From efb3d92f5c122dc1631ba43013e3fccb8ecff5ae Mon Sep 17 00:00:00 2001 From: Ken Gaillot Date: Apr 07 2021 22:24:59 +0000 Subject: Fix: tools: properly detect local node name cibsecret had two serious problems when generating a list of other nodes to sync secrets to: * It used `uname -n` to remove the local node from the list. If the local node name is different from its uname, this could cause local secrets to be removed from the local node rather than synced to other nodes. * It removed not just the local node name, but any node name that contained the local node name as a substring (e.g. "node1" and "node10"). This could cause secrets to not be synced to such nodes. Now, use `crm_node -n` to determine the local node name, check crm_node for errors to get better error messages, and remove only the node name that matches the local node name in its entirety. patch_name: 015-cibsecret.patch present_in_specfile: true location_in_specfile: 15 squash_commits: true --- diff --git a/tools/cibsecret.in b/tools/cibsecret.in index dabbfc0..568833c 100644 --- a/tools/cibsecret.in +++ b/tools/cibsecret.in @@ -163,8 +163,14 @@ check_env() { # This must be called (and return success) before calling $rsh or $rcp_to_from get_live_peers() { + # Get local node name + GLP_LOCAL_NODE="$(crm_node -n)" + [ $? -eq 0 ] || fatal "couldn't get local node name" + # Get a list of all other cluster nodes - GLN_ALL_NODES="$(crm_node -l | awk '{print $2}' | grep -v "$(uname -n)")" + GLP_ALL_PEERS="$(crm_node -l)" + [ $? -eq 0 ] || fatal "couldn't determine cluster nodes" + GLP_ALL_PEERS="$(echo "$GLP_ALL_PEERS" | awk '{print $2}' | grep -v "^${GLP_LOCAL_NODE}$")" # Make a list of those that respond to pings if [ "$(id -u)" = "0" ] && which fping >/dev/null 2>&1; then