import CS fence-agents-4.10.0-55.el9_3
This commit is contained in:
parent
418402558c
commit
35e97c4bc2
@ -11,7 +11,7 @@
|
|||||||
+from fencing import fail, fail_usage, run_delay, EC_STATUS, EC_FETCH_VM_UUID
|
+from fencing import fail, fail_usage, run_delay, EC_STATUS, EC_FETCH_VM_UUID
|
||||||
|
|
||||||
try:
|
try:
|
||||||
+ sys.path.insert(0, '/usr/lib/fence-agents/bundled/kubevirt')
|
+ sys.path.insert(0, '/usr/lib/fence-agents/support/kubevirt')
|
||||||
from kubernetes.client.exceptions import ApiException
|
from kubernetes.client.exceptions import ApiException
|
||||||
except ImportError:
|
except ImportError:
|
||||||
logging.error("Couldn\'t import kubernetes.client.exceptions.ApiException - not found or not accessible")
|
logging.error("Couldn\'t import kubernetes.client.exceptions.ApiException - not found or not accessible")
|
||||||
|
@ -0,0 +1,165 @@
|
|||||||
|
From 73fdae1b9da5aa1ba1d371dcc47fe31a4d22bb31 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||||
|
Date: Thu, 30 Mar 2023 12:20:05 +0200
|
||||||
|
Subject: [PATCH] fence_aws: fixes to allow running outside of AWS network
|
||||||
|
|
||||||
|
- add --skip-race-check parameter to allow running outside of AWS
|
||||||
|
network e.g. for openshift
|
||||||
|
- fixed and improved logging logic
|
||||||
|
- use --debug-file parameter for file logging
|
||||||
|
---
|
||||||
|
agents/aws/fence_aws.py | 50 ++++++++++++++++++++-----------
|
||||||
|
tests/data/metadata/fence_aws.xml | 5 ++++
|
||||||
|
2 files changed, 37 insertions(+), 18 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py
|
||||||
|
index c947bf29c..5d1677144 100644
|
||||||
|
--- a/agents/aws/fence_aws.py
|
||||||
|
+++ b/agents/aws/fence_aws.py
|
||||||
|
@@ -16,13 +16,13 @@
|
||||||
|
except ImportError:
|
||||||
|
pass
|
||||||
|
|
||||||
|
-logger = logging.getLogger("fence_aws")
|
||||||
|
+logger = logging.getLogger()
|
||||||
|
logger.propagate = False
|
||||||
|
logger.setLevel(logging.INFO)
|
||||||
|
logger.addHandler(SyslogLibHandler())
|
||||||
|
logging.getLogger('botocore.vendored').propagate = False
|
||||||
|
|
||||||
|
-def get_instance_id():
|
||||||
|
+def get_instance_id(options):
|
||||||
|
try:
|
||||||
|
token = requests.put('http://169.254.169.254/latest/api/token', headers={"X-aws-ec2-metadata-token-ttl-seconds" : "21600"}).content.decode("UTF-8")
|
||||||
|
r = requests.get('http://169.254.169.254/latest/meta-data/instance-id', headers={"X-aws-ec2-metadata-token" : token}).content.decode("UTF-8")
|
||||||
|
@@ -30,12 +30,15 @@ def get_instance_id():
|
||||||
|
except HTTPError as http_err:
|
||||||
|
logger.error('HTTP error occurred while trying to access EC2 metadata server: %s', http_err)
|
||||||
|
except Exception as err:
|
||||||
|
- logger.error('A fatal error occurred while trying to access EC2 metadata server: %s', err)
|
||||||
|
+ if "--skip-race-check" not in options:
|
||||||
|
+ logger.error('A fatal error occurred while trying to access EC2 metadata server: %s', err)
|
||||||
|
+ else:
|
||||||
|
+ logger.debug('A fatal error occurred while trying to access EC2 metadata server: %s', err)
|
||||||
|
return None
|
||||||
|
-
|
||||||
|
+
|
||||||
|
|
||||||
|
def get_nodes_list(conn, options):
|
||||||
|
- logger.info("Starting monitor operation")
|
||||||
|
+ logger.debug("Starting monitor operation")
|
||||||
|
result = {}
|
||||||
|
try:
|
||||||
|
if "--filter" in options:
|
||||||
|
@@ -63,7 +66,7 @@ def get_power_status(conn, options):
|
||||||
|
try:
|
||||||
|
instance = conn.instances.filter(Filters=[{"Name": "instance-id", "Values": [options["--plug"]]}])
|
||||||
|
state = list(instance)[0].state["Name"]
|
||||||
|
- logger.info("Status operation for EC2 instance %s returned state: %s",options["--plug"],state.upper())
|
||||||
|
+ logger.debug("Status operation for EC2 instance %s returned state: %s",options["--plug"],state.upper())
|
||||||
|
if state == "running":
|
||||||
|
return "on"
|
||||||
|
elif state == "stopped":
|
||||||
|
@@ -78,7 +81,7 @@ def get_power_status(conn, options):
|
||||||
|
except IndexError:
|
||||||
|
fail(EC_STATUS)
|
||||||
|
except Exception as e:
|
||||||
|
- logging.error("Failed to get power status: %s", e)
|
||||||
|
+ logger.error("Failed to get power status: %s", e)
|
||||||
|
fail(EC_STATUS)
|
||||||
|
|
||||||
|
def get_self_power_status(conn, instance_id):
|
||||||
|
@@ -86,10 +89,10 @@ def get_self_power_status(conn, instance_id):
|
||||||
|
instance = conn.instances.filter(Filters=[{"Name": "instance-id", "Values": [instance_id]}])
|
||||||
|
state = list(instance)[0].state["Name"]
|
||||||
|
if state == "running":
|
||||||
|
- logging.debug("Captured my (%s) state and it %s - returning OK - Proceeding with fencing",instance_id,state.upper())
|
||||||
|
+ logger.debug("Captured my (%s) state and it %s - returning OK - Proceeding with fencing",instance_id,state.upper())
|
||||||
|
return "ok"
|
||||||
|
else:
|
||||||
|
- logging.debug("Captured my (%s) state it is %s - returning Alert - Unable to fence other nodes",instance_id,state.upper())
|
||||||
|
+ logger.debug("Captured my (%s) state it is %s - returning Alert - Unable to fence other nodes",instance_id,state.upper())
|
||||||
|
return "alert"
|
||||||
|
|
||||||
|
except ClientError:
|
||||||
|
@@ -100,18 +103,18 @@ def get_self_power_status(conn, instance_id):
|
||||||
|
return "fail"
|
||||||
|
|
||||||
|
def set_power_status(conn, options):
|
||||||
|
- my_instance = get_instance_id()
|
||||||
|
+ my_instance = get_instance_id(options)
|
||||||
|
try:
|
||||||
|
if (options["--action"]=="off"):
|
||||||
|
- if (get_self_power_status(conn,my_instance) == "ok"):
|
||||||
|
+ if "--skip-race-check" in options or get_self_power_status(conn,my_instance) == "ok":
|
||||||
|
conn.instances.filter(InstanceIds=[options["--plug"]]).stop(Force=True)
|
||||||
|
- logger.info("Called StopInstance API call for %s", options["--plug"])
|
||||||
|
+ logger.debug("Called StopInstance API call for %s", options["--plug"])
|
||||||
|
else:
|
||||||
|
- logger.info("Skipping fencing as instance is not in running status")
|
||||||
|
+ logger.debug("Skipping fencing as instance is not in running status")
|
||||||
|
elif (options["--action"]=="on"):
|
||||||
|
conn.instances.filter(InstanceIds=[options["--plug"]]).start()
|
||||||
|
except Exception as e:
|
||||||
|
- logger.error("Failed to power %s %s: %s", \
|
||||||
|
+ logger.debug("Failed to power %s %s: %s", \
|
||||||
|
options["--action"], options["--plug"], e)
|
||||||
|
|
||||||
|
def define_new_opts():
|
||||||
|
@@ -156,12 +159,20 @@ def define_new_opts():
|
||||||
|
"default": "False",
|
||||||
|
"order": 6
|
