_with_statsd} %{?_with_perfevent} %{?_with_bcc} %{?_with_bpf} %{?_with_bpftrace} %{?_with_json} %{?_with_mongodb} %{?_with_snmp} %{?_with_nutcracker} %{?_with_python2}
make %{?_smp_mflags} default_pcp
%install
@ -2431,7 +2427,7 @@ total_manifest() {
awk '{print $NF}' $DIST_MANIFEST
}
basic_manifest() {
total_manifest | cull '/pcp-doc/|/testsuite/|/man/|/examples/'
total_manifest | cull '/pcp-doc/|/testsuite/|/man/|pcp/examples/'
}
#
@ -2440,16 +2436,16 @@ basic_manifest() {
# Likewise, for the pcp-pmda and pcp-testsuite subpackages.
#
total_manifest | keep 'tutorials|/html/|pcp-doc|man.*\.[1-9].*' | cull 'out' >pcp-doc-files
total_manifest | keep 'testsuite|etc/systemd/system|libpcp_fault|pcp/fault.h' >pcp-testsuite-files
total_manifest | keep 'testsuite|pcpqa|etc/systemd/system|libpcp_fault|pcp/fault.h' >pcp-testsuite-files
basic_manifest | keep "$PCP_GUI|pcp-gui|applications|pixmaps|hicolor" | cull 'pmtime.h' >pcp-gui-files
basic_manifest | keep 'selinux' | cull 'tmp|GNUselinuxdefs' >pcp-selinux-files
basic_manifest | keep 'selinux' | cull 'tmp|testsuite' >pcp-selinux-files
basic_manifest | keep 'zeroconf|daily[-_]report|/sa$' >pcp-zeroconf-files
basic_manifest | grep -E -e 'pmiostat|pmrep|dstat|htop|pcp2csv' \
-e 'pcp-atop|pcp-dmcache|pcp-dstat|pcp-free|pcp-htop' \
-e 'pcp-ipcs|pcp-iostat|pcp-lvmcache|pcp-mpstat' \
-e 'pcp-numastat|pcp-pidstat|pcp-shping|pcp-tapestat' \
-e 'pcp-uptime|pcp-verify|pcp-ss' | \
-e 'pcp-uptime|pcp-verify|pcp-ss|pcp-ps' | \
cull 'selinux|pmlogconf|pmieconf|pmrepconf' >pcp-system-tools-files
basic_manifest | keep 'sar2pcp' >pcp-import-sar2pcp-files
@ -2514,7 +2510,7 @@ basic_manifest | keep '(etc/pcp|pmdas)/nginx(/|$)' >pcp-pmda-nginx-files
basic_manifest | keep '(etc/pcp|pmdas)/nutcracker(/|$)' >pcp-pmda-nutcracker-files
basic_manifest | keep '(etc/pcp|pmdas)/nvidia(/|$)' >pcp-pmda-nvidia-files
basic_manifest | keep '(etc/pcp|pmdas)/openmetrics(/|$)' >pcp-pmda-openmetrics-files
basic_manifest | keep '(etc/pcp|pmdas)/openvswitch(/|$)' >pcp-pmda-openvswitch-files
basic_manifest | keep '(etc/pcp|pmdas|pmieconf)/openvswitch(/|$)' >pcp-pmda-openvswitch-files
basic_manifest | keep '(etc/pcp|pmdas)/oracle(/|$)' >pcp-pmda-oracle-files
basic_manifest | keep '(etc/pcp|pmdas)/pdns(/|$)' >pcp-pmda-pdns-files
basic_manifest | keep '(etc/pcp|pmdas)/perfevent(/|$)' >pcp-pmda-perfevent-files
@ -2687,14 +2683,28 @@ done
%endif
%pre testsuite
test -d %{_testsdir} || mkdir -p -m 755 %{_testsdir}
%if !%{disable_selinux}
%selinux_relabel_pre -s targeted
%endif
%if 0%{?fedora} >= 32 || 0%{?rhel} >= 9
echo u pcpqa - \"PCP Quality Assurance\" %{_testsdir} /bin/bash | \
systemd-sysusers --replace=/usr/lib/sysusers.d/pcp-testsuite.conf -
%else
getent group pcpqa >/dev/null || groupadd -r pcpqa
