From 86a3dd56d6fdfd9cc781fb9aba43c16710b026a66a8f154ee115516ba3f53036 Mon Sep 17 00:00:00 2001 From: Kristoffer Gronlund Date: Tue, 16 Sep 2014 07:48:32 +0000 Subject: [PATCH 1/3] - Backport fixes from upstream (bnc#896833): - fence_brocade: Add support for 'list' action - fencing: Monitor is not working correctly without 'list' or 'status' - fence_apc_snmp: Add support for firmware 6.x - fence_zvm: Add support for "on" and "status" - fence_zvm: Add current XML metadata to test suite - [build] Fix automake files, so 'make distcheck' works - fencing: Add new options --ssl-secure and --ssl-insecure - [tests] Update XML metadata of fence agents - fence_cisco_ucs & fence_vmware_soap: Logout has to be performed even when fencing fails - fence_zvm: Fixes for better upstream inclusion - fence_zvm: Add support for 'on', improve documentation - Added patches: - 0001-fence_brocade-Add-support-for-list-action.patch - 0002-fencing-Monitor-is-not-working-correctly-without-lis.patch - 0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch - 0004-fence_zvm-Add-support-for-on-and-status.patch - 0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch - 0006-build-Fix-automake-files-so-make-distcheck-works.patch - 0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch - 0008-tests-Update-XML-metadata-of-fence-agents.patch - 0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch - 0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch - 0011-fence_zvm-Add-support-for-on-improve-documentation.patch - Add dependency on python-requests OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/fence-agents?expand=0&rev=16 --- ..._brocade-Add-support-for-list-action.patch | 78 ++ ...is-not-working-correctly-without-lis.patch | 65 ++ ...pc_snmp-Add-support-for-firmware-6.x.patch | 44 + ...ce_zvm-Add-support-for-on-and-status.patch | 799 ++++++++++++++++++ ...d-current-XML-metadata-to-test-suite.patch | 25 + ...tomake-files-so-make-distcheck-works.patch | 47 ++ ...-options-ssl-secure-and-ssl-insecure.patch | 208 +++++ ...-Update-XML-metadata-of-fence-agents.patch | 186 ++++ ...fence_vmware_soap-Logout-has-to-be-p.patch | 171 ++++ ...-Fixes-for-better-upstream-inclusion.patch | 62 ++ ...support-for-on-improve-documentation.patch | 234 +++++ fence-agents.changes | 31 + fence-agents.spec | 37 + 13 files changed, 1987 insertions(+) create mode 100644 0001-fence_brocade-Add-support-for-list-action.patch create mode 100644 0002-fencing-Monitor-is-not-working-correctly-without-lis.patch create mode 100644 0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch create mode 100644 0004-fence_zvm-Add-support-for-on-and-status.patch create mode 100644 0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch create mode 100644 0006-build-Fix-automake-files-so-make-distcheck-works.patch create mode 100644 0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch create mode 100644 0008-tests-Update-XML-metadata-of-fence-agents.patch create mode 100644 0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch create mode 100644 0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch create mode 100644 0011-fence_zvm-Add-support-for-on-improve-documentation.patch diff --git a/0001-fence_brocade-Add-support-for-list-action.patch b/0001-fence_brocade-Add-support-for-list-action.patch new file mode 100644 index 0000000..8cb588f --- /dev/null +++ b/0001-fence_brocade-Add-support-for-list-action.patch @@ -0,0 +1,78 @@ +From 98236c1c0f0f3b9d6def701e5e9cc67f35649441 Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Tue, 1 Jul 2014 15:25:45 +0200 +Subject: [PATCH 01/11] fence_brocade: Add support for 'list' action + +--- + fence/agents/brocade/fence_brocade.py | 41 +++++++++++++++++++---------------- + 1 file changed, 22 insertions(+), 19 deletions(-) + +diff --git a/fence/agents/brocade/fence_brocade.py b/fence/agents/brocade/fence_brocade.py +index f935280..3e5dd93 100644 +--- a/fence/agents/brocade/fence_brocade.py ++++ b/fence/agents/brocade/fence_brocade.py +@@ -12,24 +12,6 @@ REDHAT_COPYRIGHT="" + BUILD_DATE="March, 20013" + #END_VERSION_GENERATION + +-def get_power_status(conn, options): +- conn.send_eol("portCfgShow " + options["--plug"]) +- +- conn.log_expect(options, options["--command-prompt"], int(options["--shell-timeout"])) +- +- show_re = re.compile(r'^\s*Persistent Disable\s*(ON|OFF)\s*$', re.IGNORECASE) +- lines = conn.before.split("\n") +- +- for line in lines: +- res = show_re.search(line) +- if res != None: +- # We queried if it is disabled, so we have to negate answer +- if res.group(1) == "ON": +- return "off" +- else: +- return "on" +- +- fail(EC_STATUS) + def set_power_status(conn, options): + action = { + 'on' : "portCfgPersistentEnable", +@@ -39,6 +21,27 @@ def set_power_status(conn, options): + conn.send_eol(action + " " + options["--plug"]) + conn.log_expect(options, options["--command-prompt"], int(options["--power-timeout"])) + ++def get_power_status(conn, options): ++ line_re = re.compile(r'=========', re.IGNORECASE) ++ outlets = {} ++ in_index = False ++ ++ conn.send_eol("switchshow") ++ conn.log_expect(options, options["--command-prompt"], int(options["--power-timeout"])) ++ for line in str(conn.before).split("\n"): ++ if line_re.search(line): ++ in_index = True ++ elif in_index and line.lstrip()[0].isdigit(): ++ tokens = line.lstrip().split() ++ status = "off" if len(tokens) > 7 and tokens[7] == "Disabled" else "on" ++ outlets[tokens[0]] = ("", status) ++ ++ if options["--action"] == "status": ++ (_, status) = outlets[options["--plug"]] ++ return status ++ else: ++ return outlets ++ + def main(): + device_opt = ["ipaddr", "login", "passwd", "cmd_prompt", "secure", "port", "fabric_fencing"] + +@@ -66,7 +69,7 @@ FC switch needs to be enabled. This can be done by running fence_brocade and spe + ## Operate the fencing device + #### + conn = fence_login(options) +- result = fence_action(conn, options, set_power_status, get_power_status, None) ++ result = fence_action(conn, options, set_power_status, get_power_status, get_power_status) + fence_logout(conn, "exit") + sys.exit(result) + +-- +1.8.4.5 + diff --git a/0002-fencing-Monitor-is-not-working-correctly-without-lis.patch b/0002-fencing-Monitor-is-not-working-correctly-without-lis.patch new file mode 100644 index 0000000..4dc488e --- /dev/null +++ b/0002-fencing-Monitor-is-not-working-correctly-without-lis.patch @@ -0,0 +1,65 @@ +From 5a1fd08c7cf4a4c7d41db3db0a83eed226804b40 Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Tue, 1 Jul 2014 15:27:27 +0200 +Subject: [PATCH 02/11] fencing: Monitor is not working correctly without + 'list' or 'status' + +Action monitor either executes 'status' (without --plug) or 'list' (with --plug). But +it is not required to have 'list' action. If they do not then 'monitor' has to be done +in different way, e.g. login/logout. +--- + fence/agents/ovh/fence_ovh.py | 13 ++++++++++--- + fence/agents/raritan/fence_raritan.py | 5 ++++- + 2 files changed, 14 insertions(+), 4 deletions(-) + +diff --git a/fence/agents/ovh/fence_ovh.py b/fence/agents/ovh/fence_ovh.py +index f9a1c39..14a0706 100644 +--- a/fence/agents/ovh/fence_ovh.py ++++ b/fence/agents/ovh/fence_ovh.py +@@ -94,10 +94,10 @@ Poweroff is simulated with a reboot into rescue-pro mode." + docs["vendorurl"] = "http://www.ovh.net" + show_docs(options, docs) + +- if options["--action"] in ["list", "status"]: +- fail_usage("Action '" + options["--action"] + "' is not supported in this fence agent") ++ if options["--action"] == "list": ++ fail_usage("Action 'list' is not supported in this fence agent") + +- if not options["--plug"].endswith(".ovh.net"): ++ if options["--action"] != "monitor" and not options["--plug"].endswith(".ovh.net"): + options["--plug"] += ".ovh.net" + + if not options.has_key("--email"): +@@ -107,6 +107,13 @@ Poweroff is simulated with a reboot into rescue-pro mode." + + conn = soap_login(options) + ++ if options["--action"] == 'monitor': ++ try: ++ conn.service.logout(options["session"]) ++ except Exception: ++ pass ++ sys.exit(0) ++ + # Save datetime just before changing netboot + before_netboot_reboot = datetime.now() + +diff --git a/fence/agents/raritan/fence_raritan.py b/fence/agents/raritan/fence_raritan.py +index 3506e25..bb6ad52 100644 +--- a/fence/agents/raritan/fence_raritan.py ++++ b/fence/agents/raritan/fence_raritan.py +@@ -79,7 +79,10 @@ block any necessary fencing actions." + except pexpect.TIMEOUT: + fail(EC_LOGIN_DENIED) + +- result = fence_action(conn, options, set_power_status, get_power_status) ++ result = 0 ++ if options["--action"] != "monitor": ++ result = fence_action(conn, options, set_power_status, get_power_status) ++ + fence_logout(conn, "exit\n") + sys.exit(result) + +-- +1.8.4.5 + diff --git a/0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch b/0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch new file mode 100644 index 0000000..728f4f3 --- /dev/null +++ b/0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch @@ -0,0 +1,44 @@ +From acd138f4da16067f073d40b09a16a64867ef7e8f Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Mon, 4 Aug 2014 16:29:09 +0200 +Subject: [PATCH 03/11] fence_apc_snmp: Add support for firmware 6.x + +Resolves: rhbz#1123897 +--- + fence/agents/apc_snmp/fence_apc_snmp.py | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/fence/agents/apc_snmp/fence_apc_snmp.py b/fence/agents/apc_snmp/fence_apc_snmp.py +index cbb6856..a2b0d18 100644 +--- a/fence/agents/apc_snmp/fence_apc_snmp.py ++++ b/fence/agents/apc_snmp/fence_apc_snmp.py +@@ -87,6 +87,18 @@ class ApcMS(object): + turn_off = 2 + has_switches = False + ++class ApcMS6(object): ++ # Master Switch with 6.x firmware ++ status_oid = '.1.3.6.1.4.1.318.1.1.4.4.2.1.3.