||||||
|
}
|
||||||
|
+ all_opt["skip_race_check"] = {
|
||||||
|
+ "getopt" : "",
|
||||||
|
+ "longopt" : "skip-race-check",
|
||||||
|
+ "help" : "--skip-race-check Skip race condition check",
|
||||||
|
+ "shortdesc": "Skip race condition check",
|
||||||
|
+ "required": "0",
|
||||||
|
+ "order": 7
|
||||||
|
+ }
|
||||||
|
|
||||||
|
# Main agent method
|
||||||
|
def main():
|
||||||
|
conn = None
|
||||||
|
|
||||||
|
- device_opt = ["port", "no_password", "region", "access_key", "secret_key", "filter", "boto3_debug"]
|
||||||
|
+ device_opt = ["port", "no_password", "region", "access_key", "secret_key", "filter", "boto3_debug", "skip_race_check"]
|
||||||
|
|
||||||
|
atexit.register(atexit_handler)
|
||||||
|
|
||||||
|
@@ -183,12 +194,15 @@ def main():
|
||||||
|
|
||||||
|
run_delay(options)
|
||||||
|
|
||||||
|
- if options.get("--verbose") is not None:
|
||||||
|
- lh = logging.FileHandler('/var/log/fence_aws_debug.log')
|
||||||
|
+ if "--debug-file" in options:
|
||||||
|
+ for handler in logger.handlers:
|
||||||
|
+ if isinstance(handler, logging.FileHandler):
|
||||||
|
+ logger.removeHandler(handler)
|
||||||
|
+ lh = logging.FileHandler(options["--debug-file"])
|
||||||
|
logger.addHandler(lh)
|
||||||
|
lhf = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
|
||||||
|
lh.setFormatter(lhf)
|
||||||
|
- logger.setLevel(logging.DEBUG)
|
||||||
|
+ lh.setLevel(logging.DEBUG)
|
||||||
|
|
||||||
|
if options["--boto3_debug"].lower() not in ["1", "yes", "on", "true"]:
|
||||||
|
boto3.set_stream_logger('boto3',logging.INFO)
|
||||||
|
diff --git a/tests/data/metadata/fence_aws.xml b/tests/data/metadata/fence_aws.xml
|
||||||
|
index 76995ecf2..32de4418a 100644
|
||||||
|
--- a/tests/data/metadata/fence_aws.xml
|
||||||
|
+++ b/tests/data/metadata/fence_aws.xml
|
||||||
|
@@ -46,6 +46,11 @@ For instructions see: https://boto3.readthedocs.io/en/latest/guide/quickstart.ht
|
||||||
|
<content type="string" default="False" />
|
||||||
|
<shortdesc lang="en">Boto Lib debug</shortdesc>
|
||||||
|
</parameter>
|
||||||
|
+ <parameter name="skip_race_check" unique="0" required="0">
|
||||||
|
+ <getopt mixed="--skip-race-check" />
|
||||||
|
+ <content type="boolean" />
|
||||||
|
+ <shortdesc lang="en">Skip race condition check</shortdesc>
|
||||||
|
+ </parameter>
|
||||||
|
<parameter name="quiet" unique="0" required="0">
|
||||||
|
<getopt mixed="-q, --quiet" />
|
||||||
|
<content type="boolean" />
|
@ -0,0 +1,21 @@
|
|||||||
|
From a2e2432cfec0af9a8a90f9d7fed18759da6f9b0c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||||
|
Date: Thu, 13 Apr 2023 10:14:31 +0200
|
||||||
|
Subject: [PATCH] fence_aws: fail when power action request fails
|
||||||
|
|
||||||
|
---
|
||||||
|
agents/aws/fence_aws.py | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/agents/aws/fence_aws.py b/agents/aws/fence_aws.py
|
||||||
|
index 5d1677144..0a375bbec 100644
|
||||||
|
--- a/agents/aws/fence_aws.py
|
||||||
|
+++ b/agents/aws/fence_aws.py
|
||||||
|
@@ -116,6 +116,7 @@ def set_power_status(conn, options):
|
||||||
|
except Exception as e:
|
||||||
|
logger.debug("Failed to power %s %s: %s", \
|
||||||
|
options["--action"], options["--plug"], e)
|
||||||
|
+ fail(EC_STATUS)
|
||||||
|
|
||||||
|
def define_new_opts():
|
||||||
|
all_opt["region"] = {
|
@ -0,0 +1,58 @@
|
|||||||
|
From 4661b6f625c57a728ec58023da89ba378d4d1c27 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Arslan Ahmad <arslan.ahmad97@googlemail.com>
|
||||||
|
Date: Mon, 17 Apr 2023 15:59:49 +0530
|
||||||
|
Subject: [PATCH] fence_scsi: Automatically detect devices for shared VGs
|
||||||
|
|
||||||
|
Currently, if no devices option is given, fence_scsi automatically
|
||||||
|
builds a device list containing all LVM PVs that back VGs with the
|
||||||
|
clustered ('c') bit set. With this commit, fence_scsi will also consider
|
||||||
|
VGs with the shared ('s') bit set.
|
||||||
|
|
||||||
|
Additionally, the existing check is too broad. We should consider a
|
||||||
|
volume group to be clustered or shared only if the 6th bit is set to 'c'
|
||||||
|
or 's'. This way, we can avoid false positives.
|
||||||
|
|
||||||
|
Closes RHBZ#2187327
|
||||||
|
Closes RHBZ#2187329
|
||||||
|
---
|
||||||
|
agents/scsi/fence_scsi.py | 13 +++++++------
|
||||||
|
1 file changed, 7 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py
|
||||||
|
index 85e4f29e6..3de4ba0b2 100644
|
||||||
|
--- a/agents/scsi/fence_scsi.py
|
||||||
|
+++ b/agents/scsi/fence_scsi.py
|
||||||
|
@@ -314,7 +314,7 @@ def dev_read(fail=True, opt=None):
|
||||||
|
return devs
|
||||||
|
|
||||||
|
|
||||||
|
-def get_clvm_devices(options):
|
||||||
|
+def get_shared_devices(options):
|
||||||
|
devs = []
|
||||||
|
cmd = options["--vgs-path"] + " " +\
|
||||||
|
"--noheadings " +\
|
||||||
|
@@ -324,10 +324,11 @@ def get_clvm_devices(options):
|
||||||
|
"--config 'global { locking_type = 0 } devices { preferred_names = [ \"^/dev/dm\" ] }'"
|
||||||
|
out = run_cmd(options, cmd)
|
||||||
|
if out["rc"]:
|
||||||
|
- fail_usage("Failed: Cannot get clvm devices")
|
||||||
|
- for line in out["out"].split("\n"):
|
||||||
|
- if 'c' in line.split(":")[0]:
|
||||||
|
- devs.append(line.split(":")[1])
|
||||||
|
+ fail_usage("Failed: Cannot get shared devices")
|
||||||
|
+ for line in out["out"].splitlines():
|
||||||
|
+ vg_attr, pv_name = line.strip().split(":")
|
||||||
|
+ if vg_attr[5] in "cs":
|
||||||
|
+ devs.append(pv_name)
|
||||||
|
return devs
|
||||||
|
|
||||||
|
|
||||||
|
@@ -612,7 +613,7 @@ def main():
|
||||||
|
options["--key"] = options["--key"].lstrip('0')
|
||||||
|
|
||||||
|
if not ("--devices" in options and options["--devices"].split(",")):
|
||||||
|
- options["devices"] = get_clvm_devices(options)
|
||||||
|
+ options["devices"] = get_shared_devices(options)
|
||||||
|
else:
|
||||||
|
options["devices"] = options["--devices"].split(",")
|
||||||
|
|
@ -0,0 +1,92 @@
|
|||||||
|
From e363e55169a7be1cbeac5568fe2a32692867d4c6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Arslan Ahmad <arslan.ahmad97@googlemail.com>
|
||||||
|
Date: Thu, 4 May 2023 12:55:41 +0530
|
||||||
|
Subject: [PATCH] fence_scsi: Add support for space-separated devices and
|
||||||
|
update in meta-data
|
||||||
|
|
||||||
|
Currently the devices associated with fence_scsi should be
|
||||||
|
comma-separated. With this commit, fence_scsi will also work if the
|
||||||
|
'devices' are space-separated.
|
||||||
|
|
||||||
|
Additionally, this commit includes meta-data update:
|
||||||
|
1. For fence_scsi:
|
||||||
|
- The 'devices' parameter is optional if the cluster is configured with
|
||||||
|
clvm/lvmlock.
