openSUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: openSUSE-RU-2021:2547-1 Rating: moderate References: #1182701 #1185058 SLE-17998 SLE-18182 Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that has two recommended fixes and contains two features can now be installed. Description: This update for fence-agents fixes the following issues: - Corrections to support Azure SDK greater than 15 - including backward compatibility (bsc#1185058) - Fixed an issue when libvirt breaks the connection in every 30 seconds. - ECO: Update fence-agents. (jsc#SLE-18182) - Add upstream PR to aws-vpc-move-ip and apply required resource and fence agent patches. (jsc#SLE-17998) - Fixed an issue when fence-agent does not restart the node properly. (bsc#1182701) - Major rework of the original agent: * fence_gce: default method moved back to powercycle (#389) * fence_gce: make serviceaccount work with new libraries * fence_virt*: simple_auth: use %zu for sizeof to avoid failing verbose builds on some archs * configure: dont fail when --with-agents contains virt * fence_mpath: watchdog retries support * fencing: add multi plug support for reboot-action * fence_redfish: add missing diag logic * fencing: fix issue with hardcoded help text length for metadata * fencing: add stonith_status_sleep parameter for sleep between status calls during a STONITH action * fence_aws: add filter parameter to be able to limit which nodes are listed * virt: fix a bunch of coverity scan errors in ip_lookup * virt: make sure to provide an empty default to strncpy * virt: make sure buffers are big enough for 0 byte end string * virt: increase buffer size to avoid overruns * virt: check return code in virt-sockets * virt: fix plugin (minor) memory leak and plug in load race * virt: attempt to open file directly and avoid race condition * virt: fix different coverity scan errors in common/tcp * virt: cleanup deadcode in client/vsock * virt: cleanup deadcode in client/tcp * virt: fix potential buffer overrun * virt: fix mcast coverity scan errors * virt: drop pm-fence plugin * virt: drop libvirt-qmf plugin * virt: drop null plugin * virt: drop fence_virtd non-modular build * virt: fix plugin installation regression on upgrades * fence_virt: metadata fixes, implement manpage generation and metadata/delay/rng checks * virt: make sure variable is initialized * zvm: reformat fence_zvm to avoid gcc warnings * virt: drop -Werror to avoid unnecessary failures * virt: disable -Wunused for yy generated files * virt: disable fence-virt on bsd variants * virt: merge spec files * build: fix more gcc warnings * build: remove unused / obsoleted options * build: fix some annoying warnings at ./autogen.sh time * virt: move all virt CFLAGS/LDFLAGS in the right location * virt: fix unused gcc warnings and re-enable all build warnings * virt: fix write-strings gcc warnings * virt: fix pointer-arith gcc warnings * virt: fix declaration-after-statement gcc warnings * virt: fix build with -Wmissing-prototypes * build: don��t override clean target * virt: plug fence_virt into the build * virt: allow fence_virt build to be optional * virt: drop support for LSB init script * virt: collect docs in one location * virt: remove unnecessary files and move build macros in place * Ignore fence-virt man pages * Move fence_virt to the correct location * spec: use python3 path for newer releases * spec: undo autosetup change that breaks builds w/git commit hashes * Ignore unknown options on stdin * fence_gce: support google-auth and oauthlib and fallback to deprecated libs when not available * spec: add aliyun subpackage and fence_mpath_check* to mpath subpackage * fence_gce: Adds cloud-platform scope for bare metal API and optional proxy flags (#382) * fence_virt: Fix minor typo in metadata * fence_gce: update module reqs for SLES 15 (#383) * Add fence_ipmilanplus as fence_ipmilan wrapper always enabling lanplus * fence_redfish: Add diag action * fence_vbox: updated metadata file * fence_vbox: do not flood host account with vboxmanage calls * fence_aws/fence_gce: allow building without cloud libs * fence_gce: default to onoff * fence_lpar: Make --managed a required option * fence_zvmip: fix shell-timeout when using new disable-timeout parameter * Adds service account authentication to GCE