diff --git a/RHEL-76495-fence_azure_arm-use-azure-identity.patch b/RHEL-76495-fence_azure_arm-use-azure-identity.patch new file mode 100644 index 0000000..b4926b5 --- /dev/null +++ b/RHEL-76495-fence_azure_arm-use-azure-identity.patch @@ -0,0 +1,440 @@ +--- a/lib/azure_fence.py.py 2024-11-20 11:39:38.000000000 +0100 ++++ b/lib/azure_fence.py.py 2025-01-31 13:17:28.131375401 +0100 +@@ -14,8 +14,9 @@ + IP_TYPE_DYNAMIC = "Dynamic" + MAX_RETRY = 10 + RETRY_WAIT = 5 +-COMPUTE_CLIENT_API_VERSION = "2021-11-01" + NETWORK_MGMT_CLIENT_API_VERSION = "2021-05-01" ++AZURE_RHEL8_COMPUTE_VERSION = "27.2.0" ++AZURE_COMPUTE_VERSION_5 = "5.0.0" + + class AzureSubResource: + Type = None +@@ -88,6 +89,59 @@ + + return resource + ++def azure_dep_versions(v): ++ return tuple(map(int, (v.split(".")))) ++ ++# Do azure API call to list all virtual machines in a resource group ++def get_vm_list(compute_client,rgName): ++ return compute_client.virtual_machines.list(rgName) ++ ++# Do azue API call to shutdown a virtual machine ++def do_vm_power_off(compute_client,rgName,vmName, skipShutdown): ++ try: ++ # Version is not available in azure-mgmt-compute version 14.0.0 until 27.2.0 ++ from azure.mgmt.compute import __version__ ++ except ImportError: ++ __version__ = "0.0.0" ++ ++ # use different implementation call based on used version ++ if (azure_dep_versions(__version__) == azure_dep_versions(AZURE_COMPUTE_VERSION_5)): ++ logging.debug("{do_vm_power_off} azure.mgtm.compute version is to old to use 'begin_power_off' use 'power_off' function") ++ compute_client.virtual_machines.power_off(rgName, vmName, skip_shutdown=skipShutdown) ++ return ++ ++ compute_client.virtual_machines.begin_power_off(rgName, vmName, skip_shutdown=skipShutdown) ++ ++# Do azure API call to start a virtual machine ++def do_vm_start(compute_client,rgName,vmName): ++ try: ++ # Version is not available in azure-mgmt-compute version 14.0.0 until 27.2.0 ++ from azure.mgmt.compute import __version__ ++ except ImportError: ++ __version__ = "0.0.0" ++ ++ # use different implementation call based on used version ++ if (azure_dep_versions(__version__) == azure_dep_versions(AZURE_COMPUTE_VERSION_5)): ++ logging.debug("{do_vm_start} azure.mgtm.compute version is to old to use 'begin_start' use 'start' function") ++ compute_client.virtual_machines.start(rgName, vmName) ++ return ++ ++ compute_client.virtual_machines.begin_start(rgName, vmName) ++ ++def get_vm_resource(compute_client, rgName, vmName): ++ try: ++ # Version is not available in azure-mgmt-compute version 14.0.0 until 27.2.0 ++ from azure.mgmt.compute import __version__ ++ except ImportError: ++ __version__ = "0.0.0" ++ ++ # use different implementation call based on used version ++ if (azure_dep_versions(__version__) <= azure_dep_versions(AZURE_RHEL8_COMPUTE_VERSION)): ++ return compute_client.virtual_machines.get(rgName, vmName, "instanceView") ++ ++ return compute_client.virtual_machines.get(resource_group_name=rgName, vm_name=vmName,expand="instanceView") ++ ++ + def get_fence_subnet_for_config(ipConfig, network_client): + subnetResource = get_azure_resource(ipConfig.subnet.id) + logging.debug("{get_fence_subnet_for_config} testing virtual network %s in resource group %s for a fence subnet" %(subnetResource.ResourceName, subnetResource.ResourceGroupName)) +@@ -154,7 +208,7 @@ + result = FENCE_STATE_ON + + try: +- vm = compute_client.virtual_machines.get(rgName, vmName, "instanceView") ++ vm = get_vm_resource(compute_client, rgName, vmName) + + allNICOK = True + for nicRef in vm.network_profile.network_interfaces: +@@ -181,7 +235,7 @@ + import msrestazure.azure_exceptions + logging.info("{set_network_state} Setting state %s for %s in resource group %s" % (operation, vmName, rgName)) + +- vm = compute_client.virtual_machines.get(rgName, vmName, "instanceView") ++ vm = get_vm_resource(compute_client,rgName, vmName) + + operations = [] + for nicRef in vm.network_profile.network_interfaces: +@@ -270,10 +324,72 @@ + + return