|
 |
6147c0 |
From 31548d184c977521dad5e6320c7a74ed732c19bb Mon Sep 17 00:00:00 2001
|
|
|
6147c0 |
From: dongchen126 <51401223+dongchen126@users.noreply.github.com>
|
|
|
6147c0 |
Date: Thu, 11 Jul 2019 14:05:58 +0800
|
|
|
6147c0 |
Subject: [PATCH 1/4] Update fence_aliyun.py
|
|
|
6147c0 |
|
|
|
6147c0 |
1.Import region provider to enable Alibaba cloud private zone functionality which support API endpoint access from intranet
|
|
|
6147c0 |
2.Add ram role functionality to improve security which disable AccessKey ID and Access Key Secret
|
|
|
6147c0 |
---
|
|
|
6147c0 |
agents/aliyun/fence_aliyun.py | 28 +++++++++++++++++++++-------
|
|
|
6147c0 |
1 file changed, 21 insertions(+), 7 deletions(-)
|
|
|
6147c0 |
|
|
|
6147c0 |
diff --git a/agents/aliyun/fence_aliyun.py b/agents/aliyun/fence_aliyun.py
|
|
|
6147c0 |
index d780e2ab..aea1ea8f 100644
|
|
|
6147c0 |
--- a/agents/aliyun/fence_aliyun.py
|
|
|
6147c0 |
+++ b/agents/aliyun/fence_aliyun.py
|
|
|
6147c0 |
@@ -15,6 +15,7 @@
|
|
|
6147c0 |
from aliyunsdkecs.request.v20140526.StartInstanceRequest import StartInstanceRequest
|
|
|
6147c0 |
from aliyunsdkecs.request.v20140526.StopInstanceRequest import StopInstanceRequest
|
|
|
6147c0 |
from aliyunsdkecs.request.v20140526.RebootInstanceRequest import RebootInstanceRequest
|
|
|
6147c0 |
+ from aliyunsdkcore.profile import region_provider
|
|
|
6147c0 |
except ImportError:
|
|
|
6147c0 |
pass
|
|
|
6147c0 |
|
|
|
6147c0 |
@@ -121,12 +122,20 @@ def define_new_opts():
|
|
|
6147c0 |
"required" : "0",
|
|
|
6147c0 |
"order" : 4
|
|
|
6147c0 |
}
|
|
|
6147c0 |
+ all_opt["ram_role"] = {
|
|
|
6147c0 |
+ "getopt": "m:",
|
|
|
6147c0 |
+ "longopt": "ram-role",
|
|
|
6147c0 |
+ "help": "-m, --ram-role=[name] Ram Role",
|
|
|
6147c0 |
+ "shortdesc": "Ram Role.",
|
|
|
6147c0 |
+ "required": "0",
|
|
|
6147c0 |
+ "order": 5
|
|
|
6147c0 |
+ }
|
|
|
6147c0 |
|
|
|
6147c0 |
# Main agent method
|
|
|
6147c0 |
def main():
|
|
|
6147c0 |
conn = None
|
|
|
6147c0 |
|
|
|
6147c0 |
- device_opt = ["port", "no_password", "region", "access_key", "secret_key"]
|
|
|
6147c0 |
+ device_opt = ["port", "no_password", "region", "access_key", "secret_key", "ram_role"]
|
|
|
6147c0 |
|
|
|
6147c0 |
atexit.register(atexit_handler)
|
|
|
6147c0 |
|
|
|
6147c0 |
@@ -144,13 +153,18 @@ def main():
|
|
|
6147c0 |
|
|
|
6147c0 |
run_delay(options)
|
|
|
6147c0 |
|
|
|
6147c0 |
- if "--region" in options and "--access-key" in options and "--secret-key" in options:
|
|
|
6147c0 |
+ if "--region" in options:
|
|
|
6147c0 |
region = options["--region"]
|
|
|
6147c0 |
- access_key = options["--access-key"]
|
|
|
6147c0 |
- secret_key = options["--secret-key"]
|
|
|
6147c0 |
- conn = client.AcsClient(access_key, secret_key, region)
|
|
|
6147c0 |
-
|
|
|
6147c0 |
-
|
|
|
6147c0 |
+ if "--access-key" in options and "--secret-key" in options:
|
|
|
6147c0 |
+ access_key = options["--access-key"]
|
|
|
6147c0 |
+ secret_key = options["--secret-key"]
|
|
|
6147c0 |
+ conn = client.AcsClient(access_key, secret_key, region)
|
|
|
6147c0 |
+ elif "--ram-role" in options:
|
|
|
6147c0 |
+ ram_role = options["--ram-role"]
|
|
|
6147c0 |
+ role = EcsRamRoleCredential(ram_role)
|
|
|
6147c0 |
+ conn = client.AcsClient(region_id=region, credential=role)
|
|
|
6147c0 |
+ region_provider.modify_point('Ecs', region, 'ecs.%s.aliyuncs.com' % region)
|
|
|
6147c0 |
+
|
|
|
6147c0 |
# Operate the fencing device
|
|
|
6147c0 |
result = fence_action(conn, options, set_power_status, get_power_status, get_nodes_list)
|
|
|
6147c0 |
sys.exit(result)
|
|
|
6147c0 |
|
|
|
6147c0 |
From 285d29d398bbf8f87da7acfde3f89f83b32fa586 Mon Sep 17 00:00:00 2001
|
|
|
6147c0 |
From: chen dong <51401223+dongchen126@users.noreply.github.com>
|
