diff --git a/RHEL-56138-fence_mpath-1-support-hex-key-format.patch b/RHEL-56138-fence_mpath-1-support-hex-key-format.patch new file mode 100644 index 0000000000000000000000000000000000000000..0b2cd5a073a8fcf96f8801f7ad7227cdb2486ada --- /dev/null +++ b/RHEL-56138-fence_mpath-1-support-hex-key-format.patch @@ -0,0 +1,10 @@ +--- a/agents/mpath/fence_mpath.py 2024-10-09 14:56:07.688665678 +0200 ++++ b/agents/mpath/fence_mpath.py 2024-10-09 14:56:12.639780798 +0200 +@@ -323,6 +323,7 @@ + fail_usage("Failed: No devices found") + + options["devices"] = [d for d in re.split("\s*,\s*|\s+", options["--devices"].strip()) if d] ++ options["--plug"] = re.sub(r"^0x0*|^0+", "", options["--plug"]) + # Input control END + + result = fence_action(None, options, set_status, get_status) diff --git a/RHEL-56138-fence_mpath-2-fix-unfencing-issue-use-MULTILINE-avoid-duplicates.patch b/RHEL-56138-fence_mpath-2-fix-unfencing-issue-use-MULTILINE-avoid-duplicates.patch new file mode 100644 index 0000000000000000000000000000000000000000..051fa1d9e6f6de23394ff5c17950a80257d1af3d --- /dev/null +++ b/RHEL-56138-fence_mpath-2-fix-unfencing-issue-use-MULTILINE-avoid-duplicates.patch @@ -0,0 +1,44 @@ +From 99c5c3289b23064441f998949808a0b3569c2e3b Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 10 Oct 2024 09:55:16 +0200 +Subject: [PATCH] fence_mpath: fix 0x-format patch causing unfencing issue, and + use re.MULTILINE to avoid duplicating device dev/key lines in + /run/cluster/mpath.devices + +--- + agents/mpath/fence_mpath.py | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/agents/mpath/fence_mpath.py b/agents/mpath/fence_mpath.py +index 2d8601497..2a4a58b36 100644 +--- a/agents/mpath/fence_mpath.py ++++ b/agents/mpath/fence_mpath.py +@@ -40,7 +40,7 @@ def set_status(conn, options): + if options["--plug"] not in get_registration_keys(options, dev): + count += 1 + logging.debug("Failed to register key "\ +- + options["--plug"] + "on device " + dev + "\n") ++ + options["--plug"] + " on device " + dev + "\n") + continue + dev_write(options, dev) + +@@ -147,8 +147,9 @@ def dev_write(options, dev): + store_fh = open(file_path, "a+") + except IOError: + fail_usage("Failed: Cannot open file \""+ file_path + "\"") ++ store_fh.seek(0) + out = store_fh.read() +- if not re.search(r"^" + dev + r"\s+", out): ++ if not re.search(r"^{}\s+{}$".format(dev, options["--plug"]), out, flags=re.MULTILINE): + store_fh.write(dev + "\t" + options["--plug"] + "\n") + store_fh.close() + +@@ -332,7 +333,7 @@ def main(): + fail_usage("Failed: No devices found") + + options["devices"] = [d for d in re.split("\s*,\s*|\s+", options["--devices"].strip()) if d] +- options["--plug"] = re.sub(r"^0x0*|^0+", "", options["--plug"]) ++ options["--plug"] = re.sub(r"^0x0*|^0+", "", options.get("--plug", "")) + # Input control END + + result = fence_action(None, options, set_status, get_status) diff --git a/RHEL-59882-fence_scsi-only-preempt-once-for-mpath-devices.patch b/RHEL-59878-fence_scsi-only-preempt-once-for-mpath-devices.patch similarity index 100% rename from RHEL-59882-fence_scsi-only-preempt-once-for-mpath-devices.patch rename to RHEL-59878-fence_scsi-only-preempt-once-for-mpath-devices.patch diff --git a/RHEL-62206-fence_ibm_powervs-add-private-endpoint-and-token-file-support.patch b/RHEL-62206-fence_ibm_powervs-add-private-endpoint-and-token-file-support.patch new file mode 100644 index 0000000000000000000000000000000000000000..af3ea5f781201e89fefbc951b2247da265e95ad5 --- /dev/null +++ b/RHEL-62206-fence_ibm_powervs-add-private-endpoint-and-token-file-support.patch @@ -0,0 +1,120 @@ +--- a/agents/ibm_powervs/fence_ibm_powervs.py 2024-10-18 10:30:40.651200620 +0200 ++++ b/agents/ibm_powervs/fence_ibm_powervs.py 2024-10-18 10:30:35.157070713 +0200 +@@ -1,13 +1,14 @@ + #!@PYTHON@ -tt + + import sys +-import pycurl, io, json ++import pycurl ++import io ++import json + import logging + import atexit +-import time ++ + sys.path.append("@FENCEAGENTSLIBDIR@") +-from fencing import * +-from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS ++from fencing import all_opt, atexit_handler, check_input, process_input, show_docs, fence_action, fail, run_delay, EC_STATUS + + state = { + "ACTIVE": "on", +@@ -18,15 +19,35 @@ + } + + def get_token(conn, options): +- try: +- command = "identity/token" +- action = "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey={}".format(options["--token"]) +- res = send_command(conn, command, "POST", action, printResult=False) +- except Exception as e: +- logging.debug("Failed: {}".format(e)) +- return "TOKEN_IS_MISSING_OR_WRONG" +- +- return res["access_token"] ++ try: ++ if options["--token"][0] == '@': ++ key_file = options["--token"][1:] ++ try: ++ # read the API key from a file ++ with open(key_file, "r") as f: ++ try: ++ keys = json.loads(f.read()) ++ # data seems to be in json format ++ # return the value of the item with the key 'Apikey' ++ api_key = keys.get("Apikey", "") ++ if not api_key: ++ # backward compatibility: former key name was 'apikey' ++ api_key = keys.get("apikey", "") ++ # data is text, return as is ++ except ValueError: ++ api_key = f.read().strip() ++ except FileNotFoundError: ++ logging.debug("Failed: Cannot open file {}".format(key_file)) ++ return "TOKEN_IS_MISSING_OR_WRONG" ++ else: ++ api_key = options["--token"] ++ command = "identity/token" ++ action = "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey={}".format(api_key) ++ res = send_command(conn, command, "POST", action, printResult=False) ++ except Exception as e: ++ logging.debug("Failed: {}".format(e)) ++ return "TOKEN_IS_MISSING_OR_WRONG" ++ return res["access_token"] + + def get_list(conn, options): + outlets = {} +@@ -41,7 +62,7 @@ + for r in