config + ++# Function to fetch endpoints from metadata endpoint for azure_stack ++def get_cloud_from_arm_metadata_endpoint(arm_endpoint): ++ try: ++ import requests ++ session = requests.Session() ++ metadata_endpoint = arm_endpoint + "/metadata/endpoints?api-version=2015-01-01" ++ response = session.get(metadata_endpoint) ++ if response.status_code == 200: ++ metadata = response.json() ++ return { ++ "resource_manager": arm_endpoint, ++ "credential_scopes": [metadata.get("graphEndpoint") + "/.default"], ++ "authority_hosts": metadata['authentication'].get('loginEndpoint').replace("https://","") ++ } ++ else: ++ fail_usage("Failed to get cloud from metadata endpoint: %s - %s" % arm_endpoint, e) ++ except Exception as e: ++ fail_usage("Failed to get cloud from metadata endpoint: %s - %s" % arm_endpoint, e) ++ ++def get_azure_arm_endpoints(cloudName, authority): ++ cloudEnvironment = { ++ "authority_hosts": authority ++ } ++ ++ if cloudName == "AZURE_CHINA_CLOUD": ++ cloudEnvironment["resource_manager"] = "https://management.chinacloudapi.cn/" ++ cloudEnvironment["credential_scopes"] = ["https://management.chinacloudapi.cn/.default"] ++ return cloudEnvironment ++ ++ if cloudName == "AZURE_US_GOV_CLOUD": ++ cloudEnvironment["resource_manager"] = "https://management.usgovcloudapi.net/" ++ cloudEnvironment["credential_scopes"] = ["https://management.core.usgovcloudapi.net/.default"] ++ return cloudEnvironment ++ ++ if cloudName == "AZURE_PUBLIC_CLOUD": ++ cloudEnvironment["resource_manager"] = "https://management.azure.com/" ++ cloudEnvironment["credential_scopes"] = ["https://management.azure.com/.default"] ++ return cloudEnvironment ++ ++ + def get_azure_cloud_environment(config): +- cloud_environment = None +- if config.Cloud: ++ if (config.Cloud is None): ++ config.Cloud = "public" ++ ++ try: ++ from azure.identity import AzureAuthorityHosts ++ ++ azureCloudName = "AZURE_PUBLIC_CLOUD" ++ authorityHosts = AzureAuthorityHosts.AZURE_PUBLIC_CLOUD + if (config.Cloud.lower() == "china"): ++ azureCloudName = "AZURE_CHINA_CLOUD" ++ authorityHosts = AzureAuthorityHosts.AZURE_CHINA ++ elif (config.Cloud.lower() == "usgov"): ++ azureCloudName = "AZURE_US_GOV_CLOUD" ++ authorityHosts = AzureAuthorityHosts.AZURE_GOVERNMENT ++ elif (config.Cloud.lower() == "stack"): ++ # use custom function to call the azuer stack metadata endpoint to get required configuration. ++ return get_cloud_from_arm_metadata_endpoint(config.MetadataEndpoint) ++ ++ return get_azure_arm_endpoints(azureCloudName, authorityHosts) ++ ++ except ImportError: ++ if (config.Cloud.lower() == "public"): ++ from msrestazure.azure_cloud import AZURE_PUBLIC_CLOUD ++ cloud_environment = AZURE_PUBLIC_CLOUD ++ elif (config.Cloud.lower() == "china"): + from msrestazure.azure_cloud import AZURE_CHINA_CLOUD + cloud_environment = AZURE_CHINA_CLOUD + elif (config.Cloud.lower() == "germany"): +@@ -286,61 +402,44 @@ + from msrestazure.azure_cloud import get_cloud_from_metadata_endpoint + cloud_environment = get_cloud_from_metadata_endpoint(config.MetadataEndpoint) + +- return cloud_environment ++ authority_hosts = cloud_environment.endpoints.active_directory.replace("http://","") ++ return { ++ "resource_manager": cloud_environment.endpoints.resource_manager, ++ "credential_scopes": [cloud_environment.endpoints.active_directory_resource_id + "/.default"], ++ "authority_hosts": authority_hosts, ++ "cloud_environment": cloud_environment, ++ } + + def get_azure_credentials(config): + credentials = None + cloud_environment = get_azure_cloud_environment(config) +- if config.UseMSI and cloud_environment: ++ if config.UseMSI: + try: + from azure.identity import ManagedIdentityCredential +- credentials = ManagedIdentityCredential(cloud_environment=cloud_environment) ++ credentials = ManagedIdentityCredential(authority=cloud_environment["authority_hosts"]) + except ImportError: + from msrestazure.azure_active_directory import MSIAuthentication +- credentials = MSIAuthentication(cloud_environment=cloud_environment) +- elif