January 2010 - cluster-commits - Fedora Mailing-Lists

cluster: STABLE3 - build: fix typo in configure

by Fabio M. Di Nitto

Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=... Commit: 585af66d237cb3408c469351a3f69c78a6c4ad1c Parent: 56a9b09cc269d613bafdb11345f97ca95022032a Author: Fabio M. Di Nitto <fdinitto(a)redhat.com> AuthorDate: Fri Jan 8 10:23:23 2010 +0100 Committer: Fabio M. Di Nitto <fdinitto(a)redhat.com> CommitterDate: Fri Jan 8 10:23:23 2010 +0100 build: fix typo in configure Signed-off-by: Fabio M. Di Nitto <fdinitto(a)redhat.com> --- configure | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/configure b/configure index 86c7b79..cde3be6 100755 --- a/configure +++ b/configure @@ -618,7 +618,7 @@ if (!$enable_legacy_code) { $cflags="${cflags} -DLEGACY_CODE"; } if (!$enable_pacemaker) { - $enable_pacemaker="" + $enable_pacemaker=""; } if (!$without_common) { $without_common="";

14 years, 3 months

1
0
0 / 0

cluster: STABLE3 - rgmanager: Fix compiler warning

by Lon Hohberger

Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=... Commit: 56a9b09cc269d613bafdb11345f97ca95022032a Parent: 6bc4d0979fb55f170a59574b2ef092284b2e0e79 Author: Lon Hohberger <lhh(a)redhat.com> AuthorDate: Mon Jan 4 11:05:12 2010 -0500 Committer: Lon Hohberger <lhh(a)redhat.com> CommitterDate: Thu Jan 7 13:51:31 2010 -0500 rgmanager: Fix compiler warning Signed-off-by: Lon Hohberger <lhh(a)redhat.com> --- rgmanager/src/clulib/msg_socket.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/rgmanager/src/clulib/msg_socket.c b/rgmanager/src/clulib/msg_socket.c index b6b603e..a9c36d6 100644 --- a/rgmanager/src/clulib/msg_socket.c +++ b/rgmanager/src/clulib/msg_socket.c @@ -311,10 +311,11 @@ sock_msg_close(msgctx_t *ctx) static int sock_msg_accept(msgctx_t *listenctx, msgctx_t *acceptctx) { - errno = EINVAL; struct ucred cred; socklen_t credlen = sizeof(cred); + errno = EINVAL; + if (!listenctx || !acceptctx) return -1; if (listenctx->u.local_info.sockfd < 0)

