import fence-agents-4.2.1-112.el8
This commit is contained in:
parent
013179f156
commit
fba1a31c13
@ -0,0 +1,70 @@
|
||||
From d4d2dd5066b62210a05c1256c6aee39609e3a974 Mon Sep 17 00:00:00 2001
|
||||
From: Thanasis Katsios <thkatsios@gmail.com>
|
||||
Date: Mon, 1 Nov 2021 12:31:36 +0200
|
||||
Subject: [PATCH 1/3] fence_vmware_soap: Use --login-timeout option
|
||||
|
||||
Fixes issue #446.
|
||||
---
|
||||
agents/vmware_soap/fence_vmware_soap.py | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py
|
||||
index a7f08b3d6..034695931 100644
|
||||
--- a/agents/vmware_soap/fence_vmware_soap.py
|
||||
+++ b/agents/vmware_soap/fence_vmware_soap.py
|
||||
@@ -57,7 +57,8 @@ def soap_login(options):
|
||||
|
||||
try:
|
||||
headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : "vim25"}
|
||||
- conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers)
|
||||
+ login_timeout = int(options["--login-timeout"])
|
||||
+ conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers, timeout=login_timeout)
|
||||
|
||||
mo_ServiceInstance = Property('ServiceInstance')
|
||||
mo_ServiceInstance._type = 'ServiceInstance'
|
||||
|
||||
From 1e8f0d7582c7768149269f8d002d71b2febbdda0 Mon Sep 17 00:00:00 2001
|
||||
From: Thanasis Katsios <thkatsios@gmail.com>
|
||||
Date: Tue, 2 Nov 2021 16:52:59 +0200
|
||||
Subject: [PATCH 2/3] Set timeout to 60s when disable-timeouts is used
|
||||
|
||||
---
|
||||
agents/vmware_soap/fence_vmware_soap.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py
|
||||
index 034695931..38101352e 100644
|
||||
--- a/agents/vmware_soap/fence_vmware_soap.py
|
||||
+++ b/agents/vmware_soap/fence_vmware_soap.py
|
||||
@@ -57,7 +57,7 @@ def soap_login(options):
|
||||
|
||||
try:
|
||||
headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : "vim25"}
|
||||
- login_timeout = int(options["--login-timeout"])
|
||||
+ login_timeout = 60 if "--disable-timeout" in options and options["--disable-timeout"] != "false" else int(options["--login-timeout"])
|
||||
conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers, timeout=login_timeout)
|
||||
|
||||
mo_ServiceInstance = Property('ServiceInstance')
|
||||
|
||||
From 8094c8a5a06adf0bd891d4fddcc0b72861a0947e Mon Sep 17 00:00:00 2001
|
||||
From: Thanasis Katsios <thkatsios@gmail.com>
|
||||
Date: Tue, 2 Nov 2021 18:51:02 +0200
|
||||
Subject: [PATCH 3/3] Support disable-timeout simplification
|
||||
|
||||
---
|
||||
agents/vmware_soap/fence_vmware_soap.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py
|
||||
index 38101352e..2cd45e0b3 100644
|
||||
--- a/agents/vmware_soap/fence_vmware_soap.py
|
||||
+++ b/agents/vmware_soap/fence_vmware_soap.py
|
||||
@@ -57,7 +57,7 @@ def soap_login(options):
|
||||
|
||||
try:
|
||||
headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : "vim25"}
|
||||
- login_timeout = 60 if "--disable-timeout" in options and options["--disable-timeout"] != "false" else int(options["--login-timeout"])
|
||||
+ login_timeout = int(options["--login-timeout"]) or 60
|
||||
conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers, timeout=login_timeout)
|
||||
|
||||
mo_ServiceInstance = Property('ServiceInstance')
|
@ -0,0 +1,23 @@
|
||||
From 2d4b3ea47fa7a9a301d34cefc8f279cae7df4afd Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Thu, 26 Jan 2023 13:19:16 +0100
|
||||
Subject: [PATCH] fence_vmware_soap: set login_timeout lower than default
|
||||
pcmk_monitor_timeout (20s) to remove tmp dirs on fail
|
||||
|
||||
---
|
||||
agents/vmware_soap/fence_vmware_soap.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/agents/vmware_soap/fence_vmware_soap.py b/agents/vmware_soap/fence_vmware_soap.py
|
||||
index b1d27a9fb..4a4ec1780 100644
|
||||
--- a/agents/vmware_soap/fence_vmware_soap.py
|
||||
