master

分支 (23)

标签 (17)

管理

管理

master

sync-pr79-master-to-openEuler-24.09

openEuler-20.03-LTS-SP4

openEuler-22.03-LTS-SP3

openEuler-22.03-LTS-SP1

openEuler-22.03-LTS-SP4

openEuler-24.09

openEuler-24.03-LTS-Next

openEuler-24.03-LTS-SP1

openEuler-24.03-LTS

openEuler-23.09

openEuler-22.03-LTS-SP2

openEuler-22.03-LTS-Next

openEuler-23.03

openEuler-21.03

openEuler-21.09

openEuler-22.03-LTS

openEuler-22.09

openEuler-20.03-LTS-Next

openEuler-20.03-LTS-SP1

openEuler-22.03-LTS-SP4-update-before-20241025

openEuler-22.03-LTS-SP4-release

openEuler-24.09-release

openEuler-24.03-LTS-release

openEuler-22.03-LTS-SP3-release

openEuler-23.09-rc5

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

fence-agents
/
backport-fence_ibm_powervs-add-privat...

From c64ca27a5a3cf56ebf75cddc228be584391283fe Mon Sep 17 00:00:00 2001
From: Andreas Schauberer <74912604+andscha@users.noreply.github.com>
Date: Mon, 14 Oct 2024 10:14:12 +0200
Subject: [PATCH 09/10] fence_ibm_powervs: add private endpoint and token file
 support (#597)

* Enhance fence_ibm_powervs.py

New features:
- support PER-enabled Power Virtual Server workspaces with network access to private endpoints
- support security token to load from file

Fixes:
- support unknown states for virtual system instances
- new defaults for variables
  power_timeout = "120"
  power_wait = "15"
  stonith_status_sleep = "10"
- changed longdesc
---
 agents/ibm_powervs/fence_ibm_powervs.py   | 66 +++++++++++++++--------
 tests/data/metadata/fence_ibm_powervs.xml |  8 +--
 2 files changed, 49 insertions(+), 25 deletions(-)

diff --git a/agents/ibm_powervs/fence_ibm_powervs.py b/agents/ibm_powervs/fence_ibm_powervs.py
index 73dfe0ab..ec9a0c11 100755
--- a/agents/ibm_powervs/fence_ibm_powervs.py
+++ b/agents/ibm_powervs/fence_ibm_powervs.py
@@ -1,13 +1,14 @@
 #!@PYTHON@ -tt

 import sys
-import pycurl, io, json
+import pycurl
+import io
+import json
 import logging
 import atexit
-import time
+
 sys.path.append("@FENCEAGENTSLIBDIR@")
-from fencing import *
-from fencing import fail, run_delay, EC_LOGIN_DENIED, EC_STATUS
+from fencing import all_opt, atexit_handler, check_input, process_input, show_docs, fence_action, fail, run_delay, EC_STATUS

 state = {
 	 "ACTIVE": "on",
@@ -18,15 +19,35 @@ state = {
 }

 def get_token(conn, options):
-        try:
-                command = "identity/token"
-                action = "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey={}".format(options["--token"])
-                res = send_command(conn, command, "POST", action, printResult=False)
-        except Exception as e:
-                logging.debug("Failed: {}".format(e))
-                return "TOKEN_IS_MISSING_OR_WRONG"
-
-        return res["access_token"]
+	try:
+		if options["--token"][0] == '@':
+			key_file = options["--token"][1:]
+			try:
+				# read the API key from a file
+				with open(key_file, "r") as f:
+					try:
+						keys = json.loads(f.read())
+						# data seems to be in json format
+						# return the value of the item with the key 'Apikey'
+						api_key = keys.get("Apikey", "")
+						if not api_key:
+							# backward compatibility: former key name was 'apikey'
+							api_key = keys.get("apikey", "")
+					# data is text, return as is
+					except ValueError:
+						api_key = f.read().strip()
+			except FileNotFoundError:
+				logging.debug("Failed: Cannot open file {}".format(key_file))
+				return "TOKEN_IS_MISSING_OR_WRONG"
+		else:
+			api_key = options["--token"]
+		command = "identity/token"
+		action = "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey={}".format(api_key)
+		res = send_command(conn, command, "POST", action, printResult=False)
+	except Exception as e:
+		logging.debug("Failed: {}".format(e))
+		return "TOKEN_IS_MISSING_OR_WRONG"
+	return res["access_token"]

