Recommended update for fence-agents

Announcement ID:	SUSE-RU-2021:2547-1
Rating:	moderate
References:	bsc#1182701 bsc#1185058 jsc#SLE-17998 jsc#SLE-18182
Affected Products:	openSUSE Leap 15.3 SUSE Linux Enterprise High Availability Extension 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 SUSE Manager Server 4.2 Module 4.2

An update that contains two features and has two fixes can now be installed.

Description:

This update for fence-agents fixes the following issues:

• Corrections to support Azure SDK greater than 15 - including backward compatibility (bsc#1185058)
• Fixed an issue when libvirt breaks the connection in every 30 seconds.
• ECO: Update fence-agents. (jsc#SLE-18182)
• Add upstream PR to aws-vpc-move-ip and apply required resource and fence agent patches. (jsc#SLE-17998)
• Fixed an issue when fence-agent does not restart the node properly. (bsc#1182701)
• Major rework of the original agent:
• fence_gce: default method moved back to powercycle (#389)
• fence_gce: make serviceaccount work with new libraries
• fence_virt*: simple_auth: use %zu for sizeof to avoid failing verbose builds on some archs
• configure: dont fail when --with-agents contains virt
• fence_mpath: watchdog retries support
• fencing: add multi plug support for reboot-action
• fence_redfish: add missing diag logic
• fencing: fix issue with hardcoded help text length for metadata
• fencing: add stonith_status_sleep parameter for sleep between status calls during a STONITH action
• fence_aws: add filter parameter to be able to limit which nodes are listed
• virt: fix a bunch of coverity scan errors in ip_lookup
• virt: make sure to provide an empty default to strncpy
• virt: make sure buffers are big enough for 0 byte end string
• virt: increase buffer size to avoid overruns
• virt: check return code in virt-sockets
• virt: fix plugin (minor) memory leak and plug in load race
• virt: attempt to open file directly and avoid race condition
• virt: fix different coverity scan errors in common/tcp
• virt: cleanup deadcode in client/vsock
• virt: cleanup deadcode in client/tcp
• virt: fix potential buffer overrun
• virt: fix mcast coverity scan errors
• virt: drop pm-fence plugin
• virt: drop libvirt-qmf plugin
• virt: drop null plugin
• virt: drop fence_virtd non-modular build
• virt: fix plugin installation regression on upgrades
• fence_virt: metadata fixes, implement manpage generation and metadata/delay/rng checks
• virt: make sure variable is initialized
• zvm: reformat fence_zvm to avoid gcc warnings
• virt: drop -Werror to avoid unnecessary failures
• virt: disable -Wunused for yy generated files
• virt: disable fence-virt on bsd variants
• virt: merge spec files
• build: fix more gcc warnings
• build: remove unused / obsoleted options
• build: fix some annoying warnings at ./autogen.sh time
• virt: move all virt CFLAGS/LDFLAGS in the right location
• virt: fix unused gcc warnings and re-enable all build warnings
• virt: fix write-strings gcc warnings
• virt: fix pointer-arith gcc warnings
• virt: fix declaration-after-statement gcc warnings
• virt: fix build with -Wmissing-prototypes
• build: don´t override clean target
• virt: plug fence_virt into the build
• virt: allow fence_virt build to be optional
• virt: drop support for LSB init script
• virt: collect docs in one location
• virt: remove unnecessary files and move build macros in place
• Ignore fence-virt man pages
• Move fence_virt to the correct location
• spec: use python3 path for newer releases
• spec: undo autosetup change that breaks builds w/git commit hashes
• Ignore unknown options on stdin
• fence_gce: support google-auth and oauthlib and fallback to deprecated libs when not available
• spec: add aliyun subpackage and fence_mpath_check* to mpath subpackage
• fence_gce: Adds cloud-platform scope for bare metal API and optional proxy flags (#382)
• fence_virt: Fix minor typo in metadata
• fence_gce: update module reqs for SLES 15 (#383)
• Add fence_ipmilanplus as fence_ipmilan wrapper always enabling lanplus
• fence_redfish: Add diag action
• fence_vbox: updated metadata file
• fence_vbox: do not flood host account with vboxmanage calls
• fence_aws/fence_gce: allow building without cloud libs
• fence_gce: default to onoff
• fence_lpar: Make --managed a required option
• fence_zvmip: fix shell-timeout when using new disable-timeout parameter
• Adds service account authentication to GCE fence agent
• spec: dont build -all subpackage as noarch
• fence_virt: add plug parameter that obsoletes old port parameter
• Try to detect directory for initscripts configuration