%d' ++ control_oid = '.1.3.6.1.4.1.318.1.1.12.3.3.1.1.4.%d' ++ outlet_table_oid = '1.3.6.1.4.1.318.1.1.4.4.2.1.4' ++ ident_str = "APC Master Switch with firmware v6.x" ++ state_on = 1 ++ state_off = 2 ++ turn_on = 1 ++ turn_off = 2 ++ has_switches = False ++ + ### FUNCTIONS ### + def apc_set_device(conn): + global device +@@ -94,6 +106,7 @@ def apc_set_device(conn): + agents_dir = {'.1.3.6.1.4.1.318.1.3.4.5':ApcRPDU, + '.1.3.6.1.4.1.318.1.3.4.4':ApcMSP, + '.1.3.6.1.4.1.850.1':TripplitePDU, ++ '.1.3.6.1.4.1.318.1.3.4.6':ApcMS6, + None:ApcMS} + + # First resolve type of APC +-- +1.8.4.5 + diff --git a/0004-fence_zvm-Add-support-for-on-and-status.patch b/0004-fence_zvm-Add-support-for-on-and-status.patch new file mode 100644 index 0000000..b89df53 --- /dev/null +++ b/0004-fence_zvm-Add-support-for-on-and-status.patch @@ -0,0 +1,799 @@ +From b7542b38679016bd469dfc42b919df15c36baa46 Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Wed, 27 Aug 2014 13:07:44 +0200 +Subject: [PATCH 04/11] fence_zvm: Add support for "on" and "status" + +Developed by: Neale Ferguson +--- + fence/agents/zvm/fence_zvm.8 | 4 +- + fence/agents/zvm/fence_zvm.c | 286 +++++++++++++++++++++++++++++++++++--- + fence/agents/zvm/fence_zvm.h | 1 + + fence/agents/zvm/fence_zvmip.8 | 5 +- + fence/agents/zvm/fence_zvmip.c | 309 +++++++++++++++++++++++++++++++++++++++-- + 5 files changed, 575 insertions(+), 30 deletions(-) + +diff --git a/fence/agents/zvm/fence_zvm.8 b/fence/agents/zvm/fence_zvm.8 +index 0b34e2c..359436e 100644 +--- a/fence/agents/zvm/fence_zvm.8 ++++ b/fence/agents/zvm/fence_zvm.8 +@@ -22,7 +22,7 @@ Vendor URL: http://www.sinenomine.net + .SH OPTIONS + .TP + \fB-o --action\fP +-Fencing action: "off" - fence off device; "metadata" - display device metadata ++Fencing action: "off" - deactivate virtual machine; "on" - activate virtual machine; "metadata" - display device metadata" - describe fence agent parameters; "status" - state of virtual machine + .TP + \fB--delay\fP \fIseconds\fP + Time to delay fencing action in seconds +@@ -52,7 +52,7 @@ forcibly terminated. Currently, this option is ignored. + This option is used by fence_node(8) and is ignored by fence_zvm. + .TP + \fIaction = < action >\fP +-Fencing action: "off" - fence off device; "metadata" - display device metadata ++Fencing action: "off" - fence off device; "metadata" - display device metadata; "status" - state of device + .TP + \fIport = < target >\fP + Name of virtual machine to recycle. +diff --git a/fence/agents/zvm/fence_zvm.c b/fence/agents/zvm/fence_zvm.c +index d2fb4a9..2ec4be9 100644 +--- a/fence/agents/zvm/fence_zvm.c ++++ b/fence/agents/zvm/fence_zvm.c +@@ -185,6 +185,240 @@ zvm_smapi_imageRecycle(zvm_driver_t *zvm) + } + + /** ++ * zvm_smapi_imageDeactivate ++ * @zvm: z/VM driver information ++ * ++ * Deactivates a virtual image ++ */ ++int ++zvm_smapi_imageDeactivate(zvm_driver_t *zvm) ++{ ++ struct _inPlist { ++ int32_t lPlist; ++ int32_t lFName; ++ char fName[16]; ++ int32_t lUser; ++ int32_t lPass; ++ int32_t lTarget; ++ char target[0]; ++ } __attribute__ ((__packed__)) *inPlist; ++ struct _deactTime { ++ int32_t lForceTime; ++ char forceTime[5]; ++ } __attribute__ ((__packed__)) *deactTime; ++ int32_t lInPlist; ++ struct _outPlist { ++ smapiOutHeader_t hdr; ++ int32_t nActive; ++ int32_t nInActive; ++ int32_t lFail; ++ char failArray[0]; ++ } *outPlist = NULL; ++ void *pOut = NULL; ++ int32_t lRsp; ++ uint32_t reqId; ++ int rc; ++ ++ /* ++ * Implement any delay ++ */ ++ if (zvm->delay > 0) ++ sleep(zvm->delay); ++ ++ lInPlist = sizeof(*inPlist) + strlen(zvm->target) + sizeof(*deactTime); ++ inPlist = malloc(lInPlist); ++ if (inPlist != NULL) { ++ inPlist->lPlist = lInPlist - sizeof(inPlist->lPlist); ++ inPlist->lFName = sizeof(inPlist->fName); ++ memcpy(inPlist->fName, Image_Deactivate, sizeof(inPlist->fName)); ++ deactTime = (void *) ((intptr_t) inPlist + sizeof(*inPlist) + strlen(zvm->target)); ++ deactTime->lForceTime = sizeof(deactTime->forceTime); ++ memcpy(deactTime->forceTime, "IMMED", sizeof(deactTime->forceTime)); ++ inPlist->lUser = inPlist->lPass = 0; ++ inPlist->lTarget = strlen(zvm->target); ++ memcpy(inPlist->target, zvm->target, inPlist->lTarget); ++ if ((rc = zvm_smapi_send(zvm, inPlist, &reqId, lInPlist)) != -1) { ++ if ((rc = zvm_smapi_recv(zvm, &pOut, &lRsp)) != -1) { ++ outPlist = pOut; ++ if (outPlist->hdr.rc == 0) { ++ syslog(LOG_INFO, "Deactivation of %s successful", ++ zvm->target); ++ rc = 0; ++ } else { ++ if ((outPlist->hdr.rc == RCERR_IMAGEOP) & ++ ((outPlist->hdr.reason == RS_NOT_ACTIVE) | ++ (outPlist->hdr.reason == RS_BEING_DEACT))) { ++ syslog(LOG_INFO, "Deactivation of %s successful", ++ zvm->target); ++ rc = 0; ++ } else { ++ rc = outPlist->hdr.rc; ++ zvm->reason = outPlist->hdr.reason; ++ (void) zvm_smapi_reportError(inPlist, outPlist); ++ } ++ } ++ } ++ } ++ free(inPlist); ++ free(outPlist); ++ } else { ++ syslog(LOG_ERR, "%s - cannot allocate parameter list", __func__); ++ rc = -1; ++ } ++ return(rc); ++} ++ ++/** ++ * zvm_smapi_imageActivate ++ * @zvm: z/VM driver information ++ * ++ * Deactivates a virtual image ++ */ ++int ++zvm_smapi_imageActivate(zvm_driver_t *zvm) ++{ ++ struct _inPlist { ++ int32_t lPlist; ++ int32_t lFName; ++ char fName[14]; ++ int32_t lUser; ++ int32_t lPass; ++ int32_t lTarget; ++ char target[0]; ++ } __attribute__ ((__packed__)) *inPlist; ++ int32_t lInPlist; ++ struct _outPlist { ++ smapiOutHeader_t hdr; ++ int32_t nActive; ++ int32_t nInActive; ++ int32_t lFail; ++ char failArray[0]; ++ } *outPlist = NULL; ++ void *pOut = NULL; ++ int32_t lRsp; ++ uint32_t reqId; ++ int rc; ++ ++ /* ++ * Implement any delay ++ */ ++ if (zvm->delay > 0) ++ sleep(zvm->delay); ++ ++ lInPlist = sizeof(*inPlist) + strlen(zvm->target); ++ inPlist = malloc(lInPlist); ++ if (inPlist != NULL) { ++ inPlist->lPlist = lInPlist - sizeof(inPlist->lPlist); ++ inPlist->lFName = sizeof(inPlist->fName); ++ memcpy(inPlist->fName, Image_Activate, sizeof(inPlist->fName)); ++ inPlist->lUser = inPlist->lPass = 0; ++ inPlist->lTarget = strlen(zvm->target); ++ memcpy(inPlist->target, zvm->target, inPlist->lTarget); ++ if ((rc = zvm_smapi_send(zvm, inPlist, &reqId, lInPlist)) != -1) { ++ if ((rc = zvm_smapi_recv(zvm, &pOut, &lRsp)) != -1) { ++ outPlist = pOut; ++ if (outPlist->hdr.rc == 0) { ++ syslog(LOG_INFO, "Activation of %s successful", ++ zvm->target); ++ rc = 0; ++ } else { ++ if ((outPlist->hdr.rc == RCERR_IMAGEOP) & ++ ((outPlist->hdr.reason == RS_NOT_ACTIVE) | ++ (outPlist->hdr.reason == RS_BEING_DEACT))) { ++ syslog(LOG_INFO, "Activation of %s successful", ++ zvm->target); ++ rc = 0; ++ } else { ++ rc = outPlist->hdr.rc; ++ zvm->reason = outPlist->hdr.reason; ++ (void) zvm_smapi_reportError(inPlist, outPlist); ++ } ++ } ++ } ++ } ++ free(inPlist); ++ free(outPlist); ++ } else { ++ syslog(LOG_ERR, "%s - cannot allocate parameter list", __func__); ++ rc = -1; ++ } ++ return(rc); ++} ++ ++/** ++ * zvm_smapi_imageQuery ++ * @zvm: z/VM driver information ++ * ++ * Queries the state of a virtual image ++ */ ++int ++zvm_smapi_imageQuery(zvm_driver_t *zvm) ++{ ++ struct _inPlist { ++ int32_t lPlist; ++ int32_t lFName; ++ char fName[18]; ++ int32_t lUser; ++ int32_t lPass; ++ int32_t lTarget; ++ char target[0]; ++ } __attribute__ ((__packed__)) *inPlist; ++ int32_t lInPlist; ++ struct _outPlist { ++ smapiOutHeader_t hdr; ++ int32_t lNames; ++ char nameArray[0]; ++ } *outPlist = NULL; ++ void *pOut = NULL; ++ int32_t lRsp; ++ uint32_t reqId; ++ int rc; ++ ++ /* ++ * Implement any delay ++ */ ++ if (zvm->delay > 0) ++ sleep(zvm->delay); ++ ++ lInPlist = sizeof(*inPlist) + strlen(zvm->target); ++ inPlist = malloc(lInPlist); ++ if (inPlist != NULL) { ++ inPlist->lPlist = lInPlist - sizeof(inPlist->lPlist); ++ inPlist->lFName = sizeof(inPlist->fName); ++ memcpy(inPlist->fName, Image_Status_Query, sizeof(inPlist->fName)); ++ inPlist->lUser = inPlist->lPass = 0; ++ inPlist->lTarget = strlen(zvm->target); ++ memcpy(inPlist->target, zvm->target, inPlist->lTarget); ++ if ((rc = zvm_smapi_send(zvm, inPlist, &reqId, lInPlist)) != -1) { ++ if ((rc = zvm_smapi_recv(zvm, &pOut, &lRsp)) != -1) { ++ outPlist = pOut; ++ if (outPlist->hdr.rc == 0) { ++ if (outPlist->hdr.reason == 0) { ++ syslog(LOG_INFO, "Node %s is active", ++ zvm->target); ++ rc = 0; ++ } else { ++ syslog(LOG_INFO, "Node %s is inactive", ++ zvm->target); ++ rc = 2; ++ } ++ } else { ++ rc = 1; ++ zvm->reason = outPlist->hdr.reason; ++ (void) zvm_smapi_reportError(inPlist, outPlist); ++ } ++ } ++ } ++ free(inPlist); ++ free(outPlist); ++ } else { ++ syslog(LOG_ERR, "%s - cannot allocate parameter list", __func__); ++ rc = -1; ++ } ++ return(rc); ++} ++ ++/** + * zvm_smapi_send: + * @zvm: z/VM driver information + * @reqid: Returned request id +@@ -414,7 +648,9 @@ zvm_metadata() + + fprintf (stdout, "\n"); + fprintf (stdout, "\t\n"); ++ fprintf (stdout, "\t\n"); + fprintf (stdout, "\t\n"); ++ fprintf (stdout, "\t\n"); + fprintf (stdout, "\n"); + + fprintf (stdout, "\n"); +@@ -463,10 +699,14 @@ get_options_stdin (zvm_driver_t *zvm) + if (!strcasecmp (opt, "action")) { + if (strcasecmp(arg, "off") == 0) { + fence = 0; ++ } else if (strcasecmp(arg, "on") == 0) { ++ fence = 1; + } else if (strcasecmp(arg, "metadata") == 0) { +- fence = 1; +- } else { + fence = 2; ++ } else if (strcasecmp(arg, "status") == 0) { ++ fence = 3; ++ } else { ++ fence = 4; + } + } else if (!strcasecmp (opt, "ipaddr")) { + lSrvName = MIN(strlen(arg), sizeof(zvm->smapiSrv)); +@@ -497,7 +737,7 @@ get_options_stdin (zvm_driver_t *zvm) + zvm->delay = DEFAULT_DELAY; + } + } else if (!strcasecmp (opt, "help")) { +- fence = 2; ++ fence = 4; + } + } + return(fence); +@@ -529,10 +769,14 @@ get_options(int argc, char **argv, zvm_driver_t *zvm) + case 'o' : + if (strcasecmp(optarg, "off") == 0) { + fence = 0; ++ } else if (strcasecmp(optarg, "on") == 0) { ++ fence = 1; + } else if (strcasecmp(optarg, "metadata") == 0) { +- fence = 1; +- } else { + fence = 2; ++ } else if (strcasecmp(optarg, "status") == 0) { ++ fence = 3; ++ } else { ++ fence = 4; + } + break; + case 'a' : +@@ -562,7 +806,7 @@ get_options(int argc, char **argv, zvm_driver_t *zvm) + memcpy(zvm->node, optarg, lSrvNode); + break; + default : +- fence = 2; ++ fence = 4; + } + } + return(fence); +@@ -577,13 +821,13 @@ usage() + { + fprintf(stderr,"Usage: fence_zvm [options]\n\n" + "\tWhere [options] =\n" +- "\t-o --action [action] - \"off\", \"metadata\"\n" +- "\t--delay [seconds] - Time to delay fencing action in seconds\n" +- "\t-n --plug [target] - Name of virtual machine to fence\n" +- "\t-a --ip [server] - Name of SMAPI IUCV Request server\n" +- "\t-T --timeout [secs] - Time to wait for fence in seconds - currently ignored\n" +- "\t--zvmsys [node] - z/VM Node on which SMAPI server lives\n" +- "\t-h --help - Display this usage information\n"); ++ "\t-o --action [action] - \"off\", \"on\", \"metadata\", \"status\"\n" ++ "\t--delay [seconds] - Time to delay fencing action in seconds\n" ++ "\t-n --plug [target] - Name of virtual machine to fence\n" ++ "\t-a --ip [server] - Name of SMAPI IUCV Request server\n" ++ "\t-T --timeout [secs] - Time to wait for fence in seconds - currently ignored\n" ++ "\t--zvmsys [node] - z/VM Node on which SMAPI server lives\n" ++ "\t-h --help - Display this usage information\n"); + return(1); + } + +@@ -629,14 +873,22 @@ main(int argc, char **argv) + fence = get_options_stdin(&zvm); + + switch(fence) { +- case 0 : ++ case 0 : // OFF + if ((rc = check_parm(&zvm)) == 0) +- rc = zvm_smapi_imageRecycle(&zvm); ++ rc = zvm_smapi_imageDeactivate(&zvm); + break; +- case 1 : ++ case 1 : // ON ++ if ((rc = check_parm(&zvm)) == 0) ++ rc = zvm_smapi_imageActivate(&zvm); ++ break; ++ case 2 : // METADATA + rc = zvm_metadata(); + break; +- case 2 : ++ case 3 : // STATUS ++ if ((rc = check_parm(&zvm)) == 0) ++ rc = zvm_smapi_imageQuery(&zvm); ++ break; ++ case 4 : + rc = usage(); + } + closelog(); +diff --git a/fence/agents/zvm/fence_zvm.h b/fence/agents/zvm/fence_zvm.h +index 6178fa5..ca18e4d 100644 +--- a/fence/agents/zvm/fence_zvm.h ++++ b/fence/agents/zvm/fence_zvm.h +@@ -578,5 +578,6 @@ int zvm_smapi_imageActivate(zvm_driver_t *); + int zvm_smapi_imageActiveQuery(zvm_driver_t *); + int zvm_smapi_imageDeactivate(zvm_driver_t *); + int zvm_smapi_imageRecycle(zvm_driver_t *); ++int zvm_smapi_imageQuery(zvm_driver_t *); + + #endif /* FENCE_ZVM_H */ +diff --git a/fence/agents/zvm/fence_zvmip.8 b/fence/agents/zvm/fence_zvmip.8 +index 0bf91ae..8217d61 100644 +--- a/fence/agents/zvm/fence_zvmip.8 ++++ b/fence/agents/zvm/fence_zvmip.8 +@@ -22,7 +22,7 @@ Vendor URL: http://www.sinenomine.net + .SH OPTIONS + .TP + \fB-o --action\fP +-Fencing action: "off" - fence off device; "metadata" - display device metadata ++Fencing action: "off" - deactivate virtual machine; "on" - activate virtual machine; "metadata" - display device metadata" - describe fence agent parameters; "status" - state of virtual machine + .TP + \fB--delay\fP \fIseconds\fP + Time to delay fencing action in seconds +@@ -54,6 +54,9 @@ Display usage information + \fIagent = < param >\fP + This option is used by fence_node(8) and is ignored by fence_zvmip. + .TP ++\fIaction = < action >\fP ++Fencing action: "off" - fence off device; "metadata" - display device metadata; "status" - state of device ++.TP + \fIplug = < plug >\fP + Name of virtual machine to recycle. + .TP +diff --git a/fence/agents/zvm/fence_zvmip.c b/fence/agents/zvm/fence_zvmip.c +index f4dcd1c..94c9e2e 100644 +--- a/fence/agents/zvm/fence_zvmip.c ++++ b/fence/agents/zvm/fence_zvmip.c +@@ -201,6 +201,277 @@ zvm_smapi_imageRecycle(zvm_driver_t *zvm) + } + + /** ++ * zvm_smapi_imageDeactivate ++ * @zvm: z/VM driver information ++ * ++ * Deactivates a virtual image ++ */ ++int ++zvm_smapi_imageDeactivate(zvm_driver_t *zvm) ++{ ++ struct _inPlist { ++ int32_t lPlist; ++ int32_t lFName; ++ char fName[16]; ++ } __attribute__ ((packed)) *inPlist; ++ struct _authUser { ++ int32_t lAuthUser; ++ char userId[0]; ++ } __attribute__ ((packed)) *authUser; ++ struct _authPass { ++ int32_t lAuthPass; ++ char password[0]; ++ } __attribute__ ((packed)) *authPass; ++ struct _image { ++ int32_t lTarget; ++ char target[0]; ++ } __attribute__ ((packed)) *image; ++ struct _deactTime { ++ int32_t lForceTime; ++ char forceTime[5]; ++ } __attribute__ ((__packed__)) *deactTime; ++ int32_t lInPlist; ++ struct _outPlist { ++ smapiOutHeader_t hdr; ++ int32_t nActive; ++ int32_t nInActive; ++ int32_t lFail; ++ char failArray[0]; ++ } *outPlist = NULL; ++ void *pOut = NULL; ++ int32_t lRsp; ++ uint32_t reqId; ++ int rc; ++ ++ /* ++ * Implement any delay ++ */ ++ if (zvm->delay > 0) ++ sleep(zvm->delay); ++ ++ lInPlist = sizeof(*inPlist) + sizeof(*authUser) + strlen(zvm->authUser) + ++ sizeof(*authPass) + strlen(zvm->authPass) + sizeof(*image) + ++ sizeof(*deactTime) + strlen(zvm->target); ++ inPlist = malloc(lInPlist); ++ if (inPlist != NULL) { ++ authUser = (void *) ((uintptr_t) inPlist + sizeof(*inPlist)); ++ authPass = (void *) ((uintptr_t) authUser + sizeof(*authUser) + ++ strlen(zvm->authUser)); ++ image = (void *) ((uintptr_t) authPass + sizeof(*authPass) + ++ strlen(zvm->authPass)); ++ deactTime = (void *) ((intptr_t) image + sizeof(*image) + ++ strlen(zvm->target)); ++ inPlist->lPlist = lInPlist - sizeof(inPlist->lPlist); ++ inPlist->lFName = sizeof(inPlist->fName); ++ memcpy(inPlist->fName, Image_Deactivate, sizeof(inPlist->fName)); ++ authUser->lAuthUser = strlen(zvm->authUser); ++ memcpy(authUser->userId, zvm->authUser, strlen(zvm->authUser)); ++ authPass->lAuthPass = strlen(zvm->authPass); ++ memcpy(authPass->password, zvm->authPass, strlen(zvm->authPass)); ++ image->lTarget = strlen(zvm->target); ++ memcpy(image->target, zvm->target, strlen(zvm->target)); ++ deactTime->lForceTime = sizeof(deactTime->forceTime); ++ memcpy(deactTime->forceTime, "IMMED", sizeof(deactTime->forceTime)); ++ if ((rc = zvm_smapi_send(zvm, inPlist, &reqId, lInPlist)) != -1) { ++ if ((rc = zvm_smapi_recv(zvm, &pOut, &lRsp)) != -1) { ++ outPlist = pOut; ++ if (outPlist->hdr.rc == 0) { ++ syslog(LOG_INFO, "Deactivation of %s successful", ++ zvm->target); ++ rc = 0; ++ } else { ++ if ((outPlist->hdr.rc == RCERR_IMAGEOP) & ++ ((outPlist->hdr.reason == RS_NOT_ACTIVE) | ++ (outPlist->hdr.reason == RS_BEING_DEACT))) { ++ syslog(LOG_INFO, "Deactivation of %s successful", ++ zvm->target); ++ rc = 0; ++ } else { ++ rc = outPlist->hdr.rc; ++ zvm->reason = outPlist->hdr.reason; ++ (void) zvm_smapi_reportError(inPlist, outPlist); ++ } ++ } ++ } ++ } ++ free(inPlist); ++ free(outPlist); ++ } else { ++ syslog(LOG_ERR, "%s - cannot allocate parameter list", __func__); ++ rc = -1; ++ } ++ return(rc); ++} ++ ++/** ++ * zvm_smapi_imageActivate ++ * @zvm: z/VM driver information ++ * ++ * Deactivates a virtual image ++ */ ++int ++zvm_smapi_imageActivate(zvm_driver_t *zvm) ++{ ++ struct _inPlist { ++ int32_t lPlist; ++ int32_t lFName; ++ char fName[14]; ++ } __attribute__ ((packed)) *inPlist; ++ struct _authUser { ++ int32_t lAuthUser; ++ char userId[0]; ++ } __attribute__ ((packed)) *authUser; ++ struct _authPass { ++ int32_t lAuthPass; ++ char password[0]; ++ } __attribute__ ((packed)) *authPass; ++ struct _image { ++ int32_t lTarget; ++ char target[0]; ++ } __attribute__ ((packed)) *image; ++ int32_t lInPlist; ++ struct _outPlist { ++ smapiOutHeader_t hdr; ++ int32_t nActive; ++ int32_t nInActive; ++ int32_t lFail; ++ char failArray[0]; ++ } *outPlist = NULL; ++ void *pOut = NULL; ++ int32_t lRsp; ++ uint32_t reqId; ++ int rc; ++ ++ /* ++ * Implement any delay ++ */ ++ if (zvm->delay > 0) ++ sleep(zvm->delay); ++ ++ lInPlist = sizeof(*inPlist) + sizeof(*authUser) + strlen(zvm->authUser) + ++ sizeof(*authPass) + strlen(zvm->authPass) + sizeof(*image) + ++ strlen(zvm->target); ++ inPlist = malloc(lInPlist); ++ if (inPlist != NULL) { ++ authUser = (void *) ((uintptr_t) inPlist + sizeof(*inPlist)); ++ authPass = (void *) ((uintptr_t) authUser + sizeof(*authUser) + ++ strlen(zvm->authUser)); ++ image = (void *) ((uintptr_t) authPass + sizeof(*authPass) + ++ strlen(zvm->authPass)); ++ inPlist->lPlist = lInPlist - sizeof(inPlist->lPlist); ++ inPlist->lFName = sizeof(inPlist->fName); ++ memcpy(inPlist->fName, Image_Activate, sizeof(inPlist->fName)); ++ authUser->lAuthUser = strlen(zvm->authUser); ++ memcpy(authUser->userId, zvm->authUser, strlen(zvm->authUser)); ++ authPass->lAuthPass = strlen(zvm->authPass); ++ memcpy(authPass->password, zvm->authPass, strlen(zvm->authPass)); ++ image->lTarget = strlen(zvm->target); ++ memcpy(image->target, zvm->target, strlen(zvm->target)); ++ if ((rc = zvm_smapi_send(zvm, inPlist, &reqId, lInPlist)) != -1) { ++ if ((rc = zvm_smapi_recv(zvm, &pOut, &lRsp)) != -1) { ++ outPlist = pOut; ++ if (outPlist->hdr.rc == 0) { ++ syslog(LOG_INFO, "Activation of %s successful", ++ zvm->target); ++ rc = 0; ++ } else { ++ if ((outPlist->hdr.rc == RCERR_IMAGEOP) & ++ ((outPlist->hdr.reason == RS_NOT_ACTIVE) | ++ (outPlist->hdr.reason == RS_BEING_DEACT))) { ++ syslog(LOG_INFO, "Activation of %s successful", ++ zvm->target); ++ rc = 0; ++ } else { ++ rc = outPlist->hdr.rc; ++ zvm->reason = outPlist->hdr.reason; ++ (void) zvm_smapi_reportError(inPlist, outPlist); ++ } ++ } ++ } ++ } ++ free(inPlist); ++ free(outPlist); ++ } else { ++ syslog(LOG_ERR, "%s - cannot allocate parameter list", __func__); ++ rc = -1; ++ } ++ return(rc); ++} ++ ++/** ++ * zvm_smapi_imageQuery ++ * @zvm: z/VM driver information ++ * ++ * Queries the state of a virtual image ++ */ ++int ++zvm_smapi_imageQuery(zvm_driver_t *zvm) ++{ ++ struct _inPlist { ++ int32_t lPlist; ++ int32_t lFName; ++ char fName[18]; ++ int32_t lUser; ++ int32_t lPass; ++ int32_t lTarget; ++ char target[0]; ++ } __attribute__ ((__packed__)) *inPlist; ++ int32_t lInPlist; ++ struct _outPlist { ++ smapiOutHeader_t hdr; ++ int32_t lNames; ++ char nameArray[0]; ++ } *outPlist = NULL; ++ void *pOut = NULL; ++ int32_t lRsp; ++ uint32_t reqId; ++ int rc; ++ ++ /* ++ * Implement any delay ++ */ ++ if (zvm->delay > 0) ++ sleep(zvm->delay); ++ ++ lInPlist = sizeof(*inPlist) + strlen(zvm->target); ++ inPlist = malloc(lInPlist); ++ if (inPlist != NULL) { ++ inPlist->lPlist = lInPlist - sizeof(inPlist->lPlist); ++ inPlist->lFName = sizeof(inPlist->fName); ++ memcpy(inPlist->fName, Image_Status_Query, sizeof(inPlist->fName)); ++ inPlist->lUser = inPlist->lPass = 0; ++ inPlist->lTarget = strlen(zvm->target); ++ memcpy(inPlist->target, zvm->target, inPlist->lTarget); ++ if ((rc = zvm_smapi_send(zvm, inPlist, &reqId, lInPlist)) != -1) { ++ if ((rc = zvm_smapi_recv(zvm, &pOut, &lRsp)) != -1) { ++ outPlist = pOut; ++ if (outPlist->hdr.rc == 0) { ++ if (outPlist->hdr.reason == 0) { ++ syslog(LOG_INFO, "Node %s is active", ++ zvm->target); ++ rc = 0; ++ } else { ++ syslog(LOG_INFO, "Node %s is inactive", ++ zvm->target); ++ rc = 2; ++ } ++ } else { ++ rc = 1; ++ zvm->reason = outPlist->hdr.reason; ++ (void) zvm_smapi_reportError(inPlist, outPlist); ++ } ++ } ++ } ++ free(inPlist); ++ free(outPlist); ++ } else { ++ syslog(LOG_ERR, "%s - cannot allocate parameter list", __func__); ++ rc = -1; ++ } ++ return(rc); ++} ++ ++/** + * zvm_smapi_send: + * @zvm: z/VM driver information + * @reqid: Returned request id +@@ -407,10 +678,14 @@ get_options_stdin (zvm_driver_t *zvm) + if (!strcasecmp (opt, "action")) { + if (strcasecmp(arg, "off") == 0) { + fence = 0; ++ } else if (strcasecmp(arg, "on") == 0) { ++ fence = 1; + } else if (strcasecmp(arg, "metadata") == 0) { +- fence = 1; +- } else { + fence = 2; ++ } else if (strcasecmp(arg, "status") == 0) { ++ fence = 3; ++ } else { ++ fence = 4; + } + } else if (!strcasecmp (opt, "ipaddr")) { + lSrvName = MIN(strlen(arg), sizeof(zvm->smapiSrv)-1); +@@ -472,10 +747,14 @@ get_options(int argc, char **argv, zvm_driver_t *zvm) + case 'o' : + if (strcasecmp(optarg, "off") == 0) { + fence = 0; ++ } else if (strcasecmp(optarg, "on") == 0) { ++ fence = 1; + } else if (strcasecmp(optarg, "metadata") == 0) { +- fence = 1; +- } else { + fence = 2; ++ } else if (strcasecmp(optarg, "status") == 0) { ++ fence = 3; ++ } else { ++ fence = 4; + } + break; + case 'p' : +@@ -505,7 +784,7 @@ get_options(int argc, char **argv, zvm_driver_t *zvm) + } + break; + default : +- fence = 2; ++ fence = 4; + } + } + return(fence); +@@ -581,7 +860,9 @@ zvm_metadata() + + fprintf (stdout, "\n"); + fprintf (stdout, "\t\n"); ++ fprintf (stdout, "\t\n"); + fprintf (stdout, "\t\n"); ++ fprintf (stdout, "\t\n"); + fprintf (stdout, "\n"); + + fprintf (stdout, "\n"); +@@ -599,7 +880,7 @@ usage() + { + fprintf(stderr,"Usage: fence_zvmip [options]\n\n" + "\tWhere [options] =\n" +- "\t-o --action [action] - \"off\", \"metadata\"\n" ++ "\t-o --action [action] - \"off\", \"on\", \"metadata\", \"status\"\n" + "\t--delay [seconds] - Time to delay fencing action in seconds\n" + "\t-n --plug [target] - Name of virtual machine to fence\n" + "\t-a --ip [server] - IP Name/Address of SMAPI Server\n" +@@ -662,14 +943,22 @@ main(int argc, char **argv) + fence = get_options_stdin(&zvm); + + switch(fence) { +- case 0 : ++ case 0 : // OFF + if ((rc = check_parm(&zvm)) == 0) +- rc = zvm_smapi_imageRecycle(&zvm); ++ rc = zvm_smapi_imageDeactivate(&zvm); + break; +- case 1 : ++ case 1 : // ON ++ if ((rc = check_parm(&zvm)) == 0) ++ rc = zvm_smapi_imageActivate(&zvm); ++ break; ++ case 2 : // METADATA + rc = zvm_metadata(); + break; +- case 2 : ++ case 3 : // STATUS ++ if ((rc = check_parm(&zvm)) == 0) ++ rc = zvm_smapi_imageQuery(&zvm); ++ break; ++ case 4 : + rc = usage(); + } + closelog(); +-- +1.8.4.5 + diff --git a/0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch b/0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch new file mode 100644 index 0000000..42cd093 --- /dev/null +++ b/0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch @@ -0,0 +1,25 @@ +From c19e51064fd01d9d033452943e3d2a8dc617174b Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Wed, 27 Aug 2014 13:23:21 +0200 +Subject: [PATCH 05/11] fence_zvm: Add current XML metadata to test suite + +--- + tests/data/metadata/fence_zvmip.xml | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tests/data/metadata/fence_zvmip.xml b/tests/data/metadata/fence_zvmip.xml +index e28bc1c..5a737ca 100644 +--- a/tests/data/metadata/fence_zvmip.xml ++++ b/tests/data/metadata/fence_zvmip.xml +@@ -40,6 +40,8 @@ + + + ++ + ++ + + +-- +1.8.4.5 + diff --git a/0006-build-Fix-automake-files-so-make-distcheck-works.patch b/0006-build-Fix-automake-files-so-make-distcheck-works.patch new file mode 100644 index 0000000..c62ae7a --- /dev/null +++ b/0006-build-Fix-automake-files-so-make-distcheck-works.patch @@ -0,0 +1,47 @@ +From 3b3a7cf2d58fd863fef21553db5715c1dfab26a0 Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Wed, 27 Aug 2014 15:18:01 +0200 +Subject: [PATCH 06/11] [build] Fix automake files, so 'make distcheck' works + +--- + Makefile.am | 2 +- + fence/agents/Makefile.am | 3 +-- + fence/agents/scsi/Makefile.am | 2 +- + 3 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index e70dac5..5e2e22d 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -15,7 +15,7 @@ noinst_HEADERS = make/copyright.cf + + ACLOCAL_AMFLAGS = -I m4 + +-SUBDIRS = fence doc ++SUBDIRS = fence/agents/lib fence doc + + install-exec-local: + $(INSTALL) -d $(DESTDIR)/$(LOGDIR) +diff --git a/fence/agents/Makefile.am b/fence/agents/Makefile.am +index c47f5d5..3b76b9a 100644 +--- a/fence/agents/Makefile.am ++++ b/fence/agents/Makefile.am +@@ -1,4 +1,3 @@ + MAINTAINERCLEANFILES = Makefile.in + +-SUBDIRS = lib \ +- $(AGENTS_LIST) ++SUBDIRS = $(AGENTS_LIST) +diff --git a/fence/agents/scsi/Makefile.am b/fence/agents/scsi/Makefile.am +index 5722e18..c113f06 100644 +--- a/fence/agents/scsi/Makefile.am ++++ b/fence/agents/scsi/Makefile.am +@@ -20,4 +20,4 @@ include $(top_srcdir)/make/fenceman.mk + include $(top_srcdir)/make/agentpycheck.mk + + clean-local: clean-man +- rm -f $(TARGET) $(SYMTARGET) ++ rm -f $(TARGET) $(SYMTARGET) fence_scsi_check +-- +1.8.4.5 + diff --git a/0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch