Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package resource-agents for openSUSE:Factory
checked in at 2024-02-16 21:49:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/resource-agents (Old)
and /work/SRC/openSUSE:Factory/.resource-agents.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "resource-agents"
Fri Feb 16 21:49:18 2024 rev:127 rq:1147065 version:4.13.0+git23.fa8a56f6
Changes:
--------
--- /work/SRC/openSUSE:Factory/resource-agents/resource-agents.changes
2024-02-12 18:54:02.910488641 +0100
+++
/work/SRC/openSUSE:Factory/.resource-agents.new.1815/resource-agents.changes
2024-02-16 21:49:36.777479247 +0100
@@ -1,0 +2,14 @@
+Fri Feb 16 10:20:11 UTC 2024 - [email protected]
+
+- Update to version 4.13.0+git23.fa8a56f6:
+ * Don't build with -ansi by default
+ * Filesystem: add reference to wait manpage to comment
+ * Avoid false positive for VG activation
+ * configure: fix "C preprocessor "gcc -E" fails sanity check" error caused
by autoconf 2.72
+ * Low: IPaddr2: Remove stray backslash
+ * storage_mon: use memset() to fix "uninitialized value" covscan error, as
qb_ipcc_recv() will always set a message (according to honzaf)
+ * findif: also check that netmaskbits != EOS
+ * storage_mon: fix file handler out of scope leak and uninitialized values
+ * aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type parameter and
AWS Policy based authentication type
+
+-------------------------------------------------------------------
Old:
----
resource-agents-4.13.0+git6.ae50f94f.tar.xz
New:
----
resource-agents-4.13.0+git23.fa8a56f6.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ resource-agents.spec ++++++
--- /var/tmp/diff_new_pack.OsQM5U/_old 2024-02-16 21:49:37.313498622 +0100
+++ /var/tmp/diff_new_pack.OsQM5U/_new 2024-02-16 21:49:37.313498622 +0100
@@ -17,7 +17,7 @@
Name: resource-agents
-Version: 4.13.0+git6.ae50f94f
+Version: 4.13.0+git23.fa8a56f6
Release: 0
Summary: HA Reusable Cluster Resource Scripts
License: GPL-2.0-only AND LGPL-2.1-or-later AND GPL-3.0-or-later
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.OsQM5U/_old 2024-02-16 21:49:37.369500646 +0100
+++ /var/tmp/diff_new_pack.OsQM5U/_new 2024-02-16 21:49:37.373500790 +0100
@@ -1,7 +1,7 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/ClusterLabs/resource-agents.git</param>
-<param name="changesrevision">ae50f94f405719cb5b6dd75f175f17399ef9d353</param>
+<param name="changesrevision">09560af2a5cb3db08fe428906c0af76bf09594f0</param>
</service>
</servicedata>
(No newline at EOF)
++++++ resource-agents-4.13.0+git6.ae50f94f.tar.xz ->
resource-agents-4.13.0+git23.fa8a56f6.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/resource-agents-4.13.0+git6.ae50f94f/configure.ac
new/resource-agents-4.13.0+git23.fa8a56f6/configure.ac
--- old/resource-agents-4.13.0+git6.ae50f94f/configure.ac 2023-11-02
10:19:53.000000000 +0100
+++ new/resource-agents-4.13.0+git23.fa8a56f6/configure.ac 2024-01-29
10:05:12.000000000 +0100
@@ -81,6 +81,7 @@
AC_PROG_CC dnl Can force other with environment variable "CC".
AM_PROG_CC_C_O
AC_PROG_CC_STDC
+AC_PROG_CPP
AC_PROG_AWK
AC_PROG_LN_S
AC_PROG_INSTALL
@@ -185,7 +186,7 @@
AC_ARG_ENABLE([ansi],
[ --enable-ansi force GCC to compile to ANSI/ANSI standard for older
compilers.
- [default=yes]])
+ [default=no]])
AC_ARG_ENABLE([fatal-warnings],
[ --enable-fatal-warnings very pedantic and fatal warnings for gcc
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/Filesystem
new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/Filesystem
--- old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/Filesystem
2023-11-02 10:19:53.000000000 +0100
+++ new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/Filesystem
2024-01-29 10:05:12.000000000 +0100
@@ -704,7 +704,7 @@
wait $pid
ret=$?
