- Backport fixes from upstream (bnc#896833):

- fence_brocade: Add support for 'list' action
  - fencing: Monitor is not working correctly without 'list' or 'status'
  - fence_apc_snmp: Add support for firmware 6.x
  - fence_zvm: Add support for "on" and "status"
  - fence_zvm: Add current XML metadata to test suite
  - [build] Fix automake files, so 'make distcheck' works
  - fencing: Add new options --ssl-secure and --ssl-insecure
  - [tests] Update XML metadata of fence agents
  - fence_cisco_ucs & fence_vmware_soap: Logout has to be performed even when fencing fails
  - fence_zvm: Fixes for better upstream inclusion
  - fence_zvm: Add support for 'on', improve documentation
- Added patches:
  - 0001-fence_brocade-Add-support-for-list-action.patch
  - 0002-fencing-Monitor-is-not-working-correctly-without-lis.patch
  - 0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch
  - 0004-fence_zvm-Add-support-for-on-and-status.patch
  - 0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch
  - 0006-build-Fix-automake-files-so-make-distcheck-works.patch
  - 0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch
  - 0008-tests-Update-XML-metadata-of-fence-agents.patch
  - 0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch
  - 0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch
  - 0011-fence_zvm-Add-support-for-on-improve-documentation.patch
- Add dependency on python-requests

OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/fence-agents?expand=0&rev=16
This commit is contained in:
Kristoffer Gronlund 2014-09-16 07:48:32 +00:00 committed by Git OBS Bridge
parent b0c4c946ea
commit 86a3dd56d6
13 changed files with 1987 additions and 0 deletions

View File

@ -0,0 +1,78 @@
From 98236c1c0f0f3b9d6def701e5e9cc67f35649441 Mon Sep 17 00:00:00 2001
From: Marek 'marx' Grac <mgrac@redhat.com>
Date: Tue, 1 Jul 2014 15:25:45 +0200
Subject: [PATCH 01/11] fence_brocade: Add support for 'list' action
---
fence/agents/brocade/fence_brocade.py | 41 +++++++++++++++++++----------------
1 file changed, 22 insertions(+), 19 deletions(-)
diff --git a/fence/agents/brocade/fence_brocade.py b/fence/agents/brocade/fence_brocade.py
index f935280..3e5dd93 100644
--- a/fence/agents/brocade/fence_brocade.py
+++ b/fence/agents/brocade/fence_brocade.py
@@ -12,24 +12,6 @@ REDHAT_COPYRIGHT=""
BUILD_DATE="March, 20013"
#END_VERSION_GENERATION
-def get_power_status(conn, options):
- conn.send_eol("portCfgShow " + options["--plug"])
-
- conn.log_expect(options, options["--command-prompt"], int(options["--shell-timeout"]))
-
- show_re = re.compile(r'^\s*Persistent Disable\s*(ON|OFF)\s*$', re.IGNORECASE)
- lines = conn.before.split("\n")
-
- for line in lines:
- res = show_re.search(line)
- if res != None:
- # We queried if it is disabled, so we have to negate answer
- if res.group(1) == "ON":
- return "off"
- else:
- return "on"
-
- fail(EC_STATUS)
def set_power_status(conn, options):
action = {
'on' : "portCfgPersistentEnable",
@@ -39,6 +21,27 @@ def set_power_status(conn, options):
conn.send_eol(action + " " + options["--plug"])
conn.log_expect(options, options["--command-prompt"], int(options["--power-timeout"]))
+def get_power_status(conn, options):
+ line_re = re.compile(r'=========', re.IGNORECASE)
+ outlets = {}
+ in_index = False
+
+ conn.send_eol("switchshow")
+ conn.log_expect(options, options["--command-prompt"], int(options["--power-timeout"]))
+ for line in str(conn.before).split("\n"):
+ if line_re.search(line):
+ in_index = True
+ elif in_index and line.lstrip()[0].isdigit():
+ tokens = line.lstrip().split()
+ status = "off" if len(tokens) > 7 and tokens[7] == "Disabled" else "on"
+ outlets[tokens[0]] = ("", status)
+
+ if options["--action"] == "status":
+ (_, status) = outlets[options["--plug"]]
+ return status
+ else:
+ return outlets
+
def main():
device_opt = ["ipaddr", "login", "passwd", "cmd_prompt", "secure", "port", "fabric_fencing"]
@@ -66,7 +69,7 @@ FC switch needs to be enabled. This can be done by running fence_brocade and spe
## Operate the fencing device
####
conn = fence_login(options)
- result = fence_action(conn, options, set_power_status, get_power_status, None)
+ result = fence_action(conn, options, set_power_status, get_power_status, get_power_status)
fence_logout(conn, "exit")
sys.exit(result)
--
1.8.4.5

View File

@ -0,0 +1,65 @@
From 5a1fd08c7cf4a4c7d41db3db0a83eed226804b40 Mon Sep 17 00:00:00 2001
From: Marek 'marx' Grac <mgrac@redhat.com>
Date: Tue, 1 Jul 2014 15:27:27 +0200
Subject: [PATCH 02/11] fencing: Monitor is not working correctly without
'list' or 'status'
Action monitor either executes 'status' (without --plug) or 'list' (with --plug). But
it is not required to have 'list' action. If they do not then 'monitor' has to be done
in different way, e.g. login/logout.
---
fence/agents/ovh/fence_ovh.py | 13 ++++++++++---
fence/agents/raritan/fence_raritan.py | 5 ++++-
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/fence/agents/ovh/fence_ovh.py b/fence/agents/ovh/fence_ovh.py
index f9a1c39..14a0706 100644
--- a/fence/agents/ovh/fence_ovh.py
+++ b/fence/agents/ovh/fence_ovh.py
@@ -94,10 +94,10 @@ Poweroff is simulated with a reboot into rescue-pro mode."
docs["vendorurl"] = "http://www.ovh.net"
show_docs(options, docs)
- if options["--action"] in ["list", "status"]:
- fail_usage("Action '" + options["--action"] + "' is not supported in this fence agent")
+ if options["--action"] == "list":
+ fail_usage("Action 'list' is not supported in this fence agent")
- if not options["--plug"].endswith(".ovh.net"):
+ if options["--action"] != "monitor" and not options["--plug"].endswith(".ovh.net"):
options["--plug"] += ".ovh.net"
if not options.has_key("--email"):
@@ -107,6 +107,13 @@ Poweroff is simulated with a reboot into rescue-pro mode."
conn = soap_login(options)
+ if options["--action"] == 'monitor':
+ try:
+ conn.service.logout(options["session"])
+ except Exception:
+ pass
+ sys.exit(0)
+
# Save datetime just before changing netboot
before_netboot_reboot = datetime.now()
diff --git a/fence/agents/raritan/fence_raritan.py b/fence/agents/raritan/fence_raritan.py
index 3506e25..bb6ad52 100644
--- a/fence/agents/raritan/fence_raritan.py
+++ b/fence/agents/raritan/fence_raritan.py
@@ -79,7 +79,10 @@ block any necessary fencing actions."
except pexpect.TIMEOUT:
fail(EC_LOGIN_DENIED)
- result = fence_action(conn, options, set_power_status, get_power_status)
+ result = 0
+ if options["--action"] != "monitor":
+ result = fence_action(conn, options, set_power_status, get_power_status)
+
fence_logout(conn, "exit\n")
sys.exit(result)
--
1.8.4.5

View File

@ -0,0 +1,44 @@
From acd138f4da16067f073d40b09a16a64867ef7e8f Mon Sep 17 00:00:00 2001
From: Marek 'marx' Grac <mgrac@redhat.com>
Date: Mon, 4 Aug 2014 16:29:09 +0200
Subject: [PATCH 03/11] fence_apc_snmp: Add support for firmware 6.x
Resolves: rhbz#1123897
---
fence/agents/apc_snmp/fence_apc_snmp.py | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/fence/agents/apc_snmp/fence_apc_snmp.py b/fence/agents/apc_snmp/fence_apc_snmp.py
index cbb6856..a2b0d18 100644
--- a/fence/agents/apc_snmp/fence_apc_snmp.py
+++ b/fence/agents/apc_snmp/fence_apc_snmp.py
@@ -87,6 +87,18 @@ class ApcMS(object):
turn_off = 2
has_switches = False
+class ApcMS6(object):
+ # Master Switch with 6.x firmware
+ status_oid = '.1.3.6.1.4.1.318.1.1.4.4.2.1.3.%d'
+ control_oid = '.1.3.6.1.4.1.318.1.1.12.3.3.1.1.4.%d'
+ outlet_table_oid = '1.3.6.1.4.1.318.1.1.4.4.2.1.4'
+ ident_str = "APC Master Switch with firmware v6.x"
+ state_on = 1
+ state_off = 2
+ turn_on = 1
+ turn_off = 2
+ has_switches = False
+
### FUNCTIONS ###
def apc_set_device(conn):
global device
@@ -94,6 +106,7 @@ def apc_set_device(conn):
agents_dir = {'.1.3.6.1.4.1.318.1.3.4.5':ApcRPDU,
'.1.3.6.1.4.1.318.1.3.4.4':ApcMSP,
'.1.3.6.1.4.1.850.1':TripplitePDU,
+ '.1.3.6.1.4.1.318.1.3.4.6':ApcMS6,
None:ApcMS}
# First resolve type of APC
--
1.8.4.5

