import fence-agents-4.2.1-73.el8

2021-06-15 04:21:59 +00:00 · 2021-06-15 04:21:59 +00:00 · 32e3310415
parent 8f499112ec
commit 32e3310415
3 changed files with 155 additions and 1 deletions
--- a/SOURCES/bz1685814-fence_gce-add-serviceaccount-file-support.patch
+++ b/SOURCES/bz1685814-fence_gce-add-serviceaccount-file-support.patch
@ -0,0 +1,73 @@
+diff --color -uNr a/agents/gce/fence_gce.py b/agents/gce/fence_gce.py
+--- a/agents/gce/fence_gce.py	2021-06-11 14:28:37.751959830 +0200
+++ b/agents/gce/fence_gce.py	2021-06-11 14:54:03.638926494 +0200
+@@ -15,9 +15,15 @@
+   import urllib2 as urlrequest
+ sys.path.append("@FENCEAGENTSLIBDIR@")
+ 
+-import googleapiclient.discovery
+ from fencing import fail_usage, run_delay, all_opt, atexit_handler, check_input, process_input, show_docs, fence_action
+-
+try:
+  import googleapiclient.discovery
+  try:
+    from google.oauth2.credentials import Credentials as GoogleCredentials
+  except:
+    from oauth2client.client import GoogleCredentials
+except:
+  pass
+ 
+ METADATA_SERVER = 'http://metadata.google.internal/computeMetadata/v1/'
+ METADATA_HEADERS = {'Metadata-Flavor': 'Google'}
+@@ -175,12 +181,21 @@
+ 		"required" : "0",
+ 		"order" : 4
+ 	}
+	all_opt["serviceaccount"] = {
+		"getopt" : ":",
+		"longopt" : "serviceaccount",
+		"help" : "--serviceaccount=[filename]    Service account json file location e.g. serviceaccount=/somedir/service_account.json",
+		"shortdesc" : "Service Account to use for authentication to the google cloud APIs.",
+		"required" : "0",
+		"order" : 9
+	}
+ 
+ 
+ def main():
+ 	conn = None
+ 
+-	device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging", "method"]
+	device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging",
+		"method", "serviceaccount"]
+ 
+ 	atexit.register(atexit_handler)
+ 
+@@ -226,10 +241,24 @@
+ 
+ 	# Prepare cli
+ 	try:
+-		credentials = None
+-		if tuple(googleapiclient.__version__) < tuple("1.6.0"):
+-			import oauth2client.client
+-			credentials = oauth2client.client.GoogleCredentials.get_application_default()
+		serviceaccount = options.get("--serviceaccount")
+		if serviceaccount:
+			scope = ['https://www.googleapis.com/auth/cloud-platform']
+			logging.debug("using credentials from service account")
+			try:
+				from google.oauth2.service_account import Credentials as ServiceAccountCredentials
+				credentials = ServiceAccountCredentials.from_service_account_file(filename=serviceaccount, scopes=scope)
+			except ImportError:
+				from oauth2client.service_account import ServiceAccountCredentials
+				credentials = ServiceAccountCredentials.from_json_keyfile_name(serviceaccount, scope)
+		else:
+			try:
+				from googleapiclient import _auth
+				credentials = _auth.default_credentials();
+			except:
+				credentials = GoogleCredentials.get_application_default()
+			logging.debug("using application default credentials")
+
+ 		conn = googleapiclient.discovery.build('compute', 'v1', credentials=credentials)
+ 	except Exception as err:
+ 		fail_usage("Failed: Create GCE compute v1 connection: {}".format(str(err)))
--- a/SOURCES/bz1969953-fence_gce-add-proxy-support.patch
+++ b/SOURCES/bz1969953-fence_gce-add-proxy-support.patch
@ -0,0 +1,70 @@
+diff --color -uNr a/agents/gce/fence_gce.py b/agents/gce/fence_gce.py
+--- a/agents/gce/fence_gce.py	2021-06-11 14:57:01.138390529 +0200
+++ b/agents/gce/fence_gce.py	2021-06-11 15:12:45.829855806 +0200
+@@ -1,6 +1,7 @@
+ #!@PYTHON@ -tt
+ 
+ import atexit
+import httplib2
+ import logging
+ import os
+ import sys
+@@ -18,6 +19,7 @@
+ from fencing import fail_usage, run_delay, all_opt, atexit_handler, check_input, process_input, show_docs, fence_action
+ try:
+   import googleapiclient.discovery
+  import socks