- # ret would be 127 + child exit code if the timeout expired
+ # ret would be 127 + child exit code if the timeout expired (see "man
wait" for more info)
[ $ret -lt 128 ] && kill -s KILL $killer
return $ret
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/IPaddr2
new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/IPaddr2
--- old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/IPaddr2 2023-11-02
10:19:53.000000000 +0100
+++ new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/IPaddr2 2024-01-29
10:05:12.000000000 +0100
@@ -624,7 +624,7 @@
# List interfaces but exclude FreeS/WAN ipsecN virtual interfaces
#
local iface="`$IP2UTIL -o -f $FAMILY addr show \
- | grep "\ $ipaddr/$netmask" \
+ | grep " $ipaddr/$netmask" \
| cut -d ' ' -f2 \
| grep -v '^ipsec[0-9][0-9]*$'`"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/LVM-activate
new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/LVM-activate
--- old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/LVM-activate
2023-11-02 10:19:53.000000000 +0100
+++ new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/LVM-activate
2024-01-29 10:05:12.000000000 +0100
@@ -448,6 +448,10 @@
{
# system_id_source is set in lvm.conf
source=$(lvmconfig 'global/system_id_source' 2>/dev/null | cut -d"="
-f2)
+
+ # Is volume_list set in lvm.conf
+ vol_list=$(lvmconfig 'activation/volume_list' 2>/dev/null | cut -d"="
-f2)
+
if [ "$source" = "" ] || [ "$source" = "none" ]; then
ocf_exit_reason "system_id_source in lvm.conf is not set
correctly!"
exit $OCF_ERR_ARGS
@@ -458,6 +462,11 @@
exit $OCF_ERR_ARGS
fi
+ if [ -n "$source" ] && [ -n "$vol_list" ]; then
+ ocf_exit_reason "Both system_id_source & volume_list cannot be
defined!"
+ exit $OCF_ERR_ARGS
+ fi
+
return $OCF_SUCCESS
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/aws-vpc-move-ip
new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/aws-vpc-move-ip
--- old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/aws-vpc-move-ip
2023-11-02 10:19:53.000000000 +0100
+++ new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/aws-vpc-move-ip
2024-01-29 10:05:12.000000000 +0100
@@ -36,6 +36,7 @@
# Defaults
OCF_RESKEY_awscli_default="/usr/bin/aws"
+OCF_RESKEY_auth_type_default="key"
OCF_RESKEY_profile_default="default"
OCF_RESKEY_region_default=""
OCF_RESKEY_ip_default=""
@@ -48,6 +49,7 @@
OCF_RESKEY_lookup_type_default="InstanceId"
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
: ${OCF_RESKEY_ip=${OCF_RESKEY_ip_default}}
@@ -58,8 +60,6 @@
: ${OCF_RESKEY_iflabel=${OCF_RESKEY_iflabel_default}}
: ${OCF_RESKEY_monapi=${OCF_RESKEY_monapi_default}}
: ${OCF_RESKEY_lookup_type=${OCF_RESKEY_lookup_type_default}}
-
-[ -n "$OCF_RESKEY_region" ] && region_opt="--region $OCF_RESKEY_region"
#######################################################################
@@ -83,6 +83,10 @@
<longdesc lang="en">
Resource Agent to move IP addresses within a VPC of the Amazon Webservices EC2
by changing an entry in an specific routing table
+
+Credentials needs to be setup by running "aws configure", or by using AWS
Policies.
+
+See https://aws.amazon.com/cli/ for more information about awscli.
</longdesc>
<shortdesc lang="en">Move IP within a VPC of the AWS EC2</shortdesc>
@@ -95,6 +99,15 @@
<content type="string" default="${OCF_RESKEY_awscli_default}" />
</parameter>
+<parameter name="auth_type">
+<longdesc lang="en">
+Authentication type "key" for AccessKey and SecretAccessKey set via "aws
configure",
+or "role" to use AWS Policies.