+++ b/agents/vmware_soap/fence_vmware_soap.py
|
||||
@@ -57,7 +57,7 @@ def soap_login(options):
|
||||
|
||||
try:
|
||||
headers = {"Content-Type" : "text/xml;charset=UTF-8", "SOAPAction" : "vim25"}
|
||||
- login_timeout = int(options["--login-timeout"]) or 60
|
||||
+ login_timeout = int(options["--login-timeout"]) or 15
|
||||
conn = Client(url + "/vimService.wsdl", location=url, transport=RequestsTransport(verify=verify), headers=headers, timeout=login_timeout)
|
||||
|
||||
mo_ServiceInstance = Property('ServiceInstance')
|
431
SOURCES/bz2102024-fence_ibm_vpc-add-token-cache-support.patch
Normal file
431
SOURCES/bz2102024-fence_ibm_vpc-add-token-cache-support.patch
Normal file
@ -0,0 +1,431 @@
|
||||
From bccac64a5135815ada30d385ab573409f1176905 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Thu, 7 Jul 2022 14:18:21 +0200
|
||||
Subject: [PATCH 1/3] build: make xml-check: ignore detected paths in *_file
|
||||
parameters not matching saved metadata
|
||||
|
||||
---
|
||||
make/agentpycheck.mk | 2 +-
|
||||
83 files changed, 1 insertion(+), 108 deletions(-)
|
||||
|
||||
diff --git a/make/agentpycheck.mk b/make/agentpycheck.mk
|
||||
index f686c4c89..4044dbad3 100644
|
||||
--- a/make/agentpycheck.mk
|
||||
+++ b/make/agentpycheck.mk
|
||||
@@ -1,5 +1,5 @@
|
||||
DATADIR:=$(abs_top_srcdir)/tests/data/metadata
|
||||
-AWK_VAL='BEGIN {store=-1} /name=".*_path"/ {store=2} {if (store!=0) {print}; store--}'
|
||||
+AWK_VAL='BEGIN {store=-1} /name=".*_path"/ || /name=".*_file"/ {store=2} {if (store!=0) {print}; store--}'
|
||||
|
||||
TEST_TARGET=$(filter-out $(TEST_TARGET_SKIP),$(TARGET))
|
||||
|
||||
From 1b7f3cc431ca53962506e6d96e7a4938c4388416 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Fri, 1 Jul 2022 13:29:16 +0200
|
||||
Subject: [PATCH 2/3] build: add FENCETMPDIR for state files
|
||||
|
||||
---
|
||||
Makefile.am | 3 ++-
|
||||
configure.ac | 30 ++++++++++++++++++++++++++++++
|
||||
m4/PKG_CHECK_VAR.m4 | 24 ++++++++++++++++++++++++
|
||||
make/fencebuild.mk | 1 +
|
||||
systemd/Makefile.am | 24 ++++++++++++++++++++++++
|
||||
systemd/fence-agents.conf.in | 1 +
|
||||
7 files changed, 97 insertions(+), 2 deletions(-)
|
||||
create mode 100644 m4/PKG_CHECK_VAR.m4
|
||||
create mode 100644 systemd/Makefile.am
|
||||
create mode 100644 systemd/fence-agents.conf.in
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index c1091b93a..1d115e5aa 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -23,7 +23,7 @@ TARFILES = $(PACKAGE_NAME)-$(VERSION).tar.bz2 \
|
||||
|
||||
ACLOCAL_AMFLAGS = -I m4
|
||||
|
||||
-SUBDIRS = lib agents doc
|
||||
+SUBDIRS = lib agents doc systemd
|
||||
|
||||
.PHONY: $(SUBDIRS)
|
||||
|
||||
@@ -34,6 +34,7 @@ doc: agents
|
||||
install-exec-local:
|
||||
$(INSTALL) -d $(DESTDIR)/$(LOGDIR)
|
||||
$(INSTALL) -d $(DESTDIR)/$(CLUSTERVARRUN)
|
||||
+ $(INSTALL) -d -m 1755 $(DESTDIR)$(FENCETMPDIR)
|
||||
|
||||
uninstall-local:
|
||||
rmdir $(DESTDIR)/$(LOGDIR) || :;
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 1bad8e3b0..d7afb8dbe 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -135,10 +135,38 @@ AC_ARG_WITH([agents],
|
||||
[ AGENTS_LIST="$withval" ],
|
||||
[ AGENTS_LIST="all" ])
|
||||
|
||||
+FENCETMPDIR=${localstatedir}/run/fence-agents
|
||||
+AC_ARG_WITH(fencetmpdir,
|
||||
+ [ --with-fencetmpdir=DIR directory for fence agents state files [${FENCETMPDIR}]],
|
||||
+ [ FENCETMPDIR="$withval" ])
|
||||
+
|
||||
+# Expand $prefix
|
||||
+eval FENCETMPDIR="`eval echo ${FENCETMPDIR}`"
|
||||
+AC_DEFINE_UNQUOTED(FENCETMPDIR,"$FENCETMPDIR", Where Fence agents keep state files)
|
||||
+AC_SUBST(FENCETMPDIR)
|
||||
+
|
||||
+
|
||||
if test "x$AGENTS_LIST" = x; then
|
||||
AC_ERROR([No agents selected])
|
||||
fi
|
||||
|
||||