View File

@ -0,0 +1,799 @@
From b7542b38679016bd469dfc42b919df15c36baa46 Mon Sep 17 00:00:00 2001
From: Marek 'marx' Grac <mgrac@redhat.com>
Date: Wed, 27 Aug 2014 13:07:44 +0200
Subject: [PATCH 04/11] fence_zvm: Add support for "on" and "status"
Developed by: Neale Ferguson
---
fence/agents/zvm/fence_zvm.8 | 4 +-
fence/agents/zvm/fence_zvm.c | 286 +++++++++++++++++++++++++++++++++++---
fence/agents/zvm/fence_zvm.h | 1 +
fence/agents/zvm/fence_zvmip.8 | 5 +-
fence/agents/zvm/fence_zvmip.c | 309 +++++++++++++++++++++++++++++++++++++++--
5 files changed, 575 insertions(+), 30 deletions(-)
diff --git a/fence/agents/zvm/fence_zvm.8 b/fence/agents/zvm/fence_zvm.8
index 0b34e2c..359436e 100644
--- a/fence/agents/zvm/fence_zvm.8
+++ b/fence/agents/zvm/fence_zvm.8
@@ -22,7 +22,7 @@ Vendor URL: http://www.sinenomine.net
.SH OPTIONS
.TP
\fB-o --action\fP
-Fencing action: "off" - fence off device; "metadata" - display device metadata
+Fencing action: "off" - deactivate virtual machine; "on" - activate virtual machine; "metadata" - display device metadata" - describe fence agent parameters; "status" - state of virtual machine
.TP
\fB--delay\fP \fIseconds\fP
Time to delay fencing action in seconds
@@ -52,7 +52,7 @@ forcibly terminated. Currently, this option is ignored.
This option is used by fence_node(8) and is ignored by fence_zvm.
.TP
\fIaction = < action >\fP
-Fencing action: "off" - fence off device; "metadata" - display device metadata
+Fencing action: "off" - fence off device; "metadata" - display device metadata; "status" - state of device
.TP
\fIport = < target >\fP
Name of virtual machine to recycle.
diff --git a/fence/agents/zvm/fence_zvm.c b/fence/agents/zvm/fence_zvm.c
index d2fb4a9..2ec4be9 100644
--- a/fence/agents/zvm/fence_zvm.c
+++ b/fence/agents/zvm/fence_zvm.c
@@ -185,6 +185,240 @@ zvm_smapi_imageRecycle(zvm_driver_t *zvm)
}
/**
+ * zvm_smapi_imageDeactivate
+ * @zvm: z/VM driver information
+ *
+ * Deactivates a virtual image
+ */
+int
+zvm_smapi_imageDeactivate(zvm_driver_t *zvm)
+{
+ struct _inPlist {
+ int32_t lPlist;
+ int32_t lFName;
+ char fName[16];
+ int32_t lUser;
+ int32_t lPass;
+ int32_t lTarget;
+ char target[0];
+ } __attribute__ ((__packed__)) *inPlist;
+ struct _deactTime {
+ int32_t lForceTime;
+ char forceTime[5];
+ } __attribute__ ((__packed__)) *deactTime;
+ int32_t lInPlist;
+ struct _outPlist {
+ smapiOutHeader_t hdr;
+ int32_t nActive;
+ int32_t nInActive;
+ int32_t lFail;
+ char failArray[0];
+ } *outPlist = NULL;
+ void *pOut = NULL;
+ int32_t lRsp;
+ uint32_t reqId;
+ int rc;
+
+ /*
+ * Implement any delay
+ */
+ if (zvm->delay > 0)
+ sleep(zvm->delay);
+
+ lInPlist = sizeof(*inPlist) + strlen(zvm->target) + sizeof(*deactTime);
+ inPlist = malloc(lInPlist);
+ if (inPlist != NULL) {
+ inPlist->lPlist = lInPlist - sizeof(inPlist->lPlist);
+ inPlist->lFName = sizeof(inPlist->fName);
+ memcpy(inPlist->fName, Image_Deactivate, sizeof(inPlist->fName));
+ deactTime = (void *) ((intptr_t) inPlist + sizeof(*inPlist) + strlen(zvm->target));
+ deactTime->lForceTime = sizeof(deactTime->forceTime);
+ memcpy(deactTime->forceTime, "IMMED", sizeof(deactTime->forceTime));
+ inPlist->lUser = inPlist->lPass = 0;
+ inPlist->lTarget = strlen(zvm->target);
+ memcpy(inPlist->target, zvm->target, inPlist->lTarget);
+ if ((rc = zvm_smapi_send(zvm, inPlist, &reqId, lInPlist)) != -1) {
+ if ((rc = zvm_smapi_recv(zvm, &pOut, &lRsp)) != -1) {
+ outPlist = pOut;
+ if (outPlist->hdr.rc == 0) {
+ syslog(LOG_INFO, "Deactivation of %s successful",
+ zvm->target);
+ rc = 0;
+ } else {
+ if ((outPlist->hdr.rc == RCERR_IMAGEOP) &
+ ((outPlist->hdr.reason == RS_NOT_ACTIVE) |
+ (outPlist->hdr.reason == RS_BEING_DEACT))) {
+ syslog(LOG_INFO, "Deactivation of %s successful",
+ zvm->target);
+ rc = 0;
+ } else {
+ rc = outPlist->hdr.rc;
+ zvm->reason = outPlist->hdr.reason;
+ (void) zvm_smapi_reportError(inPlist, outPlist);
+ }
+ }
+ }
+ }
+ free(inPlist);
+ free(outPlist);
+ } else {
+ syslog(LOG_ERR, "%s - cannot allocate parameter list", __func__);
+ rc = -1;
+ }
+ return(rc);
+}
+
+/**
+ * zvm_smapi_imageActivate
+ * @zvm: z/VM driver information
+ *
+ * Deactivates a virtual image
+ */
+int
+zvm_smapi_imageActivate(zvm_driver_t *zvm)
+{
+ struct _inPlist {
+ int32_t lPlist;
+ int32_t lFName;
+ char fName[14];
+ int32_t lUser;
+ int32_t lPass;
+ int32_t lTarget;
+ char target[0];
+ } __attribute__ ((__packed__)) *inPlist;
+ int32_t lInPlist;
+ struct _outPlist {
+ smapiOutHeader_t hdr;
+ int32_t nActive;
+ int32_t nInActive;
+ int32_t lFail;
+ char failArray[0];
+ } *outPlist = NULL;
+ void *pOut = NULL;
+ int32_t lRsp;
+ uint32_t reqId;
+ int rc;
+
+ /*
+ * Implement any delay
+ */
+ if (zvm->delay > 0)
+ sleep(zvm->delay);
+
+ lInPlist = sizeof(*inPlist) + strlen(zvm->target);
+ inPlist = malloc(lInPlist);
+ if (inPlist != NULL) {
+ inPlist->lPlist = lInPlist - sizeof(inPlist->lPlist);
+ inPlist->lFName = sizeof(inPlist->fName);
+ memcpy(inPlist->fName, Image_Activate, sizeof(inPlist->fName));
+ inPlist->lUser = inPlist->lPass = 0;
+ inPlist->lTarget = strlen(zvm->target);
+ memcpy(inPlist->target, zvm->target, inPlist->lTarget);
+ if ((rc = zvm_smapi_send(zvm, inPlist, &reqId, lInPlist)) != -1) {
+ if ((rc = zvm_smapi_recv(zvm, &pOut, &lRsp)) != -1) {
+ outPlist = pOut;
+ if (outPlist->hdr.rc == 0) {
+ syslog(LOG_INFO, "Activation of %s successful",
+ zvm->target);
+ rc = 0;
+ } else {
+ if ((outPlist->hdr.rc == RCERR_IMAGEOP) &
+ ((outPlist->hdr.reason == RS_NOT_ACTIVE) |
+ (outPlist->hdr.reason == RS_BEING_DEACT))) {
+ syslog(LOG_INFO, "Activation of %s successful",
+ zvm->target);
+ rc = 0;
+ } else {
+ rc = outPlist->hdr.rc;
+ zvm->reason = outPlist->hdr.reason;
+ (void) zvm_smapi_reportError(inPlist, outPlist);
+ }
+ }
+ }
+ }
+ free(inPlist);
+ free(outPlist);
+ } else {
+ syslog(LOG_ERR, "%s - cannot allocate parameter list", __func__);
+ rc = -1;
+ }
+ return(rc);
+}
+
+/**
+ * zvm_smapi_imageQuery
+ * @zvm: z/VM driver information
+ *
+ * Queries the state of a virtual image
+ */
+int
+zvm_smapi_imageQuery(zvm_driver_t *zvm)
+{
+ struct _inPlist {
+ int32_t lPlist;
+ int32_t lFName;
+ char fName[18];
+ int32_t lUser;
+ int32_t lPass;
+ int32_t lTarget;
+ char target[0];
+ } __attribute__ ((__packed__)) *inPlist;
+ int32_t lInPlist;
+ struct _outPlist {
+ smapiOutHeader_t hdr;
+ int32_t lNames;
+ char nameArray[0];
+ } *outPlist = NULL;
+ void *pOut = NULL;
+ int32_t lRsp;
+ uint32_t reqId;
+ int rc;
+
+ /*
+ * Implement any delay
+ */
+ if (zvm->delay > 0)
+ sleep(zvm->delay);
+
+ lInPlist = sizeof(*inPlist) + strlen(zvm->target);
+ inPlist = malloc(lInPlist);
+ if (inPlist != NULL) {
+ inPlist->lPlist = lInPlist - sizeof(inPlist->lPlist);
+ inPlist->lFName = sizeof(inPlist->fName);
+ memcpy(inPlist->fName, Image_Status_Query, sizeof(inPlist->fName));
+ inPlist->lUser = inPlist->lPass = 0;
+ inPlist->lTarget = strlen(zvm->target);
+ memcpy(inPlist->target, zvm->target, inPlist->lTarget);
+ if ((rc = zvm_smapi_send(zvm, inPlist, &reqId, lInPlist)) != -1) {
+ if ((rc = zvm_smapi_recv(zvm, &pOut, &lRsp)) != -1) {
+ outPlist = pOut;
+ if (outPlist->hdr.rc == 0) {
+ if (outPlist->hdr.reason == 0) {
+ syslog(LOG_INFO, "Node %s is active",
+ zvm->target);
+ rc = 0;
+ } else {
+ syslog(LOG_INFO, "Node %s is inactive",
+ zvm->target);
+ rc = 2;
+ }
+ } else {
+ rc = 1;
+ zvm->reason = outPlist->hdr.reason;