fence agent * spec: dont build -all subpackage as noarch * fence_virt: add plug parameter that obsoletes old port parameter * Try to detect directory for initscripts configuration * Accept SIGTERM while waiting for initialization. * Add man pages to fence_virtd service file. * Fix spelling error in fence_virt.conf.5 * build: fix BRs for suse distros * build: remove ExclusiveArch * build: removed gcc-c++ BR * build: add spec-file and rpm build targets * build: cleanup/improvements to reworked build system * [build] rework build system to use automake/libtool * fence_virtd: Fix segfault in vl_get when no domains are found * fence_virt: fix core dump * build: harden and make it possible to build with -fPIE * fence_virt: dont report success for incorrect parameters * fence_virt: mcast: config: Warn when provided mcast addr is not used * fence_virtd: Return control to main loop on select interruption * fence-virtd: Add missing vsock makefile bits * fence-virt: Add vsock support * fence_virtd: Fix transposed arguments in startup message * fence_virt: Rename challenge functions * fence_virtd: Cleanup: remove unused configuration options * fence_virt: Remove remaining references to checkpoints * fence_virt: Remove remaining references to checkpoints * fence-virt: Format string cleanup * fence_virtd: Implment hostlist for the cpg backend * fence_virt: Fix logic error in fence_xvm * fence_virtd: Cleanup config module * fence_virtd: cpg: Fail initialization if no hypervisor connections * fence_virtd: Make the libvirt backend survive libvirtd restarts * fence_virtd: Allow the cpg backend to survive libvirt failures * fence_virtd: cpg: Fix typo * fence-virtd: Add cpg-virt backend plugin * fence_virtd: Remove checkpoint, replace it with a CPG only plugin * fence-virt: Bump version * fence_virtd: Add better debugging messages for the TCP listner * fence_virtd: Fix potential unlocked pthread_cond_timedwait() * fence-virtd: Cleanup small memory leak * fence_virtd: Fix select logic in listener plugins * Factor out common libvirt code so that it can be reused by multiple backends * Document the fence_virtd -p command line flag * fence_virtd: Log an error when startup fails * Retry writes in the TCP, mcast, and serial listener plugins while sending a response to clients, if the write fails or is incomplete. * Make the packet authentication code more resilient in the face of transient failures. * Disable the libvirt-qmf backend by default * Bump the versions of the libvirt and checkpoint plugins * fence-virtd: Enable TCP listener plugin by default * fence-virtd: Cleanup documentation of the TCP listener * fence_xvm/fence_virt: Add support for the validate-all status op * fence-virt: Add list-status command to man page and metadata * fence-virt: Cleanup numeric argument parsing * fence-virt: Log message to syslog in addition to stdout/stderr * fence-virt: Permit explicitly setting delay to 0 * fence-virt: Add 'list-status' operation for compat with other agents * Allow fence_virtd to run as non-root * Remove delay from the status, monitor and list functions * Resolves serveral problems in checkpoint plugin, making it functional. * daemon_init: Removed PID check and update * fence_virtd: drop legacy SysVStartPriority from service unit * fence-virt: client: Do not truncate VM domains in list output * client: fix "delay" parameter checking (copy-paste) * fence-virt: Fix broken restrictions on the port ranges * Clarify debug message * fence-virtd: Use perror only if the last system call returns an error. * fence-virtd: Fix printing wrong system call in perror * fence-virtd: Allow multiple hypervisors for the libvirt backend * fence-virt: Don't overrwrite saved errno * fence-virt: Fix small memory leak in the config module * fence-virt: Fix mismatched sizeof in memset call * fence-virt: Send complete hostlist info * fence-virt: Clarify the path option in serial mode * Bump version * fence-virt: Bump version * fence_virtd: Fix broken systemd service file * fence_virt/fence_xvm: Print status when invoked with -o status * fence-virt: Fix for missed libvirtd events * fence-virt: Fail properly if unable to bind the listener socket * client: dump all arguments structure in debug mode * Drop executable flag for man pages (finally) * Honor implicit "ip_family=auto" in fence_xvm w/IPv6 mult.addr. * Fix using bad struct item for auth algorithm * Drop executable flag for man pages * use bswap_X() instead of b_swapX() * fence_virtd: Fix memcpy size params in the TCP plugin * Revert "fence-virt: Fix possible descriptor leak" * fence_virtd: Return success if a domain exists but is already off. * fence-virt: Add back missing tcp_listener.h file * fence-virt: Fix a few fd leaks * fence-virt: Fix free of uninitialized variable * fence-virt: Fix possible null pointer dereference * fence-virt: Fix memory leak * fence-virt: Fix fd leak when finding local addresses * fence-virt: Fix possible descriptor leak * fence-virt: Fix possible fd leak * fence-virt: Fix null pointer deref * fence-virt: Explicitly set delay to 0 * fence-virt: Fix return with lock held * fence_virt: Fix typo in fence_virt(8) man page * fence_virt: Return failure for nonexistent domains * Improve fence_virt.conf man page description of 'hash' * Add a TCP listener plugin for use with viosproxy * In serial mode, return failure if the other end closes the connection before we see SERIAL_MAGIC in the reply or timeout. * Stop linking against unnecessary QPid libs. * Update libvirt-qmf plugin and docs * Fix crash when we fail to read key file. * Fix erroneous man page XML * Add 'interface' directive to example.conf * Add old wait_for_backend directive handling & docs * Return proper error if we can't set up our socket. * Fix startup in systemd environments * Add systemd unit file and generation * Don't override user's pick for backend server module * Use libvirt as default in shipped config * Clean up compiler warnings * Fix serial domain handling * Fix monolithic build * Clean up build and comments. * Add missing pm_fence source code * Disable CMAN / checkpoint build by default * Rename libvirt-qpid -> libvirt-qmf * Fix static analysis errors * Reword assignment to appease static analyzers * Handle return value from virDomainGetInfo * Fix bad sizeof() * Make listen() retry * Add map_check on 'status' action * Update README * Don't reference out-of-scope temporary * Ensure we don't try to strdup() or atoi() on NULL * Add libvirt-qmf support to the libvirt-qpid plugin * Convert libvirt-qpid plugin to QMFv2 * Fix incorrect return value on hash mismatch * Fix error getting status from libvirt-qpid plugin * Make fence-virt requests endian clean * Fix input parsing to allow domain again * Provide 'domain' in metadata output for compatibility * High: Fix UUID lookups in checkpoint backend * Curtail 'list' operation requests * Fix man page references: fence_virtd.conf -> fence_virt.conf * Add 'list' operation for plugins; fix missing getopt line * Fix build with newer versions of qpid * Make configure.in actually disable plugins * Rename parameters to match other fencing agents * Fix fence_xvm man page to point to the right location * client: Clarify license in serial.c * Return 2 for 'off' like other fencing agents * Reset flags before returning from connect_nb * Use nonblocking connect to vmchannel sockets * More parity with other fencing agents' parameters * Fix memory leaks found with valgrind * Add basic daemon functions * Fix bug in path pruning support for serial plugin * Fix libvirt-qpid bugs found while testing * Fix segfault caused by invalid map pointer assignment * Fix another compiler warning * Fix build warnings in client/serial.c * Add 'monitor' as an alias for 'status' * Add serial listener to configuration utility * Make serial/vmchannel module enabled by default * Add missing 'metadata' option to help text * Add missing static_map.h * Add metadata support to fence_xvm/fence_virt * Allow IPs to be members of groups * Allow use of static mappings w/ mcast listener * Make 'path' be a directory * Remove useless debug printfs * Enable VM Channel support in serial plugin * Pass source VM UUID (if known) to backend * Mirror libvirt-qpid's settings in libvirt-qpid plugin * libvirt-qpid: clean up global variable * Enable a configurable host/port on libvirt-qpid plugin * Minor config utility cleanups * Remove unnecessary name_mode from multicast plugin * Add prototypes and clean up build warnings * Use seqno in serial requests * Minor debugging message cleanup * Fix build error due to improper value * Static