+# PKG_CHECK_MODULES will fail if systemd is not found by default, so make sure
|
||||
+# we set the proper vars and deal with it
|
||||
+PKG_CHECK_MODULES([systemd], [systemd], [HAS_SYSTEMD=yes], [HAS_SYSTEMD=no])
|
||||
+if test "x$HAS_SYSTEMD" == "xyes"; then
|
||||
+ PKG_CHECK_VAR([SYSTEMD_TMPFILES_DIR], [systemd], [tmpfilesdir])
|
||||
+ if test "x$SYSTEMD_TMPFILES_DIR" == "x"; then
|
||||
+ AC_MSG_ERROR([Unable to detect systemd tmpfiles directory automatically])
|
||||
+ fi
|
||||
+
|
||||
+ # sanitize systed vars when using non standard prefix
|
||||
+ if test "$prefix" != "/usr"; then
|
||||
+ SYSTEMD_TMPFILES_DIR="$prefix/$SYSTEMD_TMPFILES_DIR"
|
||||
+ AC_SUBST([SYSTEMD_TMPFILES_DIR])
|
||||
+ fi
|
||||
+fi
|
||||
+AM_CONDITIONAL(HAVE_SYSTEMD, [test "x$HAS_SYSTEMD" == xyes ])
|
||||
+
|
||||
FENCE_KDUMP=0
|
||||
if echo "$AGENTS_LIST" | grep -q -E "all|kdump"; then
|
||||
case "$host_os" in
|
||||
@@ -552,6 +580,8 @@ AM_EXTRA_RECURSIVE_TARGETS([xml-check xml-upload])
|
||||
AC_CONFIG_FILES([Makefile
|
||||
agents/Makefile
|
||||
lib/Makefile
|
||||
+ systemd/Makefile
|
||||
+ systemd/fence-agents.conf
|
||||
doc/Makefile])
|
||||
|
||||
AC_OUTPUT
|
||||
diff --git a/m4/PKG_CHECK_VAR.m4 b/m4/PKG_CHECK_VAR.m4
|
||||
new file mode 100644
|
||||
index 000000000..2221a69eb
|
||||
--- /dev/null
|
||||
+++ b/m4/PKG_CHECK_VAR.m4
|
||||
@@ -0,0 +1,24 @@
|
||||
+dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
|
||||
+dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
|
||||
+dnl -------------------------------------------
|
||||
+dnl Since: 0.28
|
||||
+dnl
|
||||
+dnl Retrieves the value of the pkg-config variable for the given module.
|
||||
+dnl
|
||||
+dnl Origin (declared license: GPLv2+ with less restrictive exception):
|
||||
+dnl https://cgit.freedesktop.org/pkg-config/tree/pkg.m4.in?h=pkg-config-0.29.1#n261
|
||||
+dnl (AS_VAR_COPY replaced with backward-compatible equivalent and guard
|
||||
+dnl to prefer system-wide variant by Jan Pokorny <jpokorny@redhat.com>)
|
||||
+
|
||||
+m4_ifndef([PKG_CHECK_VAR],[
|
||||
+AC_DEFUN([PKG_CHECK_VAR],
|
||||
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
|
||||
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
|
||||
+
|
||||
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
|
||||
+dnl AS_VAR_COPY([$1], [pkg_cv_][$1])
|
||||
+$1=AS_VAR_GET([pkg_cv_][$1])
|
||||
+
|
||||
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
|
||||
+])dnl PKG_CHECK_VAR
|
||||
+])dnl m4_ifndef
|
||||
diff --git a/make/fencebuild.mk b/make/fencebuild.mk
|
||||
index 762db62c4..9a3c6d6dd 100644
|
||||
--- a/make/fencebuild.mk
|
||||
+++ b/make/fencebuild.mk
|
||||
@@ -8,6 +8,7 @@ define gen_agent_from_py
|
||||
-e 's#@''LOGDIR@#${LOGDIR}#g' \
|
||||
-e 's#@''SBINDIR@#${sbindir}#g' \
|
||||
-e 's#@''LIBEXECDIR@#${libexecdir}#g' \
|
||||
+ -e 's#@''FENCETMPDIR@#${FENCETMPDIR}#g' \
|
||||
-e 's#@''IPMITOOL_PATH@#${IPMITOOL_PATH}#g' \
|
||||
-e 's#@''OPENSTACK_PATH@#${OPENSTACK_PATH}#g' \
|
||||
-e 's#@''AMTTOOL_PATH@#${AMTTOOL_PATH}#g' \
|
||||
diff --git a/systemd/Makefile.am b/systemd/Makefile.am
|
||||
new file mode 100644
|
||||
index 000000000..aa3a01679
|
||||
--- /dev/null
|
||||
+++ b/systemd/Makefile.am
|
||||
@@ -0,0 +1,24 @@
|
||||
+#
|
||||
+# Copyright (C) 2017 Oyvind Albrigtsen
|
||||
+#
|
||||
+# This program is free software; you can redistribute it and/or
|
||||
+# modify it under the terms of the GNU General Public License
|
||||
+# as published by the Free Software Foundation; either version 2
|
||||
+# of the License, or (at your option) any later version.
|
||||
+#
|
||||
+# This program is distributed in the hope that it will be useful,
|
||||
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+# GNU General Public License for more details.