|
||||||
|
- The 'devices' parameter can be comma or space-separated.
|
||||||
|
|
||||||
|
2. For fence_mpath:
|
||||||
|
- The 'devices' parameter can be comma or space-separated.
|
||||||
|
---
|
||||||
|
agents/mpath/fence_mpath.py | 2 +-
|
||||||
|
agents/scsi/fence_scsi.py | 8 ++++----
|
||||||
|
tests/data/metadata/fence_mpath.xml | 2 +-
|
||||||
|
tests/data/metadata/fence_scsi.xml | 2 +-
|
||||||
|
4 files changed, 7 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/agents/mpath/fence_mpath.py b/agents/mpath/fence_mpath.py
|
||||||
|
index ee81eab3a..6976fee90 100644
|
||||||
|
--- a/agents/mpath/fence_mpath.py
|
||||||
|
+++ b/agents/mpath/fence_mpath.py
|
||||||
|
@@ -226,7 +226,7 @@ def define_new_opts():
|
||||||
|
"help" : "-d, --devices=[devices] List of devices to use for current operation",
|
||||||
|
"required" : "0",
|
||||||
|
"shortdesc" : "List of devices to use for current operation. Devices can \
|
||||||
|
-be comma-separated list of device-mapper multipath devices (eg. /dev/mapper/3600508b400105df70000e00000ac0000 or /dev/mapper/mpath1). \
|
||||||
|
+be comma or space separated list of device-mapper multipath devices (eg. /dev/mapper/3600508b400105df70000e00000ac0000 or /dev/mapper/mpath1). \
|
||||||
|
Each device must support SCSI-3 persistent reservations.",
|
||||||
|
"order": 1
|
||||||
|
}
|
||||||
|
diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py
|
||||||
|
index 3de4ba0b2..42530ceb5 100644
|
||||||
|
--- a/agents/scsi/fence_scsi.py
|
||||||
|
+++ b/agents/scsi/fence_scsi.py
|
||||||
|
@@ -350,8 +350,8 @@ def define_new_opts():
|
||||||
|
"help" : "-d, --devices=[devices] List of devices to use for current operation",
|
||||||
|
"required" : "0",
|
||||||
|
"shortdesc" : "List of devices to use for current operation. Devices can \
|
||||||
|
-be comma-separated list of raw devices (eg. /dev/sdc). Each device must support SCSI-3 \
|
||||||
|
-persistent reservations.",
|
||||||
|
+be comma or space separated list of raw devices (eg. /dev/sdc). Each device must support SCSI-3 \
|
||||||
|
+persistent reservations. Optional if cluster is configured with clvm or lvmlockd.",
|
||||||
|
"order": 1
|
||||||
|
}
|
||||||
|
all_opt["nodename"] = {
|
||||||
|
@@ -612,10 +612,10 @@ def main():
|
||||||
|
|
||||||
|
options["--key"] = options["--key"].lstrip('0')
|
||||||
|
|
||||||
|
- if not ("--devices" in options and options["--devices"].split(",")):
|
||||||
|
+ if not ("--devices" in options and [d for d in re.split("\s*,\s*|\s+", options["--devices"].strip()) if d]):
|
||||||
|
options["devices"] = get_shared_devices(options)
|
||||||
|
else:
|
||||||
|
- options["devices"] = options["--devices"].split(",")
|
||||||
|
+ options["devices"] = [d for d in re.split("\s*,\s*|\s+", options["--devices"].strip()) if d]
|
||||||
|
|
||||||
|
if not options["devices"]:
|
||||||
|
fail_usage("Failed: No devices found")
|
||||||
|
diff --git a/tests/data/metadata/fence_mpath.xml b/tests/data/metadata/fence_mpath.xml
|
||||||
|
index e22d3a1f9..262956dca 100644
|
||||||
|
--- a/tests/data/metadata/fence_mpath.xml
|
||||||
|
+++ b/tests/data/metadata/fence_mpath.xml
|
||||||
|
@@ -14,7 +14,7 @@ When used as a watchdog device you can define e.g. retry=1, retry-sleep=2 and ve
|
||||||
|
<parameter name="devices" unique="0" required="0">
|
||||||
|
<getopt mixed="-d, --devices=[devices]" />
|
||||||
|
<content type="string" />
|
||||||
|
- <shortdesc lang="en">List of devices to use for current operation. Devices can be comma-separated list of device-mapper multipath devices (eg. /dev/mapper/3600508b400105df70000e00000ac0000 or /dev/mapper/mpath1). Each device must support SCSI-3 persistent reservations.</shortdesc>
|
||||||
|
+ <shortdesc lang="en">List of devices to use for current operation. Devices can be comma or space separated list of device-mapper multipath devices (eg. /dev/mapper/3600508b400105df70000e00000ac0000 or /dev/mapper/mpath1). Each device must support SCSI-3 persistent reservations.</shortdesc>
|
||||||
|
</parameter>
|
||||||
|
<parameter name="key" unique="0" required="0">
|
||||||
|
<getopt mixed="-k, --key=[key]" />
|
||||||
|
diff --git a/tests/data/metadata/fence_scsi.xml b/tests/data/metadata/fence_scsi.xml
|
||||||
|
index 4fa86189c..facb2f52e 100644
|
||||||
|
--- a/tests/data/metadata/fence_scsi.xml
|
||||||
|
+++ b/tests/data/metadata/fence_scsi.xml
|
||||||
|
@@ -19,7 +19,7 @@ When used as a watchdog device you can define e.g. retry=1, retry-sleep=2 and ve
|
||||||
|
<parameter name="devices" unique="0" required="0">
|
||||||
|
<getopt mixed="-d, --devices=[devices]" />
|
||||||
|
<content type="string" />
|
||||||
|
- <shortdesc lang="en">List of devices to use for current operation. Devices can be comma-separated list of raw devices (eg. /dev/sdc). Each device must support SCSI-3 persistent reservations.</shortdesc>
|
||||||
|
+ <shortdesc lang="en">List of devices to use for current operation. Devices can be comma or space separated list of raw devices (eg. /dev/sdc). Each device must support SCSI-3 persistent reservations. Optional if cluster is configured with clvm or lvmlockd.</shortdesc>
|
||||||
|
</parameter>
|
||||||
|
<parameter name="key" unique="0" required="0">
|
||||||
|
<getopt mixed="-k, --key=[key]" />
|
170
SOURCES/bz2211930-fence_azure-arm-stack-hub-support.patch
Normal file
170
SOURCES/bz2211930-fence_azure-arm-stack-hub-support.patch
Normal file
@ -0,0 +1,170 @@
|
|||||||
|
From 6e0228536d30ca1bd95bfd1628c0247f094ecaa8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||||
|
Date: Wed, 2 Mar 2022 13:49:16 +0100
|
||||||
|
Subject: [PATCH 1/2] fence_azure_arm: add stack cloud support
|
||||||
|
|
||||||
|
---
|
||||||
|
agents/azure_arm/fence_azure_arm.py | 18 ++++++++++++++----
|
||||||
|
lib/azure_fence.py.py | 10 ++++++++++
|
||||||
|
tests/data/metadata/fence_azure_arm.xml | 10 ++++++++++