+</longdesc>
+<shortdesc lang="en">Authentication type</shortdesc>
+<content type="string" default="${OCF_RESKEY_auth_type_default}" />
+</parameter>
+
<parameter name="profile">
<longdesc lang="en">
Valid AWS CLI profile name (see ~/.aws/config and 'aws configure')
@@ -198,7 +211,7 @@
execute_cmd_as_role(){
cmd=$1
role=$2
- output="$($OCF_RESKEY_awscli sts assume-role --role-arn $role
--role-session-name AWSCLI-RouteTableUpdate --profile $OCF_RESKEY_profile
$region_opt --output=text)"
+ output="$($AWSCLI_CMD sts assume-role --role-arn $role
--role-session-name AWSCLI-RouteTableUpdate --output=text)"
export AWS_ACCESS_KEY_ID="$(echo $output | awk -F" " '$4=="CREDENTIALS"
{print $5}')"
export AWS_SECRET_ACCESS_KEY="$(echo $output | awk -F" "
'$4=="CREDENTIALS" {print $7}')"
export AWS_SESSION_TOKEN="$(echo $output | awk -F" " '$4=="CREDENTIALS"
{print $8}')"
@@ -220,11 +233,11 @@
}
ec2ip_validate() {
- for cmd in $OCF_RESKEY_awscli ip curl; do
+ for cmd in "$OCF_RESKEY_awscli" ip curl; do
check_binary "$cmd"
done
- if [ -z "$OCF_RESKEY_profile" ]; then
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z
"$OCF_RESKEY_profile" ]; then
ocf_exit_reason "profile parameter not set"
return $OCF_ERR_CONFIGURED
fi
@@ -262,7 +275,7 @@
for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/
/g'); do
ocf_log info "monitor: check routing table (API call) -
$rtb"
if [ -z "${OCF_RESKEY_routing_table_role}" ]; then
- cmd="$OCF_RESKEY_awscli --profile
$OCF_RESKEY_profile $region_opt --output text ec2 describe-route-tables
--route-table-ids $rtb --query
RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type"
+ cmd="$AWSCLI_CMD --output text ec2
describe-route-tables --route-table-ids $rtb --query
RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type"
ocf_log debug "executing command: $cmd"
ROUTE_TO_INSTANCE="$($cmd)"
else
@@ -368,7 +381,7 @@
EC2_NETWORK_INTERFACE_ID="$(ec2ip_get_instance_eni)"
for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do
if [ -z "${OCF_RESKEY_routing_table_role}" ]; then
- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile
$region_opt --output text ec2 replace-route --route-table-id $rtb
--destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id
$EC2_NETWORK_INTERFACE_ID"
+ cmd="$AWSCLI_CMD --output text ec2 replace-route
--route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32
--network-interface-id $EC2_NETWORK_INTERFACE_ID"
ocf_log debug "executing command: $cmd"
$cmd
else
@@ -475,6 +488,22 @@
exit $OCF_ERR_PERM
fi
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
+ if [ -z "${OCF_RESKEY_region}" ]; then
+ ocf_exit_reason "region needs to be set when using role-based
authentication"
+ exit $OCF_ERR_CONFIGURED
+ fi
+else
+ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}"
+ exit $OCF_ERR_CONFIGURED
+fi
+if [ -n "${OCF_RESKEY_region}" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
+fi
+
ec2ip_set_address_param_compat
ec2ip_validate
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/aws-vpc-route53.in
new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/aws-vpc-route53.in
--- old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/aws-vpc-route53.in
2023-11-02 10:19:53.000000000 +0100
+++ new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/aws-vpc-route53.in
2024-01-29 10:05:12.000000000 +0100
@@ -46,24 +46,22 @@
# Defaults
OCF_RESKEY_awscli_default="/usr/bin/aws"
+OCF_RESKEY_auth_type_default="key"
OCF_RESKEY_profile_default="default"
+OCF_RESKEY_region_default=""
OCF_RESKEY_hostedzoneid_default=""
OCF_RESKEY_fullname_default=""
OCF_RESKEY_ip_default="local"
OCF_RESKEY_ttl_default=10
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
+: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
: ${OCF_RESKEY_hostedzoneid:=${OCF_RESKEY_hostedzoneid_default}}
: ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}}
: ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}}
: ${OCF_RESKEY_ttl:=${OCF_RESKEY_ttl_default}}
-#######################################################################
-
-
-AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10"
-#######################################################################
-
usage() {
cat <<-EOT
@@ -123,6 +121,15 @@
<content type="string" default="${OCF_RESKEY_awscli_default}" />
</parameter>
+<parameter name="auth_type">
+<longdesc lang="en">
+Authentication type "key" for AccessKey and SecretAccessKey set via "aws
configure",
+or "role" to use AWS Policies.
