diff --git a/SOURCES/bz1535415-fence_compute-fence_evacuate-add-support-for-keystone-v3-authentication.patch b/SOURCES/bz1535415-fence_compute-fence_evacuate-add-support-for-keystone-v3-authentication.patch new file mode 100644 index 0000000..f653339 --- /dev/null +++ b/SOURCES/bz1535415-fence_compute-fence_evacuate-add-support-for-keystone-v3-authentication.patch @@ -0,0 +1,281 @@ +diff -uNr a/fence/agents/compute/fence_compute.py b/fence/agents/compute/fence_compute.py +--- a/fence/agents/compute/fence_compute.py 2018-01-10 13:46:17.965287100 +0100 ++++ b/fence/agents/compute/fence_compute.py 2018-01-11 10:01:12.288043619 +0100 +@@ -11,12 +11,6 @@ + from fencing import * + from fencing import fail_usage, is_executable, run_command, run_delay + +-#BEGIN_VERSION_GENERATION +-RELEASE_VERSION="4.0.11" +-BUILD_DATE="(built Wed Nov 12 06:33:38 EST 2014)" +-REDHAT_COPYRIGHT="Copyright (C) Red Hat, Inc. 2004-2010 All rights reserved." +-#END_VERSION_GENERATION +- + override_status = "" + + EVACUABLE_TAG = "evacuable" +@@ -264,13 +258,37 @@ + except ImportError: + fail_usage("Nova not found or not accessible") + +- versions = [ "2.11", "2" ] +- for version in versions: +- clientargs = inspect.getargspec(client.Client).varargs ++ from keystoneauth1 import loading ++ from keystoneauth1 import session ++ from keystoneclient import discover ++ ++ # Prefer the oldest and strip the leading 'v' ++ keystone_versions = discover.available_versions(options["--auth-url"]) ++ keystone_version = keystone_versions[0]['id'][1:] ++ kwargs = dict( ++ auth_url=options["--auth-url"], ++ username=options["--username"], ++ password=options["--password"] ++ ) ++ ++ if discover.version_match("2", keystone_version): ++ kwargs["tenant_name"] = options["--tenant-name"] ++ ++ elif discover.version_match("3", keystone_version): ++ kwargs["project_name"] = options["--tenant-name"] ++ kwargs["user_domain_name"] = options["--user-domain"] ++ kwargs["project_domain_name"] = options["--project-domain"] ++ ++ loader = loading.get_plugin_loader('password') ++ keystone_auth = loader.load_from_options(**kwargs) ++ keystone_session = session.Session(auth=keystone_auth, verify=(not options["--insecure"])) + ++ nova_versions = [ "2.11", "2" ] ++ for version in nova_versions: ++ clientargs = inspect.getargspec(client.Client).varargs + # Some versions of Openstack prior to Ocata only + # supported positional arguments for username, +- # password and tenant. ++ # password, and tenant. + # + # Versions since Ocata only support named arguments. + # +@@ -285,25 +303,22 @@ + # varargs=None, + # keywords='kwargs', defaults=(None, None, None, None)) + nova = client.Client(version, +- options["--username"], +- options["--password"], +- options["--tenant-name"], +- options["--auth-url"], ++ None, # User ++ None, # Password ++ None, # Tenant ++ None, # Auth URL + insecure=options["--insecure"], + region_name=options["--region-name"], + endpoint_type=options["--endpoint-type"], ++ session=keystone_session, auth=keystone_auth, + http_log_debug=options.has_key("--verbose")) + else: + # OSP >= 11 + # ArgSpec(args=['version'], varargs='args', keywords='kwargs', defaults=None) + nova = client.Client(version, +- username=options["--username"], +- password=options["--password"], +- tenant_name=options["--tenant-name"], +- auth_url=options["--auth-url"], +- insecure=options["--insecure"], + region_name=options["--region-name"], + endpoint_type=options["--endpoint-type"], ++ session=keystone_session, auth=keystone_auth, + http_log_debug=options.has_key("--verbose")) + + try: +@@ -316,7 +331,7 @@ + except Exception as e: + logging.warning("Nova connection failed. %s: %s" % (e.__class__.