|
||||
+#
|
||||
+# You should have received a copy of the GNU General Public License
|
||||
+# along with this program; if not, write to the Free Software
|
||||
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
+#
|
||||
+
|
||||
+MAINTAINERCLEANFILES = Makefile.in
|
||||
+
|
||||
+if HAVE_SYSTEMD
|
||||
+tmpfilesdir = $(SYSTEMD_TMPFILES_DIR)
|
||||
+tmpfiles_DATA = fence-agents.conf
|
||||
+endif
|
||||
diff --git a/systemd/fence-agents.conf.in b/systemd/fence-agents.conf.in
|
||||
new file mode 100644
|
||||
index 000000000..4181287da
|
||||
--- /dev/null
|
||||
+++ b/systemd/fence-agents.conf.in
|
||||
@@ -0,0 +1 @@
|
||||
+d @FENCETMPDIR@ 1755 root root
|
||||
|
||||
From d5a12d9c30b66eb8720e037c4dce5fe0f3ad7dbb Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Thu, 30 Jun 2022 13:20:37 +0200
|
||||
Subject: [PATCH 3/3] fence_ibm_vpc: add token cache support
|
||||
|
||||
---
|
||||
agents/ibm_vpc/fence_ibm_vpc.py | 126 ++++++++++++++++++++----
|
||||
tests/data/metadata/fence_ibm_vpc.xml | 4 +
|
||||
3 files changed, 110 insertions(+), 22 deletions(-)
|
||||
|
||||
diff --git a/agents/ibm_vpc/fence_ibm_vpc.py b/agents/ibm_vpc/fence_ibm_vpc.py
|
||||
index 3da3ce056..847010584 100755
|
||||
--- a/agents/ibm_vpc/fence_ibm_vpc.py
|
||||
+++ b/agents/ibm_vpc/fence_ibm_vpc.py
|
||||
@@ -4,9 +4,10 @@
|
||||
import pycurl, io, json
|
||||
import logging
|
||||
import atexit
|
||||
+import hashlib
|
||||
sys.path.append("@FENCEAGENTSLIBDIR@")
|
||||
from fencing import *
|
||||
-from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS
|
||||
+from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS, EC_GENERIC_ERROR
|
||||
|
||||
state = {
|
||||
"running": "on",
|
||||
@@ -22,7 +23,7 @@ def get_list(conn, options):
|
||||
|
||||
try:
|
||||
command = "instances?version=2021-05-25&generation=2&limit={}".format(options["--limit"])
|
||||
- res = send_command(conn, command)
|
||||
+ res = send_command(conn, options, command)
|
||||
except Exception as e:
|
||||
logging.debug("Failed: Unable to get list: {}".format(e))
|
||||
return outlets
|
||||
@@ -38,7 +39,7 @@ def get_list(conn, options):
|
||||
def get_power_status(conn, options):
|
||||
try:
|
||||
command = "instances/{}?version=2021-05-25&generation=2".format(options["--plug"])
|
||||
- res = send_command(conn, command)
|
||||
+ res = send_command(conn, options, command)
|
||||
result = state[res["status"]]
|
||||
if options["--verbose-level"] > 1:
|
||||
logging.debug("Result:\n{}".format(json.dumps(res, indent=2)))
|
||||
@@ -57,27 +58,71 @@ def set_power_status(conn, options):
|
||||
|
||||
try:
|
||||
command = "instances/{}/actions?version=2021-05-25&generation=2".format(options["--plug"])
|
||||
- send_command(conn, command, "POST", action, 201)
|
||||
+ send_command(conn, options, command, "POST", action, 201)
|
||||
except Exception as e:
|
||||
logging.debug("Failed: Unable to set power to {} for {}".format(options["--action"], e))
|
||||
fail(EC_STATUS)
|
||||
|
||||
def get_bearer_token(conn, options):
|
||||
+ import os, errno
|
||||
+
|
||||
+ try:
|
||||
+ # FIPS requires usedforsecurity=False and might not be
|
||||
+ # available on all distros: https://bugs.python.org/issue9216
|
||||
+ hash = hashlib.sha256(options["--apikey"].encode("utf-8"), usedforsecurity=False).hexdigest()
|
||||
+ except (AttributeError, TypeError):
|
||||
+ hash = hashlib.sha256(options["--apikey"].encode("utf-8")).hexdigest()
|
||||
+ file_path = options["--token-file"].replace("[hash]", hash)
|
||||
token = None
|
||||
+
|
||||
+ if not os.path.isdir(os.path.dirname(file_path)):
|
||||
+ os.makedirs(os.path.dirname(file_path))
|
||||
+
|
||||
+ # For security, remove file with potentially elevated mode
|
||||
try:
|
||||
- conn.setopt(pycurl.HTTPHEADER, [
|
||||
- "Content-Type: application/x-www-form-urlencoded",
|
||||
- "User-Agent: curl",
|
||||
- ])
|
||||
- token = send_command(conn, "https://iam.cloud.ibm.com/identity/token", "POST", "grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey={}".format(options["--apikey"]))["access_token"]
|
||||
- except Exception:
|
||||
- logging.error("Failed: Unable to authenticate")
|
||||
- fail(EC_LOGIN_DENIED)
|
||||
+ os.remove(file_path)
|
||||
+ except OSError:
|
||||
+ pass
|
||||
+
|
||||
+ try:
|
||||
+ oldumask = os.umask(0)
|
||||
+ file_handle = os.open(file_path, os.O_CREAT | os.O_EXCL | os.O_WRONLY, 0o600)
|
||||
+ except OSError as e:
|
||||
+ if e.errno == errno.EEXIST: # Failed as the file already exists.