+ (void) zvm_smapi_reportError(inPlist, outPlist);
+ }
+ }
+ }
+ free(inPlist);
+ free(outPlist);
+ } else {
+ syslog(LOG_ERR, "%s - cannot allocate parameter list", __func__);
+ rc = -1;
+ }
+ return(rc);
+}
+
+/**
* zvm_smapi_send:
* @zvm: z/VM driver information
* @reqid: Returned request id
@@ -414,7 +648,9 @@ zvm_metadata()
fprintf (stdout, "<actions>\n");
fprintf (stdout, "\t<action name=\"off\" />\n");
+ fprintf (stdout, "\t<action name=\"on\" />\n");
fprintf (stdout, "\t<action name=\"metadata\" />\n");
+ fprintf (stdout, "\t<action name=\"status\" />\n");
fprintf (stdout, "</actions>\n");
fprintf (stdout, "</resource-agent>\n");
@@ -463,10 +699,14 @@ get_options_stdin (zvm_driver_t *zvm)
if (!strcasecmp (opt, "action")) {
if (strcasecmp(arg, "off") == 0) {
fence = 0;
+ } else if (strcasecmp(arg, "on") == 0) {
+ fence = 1;
} else if (strcasecmp(arg, "metadata") == 0) {
- fence = 1;
- } else {
fence = 2;
+ } else if (strcasecmp(arg, "status") == 0) {
+ fence = 3;
+ } else {
+ fence = 4;
}
} else if (!strcasecmp (opt, "ipaddr")) {
lSrvName = MIN(strlen(arg), sizeof(zvm->smapiSrv));
@@ -497,7 +737,7 @@ get_options_stdin (zvm_driver_t *zvm)
zvm->delay = DEFAULT_DELAY;
}
} else if (!strcasecmp (opt, "help")) {
- fence = 2;
+ fence = 4;
}
}
return(fence);
@@ -529,10 +769,14 @@ get_options(int argc, char **argv, zvm_driver_t *zvm)
case 'o' :
if (strcasecmp(optarg, "off") == 0) {
fence = 0;
+ } else if (strcasecmp(optarg, "on") == 0) {
+ fence = 1;
} else if (strcasecmp(optarg, "metadata") == 0) {
- fence = 1;
- } else {
fence = 2;
+ } else if (strcasecmp(optarg, "status") == 0) {
+ fence = 3;
+ } else {
+ fence = 4;
}
break;
case 'a' :
@@ -562,7 +806,7 @@ get_options(int argc, char **argv, zvm_driver_t *zvm)
memcpy(zvm->node, optarg, lSrvNode);
break;
default :
- fence = 2;
+ fence = 4;
}
}
return(fence);
@@ -577,13 +821,13 @@ usage()
{
fprintf(stderr,"Usage: fence_zvm [options]\n\n"
"\tWhere [options] =\n"
- "\t-o --action [action] - \"off\", \"metadata\"\n"
- "\t--delay [seconds] - Time to delay fencing action in seconds\n"
- "\t-n --plug [target] - Name of virtual machine to fence\n"
- "\t-a --ip [server] - Name of SMAPI IUCV Request server\n"
- "\t-T --timeout [secs] - Time to wait for fence in seconds - currently ignored\n"
- "\t--zvmsys [node] - z/VM Node on which SMAPI server lives\n"
- "\t-h --help - Display this usage information\n");
+ "\t-o --action [action] - \"off\", \"on\", \"metadata\", \"status\"\n"
+ "\t--delay [seconds] - Time to delay fencing action in seconds\n"
+ "\t-n --plug [target] - Name of virtual machine to fence\n"
+ "\t-a --ip [server] - Name of SMAPI IUCV Request server\n"
+ "\t-T --timeout [secs] - Time to wait for fence in seconds - currently ignored\n"
+ "\t--zvmsys [node] - z/VM Node on which SMAPI server lives\n"
+ "\t-h --help - Display this usage information\n");
return(1);
}
@@ -629,14 +873,22 @@ main(int argc, char **argv)
fence = get_options_stdin(&zvm);
switch(fence) {
- case 0 :
+ case 0 : // OFF
if ((rc = check_parm(&zvm)) == 0)
- rc = zvm_smapi_imageRecycle(&zvm);
+ rc = zvm_smapi_imageDeactivate(&zvm);
break;
- case 1 :
+ case 1 : // ON
+ if ((rc = check_parm(&zvm)) == 0)
+ rc = zvm_smapi_imageActivate(&zvm);
+ break;
+ case 2 : // METADATA
rc = zvm_metadata();
break;
- case 2 :
+ case 3 : // STATUS
+ if ((rc = check_parm(&zvm)) == 0)
+ rc = zvm_smapi_imageQuery(&zvm);
+ break;
+ case 4 :
rc = usage();
}
closelog();
diff --git a/fence/agents/zvm/fence_zvm.h b/fence/agents/zvm/fence_zvm.h
index 6178fa5..ca18e4d 100644
--- a/fence/agents/zvm/fence_zvm.h
+++ b/fence/agents/zvm/fence_zvm.h
@@ -578,5 +578,6 @@ int zvm_smapi_imageActivate(zvm_driver_t *);
int zvm_smapi_imageActiveQuery(zvm_driver_t *);
int zvm_smapi_imageDeactivate(zvm_driver_t *);
int zvm_smapi_imageRecycle(zvm_driver_t *);
+int zvm_smapi_imageQuery(zvm_driver_t *);
#endif /* FENCE_ZVM_H */
diff --git a/fence/agents/zvm/fence_zvmip.8 b/fence/agents/zvm/fence_zvmip.8
index 0bf91ae..8217d61 100644
--- a/fence/agents/zvm/fence_zvmip.8
+++ b/fence/agents/zvm/fence_zvmip.8
@@ -22,7 +22,7 @@ Vendor URL: http://www.sinenomine.net
.SH OPTIONS
.TP
\fB-o --action\fP
-Fencing action: "off" - fence off device; "metadata" - display device metadata
+Fencing action: "off" - deactivate virtual machine; "on" - activate virtual machine; "metadata" - display device metadata" - describe fence agent parameters; "status" - state of virtual machine
.TP
\fB--delay\fP \fIseconds\fP
Time to delay fencing action in seconds
@@ -54,6 +54,9 @@ Display usage information
\fIagent = < param >\fP
This option is used by fence_node(8) and is ignored by fence_zvmip.
.TP
+\fIaction = < action >\fP
+Fencing action: "off" - fence off device; "metadata" - display device metadata; "status" - state of device
+.TP
\fIplug = < plug >\fP
Name of virtual machine to recycle.
.TP
diff --git a/fence/agents/zvm/fence_zvmip.c b/fence/agents/zvm/fence_zvmip.c
index f4dcd1c..94c9e2e 100644
--- a/fence/agents/zvm/fence_zvmip.c
+++ b/fence/agents/zvm/fence_zvmip.c
@@ -201,6 +201,277 @@ zvm_smapi_imageRecycle(zvm_driver_t *zvm)
}
/**
+ * zvm_smapi_imageDeactivate
+ * @zvm: z/VM driver information
+ *
+ * Deactivates a virtual image
+ */
+int
+zvm_smapi_imageDeactivate(zvm_driver_t *zvm)
+{
+ struct _inPlist {
+ int32_t lPlist;
+ int32_t lFName;
+ char fName[16];
+ } __attribute__ ((packed)) *inPlist;
+ struct _authUser {
+ int32_t lAuthUser;
+ char userId[0];
+ } __attribute__ ((packed)) *authUser;
+ struct _authPass {
+ int32_t lAuthPass;
+ char password[0];
+ } __attribute__ ((packed)) *authPass;
+ struct _image {
+ int32_t lTarget;
+ char target[0];
+ } __attribute__ ((packed)) *image;
+ struct _deactTime {
+ int32_t lForceTime;
+ char forceTime[5];
+ } __attribute__ ((__packed__)) *deactTime;
+ int32_t lInPlist;
+ struct _outPlist {
+ smapiOutHeader_t hdr;
+ int32_t nActive;
+ int32_t nInActive;
+ int32_t lFail;
+ char failArray[0];
+ } *outPlist = NULL;
+ void *pOut = NULL;
+ int32_t lRsp;
+ uint32_t reqId;
+ int rc;
+
+ /*
+ * Implement any delay
+ */
+ if (zvm->delay > 0)
+ sleep(zvm->delay);
+
+ lInPlist = sizeof(*inPlist) + sizeof(*authUser) + strlen(zvm->authUser) +
+ sizeof(*authPass) + strlen(zvm->authPass) + sizeof(*image) +
+ sizeof(*deactTime) + strlen(zvm->target);
+ inPlist = malloc(lInPlist);
+ if (inPlist != NULL) {
+ authUser = (void *) ((uintptr_t) inPlist + sizeof(*inPlist));
+ authPass = (void *) ((uintptr_t) authUser + sizeof(*authUser) +
+ strlen(zvm->authUser));
+ image = (void *) ((uintptr_t) authPass + sizeof(*authPass) +
+ strlen(zvm->authPass));
+ deactTime = (void *) ((intptr_t) image + sizeof(*image) +
+ strlen(zvm->target));
+ inPlist->lPlist = lInPlist - sizeof(inPlist->lPlist);
+ inPlist->lFName = sizeof(inPlist->fName);
+ memcpy(inPlist->fName, Image_Deactivate, sizeof(inPlist->fName));
+ authUser->lAuthUser = strlen(zvm->authUser);
+ memcpy(authUser->userId, zvm->authUser, strlen(zvm->authUser));
+ authPass->lAuthPass = strlen(zvm->authPass);
+ memcpy(authPass->password, zvm->authPass, strlen(zvm->authPass));
+ image->lTarget = strlen(zvm->target);
+ memcpy(image->target, zvm->target, strlen(zvm->target));
+ deactTime->lForceTime = sizeof(deactTime->forceTime);
+ memcpy(deactTime->forceTime, "IMMED", sizeof(deactTime->forceTime));
+ if ((rc = zvm_smapi_send(zvm, inPlist, &reqId, lInPlist)) != -1) {
