diff --git a/rudder-agent/SOURCES/Makefile b/rudder-agent/SOURCES/Makefile index 8f55ab4a1..a299e8375 100644 --- a/rudder-agent/SOURCES/Makefile +++ b/rudder-agent/SOURCES/Makefile @@ -24,8 +24,8 @@ RUDDER_MAJOR_VERSION := $(shell echo ${RUDDER_VERSION_TO_PACKAGE} | cut -d'.' -f FUSION_RELEASE = 2.4.3 FUSION_SHA1 = 66d6e699575e98a6c050b39ca27c72a20f5569c3 -CFENGINE_RELEASE = 3.12.3 -CFENGINE_SHA1 = 435183c47f5c95a9fe9aba0c9d4cb5b2826c0eb4 +CFENGINE_RELEASE = 3.15.0 +CFENGINE_SHA1 = 540f424a811b117a1f554d6860b3ec0da2b5758a LMDB_RELEASE = 0.9.22 LMDB_SHA1 = 5d62d4c7527f3474f60a0d87db2bfd539e6493eb # Default openssl version to use diff --git a/rudder-agent/SOURCES/patches/cfengine/12243-do-not-reload-failsafe.patch b/rudder-agent/SOURCES/patches/cfengine/12243-do-not-reload-failsafe.patch index 9273eb10c..7e3898b21 100644 --- a/rudder-agent/SOURCES/patches/cfengine/12243-do-not-reload-failsafe.patch +++ b/rudder-agent/SOURCES/patches/cfengine/12243-do-not-reload-failsafe.patch @@ -1,8 +1,8 @@ diff --git a/libpromises/generic_agent.c b/libpromises/generic_agent.c -index e2da48bc8..1574e6827 100644 +index 8441bfb62..fb9f8d100 100644 --- a/libpromises/generic_agent.c +++ b/libpromises/generic_agent.c -@@ -156,43 +156,9 @@ Policy *SelectAndLoadPolicy(GenericAgentConfig *config, EvalContext *ctx, bool v +@@ -156,44 +156,9 @@ Policy *SelectAndLoadPolicy(GenericAgentConfig *config, EvalContext *ctx, bool v { policy = LoadPolicy(ctx, config); } @@ -31,7 +31,8 @@ index e2da48bc8..1574e6827 100644 - - char filename[PATH_MAX]; - GetReleaseIdFile(GetInputDir(), filename, sizeof(filename)); -- FILE *release_id_stream = safe_fopen(filename, "w"); +- FILE *release_id_stream = safe_fopen_create_perms(filename, "w", +- CF_PERMS_DEFAULT); - if (release_id_stream == NULL) - { - Log(LOG_LEVEL_ERR, "Failed to open the release_id file for writing during failsafe"); diff --git a/rudder-agent/SOURCES/patches/cfengine/13310-disable-openssl-engine.patch b/rudder-agent/SOURCES/patches/cfengine/13310-disable-openssl-engine.patch deleted file mode 100644 index fe21329c0..000000000 --- a/rudder-agent/SOURCES/patches/cfengine/13310-disable-openssl-engine.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/libutils/libcrypto-compat.c b/libutils/libcrypto-compat.c -index bf39f574f..5d29b7cfb 100644 ---- a/libutils/libcrypto-compat.c -+++ b/libutils/libcrypto-compat.c -@@ -14,7 +14,7 @@ - #if OPENSSL_VERSION_NUMBER < 0x10100000L - - #include --#include -+//#include - #include /* BN_* */ - - diff --git a/rudder-agent/SOURCES/patches/cfengine/14342-global-connection-cache.patch b/rudder-agent/SOURCES/patches/cfengine/14342-global-connection-cache.patch deleted file mode 100644 index d165cfa11..000000000 --- a/rudder-agent/SOURCES/patches/cfengine/14342-global-connection-cache.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 12b51e3ef25585789e4299dd2ceadacbccbeeda2 Mon Sep 17 00:00:00 2001 -From: Alexis Mousset -Date: Tue, 19 Feb 2019 17:57:31 +0100 -Subject: [PATCH] CFE-2678: Global connection cache - -Currently the connection cache is reset after each bundle pass. -This limits its effectivity, as all policies do not group file copies -in the same bundle pass. This was apprently done to limit the risk -of reusing broken connections. - -This commit keeps a unique connection cache for the whole agent run, -and adds an error detection mechanism to avoid reusing broken cached -connections. ---- - cf-agent/cf-agent.c | 5 +++-- - libcfnet/conn_cache.c | 16 ++++++++++++++++ - 2 files changed, 