14 years, 3 months

1
0
0 / 0

cluster: STABLE3 - rgmanager: Allow non-root clustat

by Lon Hohberger

Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=... Commit: 6bc4d0979fb55f170a59574b2ef092284b2e0e79 Parent: 287c8cb0c681bf7d6c62112869105a8a7d995a4b Author: Lon Hohberger <lhh(a)redhat.com> AuthorDate: Wed Oct 28 16:54:53 2009 -0400 Committer: Lon Hohberger <lhh(a)redhat.com> CommitterDate: Thu Jan 7 13:51:31 2010 -0500 rgmanager: Allow non-root clustat This allows non-root users access to the running cluster and service states. This requires you to add a user to the 'root' group, matching cman_tool's requirements. Resolves: rhbz#531273 Signed-off-by: Lon Hohberger <lhh(a)redhat.com> --- rgmanager/include/message.h | 1 + rgmanager/include/resgroup.h | 1 + rgmanager/src/clulib/msg_socket.c | 16 +++++++++++++++- rgmanager/src/clulib/rg_strings.c | 2 ++ rgmanager/src/daemons/Makefile | 2 +- rgmanager/src/daemons/main.c | 36 +++++++++++++++++++++++++++++++++++- rgmanager/src/utils/clusvcadm.c | 5 ----- 7 files changed, 55 insertions(+), 8 deletions(-) diff --git a/rgmanager/include/message.h b/rgmanager/include/message.h index fb3ec9a..e9d7797 100644 --- a/rgmanager/include/message.h +++ b/rgmanager/include/message.h @@ -90,6 +90,7 @@ typedef struct ALIGNED _msgctx { } cluster_info; struct { int sockfd; + struct ucred cred; int pad; } local_info; } u; diff --git a/rgmanager/include/resgroup.h b/rgmanager/include/resgroup.h index 5a13fcf..3afbce2 100644 --- a/rgmanager/include/resgroup.h +++ b/rgmanager/include/resgroup.h @@ -198,6 +198,7 @@ int rg_unlock(struct dlm_lksb *p); /* Return codes */ +#define RG_EPERM -18 /* Permission denied */ #define RG_ERELO -17 /* Relocation failure; service running on original node */ #define RG_EEXCL -16 /* Service not runnable due to diff --git a/rgmanager/src/clulib/msg_socket.c b/rgmanager/src/clulib/msg_socket.c index 130cbd7..b6b603e 100644 --- a/rgmanager/src/clulib/msg_socket.c +++ b/rgmanager/src/clulib/msg_socket.c @@ -312,6 +312,8 @@ static int sock_msg_accept(msgctx_t *listenctx, msgctx_t *acceptctx) { errno = EINVAL; + struct ucred cred; + socklen_t credlen = sizeof(cred); if (!listenctx || !acceptctx) return -1; @@ -327,6 +329,18 @@ sock_msg_accept(msgctx_t *listenctx, msgctx_t *acceptctx) if (acceptctx->u.local_info.sockfd < 0) return -1; + memset(&cred, 0, sizeof(cred)); + if (getsockopt(acceptctx->u.local_info.sockfd, SOL_SOCKET, + SO_PEERCRED, (void *)&cred, &credlen) < 0) { + perror("getsockopt"); + cred.uid = (uid_t)-1; + cred.gid = (gid_t)-1; + cred.pid = (pid_t)-1; + } + + memcpy(&acceptctx->u.local_info.cred, &cred, + sizeof(cred)); + set_cloexec(acceptctx->u.local_info.sockfd); acceptctx->flags = (SKF_READ | SKF_WRITE); @@ -354,7 +368,7 @@ sock_msg_listen(int me, const void *portp, msgctx_t **listen_ctx) set_cloexec(sock); unlink(RGMGR_SOCK); - om = umask(077); + om = umask(0117); su.sun_family = PF_LOCAL; snprintf(su.sun_path, sizeof(su.sun_path), "%s", path); diff --git a/rgmanager/src/clulib/rg_strings.c b/rgmanager/src/clulib/rg_strings.c index cc34a9f..24ee479 100644 --- a/rgmanager/src/clulib/rg_strings.c +++ b/rgmanager/src/clulib/rg_strings.c @@ -8,7 +8,9 @@ struct string_val { const struct string_val rg_error_strings[] = { + { RG_EPERM, "Permissing denied" }, { RG_ERELO, "Failed; service running on original owner" }, + { RG_EEXCL, "Service not runnable: cannot run exclusive" }, { RG_EDOMAIN, "Service not