diff --git a/SOURCES/bz1685814-fence_gce-add-serviceaccount-file-support.patch b/SOURCES/bz1685814-fence_gce-add-serviceaccount-file-support.patch new file mode 100644 index 0000000..6f13714 --- /dev/null +++ b/SOURCES/bz1685814-fence_gce-add-serviceaccount-file-support.patch @@ -0,0 +1,73 @@ +diff --color -uNr a/agents/gce/fence_gce.py b/agents/gce/fence_gce.py +--- a/agents/gce/fence_gce.py 2021-06-11 14:28:37.751959830 +0200 ++++ b/agents/gce/fence_gce.py 2021-06-11 14:54:03.638926494 +0200 +@@ -15,9 +15,15 @@ + import urllib2 as urlrequest + sys.path.append("@FENCEAGENTSLIBDIR@") + +-import googleapiclient.discovery + from fencing import fail_usage, run_delay, all_opt, atexit_handler, check_input, process_input, show_docs, fence_action +- ++try: ++ import googleapiclient.discovery ++ try: ++ from google.oauth2.credentials import Credentials as GoogleCredentials ++ except: ++ from oauth2client.client import GoogleCredentials ++except: ++ pass + + METADATA_SERVER = 'http://metadata.google.internal/computeMetadata/v1/' + METADATA_HEADERS = {'Metadata-Flavor': 'Google'} +@@ -175,12 +181,21 @@ + "required" : "0", + "order" : 4 + } ++ all_opt["serviceaccount"] = { ++ "getopt" : ":", ++ "longopt" : "serviceaccount", ++ "help" : "--serviceaccount=[filename] Service account json file location e.g. serviceaccount=/somedir/service_account.json", ++ "shortdesc" : "Service Account to use for authentication to the google cloud APIs.", ++ "required" : "0", ++ "order" : 9 ++ } + + + def main(): + conn = None + +- device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging", "method"] ++ device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging", ++ "method", "serviceaccount"] + + atexit.register(atexit_handler) + +@@ -226,10 +241,24 @@ + + # Prepare cli + try: +- credentials = None +- if tuple(googleapiclient.__version__) < tuple("1.6.0"): +- import oauth2client.client +- credentials = oauth2client.client.GoogleCredentials.get_application_default() ++ serviceaccount = options.get("--serviceaccount") ++ if serviceaccount: ++ scope = ['https://www.googleapis.com/auth/cloud-platform'] ++ logging.debug("using credentials from service account") ++ try: ++ from google.oauth2.service_account import Credentials as ServiceAccountCredentials ++ credentials = ServiceAccountCredentials.from_service_account_file(filename=serviceaccount, scopes=scope) ++ except ImportError: ++ from oauth2client.service_account import ServiceAccountCredentials ++ credentials = ServiceAccountCredentials.from_json_keyfile_name(serviceaccount, scope) ++ else: ++ try: ++ from googleapiclient import _auth ++ credentials = _auth.default_credentials(); ++ except: ++ credentials = GoogleCredentials.get_application_default() ++ logging.debug("using application default credentials") ++ + conn = googleapiclient.discovery.build('compute', 'v1', credentials=credentials) + except Exception as err: + fail_usage("Failed: Create GCE compute v1 connection: {}".format(str(err))) diff --git a/SOURCES/bz1969953-fence_gce-add-proxy-support.patch b/SOURCES/bz1969953-fence_gce-add-proxy-support.patch new file mode 100644 index 0000000..55dbc5b --- /dev/null +++ b/SOURCES/bz1969953-fence_gce-add-proxy-support.patch @@ -0,0 +1,70 @@ +diff --color -uNr a/agents/gce/fence_gce.py b/agents/gce/fence_gce.py +--- a/agents/gce/fence_gce.py 2021-06-11 14:57:01.138390529 +0200 ++++ b/agents/gce/fence_gce.py 2021-06-11 15:12:45.829855806 +0200 +@@ -1,6 +1,7 @@ + #!