Ubuntu
fence-agents package

Merge ~racb/ubuntu/+source/fence-agents:azure-sdk-15 into ubuntu/+source/fence-agents:ubuntu/jammy-devel

  1. Git
  2. lp:~racb/ubuntu/+source/fence-agents
  3. azure-sdk-15
  4. Merge into ubuntu/jammy-devel
Proposed by Robie Basak
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: Robie Basak
Merged at revision: fbccafd92d04e3e35e0b1fdc36e1638c80d1f35c
Proposed branch: ~racb/ubuntu/+source/fence-agents:azure-sdk-15
Merge into: ubuntu/+source/fence-agents:ubuntu/jammy-devel
Diff against target: 124 lines (+103/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/azure-sdk-15 (+94/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Lucas Kanashiro (community) Approve
Canonical Server Reporter Pending
Review via email: mp+433204@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

I am going to review this one.

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

I did not test the fence agent itself but I guess Robie did it. Going through the patch, it looks sane to me. I noticed part of this patch is also a backport of this other upstream commit:

https://github.com/ClusterLabs/fence-agents/commit/cb1ff52c14451482dc1faf9aa660a8c525097f94

Maybe it is a good idea to also mention it in the DEP-3 headers for future reference.

Other than that LGTM.

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: racb, lucaskanashiro
Uploaders: racb, lucaskanashiro
MP auto-approved

review: Approve
Revision history for this message
Robie Basak (racb) wrote :

> I noticed part of this patch is also a backport of this other upstream commit:

> https://github.com/ClusterLabs/fence-agents/commit/cb1ff52c14451482dc1faf9aa660a8c525097f94

> Maybe it is a good idea to also mention it in the DEP-3 headers for future reference.

Thank you for noticing this! It looks like I neglected to mention this. Actually I think maybe I accidentally got the backport correct because I used a local diff, thinking that there was only one commit that the diff came from when in fact there were two. So I was a bit alarmed and wanted to be sure that I didn't miss anything.

I've checked carefully to confirm that the backport is exactly from these two commits, except for the unused code paths that I removed, and that there are no other commits involved. `git log upstream/main -- agents/azure_arm/fence_azure_arm.py lib/azure_fence.py.py` shows nothing else.

I will add the second commit to the dep3 headers as you suggested.

Thank you for the review!

Revision history for this message
Robie Basak (racb) wrote :

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading fence-agents_4.7.1-1ubuntu8.1.dsc: done.
  Uploading fence-agents_4.7.1-1ubuntu8.1.debian.tar.xz: done.
  Uploading fence-agents_4.7.1-1ubuntu8.1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Robie Basak (racb) wrote :