+</longdesc>
+<shortdesc lang="en">Authentication type</shortdesc>
+<content type="string" default="${OCF_RESKEY_auth_type_default}" />
+</parameter>
+
<parameter name="profile">
<longdesc lang="en">
The name of the AWS CLI profile of the root account. This
@@ -196,7 +203,7 @@
# Check for required binaries
ocf_log debug "Checking for required binaries"
- for command in curl dig; do
+ for command in "${OCF_RESKEY_awscli}" curl dig; do
check_binary "$command"
done
@@ -216,7 +223,10 @@
esac
# profile
- [[ -z "$OCF_RESKEY_profile" ]] && ocf_log error "AWS CLI profile not
set $OCF_RESKEY_profile!" && exit $OCF_ERR_CONFIGURED
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z
"$OCF_RESKEY_profile" ]; then
+ ocf_exit_reason "profile parameter not set"
+ return $OCF_ERR_CONFIGURED
+ fi
# TTL
[[ -z "$OCF_RESKEY_ttl" ]] && ocf_log error "TTL not set
$OCF_RESKEY_ttl!" && exit $OCF_ERR_CONFIGURED
@@ -417,7 +427,6 @@
}
###############################################################################
-
case $__OCF_ACTION in
usage|help)
usage
@@ -427,6 +436,26 @@
metadata
exit $OCF_SUCCESS
;;
+esac
+
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
+ if [ -z "${OCF_RESKEY_region}" ]; then
+ ocf_exit_reason "region needs to be set when using role-based
authentication"
+ exit $OCF_ERR_CONFIGURED
+ fi
+else
+ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}"
+ exit $OCF_ERR_CONFIGURED
+fi
+if [ -n "${OCF_RESKEY_region}" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
+fi
+AWSCLI_CMD="$AWSCLI_CMD --cli-connect-timeout 10"
+
+case $__OCF_ACTION in
start)
r53_validate || exit $?
r53_start
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/awseip
new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/awseip
--- old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/awseip 2023-11-02
10:19:53.000000000 +0100
+++ new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/awseip 2024-01-29
10:05:12.000000000 +0100
@@ -23,7 +23,8 @@
#
# Prerequisites:
#
-# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey,
etc.)
+# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey,
etc.) or
+# (AWSRole) Setup up relevant AWS Policies to allow agent related functions
to be executed.
# - a reserved secondary private IP address for EC2 instances high
availability
# - IAM user role with the following permissions:
# * DescribeInstances
@@ -44,11 +45,15 @@
# Defaults
#
OCF_RESKEY_awscli_default="/usr/bin/aws"
+OCF_RESKEY_auth_type_default="key"
OCF_RESKEY_profile_default="default"
+OCF_RESKEY_region_default=""
OCF_RESKEY_api_delay_default="3"
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
+: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
: ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
meta_data() {
@@ -63,7 +68,7 @@
It manages AWS Elastic IP Addresses with awscli.
-Credentials needs to be setup by running "aws configure".
+Credentials needs to be setup by running "aws configure", or by using AWS
Policies.
See https://aws.amazon.com/cli/ for more information about awscli.
</longdesc>
@@ -79,6 +84,15 @@
<content type="string" default="${OCF_RESKEY_awscli_default}" />
</parameter>
+<parameter name="auth_type">
+<longdesc lang="en">
+Authentication type "key" for AccessKey and SecretAccessKey set via "aws
configure",
+or "role" to use AWS Policies.