|
||||||
|
3 files changed, 34 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/agents/azure_arm/fence_azure_arm.py b/agents/azure_arm/fence_azure_arm.py
|
||||||
|
index 6908169c8..e3b7c85c7 100755
|
||||||
|
--- a/agents/azure_arm/fence_azure_arm.py
|
||||||
|
+++ b/agents/azure_arm/fence_azure_arm.py
|
||||||
|
@@ -183,20 +183,30 @@ def define_new_opts():
|
||||||
|
"getopt" : ":",
|
||||||
|
"longopt" : "cloud",
|
||||||
|
"help" : "--cloud=[name] Name of the cloud you want to use. Supported\n\
|
||||||
|
- values are china, germany or usgov. Do not use\n\
|
||||||
|
- this parameter if you want to use public\n\
|
||||||
|
- Azure.",
|
||||||
|
+ values are china, germany, usgov, or stack. Do\n\
|
||||||
|
+ not use this parameter if you want to use\n\
|
||||||
|
+ public Azure.",
|
||||||
|
"shortdesc" : "Name of the cloud you want to use.",
|
||||||
|
"required" : "0",
|
||||||
|
"order" : 7
|
||||||
|
}
|
||||||
|
+ all_opt["metadata-endpoint"] = {
|
||||||
|
+ "getopt" : ":",
|
||||||
|
+ "longopt" : "metadata-endpoint",
|
||||||
|
+ "help" : "--metadata-endpoint=[URL] URL to metadata endpoint (used when cloud=stack).",
|
||||||
|
+ "shortdesc" : "URL to metadata endpoint (used when cloud=stack).",
|
||||||
|
+ "required" : "0",
|
||||||
|
+ "order" : 8
|
||||||
|
+ }
|
||||||
|
|
||||||
|
# Main agent method
|
||||||
|
def main():
|
||||||
|
compute_client = None
|
||||||
|
network_client = None
|
||||||
|
|
||||||
|
- device_opt = ["login", "no_login", "no_password", "passwd", "port", "resourceGroup", "tenantId", "subscriptionId", "network-fencing", "msi", "cloud"]
|
||||||
|
+ device_opt = ["login", "no_login", "no_password", "passwd", "port",
|
||||||
|
+ "resourceGroup", "tenantId", "subscriptionId",
|
||||||
|
+ "network-fencing", "msi", "cloud", "metadata-endpoint"]
|
||||||
|
|
||||||
|
atexit.register(atexit_handler)
|
||||||
|
|
||||||
|
diff --git a/lib/azure_fence.py.py b/lib/azure_fence.py.py
|
||||||
|
index 5ca71eb42..6f1eee5b9 100644
|
||||||
|
--- a/lib/azure_fence.py.py
|
||||||
|
+++ b/lib/azure_fence.py.py
|
||||||
|
@@ -251,6 +251,7 @@ def get_azure_config(options):
|
||||||
|
config.VMName = options.get("--plug")
|
||||||
|
config.SubscriptionId = options.get("--subscriptionId")
|
||||||
|
config.Cloud = options.get("--cloud")
|
||||||
|
+ config.MetadataEndpoint = options.get("--metadata-endpoint")
|
||||||
|
config.UseMSI = "--msi" in options
|
||||||
|
config.Tenantid = options.get("--tenantId")
|
||||||
|
config.ApplicationId = options.get("--username")
|
||||||
|
@@ -279,6 +280,9 @@ def get_azure_cloud_environment(config):
|
||||||
|
elif (config.Cloud.lower() == "usgov"):
|
||||||
|
from msrestazure.azure_cloud import AZURE_US_GOV_CLOUD
|
||||||
|
cloud_environment = AZURE_US_GOV_CLOUD
|
||||||
|
+ elif (config.Cloud.lower() == "stack"):
|
||||||
|
+ from msrestazure.azure_cloud import get_cloud_from_metadata_endpoint
|
||||||
|
+ cloud_environment = get_cloud_from_metadata_endpoint(config.MetadataEndpoint)
|
||||||
|
|
||||||
|
return cloud_environment
|
||||||
|
|
||||||
|
@@ -345,6 +349,9 @@ def get_azure_compute_client(config):
|
||||||
|
credentials = get_azure_credentials(config)
|
||||||
|
|
||||||
|
if cloud_environment:
|
||||||
|
+ if (config.Cloud.lower() == "stack") and not config.MetadataEndpoint:
|
||||||
|
+ fail_usage("metadata-endpoint not specified")
|
||||||
|
+
|
||||||
|
try:
|
||||||
|
compute_client = ComputeManagementClient(
|
||||||
|
credentials,
|
||||||
|
@@ -372,6 +379,9 @@ def get_azure_network_client(config):
|
||||||
|
credentials = get_azure_credentials(config)
|
||||||
|
|
||||||
|
if cloud_environment:
|
||||||
|
+ if (config.Cloud.lower() == "stack") and not config.MetadataEndpoint:
|
||||||
|
+ fail_usage("metadata-endpoint not specified")
|
||||||
|
+
|
||||||
|
try:
|
||||||
|
network_client = NetworkManagementClient(
|
||||||
|
credentials,
|
||||||
|
diff --git a/tests/data/metadata/fence_azure_arm.xml b/tests/data/metadata/fence_azure_arm.xml
|
||||||
|
index c6e1f203b..8b7450762 100644
|
||||||
|
--- a/tests/data/metadata/fence_azure_arm.xml
|
||||||
|
+++ b/tests/data/metadata/fence_azure_arm.xml
|
||||||
|
@@ -98,6 +98,16 @@ When using network fencing the reboot-action will cause a quick-return once the
|
||||||
|
<content type="string" />
|
||||||
|
<shortdesc lang="en">Name of the cloud you want to use.</shortdesc>
|
||||||
|
</parameter>
|
||||||
|
+ <parameter name="metadata-endpoint" unique="0" required="0" deprecated="1">
|
||||||
|
+ <getopt mixed="--metadata-endpoint=[URL]" />
|
||||||
|
+ <content type="string" />
|
||||||
|
+ <shortdesc lang="en">URL to metadata endpoint (used when cloud=stack).</shortdesc>
|
||||||
|
+ </parameter>
|
||||||
|
+ <parameter name="metadata_endpoint" unique="0" required="0" obsoletes="metadata-endpoint">
|
||||||
|
+ <getopt mixed="--metadata-endpoint=[URL]" />
|
||||||
|
+ <content type="string" />
|
||||||
|
+ <shortdesc lang="en">URL to metadata endpoint (used when cloud=stack).</shortdesc>
|
||||||
|
+ </parameter>
|
||||||
|
<parameter name="quiet" unique="0" required="0">
|
||||||
|
<getopt mixed="-q, --quiet" />
|
||||||
|
<content type="boolean" />
|
||||||
|
|
||||||
|
From 9087760db005abfd9b3e07319846232214d8dae2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||||
|
Date: Fri, 16 Jun 2023 16:03:11 +0200
|
||||||
|
Subject: [PATCH 2/2] azure_fence: use correct credential_scope and profile for
|
||||||
|
stack hub
|
||||||
|
|
||||||
|
---
|
||||||
|
lib/azure_fence.py.py | 20 ++++++++++++++++++--
|
||||||
|
1 file changed, 18 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/azure_fence.py.py b/lib/azure_fence.py.py
|
||||||
|
index 6f1eee5b9..ab40b483a 100644
|
||||||
|
--- a/lib/azure_fence.py.py
|
||||||
|
+++ b/lib/azure_fence.py.py
|
||||||
|