|
||||
+ logging.error("Failed: File already exists: {}".format(e))
|
||||
+ sys.exit(EC_GENERIC_ERROR)
|
||||
+ else: # Something unexpected went wrong
|
||||
+ logging.error("Failed: Unable to open file: {}".format(e))
|
||||
+ sys.exit(EC_GENERIC_ERROR)
|
||||
+ else: # No exception, so the file must have been created successfully.
|
||||
+ with os.fdopen(file_handle, 'w') as file_obj:
|
||||
+ try:
|
||||
+ conn.setopt(pycurl.HTTPHEADER, [
|
||||
+ "Content-Type: application/x-www-form-urlencoded",
|
||||
+ "User-Agent: curl",
|
||||
+ ])
|
||||
+ token = send_command(conn, options, "https://iam.cloud.ibm.com/identity/token", "POST", "grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey={}".format(options["--apikey"]))["access_token"]
|
||||
+ except Exception as e:
|
||||
+ logging.error("Failed: Unable to authenticate: {}".format(e))
|
||||
+ fail(EC_LOGIN_DENIED)
|
||||
+ file_obj.write(token)
|
||||
+ finally:
|
||||
+ os.umask(oldumask)
|
||||
|
||||
return token
|
||||
|
||||
+def set_bearer_token(conn, bearer_token):
|
||||
+ conn.setopt(pycurl.HTTPHEADER, [
|
||||
+ "Content-Type: application/json",
|
||||
+ "Authorization: Bearer {}".format(bearer_token),
|
||||
+ "User-Agent: curl",
|
||||
+ ])
|
||||
+
|
||||
+ return conn
|
||||
+
|
||||
def connect(opt):
|
||||
conn = pycurl.Curl()
|
||||
+ bearer_token = ""
|
||||
|
||||
## setup correct URL
|
||||
conn.base_url = "https://" + opt["--region"] + ".iaas.cloud.ibm.com/v1/"
|
||||
@@ -91,21 +136,28 @@ def connect(opt):
|
||||
conn.setopt(pycurl.PROXY, "{}".format(opt["--proxy"]))
|
||||
|
||||
# get bearer token
|
||||
- bearer_token = get_bearer_token(conn, opt)
|
||||
+ try:
|
||||
+ try:
|
||||
+ # FIPS requires usedforsecurity=False and might not be
|
||||
+ # available on all distros: https://bugs.python.org/issue9216
|
||||
+ hash = hashlib.sha256(opt["--apikey"].encode("utf-8"), usedforsecurity=False).hexdigest()
|
||||
+ except (AttributeError, TypeError):
|
||||
+ hash = hashlib.sha256(opt["--apikey"].encode("utf-8")).hexdigest()
|
||||
+ f = open(opt["--token-file"].replace("[hash]", hash))
|
||||
+ bearer_token = f.read()
|
||||
+ f.close()
|
||||
+ except IOError:
|
||||
+ bearer_token = get_bearer_token(conn, opt)
|
||||
|
||||
# set auth token for later requests
|
||||
- conn.setopt(pycurl.HTTPHEADER, [
|
||||
- "Content-Type: application/json",
|
||||
- "Authorization: Bearer {}".format(bearer_token),
|
||||
- "User-Agent: curl",
|
||||
- ])
|
||||
+ conn = set_bearer_token(conn, bearer_token)
|
||||
|
||||
return conn
|
||||
|
||||
def disconnect(conn):
|
||||
conn.close()
|
||||
|
||||
-def send_command(conn, command, method="GET", action=None, expected_rc=200):
|
||||
+def send_command(conn, options, command, method="GET", action=None, expected_rc=200):
|
||||
if not command.startswith("https"):
|
||||
url = conn.base_url + command
|
||||
else:
|
||||
@@ -130,6 +182,26 @@ def send_command(conn, command, method="GET", action=None, expected_rc=200):
|
||||
raise(e)
|
||||
|
||||
rc = conn.getinfo(pycurl.HTTP_CODE)
|
||||
+
|
||||
+ # auth if token has expired
|
||||
+ if rc in [400, 401, 415]:
|
||||
+ tokenconn = pycurl.Curl()
|
||||
+ token = get_bearer_token(tokenconn, options)
|
||||
+ tokenconn.close()
|
||||
+ conn = set_bearer_token(conn, token)
|
||||
+
|
||||
+ # flush web_buffer
|
||||
+ web_buffer.close()
|
||||
+ web_buffer = io.BytesIO()
|
||||
+ conn.setopt(pycurl.WRITEFUNCTION, web_buffer.write)
|
||||
+
|
||||
+ try:
|
||||
+ conn.perform()
|
||||
+ except Exception as e:
|
||||
+ raise(e)
|
||||
+
|
||||
+ rc = conn.getinfo(pycurl.HTTP_CODE)
|
||||
+
|
||||
result = web_buffer.getvalue().decode("UTF-8")
|
||||
|
||||
web_buffer.close()
|
||||
@@ -173,7 +245,7 @@ def define_new_opts():
|
||||
all_opt["proxy"] = {
|
||||
"getopt" : ":",
|
||||
"longopt" : "proxy",
|
||||
- "help" : "--proxy=[http://<URL>:<PORT>] Proxy: 'http://<URL>:<PORT>'",
|
||||
+ "help" : "--proxy=[http://<URL>:<PORT>] Proxy: 'http://<URL>:<PORT>'",
|
||||
"required" : "0",
|
||||
"default": "",
|
||||
"shortdesc" : "Network proxy",
|
||||