|
|
6147c0 |
Date: Thu, 11 Jul 2019 15:30:10 +0800
|
|
|
6147c0 |
Subject: [PATCH 2/4] Update fence_aliyun.xml
|
|
|
6147c0 |
|
|
|
6147c0 |
Add ram role for security
|
|
|
6147c0 |
Add region provider for private zone functionality
|
|
|
6147c0 |
---
|
|
|
6147c0 |
tests/data/metadata/fence_aliyun.xml | 5 +++++
|
|
|
6147c0 |
1 file changed, 5 insertions(+)
|
|
|
6147c0 |
|
|
|
6147c0 |
diff --git a/tests/data/metadata/fence_aliyun.xml b/tests/data/metadata/fence_aliyun.xml
|
|
|
6147c0 |
index b41d82bf..eecd6f4e 100644
|
|
|
6147c0 |
--- a/tests/data/metadata/fence_aliyun.xml
|
|
|
6147c0 |
+++ b/tests/data/metadata/fence_aliyun.xml
|
|
|
6147c0 |
@@ -33,6 +33,11 @@
|
|
|
6147c0 |
<content type="string" />
|
|
|
6147c0 |
<shortdesc lang="en">Secret Key.</shortdesc>
|
|
|
6147c0 |
</parameter>
|
|
|
6147c0 |
+ <parameter name="ram_role" unique="0" required="0">
|
|
|
6147c0 |
+ <getopt mixed="-m, --ram-role=[name]" />
|
|
|
6147c0 |
+ <content type="string" />
|
|
|
6147c0 |
+ <shortdesc lang="en">Ram Role.</shortdesc>
|
|
|
6147c0 |
+ </parameter>
|
|
|
6147c0 |
<parameter name="quiet" unique="0" required="0">
|
|
|
6147c0 |
<getopt mixed="-q, --quiet" />
|
|
|
6147c0 |
<content type="boolean" />
|
|
|
6147c0 |
|
|
|
6147c0 |
From d4de57fdb94eeee483988584086c5690c8967f76 Mon Sep 17 00:00:00 2001
|
|
|
6147c0 |
From: chen dong <51401223+dongchen126@users.noreply.github.com>
|
|
|
6147c0 |
Date: Wed, 24 Jul 2019 17:23:48 +0800
|
|
|
6147c0 |
Subject: [PATCH 3/4] Update fence_aliyun.py
|
|
|
6147c0 |
MIME-Version: 1.0
|
|
|
6147c0 |
Content-Type: text/plain; charset=UTF-8
|
|
|
6147c0 |
Content-Transfer-Encoding: 8bit
|
|
|
6147c0 |
|
|
|
6147c0 |
delet paramater “m”
|
|
|
6147c0 |
---
|
|
|
6147c0 |
agents/aliyun/fence_aliyun.py | 4 ++--
|
|
|
6147c0 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
6147c0 |
|
|
|
6147c0 |
diff --git a/agents/aliyun/fence_aliyun.py b/agents/aliyun/fence_aliyun.py
|
|
|
6147c0 |
index aea1ea8f..3bc825fe 100644
|
|
|
6147c0 |
--- a/agents/aliyun/fence_aliyun.py
|
|
|
6147c0 |
+++ b/agents/aliyun/fence_aliyun.py
|
|
|
6147c0 |
@@ -123,9 +123,9 @@ def define_new_opts():
|
|
|
6147c0 |
"order" : 4
|
|
|
6147c0 |
}
|
|
|
6147c0 |
all_opt["ram_role"] = {
|
|
|
6147c0 |
- "getopt": "m:",
|
|
|
6147c0 |
+ "getopt": ":",
|
|
|
6147c0 |
"longopt": "ram-role",
|
|
|
6147c0 |
- "help": "-m, --ram-role=[name] Ram Role",
|
|
|
6147c0 |
+ "help": "--ram-role=[name] Ram Role",
|
|
|
6147c0 |
"shortdesc": "Ram Role.",
|
|
|
6147c0 |
"required": "0",
|
|
|
6147c0 |
"order": 5
|
|
|
6147c0 |
|
|
|
6147c0 |
From 367c17ef4f44b6cce2d10f0a220b55b02d0d631e Mon Sep 17 00:00:00 2001
|
|
|
6147c0 |
From: chen dong <51401223+dongchen126@users.noreply.github.com>
|
|
|
6147c0 |
Date: Wed, 24 Jul 2019 17:25:39 +0800
|
|
|
6147c0 |
Subject: [PATCH 4/4] Update fence_aliyun.xml
|
|
|
6147c0 |
|
|
|
6147c0 |
delete "m" parameter
|
|
|
6147c0 |
---
|
|
|
6147c0 |
tests/data/metadata/fence_aliyun.xml | 2 +-
|
|
|
6147c0 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
6147c0 |
|
|
|
6147c0 |
diff --git a/tests/data/metadata/fence_aliyun.xml b/tests/data/metadata/fence_aliyun.xml
|
|
|
6147c0 |
index eecd6f4e..2de3a8aa 100644
|
|
|
6147c0 |
--- a/tests/data/metadata/fence_aliyun.xml
|
|
|
6147c0 |
+++ b/tests/data/metadata/fence_aliyun.xml
|
|
|
6147c0 |
@@ -34,7 +34,7 @@
|
|
|
6147c0 |
<shortdesc lang="en">Secret Key.</shortdesc>
|
|
|
6147c0 |
</parameter>
|
|
|
6147c0 |
<parameter name="ram_role" unique="0" required="0">
|
|
|
6147c0 |
- <getopt mixed="-m, --ram-role=[name]" />
|
|
|
6147c0 |
+ <getopt mixed="--ram-role=[name]" />
|
|
|
6147c0 |
<content type="string" />
|
|
|
6147c0 |
<shortdesc lang="en">Ram Role.</shortdesc>
|
|
|
6147c0 |
</parameter>
|