import fence-agents-4.10.0-14.el9

This commit is contained in:
CentOS Sources 2022-02-01 12:53:47 -05:00 committed by Stepan Oksanichenko
parent f45188615b
commit 4ee418dad7
3 changed files with 139 additions and 2 deletions

View File

@ -0,0 +1,72 @@
From f79436d3a5e4cf279be0974e9633ad8994a017f7 Mon Sep 17 00:00:00 2001
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
Date: Mon, 6 Dec 2021 12:59:31 +0100
Subject: [PATCH] fence_openstack: add --ssl-insecure
---
agents/openstack/fence_openstack.py | 7 +++++--
tests/data/metadata/fence_openstack.xml | 5 +++++
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/agents/openstack/fence_openstack.py b/agents/openstack/fence_openstack.py
index c480596c1..c2d9df160 100755
--- a/agents/openstack/fence_openstack.py
+++ b/agents/openstack/fence_openstack.py
@@ -89,7 +89,7 @@ def set_power_status(conn, options):
def nova_login(username, password, projectname, auth_url, user_domain_name,
- project_domain_name, cacert, apitimeout):
+ project_domain_name, ssl_insecure, cacert, apitimeout):
legacy_import = False
try:
@@ -127,7 +127,7 @@ def nova_login(username, password, projectname, auth_url, user_domain_name,
cacert=cacert,
)
- session = ksc_session.Session(auth=auth, verify=cacert, timeout=apitimeout)
+ session = ksc_session.Session(auth=auth, verify=False if ssl_insecure else cacert, timeout=apitimeout)
nova = client.Client("2", session=session, timeout=apitimeout)
apiversion = None
try:
@@ -220,6 +220,7 @@ def main():
"port",
"no_port",
"uuid",
+ "ssl_insecure",
"cacert",
"apitimeout",
]
@@ -268,6 +269,7 @@ def main():
fail_usage("Failed: You have to set the Keystone service endpoint for authorization")
user_domain_name = options["--user-domain-name"]
project_domain_name = options["--project-domain-name"]
+ ssl_insecure = "--ssl-insecure" in options
cacert = options["--cacert"]
apitimeout = options["--apitimeout"]
try:
@@ -278,6 +280,7 @@ def main():
auth_url,
user_domain_name,
project_domain_name,
+ ssl_insecure,
cacert,
apitimeout,
)
diff --git a/tests/data/metadata/fence_openstack.xml b/tests/data/metadata/fence_openstack.xml
index 84503bbe0..926d18c3d 100644
--- a/tests/data/metadata/fence_openstack.xml
+++ b/tests/data/metadata/fence_openstack.xml
@@ -43,6 +43,11 @@
<content type="string" />
<shortdesc lang="en">UUID of the node to be fenced.</shortdesc>
</parameter>
+ <parameter name="ssl_insecure" unique="0" required="0">
+ <getopt mixed="--ssl-insecure" />
+ <content type="boolean" />
+ <shortdesc lang="en">Use SSL connection without verifying certificate</shortdesc>
+ </parameter>
<parameter name="username" unique="0" required="1" obsoletes="login">
<getopt mixed="-l, --username=[name]" />
<content type="string" />

