diff --git a/0001-fence_compute-Add-insecure-command-line-argument.patch b/0001-fence_compute-Add-insecure-command-line-argument.patch new file mode 100644 index 0000000..353a5a6 --- /dev/null +++ b/0001-fence_compute-Add-insecure-command-line-argument.patch @@ -0,0 +1,69 @@ +From b3f74614a1ecbac509a84f291c17884866765317 Mon Sep 17 00:00:00 2001 +From: Vincent Untz +Date: Thu, 7 Jan 2016 22:07:27 +0100 +Subject: [PATCH 1/8] fence_compute: Add --insecure command line argument + +This makes it possible to have fence_compute work with OpenStack +deployments with SSL certificates that can't be verified (can be the +case in test systems). +--- + fence/agents/compute/fence_compute.py | 12 +++++++++++- + tests/data/metadata/fence_compute.xml | 5 +++++ + 2 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/fence/agents/compute/fence_compute.py b/fence/agents/compute/fence_compute.py +index d9fe54a..ef066d4 100644 +--- a/fence/agents/compute/fence_compute.py ++++ b/fence/agents/compute/fence_compute.py +@@ -242,6 +242,15 @@ def define_new_opts(): + "default" : "", + "order": 1, + } ++ all_opt["insecure"] = { ++ "getopt" : "", ++ "longopt" : "insecure", ++ "help" : "--insecure Explicitly allow agent to perform \"insecure\" TLS (https) requests", ++ "required" : "0", ++ "shortdesc" : "Allow Insecure TLS Requests", ++ "default" : "False", ++ "order": 2, ++ } + all_opt["domain"] = { + "getopt" : "d:", + "longopt" : "domain", +@@ -286,7 +295,7 @@ def main(): + + device_opt = ["login", "passwd", "tenant-name", "auth-url", "fabric_fencing", "on_target", + "no_login", "no_password", "port", "domain", "no-shared-storage", "endpoint-type", +- "record-only", "instance-filtering"] ++ "record-only", "instance-filtering", "insecure"] + define_new_opts() + all_opt["shell_timeout"]["default"] = "180" + +@@ -331,6 +340,7 @@ def main(): + options["--password"], + options["--tenant-name"], + options["--auth-url"], ++ insecure=options["--insecure"], + endpoint_type=options["--endpoint-type"]) + + if options["--action"] in ["off", "reboot"]: +diff --git a/tests/data/metadata/fence_compute.xml b/tests/data/metadata/fence_compute.xml +index 290a2eb..5aeae40 100644 +--- a/tests/data/metadata/fence_compute.xml ++++ b/tests/data/metadata/fence_compute.xml +@@ -43,6 +43,11 @@ + + Keystone Admin Tenant + ++ ++ ++ ++ Allow Insecure TLS Requests ++ + + + +-- +2.6.2 + diff --git a/0002-fence_compute-Add-region-name-command-line-argument.patch b/0002-fence_compute-Add-region-name-command-line-argument.patch new file mode 100644 index 0000000..2441389 --- /dev/null +++ b/0002-fence_compute-Add-region-name-command-line-argument.patch @@ -0,0 +1,67 @@ +From 16d9f9108897c9335e759667ae091162c911cb08 Mon Sep 17 00:00:00 2001 +From: Vincent Untz +Date: Thu, 7 Jan 2016 22:17:51 +0100 +Subject: [PATCH 2/8] fence_compute: Add --region-name command line argument + +Useful for multi-region setups. +--- + fence/agents/compute/fence_compute.py | 12 +++++++++++- + tests/data/metadata/fence_compute.xml | 5 +++++ + 2 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/fence/agents/compute/fence_compute.py b/fence/agents/compute/fence_compute.py +index ef066d4..d1d797e 100644 +--- a/fence/agents/compute/fence_compute.py ++++ b/fence/agents/compute/fence_compute.py +@@ -242,6 +242,15 @@ def define_new_opts(): + "default" : "", + "order": 1, + } ++ all_opt["region-name"] = { ++ "getopt" : "", ++ "longopt" : "region-name", ++ "help" : "--region-name=[region] Region Name", ++ "required" : "0", ++ "shortdesc" : "Region Name", ++ "default" : "", ++ "order": 1, ++ } + all_opt["insecure"] = { + "getopt" : "", + "longopt" : "insecure", +@@ -295,7 +304,7 @@ def main(): + + device_opt = ["login", "passwd", "tenant-name", "auth-url", "fabric_fencing", "on_target", + "no_login", "no_password", "port", "domain", "no-shared-storage", "endpoint-type", +- "record-only", "instance-filtering", "insecure"] ++ "record-only", "instance-filtering", "insecure", "region-name"] + define_new_opts() + all_opt["shell_timeout"]["default"] = "180" + +@@ -341,6 +350,7 @@ def main(): + options["--tenant-name"], + options["--auth-url"], + insecure=options["--insecure"], ++ region_name=options["--region-name"], + endpoint_type=options["--endpoint-type"]) + + if options["--action"] in ["off", "reboot"]: +diff --git a/tests/data/metadata/fence_compute.xml b/tests/data/metadata/fence_compute.xml +index 5aeae40..e5c112c 100644 +--- a/tests/data/metadata/fence_compute.xml ++++ b/tests/data/metadata/fence_compute.xml +@@ -38,6 +38,11 @@ + + Physical plug number on device, UUID or identification of machine + ++ ++ ++ ++ Region Name ++ + + + +-- +2.6.2 + diff --git a/0003-fence_compute-Create-nova-client-with-API-2.11.patch b/0003-fence_compute-Create-nova-client-with-API-2.11.patch new file mode 100644 index 0000000..a806d79 --- /dev/null +++ b/0003-fence_compute-Create-nova-client-with-API-2.11.patch @@ -0,0 +1,26 @@ +From 105f9a9066b3907da4cf1ecde3a484bd8c546b3f Mon Sep 17 00:00:00 2001 +From: Vincent Untz +Date: Wed, 3 Feb 2016 11:33:32 +0100 +Subject: [PATCH 3/8] fence_compute: Create nova client with API 2.11 + +The force_down API requires to use version 2.11 or later. +--- + fence/agents/compute/fence_compute.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fence/agents/compute/fence_compute.py b/fence/agents/compute/fence_compute.py +index d1d797e..b443a3c 100644 +--- a/fence/agents/compute/fence_compute.py ++++ b/fence/agents/compute/fence_compute.py +@@ -344,7 +344,7 @@ def main(): + sys.exit(0) + + # The first argument is the Nova client version +- nova = nova_client.Client('2', ++ nova = nova_client.Client('2.11', + options["--username"], + options["--password"], + options["--tenant-name"], +-- +2.6.2 + diff --git a/0004-fence_compute-Fix-disabling-force_down-on-node-when-.patch b/0004-fence_compute-Fix-disabling-force_down-on-node-when-.patch new file mode 100644 index 0000000..b139b34 --- /dev/null +++ b/0004-fence_compute-Fix-disabling-force_down-on-node-when-.patch @@ -0,0 +1,61 @@ +From 6cbbe5d9e81ddeee91d06660f27a4a51117aa0ed Mon Sep 17 00:00:00 2001 +From: Vincent Untz +Date: Wed, 3 Feb 2016 13:45:52 +0100 +Subject: [PATCH 4/8] fence_compute: Fix disabling force_down on node when + action is on + +When the action is on, the goal is to disable force_down for the +nova-compute service on the node. + +However, we were only doing that if the nova-compute service was up; +which is impossible if it's forced to be down... So just always disable +force_down, and then, if it's up, do more things. +--- + fence/agents/compute/fence_compute.py | 28 ++++++++++++++-------------- + 1 file changed, 14 insertions(+), 14 deletions(-) + +diff --git a/fence/agents/compute/fence_compute.py b/fence/agents/compute/fence_compute.py +index b443a3c..feb86c0 100644 +--- a/fence/agents/compute/fence_compute.py ++++ b/fence/agents/compute/fence_compute.py +@@ -148,23 +148,23 @@ def set_power_status(_, options): + return + + if options["--action"] == "on": ++ try: ++ # Forcing the host back up ++ nova.services.force_down( ++ options["--plug"], "nova-compute", force_down=False) ++ except Exception as e: ++ # In theory, if foce_down=False fails, that's for the exact ++ # same possible reasons that below with force_down=True ++ # eg. either an incompatible version or an old client. ++ # Since it's about forcing back to a default value, there is ++ # no real worries to just consider it's still okay even if the ++ # command failed ++ logging.info("Exception from attempt to force " ++ "host back up via nova API: " ++ "%s: %s" % (e.__class__.