19 insertions(+), 2 deletions(-) - -diff --git a/cf-agent/cf-agent.c b/cf-agent/cf-agent.c -index c78e879d4d..9a0b3f8577 100644 ---- a/cf-agent/cf-agent.c -+++ b/cf-agent/cf-agent.c -@@ -267,10 +267,13 @@ int main(int argc, char *argv[]) - - GenericAgentPostLoadInit(ctx); - ThisAgentInit(); -+ ConnCache_Init(); - - BeginAudit(); - KeepPromises(ctx, policy, config); - -+ ConnCache_Destroy(); -+ - if (EvalAborted(ctx)) - { - ret = EC_EVAL_ABORTED; -@@ -1812,7 +1815,6 @@ static int NewTypeContext(TypeSequence type) - break; - - case TYPE_SEQUENCE_FILES: -- ConnCache_Init(); - break; - - case TYPE_SEQUENCE_PROCESSES: -@@ -1846,7 +1848,6 @@ static void DeleteTypeContext(EvalContext *ctx, TypeSequence type) - break; - - case TYPE_SEQUENCE_FILES: -- ConnCache_Destroy(); - break; - - case TYPE_SEQUENCE_PROCESSES: -diff --git a/libcfnet/conn_cache.c b/libcfnet/conn_cache.c -index 1c9e7d65d9..67aef3b84a 100644 ---- a/libcfnet/conn_cache.c -+++ b/libcfnet/conn_cache.c -@@ -128,6 +128,22 @@ AgentConnection *ConnCache_FindIdleMarkBusy(const char *server, - { - assert(svp->status == CONNCACHE_STATUS_IDLE); - -+ // Check connection state before returning it -+ int error = 0; -+ socklen_t len = sizeof(error); -+ if (getsockopt(svp->conn->conn_info->sd, SOL_SOCKET, SO_ERROR, &error, &len) < 0) -+ { -+ Log(LOG_LEVEL_DEBUG, "FindIdle: found connection to '%s' but could not get socket status, skipping.", -+ server); -+ continue; -+ } -+ if (error != 0) -+ { -+ Log(LOG_LEVEL_DEBUG, "FindIdle: found connection to '%s' but connection is broken, skipping.", -+ server); -+ continue; -+ } -+ - Log(LOG_LEVEL_VERBOSE, "FindIdle:" - " found connection to '%s' already open and ready.", - server); diff --git a/rudder-agent/SOURCES/patches/cfengine/14516-connection-cache-improvements.patch b/rudder-agent/SOURCES/patches/cfengine/14516-connection-cache-improvements.patch deleted file mode 100644 index 13d9baf0f..000000000 --- a/rudder-agent/SOURCES/patches/cfengine/14516-connection-cache-improvements.patch +++ /dev/null @@ -1,168 +0,0 @@ -From ff3f4fd55576cbd90394fffde5b303795308da3d Mon Sep 17 00:00:00 2001 -From: Vratislav Podzimek -Date: Thu, 21 Mar 2019 16:12:22 +0100 -Subject: [PATCH 1/2] Mark broken connections in the connection cache as such - -So that we don't have to query them over and over which is more -expensive than just checking a status flag. - -Ticket: CFE-2678 -Changelog: None ---- - libcfnet/conn_cache.c | 9 +++++++++ - libcfnet/conn_cache.h | 3 ++- - 2 files changed, 11 insertions(+), 1 deletion(-) - -diff --git a/libcfnet/conn_cache.c b/libcfnet/conn_cache.c -index 67aef3b84a..69d78b9954 100644 ---- a/libcfnet/conn_cache.c -+++ b/libcfnet/conn_cache.c -@@ -124,6 +124,12 @@ AgentConnection *ConnCache_FindIdleMarkBusy(const char *server, - " connection to '%s' is marked as offline.", - server); - } -+ else if (svp->status == CONNCACHE_STATUS_BROKEN) -+ { -+ Log(LOG_LEVEL_DEBUG, -+ "FindIdle: connection to '%s' is marked as broken.", -+ server); -+ } - else if (svp->conn->conn_info->sd >= 0) - { - assert(svp->status == CONNCACHE_STATUS_IDLE); -@@ -135,12 +141,14 @@ AgentConnection *ConnCache_FindIdleMarkBusy(const char *server, - { - Log(LOG_LEVEL_DEBUG, "FindIdle: found connection to '%s' but could not get socket status, skipping.", - server); -+ svp->status = CONNCACHE_STATUS_BROKEN; - continue; - } - if (error != 0) - { - Log(LOG_LEVEL_DEBUG, "FindIdle: found connection to '%s' but connection is broken, skipping.", - server); -+ svp->status = CONNCACHE_STATUS_BROKEN; - continue; - } - -@@ -157,6 +165,7 @@ AgentConnection *ConnCache_FindIdleMarkBusy(const char *server, - Log(LOG_LEVEL_VERBOSE, "FindIdle:" - " connection to '%s' has invalid socket descriptor %d!", - server, svp->conn->conn_info->sd); -+ svp->status = CONNCACHE_STATUS_BROKEN; - } - } - } -diff --git a/libcfnet/conn_cache.h b/libcfnet/conn_cache.h -index b76c7c522f..16247c3e9f 100644 ---- a/libcfnet/conn_cache.h -+++ b/libcfnet/conn_cache.h -@@ -32,7 +32,8 @@ enum ConnCacheStatus - { - CONNCACHE_STATUS_IDLE = 0, - CONNCACHE_STATUS_BUSY, -- CONNCACHE_STATUS_OFFLINE -+ CONNCACHE_STATUS_OFFLINE, -+ CONNCACHE_STATUS_BROKEN, - }; - - - -From 4dae5b25aab8d44ed7b16f95a56e8f6816c217ee Mon Sep 17 00:00:00 2001 -From: Vratislav Podzimek -Date: Thu, 21 Mar 2019 16:44:08 +0100 -Subject: [PATCH 2/2] Reorganize the checks of connection cache entries - -Checking flags is cheaper than comparing strings. And the code -can also be more readable if we use our nice utility functions -for comparing strings in safe ways. - -Ticket: CFE-2678 -Changelog: None ---- - libcfnet/conn_cache.c | 56 ++++++++++++++++++++++++------------------- - 1 file changed, 31 insertions(+), 25 deletions(-) - -diff --git a/libcfnet/conn_cache.c b/libcfnet/conn_cache.c -index 69d78b9954..cf3ffd08b7 100644 ---- a/libcfnet/conn_cache.c -+++ b/libcfnet/conn_cache.c -@@ -32,6 +32,7 @@ - #include /* ThreadLock */ - #include /* Hostname2IPString */ - #include /* CF_ASSERT */ -+#include /* StringSafeEqual */ - - - /** -@@ -88,6 +89,16 @@ void ConnCache_Destroy() - ThreadUnlock(&cft_conncache); - } - -+static bool ConnCacheEntryMatchesConnection(ConnCache_entry *entry, -+ const char *server, -+ const char *port, -+ ConnectionFlags flags) -+{ -+ return ConnectionFlagsEqual(&flags, &entry->conn->flags) && -+ StringSafeEqual(port, entry->conn->this_port) && -+ StringSafeEqual(server, entry->conn->this_server); -+} -+ - AgentConnection *ConnCache_FindIdleMarkBusy(const char *server, - const char *port, - ConnectionFlags flags) -@@ -105,32 +116,27 @@ AgentConnection *ConnCache_FindIdleMarkBusy(const char *server, - "FindIdle: NULL connection in ConnCache_entry!"); - - -- if (strcmp(server, svp->conn->this_server) == 0 && -- ConnectionFlagsEqual(&flags, &svp->conn->flags) && -- (port == svp->conn->this_port -- || -- (port != NULL && svp->conn->this_port != NULL && -- strcmp(port, svp->conn->this_port) == 0))) -+ if (svp->status == CONNCACHE_STATUS_BUSY) - { -- if (svp->status == CONNCACHE_STATUS_BUSY) -- { -- Log(LOG_LEVEL_DEBUG, "FindIdle:" -- " connection to '%s' seems to be busy.", -- server); -- } -- else if (svp->status == CONNCACHE_STATUS_OFFLINE) -- { -- Log(LOG_LEVEL_DEBUG, "FindIdle:" -- " connection to '%s' is marked as offline.", -- server); -- } -- else if (svp->status == CONNCACHE_STATUS_BROKEN) -- { -- Log(LOG_LEVEL_DEBUG, -- "FindIdle: connection to '%s' is marked as broken.", -- server); -- } -- else if (svp->conn->conn_info->sd >= 0) -+ Log(LOG_LEVEL_DEBUG, -+ "FindIdle: connection %p seems to be busy.", -+ svp->conn); -+ } -+ else if (svp->status == CONNCACHE_STATUS_OFFLINE) -+ { -+ Log(LOG_LEVEL_DEBUG, -+ "FindIdle: connection %p is marked as offline.", -+ svp->conn); -+ } -+ else if (svp->status == CONNCACHE_STATUS_BROKEN) -+ { -+ Log(LOG_LEVEL_DEBUG, -+ "FindIdle: connection %p is marked as broken.", -+ svp->conn); -+ } -+ else if (ConnCacheEntryMatchesConnection(svp, server, port, flags)) -+ { -+ if (svp->conn->conn_info->sd >= 0) - { - assert(svp->status == CONNCACHE_STATUS_IDLE); - -