Hello community, here is the log from the commit of package fence-agents for openSUSE:Factory checked in at 2014-09-18 07:12:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/fence-agents (Old) and /work/SRC/openSUSE:Factory/.fence-agents.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "fence-agents" Changes: -------- --- /work/SRC/openSUSE:Factory/fence-agents/fence-agents.changes 2014-07-02 15:05:25.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.fence-agents.new/fence-agents.changes 2014-09-18 07:12:59.000000000 +0200 @@ -0,0 +1,42 @@ +------------------------------------------------------------------- +Tue Sep 16 07:15:30 UTC 2014 - kgronl...@suse.com + +- Backport fixes from upstream (bnc#896833): + + fence_brocade: Add support for 'list' action + + fencing: Monitor is not working correctly without 'list' or 'status' + + fence_apc_snmp: Add support for firmware 6.x + + fence_zvm: Add support for "on" and "status" + + fence_zvm: Add current XML metadata to test suite + + [build] Fix automake files, so 'make distcheck' works + + fencing: Add new options --ssl-secure and --ssl-insecure + + [tests] Update XML metadata of fence agents + + fence_cisco_ucs & fence_vmware_soap: Logout has to be performed even when fencing fails + + fence_zvm: Fixes for better upstream inclusion + + fence_zvm: Add support for 'on', improve documentation +- Added patches: + + 0001-fence_brocade-Add-support-for-list-action.patch + + 0002-fencing-Monitor-is-not-working-correctly-without-lis.patch + + 0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch + + 0004-fence_zvm-Add-support-for-on-and-status.patch + + 0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch + + 0006-build-Fix-automake-files-so-make-distcheck-works.patch + + 0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch + + 0008-tests-Update-XML-metadata-of-fence-agents.patch + + 0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch + + 0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch + + 0011-fence_zvm-Add-support-for-on-improve-documentation.patch +- Add dependency on python-requests + +------------------------------------------------------------------- +Tue Jul 1 12:32:09 UTC 2014 - kgronl...@suse.com + +- Update to 4.0.10: + * fence_scsi is reimplemented on top of fencing library + * fence_zvm support distributed z/VM systems + * support for --delay was added to fence_zvm + * unmaintained fence agents were removed: + * fence_baytech, fence_bullpap, fence_cpint, fence_mcdata, + * fence_rackswitch, fence_vixel, fence_xcat + * we do not plan to remove other agents + * update fence_rsb to work with new firmware + New: ---- 0001-fence_brocade-Add-support-for-list-action.patch 0002-fencing-Monitor-is-not-working-correctly-without-lis.patch 0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch 0004-fence_zvm-Add-support-for-on-and-status.patch 0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch 0006-build-Fix-automake-files-so-make-distcheck-works.patch 0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch 0008-tests-Update-XML-metadata-of-fence-agents.patch 0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch 0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch 0011-fence_zvm-Add-support-for-on-improve-documentation.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fence-agents.spec ++++++ --- /var/tmp/diff_new_pack.ysMy8r/_old 2014-09-18 07:13:00.000000000 +0200 +++ /var/tmp/diff_new_pack.ysMy8r/_new 2014-09-18 07:13:00.000000000 +0200 @@ -26,9 +26,34 @@ Release: 0 Url: http://git.fedorahosted.org/git/fence-agents.git Source0: %{name}-%{version}.tar.xz + +# PATCH-FIX-UPSTREAM: fence_brocade: Add support for 'list' action +Patch1: 0001-fence_brocade-Add-support-for-list-action.patch +# PATCH-FIX-UPSTREAM: fencing: Monitor is not working correctly without 'list' or 'status' +Patch2: 0002-fencing-Monitor-is-not-working-correctly-without-lis.patch +# PATCH-FIX-UPSTREAM: fence_apc_snmp: Add support for firmware 6.x +Patch3: 0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch +# PATCH-FIX-UPSTREAM: fence_zvm: Add support for "on" and "status" +Patch4: 0004-fence_zvm-Add-support-for-on-and-status.patch +# PATCH-FIX-UPSTREAM: fence_zvm: Add current XML metadata to test suite +Patch5: 0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch +# PATCH-FIX-UPSTREAM: [build] Fix automake files, so 'make distcheck' works +Patch6: 0006-build-Fix-automake-files-so-make-distcheck-works.patch +# PATCH-FIX-UPSTREAM: fencing: Add new options --ssl-secure and --ssl-insecure +Patch7: 0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch +# PATCH-FIX-UPSTREAM: [tests] Update XML metadata of fence agents +Patch8: 0008-tests-Update-XML-metadata-of-fence-agents.patch +# PATCH-FIX-UPSTREAM: fence_cisco_ucs & fence_vmware_soap: Logout has to be performed even when fencing fails +Patch9: 0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch +# PATCH-FIX-UPSTREAM: fence_zvm: Fixes for better upstream inclusion +Patch10: 0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch +# PATCH-FIX-UPSTREAM: fence_zvm: Add support for 'on', improve documentation +Patch11: 0011-fence_zvm-Add-support-for-on-improve-documentation.patch + Requires: python-curl Requires: python-openssl Requires: python-pexpect +Requires: python-requests BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf @@ -45,6 +70,7 @@ BuildRequires: python BuildRequires: python-curl BuildRequires: python-pexpect +BuildRequires: python-requests BuildRequires: python-suds BuildRequires: python-xml BuildRequires: xz @@ -151,6 +177,17 @@ %prep %setup -q -n %{name}-%{version} +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 %build CFLAGS="${CFLAGS} ${RPM_OPT_FLAGS}" ++++++ 0001-fence_brocade-Add-support-for-list-action.patch ++++++ >From 98236c1c0f0f3b9d6def701e5e9cc67f35649441 Mon Sep 17 00:00:00 2001 From: Marek 'marx' Grac <mg...