@@ -188,14 +260,26 @@ def define_new_opts():
|
||||
"shortdesc" : "Number of nodes returned by API",
|
||||
"order" : 0
|
||||
}
|
||||
+ all_opt["token_file"] = {
|
||||
+ "getopt" : ":",
|
||||
+ "longopt" : "token-file",
|
||||
+ "help" : "--token-file=[path] Path to the token cache file\n"
|
||||
+ "\t\t\t\t (Default: @FENCETMPDIR@/fence_ibm_vpc/[hash].token)\n"
|
||||
+ "\t\t\t\t [hash] will be replaced by a hashed value",
|
||||
+ "required" : "0",
|
||||
+ "default": "@FENCETMPDIR@/fence_ibm_vpc/[hash].token",
|
||||
+ "shortdesc" : "Path to the token cache file",
|
||||
+ "order" : 0
|
||||
+ }
|
||||
|
||||
|
||||
def main():
|
||||
device_opt = [
|
||||
"apikey",
|
||||
"region",
|
||||
- "limit",
|
||||
"proxy",
|
||||
+ "limit",
|
||||
+ "token_file",
|
||||
"port",
|
||||
"no_password",
|
||||
]
|
||||
diff --git a/tests/data/metadata/fence_ibm_vpc.xml b/tests/data/metadata/fence_ibm_vpc.xml
|
||||
index acf4925fc..c35bc4619 100644
|
||||
--- a/tests/data/metadata/fence_ibm_vpc.xml
|
||||
+++ b/tests/data/metadata/fence_ibm_vpc.xml
|
||||
@@ -23,6 +23,10 @@
|
||||
<content type="string" />
|
||||
<shortdesc lang="en">Region</shortdesc>
|
||||
</parameter>
|
||||
+ <parameter name="token_file" unique="0" required="0">
|
||||
+ <getopt mixed="--token-file=[path]" />
|
||||
+ <shortdesc lang="en">Path to the token cache file</shortdesc>
|
||||
+ </parameter>
|
||||
<parameter name="action" unique="0" required="1">
|
||||
<getopt mixed="-o, --action=[action]" />
|
||||
<content type="string" default="reboot" />
|
@ -0,0 +1,33 @@
|
||||
From 46f94d4dbad868afc70b96bd612323221991d06e Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Tue, 11 Oct 2022 09:51:24 +0200
|
||||
Subject: [PATCH] fence_lpar: only output additional error output on DEBUG
|
||||
level
|
||||
|
||||
Without this patch we get ERROR logged with trace info when doing
|
||||
status-action for nodes that doesnt exist.
|
||||
---
|
||||
agents/lpar/fence_lpar.py | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/agents/lpar/fence_lpar.py b/agents/lpar/fence_lpar.py
|
||||
index 2046b0e4e..975971a57 100644
|
||||
--- a/agents/lpar/fence_lpar.py
|
||||
+++ b/agents/lpar/fence_lpar.py
|
||||
@@ -12,6 +12,7 @@
|
||||
|
||||
import sys, re
|
||||
import atexit
|
||||
+import logging
|
||||
sys.path.append("@FENCEAGENTSLIBDIR@")
|
||||
from fencing import *
|
||||
from fencing import fail, fail_usage, EC_STATUS_HMC
|
||||
@@ -48,7 +49,7 @@ def get_power_status(conn, options):
|
||||
elif options["--hmc-version"] in ["4", "IVM"]:
|
||||
status = re.compile(",state=(.*?),", re.IGNORECASE).search(conn.before).group(1)
|
||||
except AttributeError as e:
|
||||
- fail_usage("Command on HMC failed: {}\n{}".format(command, str(e)), False)
|
||||
+ logging.debug("Command on HMC failed: {}\n{}".format(command, str(e)))
|
||||
fail(EC_STATUS_HMC)
|
||||
|
||||
return _normalize_status(status)
|
74
SOURCES/bz2152105-fencing-1-add-plug_separator.patch
Normal file
74
SOURCES/bz2152105-fencing-1-add-plug_separator.patch
Normal file
@ -0,0 +1,74 @@
|
||||
From 90ea995038e560222f9345310f31a79b595a5219 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Thu, 24 Nov 2022 10:19:29 +0100
|
||||
Subject: [PATCH 1/2] fencing: add plug_separator parameter to be able to
|
||||
specify one that isnt part of the plug name(s)
|
||||
|
||||
---
|
||||
lib/fencing.py.py | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/fencing.py.py b/lib/fencing.py.py
|
||||
index 940bd01d1..cf1c48e78 100644
|
||||
--- a/lib/fencing.py.py
|
||||
+++ b/lib/fencing.py.py
|
||||
@@ -322,6 +322,13 @@
|
||||
"help" : "-6, --inet6-only Forces agent to use IPv6 addresses only",
|
||||
"required" : "0",
|
||||
"order" : 1},
|
||||
+ "plug_separator" : {
|
||||
+ "getopt" : ":",
|
||||
+ "longopt" : "plug-separator",
|
||||
+ "help" : "--plug-separator=[char] Separator for plug parameter when specifying more than 1 plug",
|
||||
+ "default" : ",",
|
||||
+ "required" : "0",
|
||||
+ "order" : 100},
|
||||
"separator" : {
|
||||
"getopt" : "C:",
|
||||
"longopt" : "separator",
|
||||