runnable" }, { RG_ESCRIPT, "S/Lang Script Error" }, { RG_EFENCE, "Fencing operation pending; try again later" }, diff --git a/rgmanager/src/daemons/Makefile b/rgmanager/src/daemons/Makefile index de36971..94e0dbb 100644 --- a/rgmanager/src/daemons/Makefile +++ b/rgmanager/src/daemons/Makefile @@ -40,7 +40,7 @@ OBJS2= test-noccs.o \ rg_locks-noccs.o \ event_config-noccs.o -CFLAGS += -DSHAREDIR=\"${sharedir}\" +CFLAGS += -DSHAREDIR=\"${sharedir}\" -D_GNU_SOURCE CFLAGS += -fPIC CFLAGS += -I${ccsincdir} -I${cmanincdir} -I${dlmincdir} -I${logtincdir} CFLAGS += `xml2-config --cflags` -I${slangincdir} diff --git a/rgmanager/src/daemons/main.c b/rgmanager/src/daemons/main.c index 883266a..885d89d 100644 --- a/rgmanager/src/daemons/main.c +++ b/rgmanager/src/daemons/main.c @@ -14,6 +14,7 @@ #include <msgsimple.h> #include <vf.h> #include <lock.h> +#include <sys/socket.h> #include <message.h> #include <rg_queue.h> #include <malloc.h> @@ -338,11 +339,17 @@ do_lockreq(msgctx_t *ctx, int req) static int dispatch_msg(msgctx_t *ctx, int nodeid, int need_close) { - int ret = 0, sz = -1, nid; + int ret = 0, sz = -1, nid, read_only = 1; char msgbuf[4096]; generic_msg_hdr *msg_hdr = (generic_msg_hdr *)msgbuf; SmMessageSt *msg_sm = (SmMessageSt *)msgbuf; + if (ctx->type == MSG_CLUSTER) { + read_only = 0; + } else if (ctx->u.local_info.cred.uid == 0) { + read_only = 0; + } + memset(msgbuf, 0, sizeof(msgbuf)); /* Peek-a-boo */ @@ -396,6 +403,10 @@ dispatch_msg(msgctx_t *ctx, int nodeid, int need_close) case RG_LOCK: case RG_UNLOCK: + if (read_only) { + msg_send_simple(ctx, RG_FAIL, RG_EPERM, 0); + goto out; + } if (rg_quorate()) do_lockreq(ctx, msg_hdr->gh_command); break; @@ -408,6 +419,10 @@ dispatch_msg(msgctx_t *ctx, int nodeid, int need_close) break; case RG_ACTION_REQUEST: + if (read_only) { + msg_send_simple(ctx, RG_FAIL, RG_EPERM, 0); + goto out; + } if (sz < (int)sizeof(msg_sm)) { logt_print(LOG_ERR, @@ -476,6 +491,11 @@ dispatch_msg(msgctx_t *ctx, int nodeid, int need_close) return 0; case RG_EVENT: + if (read_only) { + msg_send_simple(ctx, RG_FAIL, RG_EPERM, 0); + goto out; + } + /* Service event. Run a dependency check */ if (sz < (int)sizeof(msg_sm)) { logt_print(LOG_ERR, @@ -498,6 +518,11 @@ dispatch_msg(msgctx_t *ctx, int nodeid, int need_close) break; case RG_EXITING: + if (read_only) { + msg_send_simple(ctx, RG_FAIL, RG_EPERM, 0); + goto out; + } + if (!member_online(msg_hdr->gh_arg1)) break; @@ -508,6 +533,11 @@ dispatch_msg(msgctx_t *ctx, int nodeid, int need_close) break; case VF_MESSAGE: + if (read_only) { + msg_send_simple(ctx, RG_FAIL, RG_EPERM, 0); + goto out; + } + /* Ignore; our VF thread handles these - except for VF_CURRENT XXX (bad design) */ if (msg_hdr->gh_arg1 == VF_CURRENT) @@ -515,6 +545,10 @@ dispatch_msg(msgctx_t *ctx, int nodeid, int need_close) break; default: + if (read_only) { + goto out; + } + logt_print(LOG_DEBUG, "unhandled message request %d\n", msg_hdr->gh_command); break; diff --git a/rgmanager/src/utils/clusvcadm.c b/rgmanager/src/utils/clusvcadm.c index d543d27..137837a 100644 --- a/rgmanager/src/utils/clusvcadm.c +++ b/rgmanager/src/utils/clusvcadm.c @@ -235,11 +235,6 @@ main(int argc, char **argv) const char *actionstr = NULL; cluster_member_list_t *membership; - if (geteuid() != (uid_t) 0) { - fprintf(stderr, "%s must be run as the root user.\n", argv[0]); - return 1; - } - while ((opt = getopt(argc, argv, "lSue:M:d:r:n:m:FvR:s:Z:U:qh?")) != EOF) { switch (opt) { case 'l':