+ if ((rc = zvm_smapi_recv(zvm, &pOut, &lRsp)) != -1) {
+ outPlist = pOut;
+ if (outPlist->hdr.rc == 0) {
+ syslog(LOG_INFO, "Deactivation of %s successful",
+ zvm->target);
+ rc = 0;
+ } else {
+ if ((outPlist->hdr.rc == RCERR_IMAGEOP) &
+ ((outPlist->hdr.reason == RS_NOT_ACTIVE) |
+ (outPlist->hdr.reason == RS_BEING_DEACT))) {
+ syslog(LOG_INFO, "Deactivation of %s successful",
+ zvm->target);
+ rc = 0;
+ } else {
+ rc = outPlist->hdr.rc;
+ zvm->reason = outPlist->hdr.reason;
+ (void) zvm_smapi_reportError(inPlist, outPlist);
+ }
+ }
+ }
+ }
+ free(inPlist);
+ free(outPlist);
+ } else {
+ syslog(LOG_ERR, "%s - cannot allocate parameter list", __func__);
+ rc = -1;
+ }
+ return(rc);
+}
+
+/**
+ * zvm_smapi_imageActivate
+ * @zvm: z/VM driver information
+ *
+ * Deactivates a virtual image
+ */
+int
+zvm_smapi_imageActivate(zvm_driver_t *zvm)
+{
+ struct _inPlist {
+ int32_t lPlist;
+ int32_t lFName;
+ char fName[14];
+ } __attribute__ ((packed)) *inPlist;
+ struct _authUser {
+ int32_t lAuthUser;
+ char userId[0];
+ } __attribute__ ((packed)) *authUser;
+ struct _authPass {
+ int32_t lAuthPass;
+ char password[0];
+ } __attribute__ ((packed)) *authPass;
+ struct _image {
+ int32_t lTarget;
+ char target[0];
+ } __attribute__ ((packed)) *image;
+ int32_t lInPlist;
+ struct _outPlist {
+ smapiOutHeader_t hdr;
+ int32_t nActive;
+ int32_t nInActive;
+ int32_t lFail;
+ char failArray[0];
+ } *outPlist = NULL;
+ void *pOut = NULL;
+ int32_t lRsp;
+ uint32_t reqId;
+ int rc;
+
+ /*
+ * Implement any delay
+ */
+ if (zvm->delay > 0)
+ sleep(zvm->delay);
+
+ lInPlist = sizeof(*inPlist) + sizeof(*authUser) + strlen(zvm->authUser) +
+ sizeof(*authPass) + strlen(zvm->authPass) + sizeof(*image) +
+ strlen(zvm->target);
+ inPlist = malloc(lInPlist);
+ if (inPlist != NULL) {
+ authUser = (void *) ((uintptr_t) inPlist + sizeof(*inPlist));
+ authPass = (void *) ((uintptr_t) authUser + sizeof(*authUser) +
+ strlen(zvm->authUser));
+ image = (void *) ((uintptr_t) authPass + sizeof(*authPass) +
+ strlen(zvm->authPass));
+ inPlist->lPlist = lInPlist - sizeof(inPlist->lPlist);
+ inPlist->lFName = sizeof(inPlist->fName);
+ memcpy(inPlist->fName, Image_Activate, sizeof(inPlist->fName));
+ authUser->lAuthUser = strlen(zvm->authUser);
+ memcpy(authUser->userId, zvm->authUser, strlen(zvm->authUser));
+ authPass->lAuthPass = strlen(zvm->authPass);
+ memcpy(authPass->password, zvm->authPass, strlen(zvm->authPass));
+ image->lTarget = strlen(zvm->target);
+ memcpy(image->target, zvm->target, strlen(zvm->target));
+ if ((rc = zvm_smapi_send(zvm, inPlist, &reqId, lInPlist)) != -1) {
+ if ((rc = zvm_smapi_recv(zvm, &pOut, &lRsp)) != -1) {
+ outPlist = pOut;
+ if (outPlist->hdr.rc == 0) {
+ syslog(LOG_INFO, "Activation of %s successful",
+ zvm->target);
+ rc = 0;
+ } else {
+ if ((outPlist->hdr.rc == RCERR_IMAGEOP) &
+ ((outPlist->hdr.reason == RS_NOT_ACTIVE) |
+ (outPlist->hdr.reason == RS_BEING_DEACT))) {
+ syslog(LOG_INFO, "Activation of %s successful",
+ zvm->target);
+ rc = 0;
+ } else {
+ rc = outPlist->hdr.rc;
+ zvm->reason = outPlist->hdr.reason;
+ (void) zvm_smapi_reportError(inPlist, outPlist);
+ }
+ }
+ }
+ }
+ free(inPlist);
+ free(outPlist);
+ } else {
+ syslog(LOG_ERR, "%s - cannot allocate parameter list", __func__);
+ rc = -1;
+ }
+ return(rc);
+}
+
+/**
+ * zvm_smapi_imageQuery
+ * @zvm: z/VM driver information
+ *
+ * Queries the state of a virtual image
+ */
+int
+zvm_smapi_imageQuery(zvm_driver_t *zvm)
+{
+ struct _inPlist {
+ int32_t lPlist;
+ int32_t lFName;
+ char fName[18];
+ int32_t lUser;
+ int32_t lPass;
+ int32_t lTarget;
+ char target[0];
+ } __attribute__ ((__packed__)) *inPlist;
+ int32_t lInPlist;
+ struct _outPlist {
+ smapiOutHeader_t hdr;
+ int32_t lNames;
+ char nameArray[0];
+ } *outPlist = NULL;
+ void *pOut = NULL;
+ int32_t lRsp;
+ uint32_t reqId;
+ int rc;
+
+ /*
+ * Implement any delay
+ */
+ if (zvm->delay > 0)
+ sleep(zvm->delay);
+
+ lInPlist = sizeof(*inPlist) + strlen(zvm->target);
+ inPlist = malloc(lInPlist);
+ if (inPlist != NULL) {
+ inPlist->lPlist = lInPlist - sizeof(inPlist->lPlist);
+ inPlist->lFName = sizeof(inPlist->fName);
+ memcpy(inPlist->fName, Image_Status_Query, sizeof(inPlist->fName));
+ inPlist->lUser = inPlist->lPass = 0;
+ inPlist->lTarget = strlen(zvm->target);
+ memcpy(inPlist->target, zvm->target, inPlist->lTarget);
+ if ((rc = zvm_smapi_send(zvm, inPlist, &reqId, lInPlist)) != -1) {
+ if ((rc = zvm_smapi_recv(zvm, &pOut, &lRsp)) != -1) {
+ outPlist = pOut;
+ if (outPlist->hdr.rc == 0) {
+ if (outPlist->hdr.reason == 0) {
+ syslog(LOG_INFO, "Node %s is active",
+ zvm->target);
+ rc = 0;
+ } else {
+ syslog(LOG_INFO, "Node %s is inactive",
+ zvm->target);
+ rc = 2;
+ }
+ } else {
+ rc = 1;
+ zvm->reason = outPlist->hdr.reason;
+ (void) zvm_smapi_reportError(inPlist, outPlist);
+ }
+ }
+ }
+ free(inPlist);
+ free(outPlist);
+ } else {
+ syslog(LOG_ERR, "%s - cannot allocate parameter list", __func__);
+ rc = -1;
+ }
+ return(rc);
+}
+
+/**
* zvm_smapi_send:
* @zvm: z/VM driver information
* @reqid: Returned request id
@@ -407,10 +678,14 @@ get_options_stdin (zvm_driver_t *zvm)
if (!strcasecmp (opt, "action")) {
if (strcasecmp(arg, "off") == 0) {
fence = 0;
+ } else if (strcasecmp(arg, "on") == 0) {
+ fence = 1;
} else if (strcasecmp(arg, "metadata") == 0) {
- fence = 1;
- } else {
fence = 2;
+ } else if (strcasecmp(arg, "status") == 0) {
+ fence = 3;
+ } else {
+ fence = 4;
}
} else if (!strcasecmp (opt, "ipaddr")) {
lSrvName = MIN(strlen(arg), sizeof(zvm->smapiSrv)-1);
@@ -472,10 +747,14 @@ get_options(int argc, char **argv, zvm_driver_t *zvm)
case 'o' :
if (strcasecmp(optarg, "off") == 0) {
fence = 0;
+ } else if (strcasecmp(optarg, "on") == 0) {
+ fence = 1;
} else if (strcasecmp(optarg, "metadata") == 0) {
- fence = 1;
- } else {
fence = 2;
+ } else if (strcasecmp(optarg, "status") == 0) {
+ fence = 3;
+ } else {
+ fence = 4;
}
break;
case 'p' :
@@ -505,7 +784,7 @@ get_options(int argc, char **argv, zvm_driver_t *zvm)
}
break;
default :
- fence = 2;
+ fence = 4;
}
}
return(fence);
@@ -581,7 +860,9 @@ zvm_metadata()
fprintf (stdout, "<actions>\n");
fprintf (stdout, "\t<action name=\"off\" />\n");
+ fprintf (stdout, "\t<action name=\"on\" />\n");
fprintf (stdout, "\t<action name=\"metadata\" />\n");
+ fprintf (stdout, "\t<action name=\"status\" />\n");
fprintf (stdout, "</actions>\n");
fprintf (stdout, "</resource-agent>\n");
@@ -599,7 +880,7 @@ usage()
{
fprintf(stderr,"Usage: fence_zvmip [options]\n\n"
"\tWhere [options] =\n"
- "\t-o --action [action] - \"off\", \"metadata\"\n"
+ "\t-o --action [action] - \"off\", \"on\", \"metadata\", \"status\"\n"
"\t--delay [seconds] - Time to delay fencing action in seconds\n"
"\t-n --plug [target] - Name of virtual machine to fence\n"
"\t-a --ip [server] - IP Name/Address of SMAPI Server\n"
@@ -662,14 +943,22 @@ main(int argc, char **argv)
fence = get_options_stdin(&zvm);
switch(fence) {
- case 0 :
+ case 0 : // OFF
if ((rc = check_parm(&zvm)) == 0)
- rc = zvm_smapi_imageRecycle(&zvm);
+ rc = zvm_smapi_imageDeactivate(&zvm);
break;
- case 1 :
+ case 1 : // ON
+ if ((rc = check_parm(&zvm)) == 0)
+ rc = zvm_smapi_imageActivate(&zvm);
+ break;
+ case 2 : // METADATA
rc = zvm_metadata();
break;
- case 2 :
+ case 3 : // STATUS
+ if ((rc = check_parm(&zvm)) == 0)
+ rc = zvm_smapi_imageQuery(&zvm);
+ break;
+ case 4 :
rc = usage();
}
closelog();
--
1.8.4.5