@@ -934,7 +941,7 @@ def fence_action(connection, options, set_power_fn, get_power_fn, get_outlet_lis
|
||||
|
||||
try:
|
||||
if "--plug" in options:
|
||||
- options["--plugs"] = options["--plug"].split(",")
|
||||
+ options["--plugs"] = options["--plug"].split(options["--plug-separator"])
|
||||
|
||||
## Process options that manipulate fencing device
|
||||
#####
|
||||
|
||||
From 55e2a56b81ed2188dedfce07cc3155e2175183cd Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Mon, 28 Nov 2022 12:40:00 +0100
|
||||
Subject: [PATCH 2/2] fence_wti: increase login timeout to avoid random
|
||||
timeouts
|
||||
|
||||
---
|
||||
agents/wti/fence_wti.py | 1 +
|
||||
tests/data/metadata/fence_wti.xml | 2 +-
|
||||
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/agents/wti/fence_wti.py b/agents/wti/fence_wti.py
|
||||
index 68640ae65..97cc66de2 100644
|
||||
--- a/agents/wti/fence_wti.py
|
||||
+++ b/agents/wti/fence_wti.py
|
||||
@@ -178,6 +178,7 @@ def main():
|
||||
atexit.register(atexit_handler)
|
||||
|
||||
all_opt["cmd_prompt"]["default"] = ["RSM>", "MPC>", "IPS>", "TPS>", "NBB>", "NPS>", "VMR>"]
|
||||
+ all_opt["login_timeout"]["default"] = "10"
|
||||
|
||||
options = check_input(device_opt, process_input(device_opt))
|
||||
|
||||
diff --git a/tests/data/metadata/fence_wti.xml b/tests/data/metadata/fence_wti.xml
|
||||
index 6bdccd2dc..8e15f4852 100644
|
||||
--- a/tests/data/metadata/fence_wti.xml
|
||||
+++ b/tests/data/metadata/fence_wti.xml
|
||||
@@ -153,7 +153,7 @@
|
||||
</parameter>
|
||||
<parameter name="login_timeout" unique="0" required="0">
|
||||
<getopt mixed="--login-timeout=[seconds]" />
|
||||
- <content type="second" default="5" />
|
||||
+ <content type="second" default="10" />
|
||||
<shortdesc lang="en">Wait X seconds for cmd prompt after login</shortdesc>
|
||||
</parameter>
|
||||
<parameter name="power_timeout" unique="0" required="0">
|
1212
SOURCES/bz2152105-fencing-2-update-DEPENDENCY_OPT.patch
Normal file
1212
SOURCES/bz2152105-fencing-2-update-DEPENDENCY_OPT.patch
Normal file
File diff suppressed because it is too large
Load Diff
30
SOURCES/bz2160478-fence_scsi-fix-validate-all.patch
Normal file
30
SOURCES/bz2160478-fence_scsi-fix-validate-all.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From a416a367a804f1e5abaf142c629fe6ab5572d3b6 Mon Sep 17 00:00:00 2001
|
||||
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
||||
Date: Thu, 12 Jan 2023 15:46:41 +0100
|
||||
Subject: [PATCH] fence_scsi: skip key generation during validate-all action
|
||||
|
||||
---
|
||||
agents/scsi/fence_scsi.py | 9 +++++----
|
||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/agents/scsi/fence_scsi.py b/agents/scsi/fence_scsi.py
|
||||
index e33339614..f9e6823b2 100644
|
||||
--- a/agents/scsi/fence_scsi.py
|
||||
+++ b/agents/scsi/fence_scsi.py
|
||||
@@ -566,11 +566,12 @@ def main():
|
||||
or ("--key" in options and options["--key"])):
|
||||
fail_usage("Failed: nodename or key is required", stop_after_error)
|
||||
|
||||
- if not ("--key" in options and options["--key"]):
|
||||
- options["--key"] = generate_key(options)
|
||||
+ if options["--action"] != "validate-all":
|
||||
+ if not ("--key" in options and options["--key"]):
|
||||
+ options["--key"] = generate_key(options)
|
||||
|
||||
- if options["--key"] == "0" or not options["--key"]:
|
||||
- fail_usage("Failed: key cannot be 0", stop_after_error)
|
||||
+ if options["--key"] == "0" or not options["--key"]:
|
||||
+ fail_usage("Failed: key cannot be 0", stop_after_error)
|
||||
|
||||
if "--key-value" in options\
|
||||
and (options["--key-value"] != "id" and options["--key-value"] != "hash"):
|
@ -87,7 +87,7 @@
|
||||
Name: fence-agents
|
||||
Summary: Set of unified programs capable of host isolation ("fencing")
|
||||
Version: 4.2.1
|
||||
Release: 103%{?alphatag:.%{alphatag}}%{?dist}.1
|
||||
Release: 112%{?alphatag:.%{alphatag}}%{?dist}
|
||||
License: GPLv2+ and LGPLv2+
|
||||
Group: System Environment/Base
|
||||
URL: https://github.com/ClusterLabs/fence-agents
|
||||
@ -259,7 +259,14 @@ Patch116: bz2072421-2-fence_zvmip-connect-error.patch