getent passwd pcpqa >/dev/null || \
useradd -c "PCP Quality Assurance" -g pcpqa -d %{_testsdir} -M -r -s /bin/bash pcpqa 2>/dev/null
%endif
test -d %{_testsdir} || mkdir -p -m 755 %{_testsdir}
chown -R pcpqa:pcpqa %{_testsdir} 2>/dev/null
exit 0
%post testsuite
%if !%{disable_selinux}
PCP_SELINUX_DIR=%{_selinuxdir}
semodule -r pcpqa >/dev/null 2>&1 || true
%selinux_modules_install -s targeted "$PCP_SELINUX_DIR/pcp-testsuite.pp.bz2"
%selinux_relabel_post -s targeted
%endif
chown -R pcpqa:pcpqa %{_testsdir} 2>/dev/null
%if 0%{?rhel}
%if !%{disable_systemd}
@ -2709,10 +2719,23 @@ chown -R pcpqa:pcpqa %{_testsdir} 2>/dev/null
%endif
exit 0
%if !%{disable_selinux}
%postun testsuite
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s targeted pcp-testsuite
%selinux_relabel_post -s targeted
fi
%endif
%pre
%if 0%{?fedora} >= 32 || 0%{?rhel} >= 9
echo u pcp - \"Performance Co-Pilot\" %{_localstatedir}/lib/pcp | \
systemd-sysusers --replace=/usr/lib/sysusers.d/pcp.conf -
%else
getent group pcp >/dev/null || groupadd -r pcp
getent passwd pcp >/dev/null || \
useradd -c "Performance Co-Pilot" -g pcp -d %{_localstatedir}/lib/pcp -M -r -s /sbin/nologin pcp
%endif
exit 0
%if !%{disable_systemd}
@ -2730,10 +2753,8 @@ exit 0
%{pmda_remove "$1" "perfevent"}
%endif
%if !%{disable_podman}
%preun pmda-podman
%{pmda_remove "$1" "podman"}
%endif
%if !%{disable_statsd}
%preun pmda-statsd
@ -2891,8 +2912,10 @@ exit 0
%preun pmda-lmsensors
%{pmda_remove "$1" "lmsensors"}
%if !%{disable_mongodb}
%preun pmda-mongodb
%{pmda_remove "$1" "mongodb"}
%endif
%if !%{disable_mssql}
%preun pmda-mssql
@ -2958,14 +2981,6 @@ exit 0
%preun pmda-weblog
%{pmda_remove "$1" "weblog"}
%if !%{disable_systemd}
%preun zeroconf
if [ "$1" -eq 0 ]
then
%systemd_preun pmlogger_daily_report.timer pmlogger_daily_report.service
fi
%endif
%preun
if [ "$1" -eq 0 ]
then
@ -2995,6 +3010,7 @@ fi
PCP_PMDAS_DIR=%{_pmdasdir}
PCP_SYSCONFIG_DIR=%{_sysconfdir}/sysconfig
PCP_PMCDCONF_PATH=%{_confdir}/pmcd/pmcd.conf
PCP_PMIECONFIG_DIR=%{_ieconfigdir}
# auto-install important PMDAs for RH Support (if not present already)
for PMDA in dm nfsclient openmetrics ; do
if ! grep -q "$PMDA/pmda$PMDA" "$PCP_PMCDCONF_PATH"
@ -3003,7 +3019,7 @@ for PMDA in dm nfsclient openmetrics ; do
fi
done
# auto-enable these usually optional pmie rules
pmieconf -c enable dmthin
%{run_pmieconf "$PCP_PMIECONFIG_DIR" dmthin}
%if 0%{?rhel}
%if !%{disable_systemd}
systemctl restart pmcd pmlogger pmie >/dev/null 2>&1
@ -3018,17 +3034,6 @@ pmieconf -c enable dmthin
%endif
%endif
%if !%{disable_selinux}
%post selinux
%{selinux_handle_policy "$1" "pcpupstream"}
%triggerin selinux -- docker-selinux
%{selinux_handle_policy "$1" "pcpupstream-docker"}
%triggerin selinux -- container-selinux
%{selinux_handle_policy "$1" "pcpupstream-container"}