• Accept SIGTERM while waiting for initialization.
• Add man pages to fence_virtd service file.
• Fix spelling error in fence_virt.conf.5
• build: fix BRs for suse distros
• build: remove ExclusiveArch
• build: removed gcc-c++ BR
• build: add spec-file and rpm build targets
• build: cleanup/improvements to reworked build system
• [build] rework build system to use automake/libtool
• fence_virtd: Fix segfault in vl_get when no domains are found
• fence_virt: fix core dump
• build: harden and make it possible to build with -fPIE
• fence_virt: dont report success for incorrect parameters
• fence_virt: mcast: config: Warn when provided mcast addr is not used
• fence_virtd: Return control to main loop on select interruption
• fence-virtd: Add missing vsock makefile bits
• fence-virt: Add vsock support
• fence_virtd: Fix transposed arguments in startup message
• fence_virt: Rename challenge functions
• fence_virtd: Cleanup: remove unused configuration options
• fence_virt: Remove remaining references to checkpoints
• fence_virt: Remove remaining references to checkpoints
• fence-virt: Format string cleanup
• fence_virtd: Implment hostlist for the cpg backend
• fence_virt: Fix logic error in fence_xvm
• fence_virtd: Cleanup config module
• fence_virtd: cpg: Fail initialization if no hypervisor connections
• fence_virtd: Make the libvirt backend survive libvirtd restarts
• fence_virtd: Allow the cpg backend to survive libvirt failures
• fence_virtd: cpg: Fix typo
• fence-virtd: Add cpg-virt backend plugin
• fence_virtd: Remove checkpoint, replace it with a CPG only plugin
• fence-virt: Bump version
• fence_virtd: Add better debugging messages for the TCP listner
• fence_virtd: Fix potential unlocked pthread_cond_timedwait()
• fence-virtd: Cleanup small memory leak
• fence_virtd: Fix select logic in listener plugins
• Factor out common libvirt code so that it can be reused by multiple backends
• Document the fence_virtd -p command line flag
• fence_virtd: Log an error when startup fails
• Retry writes in the TCP, mcast, and serial listener plugins while sending a response to clients, if the write fails or is incomplete.
• Make the packet authentication code more resilient in the face of transient failures.
• Disable the libvirt-qmf backend by default
• Bump the versions of the libvirt and checkpoint plugins
• fence-virtd: Enable TCP listener plugin by default
• fence-virtd: Cleanup documentation of the TCP listener
• fence_xvm/fence_virt: Add support for the validate-all status op
• fence-virt: Add list-status command to man page and metadata
• fence-virt: Cleanup numeric argument parsing
• fence-virt: Log message to syslog in addition to stdout/stderr
• fence-virt: Permit explicitly setting delay to 0
• fence-virt: Add 'list-status' operation for compat with other agents
• Allow fence_virtd to run as non-root
• Remove delay from the status, monitor and list functions
• Resolves serveral problems in checkpoint plugin, making it functional.
• daemon_init: Removed PID check and update
• fence_virtd: drop legacy SysVStartPriority from service unit
• fence-virt: client: Do not truncate VM domains in list output
• client: fix "delay" parameter checking (copy-paste)
• fence-virt: Fix broken restrictions on the port ranges
• Clarify debug message
• fence-virtd: Use perror only if the last system call returns an error.
• fence-virtd: Fix printing wrong system call in perror
• fence-virtd: Allow multiple hypervisors for the libvirt backend
• fence-virt: Don't overrwrite saved errno
• fence-virt: Fix small memory leak in the config module
• fence-virt: Fix mismatched sizeof in memset call
• fence-virt: Send complete hostlist info
• fence-virt: Clarify the path option in serial mode
• Bump version
• fence-virt: Bump version
• fence_virtd: Fix broken systemd service file
• fence_virt/fence_xvm: Print status when invoked with -o status
• fence-virt: Fix for missed libvirtd events
• fence-virt: Fail properly if unable to bind the listener socket
• client: dump all arguments structure in debug mode
• Drop executable flag for man pages (finally)
• Honor implicit "ip_family=auto" in fence_xvm w/IPv6 mult.addr.
• Fix using bad struct item for auth algorithm
• Drop executable flag for man pages
• use bswap_X() instead of b_swapX()
• fence_virtd: Fix memcpy size params in the TCP plugin
• Revert "fence-virt: Fix possible descriptor leak"
• fence_virtd: Return success if a domain exists but is already off.
• fence-virt: Add back missing tcp_listener.h file
• fence-virt: Fix a few fd leaks