b/0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch new file mode 100644 index 0000000..29adc34 --- /dev/null +++ b/0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch @@ -0,0 +1,208 @@ +From 39df713492714f55e9d5bf578bece4cd9fc98fef Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Mon, 1 Sep 2014 15:05:20 +0200 +Subject: [PATCH 07/11] fencing: Add new options --ssl-secure and + --ssl-insecure + +These new options extends current --ssl (same as --ssl-secure). Until now certificate of the fence device +was not validated what can possibly lead to attack on infrastructe. With this patch, user can decide +if certificate should (--ssl-secure) or should not (--ssl-insecure) be verified. + +The default option is to validate certificate. + +Resolves: rhbz#1072564 +--- + fence/agents/cisco_ucs/fence_cisco_ucs.py | 9 ++++++-- + fence/agents/lib/fencing.py.py | 28 ++++++++++++++++++++--- + fence/agents/rhevm/fence_rhevm.py | 9 ++++++-- + fence/agents/vmware_soap/fence_vmware_soap.py | 33 +++++++++++++++++++++++---- + 4 files changed, 68 insertions(+), 11 deletions(-) + +diff --git a/fence/agents/cisco_ucs/fence_cisco_ucs.py b/fence/agents/cisco_ucs/fence_cisco_ucs.py +index f72e696..888d689 100644 +--- a/fence/agents/cisco_ucs/fence_cisco_ucs.py ++++ b/fence/agents/cisco_ucs/fence_cisco_ucs.py +@@ -90,8 +90,13 @@ def send_command(opt, command, timeout): + conn.setopt(pycurl.POSTFIELDS, command) + conn.setopt(pycurl.WRITEFUNCTION, web_buffer.write) + conn.setopt(pycurl.TIMEOUT, timeout) +- conn.setopt(pycurl.SSL_VERIFYPEER, 0) +- conn.setopt(pycurl.SSL_VERIFYHOST, 0) ++ if opt.has_key("--ssl") or opt.has_key("--ssl-secure"): ++ conn.setopt(pycurl.SSL_VERIFYPEER, 1) ++ conn.setopt(pycurl.SSL_VERIFYHOST, 2) ++ ++ if opt.has_key("--ssl-insecure"): ++ conn.setopt(pycurl.SSL_VERIFYPEER, 0) ++ conn.setopt(pycurl.SSL_VERIFYHOST, 0) + conn.perform() + result = web_buffer.getvalue() + +diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py +index 4520ea8..7d1d28e 100644 +--- a/fence/agents/lib/fencing.py.py ++++ b/fence/agents/lib/fencing.py.py +@@ -179,6 +179,21 @@ all_opt = { + "required" : "0", + "shortdesc" : "SSL connection", + "order" : 1}, ++ "ssl_insecure" : { ++ "getopt" : "9", ++ "longopt" : "ssl-insecure", ++ "help" : "--ssl-insecure Use ssl connection without verifying certificate", ++ "required" : "0", ++ "shortdesc" : "SSL connection without verifying fence device's certificate", ++ "order" : 1}, ++ "ssl_secure" : { ++ "getopt" : "9", ++ "longopt" : "ssl-secure", ++ "help" : "--ssl-secure Use ssl connection with verifying certificate", ++ "required" : "0", ++ "shortdesc" : "SSL connection with verifying fence device's certificate", ++ "order" : 1}, ++ + "notls" : { + "getopt" : "t", + "longopt" : "notls", +@@ -385,6 +400,7 @@ DEPENDENCY_OPT = { + "secure" : ["identity_file", "ssh_options"], + "ipaddr" : ["ipport", "inet4_only", "inet6_only"], + "port" : ["separator"], ++ "ssl" : ["ssl_secure", "ssl_insecure"], + "community" : ["snmp_auth_prot", "snmp_sec_level", "snmp_priv_prot", \ + "snmp_priv_passwd", "snmp_priv_passwd_script"] + } +@@ -663,7 +679,7 @@ def check_input(device_opt, opt): + elif options.has_key("--ssh") or (all_opt["secure"].has_key("default") and all_opt["secure"]["default"] == '1'): + all_opt["ipport"]["default"] = 22 + all_opt["ipport"]["help"] = "-u, --ipport=[port] TCP/UDP port to use (default 22)" +- elif options.has_key("--ssl") or (all_opt["ssl"].has_key("default") and all_opt["ssl"]["default"] == '1'): ++ elif options.has_key("--ssl") or options.has_key("--ssl-secure") or options.has_key("--ssl-insecure") or (all_opt["ssl"].has_key("default") and all_opt["ssl"]["default"] == '1'): + all_opt["ipport"]["default"] = 443 + all_opt["ipport"]["help"] = "-u, --ipport=[port] TCP/UDP port to use (default 443)" + elif device_opt.count("web"): +@@ -970,11 +986,17 @@ def fence_login(options, re_login_string=r"(login\s*: )|(Login Name: )|(usernam + + if options.has_key("--ssl"): + gnutls_opts = "" ++ ssl_opts = "" ++ + if options.has_key("--notls"): + gnutls_opts = "--priority \"NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0\"" + +- command = '%s %s --insecure --crlf -p %s %s' % \ +- (SSL_PATH, gnutls_opts, options["--ipport"], options["--ip"]) ++ # --ssl is same as the --ssl-secure ++ if options.has_key("--ssl-insecure"): ++ ssl_opts = "--insecure" ++ ++ command = '%s %s %s --insecure --crlf -p %s %s' % \ ++ (SSL_PATH, gnutls_opts, ssl_opts, options["--ipport"], options["--ip"]) + try: + conn = fspawn(options, command) + except pexpect.ExceptionPexpect, ex: +diff --git a/fence/agents/rhevm/fence_rhevm.py b/fence/agents/rhevm/fence_rhevm.py +index a0d8d59..444fb56 100644 +--- a/fence/agents/rhevm/fence_rhevm.py ++++ b/fence/agents/rhevm/fence_rhevm.py +@@ -91,8 +91,13 @@ def send_command(opt, command, method="GET"): + conn.setopt(pycurl.HTTPAUTH, pycurl.HTTPAUTH_BASIC) + conn.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"]) + conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"])) +- conn.setopt(pycurl.SSL_VERIFYPEER, 0) +- conn.setopt(pycurl.SSL_VERIFYHOST, 0) ++ if opt.has_key("--ssl") or opt.has_key("--ssl-secure"): ++ conn.setopt(pycurl.SSL_VERIFYPEER, 1) ++ conn.setopt(pycurl.SSL_VERIFYHOST, 2) ++ ++ if opt.has_key("--ssl-insecure"): ++ conn.setopt(pycurl.SSL_VERIFYPEER, 0) ++ conn.setopt(pycurl.SSL_VERIFYHOST, 0) + + if method == "POST": + conn.setopt(pycurl.POSTFIELDS, "") +diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py +index 53fd9ea..3217c6b 100644 +--- a/fence/agents/vmware_soap/fence_vmware_soap.py ++++ b/fence/agents/vmware_soap/fence_vmware_soap.py +@@ -2,12 +2,14 @@ + + import sys + import shutil, tempfile, suds +-import logging ++import logging, requests + import atexit + sys.path.append("@FENCEAGENTSLIBDIR@") + + from suds.client import Client + from suds.sudsobject import Property ++from suds.transport.http import HttpAuthenticated ++from suds.transport import Reply, TransportError + from fencing import * + from fencing import fail, EC_STATUS, EC_LOGIN_DENIED, EC_INVALID_PRIVILEGES, EC_WAITING_ON, EC_WAITING_OFF + from fencing import run_delay +@@ -18,12 +20,31 @@ REDHAT_COPYRIGHT="" + BUILD_DATE="April, 2011" + #END_VERSION_GENERATION + ++class RequestsTransport(HttpAuthenticated): ++ def __init__(self, **kwargs): ++ self.cert = kwargs.pop('cert', None) ++ self.verify = kwargs.pop('verify', True) ++ self.session = requests.Session() ++ # super won't work because not using new style class ++ HttpAuthenticated.__init__(self, **kwargs) ++ ++ def send(self, request): ++ self.addcredentials(request) ++ resp = self.session.post(request.url, data = request.message, headers = request.headers, cert = self.cert, verify = self.verify) ++ result = Reply(resp.status_code, resp.headers, resp.content) ++ return result ++ + def soap_login(options): + run_delay(options) + +- if options.has_key("--ssl"): ++ if options.has_key("--ssl") or options.has_key("--ssl-secure") or options.has_key("--ssl-insecure"): ++ if options.has_key("--ssl-insecure"): ++ verify = False ++ else: ++ verify = True + url = "https://" + else: ++ verify = False + url = "http://" + + url += options["--ip"] + ":" + str(options["--ipport"]) + "/sdk" +@@ -33,8 +54,8 @@ def soap_login(options): + atexit.register(remove_tmp_dir, tmp_dir) + + try: +- conn = Client(url + "/vimService.wsdl") +- conn.set_options(location=url) ++ headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : ""} ++ conn = Client(url + "/vimService.wsdl", location = url, transport = RequestsTransport(verify = verify), headers = headers) + + mo_ServiceInstance = Property('ServiceInstance') + mo_ServiceInstance._type = 'ServiceInstance' +@@ -43,6 +64,8 @@ def soap_login(options): + mo_SessionManager._type = 'SessionManager' + + conn.service.Login(mo_SessionManager, options["--username"], options["--password"]) ++ except requests.exceptions.SSLError, ex: ++ fail_usage("Server side certificate verification failed") + except Exception: + fail(EC_LOGIN_DENIED) + +@@ -205,6 +228,8 @@ Alternatively you can always use UUID to access virtual machine." + + logging.basicConfig(level=logging.INFO) + logging.getLogger('suds.client').setLevel(logging.CRITICAL) ++ logging.getLogger("requests").setLevel(logging.CRITICAL) ++ logging.getLogger("urllib3").setLevel(logging.CRITICAL) + + ## + ## Operate the fencing device +-- +1.8.4.5 + diff --git a/0008-tests-Update-XML-metadata-of-fence-agents.patch b/0008-tests-Update-XML-metadata-of-fence-agents.patch new file mode 100644 index 0000000..00cb774 --- /dev/null +++ b/0008-tests-Update-XML-metadata-of-fence-agents.patch @@ -0,0 +1,186 @@ +From 667bd9c6755e4211d42a7f03e3f28f035921cf76 Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Mon, 1 Sep 2014 16:37:50 +0200 +Subject: [PATCH 08/11] [tests] Update XML metadata of fence agents + +added --ssl-secure, --ssl-insecure +--- + tests/data/metadata/fence_cisco_ucs.xml | 10 ++++++++++ + tests/data/metadata/fence_docker.xml | 10 ++++++++++ + tests/data/metadata/fence_ilo.xml | 10 ++++++++++ + tests/data/metadata/fence_ilo2.xml | 10 ++++++++++ + tests/data/metadata/fence_rhevm.xml | 10 ++++++++++ + tests/data/metadata/fence_vmware_soap.xml | 10 ++++++++++ + 6 files changed, 60 insertions(+) + +diff --git a/tests/data/metadata/fence_cisco_ucs.xml b/tests/data/metadata/fence_cisco_ucs.xml +index 30a3cb4..75e45ce 100644 +--- a/tests/data/metadata/fence_cisco_ucs.xml ++++ b/tests/data/metadata/fence_cisco_ucs.xml +@@ -13,6 +13,11 @@ + + Disable TLS negotiation + ++ ++ ++ ++ SSL connection with verifying fence device's certificate ++ + + + +@@ -53,6 +58,11 @@ + + Additional path needed to access suborganization + ++ ++ ++ ++ SSL connection without verifying fence device's certificate ++ + + + +diff --git a/tests/data/metadata/fence_docker.xml b/tests/data/metadata/fence_docker.xml +index bda31d01..d100b8c 100644 +--- a/tests/data/metadata/fence_docker.xml ++++ b/tests/data/metadata/fence_docker.xml +@@ -8,6 +8,11 @@ + + TCP/UDP port to use for connection with device + ++ ++ ++ ++ SSL connection with verifying fence device's certificate ++ + + + +@@ -41,6 +46,11 @@ + + SSL connection + ++ ++ ++ ++ SSL connection without verifying fence device's certificate ++ + + + +diff --git a/tests/data/metadata/fence_ilo.xml b/tests/data/metadata/fence_ilo.xml +index eb8951c..25d9d54 100644 +--- a/tests/data/metadata/fence_ilo.xml ++++ b/tests/data/metadata/fence_ilo.xml +@@ -19,6 +19,11 @@ + + Force ribcl version to use + ++ ++ ++ ++ SSL connection with verifying fence device's certificate ++ + + + +@@ -54,6 +59,11 @@ + + SSL connection + ++ ++ ++ ++ SSL connection without verifying fence device's certificate ++ + + + +diff --git a/tests/data/metadata/fence_ilo2.xml b/tests/data/metadata/fence_ilo2.xml +index 4d65808..47e8e28 100644 +--- a/tests/data/metadata/fence_ilo2.xml ++++ b/tests/data/metadata/fence_ilo2.xml +@@ -19,6 +19,11 @@ + + Force ribcl version to use + ++ ++ ++ ++ SSL connection with verifying fence device's certificate ++ + + + +@@ -54,6 +59,11 @@ + + SSL connection + ++ ++ ++ ++ SSL connection without verifying fence device's certificate ++ + + + +diff --git a/tests/data/metadata/fence_rhevm.xml b/tests/data/metadata/fence_rhevm.xml +index a47f025..c9d6eeb 100644 +--- a/tests/data/metadata/fence_rhevm.xml ++++ b/tests/data/metadata/fence_rhevm.xml +@@ -13,6 +13,11 @@ + + Disable TLS negotiation + ++ ++ ++ ++ SSL connection with verifying fence device's certificate ++ + + + +@@ -48,6 +53,11 @@ + + SSL connection + ++ ++ ++ ++ SSL connection without verifying fence device's certificate ++ + + + +diff --git a/tests/data/metadata/fence_vmware_soap.xml b/tests/data/metadata/fence_vmware_soap.xml +index 97d8fc6..d0a465f 100644 +--- a/tests/data/metadata/fence_vmware_soap.xml ++++ b/tests/data/metadata/fence_vmware_soap.xml +@@ -15,6 +15,11 @@ Name of virtual machine (-n / port) has to be used in inventory path format (e.g + + Disable TLS negotiation + ++ ++ ++ ++ SSL connection with verifying fence device's certificate ++ + + + +@@ -50,6 +55,11 @@ Name of virtual machine (-n / port) has to be used in inventory path format (e.g + + SSL connection + ++ ++ ++ ++ SSL connection without verifying fence device's certificate ++ + + + +-- +1.8.4.5 + diff --git a/0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch b/0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch new file mode 100644 index 0000000..d870dae --- /dev/null +++ b/0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch @@ -0,0 +1,171 @@ +From 65ae2524836e5ba5252fdc800e6276f80fdfac57 Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Mon, 8 Sep 2014 15:10:05 +0200 +Subject: [PATCH 09/11] fence_cisco_ucs & fence_vmware_soap: Logout has to be + performed even when fencing fails + +Previously, logout was not performed in the case when fence agent was aborted e.g. timeout. What could +lead to a situation when connections were not closed correctly. In the extreme case, it was not possible +to log into device at all + +Resolves: rhbz#1111599 +--- + fence/agents/cisco_ucs/fence_cisco_ucs.py | 35 +++++++++++++++++---------- + fence/agents/vmware_soap/fence_vmware_soap.py | 29 +++++++++++++--------- + 2 files changed, 39 insertions(+), 25 deletions(-) + +diff --git a/fence/agents/cisco_ucs/fence_cisco_ucs.py b/fence/agents/cisco_ucs/fence_cisco_ucs.py +index 888d689..f411433 100644 +--- a/fence/agents/cisco_ucs/fence_cisco_ucs.py ++++ b/fence/agents/cisco_ucs/fence_cisco_ucs.py +@@ -19,6 +19,8 @@ RE_STATUS = re.compile("", ++ int(options_global["--shell-timeout"])) ++ except Exception: ++ pass ++ + def main(): ++ global options_global + device_opt = ["ipaddr", "login", "passwd", "ssl", "notls", "port", "web", "suborg"] + + atexit.register(atexit_handler) ++ atexit.register(logout) + + define_new_opts() + +- options = check_input(device_opt, process_input(device_opt)) ++ options_global = check_input(device_opt, process_input(device_opt)) + + docs = {} + docs["shortdesc"] = "Fence agent for Cisco UCS" + docs["longdesc"] = "fence_cisco_ucs is an I/O Fencing agent which can be \ + used with Cisco UCS to fence machines." + docs["vendorurl"] = "http://www.cisco.com" +- show_docs(options, docs) ++ show_docs(options_global, docs) + +- run_delay(options) ++ run_delay(options_global) + ### Login + try: +- res = send_command(options, "", int(options["--login-timeout"])) ++ res = send_command(options_global, "", int(options_global["--login-timeout"])) + result = RE_COOKIE.search(res) + if result == None: + ## Cookie is absenting in response +@@ -143,22 +155,19 @@ used with Cisco UCS to fence machines." + except Exception: + fail(EC_LOGIN_DENIED) + +- options["cookie"] = result.group(1) ++ options_global["cookie"] = result.group(1) + + ## + ## Modify suborg to format /suborg +- if options["--suborg"] != "": +- options["--suborg"] = "/" + options["--suborg"].lstrip("/").rstrip("/") ++ if options_global["--suborg"] != "": ++ options_global["--suborg"] = "/" + options_global["--suborg"].lstrip("/").rstrip("/") + + ## + ## Fence operations + #### +- result = fence_action(None, options, set_power_status, get_power_status, get_list) +- +- ### Logout; we do not care about result as we will end in any case +- send_command(options, "", +- int(options["--shell-timeout"])) ++ result = fence_action(None, options_global, set_power_status, get_power_status, get_list) + ++ ## Logout is done every time at atexit phase + sys.exit(result) + + if __name__ == "__main__": +diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py +index 3217c6b..2cea105 100644 +--- a/fence/agents/vmware_soap/fence_vmware_soap.py ++++ b/fence/agents/vmware_soap/fence_vmware_soap.py +@@ -20,6 +20,9 @@ REDHAT_COPYRIGHT="" + BUILD_DATE="April, 2011" + #END_VERSION_GENERATION + ++options_global = None ++conn_global = None ++ + class RequestsTransport(HttpAuthenticated): + def __init__(self, **kwargs): + self.cert = kwargs.pop('cert', None) +@@ -203,12 +206,21 @@ def set_power_status(conn, options): + def remove_tmp_dir(tmp_dir): + shutil.rmtree(tmp_dir) + ++def logout(): ++ try: ++ conn_global.service.Logout(options_global["mo_SessionManager"]) ++ except Exception: ++ pass ++ + def main(): ++ global options_global ++ global conn_global + device_opt = ["ipaddr", "login", "passwd", "web", "ssl", "notls", "port"] + + atexit.register(atexit_handler) ++ atexit.register(logout) + +- options = check_input(device_opt, process_input(device_opt)) ++ options_global = check_input(device_opt, process_input(device_opt)) + + ## + ## Fence agent specific defaults +@@ -224,7 +236,7 @@ format (e.g. /datacenter/vm/Discovered virtual machine/myMachine). \ + In the cases when name of yours VM is unique you can use it instead. \ + Alternatively you can always use UUID to access virtual machine." + docs["vendorurl"] = "http://www.vmware.com" +- show_docs(options, docs) ++ show_docs(options_global, docs) + + logging.basicConfig(level=logging.INFO) + logging.getLogger('suds.client').setLevel(logging.CRITICAL) +@@ -234,18 +246,11 @@ Alternatively you can always use UUID to access virtual machine." + ## + ## Operate the fencing device + #### +- conn = soap_login(options) ++ conn_global = soap_login(options_global) + +- result = fence_action(conn, options, set_power_status, get_power_status, get_power_status) +- +- ## +- ## Logout from system +- ##### +- try: +- conn.service.Logout(options["mo_SessionManager"]) +- except Exception: +- pass ++ result = fence_action(conn_global, options_global, set_power_status, get_power_status, get_power_status) + ++ ## Logout from system is done automatically via atexit() + sys.exit(result) + + if __name__ == "__main__": +-- +1.8.4.5 + diff --git a/0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch b/0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch new file mode 100644 index 0000000..85638a3 --- /dev/null +++ b/0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch @@ -0,0 +1,62 @@ +From 0595f0fd88f395041059b85b37ba846e766a5ed3 Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Fri, 12 Sep 2014 21:02:59 +0200 +Subject: [PATCH 10/11] fence_zvm: Fixes for better upstream inclusion + +--- + fence/agents/zvm/Makefile.am | 7 +++++++ + fence/agents/zvm/fence_zvm.c | 1 + + fence/agents/zvm/fence_zvmip.c | 1 + + 3 files changed, 9 insertions(+) + +diff --git a/fence/agents/zvm/Makefile.am b/fence/agents/zvm/Makefile.am +index 2439985..62eb862 100644 +--- a/fence/agents/zvm/Makefile.am ++++ b/fence/agents/zvm/Makefile.am +@@ -1,5 +1,7 @@ + MAINTAINERCLEANFILES = Makefile.in + ++TARGET = fence_zvmip ++ + sbin_PROGRAMS = fence_zvm fence_zvmip + + noinst_HEADERS = fence_zvm.h +@@ -12,6 +14,11 @@ fence_zvmip_CFLAGS = -D_GNU_SOURCE + + dist_man_MANS = fence_zvm.8 fence_zvmip.8 + ++#include $(top_srcdir)/make/fencemanc.mk ++ ++clean-local: ++ rm -f $(sbin_PROGRAMS) ++ + FENCE_TEST_ARGS = -n test -a test -p test -u test + + include $(top_srcdir)/make/agentccheck.mk +diff --git a/fence/agents/zvm/fence_zvm.c b/fence/agents/zvm/fence_zvm.c +index 2ec4be9..e5a7c2b 100644 +--- a/fence/agents/zvm/fence_zvm.c ++++ b/fence/agents/zvm/fence_zvm.c +@@ -599,6 +599,7 @@ zvm_metadata() + fprintf (stdout, ""); + fprintf (stdout, "The fence_zvm agent is intended to be used with with z/VM SMAPI service."); + fprintf (stdout, "\n"); ++ fprintf (stdout, "http://www.ibm.com\n"); + + fprintf (stdout, "\n"); + +diff --git a/fence/agents/zvm/fence_zvmip.c b/fence/agents/zvm/fence_zvmip.c +index 94c9e2e..3342bc6 100644 +--- a/fence/agents/zvm/fence_zvmip.c ++++ b/fence/agents/zvm/fence_zvmip.c +@@ -804,6 +804,7 @@ zvm_metadata() + fprintf (stdout, ""); + fprintf (stdout, "The fence_zvm agent is intended to be used with with z/VM SMAPI service via TCP/IP"); + fprintf (stdout, "\n"); ++ fprintf (stdout, "http://www.ibm.com\n"); + + fprintf (stdout, "\n"); + +-- +1.8.4.5 + diff --git a/0011-fence_zvm-Add-support-for-on-improve-documentation.patch b/0011-fence_zvm-Add-support-for-on-improve-documentation.patch new file mode 100644 index 0000000..3c93619 --- /dev/null +++ b/0011-fence_zvm-Add-support-for-on-improve-documentation.patch @@ -0,0 +1,234 @@ +From 5d8e167cb54051ff95fcc8ac3e87d2c63209748a Mon Sep 17 00:00:00 2001 +From: Marek 'marx' Grac +Date: Mon, 15 Sep 2014 15:05:25 +0200 +Subject: [PATCH 11/11] fence_zvm: Add support for 'on', improve documentation + +Author: Neale Ferguson +--- + fence/agents/zvm/fence_zvm.8 | 2 +- + fence/agents/zvm/fence_zvm.c | 38 +++++++++++++++++++++----------------- + fence/agents/zvm/fence_zvmip.8 | 2 +- + fence/agents/zvm/fence_zvmip.c | 38 +++++++++++++++++++++----------------- + 4 files changed, 44 insertions(+), 36 deletions(-) + +diff --git a/fence/agents/zvm/fence_zvm.8 b/fence/agents/zvm/fence_zvm.8 +index 359436e..8c0d35a 100644 +--- a/fence/agents/zvm/fence_zvm.8 ++++ b/fence/agents/zvm/fence_zvm.8 +@@ -52,7 +52,7 @@ forcibly terminated. Currently, this option is ignored. + This option is used by fence_node(8) and is ignored by fence_zvm. + .TP + \fIaction = < action >\fP +-Fencing action: "off" - fence off device; "metadata" - display device metadata; "status" - state of device ++Fencing action: "off" - deactivate virtual machine; "on" - activate virtual machine; "metadata" - display device metadata" - describe fence agent parameters; "status" - state of virtual machine + .TP + \fIport = < target >\fP + Name of virtual machine to recycle. +diff --git a/fence/agents/zvm/fence_zvm.c b/fence/agents/zvm/fence_zvm.c +index e5a7c2b..524e21e 100644 +--- a/fence/agents/zvm/fence_zvm.c ++++ b/fence/agents/zvm/fence_zvm.c +@@ -699,15 +699,15 @@ get_options_stdin (zvm_driver_t *zvm) + + if (!strcasecmp (opt, "action")) { + if (strcasecmp(arg, "off") == 0) { +- fence = 0; ++ fence = 1; + } else if (strcasecmp(arg, "on") == 0) { +- fence = 1; ++ fence = 2; + } else if (strcasecmp(arg, "metadata") == 0) { +- fence = 2; ++ fence = 3; + } else if (strcasecmp(arg, "status") == 0) { +- fence = 3; +- } else { + fence = 4; ++ } else { ++ fence = 5; + } + } else if (!strcasecmp (opt, "ipaddr")) { + lSrvName = MIN(strlen(arg), sizeof(zvm->smapiSrv)); +@@ -738,7 +738,7 @@ get_options_stdin (zvm_driver_t *zvm) + zvm->delay = DEFAULT_DELAY; + } + } else if (!strcasecmp (opt, "help")) { +- fence = 4; ++ fence = 5; + } + } + return(fence); +@@ -769,15 +769,15 @@ get_options(int argc, char **argv, zvm_driver_t *zvm) + break; + case 'o' : + if (strcasecmp(optarg, "off") == 0) { +- fence = 0; ++ fence = 1; + } else if (strcasecmp(optarg, "on") == 0) { +- fence = 1; ++ fence = 2; + } else if (strcasecmp(optarg, "metadata") == 0) { +- fence = 2; ++ fence = 3; + } else if (strcasecmp(optarg, "status") == 0) { +- fence = 3; +- } else { + fence = 4; ++ } else { ++ fence = 5; + } + break; + case 'a' : +@@ -807,7 +807,7 @@ get_options(int argc, char **argv, zvm_driver_t *zvm) + memcpy(zvm->node, optarg, lSrvNode); + break; + default : +- fence = 4; ++ fence = 5; + } + } + return(fence); +@@ -874,22 +874,26 @@ main(int argc, char **argv) + fence = get_options_stdin(&zvm); + + switch(fence) { +- case 0 : // OFF ++ case 0 : // OFFON ++ if ((rc = check_parm(&zvm)) == 0) ++ rc = zvm_smapi_imageRecycle(&zvm); ++ break; ++ case 1 : // OFF + if ((rc = check_parm(&zvm)) == 0) + rc = zvm_smapi_imageDeactivate(&zvm); + break; +- case 1 : // ON ++ case 2 : // ON + if ((rc = check_parm(&zvm)) == 0) + rc = zvm_smapi_imageActivate(&zvm); + break; +- case 2 : // METADATA ++ case 3 : // METADATA + rc = zvm_metadata(); + break; +- case 3 : // STATUS ++ case 4 : // STATUS + if ((rc = check_parm(&zvm)) == 0) + rc = zvm_smapi_imageQuery(&zvm); + break; +- case 4 : ++ case 5 : + rc = usage(); + } + closelog(); +diff --git a/fence/agents/zvm/fence_zvmip.8 b/fence/agents/zvm/fence_zvmip.8 +index 8217d61..6b01425 100644 +--- a/fence/agents/zvm/fence_zvmip.8 ++++ b/fence/agents/zvm/fence_zvmip.8 +@@ -55,7 +55,7 @@ Display usage information + This option is used by fence_node(8) and is ignored by fence_zvmip. + .TP + \fIaction = < action >\fP +-Fencing action: "off" - fence off device; "metadata" - display device metadata; "status" - state of device ++Fencing action: "off" - deactivate virtual machine; "on" - activate virtual machine; "metadata" - display device metadata" - describe fence agent parameters; "status" - state of virtual machine + .TP + \fIplug = < plug >\fP + Name of virtual machine to recycle. +diff --git a/fence/agents/zvm/fence_zvmip.c b/fence/agents/zvm/fence_zvmip.c +index 3342bc6..bd7c536 100644 +--- a/fence/agents/zvm/fence_zvmip.c ++++ b/fence/agents/zvm/fence_zvmip.c +@@ -677,15 +677,15 @@ get_options_stdin (zvm_driver_t *zvm) + + if (!strcasecmp (opt, "action")) { + if (strcasecmp(arg, "off") == 0) { +- fence = 0; ++ fence = 1; + } else if (strcasecmp(arg, "on") == 0) { +- fence = 1; ++ fence = 2; + } else if (strcasecmp(arg, "metadata") == 0) { +- fence = 2; ++ fence = 3; + } else if (strcasecmp(arg, "status") == 0) { +- fence = 3; +- } else { + fence = 4; ++ } else { ++ fence = 5; + } + } else if (!strcasecmp (opt, "ipaddr")) { + lSrvName = MIN(strlen(arg), sizeof(zvm->smapiSrv)-1); +@@ -712,7 +712,7 @@ get_options_stdin (zvm_driver_t *zvm) + zvm->timeOut = DEFAULT_TIMEOUT; + } + } else if (!strcasecmp (opt, "help")) { +- fence = 2; ++ fence = 5; + } + } + return(fence); +@@ -746,15 +746,15 @@ get_options(int argc, char **argv, zvm_driver_t *zvm) + break; + case 'o' : + if (strcasecmp(optarg, "off") == 0) { +- fence = 0; ++ fence = 1; + } else if (strcasecmp(optarg, "on") == 0) { +- fence = 1; ++ fence = 2; + } else if (strcasecmp(optarg, "metadata") == 0) { +- fence = 2; ++ fence = 3; + } else if (strcasecmp(optarg, "status") == 0) { +- fence = 3; +- } else { + fence = 4; ++ } else { ++ fence = 5; + } + break; + case 'p' : +@@ -784,7 +784,7 @@ get_options(int argc, char **argv, zvm_driver_t *zvm) + } + break; + default : +- fence = 4; ++ fence = 5; + } + } + return(fence); +@@ -944,22 +944,26 @@ main(int argc, char **argv) + fence = get_options_stdin(&zvm); + + switch(fence) { +- case 0 : // OFF ++ case 0 : // OFFON ++ if ((rc = check_parm(&zvm)) == 0) ++ rc = zvm_smapi_imageRecycle(&zvm); ++ break; ++ case 1 : // OFF + if ((rc = check_parm(&zvm)) == 0) + rc = zvm_smapi_imageDeactivate(&zvm); + break; +- case 1 : // ON ++ case 2 : // ON + if ((rc = check_parm(&zvm)) == 0) + rc = zvm_smapi_imageActivate(&zvm); + break; +- case 2 : // METADATA ++ case 3 : // METADATA + rc = zvm_metadata(); + break; +- case 3 : // STATUS ++ case 4 : // STATUS + if ((rc = check_parm(&zvm)) == 0) + rc = zvm_smapi_imageQuery(&zvm); + break; +- case 4 : ++ case 5 : + rc = usage(); + } + closelog(); +-- +1.8.4.5 + diff --git a/fence-agents.changes b/fence-agents.changes index c01b35e..85d46d8 100644 --- a/fence-agents.changes +++ b/fence-agents.