+   try:
+     from google.oauth2.credentials import Credentials as GoogleCredentials
+   except:
+@@ -189,13 +191,30 @@
+ 		"required" : "0",
+ 		"order" : 9
+ 	}
+	all_opt["proxyhost"] = {
+		"getopt" : ":",
+		"longopt" : "proxyhost",
+		"help" : "--proxyhost=[proxy_host]       The proxy host to use, if one is needed to access the internet (Example: 10.122.0.33)",
+		"shortdesc" : "If a proxy is used for internet access, the proxy host should be specified.",
+		"required" : "0",
+		"order" : 10
+	}
+	all_opt["proxyport"] = {
+		"getopt" : ":",
+		"type" : "integer",
+		"longopt" : "proxyport",
+		"help" : "--proxyport=[proxy_port]       The proxy port to use, if one is needed to access the internet (Example: 3127)",
+		"shortdesc" : "If a proxy is used for internet access, the proxy port should be specified.",
+		"required" : "0",
+		"order" : 11
+	}
+ 
+ 
+ def main():
+ 	conn = None
+ 
+ 	device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging",
+-		"method", "serviceaccount"]
+		"method", "serviceaccount", "proxyhost", "proxyport"]
+ 
+ 	atexit.register(atexit_handler)
+ 
+@@ -259,7 +278,17 @@
+ 				credentials = GoogleCredentials.get_application_default()
+ 			logging.debug("using application default credentials")
+ 
+-		conn = googleapiclient.discovery.build('compute', 'v1', credentials=credentials)
+		if options.get("--proxyhost") and options.get("--proxyport"):
+			proxy_info = httplib2.ProxyInfo(
+				proxy_type=socks.PROXY_TYPE_HTTP,
+				proxy_host=options.get("--proxyhost"),
+				proxy_port=int(options.get("--proxyport")))
+			http = credentials.authorize(httplib2.Http(proxy_info=proxy_info))
+			conn = googleapiclient.discovery.build(
+				'compute', 'v1', http=http, cache_discovery=False)
+		else:
+			conn = googleapiclient.discovery.build(
+				'compute', 'v1', credentials=credentials, cache_discovery=False)
+ 	except Exception as err:
+ 		fail_usage("Failed: Create GCE compute v1 connection: {}".format(str(err)))
+ 
--- a/SPECS/fence-agents.spec
+++ b/SPECS/fence-agents.spec
@ -29,7 +29,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.2.1
-Release: 72%{?alphatag:.%{alphatag}}%{?dist}
+Release: 73%{?alphatag:.%{alphatag}}%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Base
 URL: https://github.com/ClusterLabs/fence-agents
@ -131,6 +131,8 @@ Patch89: bz1942363-fence_gce-default-to-cycle.patch
 Patch90: bz1920947-fence_redfish-2-add-diag-action-logic.patch
 Patch91: bz1920947-fence_redfish-3-fix-typo.patch
 Patch92: bz1922437-fence_mpath-watchdog-retry-support.patch
+Patch93: bz1685814-fence_gce-add-serviceaccount-file-support.patch
+Patch94: bz1969953-fence_gce-add-proxy-support.patch

 %if 0%{?fedora} || 0%{?rhel} > 7
 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
@ -301,6 +303,8 @@ BuildRequires: python3-google-api-client
 %patch90 -p1
 %patch91 -p1
 %patch92 -p1
+%patch93 -p1
+%patch94 -p1

 # prevent compilation of something that won't get used anyway
 sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
@ -724,6 +728,7 @@ Group: System Environment/Base
 Summary: Fence agent for GCE (Google Cloud Engine)
 Requires: fence-agents-common >= %{version}-%{release}
 Requires: python3-google-api-client
+Requires: python3-pysocks
 Obsoletes: %{name} < %{version}-%{release}
 BuildArch: noarch
 %description gce
@ -1191,6 +1196,12 @@ Fence agent for IBM z/VM over IP.
 %endif

 %changelog
+* Fri Jun 11 2021 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-73
+- fence_gce: add serviceaccount JSON file support
+  Resolves: rhbz#1685814
+- fence_gce: add proxy support
+  Resolves: rhbz#1969953
+
 * Thu May 20 2021 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-72
 - fence_mpath: add watchdog retry support
  Resolves: rhbz#1922437