• fence-virt: Fix free of uninitialized variable
• fence-virt: Fix possible null pointer dereference
• fence-virt: Fix memory leak
• fence-virt: Fix fd leak when finding local addresses
• fence-virt: Fix possible descriptor leak
• fence-virt: Fix possible fd leak
• fence-virt: Fix null pointer deref
• fence-virt: Explicitly set delay to 0
• fence-virt: Fix return with lock held
• fence_virt: Fix typo in fence_virt(8) man page
• fence_virt: Return failure for nonexistent domains
• Improve fence_virt.conf man page description of 'hash'
• Add a TCP listener plugin for use with viosproxy
• In serial mode, return failure if the other end closes the connection before we see SERIAL_MAGIC in the reply or timeout.
• Stop linking against unnecessary QPid libs.
• Update libvirt-qmf plugin and docs
• Fix crash when we fail to read key file.
• Fix erroneous man page XML
• Add 'interface' directive to example.conf
• Add old wait_for_backend directive handling & docs
• Return proper error if we can't set up our socket.
• Fix startup in systemd environments
• Add systemd unit file and generation
• Don't override user's pick for backend server module
• Use libvirt as default in shipped config
• Clean up compiler warnings
• Fix serial domain handling
• Fix monolithic build
• Clean up build and comments.
• Add missing pm_fence source code
• Disable CMAN / checkpoint build by default
• Rename libvirt-qpid -> libvirt-qmf
• Fix static analysis errors
• Reword assignment to appease static analyzers
• Handle return value from virDomainGetInfo
• Fix bad sizeof()
• Make listen() retry
• Add map_check on 'status' action
• Update README
• Don't reference out-of-scope temporary
• Ensure we don't try to strdup() or atoi() on NULL
• Add libvirt-qmf support to the libvirt-qpid plugin
• Convert libvirt-qpid plugin to QMFv2
• Fix incorrect return value on hash mismatch
• Fix error getting status from libvirt-qpid plugin
• Make fence-virt requests endian clean
• Fix input parsing to allow domain again
• Provide 'domain' in metadata output for compatibility
• High: Fix UUID lookups in checkpoint backend
• Curtail 'list' operation requests
• Fix man page references: fence_virtd.conf -> fence_virt.conf
• Add 'list' operation for plugins; fix missing getopt line
• Fix build with newer versions of qpid
• Make configure.in actually disable plugins
• Rename parameters to match other fencing agents
• Fix fence_xvm man page to point to the right location
• client: Clarify license in serial.c
• Return 2 for 'off' like other fencing agents
• Reset flags before returning from connect_nb
• Use nonblocking connect to vmchannel sockets
• More parity with other fencing agents' parameters
• Fix memory leaks found with valgrind
• Add basic daemon functions
• Fix bug in path pruning support for serial plugin
• Fix libvirt-qpid bugs found while testing
• Fix segfault caused by invalid map pointer assignment
• Fix another compiler warning
• Fix build warnings in client/serial.c
• Add 'monitor' as an alias for 'status'
• Add serial listener to configuration utility
• Make serial/vmchannel module enabled by default
• Add missing 'metadata' option to help text
• Add missing static_map.h
• Add metadata support to fence_xvm/fence_virt
• Allow IPs to be members of groups
• Allow use of static mappings w/ mcast listener
• Make 'path' be a directory
• Remove useless debug printfs
• Enable VM Channel support in serial plugin
• Pass source VM UUID (if known) to backend
• Mirror libvirt-qpid's settings in libvirt-qpid plugin
• libvirt-qpid: clean up global variable
• Enable a configurable host/port on libvirt-qpid plugin
• Minor config utility cleanups
• Remove unnecessary name_mode from multicast plugin
• Add prototypes and clean up build warnings
• Use seqno in serial requests
• Minor debugging message cleanup
• Fix build error due to improper value
• Static map support and permissions reporting
• Sync up on SERIAL_MAGIC while waiting for a response
• Don't build serial vmchannel module by default
• Initial checkin of serial server-side support
• Fix fence_virt.conf man page name
• Add Fedora init script
• Compiler warning cleanups in virt-serial.c
• Add wait-for-backend mode
• Fix up help text for clients
• Minor XML cleanups, add missing free() call
• add missing module_path to fence_virtd.conf.5
• Add capabilities to virt-serial
• Note that serial support is experimental
• Add a serial.so build target
• Add vmchannel serial event interface
• Split fence_virt vs. fence_xvm args
• Add static map functions.
• Fix build warning due to missing #include
• Fix multiple query code