@redhat.com> Date: Tue, 1 Jul 2014 15:25:45 +0200 Subject: [PATCH 01/11] fence_brocade: Add support for 'list' action --- fence/agents/brocade/fence_brocade.py | 41 +++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/fence/agents/brocade/fence_brocade.py b/fence/agents/brocade/fence_brocade.py index f935280..3e5dd93 100644 --- a/fence/agents/brocade/fence_brocade.py +++ b/fence/agents/brocade/fence_brocade.py @@ -12,24 +12,6 @@ REDHAT_COPYRIGHT="" BUILD_DATE="March, 20013" #END_VERSION_GENERATION -def get_power_status(conn, options): - conn.send_eol("portCfgShow " + options["--plug"]) - - conn.log_expect(options, options["--command-prompt"], int(options["--shell-timeout"])) - - show_re = re.compile(r'^\s*Persistent Disable\s*(ON|OFF)\s*$', re.IGNORECASE) - lines = conn.before.split("\n") - - for line in lines: - res = show_re.search(line) - if res != None: - # We queried if it is disabled, so we have to negate answer - if res.group(1) == "ON": - return "off" - else: - return "on" - - fail(EC_STATUS) def set_power_status(conn, options): action = { 'on' : "portCfgPersistentEnable", @@ -39,6 +21,27 @@ def set_power_status(conn, options): conn.send_eol(action + " " + options["--plug"]) conn.log_expect(options, options["--command-prompt"], int(options["--power-timeout"])) +def get_power_status(conn, options): + line_re = re.compile(r'=========', re.IGNORECASE) + outlets = {} + in_index = False + + conn.send_eol("switchshow") + conn.log_expect(options, options["--command-prompt"], int(options["--power-timeout"])) + for line in str(conn.before).split("\n"): + if line_re.search(line): + in_index = True + elif in_index and line.lstrip()[0].isdigit(): + tokens = line.lstrip().split() + status = "off" if len(tokens) > 7 and tokens[7] == "Disabled" else "on" + outlets[tokens[0]] = ("", status) + + if options["--action"] == "status": + (_, status) = outlets[options["--plug"]] + return status + else: + return outlets + def main(): device_opt = ["ipaddr", "login", "passwd", "cmd_prompt", "secure", "port", "fabric_fencing"] @@ -66,7 +69,7 @@ FC switch needs to be enabled. This can be done by running fence_brocade and spe ## Operate the fencing device #### conn = fence_login(options) - result = fence_action(conn, options, set_power_status, get_power_status, None) + result = fence_action(conn, options, set_power_status, get_power_status, get_power_status) fence_logout(conn, "exit") sys.exit(result) -- 1.8.4.5 ++++++ 0002-fencing-Monitor-is-not-working-correctly-without-lis.patch ++++++ >From 5a1fd08c7cf4a4c7d41db3db0a83eed226804b40 Mon Sep 17 00:00:00 2001 From: Marek 'marx' Grac <mg...@redhat.com> Date: Tue, 1 Jul 2014 15:27:27 +0200 Subject: [PATCH 02/11] fencing: Monitor is not working correctly without 'list' or 'status' Action monitor either executes 'status' (without --plug) or 'list' (with --plug). But it is not required to have 'list' action. If they do not then 'monitor' has to be done in different way, e.g. login/logout. --- fence/agents/ovh/fence_ovh.py | 13 ++++++++++--- fence/agents/raritan/fence_raritan.py | 5 ++++- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/fence/agents/ovh/fence_ovh.py b/fence/agents/ovh/fence_ovh.py index f9a1c39..14a0706 100644 --- a/fence/agents/ovh/fence_ovh.py +++ b/fence/agents/ovh/fence_ovh.py @@ -94,10 +94,10 @@ Poweroff is simulated with a reboot into rescue-pro mode." docs["vendorurl"] = "http://www.ovh.net"; show_docs(options, docs) - if options["--action"] in ["list", "status"]: - fail_usage("Action '" + options["--action"] + "' is not supported in this fence agent") + if options["--action"] == "list": + fail_usage("Action 'list' is not supported in this fence agent") - if not options["--plug"].endswith(".ovh.net"): + if options["--action"] != "monitor" and not options["--plug"].endswith(".ovh.net"): options["--plug"] += ".ovh.net" if not options.has_key("--email"): @@ -107,6 +107,13 @@ Poweroff is simulated with a reboot into rescue-pro mode." conn = soap_login(options) + if options["--action"] == 'monitor': + try: + conn.service.logout(options["session"]) + except Exception: + pass + sys.exit(0) + # Save datetime just before changing netboot before_netboot_reboot = datetime.now() diff --git a/fence/agents/raritan/fence_raritan.py b/fence/agents/raritan/fence_raritan.py index 3506e25..bb6ad52 100644 --- a/fence/agents/raritan/fence_raritan.py +++ b/fence/agents/raritan/fence_raritan.py @@ -79,7 +79,10 @@ block any necessary fencing actions." except pexpect.TIMEOUT: fail(EC_LOGIN_DENIED) - result = fence_action(conn, options, set_power_status, get_power_status) + result = 0 + if options["--action"] != "monitor": + result = fence_action(conn, options, set_power_status, get_power_status) + fence_logout(conn, "exit\n") sys.exit(result) -- 1.8.4.5 ++++++ 0003-fence_apc_snmp-Add-support-for-firmware-6.x.patch ++++++ >From acd138f4da16067f073d40b09a16a64867ef7e8f Mon Sep 17 00:00:00 2001 From: Marek 'marx' Grac <mg...@redhat.com> Date: Mon, 4 Aug 2014 16:29:09 +0200 Subject: [PATCH 03/11] fence_apc_snmp: Add support for firmware 6.x Resolves: rhbz#1123897 --- fence/agents/apc_snmp/fence_apc_snmp.