View File

@ -0,0 +1,25 @@
From c19e51064fd01d9d033452943e3d2a8dc617174b Mon Sep 17 00:00:00 2001
From: Marek 'marx' Grac <mgrac@redhat.com>
Date: Wed, 27 Aug 2014 13:23:21 +0200
Subject: [PATCH 05/11] fence_zvm: Add current XML metadata to test suite
---
tests/data/metadata/fence_zvmip.xml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/data/metadata/fence_zvmip.xml b/tests/data/metadata/fence_zvmip.xml
index e28bc1c..5a737ca 100644
--- a/tests/data/metadata/fence_zvmip.xml
+++ b/tests/data/metadata/fence_zvmip.xml
@@ -40,6 +40,8 @@
</parameters>
<actions>
<action name="off" />
+ <action name="on" />
<action name="metadata" />
+ <action name="status" />
</actions>
</resource-agent>
--
1.8.4.5

View File

@ -0,0 +1,47 @@
From 3b3a7cf2d58fd863fef21553db5715c1dfab26a0 Mon Sep 17 00:00:00 2001
From: Marek 'marx' Grac <mgrac@redhat.com>
Date: Wed, 27 Aug 2014 15:18:01 +0200
Subject: [PATCH 06/11] [build] Fix automake files, so 'make distcheck' works
---
Makefile.am | 2 +-
fence/agents/Makefile.am | 3 +--
fence/agents/scsi/Makefile.am | 2 +-
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index e70dac5..5e2e22d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -15,7 +15,7 @@ noinst_HEADERS = make/copyright.cf
ACLOCAL_AMFLAGS = -I m4
-SUBDIRS = fence doc
+SUBDIRS = fence/agents/lib fence doc
install-exec-local:
$(INSTALL) -d $(DESTDIR)/$(LOGDIR)
diff --git a/fence/agents/Makefile.am b/fence/agents/Makefile.am
index c47f5d5..3b76b9a 100644
--- a/fence/agents/Makefile.am
+++ b/fence/agents/Makefile.am
@@ -1,4 +1,3 @@
MAINTAINERCLEANFILES = Makefile.in
-SUBDIRS = lib \
- $(AGENTS_LIST)
+SUBDIRS = $(AGENTS_LIST)
diff --git a/fence/agents/scsi/Makefile.am b/fence/agents/scsi/Makefile.am
index 5722e18..c113f06 100644
--- a/fence/agents/scsi/Makefile.am
+++ b/fence/agents/scsi/Makefile.am
@@ -20,4 +20,4 @@ include $(top_srcdir)/make/fenceman.mk
include $(top_srcdir)/make/agentpycheck.mk
clean-local: clean-man
- rm -f $(TARGET) $(SYMTARGET)
+ rm -f $(TARGET) $(SYMTARGET) fence_scsi_check
--
1.8.4.5

View File

@ -0,0 +1,208 @@
From 39df713492714f55e9d5bf578bece4cd9fc98fef Mon Sep 17 00:00:00 2001
From: Marek 'marx' Grac <mgrac@redhat.com>
Date: Mon, 1 Sep 2014 15:05:20 +0200
Subject: [PATCH 07/11] fencing: Add new options --ssl-secure and
--ssl-insecure
These new options extends current --ssl (same as --ssl-secure). Until now certificate of the fence device
was not validated what can possibly lead to attack on infrastructe. With this patch, user can decide
if certificate should (--ssl-secure) or should not (--ssl-insecure) be verified.
The default option is to validate certificate.
Resolves: rhbz#1072564
---
fence/agents/cisco_ucs/fence_cisco_ucs.py | 9 ++++++--
fence/agents/lib/fencing.py.py | 28 ++++++++++++++++++++---
fence/agents/rhevm/fence_rhevm.py | 9 ++++++--
fence/agents/vmware_soap/fence_vmware_soap.py | 33 +++++++++++++++++++++++----
4 files changed, 68 insertions(+), 11 deletions(-)
diff --git a/fence/agents/cisco_ucs/fence_cisco_ucs.py b/fence/agents/cisco_ucs/fence_cisco_ucs.py
index f72e696..888d689 100644
--- a/fence/agents/cisco_ucs/fence_cisco_ucs.py
+++ b/fence/agents/cisco_ucs/fence_cisco_ucs.py
@@ -90,8 +90,13 @@ def send_command(opt, command, timeout):
conn.setopt(pycurl.POSTFIELDS, command)
conn.setopt(pycurl.WRITEFUNCTION, web_buffer.write)
conn.setopt(pycurl.TIMEOUT, timeout)
- conn.setopt(pycurl.SSL_VERIFYPEER, 0)
- conn.setopt(pycurl.SSL_VERIFYHOST, 0)
+ if opt.has_key("--ssl") or opt.has_key("--ssl-secure"):
+ conn.setopt(pycurl.SSL_VERIFYPEER, 1)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 2)
+
+ if opt.has_key("--ssl-insecure"):
+ conn.setopt(pycurl.SSL_VERIFYPEER, 0)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 0)
conn.perform()
result = web_buffer.getvalue()
diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py
index 4520ea8..7d1d28e 100644
--- a/fence/agents/lib/fencing.py.py
+++ b/fence/agents/lib/fencing.py.py
@@ -179,6 +179,21 @@ all_opt = {
"required" : "0",
"shortdesc" : "SSL connection",
"order" : 1},
+ "ssl_insecure" : {
+ "getopt" : "9",
+ "longopt" : "ssl-insecure",
+ "help" : "--ssl-insecure Use ssl connection without verifying certificate",
+ "required" : "0",
+ "shortdesc" : "SSL connection without verifying fence device's certificate",
+ "order" : 1},
+ "ssl_secure" : {
+ "getopt" : "9",
+ "longopt" : "ssl-secure",
+ "help" : "--ssl-secure Use ssl connection with verifying certificate",
+ "required" : "0",
+ "shortdesc" : "SSL connection with verifying fence device's certificate",
+ "order" : 1},
+
"notls" : {
"getopt" : "t",
"longopt" : "notls",
@@ -385,6 +400,7 @@ DEPENDENCY_OPT = {
"secure" : ["identity_file", "ssh_options"],
"ipaddr" : ["ipport", "inet4_only", "inet6_only"],
"port" : ["separator"],
+ "ssl" : ["ssl_secure", "ssl_insecure"],
"community" : ["snmp_auth_prot", "snmp_sec_level", "snmp_priv_prot", \
"snmp_priv_passwd", "snmp_priv_passwd_script"]
}
@@ -663,7 +679,7 @@ def check_input(device_opt, opt):
elif options.has_key("--ssh") or (all_opt["secure"].has_key("default") and all_opt["secure"]["default"] == '1'):
all_opt["ipport"]["default"] = 22
all_opt["ipport"]["help"] = "-u, --ipport=[port] TCP/UDP port to use (default 22)"
- elif options.has_key("--ssl") or (all_opt["ssl"].has_key("default") and all_opt["ssl"]["default"] == '1'):
+ elif options.has_key("--ssl") or options.has_key("--ssl-secure") or options.has_key("--ssl-insecure") or (all_opt["ssl"].has_key("default") and all_opt["ssl"]["default"] == '1'):
all_opt["ipport"]["default"] = 443
all_opt["ipport"]["help"] = "-u, --ipport=[port] TCP/UDP port to use (default 443)"
elif device_opt.count("web"):
@@ -970,11 +986,17 @@ def fence_login(options, re_login_string=r"(login\s*: )|(Login Name: )|(usernam
if options.has_key("--ssl"):
gnutls_opts = ""
+ ssl_opts = ""
+
if options.has_key("--notls"):
gnutls_opts = "--priority \"NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0\""
- command = '%s %s --insecure --crlf -p %s %s' % \
- (SSL_PATH, gnutls_opts, options["--ipport"], options["--ip"])
+ # --ssl is same as the --ssl-secure
+ if options.has_key("--ssl-insecure"):
+ ssl_opts = "--insecure"
+
+ command = '%s %s %s --insecure --crlf -p %s %s' % \
+ (SSL_PATH, gnutls_opts, ssl_opts, options["--ipport"], options["--ip"])
try:
conn = fspawn(options, command)
except pexpect.ExceptionPexpect, ex:
diff --git a/fence/agents/rhevm/fence_rhevm.py b/fence/agents/rhevm/fence_rhevm.py
index a0d8d59..444fb56 100644
--- a/fence/agents/rhevm/fence_rhevm.py
+++ b/fence/agents/rhevm/fence_rhevm.py
@@ -91,8 +91,13 @@ def send_command(opt, command, method="GET"):
conn.setopt(pycurl.HTTPAUTH, pycurl.HTTPAUTH_BASIC)
conn.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"])
conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"]))
- conn.setopt(pycurl.SSL_VERIFYPEER, 0)
- conn.setopt(pycurl.SSL_VERIFYHOST, 0)
+ if opt.has_key("--ssl") or opt.has_key("--ssl-secure"):
+ conn.setopt(pycurl.SSL_VERIFYPEER, 1)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 2)
+
+ if opt.has_key("--ssl-insecure"):
+ conn.setopt(pycurl.SSL_VERIFYPEER, 0)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 0)
if method == "POST":
conn.setopt(pycurl.POSTFIELDS, "<action />")
diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py
index 53fd9ea..3217c6b 100644
--- a/fence/agents/vmware_soap/fence_vmware_soap.py
+++ b/fence/agents/vmware_soap/fence_vmware_soap.py
@@ -2,12 +2,14 @@
import sys
import shutil, tempfile, suds
-import logging
+import logging, requests
import atexit
sys.path.append("@FENCEAGENTSLIBDIR@")
from suds.client import Client
from suds.sudsobject import Property
+from suds.transport.http import HttpAuthenticated
+from suds.transport import Reply, TransportError
from fencing import *
from fencing import fail, EC_STATUS, EC_LOGIN_DENIED, EC_INVALID_PRIVILEGES, EC_WAITING_ON, EC_WAITING_OFF
from fencing import run_delay
@@ -18,12 +20,31 @@ REDHAT_COPYRIGHT=""
BUILD_DATE="April, 2011"
#END_VERSION_GENERATION
+class RequestsTransport(HttpAuthenticated):
+ def __init__(self, **kwargs):
+ self.cert = kwargs.pop('cert', None)
+ self.verify = kwargs.pop('verify', True)
+ self.session = requests.Session()
+ # super won't work because not using new style class
+ HttpAuthenticated.__init__(self, **kwargs)
+
+ def send(self, request):
+ self.addcredentials(request)
+ resp = self.session.post(request.url, data = request.message, headers = request.headers, cert = self.cert, verify = self.verify)
+ result = Reply(resp.status_code, resp.headers, resp.content)
+ return result
+
def soap_login(options):
run_delay(options)
- if options.has_key("--ssl"):
+ if options.has_key("--ssl") or options.has_key("--ssl-secure") or options.has_key("--ssl-insecure"):
+ if options.has_key("--ssl-insecure"):
+ verify = False
+ else:
+ verify = True
url = "https://"
else:
+ verify = False
url = "http://"
url += options["--ip"] + ":" + str(options["--ipport"]) + "/sdk"
@@ -33,8 +54,8 @@ def soap_login(options):
atexit.register(remove_tmp_dir, tmp_dir)
try:
- conn = Client(url + "/vimService.wsdl")
- conn.set_options(location=url)
+ headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : ""}
+ conn = Client(url + "/vimService.wsdl", location = url, transport = RequestsTransport(verify = verify), headers = headers)
mo_ServiceInstance = Property('ServiceInstance')
mo_ServiceInstance._type = 'ServiceInstance'
@@ -43,6 +64,8 @@ def soap_login(options):
mo_SessionManager._type = 'SessionManager'
conn.service.Login(mo_SessionManager, options["--username"], options["--password"])
+ except requests.exceptions.SSLError, ex:
+ fail_usage("Server side certificate verification failed")
except Exception:
fail(EC_LOGIN_DENIED)
@@ -205,6 +228,8 @@ Alternatively you can always use UUID to access virtual machine."
logging.basicConfig(level=logging.INFO)
logging.getLogger('suds.client').setLevel(logging.CRITICAL)
+ logging.getLogger("requests").setLevel(logging.CRITICAL)
+ logging.getLogger("urllib3").setLevel(logging.CRITICAL)
##
## Operate the fencing device
--
1.8.4.5