• Better config query & multiple value/tag support
• Add simple configuration mode
• Allow setting config values to NULL to clear them
• Clean up example config file
• Sort plugins by type when printing them
• Revert "Sort plugins by type when printing them"
• Sort plugins by type when printing them
• Clean up some configuration plugin information
• add empty line between names
• Make libvirt to automatically use uuid or names
• Improve error reporting
• Fix build for hostlist functionality
• Hostlist functionality for libvirt, libvirt-qpid
• Work around broken nspr headers
• Fix installation target for man pages
• Add man page build infrastructure
• Make fence_xvm compatibility mode enabled by default
• Fix libvirt / mcast support for name_mode
• Fix agent option parsing
• Fix dlsym mapping of C++ module
• Make uuids work with libvirt-qpid
• Fix uninitialized variable causing false returns
• Add 'help' to fence_virtd
• Fix libvirt-qpid build
• Fix libvirt-qpid build
• Add libvirt-qpid build target
• Initial checking of libvirt-qpid plugin
• Fix build on i686
• Make symlink/compatibilty mode disabled by default
• Add simple tarball / release script
• Use immediate resolution of symbols
• Example config tweaks
• Use sysconfdir for /etc/fence_virt.conf
• Fix package name and install locations
• Add 'maintainer-clean' target
• Fix build errors on Fedora
• Add missing header file
• Ignore automake error
• Make the build script actually build
• Make cluster mode plugin work
• Add basic cpg stuff for later
• Enable 'on' operation for libvirt backend
• Clean up modular build
• Minor build cleanups
• Yet more build fixes
• More build cleanups
• Build cleanups
• Initial port to autoconf
• Add checkpoint.c stub functions
• Add sequence numbers to requests for tracking
• Include missing include
• Call generic history functions
• Make history functions generic
• Make debugging work from modules again
• Revert "Fix build issue breaking debug printing from modules"
• Fix build issue breaking debug printing from modules
• Fix libvirt backend; VALIDATE was wrong
• Cleanups, add daemon support
• Add simple 'null' skeleton backend plugin
• Make all plugins dynamically loaded.
• Fix error message
• Remove dummy serial prototypes
• Remove modules in 'make clean'
• Make listeners plugins.
• Move name_mode to fence_virtd block
• Add name_mode to example.conf
• Move VM naming scheme to top level of config
• Enable UUID use in libvirt.c
• Move options.c to client directory
• Drop duplicate fencing requests
• Don't require specifying an interface in fence_virt.conf
• Fix empty node parsing
• Actually use the default port by default
• Don't overwrite config files
• Install modules, too.
• Add temporary 'make install' target
• Make a default configuration file
• Make mcast work with UUIDs
• Add checkpoint.so to the build
• Fix missing carriage returns on debug prints
• Add architecture overview description
• Make serial_init match mcast_init.
• Make multicast use config file
• Integrate config file processing
• Create server-side plugin architecture
• Make libvirt a built-in plugin
• Fix header in serial.c.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3
  zypper in -t patch SUSE-2021-2547=1
• SUSE Manager Server 4.2 Module 4.2
  zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-2547=1
• SUSE Linux Enterprise High Availability Extension 15 SP3
  zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-2547=1

Package List:

• openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
  • fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-3.5.1
  • fence-agents-4.9.0+git.1624456340.8d746be9-3.5.1
  • fence-agents-amt_ws-4.9.0+git.1624456340.8d746be9-3.5.1
  • fence-agents-devel-4.9.0+git.1624456340.8d746be9-3.5.1
  • fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-3.5.1
• SUSE Manager Server 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64)
  • fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-3.5.1
  • fence-agents-4.9.0+git.1624456340.8d746be9-3.5.1
  • fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-3.5.1
• SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64)
  • fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-3.5.1
  • fence-agents-4.9.0+git.1624456340.8d746be9-3.5.1
  • fence-agents-devel-4.9.0+git.1624456340.8d746be9-3.5.1
  • fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-3.5.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1182701
• https://bugzilla.suse.com/show_bug.cgi?id=1185058
• https://jira.suse.com/browse/SLE-17998
• https://jira.suse.com/browse/SLE-18182