+</longdesc>
+<shortdesc lang="en">Authentication type</shortdesc>
+<content type="string" default="${OCF_RESKEY_auth_type_default}" />
+</parameter>
+
<parameter name="profile">
<longdesc lang="en">
Valid AWS CLI profile name (see ~/.aws/config and 'aws configure')
@@ -111,6 +125,14 @@
<content type="string" default="" />
</parameter>
+<parameter name="region" required="0">
+<longdesc lang="en">
+Region for AWS resource (required for role-based authentication)
+</longdesc>
+<shortdesc lang="en">Region</shortdesc>
+<content type="string" default="${OCF_RESKEY_region_default}" />
+</parameter>
+
<parameter name="api_delay" unique="0">
<longdesc lang="en">
a short delay between API calls, to avoid sending API too quick
@@ -157,13 +179,13 @@
NETWORK_ID=$(curl -s
http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/interface-id
-H "X-aws-ec2-metadata-token: $TOKEN")
fi
done
- $AWSCLI --profile $OCF_RESKEY_profile ec2 associate-address \
+ $AWSCLI_CMD ec2 associate-address \
--network-interface-id ${NETWORK_ID} \
--allocation-id ${ALLOCATION_ID} \
--private-ip-address ${PRIVATE_IP_ADDRESS}
RET=$?
else
- $AWSCLI --profile $OCF_RESKEY_profile ec2 associate-address \
+ $AWSCLI_CMD ec2 associate-address \
--instance-id ${INSTANCE_ID} \
--allocation-id ${ALLOCATION_ID}
RET=$?
@@ -183,7 +205,7 @@
awseip_stop() {
awseip_monitor || return $OCF_SUCCESS
- ASSOCIATION_ID=$($AWSCLI --profile $OCF_RESKEY_profile --output json ec2
describe-addresses \
+ ASSOCIATION_ID=$($AWSCLI_CMD --output json ec2 describe-addresses \
--allocation-id ${ALLOCATION_ID} | grep -m 1
"AssociationId" | awk -F'"' '{print$4}')
if [ -z "${ASSOCIATION_ID}" ]; then
@@ -191,9 +213,7 @@
return $OCF_NOT_RUNNING
fi
- $AWSCLI --profile ${OCF_RESKEY_profile} \
- ec2 disassociate-address \
- --association-id ${ASSOCIATION_ID}
+ $AWSCLI_CMD ec2 disassociate-address --association-id ${ASSOCIATION_ID}
RET=$?
# delay to avoid sending request too fast
@@ -208,7 +228,7 @@
}
awseip_monitor() {
- $AWSCLI --profile $OCF_RESKEY_profile ec2 describe-instances --instance-id
"${INSTANCE_ID}" | grep -q "${ELASTIC_IP}"
+ $AWSCLI_CMD ec2 describe-instances --instance-id "${INSTANCE_ID}" | grep
-q "${ELASTIC_IP}"
RET=$?
if [ $RET -ne 0 ]; then
@@ -218,9 +238,9 @@
}
awseip_validate() {
- check_binary ${AWSCLI}
+ check_binary "${OCF_RESKEY_awscli}"
- if [ -z "$OCF_RESKEY_profile" ]; then
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile"
]; then
ocf_exit_reason "profile parameter not set"
return $OCF_ERR_CONFIGURED
fi
@@ -238,9 +258,27 @@
meta_data
exit $OCF_SUCCESS
;;
-esac
+ usage|help)
+ awseip_usage
+ exit $OCF_SUCCESS
+ ;;
+esac
-AWSCLI="${OCF_RESKEY_awscli}"
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
+ if [ -z "${OCF_RESKEY_region}" ]; then
+ ocf_exit_reason "region needs to be set when using role-based
authentication"
+ exit $OCF_ERR_CONFIGURED
+ fi
+else
+ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}"
+ exit $OCF_ERR_CONFIGURED
+fi
+if [ -n "${OCF_RESKEY_region}" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
+fi
ELASTIC_IP="${OCF_RESKEY_elastic_ip}"
ALLOCATION_ID="${OCF_RESKEY_allocation_id}"
PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}"
@@ -272,10 +310,6 @@
validate|validate-all)
awseip_validate
;;
- usage|help)
- awseip_usage
- exit $OCF_SUCCESS
- ;;
*)
awseip_usage
exit $OCF_ERR_UNIMPLEMENTED
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/awsvip
new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/awsvip
--- old/resource-agents-4.13.0+git6.ae50f94f/heartbeat/awsvip 2023-11-02
10:19:53.000000000 +0100
+++ new/resource-agents-4.13.0+git23.fa8a56f6/heartbeat/awsvip 2024-01-29
10:05:12.000000000 +0100
@@ -23,7 +23,8 @@
#
# Prerequisites:
#
-# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey,
etc.)