%endif
%post
PCP_PMNS_DIR=%{_pmnsdir}
PCP_LOG_DIR=%{_logsdir}
@ -3067,14 +3072,22 @@ PCP_LOG_DIR=%{_logsdir}
%endif
%if !%{disable_selinux}
%preun selinux
%{selinux_handle_policy "$1" "pcpupstream"}
%pre selinux
%selinux_relabel_pre -s targeted
%triggerun selinux -- docker-selinux
%{selinux_handle_policy "$1" "pcpupstream-docker"}
%post selinux
PCP_SELINUX_DIR=%{_selinuxdir}
semodule -r pcpupstream-container >/dev/null 2>&1 || true
semodule -r pcpupstream-docker >/dev/null 2>&1 || true
semodule -r pcpupstream >/dev/null 2>&1 || true
%selinux_modules_install -s targeted "$PCP_SELINUX_DIR/pcp.pp.bz2"
%selinux_relabel_post -s targeted
%triggerun selinux -- container-selinux
%{selinux_handle_policy "$1" "pcpupstream-container"}
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s targeted pcp
%selinux_relabel_post -s targeted
fi
%endif
%files -f pcp-files.rpm
@ -3093,6 +3106,7 @@ PCP_LOG_DIR=%{_logsdir}
%if !%{disable_selinux}
%files selinux -f pcp-selinux-files.rpm
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/targeted/active/modules/200/pcp
%endif
%if !%{disable_qt}
@ -3105,9 +3119,7 @@ PCP_LOG_DIR=%{_logsdir}
%files pmda-infiniband -f pcp-pmda-infiniband-files.rpm
%endif
%if !%{disable_podman}
%files pmda-podman -f pcp-pmda-podman-files.rpm
%endif
%if !%{disable_statsd}
%files pmda-statsd -f pcp-pmda-statsd-files.rpm
@ -3224,7 +3236,9 @@ PCP_LOG_DIR=%{_logsdir}
%files pmda-lmsensors -f pcp-pmda-lmsensors-files.rpm
%if !%{disable_mongodb}
%files pmda-mongodb -f pcp-pmda-mongodb-files.rpm
%endif
%if !%{disable_mssql}
%files pmda-mssql -f pcp-pmda-mssql-files.rpm
@ -3353,6 +3367,26 @@ PCP_LOG_DIR=%{_logsdir}
%files zeroconf -f pcp-zeroconf-files.rpm
%changelog
* Tue Jan 17 2023 Nathan Scott <nathans@redhat.com> - 6.0.1-4
- Rebuild for dependency on new version of libbpf (BZ 2159276)
* Thu Nov 17 2022 Nathan Scott <nathans@redhat.com> - 6.0.1-3
- Remove pmlogger_daily_report systemd leftovers (BZ 2142713)
* Fri Nov 11 2022 Nathan Scott <nathans@redhat.com> - 6.0.1-2
- Resolve an issue with installing sysusers entries (BZ 2138758)
* Fri Oct 28 2022 Nathan Scott <nathans@redhat.com> - 6.0.1-1
- Convert to independent selinux policy (BZs 1941873, 2127037)
- Improve pmproxy REST API timeout handling (BZ 2130208)
- Rebase to latest stable version of PCP (BZ 2117074)
* Mon Sep 26 2022 Nathan Scott <nathans@redhat.com> - 6.0.0-1
- Support --top* options in the pcp-dstat(1) utility (BZ 2020988)
- Performance improvements, fixes in pmseries --load (BZ 2027430)
- Switch from static pcp useradd to systemd-sysusers (BZ 2095445)
- Rebase to latest stable version of PCP (BZ 2117074)
* Mon May 09 2022 Nathan Scott <nathans@redhat.com> - 5.3.7-7
- Additional selinux policy rules for pmdasockets (BZ 1981886)