This did land.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 1fcca07..f515edc 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+fence-agents (4.7.1-1ubuntu8.1) jammy; urgency=medium
7+
8+ * Update the Azure fencing agent (fence_azure_arm) to support Azure
9+ SDK >=15, since this is required by python3-azure in Jammy and this
10+ fence agent doesn't work without this update (LP: #1990316).
11+
12+ -- Robie Basak <robie.basak@ubuntu.com> Wed, 16 Nov 2022 12:11:57 +0000
13+
14 fence-agents (4.7.1-1ubuntu8) jammy; urgency=medium
15
16 * d/curated-agents: add fence_ipmilan and fence_sbd to the -base package.
17diff --git a/debian/patches/azure-sdk-15 b/debian/patches/azure-sdk-15
18new file mode 100644
19index 0000000..75ed29e
20--- /dev/null
21+++ b/debian/patches/azure-sdk-15
22@@ -0,0 +1,94 @@
23+Author: Eike Waldt <waldt@b1-systems.de>
24+Author: Cleber Paiva de Souza <cleber@ssys.com.br>
25+Author: Robie Basak <robie.basak@canonical.com>
26+Origin: backport, https://github.com/ClusterLabs/fence-agents/commit/8d746be92f191aa289f13a3703031c122a5e6cf3
27+Origin: backport, https://github.com/ClusterLabs/fence-agents/commit/cb1ff52c14451482dc1faf9aa660a8c525097f94
28+Bug-Ubuntu: https://launchpad.net/bugs/1990316
29+Description: fence_azure_arm: corrections to support Azure SDK >= 15
30+ [Robie Basak]
31+ A newer version of python3-azure requires changes in the way the API is used;
32+ otherwise the fence agent doesn't work at all. This is a minimal backport of
33+ those changes (two commits) to Jammy. I've removed the conditional code that
34+ falls back to the old API, as we know that in Jammy the new API is available,
35+ and this reduces the number of code paths for which QA may be necessary.
36+Last-Update: 2022-11-16
37+
38+diff --git a/agents/azure_arm/fence_azure_arm.py b/agents/azure_arm/fence_azure_arm.py
39+index 6b1a377..daa4cd0 100755
40+--- a/agents/azure_arm/fence_azure_arm.py
41++++ b/agents/azure_arm/fence_azure_arm.py
42+@@ -115,10 +115,10 @@ def set_power_status(clients, options):
43+
44+ if (options["--action"]=="off"):
45+ logging.info("Poweroff " + vmName + " in resource group " + rgName)
46+- compute_client.virtual_machines.power_off(rgName, vmName, skip_shutdown=True)
47++ compute_client.virtual_machines.begin_power_off(rgName, vmName, skip_shutdown=True)
48+ elif (options["--action"]=="on"):
49+ logging.info("Starting " + vmName + " in resource group " + rgName)
50+- compute_client.virtual_machines.start(rgName, vmName)
51++ compute_client.virtual_machines.begin_start(rgName, vmName)
52+
53+
54+ def define_new_opts():
55+diff --git a/lib/azure_fence.py.py b/lib/azure_fence.py.py
56+index 4e44ca9..87b2d3a 100644
57+--- a/lib/azure_fence.py.py
58++++ b/lib/azure_fence.py.py
59+@@ -286,25 +286,25 @@ def get_azure_credentials(config):
60+ credentials = None
61+ cloud_environment = get_azure_cloud_environment(config)
62+ if config.UseMSI and cloud_environment:
63+- from msrestazure.azure_active_directory import MSIAuthentication
64+- credentials = MSIAuthentication(cloud_environment=cloud_environment)
65++ from azure.identity import ManagedIdentityCredential
66++ credentials = ManagedIdentityCredential(cloud_environment=cloud_environment)
67+ elif config.UseMSI:
68+- from msrestazure.azure_active_directory import MSIAuthentication
69+- credentials = MSIAuthentication()
70++ from azure.identity import ManagedIdentityCredential
71++ credentials = ManagedIdentityCredential()
72+ elif cloud_environment:
73+- from azure.common.credentials import ServicePrincipalCredentials
74+- credentials = ServicePrincipalCredentials(
75++ from azure.identity import ClientSecretCredential
76++ credentials = ClientSecretCredential(
77+ client_id = config.ApplicationId,
78+- secret = config.ApplicationKey,
79+- tenant = config.Tenantid,
80++ client_secret = config.ApplicationKey,
81++ tenant_id = config.Tenantid,
82+ cloud_environment=cloud_environment
83+ )
84+ else:
85+- from azure.common.credentials import ServicePrincipalCredentials
86+- credentials = ServicePrincipalCredentials(
87++ from azure.identity import ClientSecretCredential
88++ credentials = ClientSecretCredential(
89+ client_id = config.ApplicationId,
90+- secret = config.ApplicationKey,
91+- tenant = config.Tenantid
92++ client_secret = config.ApplicationKey,
93++ tenant_id = config.Tenantid
94+ )
95+
96+ return credentials
97+@@ -319,7 +319,8 @@ def get_azure_compute_client(config):
98+ compute_client = ComputeManagementClient(
99+ credentials,
100+ config.SubscriptionId,
101+- base_url=cloud_environment.endpoints.resource_manager
102++ base_url=cloud_environment.endpoints.resource_manager,
103++ credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"]
104+ )
105+ else:
106+ compute_client = ComputeManagementClient(
107+@@ -338,7 +339,8 @@ def get_azure_network_client(config):
108+ network_client = NetworkManagementClient(
109+ credentials,
110+ config.SubscriptionId,
111+- base_url=cloud_environment.endpoints.resource_manager
112++ base_url=cloud_environment.endpoints.resource_manager,
113++ credential_scopes=[cloud_environment.endpoints.resource_manager + "/.default"]
114+ )
115+ else:
116+ network_client = NetworkManagementClient(
117diff --git a/debian/patches/series b/debian/patches/series
118index 3ec598e..01c8c89 100644
119--- a/debian/patches/series
120+++ b/debian/patches/series
121@@ -1,2 +1,3 @@
122 disable-network-access
123 spelling
124+azure-sdk-15

Subscribers

People subscribed via source and target branches