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/fence/agents/apc_snmp/fence_apc_snmp.py b/fence/agents/apc_snmp/fence_apc_snmp.py index cbb6856..a2b0d18 100644 --- a/fence/agents/apc_snmp/fence_apc_snmp.py +++ b/fence/agents/apc_snmp/fence_apc_snmp.py @@ -87,6 +87,18 @@ class ApcMS(object): turn_off = 2 has_switches = False +class ApcMS6(object): + # Master Switch with 6.x firmware + status_oid = '.1.3.6.1.4.1.318.1.1.4.4.2.1.3.%d' + control_oid = '.1.3.6.1.4.1.318.1.1.12.3.3.1.1.4.%d' + outlet_table_oid = '1.3.6.1.4.1.318.1.1.4.4.2.1.4' + ident_str = "APC Master Switch with firmware v6.x" + state_on = 1 + state_off = 2 + turn_on = 1 + turn_off = 2 + has_switches = False + ### FUNCTIONS ### def apc_set_device(conn): global device @@ -94,6 +106,7 @@ def apc_set_device(conn): agents_dir = {'.1.3.6.1.4.1.318.1.3.4.5':ApcRPDU, '.1.3.6.1.4.1.318.1.3.4.4':ApcMSP, '.1.3.6.1.4.1.850.1':TripplitePDU, + '.1.3.6.1.4.1.318.1.3.4.6':ApcMS6, None:ApcMS} # First resolve type of APC -- 1.8.4.5 ++++++ 0004-fence_zvm-Add-support-for-on-and-status.patch ++++++ ++++ 799 lines (skipped) ++++++ 0005-fence_zvm-Add-current-XML-metadata-to-test-suite.patch ++++++ >From c19e51064fd01d9d033452943e3d2a8dc617174b Mon Sep 17 00:00:00 2001 From: Marek 'marx' Grac <mg...@redhat.com> Date: Wed, 27 Aug 2014 13:23:21 +0200 Subject: [PATCH 05/11] fence_zvm: Add current XML metadata to test suite --- tests/data/metadata/fence_zvmip.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/data/metadata/fence_zvmip.xml b/tests/data/metadata/fence_zvmip.xml index e28bc1c..5a737ca 100644 --- a/tests/data/metadata/fence_zvmip.xml +++ b/tests/data/metadata/fence_zvmip.xml @@ -40,6 +40,8 @@ </parameters> <actions> <action name="off" /> + <action name="on" /> <action name="metadata" /> + <action name="status" /> </actions> </resource-agent> -- 1.8.4.5 ++++++ 0006-build-Fix-automake-files-so-make-distcheck-works.patch ++++++ >From 3b3a7cf2d58fd863fef21553db5715c1dfab26a0 Mon Sep 17 00:00:00 2001 From: Marek 'marx' Grac <mg...@redhat.com> Date: Wed, 27 Aug 2014 15:18:01 +0200 Subject: [PATCH 06/11] [build] Fix automake files, so 'make distcheck' works --- Makefile.am | 2 +- fence/agents/Makefile.am | 3 +-- fence/agents/scsi/Makefile.am | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index e70dac5..5e2e22d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -15,7 +15,7 @@ noinst_HEADERS = make/copyright.cf ACLOCAL_AMFLAGS = -I m4 -SUBDIRS = fence doc +SUBDIRS = fence/agents/lib fence doc install-exec-local: $(INSTALL) -d $(DESTDIR)/$(LOGDIR) diff --git a/fence/agents/Makefile.am b/fence/agents/Makefile.am index c47f5d5..3b76b9a 100644 --- a/fence/agents/Makefile.am +++ b/fence/agents/Makefile.am @@ -1,4 +1,3 @@ MAINTAINERCLEANFILES = Makefile.in -SUBDIRS = lib \ - $(AGENTS_LIST) +SUBDIRS = $(AGENTS_LIST) diff --git a/fence/agents/scsi/Makefile.am b/fence/agents/scsi/Makefile.am index 5722e18..c113f06 100644 --- a/fence/agents/scsi/Makefile.am +++ b/fence/agents/scsi/Makefile.am @@ -20,4 +20,4 @@ include $(top_srcdir)/make/fenceman.mk include $(top_srcdir)/make/agentpycheck.mk clean-local: clean-man - rm -f $(TARGET) $(SYMTARGET) + rm -f $(TARGET) $(SYMTARGET) fence_scsi_check -- 1.8.4.5 ++++++ 0007-fencing-Add-new-options-ssl-secure-and-ssl-insecure.patch ++++++ >From 39df713492714f55e9d5bf578bece4cd9fc98fef Mon Sep 17 00:00:00 2001 From: Marek 'marx' Grac <mg...@redhat.com> Date: Mon, 1 Sep 2014 15:05:20 +0200 Subject: [PATCH 07/11] fencing: Add new options --ssl-secure and --ssl-insecure These new options extends current --ssl (same as --ssl-secure). Until now certificate of the fence device was not validated what can possibly lead to attack on infrastructe. With this patch, user can decide if certificate should (--ssl-secure) or should not (--ssl-insecure) be verified. The default option is to validate certificate. Resolves: rhbz#1072564 --- fence/agents/cisco_ucs/fence_cisco_ucs.py | 9 ++++++-- fence/agents/lib/fencing.py.py | 28 ++++++++++++++++++++--- fence/agents/rhevm/fence_rhevm.py | 9 ++++++-- fence/agents/vmware_soap/fence_vmware_soap.py | 33 +++++++++++++++++++++++---- 4 files changed, 68 insertions(+), 11 deletions(-) diff --git a/fence/agents/cisco_ucs/fence_cisco_ucs.py b/fence/agents/cisco_ucs/fence_cisco_ucs.py index f72e696..888d689 100644 --- a/fence/agents/cisco_ucs/fence_cisco_ucs.py +++ b/fence/agents/cisco_ucs/fence_cisco_ucs.py @@ -90,8 +90,13 @@ def send_command(opt, command, timeout): conn.setopt(pycurl.POSTFIELDS, command) conn.setopt(pycurl.WRITEFUNCTION, web_buffer.write) conn.setopt(pycurl.TIMEOUT, timeout) - conn.setopt(pycurl.SSL_VERIFYPEER, 0) - conn.setopt(pycurl.SSL_VERIFYHOST, 0) + if opt.has_key("--ssl") or opt.has_key("--ssl-secure"): + conn.setopt(pycurl.SSL_VERIFYPEER, 1) + conn.setopt(pycurl.SSL_VERIFYHOST, 2) + + if opt.has_key("--ssl-insecure"): + conn.setopt(pycurl.SSL_VERIFYPEER, 0) + conn.setopt(pycurl.SSL_VERIFYHOST, 0) conn.perform() result = web_buffer.getvalue() diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py index 4520ea8..7d1d28e 100644 --- a/fence/agents/lib/fencing.py.py +++ b/fence/agents/lib/fencing.py.py @@ -179,6 +179,21 @@ all_opt = { "required" : "0", "shortdesc" : "SSL connection", "order" : 1}, + "ssl_insecure" : { + "getopt" : "9", + "longopt" : "ssl-insecure", + "help" : "--ssl-insecure Use ssl connection without verifying certificate", + "required" : "0", + "shortdesc" : "SSL connection without verifying fence device's certificate", + "order" : 