From 94936617166a54211c740be52f65290e70829f4c Mon Sep 17 00:00:00 2001 From: Oyvind Albrigtsen Date: Wed, 23 Oct 2024 08:58:06 +0200 Subject: [PATCH] - fence_ibm_powervs: add private endpoint and token file support Resolves: RHEL-62206 - ha-cloud-support: bundle libs for the powervs-subnet resource agent Resolves: RHEL-64023 --- ...vate-endpoint-and-token-file-support.patch | 120 ++++++++++++++++++ fence-agents.spec | 39 ++++-- sources | 3 +- 3 files changed, 153 insertions(+), 9 deletions(-) create mode 100644 RHEL-62206-fence_ibm_powervs-add-private-endpoint-and-token-file-support.patch diff --git a/RHEL-62206-fence_ibm_powervs-add-private-endpoint-and-token-file-support.patch b/RHEL-62206-fence_ibm_powervs-add-private-endpoint-and-token-file-support.patch new file mode 100644 index 0000000..af3ea5f --- /dev/null +++ b/RHEL-62206-fence_ibm_powervs-add-private-endpoint-and-token-file-support.patch @@ -0,0 +1,120 @@ +--- a/agents/ibm_powervs/fence_ibm_powervs.py 2024-10-18 10:30:40.651200620 +0200 ++++ b/agents/ibm_powervs/fence_ibm_powervs.py 2024-10-18 10:30:35.157070713 +0200 +@@ -1,13 +1,14 @@ + #!@PYTHON@ -tt + + import sys +-import pycurl, io, json ++import pycurl ++import io ++import json + import logging + import atexit +-import time ++ + sys.path.append("@FENCEAGENTSLIBDIR@") +-from fencing import * +-from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS ++from fencing import all_opt, atexit_handler, check_input, process_input, show_docs, fence_action, fail, run_delay, EC_STATUS + + state = { + "ACTIVE": "on", +@@ -18,15 +19,35 @@ + } + + def get_token(conn, options): +- try: +- command = "identity/token" +- action = "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey={}".format(options["--token"]) +- res = send_command(conn, command, "POST", action, printResult=False) +- except Exception as e: +- logging.debug("Failed: {}".format(e)) +- return "TOKEN_IS_MISSING_OR_WRONG" +- +- return res["access_token"] ++ try: ++ if options["--token"][0] == '@': ++ key_file = options["--token"][1:] ++ try: ++ # read the API key from a file ++ with open(key_file, "r") as f: ++ try: ++ keys = json.loads(f.read()) ++ # data seems to be in json format ++ # return the value of the item with the key 'Apikey' ++ api_key = keys.get("Apikey", "") ++ if not api_key: ++ # backward compatibility: former key name was 'apikey' ++ api_key = keys.get("apikey", "") ++ # data is text, return as is ++ except ValueError: ++ api_key = f.read().strip() ++ except FileNotFoundError: ++ logging.debug("Failed: Cannot open file {}".format(key_file)) ++ return "TOKEN_IS_MISSING_OR_WRONG" ++ else: ++ api_key = options["--token"] ++ command = "identity/token" ++ action = "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey={}".format(api_key) ++ res = send_command(conn, command, "POST", action, printResult=False) ++ except Exception as e: ++ logging.debug("Failed: {}".format(e)) ++ return "TOKEN_IS_MISSING_OR_WRONG" ++ return res["access_token"] + + def get_list(conn, options): + outlets = {} +@@ -41,7 +62,7 @@ + for r in res["pvmInstances"]: + if options["--verbose-level"] > 1: + logging.debug(json.dumps(r, indent=2)) +- outlets[r["pvmInstanceID"]] = (r["serverName"], state[r["status"]]) ++ outlets[r["pvmInstanceID"]] = (r["serverName"], state.get(r["status"], "unknown")) + + return outlets + +@@ -97,7 +118,7 @@ + else: + logging.debug("Failed: Unable to cycle with {} for {}".format(options["--action"], e)) + fail(EC_STATUS) +- return True ++ return True + + def connect(opt, token): + conn = pycurl.Curl() +@@ -130,7 +151,10 @@ + conn = pycurl.Curl() + + # setup correct URL +- conn.base_url = "https://iam.cloud.ibm.com/" ++ if opt["--api-type"] == "private": ++ conn.base_url = "https://private.iam.cloud.ibm.com/" ++ else: ++ conn.base_url = "https://iam.cloud.ibm.com/" + + if opt["--verbose-level"] > 1: + conn.setopt(pycurl.VERBOSE, 1) +@@ -265,9 +289,9 @@ + define_new_opts() + + all_opt["shell_timeout"]["default"] = "500" +- all_opt["power_timeout"]["default"] = "30" +- all_opt["power_wait"]["default"] = "1" +- all_opt["stonith_status_sleep"]["default"] = "2" ++ all_opt["power_timeout"]["default"] = "120" ++ all_opt["power_wait"]["default"] = "15" ++ all_opt["stonith_status_sleep"]["default"] = "10" + all_opt["api-type"]["default"] = "private" + all_opt["proxy"]["default"] = "" + +@@ -275,8 +299,8 @@ + + docs = {} + docs["shortdesc"] = "Fence agent for IBM PowerVS" +- docs["longdesc"] = """fence_ibm_powervs is a Power Fencing agent which can be \ +-used with IBM PowerVS to fence virtual machines.""" ++ docs["longdesc"] = """fence_ibm_powervs is a power fencing agent for \ ++IBM Power Virtual Server (IBM PowerVS) to fence virtual server instances.""" + docs["vendorurl"] = "https://www.ibm.com" + show_docs(options, docs) + diff --git a/fence-agents.spec b/fence-agents.spec index 5e404e8..8b711bd 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -57,16 +57,17 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 80%{?alphatag:.%{alphatag}}%{?dist} +Release: 81%{?alphatag:.%{alphatag}}%{?dist} License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz ### HA support requirements-*.txt ### -Source100: requirements-aliyun.txt -Source101: requirements-aws.txt -Source102: requirements-azure.txt -Source103: requirements-google.txt -Source104: requirements-common.txt +Source100: requirements-common.txt +Source101: requirements-aliyun.txt +Source102: requirements-aws.txt +Source103: requirements-azure.txt +Source104: requirements-google.txt +Source105: requirements-ibm.txt ### HA support libs/utils ### # update with ./update-ha-support.sh and replace lines below with output ### BEGIN ### @@ -244,6 +245,7 @@ Patch57: RHEL-43235-fence_aws-2-log-error-for-unknown-states.patch Patch58: RHEL-59878-fence_scsi-only-preempt-once-for-mpath-devices.patch Patch59: RHEL-56138-fence_mpath-1-support-hex-key-format.patch Patch60: RHEL-56138-fence_mpath-2-fix-unfencing-issue-use-MULTILINE-avoid-duplicates.patch +Patch61: RHEL-62206-fence_ibm_powervs-add-private-endpoint-and-token-file-support.patch ### HA support libs/utils ### # all archs @@ -426,6 +428,7 @@ BuildRequires: %{systemd_units} %patch -p1 -P 58 %patch -p1 -P 59 %patch -p1 -P 60 +%patch -p1 -P 61 # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -457,10 +460,14 @@ popd %ifarch x86_64 LIBS="%{_sourcedir}/requirements-*.txt" %endif -%ifnarch x86_64 +%ifarch ppc64le +LIBS="%{_sourcedir}/requirements-common.txt %{_sourcedir}/requirements-ibm.txt" +%endif +%ifnarch x86_64 ppc64le LIBS="%{_sourcedir}/requirements-common.txt" %endif for x in $LIBS; do + [ "%{_arch}" = "x86_64" ] && [ "$x" = "%{_sourcedir}/requirements-ibm.txt" ] && continue %{__python3} -m pip install --target support/$(echo $x | sed -E "s/.*requirements-(.