res["pvmInstances"]: + if options["--verbose-level"] > 1: + logging.debug(json.dumps(r, indent=2)) +- outlets[r["pvmInstanceID"]] = (r["serverName"], state[r["status"]]) ++ outlets[r["pvmInstanceID"]] = (r["serverName"], state.get(r["status"], "unknown")) + + return outlets + +@@ -97,7 +118,7 @@ + else: + logging.debug("Failed: Unable to cycle with {} for {}".format(options["--action"], e)) + fail(EC_STATUS) +- return True ++ return True + + def connect(opt, token): + conn = pycurl.Curl() +@@ -130,7 +151,10 @@ + conn = pycurl.Curl() + + # setup correct URL +- conn.base_url = "https://iam.cloud.ibm.com/" ++ if opt["--api-type"] == "private": ++ conn.base_url = "https://private.iam.cloud.ibm.com/" ++ else: ++ conn.base_url = "https://iam.cloud.ibm.com/" + + if opt["--verbose-level"] > 1: + conn.setopt(pycurl.VERBOSE, 1) +@@ -265,9 +289,9 @@ + define_new_opts() + + all_opt["shell_timeout"]["default"] = "500" +- all_opt["power_timeout"]["default"] = "30" +- all_opt["power_wait"]["default"] = "1" +- all_opt["stonith_status_sleep"]["default"] = "2" ++ all_opt["power_timeout"]["default"] = "120" ++ all_opt["power_wait"]["default"] = "15" ++ all_opt["stonith_status_sleep"]["default"] = "10" + all_opt["api-type"]["default"] = "private" + all_opt["proxy"]["default"] = "" + +@@ -275,8 +299,8 @@ + + docs = {} + docs["shortdesc"] = "Fence agent for IBM PowerVS" +- docs["longdesc"] = """fence_ibm_powervs is a Power Fencing agent which can be \ +-used with IBM PowerVS to fence virtual machines.""" ++ docs["longdesc"] = """fence_ibm_powervs is a power fencing agent for \ ++IBM Power Virtual Server (IBM PowerVS) to fence virtual server instances.""" + docs["vendorurl"] = "https://www.ibm.com" + show_docs(options, docs) + diff --git a/RHEL-76493-fence_azure_arm-use-azure-identity.patch b/RHEL-76493-fence_azure_arm-use-azure-identity.patch new file mode 100644 index 0000000000000000000000000000000000000000..081d1cd1a2a7aaab5f3bb06d2066f4ab761d9fc9 --- /dev/null +++ b/RHEL-76493-fence_azure_arm-use-azure-identity.patch @@ -0,0 +1,472 @@ +--- a/lib/azure_fence.py.py 2025-01-30 14:59:48.211366580 +0100 ++++ b/lib/azure_fence.py.py 2025-01-30 12:06:10.847889534 +0100 +@@ -1,9 +1,6 @@ + import logging, re, time + from fencing import fail_usage + +-import sys +-sys.path.insert(0, '/usr/lib/fence-agents/support/azure') +- + FENCE_SUBNET_NAME = "fence-subnet" + FENCE_INBOUND_RULE_NAME = "FENCE_DENY_ALL_INBOUND" + FENCE_INBOUND_RULE_DIRECTION = "Inbound" +@@ -17,6 +14,9 @@ + IP_TYPE_DYNAMIC = "Dynamic" + MAX_RETRY = 10 + RETRY_WAIT = 5 ++NETWORK_MGMT_CLIENT_API_VERSION = "2021-05-01" ++AZURE_RHEL8_COMPUTE_VERSION = "27.2.0" ++AZURE_COMPUTE_VERSION_5 = "5.0.0" + + class AzureSubResource: + Type = None +@@ -52,7 +52,7 @@ + return None + + def get_azure_resource(id): +- match = re.match('(/subscriptions/([^/]*)/resourceGroups/([^/]*))(/providers/([^/]*/[^/]*)/([^/]*))?((/([^/]*)/([^/]*))*)', id) ++ match = re.match(r'(/subscriptions/([^/]*)/resourceGroups/([^/]*))(/providers/([^/]*/[^/]*)/([^/]*))?((/([^/]*)/([^/]*))*)', id) + if not match: + fail_usage("{get_azure_resource} cannot parse resource id %s" % id) + +@@ -89,6 +89,59 @@ + + return resource + ++def azure_dep_versions(v): ++ return tuple(map(int, (v.split(".")))) ++ ++# Do azure API call to list all virtual machines in a resource group ++def get_vm_list(compute_client,rgName): ++ return compute_client.virtual_machines.list(rgName) ++ ++# Do azue API call to shutdown a virtual machine ++def do_vm_power_off(compute_client,rgName,vmName, skipShutdown): ++ try: ++ # Version is not available in azure-mgmt-compute version 14.0.0 until 27.2.0 ++ from azure.mgmt.compute import __version__ ++ except ImportError: ++ __version__ = "0.0.0" ++ ++ # use different implementation call based on used version ++ if (azure_dep_versions(__version__) == azure_dep_versions(AZURE_COMPUTE_VERSION_5)): ++ logging.debug("{do_vm_power_off} azure.mgtm.compute version is to old to use 'begin_power_off' use 'power_off' function") ++ compute_client.virtual_machines.power_off(rgName, vmName, skip_shutdown=skipShutdown) ++ return ++ ++ compute_client.virtual_machines.begin_power_off(rgName, vmName, skip_shutdown=skipShutdown) ++ ++# Do azure API call to start a virtual machine ++def do_vm_start(compute_client,rgName,vmName): ++ try: ++ # Version is not available in azure-mgmt-compute version 14.0.0 until 27.2.0 ++ from azure.mgmt.compute import __version__ ++ except ImportError: ++ __version__ = "0.0.0" ++ ++ # use different implementation call based on used version ++ if (azure_dep_versions(__version__) == azure_dep_versions(AZURE_COMPUTE_VERSION_5)): ++ logging.debug("{do_vm_start} azure.mgtm.compute version is to old to use 'begin_start' use 'start' function") ++ compute_client.virtual_machines.start(rgName, vmName) ++ return ++ ++ compute_client.virtual_machines.begin_start(rgName, vmName) ++ ++def get_vm_resource(compute_client, rgName, vmName): ++ try: ++ # Version is not available in azure-mgmt-compute version 14.0.0 until 27.2.0 ++ from azure.mgmt.compute import __version__ ++ except ImportError: ++ __version__ = "0.0.0" ++ ++ # use different implementation call based on used version ++ if (azure_dep_versions(__version__) <= azure_dep_versions(AZURE_RHEL8_COMPUTE_VERSION)): ++ return compute_client.virtual_machines.get(rgName, vmName, "instanceView") ++ ++ return compute_client.virtual_machines.get(resource_group_name=rgName, vm_name=vmName,expand="instanceView") ++ ++ + def get_fence_subnet_for_config(ipConfig, network_client): + subnetResource = get_azure_resource(ipConfig.subnet.id) + logging.debug("{get_fence_subnet_for_config} testing virtual network %s in resource group %s for a fence