__name__, e)) + +- logging.warning("Couldn't obtain a supported connection to nova, tried: %s\n" % repr(versions)) ++ logging.warning("Couldn't obtain a supported connection to nova, tried: %s\n" % repr(nova_versions)) + return None + + def define_new_opts(): +@@ -332,12 +347,30 @@ + all_opt["tenant_name"] = { + "getopt" : "t:", + "longopt" : "tenant-name", +- "help" : "-t, --tenant-name=[tenant] Keystone Admin Tenant", ++ "help" : "-t, --tenant-name=[name] Keystone v2 Tenant or v3 Project Name", + "required" : "0", +- "shortdesc" : "Keystone Admin Tenant", ++ "shortdesc" : "Keystone Admin Tenant or v3 Project", + "default" : "", + "order": 1, + } ++ all_opt["user-domain"] = { ++ "getopt" : "u:", ++ "longopt" : "user-domain", ++ "help" : "-u, --user-domain=[name] Keystone v3 User Domain", ++ "required" : "0", ++ "shortdesc" : "Keystone v3 User Domain", ++ "default" : "Default", ++ "order": 2, ++ } ++ all_opt["project-domain"] = { ++ "getopt" : "P:", ++ "longopt" : "project-domain", ++ "help" : "-d, --project-domain=[name] Keystone v3 Project Domain", ++ "required" : "0", ++ "shortdesc" : "Keystone v3 Project Domain", ++ "default" : "Default", ++ "order": 2, ++ } + all_opt["auth_url"] = { + "getopt" : "k:", + "longopt" : "auth-url", +@@ -365,7 +398,7 @@ + "default" : "False", + "order": 2, + } +- all_opt["domain"] = { ++ all_opt["compute-domain"] = { + "getopt" : "d:", + "longopt" : "domain", + "help" : "-d, --domain=[string] DNS domain in which hosts live, useful when the cluster uses short names and nova uses FQDN", +@@ -418,8 +451,8 @@ + atexit.register(atexit_handler) + + device_opt = ["login", "passwd", "tenant_name", "auth_url", "fabric_fencing", +- "no_login", "no_password", "port", "domain", "no_shared_storage", "endpoint_type", +- "record_only", "instance_filtering", "insecure", "region_name"] ++ "no_login", "no_password", "port", "compute-domain", "project-domain", "user-domain", ++ "no_shared_storage", "endpoint_type", "record_only", "instance_filtering", "insecure", "region_name"] + define_new_opts() + all_opt["shell_timeout"]["default"] = "180" + +diff -uNr a/fence/agents/compute/fence_evacuate.py b/fence/agents/compute/fence_evacuate.py +--- a/fence/agents/compute/fence_evacuate.py 2018-01-10 13:46:17.966287090 +0100 ++++ b/fence/agents/compute/fence_evacuate.py 2018-01-10 13:48:19.375158060 +0100 +@@ -191,13 +191,38 @@ + except ImportError: + fail_usage("Nova not found or not accessible") + ++ from keystoneauth1 import loading ++ from keystoneauth1 import session ++ from keystoneclient import discover ++ ++ # Prefer the oldest and strip the leading 'v' ++ keystone_versions = discover.available_versions(options["--auth-url"]) ++ keystone_version = keystone_versions[0]['id'][1:] ++ kwargs = dict( ++ auth_url=options["--auth-url"], ++ username=options["--username"], ++ password=options["--password"] ++ ) ++ ++ if discover.version_match("2", keystone_version): ++ kwargs["tenant_name"] = options["--tenant-name"] ++ ++ elif discover.version_match("3", keystone_version): ++ kwargs["project_name"] = options["--tenant-name"] ++ kwargs["user_domain_name"] = options["--user-domain"] ++ kwargs["project_domain_name"] = options["--project-domain"] ++ ++ loader = loading.get_plugin_loader('password') ++ keystone_auth = loader.load_from_options(**kwargs) ++ keystone_session = session.Session(auth=keystone_auth, verify=(not options["--insecure"])) ++ + versions = [ "2.11", "2" ] + for version in versions: + clientargs = inspect.getargspec(client.Client).varargs + + # Some versions of Openstack prior to Ocata only + # supported positional arguments for username, +- # password and tenant. ++ # password, and tenant. + # + # Versions since Ocata only support named arguments. + # +@@ -212,25 +237,22 @@ + # varargs=None, + # keywords='kwargs', defaults=(None, None, None, None)) + nova = client.Client(version, +- options["--username"], +- options["--password"], +- options["--tenant-name"], +- options["--auth-url"], ++ None, # User ++ None, # Password ++ None, # Tenant ++ None, # Auth URL + insecure=options["--insecure"], + region_name=options["--region-name"], + endpoint_type=options["--endpoint-type"], ++ session=keystone_session, auth=keystone_auth, + http_log_debug=options.has_key("--verbose")) + else: + # OSP >= 11 + # ArgSpec(args=['version'], varargs='args', keywords='kwargs', defaults=None) + nova = client.Client(version, +- username=options["--username"], +- password=options["--password"], +- tenant_name=options["--tenant-name"], +- auth_url=options["--auth-url"], +- insecure=options["--insecure"], + region_name=options["--region-name"], + endpoint_type=options["--endpoint-type"], ++ session=keystone_session, auth=keystone_auth, + http_log_debug=options.has_key("--verbose")) + + try: +@@ -259,12 +281,30 @@ + all_opt["tenant_name"] = { + "getopt" : "t:", + "longopt" : "tenant-name", +- "help" : "-t, --tenant-name=[tenant] Keystone Admin Tenant", ++ "help" : "-t, --tenant-name=[name] Keystone v2 Tenant or v3 Project Name", + "required" : "0", +- "shortdesc" : "Keystone Admin Tenant", ++ "shortdesc" : "Keystone Admin Tenant or v3 Project", + "default" : "", + "order": 1, + } ++ all_opt["user-domain"] = { ++ "getopt" : "u:", ++ "longopt" : "user-domain", ++ "help" : "-u, --user-domain=[name] Keystone v3 User Domain", ++ "required" : "0", ++ "shortdesc" : "Keystone v3 User Domain", ++ "default" : "Default", ++ "order": 2, ++ } ++ all_opt["project-domain"] = { ++ "getopt" : "P:", ++ "longopt" : "project-domain", ++ "help" : "-d, --project-domain=[name] Keystone v3 Project Domain", ++ "required" : "0", ++ "shortdesc" : "Keystone v3 Project Domain", ++ "default" : "Default", ++ "order": 2, ++ } + all_opt["auth_url"] = { + "getopt" : "k:", + "longopt" : "auth-url", +@@ -292,7 +332,7 @@ + "default" : "False", + "order": 2, + } +- all_opt["domain"] = { ++ all_opt["compute-domain"] = { + "getopt" : "d:", + "longopt" : "domain", + "help" : "-d, --domain=[string] DNS domain in which hosts live, useful when the cluster uses short names and nova uses FQDN", +@@ -323,8 +363,9 @@ + atexit.register(atexit_handler) + + device_opt = ["login", "passwd", "tenant_name", "auth_url", +- "no_login", "no_password", "port", "domain", "no_shared_storage", "endpoint_type", +- "instance_filtering", "insecure", "region_name"] ++ "no_login", "no_password", "port", "compute-domain", "project-domain", ++ "user-domain", "no_shared_storage", "endpoint_type", ++ "instance_filtering", "insecure", "region_name"] + define_new_opts() + all_opt["shell_timeout"]["default"] = "180" + diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec index b2b851b..d489267 100644 --- a/SPECS/fence-agents.spec +++ b/SPECS/fence-agents.spec @@ -16,7 +16,7 @@ Name: fence-agents Summary: Fence Agents for Red Hat Cluster Version: 4.0.11 -Release: 66%{?alphatag:.%{alphatag}}%{?dist}.3 +Release: 66%{?alphatag:.%{alphatag}}%{?dist}.4 License: GPLv2+ and LGPLv2+ Group: System Environment/Base URL: http://sourceware.org/cluster/wiki/ @@ -139,6 +139,7 @@ Patch114: bz1459199-fence_vmware_soap-fix-for-selfsigned-certificate.patch Patch115: bz1479851-fence_compute-fence_scsi-fix-parameters.patch Patch116: bz1497072-fence_compute-fence_evacuate-Instance-HA-OSP12.patch Patch117: bz1497241-fence_compute-fence_scsi-fix-parameters.patch +Patch118: bz1535415-fence_compute-fence_evacuate-add-support-for-keystone-v3-authentication.patch %if 0%{?rhel} %global supportedagents apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps hpblade ibmblade ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan mpath kdump rhevm rsa rsb sbd scsi vmware_soap wti @@ -286,6 +287,7 @@ BuildRequires: autoconf automake libtool %patch115 -p1 -b .bz1479851 %patch116 -p1 -b .bz1497072 %patch117 -p1 -b .bz1497241 +%patch118 -p1 -b .bz1535415 %build ./autogen.sh @@ -877,6 +879,10 @@ The fence-agents-zvm package contains a fence agent for z/VM hypervisors %endif %changelog +* Wed Jan 17 2018 Oyvind Albrigtsen - 4.0.11-66.4 +- fence_compute/fence_evacuate: add support for keystone v3 authentication + Resolves: rhbz#1535415 + * Fri Sep 29 2017 Oyvind Albrigtsen - 4.0.11-66.3 - fence_compute/fence_scsi: fix issue with some parameters (for ABI compatibility)