View File

@ -0,0 +1,186 @@
From 667bd9c6755e4211d42a7f03e3f28f035921cf76 Mon Sep 17 00:00:00 2001
From: Marek 'marx' Grac <mgrac@redhat.com>
Date: Mon, 1 Sep 2014 16:37:50 +0200
Subject: [PATCH 08/11] [tests] Update XML metadata of fence agents
added --ssl-secure, --ssl-insecure
---
tests/data/metadata/fence_cisco_ucs.xml | 10 ++++++++++
tests/data/metadata/fence_docker.xml | 10 ++++++++++
tests/data/metadata/fence_ilo.xml | 10 ++++++++++
tests/data/metadata/fence_ilo2.xml | 10 ++++++++++
tests/data/metadata/fence_rhevm.xml | 10 ++++++++++
tests/data/metadata/fence_vmware_soap.xml | 10 ++++++++++
6 files changed, 60 insertions(+)
diff --git a/tests/data/metadata/fence_cisco_ucs.xml b/tests/data/metadata/fence_cisco_ucs.xml
index 30a3cb4..75e45ce 100644
--- a/tests/data/metadata/fence_cisco_ucs.xml
+++ b/tests/data/metadata/fence_cisco_ucs.xml
@@ -13,6 +13,11 @@
<content type="boolean" />
<shortdesc lang="en">Disable TLS negotiation</shortdesc>
</parameter>
+ <parameter name="ssl_secure" unique="0" required="0">
+ <getopt mixed="--ssl-secure" />
+ <content type="boolean" />
+ <shortdesc lang="en">SSL connection with verifying fence device's certificate</shortdesc>
+ </parameter>
<parameter name="port" unique="0" required="1">
<getopt mixed="-n, --plug=[id]" />
<content type="string" />
@@ -53,6 +58,11 @@
<content type="string" />
<shortdesc lang="en">Additional path needed to access suborganization</shortdesc>
</parameter>
+ <parameter name="ssl_insecure" unique="0" required="0">
+ <getopt mixed="--ssl-insecure" />
+ <content type="boolean" />
+ <shortdesc lang="en">SSL connection without verifying fence device's certificate</shortdesc>
+ </parameter>
<parameter name="action" unique="0" required="1">
<getopt mixed="-o, --action=[action]" />
<content type="string" default="reboot" />
diff --git a/tests/data/metadata/fence_docker.xml b/tests/data/metadata/fence_docker.xml
index bda31d01..d100b8c 100644
--- a/tests/data/metadata/fence_docker.xml
+++ b/tests/data/metadata/fence_docker.xml
@@ -8,6 +8,11 @@
<content type="string" default="80" />
<shortdesc lang="en">TCP/UDP port to use for connection with device</shortdesc>
</parameter>
+ <parameter name="ssl_secure" unique="0" required="0">
+ <getopt mixed="--ssl-secure" />
+ <content type="boolean" />
+ <shortdesc lang="en">SSL connection with verifying fence device's certificate</shortdesc>
+ </parameter>
<parameter name="port" unique="0" required="1">
<getopt mixed="-n, --plug=[id]" />
<content type="string" />
@@ -41,6 +46,11 @@
<content type="boolean" />
<shortdesc lang="en">SSL connection</shortdesc>
</parameter>
+ <parameter name="ssl_insecure" unique="0" required="0">
+ <getopt mixed="--ssl-insecure" />
+ <content type="boolean" />
+ <shortdesc lang="en">SSL connection without verifying fence device's certificate</shortdesc>
+ </parameter>
<parameter name="action" unique="0" required="1">
<getopt mixed="-o, --action=[action]" />
<content type="string" default="reboot" />
diff --git a/tests/data/metadata/fence_ilo.xml b/tests/data/metadata/fence_ilo.xml
index eb8951c..25d9d54 100644
--- a/tests/data/metadata/fence_ilo.xml
+++ b/tests/data/metadata/fence_ilo.xml
@@ -19,6 +19,11 @@
<content type="string" />
<shortdesc lang="en">Force ribcl version to use</shortdesc>
</parameter>
+ <parameter name="ssl_secure" unique="0" required="0">
+ <getopt mixed="--ssl-secure" />
+ <content type="boolean" />
+ <shortdesc lang="en">SSL connection with verifying fence device's certificate</shortdesc>
+ </parameter>
<parameter name="action" unique="0" required="1">
<getopt mixed="-o, --action=[action]" />
<content type="string" default="reboot" />
@@ -54,6 +59,11 @@
<content type="boolean" default="1" />
<shortdesc lang="en">SSL connection</shortdesc>
</parameter>
+ <parameter name="ssl_insecure" unique="0" required="0">
+ <getopt mixed="--ssl-insecure" />
+ <content type="boolean" />
+ <shortdesc lang="en">SSL connection without verifying fence device's certificate</shortdesc>
+ </parameter>
<parameter name="login" unique="0" required="1">
<getopt mixed="-l, --username=[name]" />
<content type="string" />
diff --git a/tests/data/metadata/fence_ilo2.xml b/tests/data/metadata/fence_ilo2.xml
index 4d65808..47e8e28 100644
--- a/tests/data/metadata/fence_ilo2.xml
+++ b/tests/data/metadata/fence_ilo2.xml
@@ -19,6 +19,11 @@
<content type="string" />
<shortdesc lang="en">Force ribcl version to use</shortdesc>
</parameter>
+ <parameter name="ssl_secure" unique="0" required="0">
+ <getopt mixed="--ssl-secure" />
+ <content type="boolean" />
+ <shortdesc lang="en">SSL connection with verifying fence device's certificate</shortdesc>
+ </parameter>
<parameter name="action" unique="0" required="1">
<getopt mixed="-o, --action=[action]" />
<content type="string" default="reboot" />
@@ -54,6 +59,11 @@
<content type="boolean" default="1" />
<shortdesc lang="en">SSL connection</shortdesc>
</parameter>
+ <parameter name="ssl_insecure" unique="0" required="0">
+ <getopt mixed="--ssl-insecure" />
+ <content type="boolean" />
+ <shortdesc lang="en">SSL connection without verifying fence device's certificate</shortdesc>
+ </parameter>
<parameter name="login" unique="0" required="1">
<getopt mixed="-l, --username=[name]" />
<content type="string" />
diff --git a/tests/data/metadata/fence_rhevm.xml b/tests/data/metadata/fence_rhevm.xml
index a47f025..c9d6eeb 100644
--- a/tests/data/metadata/fence_rhevm.xml
+++ b/tests/data/metadata/fence_rhevm.xml
@@ -13,6 +13,11 @@
<content type="boolean" />
<shortdesc lang="en">Disable TLS negotiation</shortdesc>
</parameter>
+ <parameter name="ssl_secure" unique="0" required="0">
+ <getopt mixed="--ssl-secure" />
+ <content type="boolean" />
+ <shortdesc lang="en">SSL connection with verifying fence device's certificate</shortdesc>
+ </parameter>
<parameter name="port" unique="0" required="1">
<getopt mixed="-n, --plug=[id]" />
<content type="string" />
@@ -48,6 +53,11 @@
<content type="boolean" />
<shortdesc lang="en">SSL connection</shortdesc>
</parameter>
+ <parameter name="ssl_insecure" unique="0" required="0">
+ <getopt mixed="--ssl-insecure" />
+ <content type="boolean" />
+ <shortdesc lang="en">SSL connection without verifying fence device's certificate</shortdesc>
+ </parameter>
<parameter name="action" unique="0" required="1">
<getopt mixed="-o, --action=[action]" />
<content type="string" default="reboot" />
diff --git a/tests/data/metadata/fence_vmware_soap.xml b/tests/data/metadata/fence_vmware_soap.xml
index 97d8fc6..d0a465f 100644
--- a/tests/data/metadata/fence_vmware_soap.xml
+++ b/tests/data/metadata/fence_vmware_soap.xml
@@ -15,6 +15,11 @@ Name of virtual machine (-n / port) has to be used in inventory path format (e.g
<content type="boolean" />
<shortdesc lang="en">Disable TLS negotiation</shortdesc>
</parameter>
+ <parameter name="ssl_secure" unique="0" required="0">
+ <getopt mixed="--ssl-secure" />
+ <content type="boolean" />
+ <shortdesc lang="en">SSL connection with verifying fence device's certificate</shortdesc>
+ </parameter>
<parameter name="port" unique="0" required="1">
<getopt mixed="-n, --plug=[id]" />
<content type="string" />
@@ -50,6 +55,11 @@ Name of virtual machine (-n / port) has to be used in inventory path format (e.g
<content type="boolean" />
<shortdesc lang="en">SSL connection</shortdesc>
</parameter>
+ <parameter name="ssl_insecure" unique="0" required="0">
+ <getopt mixed="--ssl-insecure" />
+ <content type="boolean" />
+ <shortdesc lang="en">SSL connection without verifying fence device's certificate</shortdesc>
+ </parameter>
<parameter name="action" unique="0" required="1">
<getopt mixed="-o, --action=[action]" />
<content type="string" default="reboot" />
--
1.8.4.5