subnet" %(subnetResource.ResourceName, subnetResource.ResourceGroupName)) +@@ -155,7 +208,7 @@ + result = FENCE_STATE_ON + + try: +- vm = compute_client.virtual_machines.get(rgName, vmName, "instanceView") ++ vm = get_vm_resource(compute_client, rgName, vmName) + + allNICOK = True + for nicRef in vm.network_profile.network_interfaces: +@@ -182,7 +235,7 @@ + import msrestazure.azure_exceptions + logging.info("{set_network_state} Setting state %s for %s in resource group %s" % (operation, vmName, rgName)) + +- vm = compute_client.virtual_machines.get(rgName, vmName, "instanceView") ++ vm = get_vm_resource(compute_client,rgName, vmName) + + operations = [] + for nicRef in vm.network_profile.network_interfaces: +@@ -271,10 +324,72 @@ + + return config + ++# Function to fetch endpoints from metadata endpoint for azure_stack ++def get_cloud_from_arm_metadata_endpoint(arm_endpoint): ++ try: ++ import requests ++ session = requests.Session() ++ metadata_endpoint = arm_endpoint + "/metadata/endpoints?api-version=2015-01-01" ++ response = session.get(metadata_endpoint) ++ if response.status_code == 200: ++ metadata = response.json() ++ return { ++ "resource_manager": arm_endpoint, ++ "credential_scopes": [metadata.get("graphEndpoint") + "/.default"], ++ "authority_hosts": metadata['authentication'].get('loginEndpoint').replace("https://","") ++ } ++ else: ++ fail_usage("Failed to get cloud from metadata endpoint: %s - %s" % arm_endpoint, e) ++ except Exception as e: ++ fail_usage("Failed to get cloud from metadata endpoint: %s - %s" % arm_endpoint, e) ++ ++def get_azure_arm_endpoints(cloudName, authority): ++ cloudEnvironment = { ++ "authority_hosts": authority ++ } ++ ++ if cloudName == "AZURE_CHINA_CLOUD": ++ cloudEnvironment["resource_manager"] = "https://management.chinacloudapi.cn/" ++ cloudEnvironment["credential_scopes"] = ["https://management.chinacloudapi.cn/.default"] ++ return cloudEnvironment ++ ++ if cloudName == "AZURE_US_GOV_CLOUD": ++ cloudEnvironment["resource_manager"] = "https://management.usgovcloudapi.net/" ++ cloudEnvironment["credential_scopes"] = ["https://management.core.usgovcloudapi.net/.default"] ++ return cloudEnvironment ++ ++ if cloudName == "AZURE_PUBLIC_CLOUD": ++ cloudEnvironment["resource_manager"] = "https://management.azure.com/" ++ cloudEnvironment["credential_scopes"] = ["https://management.azure.com/.default"] ++ return cloudEnvironment ++ ++ + def get_azure_cloud_environment(config): +- cloud_environment = None +- if config.Cloud: ++ if (config.Cloud is None): ++ config.Cloud = "public" ++ ++ try: ++ from azure.identity import AzureAuthorityHosts ++ ++ azureCloudName = "AZURE_PUBLIC_CLOUD" ++ authorityHosts = AzureAuthorityHosts.AZURE_PUBLIC_CLOUD + if (config.Cloud.lower() == "china"): ++ azureCloudName = "AZURE_CHINA_CLOUD" ++ authorityHosts = AzureAuthorityHosts.AZURE_CHINA ++ elif (config.Cloud.lower() == "usgov"): ++ azureCloudName = "AZURE_US_GOV_CLOUD" ++ authorityHosts = AzureAuthorityHosts.AZURE_GOVERNMENT ++ elif (config.Cloud.lower() == "stack"): ++ # use custom function to call the azuer stack metadata endpoint to get required configuration. ++ return get_cloud_from_arm_metadata_endpoint(config.MetadataEndpoint) ++ ++ return get_azure_arm_endpoints(azureCloudName, authorityHosts) ++ ++ except ImportError: ++ if (config.Cloud.lower() == "public"): ++ from msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD ++ cloud_environment = AZURE_PUBLIC_CLOUD ++ elif (config.Cloud.lower() == "china"): + from msrestazure.azure_cloud import AZURE_CHINA_CLOUD + cloud_environment = AZURE_CHINA_CLOUD + elif (config.Cloud.lower() == "germany"): +@@ -287,61 +402,44 @@ + from msrestazure.azure_cloud import get_cloud_from_metadata_endpoint + cloud_environment = get_cloud_from_metadata_endpoint(config.MetadataEndpoint) + +- return cloud_environment ++ authority_hosts = cloud_environment.endpoints.active_directory.replace("http://","") ++ return { ++ "resource_manager": cloud_environment.endpoints.resource_manager, ++ "credential_scopes": [cloud_environment.endpoints.active_directory_resource_id + "/.default"], ++ "authority_hosts": authority_hosts, ++ "cloud_environment": cloud_environment, ++ } + + def get_azure_credentials(config): + credentials = None + cloud_environment = get_azure_cloud_environment(config) +- if config.UseMSI and cloud_environment: +- try: +- from azure.identity import ManagedIdentityCredential +- credentials = ManagedIdentityCredential(cloud_environment=cloud_environment) +- except ImportError: +- from msrestazure.azure_active_directory import MSIAuthentication +- credentials = MSIAuthentication(cloud_environment=cloud_environment) +- elif config.UseMSI: ++ if config.UseMSI: + try: + from azure.identity import ManagedIdentityCredential +- credentials = ManagedIdentityCredential() ++ credentials = ManagedIdentityCredential(authority=cloud_environment["authority_hosts"]) + except ImportError: + from msrestazure.azure_active_directory import MSIAuthentication +- credentials = MSIAuthentication() +- elif cloud_environment: +- try: +- # try to use new libraries ClientSecretCredential (azure.identity, based on azure.core) +- from azure.identity import ClientSecretCredential +- credentials = ClientSecretCredential( +- client_id = config.ApplicationId, +- client_secret = config.ApplicationKey, +- tenant_id = config.Tenantid, +- cloud_environment=cloud_environment +- ) +- except ImportError: +- # use old libraries ServicePrincipalCredentials (azure.common) if new one is not available +- from azure.common.credentials import ServicePrincipalCredentials +- credentials = ServicePrincipalCredentials( +- client_id = config.ApplicationId, +- secret = config.ApplicationKey, +- tenant = config.Tenantid, +- cloud_environment=cloud_environment +- ) +- else: +- try: +- # try to use new libraries ClientSecretCredential (azure.identity, based on azure.core) +- from azure.identity import ClientSecretCredential +- credentials = ClientSecretCredential( +- client_id = config.ApplicationId, +- client_secret = config.ApplicationKey, +- tenant_id = config.Tenantid +- ) +- except ImportError: +- # use old libraries ServicePrincipalCredentials (azure.common) if new one is not available +- from azure.common.credentials import ServicePrincipalCredentials +- credentials = ServicePrincipalCredentials( +- client_id = config.ApplicationId, +- secret = config.ApplicationKey, +- tenant = config.Tenantid +- ) ++ credentials = MSIAuthentication(cloud_environment=cloud_environment["cloud_environment"]) ++ return credentials ++ ++ try: ++ # try to use new libraries ClientSecretCredential (azure.identity, based on azure.core) ++ from azure.identity import ClientSecretCredential ++ credentials = ClientSecretCredential( ++ client_id = config.ApplicationId, ++ client_secret = config.ApplicationKey, ++ tenant_id = config.Tenantid, ++ authority=cloud_environment["authority_hosts"] ++ ) ++ except ImportError: ++ # use old libraries ServicePrincipalCredentials (azure.common) if new one is not available ++ from azure.common.credentials import ServicePrincipalCredentials ++ credentials = ServicePrincipalCredentials( ++ client_id = config.ApplicationId, ++ secret = config.ApplicationKey, ++ tenant = config.Tenantid, ++ cloud_environment=cloud_environment["cloud_environment"] ++ ) + + return credentials + +@@ -351,36 +449,40 @@ + cloud_environment = get_azure_cloud_environment(config) + credentials = get_azure_credentials(config) + +- if cloud_environment: +- if (config.Cloud.lower() == "stack") and not config.MetadataEndpoint: +- fail_usage("metadata-endpoint not specified") ++ # Try to read the default used api version from the installed package. ++ try: ++ compute_api_version = ComputeManagementClient.LATEST_PROFILE.get_profile_dict()["azure.mgmt.compute.ComputeManagementClient"]["virtual_machines"] ++ except Exception as e: ++ compute_api_version = ComputeManagementClient.DEFAULT_API_VERSION ++ logging.debug("{get_azure_compute_client} Failed to get the latest profile: %s using the default api version %s" % (e, compute_api_version)) + +- try: +- from azure.profiles import KnownProfiles +- if (config.Cloud.lower() == "stack"): +- client_profile = KnownProfiles.v2020_09_01_hybrid +- credential_scope = cloud_environment.endpoints.active_directory_resource_id + "/.default" +- else: +- client_profile = KnownProfiles.default +- credential_scope = cloud_environment.endpoints.resource_manager + "/.default" +- compute_client = ComputeManagementClient( +- credentials, +- config.SubscriptionId, +- base_url=cloud_environment.endpoints.resource_manager, +- profile=client_profile, +- credential_scopes=[credential_scope], +- ) +- except TypeError: +- compute_client = ComputeManagementClient( +- credentials, +- config.SubscriptionId, +- base_url=cloud_environment.endpoints.resource_manager +- ) +- else: ++ logging.debug("{get_azure_compute_client} use virtual_machine api version: %s" %(compute_api_version)) ++ ++ if (config.Cloud.lower() == "stack") and not config.MetadataEndpoint: ++ fail_usage("metadata-endpoint not specified") ++ ++ try: ++ from azure.profiles import KnownProfiles ++ if (config.Cloud.lower() == "stack"): ++ client_profile = KnownProfiles.v2020_09_01_hybrid ++ else: ++ client_profile = KnownProfiles.default + compute_client = ComputeManagementClient( + credentials, +- config.SubscriptionId ++ config.SubscriptionId, ++ base_url=cloud_environment["resource_manager"], ++ profile=client_profile, ++ credential_scopes=cloud_environment["credential_scopes"], ++ api_version=compute_api_version + ) ++ except TypeError: ++ compute_client = ComputeManagementClient( ++ credentials, ++ config.SubscriptionId, ++ base_url=cloud_environment["resource_manager"], ++ api_version=compute_api_version ++ ) ++ + return compute_client + + def get_azure_network_client(config): +@@ -389,34 +491,31 @@ + cloud_environment = get_azure_cloud_environment(config) + credentials = get_azure_credentials(config) + +- if cloud_environment: +- if (config.Cloud.lower() == "stack") and not config.MetadataEndpoint: +- fail_usage("metadata-endpoint not specified") ++ if (config.Cloud.lower() == "stack") and not config.MetadataEndpoint: ++ fail_usage("metadata-endpoint not specified") + +- try: +- from azure.profiles import KnownProfiles +- if (config.Cloud.lower() == "stack"): +- client_profile = KnownProfiles.v2020_09_01_hybrid +- credential_scope = cloud_environment.endpoints.active_directory_resource_id + "/.default" +- else: +- client_profile = KnownProfiles.default +- credential_scope = cloud_environment.endpoints.resource_manager + "/.default" +- network_client = NetworkManagementClient( +- credentials, +- config.SubscriptionId, +- base_url=cloud_environment.endpoints.resource_manager, +- profile=client_profile, +- credential_scopes=[credential_scope], +- ) +- except TypeError: +- network_client = NetworkManagementClient( +- credentials, +- config.SubscriptionId, +- base_url=cloud_environment.endpoints.resource_manager +- ) ++ ++ from azure.profiles import KnownProfiles ++ ++ if (config.Cloud.lower() == "stack"): ++ client_profile = KnownProfiles.v2020_09_01_hybrid + else: ++ client_profile = KnownProfiles.default ++ ++ try: ++ network_client = NetworkManagementClient( ++ credentials, ++ config.SubscriptionId, ++ base_url=cloud_environment["resource_manager"], ++ profile=client_profile, ++ credential_scopes=cloud_environment["credential_scopes"], ++ api_version=NETWORK_MGMT_CLIENT_API_VERSION ++ ) ++ except TypeError: + network_client = NetworkManagementClient( + credentials, +- config.SubscriptionId ++ config.SubscriptionId, ++ base_url=cloud_environment["resource_manager"], ++ api_version=NETWORK_MGMT_CLIENT_API_VERSION + ) + return network_client +--- a/agents/azure_arm/fence_azure_arm.py 2025-01-30 14:59:48.218366743 +0100 ++++ b/agents/azure_arm/fence_azure_arm.py 2025-01-28 13:12:00.758567141 +0100 +@@ -2,6 +2,7 @@ + + import sys, re + sys.path.insert(0, '/usr/lib/fence-agents/support/common') ++sys.path.insert(1, '/usr/lib/fence-agents/support/azure') + try: + import pexpect + except: +@@ -20,7 +21,7 @@ + if clients: + compute_client = clients[0] + rgName = options["--resourceGroup"] +- vms = compute_client.virtual_machines.list(rgName) ++ vms = azure_fence.get_vm_list(compute_client,rgName) + try: + for vm in vms: + result[vm.name] = ("", None) +@@ -36,7 +37,7 @@ + rgName = options["--resourceGroup"] + + try: +- vms = compute_client.virtual_machines.list(rgName) ++ vms = azure_fence.get_vm_list(compute_client,rgName) + except Exception as e: + fail_usage("Failed: %s" % e) + +@@ -77,7 +78,7 @@ + + powerState = "unknown" + try: +- vmStatus = compute_client.virtual_machines.get(rgName, vmName, "instanceView") ++ vmStatus = azure_fence.get_vm_resource(compute_client, rgName, vmName) + except Exception as e: + fail_usage("Failed: %s" % e) + +@@ -120,23 +121,10 @@ + + if (options["--action"]=="off"): + logging.info("Poweroff " + vmName + " in resource group " + rgName) +- try: +- # try new API version first +- compute_client.virtual_machines.begin_power_off(rgName, vmName, skip_shutdown=True) +- except AttributeError: +- # use older API verson if it fails +- logging.debug("Poweroff " + vmName + " did not work via 'virtual_machines.begin_power_off. Trying virtual_machines.power_off'.") +- compute_client.virtual_machines.power_off(rgName, vmName, skip_shutdown=True) ++ azure_fence.do_vm_power_off(compute_client, rgName, vmName, True) + elif (options["--action"]=="on"): + logging.info("Starting " + vmName + " in resource group " + rgName) +- try: +- # try new API version first +- compute_client.virtual_machines.begin_start(rgName, vmName) +- except AttributeError: +- # use older API verson if it fails +- logging.debug("Starting " + vmName + " did not work via 'virtual_machines.begin_start. Trying virtual_machines.start'.") +- compute_client.virtual_machines.start(rgName, vmName) +- ++ azure_fence.do_vm_start(compute_client, rgName, vmName) + + def define_new_opts(): + all_opt["resourceGroup"] = { +@@ -256,7 +244,7 @@ + except ImportError: + fail_usage("Azure Resource Manager Python SDK not found or not accessible") + except Exception as e: +- fail_usage("Failed: %s" % re.sub("^, ", "", str(e))) ++ fail_usage("Failed: %s" % re.sub(r"^, ", r"", str(e))) + + if "--network-fencing" in options: + # use off-action to quickly return off once network is fenced instead of diff --git a/RHEL-83488-fence_ibm_vpc-refresh-bearer-token.patch b/RHEL-83488-fence_ibm_vpc-refresh-bearer-token.patch new file mode 100644 index 0000000000000000000000000000000000000000..eb8568f30a484483d8b419a22684e1b438f3d5f8 --- /dev/null +++ b/RHEL-83488-fence_ibm_vpc-refresh-bearer-token.patch @@ -0,0 +1,38 @@ +From 293b3961149f680ead9028e6719c405957abc6b7 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Thu, 13 Mar 2025 16:40:30 +0100 +Subject: [PATCH] fence_ibm_vpc: refresh bearer-token in connect() if token + data is corrupt, and avoid edge-case of writing empty token file + +--- + agents/ibm_vpc/fence_ibm_vpc.py | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/agents/ibm_vpc/fence_ibm_vpc.py b/agents/ibm_vpc/fence_ibm_vpc.py +index 035a3235a..efda5eed7 100755 +--- a/agents/ibm_vpc/fence_ibm_vpc.py ++++ b/agents/ibm_vpc/fence_ibm_vpc.py +@@ -105,6 +105,8 @@ def get_bearer_token(conn, options): + except Exception as e: + logging.error("Failed: Unable to authenticate: {}".format(e)) + fail(EC_LOGIN_DENIED) ++ if len(token) < 1: ++ fail(EC_LOGIN_DENIED) + file_obj.write(token) + finally: + os.umask(oldumask) +@@ -152,6 +154,14 @@ def connect(opt): + # set auth token for later requests + conn = set_bearer_token(conn, bearer_token) + ++ try: ++ command = "instances?version=2021-05-25&generation=2&limit=1" ++ res = send_command(conn, opt, command) ++ except Exception as e: ++ logging.warning("Failed to login/connect. Updating bearer-token.") ++ bearer_token = get_bearer_token(conn, opt) ++ conn = set_bearer_token(conn, bearer_token) ++ + return conn + + def disconnect(conn): diff --git a/RHEL-92695-1-fence_sbd-improve-error-handling.patch b/RHEL-92695-1-fence_sbd-improve-error-handling.patch new file mode 100644 index 0000000000000000000000000000000000000000..c9ab5ad2c495393e08657554c4f34c4e5cc1ffb1 --- /dev/null +++ b/RHEL-92695-1-fence_sbd-improve-error-handling.patch @@ -0,0 +1,296 @@ +From ab1de07902d9f380c10405d6ddac3aeb43838c86 Mon Sep 17 00:00:00 2001 +From: Klaus Wenninger +Date: Thu, 28 Jul 2022 15:33:12 +0200 +Subject: [PATCH] fence_sbd: improve error handling + +basically when using 3 disks be happy with 2 answers +but give it 5s at least to collect all answers +increase default power-timeout to 30s so that waiting +those 5s still allows us to get done sending the +reboot + +RHBZ#2033671 +--- + agents/sbd/fence_sbd.py | 77 +++++++++++++-------- + lib/fencing.py.py | 109 ++++++++++++++++++++++++++++++ + tests/data/metadata/fence_sbd.xml | 2 +- + 3 files changed, 158 insertions(+), 30 deletions(-) + +diff --git a/agents/sbd/fence_sbd.py b/agents/sbd/fence_sbd.py +index 0c876b16e..2b0127d55 100644 +--- a/agents/sbd/fence_sbd.py ++++ b/agents/sbd/fence_sbd.py +@@ -5,7 +5,7 @@ + import os + import atexit + sys.path.append("@FENCEAGENTSLIBDIR@") +-from fencing import fail_usage, run_command, fence_action, all_opt ++from fencing import fail_usage, run_commands, fence_action, all_opt + from fencing import atexit_handler, check_input, process_input, show_docs + from fencing import run_delay + import itertools +@@ -81,7 +81,7 @@ def check_sbd_device(options, device_path): + + cmd = "%s -d %s dump" % (options["--sbd-path"], device_path) + +- (return_code, out, err) = run_command(options, cmd) ++ (return_code, out, err) = run_commands(options, [ cmd ]) + + for line in itertools.chain(out.split("\n"), err.split("\n")): + if len(line) == 0: +@@ -94,21 +94,35 @@ def check_sbd_device(options, device_path): + + return DEVICE_INIT + ++ + def generate_sbd_command(options, command, arguments=None): + """Generates a sbd command based on given arguments. + + Return Value: +- generated sbd command (string) ++ generated list of sbd commands (strings) depending ++ on command multiple commands with a device each ++ or a single command with multiple devices + """ +- cmd = options["--sbd-path"] ++ cmds = [] ++ ++ if not command in ["list", "dump"]: ++ cmd = options["--sbd-path"] + +- # add "-d" for each sbd device +- for device in parse_sbd_devices(options): +- cmd += " -d %s" % device ++ # add "-d" for each sbd device ++ for device in parse_sbd_devices(options): ++ cmd += " -d %s" % device + +- cmd += " %s %s" % (command, arguments) ++ cmd += " %s %s" % (command, arguments) ++ cmds.append(cmd) ++ ++ else: ++ for device in parse_sbd_devices(options): ++ cmd = options["--sbd-path"] ++ cmd += " -d %s" % device ++ cmd += " %s %s" % (command, arguments) ++ cmds.append(cmd) + +- return cmd ++ return cmds + + def send_sbd_message(conn, options, plug, message): + """Sends a message to all sbd devices. +@@ -128,7 +142,7 @@ def send_sbd_message(conn, options, plug, message): + arguments = "%s %s" % (plug, message) + cmd = generate_sbd_command(options, "message", arguments) + +- (return_code, out, err) = run_command(options, cmd) ++ (return_code, out, err) = run_commands(options, cmd) + + return (return_code, out, err) + +@@ -147,7 +161,7 @@ def get_msg_timeout(options): + + cmd = generate_sbd_command(options, "dump") + +- (return_code, out, err) = run_command(options, cmd) ++ (return_code, out, err) = run_commands(options, cmd) + + for line in itertools.chain(out.split("\n"), err.split("\n")): + if len(line) == 0: +@@ -288,7 +302,7 @@ def get_node_list(conn, options): + + cmd = generate_sbd_command(options, "list") + +- (return_code, out, err) = run_command(options, cmd) ++ (return_code, out, err) = run_commands(options, cmd) + + for line in out.split("\n"): + if len(line) == 0: +@@ -356,6 +370,7 @@ def main(): + + all_opt["method"]["default"] = "cycle" + all_opt["method"]["help"] = "-m, --method=[method] Method to fence (onoff|cycle) (Default: cycle)" ++ all_opt["power_timeout"]["default"] = "30" + + options = check_input(device_opt, process_input(device_opt)) + +@@ -376,23 +391,27 @@ def main(): + + # We need to check if the provided sbd_devices exists. We need to do + # that for every given device. +- for device_path in parse_sbd_devices(options): +- logging.debug("check device \"%s\"", device_path) +- +- return_code = check_sbd_device(options, device_path) +- if PATH_NOT_EXISTS == return_code: +- logging.error("\"%s\" does not exist", device_path) +- elif PATH_NOT_BLOCK == return_code: +- logging.error("\"%s\" is not a valid block device", device_path) +- elif DEVICE_NOT_INIT == return_code: +- logging.error("\"%s\" is not initialized", device_path) +- elif DEVICE_INIT != return_code: +- logging.error("UNKNOWN error while checking \"%s\"", device_path) +- +- # If we get any error while checking the device we need to exit at this +- # point. +- if DEVICE_INIT != return_code: +- exit(return_code) ++ # Just for the case we are really rebooting / powering off a device ++ # (pacemaker as well uses the list command to generate a dynamic list) ++ # we leave it to sbd to try and decide if it was successful ++ if not options["--action"] in ["reboot", "off", "list"]: ++ for device_path in parse_sbd_devices(options): ++ logging.debug("check device \"%s\"", device_path) ++ ++ return_code = check_sbd_device(options, device_path) ++ if PATH_NOT_EXISTS == return_code: ++ logging.error("\"%s\" does not exist", device_path) ++ elif PATH_NOT_BLOCK == return_code: ++ logging.error("\"%s\" is not a valid block device", device_path) ++ elif DEVICE_NOT_INIT == return_code: ++ logging.error("\"%s\" is not initialized", device_path) ++ elif DEVICE_INIT != return_code: ++ logging.error("UNKNOWN error while checking \"%s\"", device_path) ++ ++ # If we get any error while checking the device we need to exit at this ++ # point. ++ if DEVICE_INIT != return_code: ++ exit(return_code) + + # we check against the defined timeouts. If the pacemaker timeout is smaller + # then that defined within sbd we should report this. +diff --git a/lib/fencing.py.py b/lib/fencing.py.py +index b746ede8b..fc3679e33 100644 +--- a/lib/fencing.py.py ++++ b/lib/fencing.py.py +@@ -1088,6 +1088,115 @@ def is_executable(path): + return True + return False + ++def run_commands(options, commands, timeout=None, env=None, log_command=None): ++ # inspired by psutils.wait_procs (BSD License) ++ def check_gone(proc, timeout): ++ try: ++ returncode = proc.wait(timeout=timeout) ++ except subprocess.TimeoutExpired: ++ pass ++ else: ++ if returncode is not None or not proc.is_running(): ++ proc.returncode = returncode ++ gone.add(proc) ++ ++ if timeout is None and "--power-timeout" in options: ++ timeout = options["--power-timeout"] ++ if timeout == 0: ++ timeout = None ++ if timeout is not None: ++ timeout = float(timeout) ++ ++ time_start = time.time() ++ procs = [] ++ status = None ++ pipe_stdout = "" ++ pipe_stderr = "" ++ ++ for command in commands: ++ logging.info("Executing: %s\n", log_command or command) ++ ++ try: ++ process = subprocess.Popen(shlex.split(command), stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env, ++ # decodes newlines and in python3 also converts bytes to str ++ universal_newlines=(sys.version_info[0] > 2)) ++ except OSError: ++ fail_usage("Unable to run %s\n" % command) ++ ++ procs.append(process) ++ ++ gone = set() ++ alive = set(procs) ++ ++ while True: ++ if alive: ++ max_timeout = 2.0 / len(alive) ++ for proc in alive: ++ if timeout is not None: ++ if time.time()-time_start >= timeout: ++ # quickly go over the rest ++ max_timeout = 0 ++ check_gone(proc, max_timeout) ++ alive = alive - gone ++ ++ if not alive: ++ break ++ ++ if time.time()-time_start < 5.0: ++ # give it at least 5s to get a complete answer ++ # afterwards we're OK with a quorate answer ++ continue ++ ++ if len(gone) > len(alive): ++ good_cnt = 0 ++ for proc in gone: ++ if proc.returncode == 0: ++ good_cnt += 1 ++ # a positive result from more than half is fine ++ if good_cnt > len(procs)/2: ++ break ++ ++ if timeout is not None: ++ if time.time() - time_start >= timeout: ++ logging.debug("Stop waiting after %s\n", str(timeout)) ++ break ++ ++ logging.debug("Done: %d gone, %d alive\n", len(gone), len(alive)) ++ ++ for proc in gone: ++ if (status != 0): ++ status = proc.returncode ++ # hand over the best status we have ++ # but still collect as much stdout/stderr feedback ++ # avoid communicate as we know already process ++ # is gone and it seems to block when there ++ # are D state children we don't get rid off ++ os.set_blocking(proc.stdout.fileno(), False) ++ os.set_blocking(proc.stderr.fileno(), False) ++ try: ++ pipe_stdout += proc.stdout.read() ++ except: ++ pass ++ try: ++ pipe_stderr += proc.stderr.read() ++ except: ++ pass ++ proc.stdout.close() ++ proc.stderr.close() ++ ++ for proc in alive: ++ proc.kill() ++ ++ if status is None: ++ fail(EC_TIMED_OUT, stop=(int(options.get("retry", 0)) < 1)) ++ status = EC_TIMED_OUT ++ pipe_stdout = "" ++ pipe_stderr = "timed out" ++ ++ logging.debug("%s %s %s\n", str(status), str(pipe_stdout), str(pipe_stderr)) ++ ++ return (status, pipe_stdout, pipe_stderr) ++ + def run_command(options, command, timeout=None, env=None, log_command=None): + if timeout is None and "--power-timeout" in options: + timeout = options["--power-timeout"] +diff --git a/tests/data/metadata/fence_sbd.xml b/tests/data/metadata/fence_sbd.xml +index 516370c40..7248b864a 100644 +--- a/tests/data/metadata/fence_sbd.xml ++++ b/tests/data/metadata/fence_sbd.xml +@@ -87,7 +87,7 @@ + + + +- ++ + Test X seconds for status change after ON/OFF + + diff --git a/RHEL-92695-2-fence_sbd-get-devices-from-SBD_DEVICE-if-devices-parameter-isnt-set.patch b/RHEL-92695-2-fence_sbd-get-devices-from-SBD_DEVICE-if-devices-parameter-isnt-set.patch new file mode 100644 index 0000000000000000000000000000000000000000..f68fe0bbaf6f790e2f7775fa0a507a67d85e213d --- /dev/null +++ b/RHEL-92695-2-fence_sbd-get-devices-from-SBD_DEVICE-if-devices-parameter-isnt-set.patch @@ -0,0 +1,160 @@ +From f73b6b4465de1bf2b2887efd3b9767d3f36abd24 Mon Sep 17 00:00:00 2001 +From: xin liang +Date: Fri, 26 Jul 2024 10:49:55 +0800 +Subject: [PATCH 1/3] fence_sbd: if sbd devices are not specified with option, + read SBD_DEVICE + +from environment +--- + agents/sbd/fence_sbd.py | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/agents/sbd/fence_sbd.py b/agents/sbd/fence_sbd.py +index bf95bb72e..c36220295 100644 +--- a/agents/sbd/fence_sbd.py ++++ b/agents/sbd/fence_sbd.py +@@ -342,7 +342,7 @@ def define_new_opts(): + "longopt" : "devices", + "help":"--devices=[device_a,device_b] \ + Comma separated list of sbd devices", +- "required" : "1", ++ "required" : "0", + "shortdesc" : "SBD Device", + "order": 1 + } +@@ -382,10 +382,14 @@ def main(): + docs["vendorurl"] = "" + show_docs(options, docs) + +- # We need to check if --devices is given and not empty. ++ # If not specified then read SBD_DEVICE from environment + if "--devices" not in options: +- fail_usage("No SBD devices specified. \ +- At least one SBD device is required.") ++ dev_list = os.getenv("SBD_DEVICE") ++ if dev_list: ++ options["--devices"] = ",".join(dev_list.split(";")) ++ else: ++ fail_usage("No SBD devices specified. \ ++ At least one SBD device is required.") + + run_delay(options) + + +From 744d534225b51db26058660b753df2991b9356a0 Mon Sep 17 00:00:00 2001 +From: xin liang +Date: Fri, 26 Jul 2024 17:45:07 +0800 +Subject: [PATCH 2/3] fence_sbd: Update fence_sbd.xml + +--- + tests/data/metadata/fence_sbd.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/data/metadata/fence_sbd.xml b/tests/data/metadata/fence_sbd.xml +index 82ded25b9..c2daf0c54 100644 +--- a/tests/data/metadata/fence_sbd.xml ++++ b/tests/data/metadata/fence_sbd.xml +@@ -8,7 +8,7 @@ + + Fencing action + +- ++ + + + SBD Device + +From 06457f95a4d89d4b6a856ae14ccbcda4d357bef6 Mon Sep 17 00:00:00 2001 +From: xin liang +Date: Tue, 10 Dec 2024 10:00:00 +0800 +Subject: [PATCH 3/3] fence_sbd: Check if the sbd daemon is running before + using SBD_DEVICE enviroment variable + +And add @SBDPID_PATH@ for the sbd daemon pid file path +--- + agents/sbd/fence_sbd.py | 31 ++++++++++++++++++++++++++++++- + configure.ac | 2 ++ + make/fencebuild.mk | 1 + + 3 files changed, 33 insertions(+), 1 deletion(-) + +diff --git a/agents/sbd/fence_sbd.py b/agents/sbd/fence_sbd.py +index c36220295..bebc7fae1 100644 +--- a/agents/sbd/fence_sbd.py ++++ b/agents/sbd/fence_sbd.py +@@ -14,6 +14,7 @@ + DEVICE_NOT_INIT = -3 + PATH_NOT_EXISTS = -1 + PATH_NOT_BLOCK = -2 ++SBD_PID_FILE = "@SBDPID_PATH@" + + def is_block_device(filename): + """Checks if a given path is a valid block device +@@ -356,6 +357,34 @@ def define_new_opts(): + "order": 200 + } + ++ ++def sbd_daemon_is_running(): ++ """Check if the sbd daemon is running ++ """ ++ if not os.path.exists(SBD_PID_FILE): ++ logging.info("SBD PID file %s does not exist", SBD_PID_FILE) ++ return False ++ ++ try: ++ with open(SBD_PID_FILE, "r") as pid_file: ++ pid = int(pid_file.read().strip()) ++ except Exception as e: ++ logging.error("Failed to read PID file %s: %s", SBD_PID_FILE, e) ++ return False ++ ++ try: ++ # send signal 0 to check if the process is running ++ os.kill(pid, 0) ++ except ProcessLookupError: ++ logging.info("SBD daemon is not running") ++ return False ++ except Exception as e: ++ logging.error("Failed to send signal 0 to PID %d: %s", pid, e) ++ return False ++ ++ return True ++ ++ + def main(): + """Main function + """ +@@ -385,7 +414,7 @@ def main(): + # If not specified then read SBD_DEVICE from environment + if "--devices" not in options: + dev_list = os.getenv("SBD_DEVICE") +- if dev_list: ++ if dev_list and sbd_daemon_is_running(): + options["--devices"] = ",".join(dev_list.split(";")) + else: + fail_usage("No SBD devices specified. \ +diff --git a/configure.ac b/configure.ac +index 6b7322419..0425a9d21 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -145,6 +145,8 @@ eval FENCETMPDIR="`eval echo ${FENCETMPDIR}`" + AC_DEFINE_UNQUOTED(FENCETMPDIR,"$FENCETMPDIR", Where Fence agents keep state files) + AC_SUBST(FENCETMPDIR) + ++SBDPID_PATH=${localstatedir}/run/sbd.pid ++AC_SUBST(SBDPID_PATH) + + if test "x$AGENTS_LIST" = x; then + AC_ERROR([No agents selected]) +diff --git a/make/fencebuild.mk b/make/fencebuild.mk +index 9a3c6d6dd..bc9259190 100644 +--- a/make/fencebuild.mk ++++ b/make/fencebuild.mk +@@ -9,6 +9,7 @@ define gen_agent_from_py + -e 's#@''SBINDIR@#${sbindir}#g' \ + -e 's#@''LIBEXECDIR@#${libexecdir}#g' \ + -e 's#@''FENCETMPDIR@#${FENCETMPDIR}#g' \ ++ -e 's#@''SBDPID_PATH@#${SBDPID_PATH}#g' \ + -e 's#@''IPMITOOL_PATH@#${IPMITOOL_PATH}#g' \ + -e 's#@''OPENSTACK_PATH@#${OPENSTACK_PATH}#g' \ + -e 's#@''AMTTOOL_PATH@#${AMTTOOL_PATH}#g' \ diff --git a/RHEL-96183-fence_kubevirt-force-off.patch b/RHEL-96183-fence_kubevirt-force-off.patch new file mode 100644 index 0000000000000000000000000000000000000000..ac2e281693c46b35a0358ada864ecaeedfd4eb78 --- /dev/null +++ b/RHEL-96183-fence_kubevirt-force-off.patch @@ -0,0 +1,23 @@ +From b6e05c57a73e5d9bdde7d133ba7ec43737a7c6b7 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Tue, 25 Feb 2025 16:11:32 +0100 +Subject: [PATCH] fence_kubevirt: set grace_period_seconds=0 to immediately + power off the node + +--- + agents/kubevirt/fence_kubevirt.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/agents/kubevirt/fence_kubevirt.py b/agents/kubevirt/fence_kubevirt.py +index e3817b0fb..8ba8ce8db 100755 +--- a/agents/kubevirt/fence_kubevirt.py ++++ b/agents/kubevirt/fence_kubevirt.py +@@ -108,7 +108,7 @@ def define_new_opts(): + def virtctl_vm_action(conn, action, namespace, name, apiversion): + path = '/apis/subresources.{api_version}/namespaces/{namespace}/virtualmachines/{name}/{action}' + path = path.format(api_version=apiversion, namespace=namespace, name=name, action=action) +- return conn.request('put', path, header_params={'accept': '*/*'}) ++ return conn.request('put', path, header_params={'accept': '*/*'}, body={'gracePeriod': 0} if action == 'stop' else None) + + # Main agent method + def main(): diff --git a/dist b/dist index 635820538d487259e6dce4499a172e3066902da5..1f9f8c9bbdfdaf483d0bfdf0bf3c48d3cad6b1b9 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an9_5 +an9_6 diff --git a/fence-agents.spec b/fence-agents.spec index 83562d0f35c9fe42a35304722a4e3be26915a372..8cd30b5c5004d98586f3cd0ae367752c748d0340 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -60,7 +60,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 76%{?alphatag:.%{alphatag}}%{anolis_release}%{?dist}.6 +Release: 86%{?alphatag:.%{alphatag}}%{anolis_release}%{?dist}.7 License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -267,7 +267,15 @@ Patch54: RHEL-35263-fence_eps-add-fence_epsr2-for-ePowerSwitch-R2-and-newer.patc Patch55: RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch Patch56: RHEL-43235-fence_aws-1-list-add-instance-name-status.patch Patch57: RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch -Patch58: RHEL-59882-fence_scsi-only-preempt-once-for-mpath-devices.patch +Patch58: RHEL-59878-fence_scsi-only-preempt-once-for-mpath-devices.patch +Patch59: RHEL-56138-fence_mpath-1-support-hex-key-format.patch +Patch60: RHEL-56138-fence_mpath-2-fix-unfencing-issue-use-MULTILINE-avoid-duplicates.patch +Patch61: RHEL-62206-fence_ibm_powervs-add-private-endpoint-and-token-file-support.patch +Patch62: RHEL-76493-fence_azure_arm-use-azure-identity.patch +Patch63: RHEL-83488-fence_ibm_vpc-refresh-bearer-token.patch +Patch64: RHEL-92695-1-fence_sbd-improve-error-handling.patch +Patch65: RHEL-92695-2-fence_sbd-get-devices-from-SBD_DEVICE-if-devices-parameter-isnt-set.patch +Patch66: RHEL-96183-fence_kubevirt-force-off.patch ### HA support libs/utils ### # all archs @@ -459,6 +467,14 @@ BuildRequires: %{systemd_units} %patch -p1 -P 56 %patch -p1 -P 57 %patch -p1 -P 58 +%patch -p1 -P 59 +%patch -p1 -P 60 +%patch -p1 -P 61 +%patch -p1 -P 62 +%patch -p1 -P 63 +%patch -p1 -P 64 +%patch -p1 -P 65 +%patch -p1 -P 66 # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -1571,6 +1587,9 @@ are located on corosync cluster nodes. %endif %changelog +* Thu Aug 07 2025 Hong Wei Qin - 4.10.0-86.0.1.7 +- Fix CVE-2025-47273 + * Tue Mar 25 2025 Zhao Hang - 4.10.0-76.0.1.6 - fix CVE-2025-27516