__name__, e)) + if get_power_status(_, options) == "on": + # Forcing the service back up in case it was disabled + nova.services.enable(options["--plug"], 'nova-compute') +- try: +- # Forcing the host back up +- nova.services.force_down( +- options["--plug"], "nova-compute", force_down=False) +- except Exception as e: +- # In theory, if foce_down=False fails, that's for the exact +- # same possible reasons that below with force_down=True +- # eg. either an incompatible version or an old client. +- # Since it's about forcing back to a default value, there is +- # no real worries to just consider it's still okay even if the +- # command failed +- logging.info("Exception from attempt to force " +- "host back up via nova API: " +- "%s: %s" % (e.__class__.__name__, e)) + else: + # Pretend we're 'on' so that the fencing library doesn't loop forever waiting for the node to boot + override_status = "on" +-- +2.6.2 + diff --git a/0005-fence_compute-Evacuate-instances-on-all-tenants.patch b/0005-fence_compute-Evacuate-instances-on-all-tenants.patch new file mode 100644 index 0000000..f17d250 --- /dev/null +++ b/0005-fence_compute-Evacuate-instances-on-all-tenants.patch @@ -0,0 +1,27 @@ +From 7f059392abfb5bb72f08747f1fd9c3456bd0c766 Mon Sep 17 00:00:00 2001 +From: Vincent Untz +Date: Wed, 3 Feb 2016 16:57:45 +0100 +Subject: [PATCH 5/8] fence_compute: Evacuate instances on all tenants + +We don't want to evacuate instances in just one tenant, so when we list +the instances, we need to look at all tenants, not just the current one. +--- + fence/agents/compute/fence_compute.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fence/agents/compute/fence_compute.py b/fence/agents/compute/fence_compute.py +index feb86c0..be4d173 100644 +--- a/fence/agents/compute/fence_compute.py ++++ b/fence/agents/compute/fence_compute.py +@@ -103,7 +103,7 @@ def _get_evacuable_images(): + + def _host_evacuate(options): + result = True +- servers = nova.servers.list(search_opts={'host': options["--plug"]}) ++ servers = nova.servers.list(search_opts={'host': options["--plug"], 'all_tenants': 1}) + if options["--instance-filtering"] == "False": + evacuables = servers + else: +-- +2.6.2 + diff --git a/0006-fence_compute-On-list-don-t-list-hypervisors-but-nov.patch b/0006-fence_compute-On-list-don-t-list-hypervisors-but-nov.patch new file mode 100644 index 0000000..335bcaa --- /dev/null +++ b/0006-fence_compute-On-list-don-t-list-hypervisors-but-nov.patch @@ -0,0 +1,39 @@ +From a1f665a1f3da3afd94d9888432579ecea7c3bfbf Mon Sep 17 00:00:00 2001 +From: Vincent Untz +Date: Thu, 4 Feb 2016 09:59:43 +0100 +Subject: [PATCH 6/8] fence_compute: On list, don't list hypervisors but + nova-compute services + +Everything we do (evacuate, force_down) is on nova-compute services, so +there's no reason to list hypervisors; just directly look for +nova-compute services. +--- + fence/agents/compute/fence_compute.py | 12 +++--------- + 1 file changed, 3 insertions(+), 9 deletions(-) + +diff --git a/fence/agents/compute/fence_compute.py b/fence/agents/compute/fence_compute.py +index be4d173..7d7aa49 100644 +--- a/fence/agents/compute/fence_compute.py ++++ b/fence/agents/compute/fence_compute.py +@@ -202,15 +202,9 @@ def get_plugs_list(_, options): + result = {} + + if nova: +- hypervisors = nova.hypervisors.list() +- for hypervisor in hypervisors: +- longhost = hypervisor.hypervisor_hostname +- if options["--domain"] != "": +- shorthost = longhost.replace("." + options["--domain"], "") +- result[longhost] = ("", None) +- result[shorthost] = ("", None) +- else: +- result[longhost] = ("", None) ++ services = nova.services.list(binary="nova-compute") ++ for service in services: ++ result[service.host] = ("", None) + return result + + +-- +2.6.2 + diff --git a/0007-fence_compute-Only-list-nova-compute-services-when-g.patch b/0007-fence_compute-Only-list-nova-compute-services-when-g.patch new file mode 100644 index 0000000..6e1ded7 --- /dev/null +++ b/0007-fence_compute-Only-list-nova-compute-services-when-g.patch @@ -0,0 +1,27 @@ +From 35a454b4a7b7e5890d204c1a9893b2909ddccd27 Mon Sep 17 00:00:00 2001 +From: Vincent Untz +Date: Thu, 4 Feb 2016 10:02:49 +0100 +Subject: [PATCH 7/8] fence_compute: Only list nova-compute services when + getting status + +We don't care about other services. +--- + fence/agents/compute/fence_compute.