@@ -353,11 +353,19 @@ def get_azure_compute_client(config):
|
||||||
|
fail_usage("metadata-endpoint not specified")
|
||||||
|
|
||||||
|
try:
|
||||||
|
+ from azure.profiles import KnownProfiles
|
||||||
|
+ if (config.Cloud.lower() == "stack"):
|
||||||
|
+ client_profile = KnownProfiles.v2020_09_01_hybrid
|
||||||
|
+ credential_scope = cloud_environment.endpoints.active_directory_resource_id + "/.default"
|
||||||
|
+ else:
|
||||||
|
+ client_profile = KnownProfiles.default
|
||||||
|
+ credential_scope = cloud_environment.endpoints.resource_manager + "/.default"
|
||||||
|
compute_client = ComputeManagementClient(
|
||||||
|
credentials,
|
||||||
|
config.SubscriptionId,
|
||||||
|
base_url=cloud_environment.endpoints.resource_manager,
|
||||||
|
- credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"]
|
||||||
|
+ profile=client_profile,
|
||||||
|
+ credential_scopes=[credential_scope],
|
||||||
|
)
|
||||||
|
except TypeError:
|
||||||
|
compute_client = ComputeManagementClient(
|
||||||
|
@@ -383,11 +391,19 @@ def get_azure_network_client(config):
|
||||||
|
fail_usage("metadata-endpoint not specified")
|
||||||
|
|
||||||
|
try:
|
||||||
|
+ from azure.profiles import KnownProfiles
|
||||||
|
+ if (config.Cloud.lower() == "stack"):
|
||||||
|
+ client_profile = KnownProfiles.v2020_09_01_hybrid
|
||||||
|
+ credential_scope = cloud_environment.endpoints.active_directory_resource_id + "/.default"
|
||||||
|
+ else:
|
||||||
|
+ client_profile = KnownProfiles.default
|
||||||
|
+ credential_scope = cloud_environment.endpoints.resource_manager + "/.default"
|
||||||
|
network_client = NetworkManagementClient(
|
||||||
|
credentials,
|
||||||
|
config.SubscriptionId,
|
||||||
|
base_url=cloud_environment.endpoints.resource_manager,
|
||||||
|
- credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"]
|
||||||
|
+ profile=client_profile,
|
||||||
|
+ credential_scopes=[credential_scope],
|
||||||
|
)
|
||||||
|
except TypeError:
|
||||||
|
network_client = NetworkManagementClient(
|
@ -0,0 +1,50 @@
|
|||||||
|
--- a/aws/dateutil/zoneinfo/rebuild.py 2023-01-26 16:29:30.000000000 +0100
|
||||||
|
+++ b/aws/dateutil/zoneinfo/rebuild.py 2023-07-19 10:12:42.277559948 +0200
|
||||||
|
@@ -21,7 +21,12 @@
|
||||||
|
try:
|
||||||
|
with TarFile.open(filename) as tf:
|
||||||
|
for name in zonegroups:
|
||||||
|
- tf.extract(name, tmpdir)
|
||||||
|
+ if hasattr(tarfile, 'data_filter'):
|
||||||
|
+ # Python with CVE-2007-4559 mitigation (PEP 706)
|
||||||
|
+ tf.extract(name, tmpdir, filter='data')
|
||||||
|
+ else:
|
||||||
|
+ # Fallback to a possibly dangerous extraction (before PEP 706)
|
||||||
|
+ tf.extract(name, tmpdir)
|
||||||
|
filepaths = [os.path.join(tmpdir, n) for n in zonegroups]
|
||||||
|
|
||||||
|
_run_zic(zonedir, filepaths)
|
||||||
|
|
||||||
|
--- a/awscli/dateutil/zoneinfo/rebuild.py 2023-01-26 16:29:30.000000000 +0100
|
||||||
|
+++ b/awscli/dateutil/zoneinfo/rebuild.py 2023-07-19 10:12:42.277559948 +0200
|
||||||
|
@@ -21,7 +21,12 @@
|
||||||
|
try:
|
||||||
|
with TarFile.open(filename) as tf:
|
||||||
|
for name in zonegroups:
|
||||||
|
- tf.extract(name, tmpdir)
|
||||||
|
+ if hasattr(tarfile, 'data_filter'):
|
||||||
|
+ # Python with CVE-2007-4559 mitigation (PEP 706)
|
||||||
|
+ tf.extract(name, tmpdir, filter='data')
|
||||||
|
+ else:
|
||||||
|
+ # Fallback to a possibly dangerous extraction (before PEP 706)
|
||||||
|
+ tf.extract(name, tmpdir)
|
||||||
|
filepaths = [os.path.join(tmpdir, n) for n in zonegroups]
|
||||||
|
|
||||||
|
_run_zic(zonedir, filepaths)
|
||||||
|
|
||||||
|
--- a/azure/dateutil/zoneinfo/rebuild.py 2023-01-26 16:29:30.000000000 +0100
|
||||||
|
+++ b/azure/dateutil/zoneinfo/rebuild.py 2023-07-19 10:12:42.277559948 +0200
|
||||||
|
@@ -21,7 +21,12 @@
|
||||||
|
try:
|
||||||
|
with TarFile.open(filename) as tf:
|
||||||
|
for name in zonegroups:
|
||||||
|
- tf.extract(name, tmpdir)
|
||||||
|
+ if hasattr(tarfile, 'data_filter'):
|
||||||
|
+ # Python with CVE-2007-4559 mitigation (PEP 706)
|
||||||
|
+ tf.extract(name, tmpdir, filter='data')
|
||||||
|
+ else:
|
||||||
|
+ # Fallback to a possibly dangerous extraction (before PEP 706)
|
||||||
|
+ tf.extract(name, tmpdir)
|
||||||
|
filepaths = [os.path.join(tmpdir, n) for n in zonegroups]
|
||||||
|
|
||||||
|
_run_zic(zonedir, filepaths)
|
@ -0,0 +1,17 @@
|
|||||||
|
--- a/kubevirt/dateutil/zoneinfo/rebuild.py 2023-01-26 16:29:30.000000000 +0100
|
||||||
|
+++ b/kubevirt/dateutil/zoneinfo/rebuild.py 2023-07-19 10:12:42.277559948 +0200
|
||||||
|
@@ -21,7 +21,12 @@
|
||||||
|
try:
|
||||||
|
with TarFile.open(filename) as tf:
|
||||||
|
for name in zonegroups:
|
||||||
|
- tf.extract(name, tmpdir)
|
||||||
|
+ if hasattr(tarfile, 'data_filter'):
|
||||||
|
+ # Python with CVE-2007-4559 mitigation (PEP 706)
|
||||||
|
+ tf.extract(name, tmpdir, filter='data')
|
||||||
|
+ else:
|
||||||
|
+ # Fallback to a possibly dangerous extraction (before PEP 706)
|
||||||
|
+ tf.extract(name, tmpdir)
|
||||||
|
filepaths = [os.path.join(tmpdir, n) for n in zonegroups]
|
||||||
|
|
||||||
|
_run_zic(zonedir, filepaths)
|
||||||
|
|
@ -0,0 +1,150 @@
|
|||||||
|
From 22935608247816be0ccec85fc590f19b509f3614 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Schauberer <74912604+andscha@users.noreply.github.com>
|
||||||
|
Date: Thu, 15 Jun 2023 16:34:13 +0200
|
||||||
|
Subject: [PATCH 1/3] fence_ibm_powervs: improved performance
|
||||||
|
|
||||||
|
fence_ibm_powervs: improved performance
|
||||||
|
- improved performance using less power-iaas.cloud.ibm.com API calls
|
||||||
|
- add support for reboot_cycle, method to fence (onoff|cycle) (Default: onoff)
|
||||||
|
|
||||||
|
Addressed comments by oalbrigt in ClusterLabs #PR542
|
||||||
|
- you can use if options["--verbose-level"] > 1: to only print it when -vv or more or verbose_level is set to 2 or higher.