|
||||
Patch117: bz2091826-fence_ibm_vpc-add-proxy-support.patch
|
||||
Patch118: bz2092921-fence_ibm_powervs-proxy-private-api-servers.patch
|
||||
Patch119: bz1886074-4-fencing-source_env-dont-process-empty-lines.patch
|
||||
Patch120: bz2136203-fence_ibm_powervs-improve-defaults.patch
|
||||
Patch120: bz1787178-1-fence_vmware_soap-set-timeout-cleanup-tmp-dirs.patch
|
||||
Patch121: bz1787178-2-fence_vmware_soap-login-timeout-15s.patch
|
||||
Patch122: bz2102024-fence_ibm_vpc-add-token-cache-support.patch
|
||||
Patch123: bz2134017-fence_lpar-only-output-additional-info-on-debug.patch
|
||||
Patch124: bz2136076-fence_ibm_powervs-improve-defaults.patch
|
||||
Patch125: bz2160478-fence_scsi-fix-validate-all.patch
|
||||
Patch126: bz2152105-fencing-1-add-plug_separator.patch
|
||||
Patch127: bz2152105-fencing-2-update-DEPENDENCY_OPT.patch
|
||||
|
||||
%if 0%{?fedora} || 0%{?rhel} > 7
|
||||
%global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
|
||||
@ -458,6 +465,13 @@ BuildRequires: python3-google-api-client python3-pip python3-wheel python3-jinja
|
||||
%patch118 -p1
|
||||
%patch119 -p1
|
||||
%patch120 -p1
|
||||
%patch121 -p1
|
||||
%patch122 -p1 -F2
|
||||
%patch123 -p1
|
||||
%patch124 -p1
|
||||
%patch125 -p1
|
||||
%patch126 -p1
|
||||
%patch127 -p1
|
||||
|
||||
# prevent compilation of something that won't get used anyway
|
||||
sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
|
||||
@ -490,7 +504,13 @@ cp %{aliyunsdkvpc_dir}/README.rst %{aliyunsdkvpc}_README.rst
|
||||
|
||||
%build
|
||||
./autogen.sh
|
||||
%{configure} PYTHON="%{__python3}" --with-agents='%{supportedagents} %{testagents}'
|
||||
%{configure} PYTHON="%{__python3}" \
|
||||
%if %{defined _tmpfilesdir}
|
||||
SYSTEMD_TMPFILES_DIR=%{_tmpfilesdir} \
|
||||
--with-fencetmpdir=/run/fence-agents \
|
||||
%endif
|
||||
--with-agents='%{supportedagents} %{testagents}'
|
||||
|
||||
CFLAGS="$(echo '%{optflags}')" make %{_smp_mflags}
|
||||
|
||||
%ifarch x86_64
|
||||
@ -601,6 +621,14 @@ This package contains support files including the Python fencing library.
|
||||
%exclude %{_datadir}/cluster/fence_scsi_check*
|
||||
%exclude %{_sbindir}/*
|
||||
%exclude %{_mandir}/man8/*
|
||||
%if %{defined _tmpfilesdir}
|
||||
%{_tmpfilesdir}/%{name}.conf
|
||||
%endif
|
||||
%if %{defined _tmpfilesdir}
|
||||
%dir %attr (1755, root, root) /run/%{name}
|
||||
%else
|
||||
%dir %attr (1755, root, root) %{_var}/run/%{name}
|
||||
%endif
|
||||
|
||||
%package all
|
||||
License: GPLv2+ and LGPLv2+ and ASL 2.0
|
||||
@ -1441,9 +1469,31 @@ Fence agent for IBM z/VM over IP.
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Oct 27 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-103.1
|
||||
* Thu Jan 26 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-112
|
||||
- fence_vmware_soap: set login_timeout lower than default
|
||||
pcmk_monitor_timeout (20s) to remove tmp dirs
|
||||
Resolves: rhbz#1787178
|
||||
|
||||
* Wed Jan 25 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-111
|
||||
- fencing/fence_wti: add --plug-separator to be able to avoid
|
||||
characters that are in node name(s)
|
||||
Resolves: rhbz#2152105
|
||||
|
||||
* Fri Jan 13 2023 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-110
|
||||
- fence_scsi: skip key generation during validate-all action
|
||||
Resolves: rhbz#2160478
|
||||
|
||||
* Thu Oct 27 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-108
|
||||
- fence_ibm_powervs: improve defaults
|
||||
Resolves: rhbz#2136203
|
||||
Resolves: rhbz#2136076
|
||||
|
||||
* Wed Oct 12 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-107
|
||||
- fence_lpar: only output additional output info on DEBUG level
|
||||
Resolves: rhbz#2134017
|
||||
|
||||
* Mon Sep 5 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-106
|
||||
- fence_ibm_vpc: add token cache support
|
||||
Resolves: rhbz#2102024
|
||||
|
||||
* Tue Aug 16 2022 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.2.1-103
|
||||
- fence_openstack: new fence agent
|
||||
|
Loading…
Reference in New Issue
Block a user