+# - preconfigured AWS CLI running environment (AccessKey, SecretAccessKey,
etc.) or
+# (AWSRole) Setup up relevant AWS Policies to allow agent related functions
to be executed.
# - a reserved secondary private IP address for EC2 instances high availablity
# - IAM user role with the following permissions:
# * DescribeInstances
@@ -43,11 +44,15 @@
# Defaults
#
OCF_RESKEY_awscli_default="/usr/bin/aws"
+OCF_RESKEY_auth_type_default="key"
OCF_RESKEY_profile_default="default"
+OCF_RESKEY_region_default=""
OCF_RESKEY_api_delay_default="3"
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+: ${OCF_RESKEY_auth_type=${OCF_RESKEY_auth_type_default}}
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
+: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
: ${OCF_RESKEY_api_delay=${OCF_RESKEY_api_delay_default}}
meta_data() {
@@ -62,7 +67,7 @@
It manages AWS Secondary Private IP Addresses with awscli.
-Credentials needs to be setup by running "aws configure".
+Credentials needs to be setup by running "aws configure", or by using AWS
Policies.
See https://aws.amazon.com/cli/ for more information about awscli.
</longdesc>
@@ -78,6 +83,15 @@
<content type="string" default="${OCF_RESKEY_awscli_default}" />
</parameter>
+<parameter name="auth_type">
+<longdesc lang="en">
+Authentication type "key" for AccessKey and SecretAccessKey set via "aws
configure",
+or "role" to use AWS Policies.
+</longdesc>
+<shortdesc lang="en">Authentication type</shortdesc>
+<content type="string" default="${OCF_RESKEY_auth_type_default}" />
+</parameter>
+
<parameter name="profile">
<longdesc lang="en">
Valid AWS CLI profile name (see ~/.aws/config and 'aws configure')
@@ -94,6 +108,14 @@
<content type="string" default="" />
</parameter>
+<parameter name="region" required="0">
+<longdesc lang="en">
+Region for AWS resource (required for role-based authentication)
+</longdesc>
+<shortdesc lang="en">Region</shortdesc>
+<content type="string" default="${OCF_RESKEY_region_default}" />
+</parameter>
+
<parameter name="api_delay" unique="0">
<longdesc lang="en">
a short delay between API calls, to avoid sending API too quick
@@ -131,7 +153,7 @@
awsvip_start() {
awsvip_monitor && return $OCF_SUCCESS
- $AWSCLI --profile $OCF_RESKEY_profile ec2 assign-private-ip-addresses \
+ $AWSCLI_CMD ec2 assign-private-ip-addresses \
--network-interface-id ${NETWORK_ID} \
--private-ip-addresses ${SECONDARY_PRIVATE_IP} \
--allow-reassignment
@@ -151,7 +173,7 @@
awsvip_stop() {
awsvip_monitor || return $OCF_SUCCESS
- $AWSCLI --profile $OCF_RESKEY_profile ec2 unassign-private-ip-addresses \
+ $AWSCLI_CMD ec2 unassign-private-ip-addresses \
--network-interface-id ${NETWORK_ID} \
--private-ip-addresses ${SECONDARY_PRIVATE_IP}
RET=$?