@PYTHON@ -tt + + import atexit ++import httplib2 + import logging + import os + import sys +@@ -18,6 +19,7 @@ + from fencing import fail_usage, run_delay, all_opt, atexit_handler, check_input, process_input, show_docs, fence_action + try: + import googleapiclient.discovery ++ import socks + try: + from google.oauth2.credentials import Credentials as GoogleCredentials + except: +@@ -189,13 +191,30 @@ + "required" : "0", + "order" : 9 + } ++ all_opt["proxyhost"] = { ++ "getopt" : ":", ++ "longopt" : "proxyhost", ++ "help" : "--proxyhost=[proxy_host] The proxy host to use, if one is needed to access the internet (Example: 10.122.0.33)", ++ "shortdesc" : "If a proxy is used for internet access, the proxy host should be specified.", ++ "required" : "0", ++ "order" : 10 ++ } ++ all_opt["proxyport"] = { ++ "getopt" : ":", ++ "type" : "integer", ++ "longopt" : "proxyport", ++ "help" : "--proxyport=[proxy_port] The proxy port to use, if one is needed to access the internet (Example: 3127)", ++ "shortdesc" : "If a proxy is used for internet access, the proxy port should be specified.", ++ "required" : "0", ++ "order" : 11 ++ } + + + def main(): + conn = None + + device_opt = ["port", "no_password", "zone", "project", "stackdriver-logging", +- "method", "serviceaccount"] ++ "method", "serviceaccount", "proxyhost", "proxyport"] + + atexit.register(atexit_handler) + +@@ -259,7 +278,17 @@ + credentials = GoogleCredentials.get_application_default() + logging.debug("using application default credentials") + +- conn = googleapiclient.discovery.build('compute', 'v1', credentials=credentials) ++ if options.get("--proxyhost") and options.get("--proxyport"): ++ proxy_info = httplib2.ProxyInfo( ++ proxy_type=socks.PROXY_TYPE_HTTP, ++ proxy_host=options.get("--proxyhost"), ++ proxy_port=int(options.get("--proxyport"))) ++ http = credentials.authorize(httplib2.Http(proxy_info=proxy_info)) ++ conn = googleapiclient.discovery.build( ++ 'compute', 'v1', http=http, cache_discovery=False) ++ else: ++ conn = googleapiclient.discovery.build( ++ 'compute', 'v1', credentials=credentials, cache_discovery=False) + except Exception as err: + fail_usage("Failed: Create GCE compute v1 connection: {}".format(str(err))) + diff --git a/SPECS/fence-agents.spec b/SPECS/fence-agents.spec index 6602746..6f35d26 100644 --- a/SPECS/fence-agents.spec +++ b/SPECS/fence-agents.spec @@ -29,7 +29,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.2.1 -Release: 72%{?alphatag:.%{alphatag}}%{?dist} +Release: 73%{?alphatag:.%{alphatag}}%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Base URL: https://github.com/ClusterLabs/fence-agents @@ -131,6 +131,8 @@ Patch89: bz1942363-fence_gce-default-to-cycle.patch Patch90: bz1920947-fence_redfish-2-add-diag-action-logic.patch Patch91: bz1920947-fence_redfish-3-fix-typo.patch Patch92: bz1922437-fence_mpath-watchdog-retry-support.patch +Patch93: bz1685814-fence_gce-add-serviceaccount-file-support.patch +Patch94: bz1969953-fence_gce-add-proxy-support.patch %if 0%{?fedora} || 0%{?rhel} > 7 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hds_cb hpblade ibmblade ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti @@ -301,6 +303,8 @@ BuildRequires: python3-google-api-client %patch90 -p1 %patch91 -p1 %patch92 -p1 +%patch93 -p1 +%patch94 -p1 # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac @@ -724,6 +728,7 @@ Group: System Environment/Base Summary: Fence agent for GCE (Google Cloud Engine) Requires: fence-agents-common >= %{version}-%{release} Requires: python3-google-api-client +Requires: python3-pysocks Obsoletes: %{name} < %{version}-%{release} BuildArch: noarch %description gce @@ -1191,6 +1196,12 @@ Fence agent for IBM z/VM over IP. %endif %changelog +* Fri Jun 11 2021 Oyvind Albrigtsen - 4.2.1-73 +- fence_gce: add serviceaccount JSON file support + Resolves: rhbz#1685814 +- fence_gce: add proxy support + Resolves: rhbz#1969953 + * Thu May 20 2021 Oyvind Albrigtsen - 4.2.1-72 - fence_mpath: add watchdog retry support Resolves: rhbz#1922437