Overview

File bsc#1148236-0002-Low-fencer-don-t-require-API-registration-for-list-a.patch of Package pacemaker.26926

From eaee0fc4e92004b46c38919ddde9f542d17697be Mon Sep 17 00:00:00 2001
From: Ken Gaillot <kgaillot@redhat.com>
Date: Thu, 21 Feb 2019 16:54:26 -0600
Subject: [PATCH 2/2] Low: fencer: don't require API registration for list and
 status commands

Previously, stonith_device_action() (which handles STONITH_OP_EXEC requests,
sent for API list, monitor, and status calls) would always return "No such
device" if the device was registered only via the CIB, and not via the API.

While this could make sense for monitor, which conceivably should not succeed
unless the device has been "started" (i.e. registered via the API), the list
and status commands should be direct agent calls.

Another side effect of the old code was that list, monitor, and status calls
could only succeed when run on the node "running" the stonith device. That is,
running something like "stonith_admin --list-targets $DEVICE" on some other
node would always fail, even though there's no reason for it to. Now, that
command would work when run from any node.

This leaves the old behavior for monitor, but it is a good question whether
that's ideal. For the specific case of "stonith_admin --query", it makes
an API monitor call, and if that fails, tries an API list call. So, on a
node "running" the device, it will return success if the monitor succeeds,
but that will always fail on other nodes, and it will return the result of
list instead.
---
 daemons/fenced/fenced_commands.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/daemons/fenced/fenced_commands.c b/daemons/fenced/fenced_commands.c
index 3fb55bf19..d81646626 100644
--- a/daemons/fenced/fenced_commands.c
+++ b/daemons/fenced/fenced_commands.c
@@ -1457,6 +1457,9 @@ stonith_level_remove(xmlNode *msg, char **desc)
  * \param[out] output  Unused
  *
  * \return -EINPROGRESS on success, -errno otherwise
+ * \note If the action is monitor, the device must be registered via the API
+ *       (CIB registration is not sufficient), because monitor should not be
+ *       possible unless the device is "started" (API registered).
  */
 static int
 stonith_device_action(xmlNode * msg, char **output)
@@ -1476,7 +1479,10 @@ stonith_device_action(xmlNode * msg, char **output)
     }
 
     device = g_hash_table_lookup(device_list, id);
-    if ((device == NULL) || !device->api_registered) {
+    if ((device == NULL)
+        || (!device->api_registered && !strcmp(action, "monitor"))) {
+
+        // Monitors may run only on "started" (API-registered) devices
         crm_info("Ignoring API %s action request because device %s not found",
                  action, id);
         return -ENODEV;
-- 
2.26.2
openSUSE Build Service is sponsored by
Places