 def get_list(conn, options):
 	outlets = {}
@@ -41,7 +62,7 @@ def get_list(conn, options):
 	for r in res["pvmInstances"]:
 		if options["--verbose-level"] > 1:
 			logging.debug(json.dumps(r, indent=2))
-		outlets[r["pvmInstanceID"]] = (r["serverName"], state[r["status"]])
+		outlets[r["pvmInstanceID"]] = (r["serverName"], state.get(r["status"], "unknown"))

 	return outlets

@@ -97,7 +118,7 @@ def reboot_cycle(conn, options):
 		else:
 			logging.debug("Failed: Unable to cycle with {} for {}".format(options["--action"], e))
 			fail(EC_STATUS)
-	return True
+	return True

 def connect(opt, token):
 	conn = pycurl.Curl()
@@ -130,7 +151,10 @@ def auth_connect(opt):
 	conn = pycurl.Curl()

 	# setup correct URL
-	conn.base_url = "https://iam.cloud.ibm.com/"
+	if opt["--api-type"] == "private":
+		conn.base_url = "https://private.iam.cloud.ibm.com/"
+	else:
+		conn.base_url = "https://iam.cloud.ibm.com/"

 	if opt["--verbose-level"] > 1:
 		conn.setopt(pycurl.VERBOSE, 1)
@@ -265,9 +289,9 @@ def main():
 	define_new_opts()

 	all_opt["shell_timeout"]["default"] = "500"
-	all_opt["power_timeout"]["default"] = "30"
-	all_opt["power_wait"]["default"] = "1"
-	all_opt["stonith_status_sleep"]["default"] = "2"
+	all_opt["power_timeout"]["default"] = "120"
+	all_opt["power_wait"]["default"] = "15"
+	all_opt["stonith_status_sleep"]["default"] = "10"
 	all_opt["api-type"]["default"] = "private"
 	all_opt["proxy"]["default"] = ""

@@ -275,8 +299,8 @@ def main():

 	docs = {}
 	docs["shortdesc"] = "Fence agent for IBM PowerVS"
-	docs["longdesc"] = """fence_ibm_powervs is a Power Fencing agent which can be \
-used with IBM PowerVS to fence virtual machines."""
+	docs["longdesc"] = """fence_ibm_powervs is a power fencing agent for \
+IBM Power Virtual Server (IBM PowerVS) to fence virtual server instances."""
 	docs["vendorurl"] = "https://www.ibm.com"
 	show_docs(options, docs)

diff --git a/tests/data/metadata/fence_ibm_powervs.xml b/tests/data/metadata/fence_ibm_powervs.xml
index c1dc034d..ec59e1b5 100644
--- a/tests/data/metadata/fence_ibm_powervs.xml
+++ b/tests/data/metadata/fence_ibm_powervs.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" ?>
 <resource-agent name="fence_ibm_powervs" shortdesc="Fence agent for IBM PowerVS" >
-<longdesc>fence_ibm_powervs is a Power Fencing agent which can be used with IBM PowerVS to fence virtual machines.</longdesc>
+<longdesc>fence_ibm_powervs is a power fencing agent for IBM Power Virtual Server (IBM PowerVS) to fence virtual server instances.</longdesc>
 <vendor-url>https://www.ibm.com</vendor-url>
 <parameters>
 	<parameter name="api-type" unique="0" required="0" deprecated="1">
@@ -122,12 +122,12 @@
 	</parameter>
 	<parameter name="power_timeout" unique="0" required="0">
 		<getopt mixed="--power-timeout=[seconds]" />
-		<content type="second" default="30"  />
+		<content type="second" default="120"  />
 		<shortdesc lang="en">Test X seconds for status change after ON/OFF</shortdesc>
 	</parameter>
 	<parameter name="power_wait" unique="0" required="0">
 		<getopt mixed="--power-wait=[seconds]" />
-		<content type="second" default="1"  />
+		<content type="second" default="15"  />
 		<shortdesc lang="en">Wait X seconds after issuing ON/OFF</shortdesc>
 	</parameter>
 	<parameter name="shell_timeout" unique="0" required="0">
@@ -137,7 +137,7 @@
 	</parameter>
 	<parameter name="stonith_status_sleep" unique="0" required="0">
 		<getopt mixed="--stonith-status-sleep=[seconds]" />
-		<content type="second" default="2"  />
+		<content type="second" default="10"  />
 		<shortdesc lang="en">Sleep X seconds between status calls during a STONITH action</shortdesc>
 	</parameter>
 	<parameter name="retry_on" unique="0" required="0">
--
2.33.1.windows.1