View File

@ -0,0 +1,171 @@
From 65ae2524836e5ba5252fdc800e6276f80fdfac57 Mon Sep 17 00:00:00 2001
From: Marek 'marx' Grac <mgrac@redhat.com>
Date: Mon, 8 Sep 2014 15:10:05 +0200
Subject: [PATCH 09/11] fence_cisco_ucs & fence_vmware_soap: Logout has to be
performed even when fencing fails
Previously, logout was not performed in the case when fence agent was aborted e.g. timeout. What could
lead to a situation when connections were not closed correctly. In the extreme case, it was not possible
to log into device at all
Resolves: rhbz#1111599
---
fence/agents/cisco_ucs/fence_cisco_ucs.py | 35 +++++++++++++++++----------
fence/agents/vmware_soap/fence_vmware_soap.py | 29 +++++++++++++---------
2 files changed, 39 insertions(+), 25 deletions(-)
diff --git a/fence/agents/cisco_ucs/fence_cisco_ucs.py b/fence/agents/cisco_ucs/fence_cisco_ucs.py
index 888d689..f411433 100644
--- a/fence/agents/cisco_ucs/fence_cisco_ucs.py
+++ b/fence/agents/cisco_ucs/fence_cisco_ucs.py
@@ -19,6 +19,8 @@ RE_STATUS = re.compile("<lsPower .*? state=\"(.*?)\"", re.IGNORECASE)
RE_GET_DN = re.compile(" dn=\"(.*?)\"", re.IGNORECASE)
RE_GET_DESC = re.compile(" descr=\"(.*?)\"", re.IGNORECASE)
+options_global = None
+
def get_power_status(conn, options):
del conn
@@ -115,27 +117,37 @@ def define_new_opts():
"default" : "",
"order" : 1}
+def logout():
+ ### Logout; we do not care about result as we will end in any case
+ try:
+ send_command(options_global, "<aaaLogout inCookie=\"" + options_global["cookie"] + "\" />",
+ int(options_global["--shell-timeout"]))
+ except Exception:
+ pass
+
def main():
+ global options_global
device_opt = ["ipaddr", "login", "passwd", "ssl", "notls", "port", "web", "suborg"]
atexit.register(atexit_handler)
+ atexit.register(logout)
define_new_opts()
- options = check_input(device_opt, process_input(device_opt))
+ options_global = check_input(device_opt, process_input(device_opt))
docs = {}
docs["shortdesc"] = "Fence agent for Cisco UCS"
docs["longdesc"] = "fence_cisco_ucs is an I/O Fencing agent which can be \
used with Cisco UCS to fence machines."
docs["vendorurl"] = "http://www.cisco.com"
- show_docs(options, docs)
+ show_docs(options_global, docs)
- run_delay(options)
+ run_delay(options_global)
### Login
try:
- res = send_command(options, "<aaaLogin inName=\"" + options["--username"] +
- "\" inPassword=\"" + options["--password"] + "\" />", int(options["--login-timeout"]))
+ res = send_command(options_global, "<aaaLogin inName=\"" + options_global["--username"] +
+ "\" inPassword=\"" + options_global["--password"] + "\" />", int(options_global["--login-timeout"]))
result = RE_COOKIE.search(res)
if result == None:
## Cookie is absenting in response
@@ -143,22 +155,19 @@ used with Cisco UCS to fence machines."
except Exception:
fail(EC_LOGIN_DENIED)
- options["cookie"] = result.group(1)
+ options_global["cookie"] = result.group(1)
##
## Modify suborg to format /suborg
- if options["--suborg"] != "":
- options["--suborg"] = "/" + options["--suborg"].lstrip("/").rstrip("/")
+ if options_global["--suborg"] != "":
+ options_global["--suborg"] = "/" + options_global["--suborg"].lstrip("/").rstrip("/")
##
## Fence operations
####
- result = fence_action(None, options, set_power_status, get_power_status, get_list)
-
- ### Logout; we do not care about result as we will end in any case
- send_command(options, "<aaaLogout inCookie=\"" + options["cookie"] + "\" />",
- int(options["--shell-timeout"]))
+ result = fence_action(None, options_global, set_power_status, get_power_status, get_list)
+ ## Logout is done every time at atexit phase
sys.exit(result)
if __name__ == "__main__":
diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py
index 3217c6b..2cea105 100644
--- a/fence/agents/vmware_soap/fence_vmware_soap.py
+++ b/fence/agents/vmware_soap/fence_vmware_soap.py
@@ -20,6 +20,9 @@ REDHAT_COPYRIGHT=""
BUILD_DATE="April, 2011"
#END_VERSION_GENERATION
+options_global = None
+conn_global = None
+
class RequestsTransport(HttpAuthenticated):
def __init__(self, **kwargs):
self.cert = kwargs.pop('cert', None)
@@ -203,12 +206,21 @@ def set_power_status(conn, options):
def remove_tmp_dir(tmp_dir):
shutil.rmtree(tmp_dir)
+def logout():
+ try:
+ conn_global.service.Logout(options_global["mo_SessionManager"])
+ except Exception:
+ pass
+
def main():
+ global options_global
+ global conn_global
device_opt = ["ipaddr", "login", "passwd", "web", "ssl", "notls", "port"]
atexit.register(atexit_handler)
+ atexit.register(logout)
- options = check_input(device_opt, process_input(device_opt))
+ options_global = check_input(device_opt, process_input(device_opt))
##
## Fence agent specific defaults
@@ -224,7 +236,7 @@ format (e.g. /datacenter/vm/Discovered virtual machine/myMachine). \
In the cases when name of yours VM is unique you can use it instead. \
Alternatively you can always use UUID to access virtual machine."
docs["vendorurl"] = "http://www.vmware.com"
- show_docs(options, docs)
+ show_docs(options_global, docs)
logging.basicConfig(level=logging.INFO)
logging.getLogger('suds.client').setLevel(logging.CRITICAL)
@@ -234,18 +246,11 @@ Alternatively you can always use UUID to access virtual machine."
##
## Operate the fencing device
####
- conn = soap_login(options)
+ conn_global = soap_login(options_global)
- result = fence_action(conn, options, set_power_status, get_power_status, get_power_status)
-
- ##
- ## Logout from system
- #####
- try:
- conn.service.Logout(options["mo_SessionManager"])
- except Exception:
- pass
+ result = fence_action(conn_global, options_global, set_power_status, get_power_status, get_power_status)
+ ## Logout from system is done automatically via atexit()
sys.exit(result)
if __name__ == "__main__":
--
1.8.4.5

View File

@ -0,0 +1,62 @@
From 0595f0fd88f395041059b85b37ba846e766a5ed3 Mon Sep 17 00:00:00 2001
From: Marek 'marx' Grac <mgrac@redhat.com>
Date: Fri, 12 Sep 2014 21:02:59 +0200
Subject: [PATCH 10/11] fence_zvm: Fixes for better upstream inclusion
---
fence/agents/zvm/Makefile.am | 7 +++++++
fence/agents/zvm/fence_zvm.c | 1 +
fence/agents/zvm/fence_zvmip.c | 1 +
3 files changed, 9 insertions(+)
diff --git a/fence/agents/zvm/Makefile.am b/fence/agents/zvm/Makefile.am
index 2439985..62eb862 100644
--- a/fence/agents/zvm/Makefile.am
+++ b/fence/agents/zvm/Makefile.am
@@ -1,5 +1,7 @@
MAINTAINERCLEANFILES = Makefile.in
+TARGET = fence_zvmip
+
sbin_PROGRAMS = fence_zvm fence_zvmip
noinst_HEADERS = fence_zvm.h
@@ -12,6 +14,11 @@ fence_zvmip_CFLAGS = -D_GNU_SOURCE
dist_man_MANS = fence_zvm.8 fence_zvmip.8
+#include $(top_srcdir)/make/fencemanc.mk
+
+clean-local:
+ rm -f $(sbin_PROGRAMS)
+
FENCE_TEST_ARGS = -n test -a test -p test -u test
include $(top_srcdir)/make/agentccheck.mk
diff --git a/fence/agents/zvm/fence_zvm.c b/fence/agents/zvm/fence_zvm.c
index 2ec4be9..e5a7c2b 100644
--- a/fence/agents/zvm/fence_zvm.c
+++ b/fence/agents/zvm/fence_zvm.c
@@ -599,6 +599,7 @@ zvm_metadata()
fprintf (stdout, "<longdesc>");
fprintf (stdout, "The fence_zvm agent is intended to be used with with z/VM SMAPI service.");
fprintf (stdout, "</longdesc>\n");
+ fprintf (stdout, "<vendor-url>http://www.ibm.com</vendor-url>\n");
fprintf (stdout, "<parameters>\n");
diff --git a/fence/agents/zvm/fence_zvmip.c b/fence/agents/zvm/fence_zvmip.c
index 94c9e2e..3342bc6 100644
--- a/fence/agents/zvm/fence_zvmip.c
+++ b/fence/agents/zvm/fence_zvmip.c
@@ -804,6 +804,7 @@ zvm_metadata()
fprintf (stdout, "<longdesc>");
fprintf (stdout, "The fence_zvm agent is intended to be used with with z/VM SMAPI service via TCP/IP");
fprintf (stdout, "</longdesc>\n");
+ fprintf (stdout, "<vendor-url>http://www.ibm.com</vendor-url>\n");
fprintf (stdout, "<parameters>\n");
--
1.8.4.5