1}, + "ssl_secure" : { + "getopt" : "9", + "longopt" : "ssl-secure", + "help" : "--ssl-secure Use ssl connection with verifying certificate", + "required" : "0", + "shortdesc" : "SSL connection with verifying fence device's certificate", + "order" : 1}, + "notls" : { "getopt" : "t", "longopt" : "notls", @@ -385,6 +400,7 @@ DEPENDENCY_OPT = { "secure" : ["identity_file", "ssh_options"], "ipaddr" : ["ipport", "inet4_only", "inet6_only"], "port" : ["separator"], + "ssl" : ["ssl_secure", "ssl_insecure"], "community" : ["snmp_auth_prot", "snmp_sec_level", "snmp_priv_prot", \ "snmp_priv_passwd", "snmp_priv_passwd_script"] } @@ -663,7 +679,7 @@ def check_input(device_opt, opt): elif options.has_key("--ssh") or (all_opt["secure"].has_key("default") and all_opt["secure"]["default"] == '1'): all_opt["ipport"]["default"] = 22 all_opt["ipport"]["help"] = "-u, --ipport=[port] TCP/UDP port to use (default 22)" - elif options.has_key("--ssl") or (all_opt["ssl"].has_key("default") and all_opt["ssl"]["default"] == '1'): + elif options.has_key("--ssl") or options.has_key("--ssl-secure") or options.has_key("--ssl-insecure") or (all_opt["ssl"].has_key("default") and all_opt["ssl"]["default"] == '1'): all_opt["ipport"]["default"] = 443 all_opt["ipport"]["help"] = "-u, --ipport=[port] TCP/UDP port to use (default 443)" elif device_opt.count("web"): @@ -970,11 +986,17 @@ def fence_login(options, re_login_string=r"(login\s*: )|(Login Name: )|(usernam if options.has_key("--ssl"): gnutls_opts = "" + ssl_opts = "" + if options.has_key("--notls"): gnutls_opts = "--priority \"NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+VERS-SSL3.0\"" - command = '%s %s --insecure --crlf -p %s %s' % \ - (SSL_PATH, gnutls_opts, options["--ipport"], options["--ip"]) + # --ssl is same as the --ssl-secure + if options.has_key("--ssl-insecure"): + ssl_opts = "--insecure" + + command = '%s %s %s --insecure --crlf -p %s %s' % \ + (SSL_PATH, gnutls_opts, ssl_opts, options["--ipport"], options["--ip"]) try: conn = fspawn(options, command) except pexpect.ExceptionPexpect, ex: diff --git a/fence/agents/rhevm/fence_rhevm.py b/fence/agents/rhevm/fence_rhevm.py index a0d8d59..444fb56 100644 --- a/fence/agents/rhevm/fence_rhevm.py +++ b/fence/agents/rhevm/fence_rhevm.py @@ -91,8 +91,13 @@ def send_command(opt, command, method="GET"): conn.setopt(pycurl.HTTPAUTH, pycurl.HTTPAUTH_BASIC) conn.setopt(pycurl.USERPWD, opt["--username"] + ":" + opt["--password"]) conn.setopt(pycurl.TIMEOUT, int(opt["--shell-timeout"])) - conn.setopt(pycurl.SSL_VERIFYPEER, 0) - conn.setopt(pycurl.SSL_VERIFYHOST, 0) + if opt.has_key("--ssl") or opt.has_key("--ssl-secure"): + conn.setopt(pycurl.SSL_VERIFYPEER, 1) + conn.setopt(pycurl.SSL_VERIFYHOST, 2) + + if opt.has_key("--ssl-insecure"): + conn.setopt(pycurl.SSL_VERIFYPEER, 0) + conn.setopt(pycurl.SSL_VERIFYHOST, 0) if method == "POST": conn.setopt(pycurl.POSTFIELDS, "<action />") diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py index 53fd9ea..3217c6b 100644 --- a/fence/agents/vmware_soap/fence_vmware_soap.py +++ b/fence/agents/vmware_soap/fence_vmware_soap.py @@ -2,12 +2,14 @@ import sys import shutil, tempfile, suds -import logging +import logging, requests import atexit sys.path.append("@FENCEAGENTSLIBDIR@") from suds.client import Client from suds.sudsobject import Property +from suds.transport.http import HttpAuthenticated +from suds.transport import Reply, TransportError from fencing import * from fencing import fail, EC_STATUS, EC_LOGIN_DENIED, EC_INVALID_PRIVILEGES, EC_WAITING_ON, EC_WAITING_OFF from fencing import run_delay @@ -18,12 +20,31 @@ REDHAT_COPYRIGHT="" BUILD_DATE="April, 2011" #END_VERSION_GENERATION +class RequestsTransport(HttpAuthenticated): + def __init__(self, **kwargs): + self.cert = kwargs.pop('cert', None) + self.verify = kwargs.pop('verify', True) + self.session = requests.Session() + # super won't work because not using new style class + HttpAuthenticated.__init__(self, **kwargs) + + def send(self, request): + self.addcredentials(request) + resp = self.session.post(request.url, data = request.message, headers = request.headers, cert = self.cert, verify = self.verify) + result = Reply(resp.status_code, resp.headers, resp.content) + return result + def soap_login(options): run_delay(options) - if options.has_key("--ssl"): + if options.has_key("--ssl") or options.has_key("--ssl-secure") or options.has_key("--ssl-insecure"): + if options.has_key("--ssl-insecure"): + verify = False + else: + verify = True url = "https://"; else: + verify = False url = "http://"; url += options["--ip"] + ":" + str(options["--ipport"]) + "/sdk" @@ -33,8 +54,8 @@ def soap_login(options): atexit.register(remove_tmp_dir, tmp_dir) try: - conn = Client(url + "/vimService.wsdl") - conn.set_options(location=url) + headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : ""} + conn = Client(url + "/vimService.wsdl", location = url, transport = RequestsTransport(verify = verify), headers = headers) mo_ServiceInstance = Property('ServiceInstance') mo_ServiceInstance._type = 'ServiceInstance' @@ -43,6 +64,8 @@ def soap_login(options): mo_SessionManager._type = 'SessionManager' conn.service.Login(mo_SessionManager, options["--username"], options["--password"]) + except requests.exceptions.SSLError, ex: + fail_usage("Server side certificate verification failed") except Exception: fail(EC_LOGIN_DENIED) @@ -205,6 +228,8 @@ Alternatively you can always use UUID to access virtual machine." logging.basicConfig(level=logging.INFO) logging.getLogger('suds.client').setLevel(logging.CRITICAL) + logging.getLogger("requests").setLevel(logging.CRITICAL) + logging.getLogger("urllib3").setLevel(logging.CRITICAL) ## ## Operate the fencing device -- 1.8.4.5 ++++++ 0008-tests-Update-XML-metadata-of-fence-agents.patch ++++++ >From 667bd9c6755e4211d42a7f03e3f28f035921cf76 Mon Sep 17 00:00:00 2001 From: Marek 'marx' Grac <mg...