|
||||||
|
- Removed all_opt["method"] defaults
|
||||||
|
---
|
||||||
|
agents/ibm_powervs/fence_ibm_powervs.py | 70 ++++++++++++++++++-------
|
||||||
|
1 file changed, 51 insertions(+), 19 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/agents/ibm_powervs/fence_ibm_powervs.py b/agents/ibm_powervs/fence_ibm_powervs.py
|
||||||
|
index 183893616..e65462cb9 100755
|
||||||
|
--- a/agents/ibm_powervs/fence_ibm_powervs.py
|
||||||
|
+++ b/agents/ibm_powervs/fence_ibm_powervs.py
|
||||||
|
@@ -12,6 +12,8 @@
|
||||||
|
state = {
|
||||||
|
"ACTIVE": "on",
|
||||||
|
"SHUTOFF": "off",
|
||||||
|
+ "HARD_REBOOT": "on",
|
||||||
|
+ "SOFT_REBOOT": "on",
|
||||||
|
"ERROR": "unknown"
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -37,21 +39,30 @@ def get_list(conn, options):
|
||||||
|
return outlets
|
||||||
|
|
||||||
|
for r in res["pvmInstances"]:
|
||||||
|
- if "--verbose" in options:
|
||||||
|
+ if options["--verbose-level"] > 1:
|
||||||
|
logging.debug(json.dumps(r, indent=2))
|
||||||
|
outlets[r["pvmInstanceID"]] = (r["serverName"], state[r["status"]])
|
||||||
|
|
||||||
|
return outlets
|
||||||
|
|
||||||
|
def get_power_status(conn, options):
|
||||||
|
+ outlets = {}
|
||||||
|
+ logging.debug("Info: getting power status for LPAR " + options["--plug"] + " instance " + options["--instance"])
|
||||||
|
try:
|
||||||
|
command = "cloud-instances/{}/pvm-instances/{}".format(
|
||||||
|
options["--instance"], options["--plug"])
|
||||||
|
res = send_command(conn, command)
|
||||||
|
- result = get_list(conn, options)[options["--plug"]][1]
|
||||||
|
+ outlets[res["pvmInstanceID"]] = (res["serverName"], state[res["status"]])
|
||||||
|
+ if options["--verbose-level"] > 1:
|
||||||
|
+ logging.debug(json.dumps(res, indent=2))
|
||||||
|
+ result = outlets[options["--plug"]][1]
|
||||||
|
+ logging.debug("Info: Status: {}".format(result))
|
||||||
|
except KeyError as e:
|
||||||
|
- logging.debug("Failed: Unable to get status for {}".format(e))
|
||||||
|
- fail(EC_STATUS)
|
||||||
|
+ try:
|
||||||
|
+ result = get_list(conn, options)[options["--plug"]][1]
|
||||||
|
+ except KeyError as ex:
|
||||||
|
+ logging.debug("Failed: Unable to get status for {}".format(ex))
|
||||||
|
+ fail(EC_STATUS)
|
||||||
|
|
||||||
|
return result
|
||||||
|
|
||||||
|
@@ -61,6 +72,7 @@ def set_power_status(conn, options):
|
||||||
|
"off" : '{"action" : "immediate-shutdown"}',
|
||||||
|
}[options["--action"]]
|
||||||
|
|
||||||
|
+ logging.debug("Info: set power status to " + options["--action"] + " for LPAR " + options["--plug"] + " instance " + options["--instance"])
|
||||||
|
try:
|
||||||
|
send_command(conn, "cloud-instances/{}/pvm-instances/{}/action".format(
|
||||||
|
options["--instance"], options["--plug"]), "POST", action)
|
||||||
|
@@ -68,6 +80,25 @@ def set_power_status(conn, options):
|
||||||
|
logging.debug("Failed: Unable to set power to {} for {}".format(options["--action"], e))
|
||||||
|
fail(EC_STATUS)
|
||||||
|
|
||||||
|
+def reboot_cycle(conn, options):
|
||||||
|
+ action = {
|
||||||
|
+ "reboot" : '{"action" : "hard-reboot"}',
|
||||||
|
+ }[options["--action"]]
|
||||||
|
+
|
||||||
|
+ logging.debug("Info: start reboot cycle with action " + options["--action"] + " for LPAR " + options["--plug"] + " instance " + options["--instance"])
|
||||||
|
+ try:
|
||||||
|
+ send_command(conn, "cloud-instances/{}/pvm-instances/{}/action".format(
|
||||||
|
+ options["--instance"], options["--plug"]), "POST", action)
|
||||||
|
+ except Exception as e:
|
||||||
|
+ result = get_power_status(conn, options)
|
||||||
|
+ logging.debug("Info: Status {}".format(result))
|
||||||
|
+ if result == "off":
|
||||||
|
+ return True
|
||||||
|
+ else:
|
||||||
|
+ logging.debug("Failed: Unable to cycle with {} for {}".format(options["--action"], e))
|
||||||
|
+ fail(EC_STATUS)
|
||||||
|
+ return True
|
||||||
|
+
|
||||||
|
def connect(opt, token):
|
||||||
|
conn = pycurl.Curl()
|
||||||
|
|
||||||
|
@@ -200,21 +231,21 @@ def define_new_opts():
|
||||||
|
"order" : 0
|
||||||
|
}
|
||||||
|
all_opt["api-type"] = {
|
||||||
|
- "getopt" : ":",
|
||||||
|
- "longopt" : "api-type",
|
||||||
|
- "help" : "--api-type=[public|private] API-type: 'public' (default) or 'private'",
|
||||||
|
- "required" : "0",
|
||||||
|
- "shortdesc" : "API-type (public|private)",
|
||||||
|
- "order" : 0
|
||||||
|
- }
|
||||||
|
+ "getopt" : ":",
|
||||||
|
+ "longopt" : "api-type",
|
||||||
|
+ "help" : "--api-type=[public|private] API-type: 'public' (default) or 'private'",
|
||||||
|
+ "required" : "0",
|
||||||
|
+ "shortdesc" : "API-type (public|private)",
|
||||||
|
+ "order" : 0
|
||||||
|
+ }
|
||||||
|
all_opt["proxy"] = {
|
||||||
|
- "getopt" : ":",
|
||||||
|
- "longopt" : "proxy",
|
||||||
|
- "help" : "--proxy=[http://<URL>:<PORT>] Proxy: 'http://<URL>:<PORT>'",
|
||||||
|
- "required" : "0",
|
||||||
|
- "shortdesc" : "Network proxy",
|
||||||
|
- "order" : 0
|
||||||
|
- }
|
||||||
|
+ "getopt" : ":",
|
||||||
|
+ "longopt" : "proxy",
|
||||||
|
+ "help" : "--proxy=[http://<URL>:<PORT>] Proxy: 'http://<URL>:<PORT>'",
|
||||||
|
+ "required" : "0",
|
||||||
|
+ "shortdesc" : "Network proxy",
|
||||||
|
+ "order" : 0
|
||||||
|
+ }
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
@@ -227,6 +258,7 @@ def main():
|
||||||
|
"proxy",
|
||||||
|
"port",
|
||||||
|
"no_password",
|
||||||
|
+ "method",
|
||||||
|
]
|
||||||
|
|
||||||
|
atexit.register(atexit_handler)
|
||||||
|
@@ -259,7 +291,7 @@ def main():
|
||||||
|
conn = connect(options, token)
|
||||||
|
atexit.register(disconnect, conn)
|
||||||
|
|
||||||
|
- result = fence_action(conn, options, set_power_status, get_power_status, get_list)
|
||||||
|
+ result = fence_action(conn, options, set_power_status, get_power_status, get_list, reboot_cycle)
|
||||||
|
|
||||||
|
sys.exit(result)
|
123
SOURCES/bz2224267-fence_ipmilan-fix-typos-in-metadata.patch
Normal file
123
SOURCES/bz2224267-fence_ipmilan-fix-typos-in-metadata.patch
Normal file
@ -0,0 +1,123 @@
|
|||||||
|
From ddfaa29150d0d6fd8841b3e39fa5e806812542b5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: razo7 <oraz@redhat.com>
|
||||||
|
Date: Wed, 19 Jul 2023 16:33:01 +0300
|
||||||
|
Subject: [PATCH] Fix typo in fence_ipmilan description
|
||||||
|
|
||||||
|
Add spaces in the long description
|
||||||
|
---
|
||||||
|
agents/ipmilan/fence_ipmilan.py | 4 ++--
|
||||||
|
tests/data/metadata/fence_idrac.xml | 2 +-
|
||||||
|
tests/data/metadata/fence_ilo3.xml | 2 +-
|
||||||
|
tests/data/metadata/fence_ilo4.xml | 2 +-
|
||||||
|
tests/data/metadata/fence_ilo5.xml | 2 +-
|
||||||
|
tests/data/metadata/fence_imm.xml | 2 +-
|
||||||
|
tests/data/metadata/fence_ipmilan.xml | 2 +-
|
||||||
|
tests/data/metadata/fence_ipmilanplus.xml | 2 +-
|
||||||
|
8 files changed, 9 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/agents/ipmilan/fence_ipmilan.py b/agents/ipmilan/fence_ipmilan.py
|
||||||
|
index 0acf977da..91e09ac7d 100644
|
||||||
|
--- a/agents/ipmilan/fence_ipmilan.py
|
||||||
|
+++ b/agents/ipmilan/fence_ipmilan.py
|
||||||
|
@@ -203,8 +203,8 @@ def main():
|
||||||
|
|
||||||
|
docs = {}
|
||||||
|
docs["shortdesc"] = "Fence agent for IPMI"
|
||||||
|
- docs["longdesc"] = "fence_ipmilan is an I/O Fencing agent\
|
||||||
|
-which can be used with machines controlled by IPMI.\
|
||||||
|
+ docs["longdesc"] = "fence_ipmilan is an I/O Fencing agent \
|
||||||
|
+which can be used with machines controlled by IPMI. \
|
||||||
|
This agent calls support software ipmitool (http://ipmitool.sf.net/). \
|
||||||
|
WARNING! This fence agent might report success before the node is powered off. \
|
||||||
|
You should use -m/method onoff if your fence device works correctly with that option."