14 years, 3 months

1
0
0 / 0

cluster: STABLE3 - gfs: disable gfs kernel and userland tool build by default

by Fabio M. Di Nitto

Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=... Commit: 287c8cb0c681bf7d6c62112869105a8a7d995a4b Parent: dcfbe7b0ae44bfc84c1e6ec20f643c8bf8deefb5 Author: Fabio M. Di Nitto <fdinitto(a)redhat.com> AuthorDate: Wed Jan 6 20:28:34 2010 +0100 Committer: Fabio M. Di Nitto <fdinitto(a)redhat.com> CommitterDate: Wed Jan 6 20:28:34 2010 +0100 gfs: disable gfs kernel and userland tool build by default it's still possible to enable them via configure Signed-off-by: Fabio M. Di Nitto <fdinitto(a)redhat.com> --- Makefile | 9 +++++++-- configure | 18 +++++++++--------- make/defines.mk.input | 4 ++-- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index b5eb7c8..223c75d 100644 --- a/Makefile +++ b/Makefile @@ -7,19 +7,24 @@ REALSUBDIRS = gfs-kernel/src/gfs \ SUBDIRS = $(filter-out \ $(if ${without_common},common) \ - $(if ${without_gfs-kernel/src/gfs},gfs-kernel/src/gfs) \ $(if ${without_config},config) \ $(if ${without_cman},cman) \ $(if ${without_dlm},dlm) \ $(if ${without_fence},fence/libfenced) \ $(if ${without_group},group) \ $(if ${without_fence},fence) \ - $(if ${without_gfs},gfs) \ $(if ${without_gfs2},gfs2) \ $(if ${without_rgmanager},rgmanager) \ $(if ${without_bindings},bindings) \ , $(REALSUBDIRS)) +ifdef enable_gfs +SUBDIRS += gfs +endif +ifdef enable_gfs-kernel/src/gfs +SUBDIRS += gfs-kernel/src/gfs +endif + all: ${SUBDIRS} ${SUBDIRS}: diff --git a/configure b/configure index 1522ccd..86c7b79 100755 --- a/configure +++ b/configure @@ -98,7 +98,7 @@ my %options = ( without_group => \$without_group, without_fence => \$without_fence, without_fence_agents => \$without_fence_agents, - without_gfs => \$without_gfs, + enable_gfs => \$enable_gfs, without_gfs2 => \$without_gfs2, without_rgmanager => \$without_rgmanager, without_resource_agents => \$without_resource_agents, @@ -186,7 +186,7 @@ my $err = &GetOptions (\%options, 'without_group', 'without_fence', 'without_fence_agents', - 'without_gfs', + 'enable_gfs', 'without_gfs2', 'without_rgmanager', 'without_resource_agents', @@ -281,7 +281,7 @@ if ($help || !$err) { print "--without_group\tDisable group building (Default: enabled)\n"; print "--without_fence\tDisable fence building (Default: enabled)\n"; print "--without_fence_agents\tDisable fence_agents building (Default: enabled)\n"; - print "--without_gfs\tDisable gfs building (Default: enabled)\n"; + print "--enable_gfs\tEnable gfs building (Default: disabled)\n"; print "--without_gfs2\tDisable gfs2 building (Default: enabled)\n"; print "--without_rgmanager\tDisable rgmanager building (Default: enabled)\n"; print "--without_resource_agents\tDisable resource agents building (Default: enabled)\n"; @@ -643,8 +643,8 @@ if (!$without_fence_agents) { } else { $fence_agents="none"; } -if (!$without_gfs) { - $without_gfs=""; +if (!$enable_gfs) { + $enable_gfs=""; } if (!$without_gfs2) { $without_gfs2=""; @@ -659,9 +659,9 @@ if (!$without_bindings) { $without_bindings=""; } if (!$without_kernel_modules) { - $without_gfskernel=$without_gfs; + $enable_gfskernel=$enable_gfs; } else { - $without_gfskernel=1; + $enable_gfskernel=""; } if (!$disable_kernel_check) { $disable_kernel_check=0; @@ -781,8 +781,8 @@ while (<IFILE>) { $_ =~ s/\@DISABLE_DLM\@/$without_dlm/; $_ =~ s/\@DISABLE_GROUP\@/$without_group/; $_ =~ s/\@DISABLE_FENCE\@/$without_fence/; - $_ =~ s/\@DISABLE_GFS\@/$without_gfs/; - $_ =~ s/\@DISABLE_GFSKERNEL\@/$without_gfskernel/; + $_ =~ s/\@ENABLE_GFS\@/$enable_gfs/; + $_ =~ s/\@ENABLE_GFSKERNEL\@/$enable_gfskernel/; $_ =~ s/\@DISABLE_GFS2\@/$without_gfs2/; $_ =~ s/\@DISABLE_RGMANAGER\@/$without_rgmanager/; $_ =~ s/\@DISABLE_RESOURCE_AGENTS\@/$without_resource_agents/; diff --git a/make/defines.mk.input b/make/defines.mk.input index d36db8b..2834872 100644 --- a/make/defines.mk.input +++ b/make/defines.mk.input @@ -73,14 +73,14 @@ experimental_build ?= @ENABLE_CRACK_OF_THE_DAY@ legacy_code ?= @ENABLE_LEGACY_CODE@ contrib_code ?= @ENABLE_CONTRIB@ enable_pacemaker ?= @ENABLE_PACEMAKER@ -without_gfs-kernel/src/gfs ?= @DISABLE_GFSKERNEL@ +enable_gfs-kernel/src/gfs ?= @ENABLE_GFSKERNEL@ without_common ?= @DISABLE_COMMON@ without_config ?= @DISABLE_CONFIG@ without_cman ?= @DISABLE_CMAN@ without_dlm ?= @DISABLE_DLM@ without_group ?= @DISABLE_GROUP@ without_fence ?= @DISABLE_FENCE@ -without_gfs ?= @DISABLE_GFS@ +enable_gfs ?= @ENABLE_GFS@ without_gfs2 ?= @DISABLE_GFS2@ without_rgmanager ?= @DISABLE_RGMANAGER@ without_resource_agents ?= @DISABLE_RESOURCE_AGENTS@