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fence/agents/compute/fence_compute.py b/fence/agents/compute/fence_compute.py +index 7d7aa49..0273aa2 100644 +--- a/fence/agents/compute/fence_compute.py ++++ b/fence/agents/compute/fence_compute.py +@@ -34,7 +34,7 @@ def get_power_status(_, options): + + if nova: + try: +- services = nova.services.list(host=options["--plug"]) ++ services = nova.services.list(host=options["--plug"], binary="nova-compute") + for service in services: + logging.debug("Status of %s is %s" % (service.binary, service.state)) + if service.binary == "nova-compute": +-- +2.6.2 + diff --git a/0008-fence_compute-Deprecate-the-domain-option.patch b/0008-fence_compute-Deprecate-the-domain-option.patch new file mode 100644 index 0000000..ec42664 --- /dev/null +++ b/0008-fence_compute-Deprecate-the-domain-option.patch @@ -0,0 +1,60 @@ +From 79d653464fa85cf09c98014f82b5874de250944b Mon Sep 17 00:00:00 2001 +From: Vincent Untz +Date: Thu, 4 Feb 2016 10:08:20 +0100 +Subject: [PATCH 8/8] fence_compute: Deprecate the domain option + +As far as I understand, this should not be needed anymore: the domain +option was really only useful to translate between hypervisor hostname +and nova service hostname, and we don't get hypervisor hostnames +anywhere anymore. + +The option is left around to not break existing configurations that are +using it. +--- + fence/agents/compute/fence_compute.py | 8 ++------ + tests/data/metadata/fence_compute.xml | 2 +- + 2 files changed, 3 insertions(+), 7 deletions(-) + +diff --git a/fence/agents/compute/fence_compute.py b/fence/agents/compute/fence_compute.py +index 0273aa2..eccab99 100644 +--- a/fence/agents/compute/fence_compute.py ++++ b/fence/agents/compute/fence_compute.py +@@ -257,9 +257,9 @@ def define_new_opts(): + all_opt["domain"] = { + "getopt" : "d:", + "longopt" : "domain", +- "help" : "-d, --domain=[string] DNS domain in which hosts live, useful when the cluster uses short names and nova uses FQDN", ++ "help" : "-d, --domain=[string] Deprecated option; do not do anything anymore", + "required" : "0", +- "shortdesc" : "DNS domain in which hosts live", ++ "shortdesc" : "Deprecated option", + "default" : "", + "order": 5, + } +@@ -318,10 +318,6 @@ def main(): + except ImportError: + fail_usage("nova not found or not accessible") + +- # Potentially we should make this a pacemaker feature +- if options["--action"] != "list" and options["--domain"] != "" and options.has_key("--plug"): +- options["--plug"] = options["--plug"] + "." + options["--domain"] +- + if options["--record-only"] in [ "2", "Disabled", "disabled" ]: + sys.exit(0) + +diff --git a/tests/data/metadata/fence_compute.xml b/tests/data/metadata/fence_compute.xml +index e5c112c..82e0fde 100644 +--- a/tests/data/metadata/fence_compute.xml ++++ b/tests/data/metadata/fence_compute.xml +@@ -56,7 +56,7 @@ + + + +- DNS domain in which hosts live ++ Deprecated option + + + +-- +2.6.2 + diff --git a/_service b/_service new file mode 100644 index 0000000..894df13 --- /dev/null +++ b/_service @@ -0,0 +1,20 @@ + + + git://github.com/ClusterLabs/fence-agents.git + git + .git + fence-agents + 4.0.22+git.%ct.%h + master + enable + + + + fence-agents*.tar + xz + + + + fence-agents + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..d6da15a --- /dev/null +++ b/_servicedata @@ -0,0 +1,4 @@ + + + git://github.com/ClusterLabs/fence-agents.git + 15c5e92481fc35aef7c36801e500b7913d70edc3 \ No newline at end of file diff --git a/fence-agents-4.0.22+git.1455008135.15c5e92.tar.xz b/fence-agents-4.0.22+git.1455008135.15c5e92.tar.xz new file mode 100644 index 0000000..7a80766 --- /dev/null +++ b/fence-agents-4.0.22+git.1455008135.15c5e92.