config.UseMSI: +- try: +- from azure.identity import ManagedIdentityCredential +- credentials = ManagedIdentityCredential() +- except ImportError: +- from msrestazure.azure_active_directory import MSIAuthentication +- credentials = MSIAuthentication() +- elif cloud_environment: +- try: +- # try to use new libraries ClientSecretCredential (azure.identity, based on azure.core) +- from azure.identity import ClientSecretCredential +- credentials = ClientSecretCredential( +- client_id = config.ApplicationId, +- client_secret = config.ApplicationKey, +- tenant_id = config.Tenantid, +- cloud_environment=cloud_environment +- ) +- except ImportError: +- # use old libraries ServicePrincipalCredentials (azure.common) if new one is not available +- from azure.common.credentials import ServicePrincipalCredentials +- credentials = ServicePrincipalCredentials( +- client_id = config.ApplicationId, +- secret = config.ApplicationKey, +- tenant = config.Tenantid, +- cloud_environment=cloud_environment +- ) +- else: +- try: +- # try to use new libraries ClientSecretCredential (azure.identity, based on azure.core) +- from azure.identity import ClientSecretCredential +- credentials = ClientSecretCredential( +- client_id = config.ApplicationId, +- client_secret = config.ApplicationKey, +- tenant_id = config.Tenantid +- ) +- except ImportError: +- # use old libraries ServicePrincipalCredentials (azure.common) if new one is not available +- from azure.common.credentials import ServicePrincipalCredentials +- credentials = ServicePrincipalCredentials( +- client_id = config.ApplicationId, +- secret = config.ApplicationKey, +- tenant = config.Tenantid +- ) ++ credentials = MSIAuthentication(cloud_environment=cloud_environment["cloud_environment"]) ++ return credentials ++ ++ try: ++ # try to use new libraries ClientSecretCredential (azure.identity, based on azure.core) ++ from azure.identity import ClientSecretCredential ++ credentials = ClientSecretCredential( ++ client_id = config.ApplicationId, ++ client_secret = config.ApplicationKey, ++ tenant_id = config.Tenantid, ++ authority=cloud_environment["authority_hosts"] ++ ) ++ except ImportError: ++ # use old libraries ServicePrincipalCredentials (azure.common) if new one is not available ++ from azure.common.credentials import ServicePrincipalCredentials ++ credentials = ServicePrincipalCredentials( ++ client_id = config.ApplicationId, ++ secret = config.ApplicationKey, ++ tenant = config.Tenantid, ++ cloud_environment=cloud_environment["cloud_environment"] ++ ) + + return credentials + +@@ -350,39 +449,40 @@ + cloud_environment = get_azure_cloud_environment(config) + credentials = get_azure_credentials(config) + +- if cloud_environment: +- if (config.Cloud.lower() == "stack") and not config.MetadataEndpoint: +- fail_usage("metadata-endpoint not specified") ++ # Try to read the default used api version from the installed package. ++ try: ++ compute_api_version = ComputeManagementClient.LATEST_PROFILE.get_profile_dict()["azure.mgmt.compute.ComputeManagementClient"]["virtual_machines"] ++ except Exception as e: ++ compute_api_version = ComputeManagementClient.DEFAULT_API_VERSION ++ logging.debug("{get_azure_compute_client} Failed to get the latest profile: %s using the default api version %s" % (e, compute_api_version)) + +- try: +- from azure.profiles import KnownProfiles +- if (config.Cloud.lower() == "stack"): +- client_profile = KnownProfiles.v2020_09_01_hybrid +- credential_scope = cloud_environment.endpoints.active_directory_resource_id + "/.default" +- else: +- client_profile = KnownProfiles.default +- credential_scope = cloud_environment.endpoints.resource_manager + "/.default" +- compute_client = ComputeManagementClient( +- credentials, +- config.SubscriptionId, +- base_url=cloud_environment.endpoints.resource_manager, +- profile=client_profile, +- credential_scopes=[credential_scope], +- api_version=COMPUTE_CLIENT_API_VERSION +- ) +- except TypeError: +- compute_client = ComputeManagementClient( +- credentials, +- config.SubscriptionId, +- base_url=cloud_environment.endpoints.resource_manager, +- api_version=COMPUTE_CLIENT_API_VERSION +- ) +- else: ++ logging.debug("{get_azure_compute_client} use virtual_machine api version: %s" %(compute_api_version)) ++ ++ if (config.Cloud.lower() == "stack") and not config.MetadataEndpoint: ++ fail_usage("metadata-endpoint not specified") ++ ++ try: ++ from azure.profiles import KnownProfiles ++ if (config.Cloud.lower() == "stack"): ++ client_profile = KnownProfiles.v2020_09_01_hybrid ++ else: ++ client_profile = KnownProfiles.default + compute_client = ComputeManagementClient( + credentials, + config.SubscriptionId, +- api_version=COMPUTE_CLIENT_API_VERSION ++ base_url=cloud_environment["resource_manager"], ++ profile=client_profile, ++ credential_scopes=cloud_environment["credential_scopes"], ++ api_version=compute_api_version + ) ++ except TypeError: ++ compute_client = ComputeManagementClient( ++ credentials, ++ config.SubscriptionId, ++ base_url=cloud_environment["resource_manager"], ++ api_version=compute_api_version ++ ) ++ + return compute_client + + def get_azure_network_client(config): +@@ -391,37 +491,31 @@ + cloud_environment = get_azure_cloud_environment(config) + credentials = get_azure_credentials(config) + +- if cloud_environment: +- if (config.Cloud.lower() == "stack") and not config.MetadataEndpoint: +- fail_usage("metadata-endpoint not specified") ++ if (config.Cloud.lower() == "stack") and not config.MetadataEndpoint: ++ fail_usage("metadata-endpoint not specified") + +- try: +- from azure.profiles import KnownProfiles +- if (config.Cloud.lower() == "stack"): +- client_profile = KnownProfiles.v2020_09_01_hybrid +- credential_scope = cloud_environment.endpoints.active_directory_resource_id + "/.default" +- else: +- client_profile = KnownProfiles.default +- credential_scope = cloud_environment.endpoints.resource_manager + "/.default" +- network_client = NetworkManagementClient( +- credentials, +- config.SubscriptionId, +- base_url=cloud_environment.endpoints.resource_manager, +- profile=client_profile, +- credential_scopes=[credential_scope], +- api_version=NETWORK_MGMT_CLIENT_API_VERSION +- ) +- except TypeError: +- network_client = NetworkManagementClient( +- credentials, +- config.SubscriptionId, +- base_url=cloud_environment.endpoints.resource_manager, +- api_version=NETWORK_MGMT_CLIENT_API_VERSION +- ) ++ ++ from azure.profiles import KnownProfiles ++ ++ if (config.Cloud.lower() == "stack"): ++ client_profile = KnownProfiles.v2020_09_01_hybrid + else: ++ client_profile = KnownProfiles.default ++ ++ try: ++ network_client = NetworkManagementClient( ++ credentials, ++ config.SubscriptionId, ++ base_url=cloud_environment["resource_manager"], ++ profile=client_profile, ++ credential_scopes=cloud_environment["credential_scopes"], ++ api_version=NETWORK_MGMT_CLIENT_API_VERSION ++ ) ++ except TypeError: + network_client = NetworkManagementClient( + credentials, + config.SubscriptionId, ++ base_url=cloud_environment["resource_manager"], + api_version=NETWORK_MGMT_CLIENT_API_VERSION + ) + return network_client +--- a/agents/azure_arm/fence_azure_arm.py 2024-05-29 17:10:31.000000000 +0200 ++++ b/agents/azure_arm/fence_azure_arm.py 2025-01-30 16:20:54.833486146 +0100 +@@ -15,7 +15,7 @@ + if clients: + compute_client = clients[0] + rgName = options["--resourceGroup"] +- vms = compute_client.virtual_machines.list(rgName) ++ vms = azure_fence.get_vm_list(compute_client,rgName) + try: + for vm in vms: + result[vm.name] = ("", None) +@@ -31,7 +31,7 @@ + rgName = options["--resourceGroup"] + + try: +- vms = compute_client.virtual_machines.list(rgName) ++ vms = azure_fence.get_vm_list(compute_client,rgName) + except Exception as e: + fail_usage("Failed: %s" % e) + +@@ -72,7 +72,7 @@ + + powerState = "unknown" + try: +- vmStatus = compute_client.virtual_machines.get(rgName, vmName, expand="instanceView") ++ vmStatus = azure_fence.get_vm_resource(compute_client, rgName, vmName) + except Exception as e: + fail_usage("Failed: %s" % e) + +@@ -115,23 +115,10 @@ + + if (options["--action"]=="off"): + logging.info("Poweroff " + vmName + " in resource group " + rgName) +- try: +- # try new API version first +- compute_client.virtual_machines.begin_power_off(rgName, vmName, skip_shutdown=True) +- except AttributeError: +- # use older API verson if it fails +- logging.debug("Poweroff " + vmName + " did not work via 'virtual_machines.begin_power_off. Trying virtual_machines.power_off'.") +- compute_client.virtual_machines.power_off(rgName, vmName, skip_shutdown=True) ++ azure_fence.do_vm_power_off(compute_client, rgName, vmName, True) + elif (options["--action"]=="on"): + logging.info("Starting " + vmName + " in resource group " + rgName) +- try: +- # try new API version first +- compute_client.virtual_machines.begin_start(rgName, vmName) +- except AttributeError: +- # use older API verson if it fails +- logging.debug("Starting " + vmName + " did not work via 'virtual_machines.begin_start. Trying virtual_machines.start'.") +- compute_client.virtual_machines.start(rgName, vmName) +- ++ azure_fence.do_vm_start(compute_client, rgName, vmName) + + def define_new_opts(): + all_opt["resourceGroup"] = { diff --git a/fence-agents.spec b/fence-agents.spec index b0e400f..3a8184d 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -13,7 +13,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.16.0 -Release: 2%{?alphatag:.%{alphatag}}%{?dist} +Release: 3%{?alphatag:.%{alphatag}}%{?dist} License: GPL-2.0-or-later AND LGPL-2.0-or-later URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -48,21 +48,21 @@ Source1200: boto3-1.34.47.tar.gz Source1201: botocore-1.34.47.tar.gz Source1202: s3transfer-0.10.0.tar.gz # azure -Source1300: azure-mgmt-compute-30.5.0.tar.gz -Source1301: azure-mgmt-network-25.3.0.tar.gz -Source1302: azure-identity-1.15.0.tar.gz -Source1303: msrestazure-0.6.4.tar.gz -Source1304: adal-1.2.7.tar.gz -Source1305: azure-common-1.1.28.zip -Source1306: azure-core-1.30.0.tar.gz -Source1307: azure-mgmt-core-1.4.0.zip -Source1308: isodate-0.6.1.tar.gz -Source1309: msal-1.27.0.tar.gz -Source1310: msal-extensions-1.1.0.tar.gz -Source1311: msrest-0.7.1.zip -Source1312: certifi-2024.2.2.tar.gz -Source1313: PyJWT-2.8.0.tar.gz -Source1314: portalocker-2.8.2.tar.gz +Source1300: azure-common-1.1.28.zip +Source1301: azure_core-1.32.0.tar.gz +Source1302: azure_mgmt_core-1.5.0.tar.gz +Source1303: azure_mgmt_compute-34.0.0.tar.gz +Source1304: azure_mgmt_network-28.1.0.tar.gz +Source1305: azure_identity-1.19.0.tar.gz +Source1306: msal-1.31.1.tar.gz +Source1307: msal_extensions-1.2.0.tar.gz +Source1308: msrest-0.7.1.zip +Source1309: msrestazure-0.6.4.post1.tar.gz +Source1310: adal-1.2.7.tar.gz +Source1311: certifi-2025.1.31.tar.gz +Source1312: isodate-0.6.1.tar.gz +Source1313: portalocker-2.10.1.tar.gz +Source1314: pyjwt-2.10.1.tar.gz # google Source1400: google-api-python-client-1.12.8.tar.gz Source1401: chardet-3.0.4.tar.gz @@ -73,15 +73,16 @@ Source1405: httplib2-0.22.0.tar.gz Source1406: uritemplate-3.0.1.tar.gz Source1407: cachetools-5.3.2.tar.gz Source1408: googleapis-common-protos-1.62.0.tar.gz -Source1409: pyasn1_modules-0.3.0.tar.gz -Source1410: pyroute2-0.7.12.tar.gz -Source1411: pyroute2.core-0.6.13.tar.gz -Source1412: pyroute2.ethtool-0.6.13.tar.gz -Source1413: pyroute2.ipdb-0.6.13.tar.gz -Source1414: pyroute2.ipset-0.6.13.tar.gz -Source1415: pyroute2.ndb-0.6.13.tar.gz -Source1416: pyroute2.nftables-0.6.13.tar.gz -Source1417: pyroute2.nslink-0.6.13.tar.gz +Source1409: pyasn1-0.5.1.tar.gz +Source1410: pyasn1_modules-0.3.0.tar.gz +Source1411: pyroute2-0.7.12.tar.gz +Source1412: pyroute2.core-0.6.13.tar.gz +Source1413: pyroute2.ethtool-0.6.13.tar.gz +Source1414: pyroute2.ipdb-0.6.13.tar.gz +Source1415: pyroute2.ipset-0.6.13.tar.gz +Source1416: pyroute2.ndb-0.6.13.tar.gz +Source1417: pyroute2.nftables-0.6.13.tar.gz +Source1418: pyroute2.nslink-0.6.13.tar.gz ## NEEEDED