@redhat.com> Date: Mon, 1 Sep 2014 16:37:50 +0200 Subject: [PATCH 08/11] [tests] Update XML metadata of fence agents added --ssl-secure, --ssl-insecure --- tests/data/metadata/fence_cisco_ucs.xml | 10 ++++++++++ tests/data/metadata/fence_docker.xml | 10 ++++++++++ tests/data/metadata/fence_ilo.xml | 10 ++++++++++ tests/data/metadata/fence_ilo2.xml | 10 ++++++++++ tests/data/metadata/fence_rhevm.xml | 10 ++++++++++ tests/data/metadata/fence_vmware_soap.xml | 10 ++++++++++ 6 files changed, 60 insertions(+) diff --git a/tests/data/metadata/fence_cisco_ucs.xml b/tests/data/metadata/fence_cisco_ucs.xml index 30a3cb4..75e45ce 100644 --- a/tests/data/metadata/fence_cisco_ucs.xml +++ b/tests/data/metadata/fence_cisco_ucs.xml @@ -13,6 +13,11 @@ <content type="boolean" /> <shortdesc lang="en">Disable TLS negotiation</shortdesc> </parameter> + <parameter name="ssl_secure" unique="0" required="0"> + <getopt mixed="--ssl-secure" /> + <content type="boolean" /> + <shortdesc lang="en">SSL connection with verifying fence device's certificate</shortdesc> + </parameter> <parameter name="port" unique="0" required="1"> <getopt mixed="-n, --plug=[id]" /> <content type="string" /> @@ -53,6 +58,11 @@ <content type="string" /> <shortdesc lang="en">Additional path needed to access suborganization</shortdesc> </parameter> + <parameter name="ssl_insecure" unique="0" required="0"> + <getopt mixed="--ssl-insecure" /> + <content type="boolean" /> + <shortdesc lang="en">SSL connection without verifying fence device's certificate</shortdesc> + </parameter> <parameter name="action" unique="0" required="1"> <getopt mixed="-o, --action=[action]" /> <content type="string" default="reboot" /> diff --git a/tests/data/metadata/fence_docker.xml b/tests/data/metadata/fence_docker.xml index bda31d01..d100b8c 100644 --- a/tests/data/metadata/fence_docker.xml +++ b/tests/data/metadata/fence_docker.xml @@ -8,6 +8,11 @@ <content type="string" default="80" /> <shortdesc lang="en">TCP/UDP port to use for connection with device</shortdesc> </parameter> + <parameter name="ssl_secure" unique="0" required="0"> + <getopt mixed="--ssl-secure" /> + <content type="boolean" /> + <shortdesc lang="en">SSL connection with verifying fence device's certificate</shortdesc> + </parameter> <parameter name="port" unique="0" required="1"> <getopt mixed="-n, --plug=[id]" /> <content type="string" /> @@ -41,6 +46,11 @@ <content type="boolean" /> <shortdesc lang="en">SSL connection</shortdesc> </parameter> + <parameter name="ssl_insecure" unique="0" required="0"> + <getopt mixed="--ssl-insecure" /> + <content type="boolean" /> + <shortdesc lang="en">SSL connection without verifying fence device's certificate</shortdesc> + </parameter> <parameter name="action" unique="0" required="1"> <getopt mixed="-o, --action=[action]" /> <content type="string" default="reboot" /> diff --git a/tests/data/metadata/fence_ilo.xml b/tests/data/metadata/fence_ilo.xml index eb8951c..25d9d54 100644 --- a/tests/data/metadata/fence_ilo.xml +++ b/tests/data/metadata/fence_ilo.xml @@ -19,6 +19,11 @@ <content type="string" /> <shortdesc lang="en">Force ribcl version to use</shortdesc> </parameter> + <parameter name="ssl_secure" unique="0" required="0"> + <getopt mixed="--ssl-secure" /> + <content type="boolean" /> + <shortdesc lang="en">SSL connection with verifying fence device's certificate</shortdesc> + </parameter> <parameter name="action" unique="0" required="1"> <getopt mixed="-o, --action=[action]" /> <content type="string" default="reboot" /> @@ -54,6 +59,11 @@ <content type="boolean" default="1" /> <shortdesc lang="en">SSL connection</shortdesc> </parameter> + <parameter name="ssl_insecure" unique="0" required="0"> + <getopt mixed="--ssl-insecure" /> + <content type="boolean" /> + <shortdesc lang="en">SSL connection without verifying fence device's certificate</shortdesc> + </parameter> <parameter name="login" unique="0" required="1"> <getopt mixed="-l, --username=[name]" /> <content type="string" /> diff --git a/tests/data/metadata/fence_ilo2.xml b/tests/data/metadata/fence_ilo2.xml index 4d65808..47e8e28 100644 --- a/tests/data/metadata/fence_ilo2.xml +++ b/tests/data/metadata/fence_ilo2.xml @@ -19,6 +19,11 @@ <content type="string" /> <shortdesc lang="en">Force ribcl version to use</shortdesc> </parameter> + <parameter name="ssl_secure" unique="0" required="0"> + <getopt mixed="--ssl-secure" /> + <content type="boolean" /> + <shortdesc lang="en">SSL connection with verifying fence device's certificate</shortdesc> + </parameter> <parameter name="action" unique="0" required="1"> <getopt mixed="-o, --action=[action]" /> <content type="string" default="reboot" /> @@ -54,6 +59,11 @@ <content type="boolean" default="1" /> <shortdesc lang="en">SSL connection</shortdesc> </parameter> + <parameter name="ssl_insecure" unique="0" required="0"> + <getopt mixed="--ssl-insecure" /> + <content type="boolean" /> + <shortdesc lang="en">SSL connection without verifying fence device's certificate</shortdesc> + </parameter> <parameter name="login" unique="0" required="1"> <getopt mixed="-l, --username=[name]" /> <content type="string" /> diff --git