Replace uses of strtok() with g_strsplit() and friends

[nrwahl2]

Most of this seems fairly straightforward, but the fencer changes related to pcmk_delay_base and pcmk_host_map could use some testing. The existing code was unintelligible to me at first, so it required a LOT of small, incremental changes.

[nrwahl2]

This is pretty big regardless. So depending on the speed of reviewing it, we could break off the fencer commits into a later PR, and maybe work on sharing code with build_port_aliases() as mentioned in the TODO comment.

I don't love the idea of pulling this parsing code into libcrmcommon or libpacemaker, since only the fencer uses this syntax. However, that would allow for unit testing if we did.

[nrwahl2]

One cts-fencing test fails currently:

Pattern Not Matched = 'Delaying 'off' action targeting node3 using true2 for 1s | timeout=120s requested_delay=0s base=1s max=2s'
FAILURE - 'topology_delays' failed. 1 patterns out of 8 not matched. 0 negative matches.

Edit: Added a commit to fix this in the test

[nrwahl2]

This is wrong. There could be a single mapping -- though if there are no delimiters, we don't want to throw an error if it's an interval instead of a mapping.

[clumens]

Does this still need to be addressed?

[nrwahl2]

Yes

[clumens]

These calls could be replaced with:

g_string_append_printf(buf, "\"%s\"", *value);

[nrwahl2]

Yeah, they can. It's a question of whether we want to.

If you look around at all the places where we build GStrings, we almost never use g_string_append_printf(). We basically use it only when we need to stringify a number or something. Otherwise, we use g_string_append(), g_string_append_c(), and pcmk__g_strcat() (a macro that chains together g_string_append() calls).

The reason? The usual. Performance. When we first decided to start moving to GStrings to avoid static buffer size limitations, we obsessively ran performance tests using crm_simulate and pcmk_simtimes. We found that using string formatting functions like g_string_append_printf() or even crm_strdup_printf() carried a lot of overhead. They reliably made a difference of a few percentage points in the runtimes of simulations on certain scheduler inputs. So we decided to avoid them wherever possible. A string or a character can be appended to a GString without any formatting.

With all of that said... I'm not convinced that a 5% slowdown (for example) is important enough to matter, if the printf() alternatives are more readable. The flip side of course is that if we make several changes that each cause a 5% slowdown, it will start to matter.

[nrwahl2]

I should explicitly say: let me know your thoughts on the above.

In any case, performance shouldn't matter much when displaying options. I continued to follow that "rule" here more for consistency.

[clumens]

Note that if PCMK__OCF_RA_PATH is NULL, this will assert instead of return false like we previously did. I have not gone back and checked previous patches to see if this is taken into consideration in those.

[nrwahl2]

It doesn't look like it can be NULL, since it's set by the configure script. I can add a comment to that effect. I'm afraid Coverity will complain about an always-true condition if I check whether it's NULL.

Edit: On second thought it feels silly to add a comment, since we generally assume our macros are defined in a reasonable way. I can add assertions for dirs here and elsewhere though.

[clumens]

Does this still need to be addressed?

[clumens]

The docs (doc/sphinx/Pacemaker_Explained/fencing.rst) say this about pcmk_host_map:

     - A mapping of node names to ports for devices that do not understand the
       node names. For example, ``node1:1;node2:2,3`` tells the cluster to use
       port 1 for ``node1`` and ports 2 and 3 for ``node2``. If
       ``pcmk_host_check`` is explicitly set to ``static-list``, either this or
       ``pcmk_host_list`` must be set. The port portion of the map may contain
       special characters such as spaces if preceded by a backslash *(since 2.1.2)*.

I'm unclear on what a "port" is in this context, and what characters are valid in the definition of a port. I'd like to make sure that if we are expected to support characters such as spaces in port names, that the new parsing code handles that without backslashes. Also, since this has been present since 2.1.2, I'm a little concerned about breaking whoever is using this right now regardless of how little sense it makes or how it is currently mangled in the XML.

[nrwahl2]

"Port" comes from a time when it was more common for fencing to target a shared power supply or network switch. For example:

the nodes each have two independent Power Supply Units (PSUs) connected to two independent Power Distribution Units (PDUs) reachable at 198.51.100.1 (port 10 and port 11) and 203.0.113.1 (port 10 and port 11)

Ref https://clusterlabs.org/projects/pacemaker/doc/3.0/Pacemaker_Explained/singlehtml/#example-dual-layer-dual-device-fencing-topologies

It has since been overloaded -- for example, fence_vmware_rest uses it for the VM name. Ultimately, the meaning of a port, and thus the characters that make sense, are up to the fence agent. If the fence agent advertises support for a --plug or --port option, and pcmk_host_map is configured, then the "ports" get passed as that option by default (or as pcmk_host_argument if set).

---

I'd like to make sure that if we are expected to support characters such as spaces in port names, that the new parsing code handles that without backslashes

Previously, the backslash was just getting ignored. Wouldn't hurt to do some testing (or re-testing... not sure what I did, if anything) to be sure. But the reason I felt comfortable making this change in the first place, is that it doesn't appear to change the end result; we simply no longer skip a backslash if present.

FWIW Oyvind has no idea why e95198f was done.

---

Also, since this has been present since 2.1.2, I'm a little concerned about breaking whoever is using this right now regardless of how little sense it makes or how it is currently mangled in the XML.

Hopefully no one... but I understand your concern. This is a case where I'd be willing to take my chances in order to make the code look sane. But I'm not the one who has to do the z-stream builds.

[clumens]

While we're changing behavior... I wonder if it makes sense to return an empty mapping in the case where it's malformed. I can see going either way with it. If there's a parse error, who knows what they screwed up so maybe the entire thing is invalid. On the other hand, maybe we should try to use what we can from before the error occurred (what we're doing right now) to implement the user's configuration as much as possible.

[nrwahl2]

It's not even just "before the error occurred," but also after the error occurred. This is a sanity check to catch mappings with an empty name (node) or value (port). Note that this is happening after splitting on semicolons and whitespace. So consider the following (colons are equivalent to equal signs):

node1:port1 node2: node3:port3 :port4 node5:port5 :

The mappings for node1, node3, and node5 would get used. The mappings node2:, :port4, and : would get ignored because either the name or value was empty. I lean against throwing away the entire set of mappings in that case. But I am open to it.

[nrwahl2]

Rebased on main, no other changes yet