14 years, 3 months

1
0
0 / 0

fence-agents: master - fence lpar: fix quoting

by Fabio M. Di Nitto

Gitweb: http://git.fedorahosted.org/git/fence-agents.git?p=fence-agents.git;a=com... Commit: 55937766711d33f8941682cc76ac9fae1661c1ca Parent: 1c1883f8d650a8c1b1fe03ad4a47654031be4c96 Author: Fabio M. Di Nitto <fdinitto(a)redhat.com> AuthorDate: Wed Jan 6 20:14:21 2010 +0100 Committer: Fabio M. Di Nitto <fdinitto(a)redhat.com> CommitterDate: Wed Jan 6 20:16:27 2010 +0100 fence lpar: fix quoting Signed-off-by: Fabio M. Di Nitto <fdinitto(a)redhat.com> --- fence/agents/lpar/fence_lpar.py | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/fence/agents/lpar/fence_lpar.py b/fence/agents/lpar/fence_lpar.py index 444cacf..3c4cc8c 100644 --- a/fence/agents/lpar/fence_lpar.py +++ b/fence/agents/lpar/fence_lpar.py @@ -138,8 +138,9 @@ def main(): atexit.register(atexit_handler) - all_opt["login_timeout"]["default"] = 15 - all_opt["secure"]["default"] = 1 + all_opt["login_timeout"]["default"] = "15" + all_opt["secure"]["default"] = "1" + options = check_input(device_opt, process_input(device_opt)) ##

14 years, 3 months

1
0
0 / 0

cluster: STABLE3 - fence lpar: fix quoting

by Fabio M. Di Nitto

Gitweb: http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=... Commit: dcfbe7b0ae44bfc84c1e6ec20f643c8bf8deefb5 Parent: e58857309b1491f4b780211eea9523589a1cdf66 Author: Fabio M. Di Nitto <fdinitto(a)redhat.com> AuthorDate: Wed Jan 6 20:14:21 2010 +0100 Committer: Fabio M. Di Nitto <fdinitto(a)redhat.com> CommitterDate: Wed Jan 6 20:14:21 2010 +0100 fence lpar: fix quoting Signed-off-by: Fabio M. Di Nitto <fdinitto(a)redhat.com> --- fence/agents/lpar/fence_lpar.py | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fence/agents/lpar/fence_lpar.py b/fence/agents/lpar/fence_lpar.py index c8bf22f..00ea66c 100644 --- a/fence/agents/lpar/fence_lpar.py +++ b/fence/agents/lpar/fence_lpar.py @@ -138,8 +138,8 @@ def main(): atexit.register(atexit_handler) - all_opt["login_timeout"]["default"] = 15 - all_opt["secure"]["default"] = 1 + all_opt["login_timeout"]["default"] = "15" + all_opt["secure"]["default"] = "1" options = check_input(device_opt, process_input(device_opt))

14 years, 3 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

cluster-commits January 2010