a/tests/data/metadata/fence_rhevm.xml b/tests/data/metadata/fence_rhevm.xml index a47f025..c9d6eeb 100644 --- a/tests/data/metadata/fence_rhevm.xml +++ b/tests/data/metadata/fence_rhevm.xml @@ -13,6 +13,11 @@ <content type="boolean" /> <shortdesc lang="en">Disable TLS negotiation</shortdesc> </parameter> + <parameter name="ssl_secure" unique="0" required="0"> + <getopt mixed="--ssl-secure" /> + <content type="boolean" /> + <shortdesc lang="en">SSL connection with verifying fence device's certificate</shortdesc> + </parameter> <parameter name="port" unique="0" required="1"> <getopt mixed="-n, --plug=[id]" /> <content type="string" /> @@ -48,6 +53,11 @@ <content type="boolean" /> <shortdesc lang="en">SSL connection</shortdesc> </parameter> + <parameter name="ssl_insecure" unique="0" required="0"> + <getopt mixed="--ssl-insecure" /> + <content type="boolean" /> + <shortdesc lang="en">SSL connection without verifying fence device's certificate</shortdesc> + </parameter> <parameter name="action" unique="0" required="1"> <getopt mixed="-o, --action=[action]" /> <content type="string" default="reboot" /> diff --git a/tests/data/metadata/fence_vmware_soap.xml b/tests/data/metadata/fence_vmware_soap.xml index 97d8fc6..d0a465f 100644 --- a/tests/data/metadata/fence_vmware_soap.xml +++ b/tests/data/metadata/fence_vmware_soap.xml @@ -15,6 +15,11 @@ Name of virtual machine (-n / port) has to be used in inventory path format (e.g <content type="boolean" /> <shortdesc lang="en">Disable TLS negotiation</shortdesc> </parameter> + <parameter name="ssl_secure" unique="0" required="0"> + <getopt mixed="--ssl-secure" /> + <content type="boolean" /> + <shortdesc lang="en">SSL connection with verifying fence device's certificate</shortdesc> + </parameter> <parameter name="port" unique="0" required="1"> <getopt mixed="-n, --plug=[id]" /> <content type="string" /> @@ -50,6 +55,11 @@ Name of virtual machine (-n / port) has to be used in inventory path format (e.g <content type="boolean" /> <shortdesc lang="en">SSL connection</shortdesc> </parameter> + <parameter name="ssl_insecure" unique="0" required="0"> + <getopt mixed="--ssl-insecure" /> + <content type="boolean" /> + <shortdesc lang="en">SSL connection without verifying fence device's certificate</shortdesc> + </parameter> <parameter name="action" unique="0" required="1"> <getopt mixed="-o, --action=[action]" /> <content type="string" default="reboot" /> -- 1.8.4.5 ++++++ 0009-fence_cisco_ucs-fence_vmware_soap-Logout-has-to-be-p.patch ++++++ >From 65ae2524836e5ba5252fdc800e6276f80fdfac57 Mon Sep 17 00:00:00 2001 From: Marek 'marx' Grac <mg...@redhat.com> Date: Mon, 8 Sep 2014 15:10:05 +0200 Subject: [PATCH 09/11] fence_cisco_ucs & fence_vmware_soap: Logout has to be performed even when fencing fails Previously, logout was not performed in the case when fence agent was aborted e.g. timeout. What could lead to a situation when connections were not closed correctly. In the extreme case, it was not possible to log into device at all Resolves: rhbz#1111599 --- fence/agents/cisco_ucs/fence_cisco_ucs.py | 35 +++++++++++++++++---------- fence/agents/vmware_soap/fence_vmware_soap.py | 29 +++++++++++++--------- 2 files changed, 39 insertions(+), 25 deletions(-) diff --git a/fence/agents/cisco_ucs/fence_cisco_ucs.py b/fence/agents/cisco_ucs/fence_cisco_ucs.py index 888d689..f411433 100644 --- a/fence/agents/cisco_ucs/fence_cisco_ucs.py +++ b/fence/agents/cisco_ucs/fence_cisco_ucs.py @@ -19,6 +19,8 @@ RE_STATUS = re.compile("<lsPower .*? state=\"(.*?)\"", re.IGNORECASE) RE_GET_DN = re.compile(" dn=\"(.*?)\"", re.IGNORECASE) RE_GET_DESC = re.compile(" descr=\"(.*?)\"", re.IGNORECASE) +options_global = None + def get_power_status(conn, options): del conn @@ -115,27 +117,37 @@ def define_new_opts(): "default" : "", "order" : 1} +def logout(): + ### Logout; we do not care about result as we will end in any case + try: + send_command(options_global, "<aaaLogout inCookie=\"" + options_global["cookie"] + "\" />", + int(options_global["--shell-timeout"])) + except Exception: + pass + def main(): + global options_global device_opt = ["ipaddr", "login", "passwd", "ssl", "notls", "port", "web", "suborg"] atexit.register(atexit_handler) + atexit.register(logout) define_new_opts() - options = check_input(device_opt, process_input(device_opt)) + options_global = check_input(device_opt, process_input(device_opt)) docs = {} docs["shortdesc"] = "Fence agent for Cisco UCS" docs["longdesc"] = "fence_cisco_ucs is an I/O Fencing agent which can be \ used with Cisco UCS to fence machines." docs["vendorurl"] = "http://www.cisco.com"; - show_docs(options, docs) + show_docs(options_global, docs) - run_delay(options) + run_delay(options_global) ### Login try: - res = send_command(options, "<aaaLogin inName=\"" + options["--username"] + - "\" inPassword=\"" + options["--password"] + "\" />", int(options["--login-timeout"])) + res = send_command(options_global, "<aaaLogin inName=\"" + options_global["--username"] + + "\" inPassword=\"" + options_global["--password"] + "\" />", int(options_global["--login-timeout"])) result = RE_COOKIE.search(res) if result == None: ## Cookie is absenting in response @@ -143,22 +155,19 @@ used with Cisco UCS to fence machines." except Exception: fail(EC_LOGIN_DENIED) - options["cookie"] = result.group(1) + options_global["cookie"] = result.group(1) ## ## Modify suborg to format /suborg - if options["--suborg"] != "": - options["--suborg"] = "/" + options["--suborg"].lstrip("/").rstrip("/") + if