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e577e1ed15dac5bb1e50375c06170269b334b2bfff57b74ee87bc7f679dfbb3c +size 201540 diff --git a/fence-agents-4.0.22.tar.gz b/fence-agents-4.0.22.tar.gz deleted file mode 100644 index 79beb7e..0000000 --- a/fence-agents-4.0.22.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:984c9a4165e8017cd161f01789150cf367a393978ae279ad65002bccf38870ca -size 274860 diff --git a/fence-agents.changes b/fence-agents.changes index 90b631a..329aeaf 100644 --- a/fence-agents.changes +++ b/fence-agents.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Mon Feb 22 09:18:30 UTC 2016 - kgronlund@suse.com + +- Update to version 4.0.22+git.1455008135.15c5e92: + + fence_cisco_ucs: Obtain status of device from different endpoint + + fence_cisco_ucs: Add --missing-as-off + +- Patches for fence_compute (fate#320346) + - fence_compute: Add --insecure command line argument + - fence_compute: Add --region-name command line argument + - fence_compute: Create nova client with API 2.11 + - fence_compute: Fix disabling force_down on node when action is on + - fence_compute: Evacuate instances on all tenants + - fence_compute: On list, don't list hypervisors but nova-compute services + - fence_compute: Only list nova-compute services when getting status + - fence_compute: Deprecate the domain option + +- Add 0001-fence_compute-Add-insecure-command-line-argument.patch +- Add 0002-fence_compute-Add-region-name-command-line-argument.patch +- Add 0003-fence_compute-Create-nova-client-with-API-2.11.patch +- Add 0004-fence_compute-Fix-disabling-force_down-on-node-when-.patch +- Add 0005-fence_compute-Evacuate-instances-on-all-tenants.patch +- Add 0006-fence_compute-On-list-don-t-list-hypervisors-but-nov.patch +- Add 0007-fence_compute-Only-list-nova-compute-services-when-g.patch +- Add 0008-fence_compute-Deprecate-the-domain-option.patch + ------------------------------------------------------------------- Wed Jan 27 10:27:41 UTC 2016 - kgronlund@suse.com diff --git a/fence-agents.spec b/fence-agents.spec index b0ffc06..4a2c9e4 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -22,10 +22,26 @@ Name: fence-agents Summary: Fence Agents for Pacemaker from RHCS License: GPL-2.0 and LGPL-2.1 Group: Productivity/Clustering/HA -Version: 4.0.22 +Version: 4.0.22+git.1455008135.15c5e92 Release: 0 Url: https://github.com/ClusterLabs/fence-agents -Source0: %{name}-%{version}.tar.gz +Source0: %{name}-%{version}.tar.xz +# PATCH-FIX-UPSTREAM: fence_compute: Add --insecure command line argument +Patch1: 0001-fence_compute-Add-insecure-command-line-argument.patch +# PATCH-FIX-UPSTREAM: fence_compute: Add --region-name command line argument +Patch2: 0002-fence_compute-Add-region-name-command-line-argument.patch +# PATCH-FIX-UPSTREAM: fence_compute: Create nova client with API 2.11 +Patch3: 0003-fence_compute-Create-nova-client-with-API-2.11.patch +# PATCH-FIX-UPSTREAM: fence_compute: Fix disabling force_down on node when action is on +Patch4: 0004-fence_compute-Fix-disabling-force_down-on-node-when-.patch +# PATCH-FIX-UPSTREAM: fence_compute: Evacuate instances on all tenants +Patch5: 0005-fence_compute-Evacuate-instances-on-all-tenants.patch +# PATCH-FIX-UPSTREAM: fence_compute: On list, don't list hypervisors but nova-compute services +Patch6: 0006-fence_compute-On-list-don-t-list-hypervisors-but-nov.patch +# PATCH-FIX-UPSTREAM: fence_compute: Only list nova-compute services when getting status +Patch7: 0007-fence_compute-Only-list-nova-compute-services-when-g.patch +# PATCH-FIX-UPSTREAM: fence_compute: Deprecate the domain option +Patch8: 0008-fence_compute-Deprecate-the-domain-option.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf @@ -86,6 +102,14 @@ fence agents only suitable for development. %prep %setup -q -n %{name}-%{version} +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 %build CFLAGS="${CFLAGS} ${RPM_OPT_FLAGS}"