FOR GOOGLE AUTH ## INFO: pip is looking at multiple versions of google-auth to determine which version is compatible with other requirements. This could take a while. ## ERROR: Could not find a version that satisfies the requirement rsa<5,>=3.1.4 (from google-auth) (from versions: none) @@ -97,13 +98,14 @@ Source1603: websocket-client-1.7.0.tar.gz ### END Patch0: build-pythonpath.patch -Patch1: ha-cloud-support-aliyun.patch -Patch2: ha-cloud-support-aws.patch -Patch3: ha-cloud-support-azure.patch -Patch4: ha-cloud-support-google.patch -Patch5: bundled-kubevirt.patch -Patch6: bundled-pycurl.patch -Patch7: bundled-suds.patch +Patch1: RHEL-76495-fence_azure_arm-use-azure-identity.patch +Patch2: ha-cloud-support-aliyun.patch +Patch3: ha-cloud-support-aws.patch +Patch4: ha-cloud-support-azure.patch +Patch5: ha-cloud-support-google.patch +Patch6: bundled-kubevirt.patch +Patch7: bundled-pycurl.patch +Patch8: bundled-suds.patch %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs drac5 eaton_snmp emerson eps hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti %ifarch x86_64 @@ -212,7 +214,16 @@ BuildRequires: %{systemd_units} %prep %setup -q -n %{name}-%{version}%{?rcver:%{rcver}}%{?numcomm:.%{numcomm}}%{?alphatag:-%{alphatag}}%{?dirty:-%{dirty}} -%autopatch -p1 +%patch -p1 -P 0 +%patch -p1 -P 1 +%patch -p1 -P 2 +%patch -p1 -P 3 +%patch -p1 -P 4 +%patch -p1 -P 5 +%patch -p1 -P 6 +%patch -p1 -P 7 +%patch -p1 -P 8 + # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -382,29 +393,33 @@ License: GPL-2.0-or-later AND LGPL-2.0-or-later AND Apache-2.0 AND MIT AND BSD-2 Summary: Support libraries for HA Cloud agents Requires: python3-colorama python3-docutils python3-pyyaml python3-jmespath python3-pyasn1 python3-dateutil python3-urllib3 python3-six python3-cryptography python3-cffi python3-requests python3-requests-oauthlib python3-typing-extensions python3-packaging python3-charset-normalizer python3-idna python3-oauthlib python3-pycparser python3-protobuf python3-pyparsing Requires: awscli2 +# aliyun Provides: bundled(python3-aliyun-python-sdk-ecs) = 4.24.71 Provides: bundled(python3-aliyun-python-sdk-core) = 2.14.0 Provides: bundled(python3-jmespath) = 0.10.0 Provides: bundled(aliyun-cli) = 3.0.198 Provides: bundled(aliyun-openapi-meta) = 5cf98b660 +# aws Provides: bundled(python3-boto3) = 1.34.47 Provides: bundled(python3-botocore) = 1.34.47 Provides: bundled(python3-s3transfer) = 0.10.0 -Provides: bundled(python3-azure-mgmt-compute) = 30.5.0 -Provides: bundled(python3-azure-mgmt-network) = 25.3.0 -Provides: bundled(python3-azure-identity) = 1.15.0 -Provides: bundled(python3-msrestazure) = 0.6.4 +# azure +Provides: bundled(python3-azure-common) = 1.1.28 +Provides: bundled(python3-azure-core) = 1.32.0 +Provides: bundled(python3-azure-mgmt-core) = 1.5.0 +Provides: bundled(python3-azure-mgmt-compute) = 34.0.0 +Provides: bundled(python3-azure-mgmt-network) = 28.1.0 +Provides: bundled(python3-azure-identity) = 1.19.0 +Provides: bundled(python3-msal) = 1.31.1 +Provides: bundled(python3-msal-extensions) = 1.2.0 +Provides: bundled(python3-msrest) = 0.7.1 +Provides: bundled(python3-msrestazure) = 0.6.4.post1 Provides: bundled(python3-adal) = 1.2.7 -Provides: bundled(python3-azure-common) = 1.1.28.zip -Provides: bundled(python3-azure-core) = 1.30.0 -Provides: bundled(python3-azure-mgmt-core) = 1.4.0.zip +Provides: bundled(python3-certifi) = 2025.1.31 Provides: bundled(python3-isodate) = 0.6.1 -Provides: bundled(python3-msal) = 1.27.0 -Provides: bundled(python3-msal-extensions) = 1.1.0 -Provides: bundled(python3-msrest) = 0.7.1.zip -Provides: bundled(python3-certifi) = 2024.2.2 -Provides: bundled(python3-PyJWT) = 2.8.0 -Provides: bundled(python3-portalocker) = 2.8.2 +Provides: bundled(python3-portalocker) = 2.10.1 +Provides: bundled(python3-PyJWT) = 2.10.1 +# google Provides: bundled(python3-google-api-python-client) = 1.12.8 Provides: bundled(python3-chardet) = 3.0.4 Provides: bundled(python3-google-api-core) = 1.34.1 @@ -414,6 +429,7 @@ Provides: bundled(python3-httplib2) = 0.22.0 Provides: bundled(python3-uritemplate) = 3.0.1 Provides: bundled(python3-cachetools) = 5.3.2 Provides: bundled(python3-googleapis-common-protos) = 1.62.0 +Provides: bundled(python3-pyasn1) = 0.5.1 Provides: bundled(python3-pyasn1_modules) = 0.3.0 Provides: bundled(python-pyroute2) = 0.7.12 Provides: bundled(python-pyroute2-core) = 0.6.13 @@ -1166,6 +1182,11 @@ are located on corosync cluster nodes. %endif %changelog +* Fri Jan 31 2025 Oyvind Albrigtsen - 4.16.0-3 +- fence_azure_arm: use azure-identity instead of msrestazure, which has + been deprecated + Resolves: RHEL-76495 + * Tue Nov 26 2024 Oyvind Albrigtsen - 4.16.0-2 - Move fence-agents to AppStream Resolves: RHEL-68842 diff --git a/ha-cloud-support-azure.patch b/ha-cloud-support-azure.patch index 569b543..addf332 100644 --- a/ha-cloud-support-azure.patch +++ b/ha-cloud-support-azure.patch @@ -1,12 +1,16 @@ ---- fence-agents-4.7.1/lib/azure_fence.py.py 2021-02-08 16:52:32.955244393 +0100 -+++ fence-agents-4.7.1/lib/azure_fence.py.py.modif 2021-02-08 16:52:28.150234151 +0100 -@@ -1,6 +1,9 @@ - import logging, re, time - from fencing import fail_usage - -+import sys -+sys.path.insert(0, '/usr/lib/fence-agents/support/azure/lib/python#PYTHON3_VERSION#/site-packages') -+ - FENCE_SUBNET_NAME = "fence-subnet" - FENCE_INBOUND_RULE_NAME = "FENCE_DENY_ALL_INBOUND" - FENCE_INBOUND_RULE_DIRECTION = "Inbound" +--- a/agents/azure_arm/fence_azure_arm.py 2025-01-31 15:12:38.877143460 +0100 ++++ b/agents/azure_arm/fence_azure_arm.py 2025-01-31 11:20:23.325919657 +0100 +@@ -1,6 +1,12 @@ + #!@PYTHON@ -tt + +-import sys, re, pexpect ++import sys, re ++sys.path.insert(0, '/usr/lib/fence-agents/support/common/python#PYTHON3_VERSION#/site-packages') ++sys.path.insert(1, '/usr/lib/fence-agents/support/azure/python#PYTHON3_VERSION#/site-packages') ++try: ++ import pexpect ++except: ++ pass + import logging + import atexit + import xml.etree.ElementTree as ET diff --git a/sources b/sources index 2b6f6f3..a9bdea8 100644 --- a/sources +++ b/sources @@ -15,21 +15,22 @@ SHA512 (aliyun-cli-go-vendor.tar.gz) = 0e545d545245051efc10acdb3d0f22d3b81f60c59 SHA512 (boto3-1.34.47.tar.gz) = 619c0c9fc6bfdff106348bc4ce980403a6261a51dcfca17650e632f99548eaa4eeeece76b99974cf345eef26e2ba770ff308ed6453e211b46042d09b8d08ab13 SHA512 (botocore-1.34.47.tar.gz) = c921a01dc9e020d447c6d16c7761ce5e04cec5c1c5792a221c5d5e833f7511a50a6568c20cb3e958553246e041fbab30be5cd835efd9eeb179fe0d29e52de5f8 SHA512 (s3transfer-0.10.0.tar.gz) = 83c5f794770e4f3cfd2e54297a4fe228bed76d321b694380e918f39cbb7ebe5881b29499d7230a2af13e4c1c9bf2d67285116fc16cb9b6fa5f526ff1d25b607c -SHA512 (azure-mgmt-compute-30.5.0.tar.gz) = cd3c91502f8792d1aede5ecd5fe88cd162a9ae7e0bab5c361395ac213875615100c3f1d3ea9e248e2e7da606cec6db81b465d78f37880493b85755fa384dddd4 -SHA512 (azure-mgmt-network-25.3.0.tar.gz) = 671872b5d7bc4ab7586355c54d4427bb7b38fdc0c4145df1dd2114f195b2ddf0084245465a14d5e8cbe77ffe496279c4531e0590223d5b264b667f411a32e2e3 -SHA512 (azure-identity-1.15.0.tar.gz) = 718c394d287d055cf4642f444152e1736d8000c585be1a1fc8c406b3feeb33e169d230b253a459e1b5efe580aa3f5212c3d79f9770426f66e633f570de47fb92 -SHA512 (msrestazure-0.6.4.tar.gz) = a3a652a47b5a08a72fb07882286ac20a209afcb18be1159e7036dab255ba056ec05c444275c505ee9055f948109b3027bc0ca468abf8b9e41a7edf56c35d2de2 -SHA512 (adal-1.2.7.tar.gz) = b46dd3ebb72123e9c2d2eb75eae17b1175f09908b44430131251b0deb0f96f4f3646aa5c0553894c89e664d448ad90bf7436a0a48e18b6a2eff491dad3d8a8a8 SHA512 (azure-common-1.1.28.zip) = cfa8d08e11ff7d855342a589f9780ba1b2386fd63cddcbcc04d83be8d4d8e41dceba494b617e27ed4e3da4366b9f1203819ec391ef4466a6700cc2c8b85f0c38 -SHA512 (azure-core-1.30.0.tar.gz) = 99e5cc028ca79eb273134a937058efcaf08bfbf771a8fd1b00791d97c7038ae8c7d937a117b071fd417d9dfd7264644b80f57e736562ff8934d35c1518435865 -SHA512 (azure-mgmt-core-1.4.0.zip) = 8b0c1205a3cc63156987d931aa713aa4861f2b1fc417dd001a7189b14925d5d15c99c30fd418fca127829f2ac88b6e4265376dbb9ce4a6b2b82d05ed76d8b6d2 -SHA512 (isodate-0.6.1.tar.gz) = 437e420ec7ee68dedded825f30d3289eeb0da526208443e5a8e50fe70f12309515e1285b21132d26e6d4c1683f90dfa1d401582042b5e4381fe7ab0e34af26b6 -SHA512 (msal-1.27.0.tar.gz) = 9dbd023b36705129d562768fda71f05149205c837e1b073e2f8d2831c435a85c804ab4dec4b8526ddb141cd09ea9447488c77f5c2918c1103cd67b7c942d96b8 -SHA512 (msal-extensions-1.1.0.tar.gz) = 72066d1fc4ae2083d25e36d5b15d8c277fb1c04d57fe9345852ba391de76a875706b0dc217a2d5fdcbbea282806b8abd31ed002897361d00cd7c5000dac47f67 +SHA512 (azure_core-1.32.0.tar.gz) = a1b975e5f9560b5a9b0800c7cd41afc8040582f9b5e73aeb9216f7b076b3821337b741a5f5b7b183008108552dd62da120e0f8334492a06ea729188c85ffcbc0 +SHA512 (azure_mgmt_core-1.5.0.tar.gz) = ac88496015552ee473ebf8c7fe312bc7e79f10b33019c8a9d51e32cdcb237e8db45a5cc6bbbd94ca87bfc9090954417dd64c674847a78765377cb61468fd9987 +SHA512 (azure_mgmt_compute-34.0.0.tar.gz) = 038ccac0792000778386769f81b908e35865ce20fc29d9d95e1ee774442d31b14162cdc7fed8dfcf4b7ef592a15d302968eca63ccc4363da3404e2ad53756254 +SHA512 (azure_mgmt_network-28.1.0.tar.gz) = 43acf01c26efbb40a877feafeba659f27a4e903b3d2bbc01dcbf3e880d1ab4d9cca551b8ffb46ea939c3630221b6881f854213cfce7bcd5194b7593c506a7f59 +SHA512 (azure_identity-1.19.0.tar.gz) = a0df8139b82cfb4f1887c340d8637f80575088e699106285ceca1211b884bc7154f237b279e9b086740a3fb9cc98f714613ab7ae98cf6eff08a48b32691c7de8 +SHA512 (msal-1.31.1.tar.gz) = 2d52681bf2229d9a87c195c777e90b4a1b567355ceba91a93220483bbea6ab108bfb934c70b3a60080c7cc3ecd4a07cae39ece3891c38e3c4cff77560875fee3 +SHA512 (msal_extensions-1.2.0.tar.gz) = 8a56049bfb0c8237fe81f6d39c3368bb1c79ee9fcb211382f8b407ba89cea4f9405a2a4e54ef7f817b2d59091a036440009c2c5858e44da5cf790c1a97fef17e SHA512 (msrest-0.7.1.zip) = 430e982adf89c79356e59182587c62ecb935e983f2e339738b54c48d0cd3cfa66ab48aad52d342b3efe5938d5e02693f24d603a4d637e3e5818bac6d03cc19db -SHA512 (certifi-2024.2.2.tar.gz) = 2191710dc2cfdf781df498c3ecd5f38dfc5215e2c2dc402cdcd484376dbd7fe2e442793cc856e93f6033c1fc43cb77c71d2dc785dbfe0d8cd10fd3120ee3c2fd -SHA512 (PyJWT-2.8.0.tar.gz) = 74e74cf8c78494a9e51a2a186347361388031d5c0d0864df2a5d051621d9d31dff617ab1d7ebb4a829cc7d409d196e1bdb3b361ec888b6c14f1abea77544475e -SHA512 (portalocker-2.8.2.tar.gz) = 9ebd6fdbc597615c5f76bf5741556d84bc95c925e931ee708b4fccbf0908e4dc4e758be659928340675675f5ca09764f5d2621fdef9195e21c1359f7764ae1dc +SHA512 (msrestazure-0.6.4.post1.tar.gz) = 8fc4eba2520cecae612e9f1ab279662a1b531c73da3ee9af5abf59bc478b4edbf7ce0ea17d4491ff498d17269c31a82a9327eea4d1f1c704a4a7f434ef284acb +SHA512 (adal-1.2.7.tar.gz) = b46dd3ebb72123e9c2d2eb75eae17b1175f09908b44430131251b0deb0f96f4f3646aa5c0553894c89e664d448ad90bf7436a0a48e18b6a2eff491dad3d8a8a8 +SHA512 (certifi-2025.1.31.tar.gz) = 0923260200cb191ca10e9cfc7114a399f0dc87c7acbb833f950abaa6d4876805abe12838194809689f92424dd65e6e79f955f114b0acb00f8bd28e04a97ef555 +SHA512 (isodate-0.6.1.tar.gz) = 437e420ec7ee68dedded825f30d3289eeb0da526208443e5a8e50fe70f12309515e1285b21132d26e6d4c1683f90dfa1d401582042b5e4381fe7ab0e34af26b6 +SHA512 (portalocker-2.10.1.tar.gz) = 417d2b59c3cde6968b583d3e86153b85048354c9eb02fbd329a4d79b17abb47f3a07fe88af6b290d50111bb8534c8b2997633a93914e602c9312d4395af7407c +SHA512 (pyasn1-0.5.1.tar.gz) = 19478d810d000fb4435f6a1776f290b1618a693539ff8ffad8c41f9ac316938f1c0ae988db8571a838443407d312b5566887e20284a779ccf427888739f13833 +SHA512 (pyjwt-2.10.1.tar.gz) = 2ae530750b59ef692ab31bf8bf3506e553b0199f346ddd06afed12304683f254cc924ff7190c5c911af72237dd794c345097de306e79e0fbcfb59958cb8cfbe5 SHA512 (google-api-python-client-1.12.8.tar.gz) = e6aafb165d12c0f38b26326320f6f4dfebd4eef8401cda0a915fbf04bfff91e39cc4572979324808a71b863711b4fab2a9b397da9f933fb12867e8453e17354f SHA512 (chardet-3.0.4.tar.gz) = 61a03b23447a2bfe52ceed4dd1b9afdb5784da1933a623776883ee9f297e341f633e27f0ce0230bd5fdc5fdb5382105ab42736a74a417ddeb9f83af57455dba5 SHA512 (google-api-core-1.34.1.tar.gz) = 3714ec8e380003da8cecd5a0de832027b2ca6564bc407cce5b5fc8780fde294141bf6313c7335e54cb8b3ed5af7a53547641c1216529a636104a19fceac668f4