options_global["--suborg"] != "": + options_global["--suborg"] = "/" + options_global["--suborg"].lstrip("/").rstrip("/") ## ## Fence operations #### - result = fence_action(None, options, set_power_status, get_power_status, get_list) - - ### Logout; we do not care about result as we will end in any case - send_command(options, "<aaaLogout inCookie=\"" + options["cookie"] + "\" />", - int(options["--shell-timeout"])) + result = fence_action(None, options_global, set_power_status, get_power_status, get_list) + ## Logout is done every time at atexit phase sys.exit(result) if __name__ == "__main__": diff --git a/fence/agents/vmware_soap/fence_vmware_soap.py b/fence/agents/vmware_soap/fence_vmware_soap.py index 3217c6b..2cea105 100644 --- a/fence/agents/vmware_soap/fence_vmware_soap.py +++ b/fence/agents/vmware_soap/fence_vmware_soap.py @@ -20,6 +20,9 @@ REDHAT_COPYRIGHT="" BUILD_DATE="April, 2011" #END_VERSION_GENERATION +options_global = None +conn_global = None + class RequestsTransport(HttpAuthenticated): def __init__(self, **kwargs): self.cert = kwargs.pop('cert', None) @@ -203,12 +206,21 @@ def set_power_status(conn, options): def remove_tmp_dir(tmp_dir): shutil.rmtree(tmp_dir) +def logout(): + try: + conn_global.service.Logout(options_global["mo_SessionManager"]) + except Exception: + pass + def main(): + global options_global + global conn_global device_opt = ["ipaddr", "login", "passwd", "web", "ssl", "notls", "port"] atexit.register(atexit_handler) + atexit.register(logout) - options = check_input(device_opt, process_input(device_opt)) + options_global = check_input(device_opt, process_input(device_opt)) ## ## Fence agent specific defaults @@ -224,7 +236,7 @@ format (e.g. /datacenter/vm/Discovered virtual machine/myMachine). \ In the cases when name of yours VM is unique you can use it instead. \ Alternatively you can always use UUID to access virtual machine." docs["vendorurl"] = "http://www.vmware.com"; - show_docs(options, docs) + show_docs(options_global, docs) logging.basicConfig(level=logging.INFO) logging.getLogger('suds.client').setLevel(logging.CRITICAL) @@ -234,18 +246,11 @@ Alternatively you can always use UUID to access virtual machine." ## ## Operate the fencing device #### - conn = soap_login(options) + conn_global = soap_login(options_global) - result = fence_action(conn, options, set_power_status, get_power_status, get_power_status) - - ## - ## Logout from system - ##### - try: - conn.service.Logout(options["mo_SessionManager"]) - except Exception: - pass + result = fence_action(conn_global, options_global, set_power_status, get_power_status, get_power_status) + ## Logout from system is done automatically via atexit() sys.exit(result) if __name__ == "__main__": -- 1.8.4.5 ++++++ 0010-fence_zvm-Fixes-for-better-upstream-inclusion.patch ++++++ >From 0595f0fd88f395041059b85b37ba846e766a5ed3 Mon Sep 17 00:00:00 2001 From: Marek 'marx' Grac <mg...@redhat.com> Date: Fri, 12 Sep 2014 21:02:59 +0200 Subject: [PATCH 10/11] fence_zvm: Fixes for better upstream inclusion --- fence/agents/zvm/Makefile.am | 7 +++++++ fence/agents/zvm/fence_zvm.c | 1 + fence/agents/zvm/fence_zvmip.c | 1 + 3 files changed, 9 insertions(+) diff --git a/fence/agents/zvm/Makefile.am b/fence/agents/zvm/Makefile.am index 2439985..62eb862 100644 --- a/fence/agents/zvm/Makefile.am +++ b/fence/agents/zvm/Makefile.am @@ -1,5 +1,7 @@ MAINTAINERCLEANFILES = Makefile.in +TARGET = fence_zvmip + sbin_PROGRAMS = fence_zvm fence_zvmip noinst_HEADERS = fence_zvm.h @@ -12,6 +14,11 @@ fence_zvmip_CFLAGS = -D_GNU_SOURCE dist_man_MANS = fence_zvm.8 fence_zvmip.8 +#include $(top_srcdir)/make/fencemanc.mk + +clean-local: + rm -f $(sbin_PROGRAMS) + FENCE_TEST_ARGS = -n test -a test -p test -u test include $(top_srcdir)/make/agentccheck.mk diff --git a/fence/agents/zvm/fence_zvm.c b/fence/agents/zvm/fence_zvm.c index 2ec4be9..e5a7c2b 100644 --- a/fence/agents/zvm/fence_zvm.c +++ b/fence/agents/zvm/fence_zvm.c @@ -599,6 +599,7 @@ zvm_metadata() fprintf (stdout, "<longdesc>"); fprintf (stdout, "The fence_zvm agent is intended to be used with with z/VM SMAPI service."); fprintf (stdout, "</longdesc>\n"); + fprintf (stdout, "<vendor-url>http://www.ibm.com</vendor-url>\n"); fprintf (stdout, "<parameters>\n"); diff --git a/fence/agents/zvm/fence_zvmip.c b/fence/agents/zvm/fence_zvmip.c index 94c9e2e..3342bc6 100644 --- a/fence/agents/zvm/fence_zvmip.c +++ b/fence/agents/zvm/fence_zvmip.c @@ -804,6 +804,7 @@ zvm_metadata() fprintf (stdout, "<longdesc>"); fprintf (stdout, "The fence_zvm agent is intended to be used with with z/VM SMAPI service via TCP/IP"); fprintf (stdout, "</longdesc>\n"); + fprintf (stdout, "<vendor-url>http://www.ibm.com</vendor-url>\n"); fprintf (stdout, "<parameters>\n"); -- 1.8.4.5 ++++++ 0011-fence_zvm-Add-support-for-on-improve-documentation.patch ++++++ >From 5d8e167cb54051ff95fcc8ac3e87d2c63209748a Mon Sep 17 00:00:00 2001 From: Marek 'marx' Grac <mg...