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Tue Sep 16 07:15:30 UTC 2014 - kgronlund@suse.com + +- Backport fixes from upstream (bnc#896833): + - fence_brocade: Add support for 'list' action + - fencing: Monitor is not working correctly without 'list' or 'status' + - fence_apc_snmp: Add support for firmware 6.x + - fence_zvm: Add support for "on" and "status" + - fence_zvm: Add current XML metadata to test suite + - [build] Fix automake files, so 'make distcheck' works + - fencing: Add new options --ssl-secure and --ssl-insecure + - [tests] Update XML metadata of fence agents + - fence_cisco_ucs & fence_vmware_soap: Logout has to be performed even when fencing fails + - fence_zvm: Fixes for better upstream inclusion + - fence_zvm: Add support for 'on', improve documentation + +- Added patches: + - 0001-fence_brocade-Add-support-for-list-action.patch + - 0002-fencing-Monitor-is-not-working-correctly-without-lis.patch + - 0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch + - 0004-fence_zvm-Add-support-for-on-and-status.patch + - 0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch + - 0006-build-Fix-automake-files-so-make-distcheck-works.patch + - 0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch + - 0008-tests-Update-XML-metadata-of-fence-agents.patch + - 0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch + - 0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch + - 0011-fence_zvm-Add-support-for-on-improve-documentation.patch + +- Add dependency on python-requests + ------------------------------------------------------------------- Tue Jul 1 12:32:09 UTC 2014 - kgronlund@suse.com diff --git a/fence-agents.spec b/fence-agents.spec index 4a60e0d..2d30c6f 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -26,9 +26,34 @@ Version: 4.0.10 Release: 0 Url: http://git.fedorahosted.org/git/fence-agents.git Source0: %{name}-%{version}.tar.xz + +# PATCH-FIX-UPSTREAM: fence_brocade: Add support for 'list' action +Patch1: 0001-fence_brocade-Add-support-for-list-action.patch +# PATCH-FIX-UPSTREAM: fencing: Monitor is not working correctly without 'list' or 'status' +Patch2: 0002-fencing-Monitor-is-not-working-correctly-without-lis.patch +# PATCH-FIX-UPSTREAM: fence_apc_snmp: Add support for firmware 6.x +Patch3: 0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch +# PATCH-FIX-UPSTREAM: fence_zvm: Add support for "on" and "status" +Patch4: 0004-fence_zvm-Add-support-for-on-and-status.patch +# PATCH-FIX-UPSTREAM: fence_zvm: Add current XML metadata to test suite +Patch5: 0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch +# PATCH-FIX-UPSTREAM: [build] Fix automake files, so 'make distcheck' works +Patch6: 0006-build-Fix-automake-files-so-make-distcheck-works.patch +# PATCH-FIX-UPSTREAM: fencing: Add new options --ssl-secure and --ssl-insecure +Patch7: 0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch +# PATCH-FIX-UPSTREAM: [tests] Update XML metadata of fence agents +Patch8: 0008-tests-Update-XML-metadata-of-fence-agents.patch +# PATCH-FIX-UPSTREAM: fence_cisco_ucs & fence_vmware_soap: Logout has to be performed even when fencing fails +Patch9: 0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch +# PATCH-FIX-UPSTREAM: fence_zvm: Fixes for better upstream inclusion +Patch10: 0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch +# PATCH-FIX-UPSTREAM: fence_zvm: Add support for 'on', improve documentation +Patch11: 0011-fence_zvm-Add-support-for-on-improve-documentation.patch + Requires: python-curl Requires: python-openssl Requires: python-pexpect +Requires: python-requests BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf @@ -45,6 +70,7 @@ BuildRequires: pkg-config BuildRequires: python BuildRequires: python-curl BuildRequires: python-pexpect +BuildRequires: python-requests BuildRequires: python-suds BuildRequires: python-xml BuildRequires: xz @@ -151,6 +177,17 @@ Authors: %prep %setup -q -n %{name}-%{version} +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 %build CFLAGS="${CFLAGS} ${RPM_OPT_FLAGS}" From 18e83c795ce40aec8a52175c9c0dd84ee4c624de901d2f777c6199e75367cb7d Mon Sep 17 00:00:00 2001 From: Kristoffer Gronlund Date: Tue, 16 Sep 2014 07:51:32 +0000 Subject: [PATCH 2/3] Update .changes OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/fence-agents?expand=0&rev=17 --- fence-agents.changes | 46 +++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/fence-agents.changes b/fence-agents.changes index 85d46d8..bf20fd5 100644 --- a/fence-agents.changes +++ b/fence-agents.changes @@ -2,31 +2,29 @@ Tue Sep 16 07:15:30 UTC 2014 - kgronlund@suse.com - Backport fixes from upstream (bnc#896833): - - fence_brocade: Add support for 'list' action - - fencing: Monitor is not working correctly without 'list' or 'status' - - fence_apc_snmp: Add support for firmware 6.x - - fence_zvm: Add support for "on" and "status" - - fence_zvm: Add current XML metadata to test suite - - [build] Fix automake files, so 'make distcheck' works - - fencing: Add new options --ssl-secure and --ssl-insecure - - [tests] Update XML metadata of fence agents - - fence_cisco_ucs & fence_vmware_soap: Logout has to be performed even when fencing fails - - fence_zvm: Fixes for better upstream inclusion - - fence_zvm: Add support for 'on', improve documentation - + + fence_brocade: Add support for 'list' action + + fencing: Monitor is not working correctly without 'list' or 'status' + + fence_apc_snmp: Add support for firmware 6.x + + fence_zvm: Add support for "on" and "status" + + fence_zvm: Add current XML metadata to test suite + + [build] Fix automake files, so 'make distcheck' works + + fencing: Add new options --ssl-secure and --ssl-insecure + + [tests] Update XML metadata of fence agents + + fence_cisco_ucs & fence_vmware_soap: Logout has to be performed even when fencing fails + + fence_zvm: Fixes for better upstream inclusion + + fence_zvm: Add support for 'on', improve documentation - Added patches: - - 0001-fence_brocade-Add-support-for-list-action.patch - - 0002-fencing-Monitor-is-not-working-correctly-without-lis.patch - - 0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch - - 0004-fence_zvm-Add-support-for-on-and-status.patch - - 0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch - - 0006-build-Fix-automake-files-so-make-distcheck-works.patch - - 0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch - - 0008-tests-Update-XML-metadata-of-fence-agents.patch - - 0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch - - 0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch - - 0011-fence_zvm-Add-support-for-on-improve-documentation.patch - + + 0001-fence_brocade-Add-support-for-list-action.patch + + 0002-fencing-Monitor-is-not-working-correctly-without-lis.patch + + 0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch + + 0004-fence_zvm-Add-support-for-on-and-status.patch + + 0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch + + 0006-build-Fix-automake-files-so-make-distcheck-works.patch + + 0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch + + 0008-tests-Update-XML-metadata-of-fence-agents.patch + + 0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch + + 0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch + + 0011-fence_zvm-Add-support-for-on-improve-documentation.patch - Add dependency on python-requests ------------------------------------------------------------------- From 5a85df95f64cc64a5542ccd23babe1e96490b0b3a96ede9c8606a6f5f1198c65 Mon Sep 17 00:00:00 2001 From: Kristoffer Gronlund Date: Wed, 17 Sep 2014 16:13:56 +0000 Subject: [PATCH 3/3] .changes hack OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/fence-agents?expand=0&rev=18 --- fence-agents.changes | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/fence-agents.changes b/fence-agents.changes index bf20fd5..4fa156e 100644 --- a/fence-agents.changes +++ b/fence-agents.changes @@ -1,4 +1,4 @@ -------------------------------------------------------------------- +------------------------------------------------------------------- Tue Sep 16 07:15:30 UTC 2014 - kgronlund@suse.com - Backport fixes from upstream (bnc#896833): @@ -30,6 +30,19 @@ Tue Sep 16 07:15:30 UTC 2014 - kgronlund@suse.com ------------------------------------------------------------------- Tue Jul 1 12:32:09 UTC 2014 - kgronlund@suse.com +- Update to 4.0.10: + * fence_scsi is reimplemented on top of fencing library + * fence_zvm support distributed z/VM systems + * support for --delay was added to fence_zvm + * unmaintained fence agents were removed: + * fence_baytech, fence_bullpap, fence_cpint, fence_mcdata, + * fence_rackswitch, fence_vixel, fence_xcat + * we do not plan to remove other agents + * update fence_rsb to work with new firmware + +------------------------------------------------------------------- +Tue Jul 1 12:32:09 UTC 2014 - kgronlund@suse.com + - Update to 4.0.10: * fence_scsi is reimplemented on top of fencing library * fence_zvm support distributed z/VM systems