From 69ddab129d6b61a11d8baa73fc00ea239d0a3aaf Mon Sep 17 00:00:00 2001 From: Oyvind Albrigtsen Date: Tue, 5 Oct 2021 15:06:16 +0200 Subject: [PATCH] - fence_azure_arm: fix sovereign cloud and MSI support Resolves: rhbz#2010652 - fence_amt_ws: fix "or" causing dead code Resolves: rhbz#2010709 --- ..._arm-fix-sovereign-cloud-msi-support.patch | 139 ++++++++++++++++++ ...ence_amt_ws-fix-or-causing-dead-code.patch | 22 +++ fence-agents.spec | 11 +- 3 files changed, 170 insertions(+), 2 deletions(-) create mode 100644 bz2010652-fence_azure_arm-fix-sovereign-cloud-msi-support.patch create mode 100644 bz2010709-fence_amt_ws-fix-or-causing-dead-code.patch diff --git a/bz2010652-fence_azure_arm-fix-sovereign-cloud-msi-support.patch b/bz2010652-fence_azure_arm-fix-sovereign-cloud-msi-support.patch new file mode 100644 index 0000000..4077484 --- /dev/null +++ b/bz2010652-fence_azure_arm-fix-sovereign-cloud-msi-support.patch @@ -0,0 +1,139 @@ +From e339f304d4423a0e661d915f72ba88553b21d74a Mon Sep 17 00:00:00 2001 +From: MSSedusch +Date: Tue, 28 Sep 2021 12:23:37 +0000 +Subject: [PATCH 1/2] add support for sovereign clouds and MSI + +--- + lib/azure_fence.py.py | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/lib/azure_fence.py.py b/lib/azure_fence.py.py +index 1f38bd4ea..75b63fdad 100644 +--- a/lib/azure_fence.py.py ++++ b/lib/azure_fence.py.py +@@ -286,11 +286,11 @@ def get_azure_credentials(config): + credentials = None + cloud_environment = get_azure_cloud_environment(config) + if config.UseMSI and cloud_environment: +- from msrestazure.azure_active_directory import MSIAuthentication +- credentials = MSIAuthentication(cloud_environment=cloud_environment) ++ from azure.identity import ManagedIdentityCredential ++ credentials = ManagedIdentityCredential(cloud_environment=cloud_environment) + elif config.UseMSI: +- from msrestazure.azure_active_directory import MSIAuthentication +- credentials = MSIAuthentication() ++ from azure.identity import ManagedIdentityCredential ++ credentials = ManagedIdentityCredential() + elif cloud_environment: + try: + # try to use new libraries ClientSecretCredential (azure.identity, based on azure.core) +@@ -340,7 +340,8 @@ def get_azure_compute_client(config): + compute_client = ComputeManagementClient( + credentials, + config.SubscriptionId, +- base_url=cloud_environment.endpoints.resource_manager ++ base_url=cloud_environment.endpoints.resource_manager, ++ credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"] + ) + else: + compute_client = ComputeManagementClient( +@@ -359,7 +360,8 @@ def get_azure_network_client(config): + network_client = NetworkManagementClient( + credentials, + config.SubscriptionId, +- base_url=cloud_environment.endpoints.resource_manager ++ base_url=cloud_environment.endpoints.resource_manager, ++ credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"] + ) + else: + network_client = NetworkManagementClient( + +From f08f02a7561e78dd9c95c66ccdcf6246c5ee7d6a Mon Sep 17 00:00:00 2001 +From: MSSedusch +Date: Fri, 1 Oct 2021 15:28:39 +0000 +Subject: [PATCH 2/2] compatiblity fix + +--- + lib/azure_fence.py.py | 54 ++++++++++++++++++++++++++++++------------- + 1 file changed, 38 insertions(+), 16 deletions(-) + +diff --git a/lib/azure_fence.py.py b/lib/azure_fence.py.py +index 75b63fdad..5ca71eb42 100644 +--- a/lib/azure_fence.py.py ++++ b/lib/azure_fence.py.py +@@ -286,11 +286,19 @@ def get_azure_credentials(config): + credentials = None + cloud_environment = get_azure_cloud_environment(config) + if config.UseMSI and cloud_environment: +- from azure.identity import ManagedIdentityCredential +- credentials = ManagedIdentityCredential(cloud_environment=cloud_environment) ++ try: ++ from azure.identity import ManagedIdentityCredential ++ credentials = ManagedIdentityCredential(cloud_environment=cloud_environment) ++ except ImportError: ++ from msrestazure.azure_active_directory import MSIAuthentication ++ credentials = MSIAuthentication(cloud_environment=cloud_environment) + elif config.UseMSI: +- from azure.identity import ManagedIdentityCredential +- credentials = ManagedIdentityCredential() ++ try: ++ from azure.identity import ManagedIdentityCredential ++ credentials = ManagedIdentityCredential() ++ except ImportError: ++ from msrestazure.azure_active_directory import MSIAuthentication ++ credentials = MSIAuthentication() + elif cloud_environment: + try: + # try to use new libraries ClientSecretCredential (azure.identity, based on azure.core) +@@ -337,12 +345,19 @@ def get_azure_compute_client(config): + credentials = get_azure_credentials(config) + + if cloud_environment: +- compute_client = ComputeManagementClient( +- credentials, +- config.SubscriptionId, +- base_url=cloud_environment.endpoints.resource_manager, +- credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"] +- ) ++ try: ++ compute_client = ComputeManagementClient( ++ credentials, ++ config.SubscriptionId, ++ base_url=cloud_environment.endpoints.resource_manager, ++ credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"] ++ ) ++ except TypeError: ++ compute_client = ComputeManagementClient( ++ credentials, ++ config.SubscriptionId, ++ base_url=cloud_environment.endpoints.resource_manager ++ ) + else: + compute_client = ComputeManagementClient( + credentials, +@@ -357,12 +372,19 @@ def get_azure_network_client(config): + credentials = get_azure_credentials(config) + + if cloud_environment: +- network_client = NetworkManagementClient( +- credentials, +- config.SubscriptionId, +- base_url=cloud_environment.endpoints.resource_manager, +- credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"] +- ) ++ try: ++ network_client = NetworkManagementClient( ++ credentials, ++ config.SubscriptionId, ++ base_url=cloud_environment.endpoints.resource_manager, ++ credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"] ++ ) ++ except TypeError: ++ network_client = NetworkManagementClient( ++ credentials, ++ config.SubscriptionId, ++ base_url=cloud_environment.endpoints.resource_manager ++ ) + else: + network_client = NetworkManagementClient( + credentials, diff --git a/bz2010709-fence_amt_ws-fix-or-causing-dead-code.patch b/bz2010709-fence_amt_ws-fix-or-causing-dead-code.patch new file mode 100644 index 0000000..bdbeab0 --- /dev/null +++ b/bz2010709-fence_amt_ws-fix-or-causing-dead-code.patch @@ -0,0 +1,22 @@ +From 06855a8227fa91f6216119daa3d32d5858c62837 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Mon, 27 Sep 2021 12:05:41 +0200 +Subject: [PATCH] fence_amt_ws: fix "or" causing dead code + +--- + agents/amt_ws/fence_amt_ws.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/agents/amt_ws/fence_amt_ws.py b/agents/amt_ws/fence_amt_ws.py +index 23c8a61a4..122cec309 100755 +--- a/agents/amt_ws/fence_amt_ws.py ++++ b/agents/amt_ws/fence_amt_ws.py +@@ -148,7 +148,7 @@ def set_boot_order(_, client, options): + + if options["--boot-option"] == "pxe": + device = "Intel(r) AMT: Force PXE Boot" +- elif options["--boot-option"] == "hd" or "hdsafe": ++ elif options["--boot-option"] in ["hd", "hdsafe"]: + device = "Intel(r) AMT: Force Hard-drive Boot" + elif options["--boot-option"] == "cd": + device = "Intel(r) AMT: Force CD/DVD Boot" diff --git a/fence-agents.spec b/fence-agents.spec index 747b2ec..47e579d 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -9,7 +9,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 9%{?alphatag:.%{alphatag}}%{?dist} +Release: 10%{?alphatag:.%{alphatag}}%{?dist} License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -134,6 +134,8 @@ Patch3: ha-cloud-support-google.patch Patch4: ha-openstack-support.patch Patch5: bundled-pexpect.patch Patch6: bundled-suds.patch +Patch7: bz2010652-fence_azure_arm-fix-sovereign-cloud-msi-support.patch +Patch8: bz2010709-fence_amt_ws-fix-or-causing-dead-code.patch %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti %ifarch x86_64 @@ -1272,6 +1274,12 @@ are located on corosync cluster nodes. %endif %changelog +* Tue Oct 5 2021 Oyvind Albrigtsen - 4.10.0-10 +- fence_azure_arm: fix sovereign cloud and MSI support + Resolves: rhbz#2010652 +- fence_amt_ws: fix "or" causing dead code + Resolves: rhbz#2010709 + * Tue Aug 31 2021 Oyvind Albrigtsen - 4.10.0-9 - Only build fence-virt subpackages for x86_64 arch Resolves: rhbz#1965988 @@ -1418,7 +1426,6 @@ are located on corosync cluster nodes. * Thu Aug 3 2017 Oyvind Albrigtsen - 4.0.24-9 - Fix encoding for pexpect with Python 3.6 - Resolves: rhbz#1473908 * Wed Aug 02 2017 Fedora Release Engineering - 4.0.24-8