@@ -168,7 +190,7 @@
}
awsvip_monitor() {
- $AWSCLI --profile ${OCF_RESKEY_profile} ec2 describe-instances \
+ $AWSCLI_CMD ec2 describe-instances \
--instance-id "${INSTANCE_ID}" \
--query
'Reservations[].Instances[].NetworkInterfaces[].PrivateIpAddresses[].PrivateIpAddress[]'
\
--output text | \
@@ -182,9 +204,9 @@
}
awsvip_validate() {
- check_binary ${AWSCLI}
+ check_binary "${OCF_RESKEY_awscli}"
- if [ -z "$OCF_RESKEY_profile" ]; then
+ if [ "x${OCF_RESKEY_auth_type}" = "xkey" ] && [ -z "$OCF_RESKEY_profile"
]; then
ocf_exit_reason "profile parameter not set"
return $OCF_ERR_CONFIGURED
fi
@@ -202,9 +224,27 @@
meta_data
exit $OCF_SUCCESS
;;
+ usage|help)
+ awsvip_usage
+ exit $OCF_SUCCESS
+ ;;
esac
-AWSCLI="${OCF_RESKEY_awscli}"
+AWSCLI_CMD="${OCF_RESKEY_awscli}"
+if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --profile ${OCF_RESKEY_profile}"
+elif [ "x${OCF_RESKEY_auth_type}" = "xrole" ]; then
+ if [ -z "${OCF_RESKEY_region}" ]; then
+ ocf_exit_reason "region needs to be set when using role-based
authentication"
+ exit $OCF_ERR_CONFIGURED
+ fi
+else
+ ocf_exit_reason "Incorrect auth_type: ${OCF_RESKEY_auth_type}"
+ exit $OCF_ERR_CONFIGURED
+fi
+if [ -n "${OCF_RESKEY_region}" ]; then
+ AWSCLI_CMD="$AWSCLI_CMD --region ${OCF_RESKEY_region}"
+fi
SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}"
TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token"; -H
"X-aws-ec2-metadata-token-ttl-seconds: 21600")
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H
"X-aws-ec2-metadata-token: $TOKEN")
@@ -236,10 +276,6 @@
validate|validate-all)
awsvip_validate
;;
- usage|help)
- awsvip_usage
- exit $OCF_SUCCESS
- ;;
*)
awsvip_usage
exit $OCF_ERR_UNIMPLEMENTED
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/resource-agents-4.13.0+git6.ae50f94f/tools/findif.c
new/resource-agents-4.13.0+git23.fa8a56f6/tools/findif.c
--- old/resource-agents-4.13.0+git6.ae50f94f/tools/findif.c 2023-11-02
10:19:53.000000000 +0100
+++ new/resource-agents-4.13.0+git23.fa8a56f6/tools/findif.c 2024-01-29
10:05:12.000000000 +0100
@@ -669,7 +669,7 @@
}
}
- if (netmaskbits) {
+ if (netmaskbits != NULL && *netmaskbits != EOS) {
best_netmask = netmask;
}else if (best_netmask == 0L) {
/*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/resource-agents-4.13.0+git6.ae50f94f/tools/storage_mon.c
new/resource-agents-4.13.0+git23.fa8a56f6/tools/storage_mon.c
--- old/resource-agents-4.13.0+git6.ae50f94f/tools/storage_mon.c
2023-11-02 10:19:53.000000000 +0100
+++ new/resource-agents-4.13.0+git23.fa8a56f6/tools/storage_mon.c
2024-01-29 10:05:12.000000000 +0100
@@ -382,9 +382,11 @@
syslog(LOG_ERR, "Failed to write '%s' to %s: %s", pid, pidfile,
strerror(errno));
goto done;
}
- close(fd);
rc = 0;
done:
+ if (fd != -1) {
+ close(fd);
+ }
if (pid != NULL) {
free(pid);
}
@@ -653,6 +655,7 @@
int32_t rc;
+ memset(&response, 0, sizeof(response));
snprintf(ipcs_name, SMON_MAX_IPCSNAME, "storage_mon_%s", attrname);
conn = qb_ipcc_connect(ipcs_name, 0);
if (conn == NULL) {
@@ -663,6 +666,7 @@
snprintf(request.message, SMON_MAX_MSGSIZE, "%s",
SMON_GET_RESULT_COMMAND);
request.hdr.id = 0;
request.hdr.size = sizeof(struct storage_mon_check_value_req);
+ response.hdr.id = 0;
rc = qb_ipcc_send(conn, &request, request.hdr.size);
if (rc < 0) {
syslog(LOG_ERR, "qb_ipcc_send error : %d\n", rc);
@@ -683,7 +687,11 @@
/* greater than 0 : monitoring error. */
/* -1 : communication system error. */
/* -2 : Not all checks completed for first device in
daemon mode. */
- rc = atoi(response.message);
+ if (strnlen(response.message, 1)) {
+ rc = atoi(response.message);
+ } else {
+ rc = -1;
+ }
syslog(LOG_DEBUG, "daemon response[%d]: %s \n", response.hdr.id,
response.message);