|
||||||
|
diff --git a/tests/data/metadata/fence_idrac.xml b/tests/data/metadata/fence_idrac.xml
|
||||||
|
index 2d4876493..d1f283e4a 100644
|
||||||
|
--- a/tests/data/metadata/fence_idrac.xml
|
||||||
|
+++ b/tests/data/metadata/fence_idrac.xml
|
||||||
|
@@ -6,7 +6,7 @@
|
||||||
|
<symlink name="fence_ipmilanplus" shortdesc="Fence agent for IPMIv2 lanplus"/>
|
||||||
|
<symlink name="fence_imm" shortdesc="Fence agent for IBM Integrated Management Module"/>
|
||||||
|
<symlink name="fence_idrac" shortdesc="Fence agent for Dell iDRAC"/>
|
||||||
|
-<longdesc>fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
+<longdesc>fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
<vendor-url></vendor-url>
|
||||||
|
<parameters>
|
||||||
|
<parameter name="action" unique="0" required="1">
|
||||||
|
diff --git a/tests/data/metadata/fence_ilo3.xml b/tests/data/metadata/fence_ilo3.xml
|
||||||
|
index 0567b539c..5aca0211b 100644
|
||||||
|
--- a/tests/data/metadata/fence_ilo3.xml
|
||||||
|
+++ b/tests/data/metadata/fence_ilo3.xml
|
||||||
|
@@ -6,7 +6,7 @@
|
||||||
|
<symlink name="fence_ipmilanplus" shortdesc="Fence agent for IPMIv2 lanplus"/>
|
||||||
|
<symlink name="fence_imm" shortdesc="Fence agent for IBM Integrated Management Module"/>
|
||||||
|
<symlink name="fence_idrac" shortdesc="Fence agent for Dell iDRAC"/>
|
||||||
|
-<longdesc>fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
+<longdesc>fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
<vendor-url></vendor-url>
|
||||||
|
<parameters>
|
||||||
|
<parameter name="action" unique="0" required="1">
|
||||||
|
diff --git a/tests/data/metadata/fence_ilo4.xml b/tests/data/metadata/fence_ilo4.xml
|
||||||
|
index 647bb1021..3aa001ad2 100644
|
||||||
|
--- a/tests/data/metadata/fence_ilo4.xml
|
||||||
|
+++ b/tests/data/metadata/fence_ilo4.xml
|
||||||
|
@@ -6,7 +6,7 @@
|
||||||
|
<symlink name="fence_ipmilanplus" shortdesc="Fence agent for IPMIv2 lanplus"/>
|
||||||
|
<symlink name="fence_imm" shortdesc="Fence agent for IBM Integrated Management Module"/>
|
||||||
|
<symlink name="fence_idrac" shortdesc="Fence agent for Dell iDRAC"/>
|
||||||
|
-<longdesc>fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
+<longdesc>fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
<vendor-url></vendor-url>
|
||||||
|
<parameters>
|
||||||
|
<parameter name="action" unique="0" required="1">
|
||||||
|
diff --git a/tests/data/metadata/fence_ilo5.xml b/tests/data/metadata/fence_ilo5.xml
|
||||||
|
index 6c99db22a..262787905 100644
|
||||||
|
--- a/tests/data/metadata/fence_ilo5.xml
|
||||||
|
+++ b/tests/data/metadata/fence_ilo5.xml
|
||||||
|
@@ -6,7 +6,7 @@
|
||||||
|
<symlink name="fence_ipmilanplus" shortdesc="Fence agent for IPMIv2 lanplus"/>
|
||||||
|
<symlink name="fence_imm" shortdesc="Fence agent for IBM Integrated Management Module"/>
|
||||||
|
<symlink name="fence_idrac" shortdesc="Fence agent for Dell iDRAC"/>
|
||||||
|
-<longdesc>fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
+<longdesc>fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
<vendor-url></vendor-url>
|
||||||
|
<parameters>
|
||||||
|
<parameter name="action" unique="0" required="1">
|
||||||
|
diff --git a/tests/data/metadata/fence_imm.xml b/tests/data/metadata/fence_imm.xml
|
||||||
|
index 5c5bf910f..26f9a76d3 100644
|
||||||
|
--- a/tests/data/metadata/fence_imm.xml
|
||||||
|
+++ b/tests/data/metadata/fence_imm.xml
|
||||||
|
@@ -6,7 +6,7 @@
|
||||||
|
<symlink name="fence_ipmilanplus" shortdesc="Fence agent for IPMIv2 lanplus"/>
|
||||||
|
<symlink name="fence_imm" shortdesc="Fence agent for IBM Integrated Management Module"/>
|
||||||
|
<symlink name="fence_idrac" shortdesc="Fence agent for Dell iDRAC"/>
|
||||||
|
-<longdesc>fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
+<longdesc>fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
<vendor-url></vendor-url>
|
||||||
|
<parameters>
|
||||||
|
<parameter name="action" unique="0" required="1">
|
||||||
|
diff --git a/tests/data/metadata/fence_ipmilan.xml b/tests/data/metadata/fence_ipmilan.xml
|
||||||
|
index a31afcfd4..daad65a70 100644
|
||||||
|
--- a/tests/data/metadata/fence_ipmilan.xml
|
||||||
|
+++ b/tests/data/metadata/fence_ipmilan.xml
|
||||||
|
@@ -6,7 +6,7 @@
|
||||||
|
<symlink name="fence_ipmilanplus" shortdesc="Fence agent for IPMIv2 lanplus"/>
|
||||||
|
<symlink name="fence_imm" shortdesc="Fence agent for IBM Integrated Management Module"/>
|
||||||
|
<symlink name="fence_idrac" shortdesc="Fence agent for Dell iDRAC"/>
|
||||||
|
-<longdesc>fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
+<longdesc>fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
<vendor-url></vendor-url>
|
||||||
|
<parameters>
|
||||||
|
<parameter name="action" unique="0" required="1">
|
||||||
|
diff --git a/tests/data/metadata/fence_ipmilanplus.xml b/tests/data/metadata/fence_ipmilanplus.xml
|
||||||
|
index 19c252933..7b678b245 100644
|
||||||
|
--- a/tests/data/metadata/fence_ipmilanplus.xml
|
||||||
|
+++ b/tests/data/metadata/fence_ipmilanplus.xml
|
||||||
|
@@ -6,7 +6,7 @@
|
||||||
|
<symlink name="fence_ipmilanplus" shortdesc="Fence agent for IPMIv2 lanplus"/>
|
||||||
|
<symlink name="fence_imm" shortdesc="Fence agent for IBM Integrated Management Module"/>
|
||||||
|
<symlink name="fence_idrac" shortdesc="Fence agent for Dell iDRAC"/>
|
||||||
|
-<longdesc>fence_ipmilan is an I/O Fencing agentwhich can be used with machines controlled by IPMI.This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
+<longdesc>fence_ipmilan is an I/O Fencing agent which can be used with machines controlled by IPMI. This agent calls support software ipmitool (http://ipmitool.sf.net/). WARNING! This fence agent might report success before the node is powered off. You should use -m/method onoff if your fence device works correctly with that option.</longdesc>
|
||||||
|
<vendor-url></vendor-url>
|
||||||
|
<parameters>
|
||||||
|
<parameter name="action" unique="0" required="1">
|
@ -7,7 +7,6 @@
|
|||||||
## global alphatag git0a6184070
|
## global alphatag git0a6184070
|
||||||
|
|
||||||
# bundles
|
# bundles
|
||||||
%global bundled_lib_dir bundled
|
|
||||||
# azure
|
# azure
|
||||||
%global oauthlib oauthlib
|
%global oauthlib oauthlib
|
||||||
%global oauthlib_version 3.2.2
|
%global oauthlib_version 3.2.2
|
||||||
@ -60,7 +59,7 @@
|
|||||||
Name: fence-agents
|
Name: fence-agents
|
||||||
Summary: Set of unified programs capable of host isolation ("fencing")
|
Summary: Set of unified programs capable of host isolation ("fencing")
|
||||||
Version: 4.10.0
|
Version: 4.10.0
|
||||||
Release: 43%{?alphatag:.%{alphatag}}%{?dist}
|
Release: 55%{?alphatag:.%{alphatag}}%{?dist}
|
||||||
License: GPLv2+ and LGPLv2+
|
License: GPLv2+ and LGPLv2+
|
||||||
URL: https://github.com/ClusterLabs/fence-agents
|
URL: https://github.com/ClusterLabs/fence-agents
|
||||||
Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz
|
Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz
|
||||||
@ -231,6 +230,17 @@ Patch36: bz2149655-fence_virtd-update-fence_virt.conf-manpage.patch
|
|||||||
Patch37: bz2160480-fence_scsi-fix-validate-all.patch
|
Patch37: bz2160480-fence_scsi-fix-validate-all.patch
|
||||||
Patch38: bz2152107-fencing-1-add-plug_separator.patch
|
Patch38: bz2152107-fencing-1-add-plug_separator.patch
|
||||||
Patch39: bz2152107-fencing-2-update-DEPENDENCY_OPT.patch
|
Patch39: bz2152107-fencing-2-update-DEPENDENCY_OPT.patch
|
||||||
|
Patch40: bz2183162-fence_aws-1-add-skip-race-check-parameter.patch
|
||||||
|
Patch41: bz2183162-fence_aws-2-fail-when-power-action-request-fails.patch
|
||||||
|
Patch42: bz2187327-fence_scsi-1-detect-devices-in-shared-vgs.patch
|
||||||
|
Patch43: bz2187327-fence_scsi-2-support-space-separated-devices.patch
|
||||||
|
Patch44: bz2211930-fence_azure-arm-stack-hub-support.patch
|
||||||
|
Patch45: bz2221643-fence_ibm_powervs-performance-improvements.patch
|
||||||
|
Patch46: bz2224267-fence_ipmilan-fix-typos-in-metadata.patch
|
||||||
|
|
||||||
|
### HA support libs/utils ###
|
||||||
|
Patch1000: bz2217902-1-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch
|
||||||
|
Patch1001: bz2217902-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
|
||||||
|
|
||||||
%global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
|
%global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
|
||||||
%ifarch x86_64
|
%ifarch x86_64
|
||||||
@ -381,6 +391,13 @@ BuildRequires: %{systemd_units}
|
|||||||
%patch37 -p1
|
%patch37 -p1
|
||||||
%patch38 -p1
|
%patch38 -p1
|
||||||
%patch39 -p1
|
%patch39 -p1
|
||||||
|
%patch40 -p1
|
||||||
|
%patch41 -p1
|
||||||
|
%patch42 -p1
|
||||||
|
%patch43 -p1
|
||||||
|
%patch44 -p1
|
||||||
|
%patch45 -p1
|
||||||
|
%patch46 -p1
|
||||||
|
|
||||||
# prevent compilation of something that won't get used anyway
|
# prevent compilation of something that won't get used anyway
|
||||||
sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
|
sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
|
||||||
@ -411,6 +428,23 @@ sed -i -e "/^#\!\/Users/c#\!%{__python3}" support/aws/bin/jp support/aliyun/bin/
|
|||||||
sed -i -e "/^import awscli.clidriver/isys.path.insert(0, '/usr/lib/%{name}/support/awscli')" support/awscli/bin/aws
|
sed -i -e "/^import awscli.clidriver/isys.path.insert(0, '/usr/lib/%{name}/support/awscli')" support/awscli/bin/aws
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
# regular patch doesnt work in build-section
|
||||||
|
# Patch1000
|
||||||
|
%ifarch x86_64
|
||||||
|
pushd support
|
||||||
|
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{_sourcedir}/bz2217902-1-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch
|
||||||
|
popd
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# kubevirt
|
||||||
|
%{__python3} -m pip install --user --no-index --find-links %{_sourcedir} setuptools-scm
|
||||||
|
%{__python3} -m pip install --target support/kubevirt --no-index --find-links %{_sourcedir} openshift
|
||||||
|
rm -rf kubevirt/rsa*
|
||||||
|
# Patch1001
|
||||||
|
pushd support
|
||||||
|
/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{_sourcedir}/bz2217902-2-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
|
||||||
|
popd
|
||||||
|
|
||||||
./autogen.sh
|
./autogen.sh
|
||||||
%{configure} --disable-libvirt-qmf-plugin PYTHONPATH="support/aliyun:support/aws:support/azure:support/google:support/common" \
|
%{configure} --disable-libvirt-qmf-plugin PYTHONPATH="support/aliyun:support/aws:support/azure:support/google:support/common" \
|
||||||
%if %{defined _tmpfilesdir}
|
%if %{defined _tmpfilesdir}
|
||||||
@ -440,11 +474,6 @@ install -m 0644 agents/virt/fence_virtd.service %{buildroot}/%{_unitdir}/
|
|||||||
%endif
|
%endif
|
||||||
# XXX unsure if /usr/sbin/fence_* should be compiled as well
|
# XXX unsure if /usr/sbin/fence_* should be compiled as well
|
||||||
|
|
||||||
# kubevirt
|
|
||||||
%{__python3} -m pip install --user --no-index --find-links %{_sourcedir} setuptools-scm
|
|
||||||
%{__python3} -m pip install --target %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt --no-index --find-links %{_sourcedir} openshift
|
|
||||||
rm -rf %{buildroot}/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt/rsa*
|
|
||||||
|
|
||||||
## tree fix up
|
## tree fix up
|
||||||
# fix libfence permissions
|
# fix libfence permissions
|
||||||
chmod 0755 %{buildroot}%{_datadir}/fence/*.py
|
chmod 0755 %{buildroot}%{_datadir}/fence/*.py
|
||||||
@ -613,6 +642,7 @@ Support libraries for Fence Agents.
|
|||||||
%dir %{_usr}/lib/%{name}
|
%dir %{_usr}/lib/%{name}
|
||||||
%{_usr}/lib/%{name}/support
|
%{_usr}/lib/%{name}/support
|
||||||
%exclude %{_usr}/lib/%{name}/support/common
|
%exclude %{_usr}/lib/%{name}/support/common
|
||||||
|
%exclude %{_usr}/lib/%{name}/support/kubevirt
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%package all
|
%package all
|
||||||
@ -1148,7 +1178,7 @@ Fence agent for KubeVirt platform.
|
|||||||
%{_sbindir}/fence_kubevirt
|
%{_sbindir}/fence_kubevirt
|
||||||
%{_mandir}/man8/fence_kubevirt.8*
|
%{_mandir}/man8/fence_kubevirt.8*
|
||||||
# bundled libraries
|
# bundled libraries
|
||||||
/usr/lib/fence-agents/%{bundled_lib_dir}/kubevirt
|
%{_usr}/lib/%{name}/support/kubevirt
|
||||||
|
|
||||||
%package lpar
|
%package lpar
|
||||||
License: GPLv2+ and LGPLv2+
|
License: GPLv2+ and LGPLv2+
|
||||||
@ -1447,6 +1477,29 @@ are located on corosync cluster nodes.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Aug 3 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-55
|
||||||
|
- bundled dateutil: fix tarfile CVE-2007-4559
|
||||||
|
Resolves: rhbz#2217902
|
||||||
|
- fence_ipmilan: fix typos in metadata
|
||||||
|
Resolves: rhbz#2224267
|
||||||
|
|
||||||
|
* Tue Jul 11 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-48
|
||||||
|
- fence_ibm_powervs: performance improvements
|
||||||
|
Resolves: rhbz#2221643
|
||||||
|
|
||||||
|
* Tue Jun 20 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-47
|
||||||
|
- fence_azure_arm: add Stack Hub support
|
||||||
|
Resolves: rhbz#2211930
|
||||||
|
|
||||||
|
* Thu May 4 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-46
|
||||||
|
- fence_scsi: detect devices in shared VGs
|
||||||
|
Resolves: rhbz#2187327
|
||||||
|
|
||||||
|
* Wed May 3 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-45
|
||||||
|
- fence_aws: add --skip-race-check parameter to allow running outside
|
||||||
|
of AWS network
|
||||||
|
Resolves: rhbz#2183162
|
||||||
|
|
||||||
* Thu Jan 26 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-43
|
* Thu Jan 26 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-43
|
||||||
- fence_vmware_soap: set login_timeout lower than default
|
- fence_vmware_soap: set login_timeout lower than default
|
||||||
pcmk_monitor_timeout (20s) to remove tmp dirs
|
pcmk_monitor_timeout (20s) to remove tmp dirs
|
||||||
|
Loading…
Reference in New Issue
Block a user