*).txt/\1/") --no-index --find-links %{_sourcedir} -r $x done @@ -603,10 +610,11 @@ This package contains support files including the Python fencing library. %dir %{_usr}/lib/%{name} %{_usr}/lib/%{name}/support/common -%ifarch x86_64 +%ifarch x86_64 ppc64le %package -n ha-cloud-support License: GPL-2.0-or-later AND LGPL-2.0-or-later AND LGPL-2.1-or-later AND Apache-2.0 AND MIT AND BSD-2-Clause AND BSD-3-Clause AND MPL-2.0 AND Apache-2.0 AND PSF-2.0 AND Unlicense AND ISC Summary: Support libraries for HA Cloud agents +%ifarch x86_64 Requires: awscli2 # aliyun Provides: bundled(python-aliyun-python-sdk-core) = 2.11.5 @@ -668,6 +676,15 @@ Provides: bundled(python-pytz) = 2021.1 Provides: bundled(python-rsa) = 4.7.2 Provides: bundled(python3-setuptools) = 71.1.0 Provides: bundled(python-uritemplate) = 3.0.1 +%endif +%ifarch ppc64le +# ibm +Provides: bundled(python3-%{certifi}) = %{certifi_version} +Provides: bundled(python3-%{chrstnormalizer}) = %{chrstnormalizer_version} +Provides: bundled(python3-%{idna}) = %{idna_version} +Provides: bundled(python3-%{requests}) = %{requests_version} +Provides: bundled(python3-%{urllib3}) = %{urllib3_version} +%endif %description -n ha-cloud-support Support libraries for Fence Agents. %files -n ha-cloud-support @@ -1509,6 +1526,12 @@ are located on corosync cluster nodes. %endif %changelog +* Wed Oct 23 2024 Oyvind Albrigtsen - 4.10.0-81 +- fence_ibm_powervs: add private endpoint and token file support + Resolves: RHEL-62206 +- ha-cloud-support: bundle libs for the powervs-subnet resource agent + Resolves: RHEL-64023 + * Thu Oct 10 2024 Oyvind Albrigtsen - 4.10.0-80 - fence_mpath: add support for hex-key format (used in multipath.conf) Resolves: RHEL-56138 diff --git a/sources b/sources index 14ae83c..67bcb8e 100644 --- a/sources +++ b/sources @@ -1,9 +1,10 @@ SHA512 (fence-agents-4.10.0.tar.gz) = 9b867c420730106c07c8d9352b5d17c473642443bb0ff9bd94597722198b295c3b41663fa5c8267bdf44153dbbafe644c3701728b39293fcb9a67b9734d488c2 +SHA512 (requirements-common.txt) = 48725599ca3e019f34ce59b78a6ac1deb0cc459e062cd87d5bc96dc2a47f9ef86cc46d50c318c3cd83765882fab40bdfcc03feff82933ed3bdce35b50fbb696e SHA512 (requirements-aliyun.txt) = 0c4f89de63246c406535ee73310232f3986b37dedbeed52f25000386d73af6735e1bf8e7ecaa97419df98f55058d76e4ff289d856b815afaaaf69744c5924f7e SHA512 (requirements-aws.txt) = ca39604d09f4b05589ddaa437be13b7f5d1868218745df107564d73a6c32efb7e4761436197a69653edc47a78f40dd7d5f0894935ec21b8f23b7c7bc71dfd0d1 SHA512 (requirements-azure.txt) = 8071c96bb3e2b82852b10fd68b77b69a7fce6153ab315298ceb07456fe66f3aca056d3273f11eb87ff30049759e8b4fddf62e39acb91953d36e933e44dce8c9b SHA512 (requirements-google.txt) = d916eb72588e55f5243b9e5391ab07d65eaafe583e073ef79d0e865f4c5e911d7b10310f7ccb98b5fdc1383c2214cc0cc082fa3c5fac6aa3d1931e4779149241 -SHA512 (requirements-common.txt) = 48725599ca3e019f34ce59b78a6ac1deb0cc459e062cd87d5bc96dc2a47f9ef86cc46d50c318c3cd83765882fab40bdfcc03feff82933ed3bdce35b50fbb696e +SHA512 (requirements-ibm.txt) = f702e6e21228b71442d8b9a8b2cc9a2fd50c629b080ece14efb6099307df65d9b542936851120f9bd9ae9c3e532104a151d769779f8e89e9fdbc5577de0157f5 SHA512 (aliyun-python-sdk-core-2.11.5.tar.gz) = 4178056b2b94b314924c671c26a15696493412ab0a61c13ff64eeff72f0e0c80960269db34471adce34d35e23578b8b54953a242fd575560c2312d672871b951 SHA512 (aliyun_python_sdk_ecs-4.24.7-py2.py3-none-any.whl) = e479191136e74eaa1f52ba0b317c721cdb1fc1972f074377dd6a7616ef79d93b8b494a53d7d745d8438be748e3d14dbbab6e8433381d1ea589fa073d1ed0e52e SHA512 (cffi-1.14.5-cp39-cp39-manylinux1_x86_64.whl) = 3c73e06bef8e9646beacc584d59ecf42de013034194d6eb59f1abf279e8fe5468e106fcd47802ce1d264d3c1d9122af3c66ea1229db78a768f7ea069ddc2fd72