map support and permissions reporting * Sync up on SERIAL_MAGIC while waiting for a response * Don't build serial vmchannel module by default * Initial checkin of serial server-side support * Fix fence_virt.conf man page name * Add Fedora init script * Compiler warning cleanups in virt-serial.c * Add wait-for-backend mode * Fix up help text for clients * Minor XML cleanups, add missing free() call * add missing module_path to fence_virtd.conf.5 * Add capabilities to virt-serial * Note that serial support is experimental * Add a serial.so build target * Add vmchannel serial event interface * Split fence_virt vs. fence_xvm args * Add static map functions. * Fix build warning due to missing #include * Fix multiple query code * Better config query & multiple value/tag support * Add simple configuration mode * Allow setting config values to NULL to clear them * Clean up example config file * Sort plugins by type when printing them * Revert "Sort plugins by type when printing them" * Sort plugins by type when printing them * Clean up some configuration plugin information * add empty line between names * Make libvirt to automatically use uuid or names * Improve error reporting * Fix build for hostlist functionality * Hostlist functionality for libvirt, libvirt-qpid * Work around broken nspr headers * Fix installation target for man pages * Add man page build infrastructure * Make fence_xvm compatibility mode enabled by default * Fix libvirt / mcast support for name_mode * Fix agent option parsing * Fix dlsym mapping of C++ module * Make uuids work with libvirt-qpid * Fix uninitialized variable causing false returns * Add 'help' to fence_virtd * Fix libvirt-qpid build * Fix libvirt-qpid build * Add libvirt-qpid build target * Initial checking of libvirt-qpid plugin * Fix build on i686 * Make symlink/compatibilty mode disabled by default * Add simple tarball / release script * Use immediate resolution of symbols * Example config tweaks * Use sysconfdir for /etc/fence_virt.conf * Fix package name and install locations * Add 'maintainer-clean' target * Fix build errors on Fedora * Add missing header file * Ignore automake error * Make the build script actually build * Make cluster mode plugin work * Add basic cpg stuff for later * Enable 'on' operation for libvirt backend * Clean up modular build * Minor build cleanups * Yet more build fixes * More build cleanups * Build cleanups * Initial port to autoconf * Add checkpoint.c stub functions * Add sequence numbers to requests for tracking * Include missing include * Call generic history functions * Make history functions generic * Make debugging work from modules again * Revert "Fix build issue breaking debug printing from modules" * Fix build issue breaking debug printing from modules * Fix libvirt backend; VALIDATE was wrong * Cleanups, add daemon support * Add simple 'null' skeleton backend plugin * Make all plugins dynamically loaded. * Fix error message * Remove dummy serial prototypes * Remove modules in 'make clean' * Make listeners plugins. * Move name_mode to fence_virtd block * Add name_mode to example.conf * Move VM naming scheme to top level of config * Enable UUID use in libvirt.c * Move options.c to client directory * Drop duplicate fencing requests * Don't require specifying an interface in fence_virt.conf * Fix empty node parsing * Actually use the default port by default * Don't overwrite config files * Install modules, too. * Add temporary 'make install' target * Make a default configuration file * Make mcast work with UUIDs * Add checkpoint.so to the build * Fix missing carriage returns on debug prints * Add architecture overview description * Make serial_init match mcast_init. * Make multicast use config file * Integrate config file processing * Create server-side plugin architecture * Make libvirt a built-in plugin * Fix header in serial.c. Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2547=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-3.5.1 fence-agents-amt_ws-4.9.0+git.1624456340.8d746be9-3.5.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-3.5.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-3.5.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-3.5.1 References: https://bugzilla.suse.com/1182701 https://bugzilla.suse.com/1185058