View File

@ -0,0 +1,59 @@
From b7032d16a07997ecab3b2c11a6436b3fa21f9043 Mon Sep 17 00:00:00 2001
From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
Date: Thu, 6 Jan 2022 12:53:28 +0100
Subject: [PATCH] fence_openstack: relax ssl cacert default
allow the agent to use Base OS defaults vs forcing a specific file
to increase portability.
Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
agents/openstack/fence_openstack.py | 12 +++++++++---
tests/data/metadata/fence_openstack.xml | 2 +-
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/agents/openstack/fence_openstack.py b/agents/openstack/fence_openstack.py
index c2d9df160..36b353b52 100755
--- a/agents/openstack/fence_openstack.py
+++ b/agents/openstack/fence_openstack.py
@@ -127,7 +127,13 @@ def nova_login(username, password, projectname, auth_url, user_domain_name,
cacert=cacert,
)
- session = ksc_session.Session(auth=auth, verify=False if ssl_insecure else cacert, timeout=apitimeout)
+ caverify=True
+ if ssl_insecure:
+ caverify=False
+ elif cacert:
+ caverify=cacert
+
+ session = ksc_session.Session(auth=auth, verify=caverify, timeout=apitimeout)
nova = client.Client("2", session=session, timeout=apitimeout)
apiversion = None
try:
@@ -189,10 +195,10 @@ def define_new_opts():
all_opt["cacert"] = {
"getopt": ":",
"longopt": "cacert",
- "help": "--cacert=[cacert] Path to the PEM file with trusted authority certificates",
+ "help": "--cacert=[cacert] Path to the PEM file with trusted authority certificates (override global CA trust)",
"required": "0",
"shortdesc": "SSL X.509 certificates file",
- "default": "/etc/pki/tls/certs/ca-bundle.crt",
+ "default": "",
"order": 7,
}
all_opt["apitimeout"] = {
diff --git a/tests/data/metadata/fence_openstack.xml b/tests/data/metadata/fence_openstack.xml
index 926d18c3d..c8dc2e60f 100644
--- a/tests/data/metadata/fence_openstack.xml
+++ b/tests/data/metadata/fence_openstack.xml
@@ -100,7 +100,7 @@
</parameter>
<parameter name="cacert" unique="0" required="0">
<getopt mixed="--cacert=[cacert]" />
- <content type="string" default="/etc/pki/tls/certs/ca-bundle.crt" />
+ <content type="string" default="" />
<shortdesc lang="en">SSL X.509 certificates file</shortdesc>
</parameter>
<parameter name="apitimeout" unique="0" required="0">

View File

@ -59,7 +59,7 @@
Name: fence-agents Name: fence-agents
Summary: Set of unified programs capable of host isolation ("fencing") Summary: Set of unified programs capable of host isolation ("fencing")
Version: 4.10.0 Version: 4.10.0
Release: 13%{?alphatag:.%{alphatag}}%{?dist} Release: 14%{?alphatag:.%{alphatag}}%{?dist}
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
URL: https://github.com/ClusterLabs/fence-agents URL: https://github.com/ClusterLabs/fence-agents
Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz
@ -226,6 +226,8 @@ Patch9: bz2010709-2-fence_amt_ws-boot-option.patch
Patch10: bz2000954-1-configure-fix-virt.patch Patch10: bz2000954-1-configure-fix-virt.patch
Patch11: bz2000954-2-fence_kubevirt.patch Patch11: bz2000954-2-fence_kubevirt.patch
Patch12: bz2022334-fence_zvmip-add-ssl-tls-support.patch Patch12: bz2022334-fence_zvmip-add-ssl-tls-support.patch
Patch13: bz2029791-1-fence_openstack-add-ssl-insecure.patch
Patch14: bz2029791-2-fence_openstack-cacert-default.patch
%global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
%ifarch x86_64 %ifarch x86_64
@ -596,7 +598,7 @@ Support libraries for Fence Agents.
%endif %endif
%package all %package all
License: GPLv2+, LGPLv2+ and ASL 2.0 License: GPLv2+ and LGPLv2+ and ASL 2.0
Summary: Set of unified programs capable of host isolation ("fencing") Summary: Set of unified programs capable of host isolation ("fencing")
Requires: %{allfenceagents} Requires: %{allfenceagents}
%ifarch ppc64le %ifarch ppc64le
@ -1404,6 +1406,10 @@ are located on corosync cluster nodes.
%endif %endif
%changelog %changelog
* Tue Jan 11 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-14
- fence_openstack: add --ssl-insecure
Resolves: rhbz#2029791
* Thu Dec 2 2021 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-13 * Thu Dec 2 2021 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.10.0-13
- fence_amt_ws: fix "or" causing dead code - fence_amt_ws: fix "or" causing dead code
Resolves: rhbz#2010709 Resolves: rhbz#2010709