View File

@ -0,0 +1,234 @@
From 5d8e167cb54051ff95fcc8ac3e87d2c63209748a Mon Sep 17 00:00:00 2001
From: Marek 'marx' Grac <mgrac@redhat.com>
Date: Mon, 15 Sep 2014 15:05:25 +0200
Subject: [PATCH 11/11] fence_zvm: Add support for 'on', improve documentation
Author: Neale Ferguson
---
fence/agents/zvm/fence_zvm.8 | 2 +-
fence/agents/zvm/fence_zvm.c | 38 +++++++++++++++++++++-----------------
fence/agents/zvm/fence_zvmip.8 | 2 +-
fence/agents/zvm/fence_zvmip.c | 38 +++++++++++++++++++++-----------------
4 files changed, 44 insertions(+), 36 deletions(-)
diff --git a/fence/agents/zvm/fence_zvm.8 b/fence/agents/zvm/fence_zvm.8
index 359436e..8c0d35a 100644
--- a/fence/agents/zvm/fence_zvm.8
+++ b/fence/agents/zvm/fence_zvm.8
@@ -52,7 +52,7 @@ forcibly terminated. Currently, this option is ignored.
This option is used by fence_node(8) and is ignored by fence_zvm.
.TP
\fIaction = < action >\fP
-Fencing action: "off" - fence off device; "metadata" - display device metadata; "status" - state of device
+Fencing action: "off" - deactivate virtual machine; "on" - activate virtual machine; "metadata" - display device metadata" - describe fence agent parameters; "status" - state of virtual machine
.TP
\fIport = < target >\fP
Name of virtual machine to recycle.
diff --git a/fence/agents/zvm/fence_zvm.c b/fence/agents/zvm/fence_zvm.c
index e5a7c2b..524e21e 100644
--- a/fence/agents/zvm/fence_zvm.c
+++ b/fence/agents/zvm/fence_zvm.c
@@ -699,15 +699,15 @@ get_options_stdin (zvm_driver_t *zvm)
if (!strcasecmp (opt, "action")) {
if (strcasecmp(arg, "off") == 0) {
- fence = 0;
+ fence = 1;
} else if (strcasecmp(arg, "on") == 0) {
- fence = 1;
+ fence = 2;
} else if (strcasecmp(arg, "metadata") == 0) {
- fence = 2;
+ fence = 3;
} else if (strcasecmp(arg, "status") == 0) {
- fence = 3;
- } else {
fence = 4;
+ } else {
+ fence = 5;
}
} else if (!strcasecmp (opt, "ipaddr")) {
lSrvName = MIN(strlen(arg), sizeof(zvm->smapiSrv));
@@ -738,7 +738,7 @@ get_options_stdin (zvm_driver_t *zvm)
zvm->delay = DEFAULT_DELAY;
}
} else if (!strcasecmp (opt, "help")) {
- fence = 4;
+ fence = 5;
}
}
return(fence);
@@ -769,15 +769,15 @@ get_options(int argc, char **argv, zvm_driver_t *zvm)
break;
case 'o' :
if (strcasecmp(optarg, "off") == 0) {
- fence = 0;
+ fence = 1;
} else if (strcasecmp(optarg, "on") == 0) {
- fence = 1;
+ fence = 2;
} else if (strcasecmp(optarg, "metadata") == 0) {
- fence = 2;
+ fence = 3;
} else if (strcasecmp(optarg, "status") == 0) {
- fence = 3;
- } else {
fence = 4;
+ } else {
+ fence = 5;
}
break;
case 'a' :
@@ -807,7 +807,7 @@ get_options(int argc, char **argv, zvm_driver_t *zvm)
memcpy(zvm->node, optarg, lSrvNode);
break;
default :
- fence = 4;
+ fence = 5;
}
}
return(fence);
@@ -874,22 +874,26 @@ main(int argc, char **argv)
fence = get_options_stdin(&zvm);
switch(fence) {
- case 0 : // OFF
+ case 0 : // OFFON
+ if ((rc = check_parm(&zvm)) == 0)
+ rc = zvm_smapi_imageRecycle(&zvm);
+ break;
+ case 1 : // OFF
if ((rc = check_parm(&zvm)) == 0)
rc = zvm_smapi_imageDeactivate(&zvm);
break;
- case 1 : // ON
+ case 2 : // ON
if ((rc = check_parm(&zvm)) == 0)
rc = zvm_smapi_imageActivate(&zvm);
break;
- case 2 : // METADATA
+ case 3 : // METADATA
rc = zvm_metadata();
break;
- case 3 : // STATUS
+ case 4 : // STATUS
if ((rc = check_parm(&zvm)) == 0)
rc = zvm_smapi_imageQuery(&zvm);
break;
- case 4 :
+ case 5 :
rc = usage();
}
closelog();
diff --git a/fence/agents/zvm/fence_zvmip.8 b/fence/agents/zvm/fence_zvmip.8
index 8217d61..6b01425 100644
--- a/fence/agents/zvm/fence_zvmip.8
+++ b/fence/agents/zvm/fence_zvmip.8
@@ -55,7 +55,7 @@ Display usage information
This option is used by fence_node(8) and is ignored by fence_zvmip.
.TP
\fIaction = < action >\fP
-Fencing action: "off" - fence off device; "metadata" - display device metadata; "status" - state of device
+Fencing action: "off" - deactivate virtual machine; "on" - activate virtual machine; "metadata" - display device metadata" - describe fence agent parameters; "status" - state of virtual machine
.TP
\fIplug = < plug >\fP
Name of virtual machine to recycle.
diff --git a/fence/agents/zvm/fence_zvmip.c b/fence/agents/zvm/fence_zvmip.c
index 3342bc6..bd7c536 100644
--- a/fence/agents/zvm/fence_zvmip.c
+++ b/fence/agents/zvm/fence_zvmip.c
@@ -677,15 +677,15 @@ get_options_stdin (zvm_driver_t *zvm)
if (!strcasecmp (opt, "action")) {
if (strcasecmp(arg, "off") == 0) {
- fence = 0;
+ fence = 1;
} else if (strcasecmp(arg, "on") == 0) {
- fence = 1;
+ fence = 2;
} else if (strcasecmp(arg, "metadata") == 0) {
- fence = 2;
+ fence = 3;
} else if (strcasecmp(arg, "status") == 0) {
- fence = 3;
- } else {
fence = 4;
+ } else {
+ fence = 5;
}
} else if (!strcasecmp (opt, "ipaddr")) {
lSrvName = MIN(strlen(arg), sizeof(zvm->smapiSrv)-1);
@@ -712,7 +712,7 @@ get_options_stdin (zvm_driver_t *zvm)
zvm->timeOut = DEFAULT_TIMEOUT;
}
} else if (!strcasecmp (opt, "help")) {
- fence = 2;
+ fence = 5;
}
}
return(fence);
@@ -746,15 +746,15 @@ get_options(int argc, char **argv, zvm_driver_t *zvm)
break;
case 'o' :
if (strcasecmp(optarg, "off") == 0) {
- fence = 0;
+ fence = 1;
} else if (strcasecmp(optarg, "on") == 0) {
- fence = 1;
+ fence = 2;
} else if (strcasecmp(optarg, "metadata") == 0) {
- fence = 2;
+ fence = 3;
} else if (strcasecmp(optarg, "status") == 0) {
- fence = 3;
- } else {
fence = 4;
+ } else {
+ fence = 5;
}
break;
case 'p' :
@@ -784,7 +784,7 @@ get_options(int argc, char **argv, zvm_driver_t *zvm)
}
break;
default :
- fence = 4;
+ fence = 5;
}
}
return(fence);
@@ -944,22 +944,26 @@ main(int argc, char **argv)
fence = get_options_stdin(&zvm);
switch(fence) {
- case 0 : // OFF
+ case 0 : // OFFON
+ if ((rc = check_parm(&zvm)) == 0)
+ rc = zvm_smapi_imageRecycle(&zvm);
+ break;
+ case 1 : // OFF
if ((rc = check_parm(&zvm)) == 0)
rc = zvm_smapi_imageDeactivate(&zvm);
break;
- case 1 : // ON
+ case 2 : // ON
if ((rc = check_parm(&zvm)) == 0)
rc = zvm_smapi_imageActivate(&zvm);
break;
- case 2 : // METADATA
+ case 3 : // METADATA
rc = zvm_metadata();
break;
- case 3 : // STATUS
+ case 4 : // STATUS
if ((rc = check_parm(&zvm)) == 0)
rc = zvm_smapi_imageQuery(&zvm);
break;
- case 4 :
+ case 5 :
rc = usage();
}
closelog();
--
1.8.4.5

View File

@ -1,3 +1,34 @@
-------------------------------------------------------------------
Tue Sep 16 07:15:30 UTC 2014 - kgronlund@suse.com
- Backport fixes from upstream (bnc#896833):
- fence_brocade: Add support for 'list' action
- fencing: Monitor is not working correctly without 'list' or 'status'
- fence_apc_snmp: Add support for firmware 6.x
- fence_zvm: Add support for "on" and "status"
- fence_zvm: Add current XML metadata to test suite
- [build] Fix automake files, so 'make distcheck' works
- fencing: Add new options --ssl-secure and --ssl-insecure
- [tests] Update XML metadata of fence agents
- fence_cisco_ucs & fence_vmware_soap: Logout has to be performed even when fencing fails
- fence_zvm: Fixes for better upstream inclusion
- fence_zvm: Add support for 'on', improve documentation
- Added patches:
- 0001-fence_brocade-Add-support-for-list-action.patch
- 0002-fencing-Monitor-is-not-working-correctly-without-lis.patch
- 0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch
- 0004-fence_zvm-Add-support-for-on-and-status.patch
- 0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch
- 0006-build-Fix-automake-files-so-make-distcheck-works.patch
- 0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch
- 0008-tests-Update-XML-metadata-of-fence-agents.patch
- 0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch
- 0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch
- 0011-fence_zvm-Add-support-for-on-improve-documentation.patch
- Add dependency on python-requests
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jul 1 12:32:09 UTC 2014 - kgronlund@suse.com Tue Jul 1 12:32:09 UTC 2014 - kgronlund@suse.com

View File

@ -26,9 +26,34 @@ Version: 4.0.10
Release: 0 Release: 0
Url: http://git.fedorahosted.org/git/fence-agents.git Url: http://git.fedorahosted.org/git/fence-agents.git
Source0: %{name}-%{version}.tar.xz Source0: %{name}-%{version}.tar.xz
# PATCH-FIX-UPSTREAM: fence_brocade: Add support for 'list' action
Patch1: 0001-fence_brocade-Add-support-for-list-action.patch
# PATCH-FIX-UPSTREAM: fencing: Monitor is not working correctly without 'list' or 'status'
Patch2: 0002-fencing-Monitor-is-not-working-correctly-without-lis.patch
# PATCH-FIX-UPSTREAM: fence_apc_snmp: Add support for firmware 6.x
Patch3: 0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch
# PATCH-FIX-UPSTREAM: fence_zvm: Add support for "on" and "status"
Patch4: 0004-fence_zvm-Add-support-for-on-and-status.patch
# PATCH-FIX-UPSTREAM: fence_zvm: Add current XML metadata to test suite
Patch5: 0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch
# PATCH-FIX-UPSTREAM: [build] Fix automake files, so 'make distcheck' works
Patch6: 0006-build-Fix-automake-files-so-make-distcheck-works.patch
# PATCH-FIX-UPSTREAM: fencing: Add new options --ssl-secure and --ssl-insecure
Patch7: 0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch
# PATCH-FIX-UPSTREAM: [tests] Update XML metadata of fence agents
Patch8: 0008-tests-Update-XML-metadata-of-fence-agents.patch
# PATCH-FIX-UPSTREAM: fence_cisco_ucs & fence_vmware_soap: Logout has to be performed even when fencing fails
Patch9: 0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch
# PATCH-FIX-UPSTREAM: fence_zvm: Fixes for better upstream inclusion
Patch10: 0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch
# PATCH-FIX-UPSTREAM: fence_zvm: Add support for 'on', improve documentation
Patch11: 0011-fence_zvm-Add-support-for-on-improve-documentation.patch
Requires: python-curl Requires: python-curl
Requires: python-openssl Requires: python-openssl
Requires: python-pexpect Requires: python-pexpect
Requires: python-requests
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: autoconf BuildRequires: autoconf
@ -45,6 +70,7 @@ BuildRequires: pkg-config
BuildRequires: python BuildRequires: python
BuildRequires: python-curl BuildRequires: python-curl
BuildRequires: python-pexpect BuildRequires: python-pexpect
BuildRequires: python-requests
BuildRequires: python-suds BuildRequires: python-suds
BuildRequires: python-xml BuildRequires: python-xml
BuildRequires: xz BuildRequires: xz
@ -151,6 +177,17 @@ Authors:
%prep %prep
%setup -q -n %{name}-%{version} %setup -q -n %{name}-%{version}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%build %build
CFLAGS="${CFLAGS} ${RPM_OPT_FLAGS}" CFLAGS="${CFLAGS} ${RPM_OPT_FLAGS}"