From 82ecaf550f81fcb2a563422ead4b11d9ab33a4dd Mon Sep 17 00:00:00 2001 From: bizhiyuan Date: Wed, 22 Oct 2025 16:11:11 +0800 Subject: [PATCH] azure_fence.py: fix managed identity authentication (#605) fence_nutanix_ahv: Handle API rate limits (#604) fence_compute/fence_evacuate: dont use deprecatedinspect.getargspec() (cherry picked from commit 8afa26deebd4bfbe388ddd6a341d00d3be5fbd52) --- ...ix-managed-identity-authentication-6.patch | 30 ++++++++ ...nce_evacuate-dont-use-deprecated-ins.patch | 41 +++++++++++ ...tanix_ahv-Handle-API-rate-limits-604.patch | 72 +++++++++++++++++++ fence-agents.spec | 11 ++- 4 files changed, 152 insertions(+), 2 deletions(-) create mode 100644 backport-azure_fence.py-fix-managed-identity-authentication-6.patch create mode 100644 backport-fence_compute-fence_evacuate-dont-use-deprecated-ins.patch create mode 100644 backport-fence_nutanix_ahv-Handle-API-rate-limits-604.patch diff --git a/backport-azure_fence.py-fix-managed-identity-authentication-6.patch b/backport-azure_fence.py-fix-managed-identity-authentication-6.patch new file mode 100644 index 0000000..302fac1 --- /dev/null +++ b/backport-azure_fence.py-fix-managed-identity-authentication-6.patch @@ -0,0 +1,30 @@ +From 5d9d6a9e9cf33f62d73aa9db13522c97889ec0b8 Mon Sep 17 00:00:00 2001 +From: Tobias Schug <4014687+HappyTobi@users.noreply.github.com> +Date: Fri, 31 Jan 2025 13:11:37 +0100 +Subject: [PATCH] azure_fence.py: fix managed identity authentication (#605) + +--- + lib/azure_fence.py.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/azure_fence.py.py b/lib/azure_fence.py.py +index 768c4b0b..54ed6a14 100644 +--- a/lib/azure_fence.py.py ++++ b/lib/azure_fence.py.py +@@ -416,11 +416,11 @@ def get_azure_credentials(config): + if config.UseMSI: + try: + from azure.identity import ManagedIdentityCredential +- credentials = ManagedIdentityCredential(identity_config={"resource_id": cloud_environment["resource_manager"]}) ++ credentials = ManagedIdentityCredential(authority=cloud_environment["authority_hosts"]) + except ImportError: + from msrestazure.azure_active_directory import MSIAuthentication + credentials = MSIAuthentication(cloud_environment=cloud_environment["cloud_environment"]) +- return ++ return credentials + + try: + # try to use new libraries ClientSecretCredential (azure.identity, based on azure.core) +-- +2.25.1 + diff --git a/backport-fence_compute-fence_evacuate-dont-use-deprecated-ins.patch b/backport-fence_compute-fence_evacuate-dont-use-deprecated-ins.patch new file mode 100644 index 0000000..b1c8c21 --- /dev/null +++ b/backport-fence_compute-fence_evacuate-dont-use-deprecated-ins.patch @@ -0,0 +1,41 @@ +From deadda03cb331b766d83e332f06af9a53906a2a8 Mon Sep 17 00:00:00 2001 +From: Oyvind Albrigtsen +Date: Fri, 21 Mar 2025 12:21:06 +0100 +Subject: [PATCH] fence_compute/fence_evacuate: dont use deprecated + inspect.getargspec() + +/usr/sbin/fence_compute:288: DeprecationWarning: inspect.getargspec() is deprecated since Python 3.0, use inspect.signature() or inspect.getfullargspec() +--- + agents/compute/fence_compute.py | 2 +- + agents/evacuate/fence_evacuate.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/agents/compute/fence_compute.py b/agents/compute/fence_compute.py +index d862dca3..01b535bb 100644 +--- a/agents/compute/fence_compute.py ++++ b/agents/compute/fence_compute.py +@@ -285,7 +285,7 @@ def create_nova_connection(options): + + nova_versions = [ "2.11", "2" ] + for version in nova_versions: +- clientargs = inspect.getargspec(client.Client).varargs ++ clientargs = inspect.getfullargspec(client.Client).varargs + # Some versions of Openstack prior to Ocata only + # supported positional arguments for username, + # password, and tenant. +diff --git a/agents/evacuate/fence_evacuate.py b/agents/evacuate/fence_evacuate.py +index 53d6fd15..1ea020f6 100644 +--- a/agents/evacuate/fence_evacuate.py ++++ b/agents/evacuate/fence_evacuate.py +@@ -221,7 +221,7 @@ def create_nova_connection(options): + + versions = [ "2.11", "2" ] + for version in versions: +- clientargs = inspect.getargspec(client.Client).varargs ++ clientargs = inspect.getfullargspec(client.Client).varargs + + # Some versions of Openstack prior to Ocata only + # supported positional arguments for username, +-- +2.25.1 + diff --git a/backport-fence_nutanix_ahv-Handle-API-rate-limits-604.patch b/backport-fence_nutanix_ahv-Handle-API-rate-limits-604.patch new file mode 100644 index 0000000..bef7ae1 --- /dev/null +++ b/backport-fence_nutanix_ahv-Handle-API-rate-limits-604.patch @@ -0,0 +1,72 @@ +From 03c599c9d2d5a42b4aea6db66e3a50263fb78440 Mon Sep 17 00:00:00 2001 +From: Govindarajan Soundararajan +Date: Thu, 30 Jan 2025 02:01:28 -0800 +Subject: [PATCH] fence_nutanix_ahv: Handle API rate limits (#604) + +Nutanix Prism Central has rate limits set on +various API end points. The fence agent should +handle such rate limit errors and retry API requests +appropriately if it encounters any such errors. This +change adds retries for HTTP error 429 (rate limit), +and also for HTTP errors 500, and 503. +--- + agents/nutanix_ahv/fence_nutanix_ahv.py | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/agents/nutanix_ahv/fence_nutanix_ahv.py b/agents/nutanix_ahv/fence_nutanix_ahv.py +index 1a422dda..67e6d907 100644 +--- a/agents/nutanix_ahv/fence_nutanix_ahv.py ++++ b/agents/nutanix_ahv/fence_nutanix_ahv.py +@@ -10,6 +10,8 @@ import sys + import time + import uuid + import requests ++from requests.adapters import HTTPAdapter ++from requests.packages.urllib3.util.retry import Retry + + sys.path.append("@FENCEAGENTSLIBDIR@") + from fencing import * +@@ -20,6 +22,7 @@ V4_VERSION = '4.0' + MIN_TIMEOUT = 60 + PC_PORT = 9440 + POWER_STATES = {"ON": "on", "OFF": "off", "PAUSED": "off", "UNKNOWN": "unknown"} ++MAX_RETRIES = 5 + + + class NutanixClientException(Exception): +@@ -44,22 +47,28 @@ class NutanixClient: + self.password = password + self.valid_status_codes = [200, 202] + self.disable_warnings = disable_warnings ++ self.session = requests.Session() ++ self.session.auth = (self.username, self.password) ++ ++ retry_strategy = Retry(total=MAX_RETRIES, ++ backoff_factor=1, ++ status_forcelist=[429, 500, 503]) ++ ++ self.session.mount("https://", HTTPAdapter(max_retries=retry_strategy)) + + def request(self, url, method='GET', headers=None, **kwargs): +- session = requests.Session() +- session.auth = (self.username, self.password) + + if self.disable_warnings: + requests.packages.urllib3.disable_warnings() + + if headers: +- session.headers.update(headers) ++ self.session.headers.update(headers) + + response = None + + try: + logging.debug("Sending %s request to %s", method, url) +- response = session.request(method, url, **kwargs) ++ response = self.session.request(method, url, **kwargs) + response.raise_for_status() + except requests.exceptions.SSLError as err: + logging.error("Secure connection failed, verify SSL certificate") +-- +2.25.1 + diff --git a/fence-agents.spec b/fence-agents.spec index 839a711..d54a31c 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -6,7 +6,7 @@ Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.16.0 -Release: 3 +Release: 4 License: GPL-2.0-or-later and LGPL-2.0-or-later Group: System Environment/Base URL: https://github.com/ClusterLabs/fence-agents @@ -16,7 +16,9 @@ Patch1: fence-agents-4.16.0-libxml-2.14.0.patch Patch2: backport-fence_raritan_px3-fix-syntax-warnings.patch Patch3: backport-fence_sbd-get-devices-from-SBD_DEVICE-env-variable-i.patch Patch4: backport-fence_azure_arm-use-azure-identity-instead-of-msrest.patch - +Patch5: backport-azure_fence.py-fix-managed-identity-authentication-6.patch +Patch6: backport-fence_nutanix_ahv-Handle-API-rate-limits-604.patch +Patch7: backport-fence_compute-fence_evacuate-dont-use-deprecated-ins.patch # skipped: pve, raritan, rcd-serial, virsh %global allfenceagents %(cat < - 4.16.0-4 +- azure_fence.py: fix managed identity authentication +- fence_nutanix_ahv: Handle API rate limits +- fence_compute/fence_evacuate: dont use deprecatedinspect.getargspec() + * Mon Oct 20 2025 bizhiyuan - 4.16.0-3 - fence_raritan_px3: fix syntax warnings - fence_sbd: get devices from SBD_DEVICE env variable if devices parameter isnt set -- Gitee