@redhat.com> Date: Mon, 15 Sep 2014 15:05:25 +0200 Subject: [PATCH 11/11] fence_zvm: Add support for 'on', improve documentation Author: Neale Ferguson --- fence/agents/zvm/fence_zvm.8 | 2 +- fence/agents/zvm/fence_zvm.c | 38 +++++++++++++++++++++----------------- fence/agents/zvm/fence_zvmip.8 | 2 +- fence/agents/zvm/fence_zvmip.c | 38 +++++++++++++++++++++----------------- 4 files changed, 44 insertions(+), 36 deletions(-) diff --git a/fence/agents/zvm/fence_zvm.8 b/fence/agents/zvm/fence_zvm.8 index 359436e..8c0d35a 100644 --- a/fence/agents/zvm/fence_zvm.8 +++ b/fence/agents/zvm/fence_zvm.8 @@ -52,7 +52,7 @@ forcibly terminated. Currently, this option is ignored. This option is used by fence_node(8) and is ignored by fence_zvm. .TP \fIaction = < action >\fP -Fencing action: "off" - fence off device; "metadata" - display device metadata; "status" - state of device +Fencing action: "off" - deactivate virtual machine; "on" - activate virtual machine; "metadata" - display device metadata" - describe fence agent parameters; "status" - state of virtual machine .TP \fIport = < target >\fP Name of virtual machine to recycle. diff --git a/fence/agents/zvm/fence_zvm.c b/fence/agents/zvm/fence_zvm.c index e5a7c2b..524e21e 100644 --- a/fence/agents/zvm/fence_zvm.c +++ b/fence/agents/zvm/fence_zvm.c @@ -699,15 +699,15 @@ get_options_stdin (zvm_driver_t *zvm) if (!strcasecmp (opt, "action")) { if (strcasecmp(arg, "off") == 0) { - fence = 0; + fence = 1; } else if (strcasecmp(arg, "on") == 0) { - fence = 1; + fence = 2; } else if (strcasecmp(arg, "metadata") == 0) { - fence = 2; + fence = 3; } else if (strcasecmp(arg, "status") == 0) { - fence = 3; - } else { fence = 4; + } else { + fence = 5; } } else if (!strcasecmp (opt, "ipaddr")) { lSrvName = MIN(strlen(arg), sizeof(zvm->smapiSrv)); @@ -738,7 +738,7 @@ get_options_stdin (zvm_driver_t *zvm) zvm->delay = DEFAULT_DELAY; } } else if (!strcasecmp (opt, "help")) { - fence = 4; + fence = 5; } } return(fence); @@ -769,15 +769,15 @@ get_options(int argc, char **argv, zvm_driver_t *zvm) break; case 'o' : if (strcasecmp(optarg, "off") == 0) { - fence = 0; + fence = 1; } else if (strcasecmp(optarg, "on") == 0) { - fence = 1; + fence = 2; } else if (strcasecmp(optarg, "metadata") == 0) { - fence = 2; + fence = 3; } else if (strcasecmp(optarg, "status") == 0) { - fence = 3; - } else { fence = 4; + } else { + fence = 5; } break; case 'a' : @@ -807,7 +807,7 @@ get_options(int argc, char **argv, zvm_driver_t *zvm) memcpy(zvm->node, optarg, lSrvNode); break; default : - fence = 4; + fence = 5; } } return(fence); @@ -874,22 +874,26 @@ main(int argc, char **argv) fence = get_options_stdin(&zvm); switch(fence) { - case 0 : // OFF + case 0 : // OFFON + if ((rc = check_parm(&zvm)) == 0) + rc = zvm_smapi_imageRecycle(&zvm); + break; + case 1 : // OFF if ((rc = check_parm(&zvm)) == 0) rc = zvm_smapi_imageDeactivate(&zvm); break; - case 1 : // ON + case 2 : // ON if ((rc = check_parm(&zvm)) == 0) rc = zvm_smapi_imageActivate(&zvm); break; - case 2 : // METADATA + case 3 : // METADATA rc = zvm_metadata(); break; - case 3 : // STATUS + case 4 : // STATUS if ((rc = check_parm(&zvm)) == 0) rc = zvm_smapi_imageQuery(&zvm); break; - case 4 : + case 5 : rc = usage(); } closelog(); diff --git a/fence/agents/zvm/fence_zvmip.8 b/fence/agents/zvm/fence_zvmip.8 index 8217d61..6b01425 100644 --- a/fence/agents/zvm/fence_zvmip.8 +++ b/fence/agents/zvm/fence_zvmip.8 @@ -55,7 +55,7 @@ Display usage information This option is used by fence_node(8) and is ignored by fence_zvmip. .TP \fIaction = < action >\fP -Fencing action: "off" - fence off device; "metadata" - display device metadata; "status" - state of device +Fencing action: "off" - deactivate virtual machine; "on" - activate virtual machine; "metadata" - display device metadata" - describe fence agent parameters; "status" - state of virtual machine .TP \fIplug = < plug >\fP Name of virtual machine to recycle. diff --git a/fence/agents/zvm/fence_zvmip.c b/fence/agents/zvm/fence_zvmip.c index 3342bc6..bd7c536 100644 --- a/fence/agents/zvm/fence_zvmip.c +++ b/fence/agents/zvm/fence_zvmip.c @@ -677,15 +677,15 @@ get_options_stdin (zvm_driver_t *zvm) if (!strcasecmp (opt, "action")) { if (strcasecmp(arg, "off") == 0) { - fence = 0; + fence = 1; } else if (strcasecmp(arg, "on") == 0) { - fence = 1; + fence = 2; } else if (strcasecmp(arg, "metadata") == 0) { - fence = 2; + fence = 3; } else if (strcasecmp(arg, "status") == 0) { - fence = 3; - } else { fence = 4; + } else { + fence = 5; } } else if (!strcasecmp (opt, "ipaddr")) { lSrvName = MIN(strlen(arg), sizeof(zvm->smapiSrv)-1); @@ -712,7 +712,7 @@ get_options_stdin (zvm_driver_t *zvm) zvm->timeOut = DEFAULT_TIMEOUT; } } else if (!strcasecmp (opt, "help")) { - fence = 2; + fence = 5; } } return(fence); @@ -746,15 +746,15 @@ get_options(int argc, char **argv, zvm_driver_t *zvm) break; case 'o' : if (strcasecmp(optarg, "off") == 0) { - fence = 0; + fence = 1; } else if (strcasecmp(optarg, "on") == 0) { - fence = 1; + fence = 2; } else if (strcasecmp(optarg, "metadata") == 0) { - fence = 2; + fence = 3; } else if (strcasecmp(optarg, "status") == 0) { - fence = 3; - } else { fence = 4; + } else { + fence = 5; } break; case 'p' : @@ -784,7 +784,7 @@ get_options(int argc, char **argv, zvm_driver_t *zvm) } break; default : - fence = 4; + fence = 5; } } return(fence); @@ -944,22 +944,26 @@ main(int argc, char **argv) fence = get_options_stdin(&zvm); switch(fence) { - case 0 : // OFF + case 0 : // OFFON + if ((rc = check_parm(&zvm)) == 0) + rc = zvm_smapi_imageRecycle(&zvm); + break; + case 1 : // OFF if ((rc = check_parm(&zvm)) == 0) rc = zvm_smapi_imageDeactivate(&zvm); break; - case 1 : // ON + case 2 : // ON if ((rc = check_parm(&zvm)) == 0) rc = zvm_smapi_imageActivate(&zvm); break; - case 2 : // METADATA + case 3 : // METADATA rc = zvm_metadata(); break; - case 3 : // STATUS + case 4 : // STATUS if ((rc = check_parm(&zvm)) == 0) rc = zvm_smapi_imageQuery(&zvm); break; - case 4 : + case 5 : rc = usage(); } closelog(); -- 1.8.4.5 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
