Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-50041

gcp-pd-move: fix TLS_VERSION_1 issue

XMLWordPrintable

    • resource-agents-4.9.0-54.el8_10.3
    • None
    • None
    • ZStream
    • rhel-sst-high-availability
    • ssg_filesystems_storage_and_HA
    • 24
    • 28
    • 5
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Approved Blocker
    • None

      What were you trying to do that didn't work?

      Run the Google Cloud resource agents.

       

      [root@rhel8-1 ~]# OCF_ROOT=/usr/lib/ocf/ OCF_RESKEY_disk_name=oalbrigt-persistent-disk /usr/lib/ocf/resource.d/heartbeat/gcp-pd-move start
Traceback (most recent call last):
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-pd-move", line 382, in <module>
    main()
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-pd-move", line 371, in main
    gcp_pd_move_start()
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-pd-move", line 330, in gcp_pd_move_start
    fetch_data()
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-pd-move", line 326, in fetch_data
    populate_vars()
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-pd-move", line 184, in populate_vars
    PARAMETERS['disk_name'])
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-pd-move", line 243, in get_disk_attached_instances
    return map(get_only_instance_name, get_users_list())
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-pd-move", line 230, in get_users_list
    response = request.execute()
  File "/usr/lib/python3.6/site-packages/oauth2client/_helpers.py", line 133, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/usr/lib/python3.6/site-packages/googleapiclient/http.py", line 844, in execute
    raise HttpError(resp, content, uri=self.uri)
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://compute.googleapis.com/compute/v1/projects/rhel-ha-oalbrigt/aggregated/disks?filter=name%3D%22oalbrigt-persistent-disk%22&alt=json returned "Request is disallowed by organization's constraints/gcp.restrictTLSVersion constraint for 'projects/rhel-ha-oalbrigt' to use service 'compute.googleapis.com' by violated TLS version TLS_VERSION_1.">
[root@rhel8-1 ~] 
[root@rhel8-1 ~]# OCF_ROOT=/usr/lib/ocf/ OCF_RESKEY_ip=10.10.10.200 /usr/lib/ocf/resource.d/heartbeat/gcp-vpc-move-route start
INFO:gcp-vpc-move-route:Bringing up the floating IP 10.10.10.200
WARNING:googleapiclient.http:Encountered 403 Forbidden with reason "forbidden"
Traceback (most recent call last):
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-vpc-move-route", line 491, in <module>
    main()
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-vpc-move-route", line 478, in main
    ip_and_route_start(ctx)
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-vpc-move-route", line 346, in ip_and_route_start
    check_conflicting_routes(ctx)
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-vpc-move-route", line 286, in check_conflicting_routes
    response = request.execute()
  File "/usr/lib/python3.6/site-packages/oauth2client/_helpers.py", line 133, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/usr/lib/python3.6/site-packages/googleapiclient/http.py", line 844, in execute
    raise HttpError(resp, content, uri=self.uri)
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://compute.googleapis.com/compute/v1/projects/rhel-ha-oalbrigt/global/routes?filter=%28destRange+%3D+%2210.10.10.200%2A%22%29+AND+%28network+%3D+%22https%3A%2F%2Fwww.googleapis.com%2Fcompute%2Fv1%2Fprojects%2Frhel-ha-oalbrigt%2Fglobal%2Fnetworks%2Fdefault%22%29+AND+%28name+%21%3D+%22ra-gcp-vpc-move-route%22%29&alt=json returned "Request is disallowed by organization's constraints/gcp.restrictTLSVersion constraint for 'projects/rhel-ha-oalbrigt' to use service 'compute.googleapis.com' by violated TLS version TLS_VERSION_1.">
 
[root@rhel8-1 ~]# OCF_ROOT=/usr/lib/ocf/ OCF_RESKEY_alias_ip=10.142.0.200/32 /usr/lib/ocf/resource.d/heartbeat/gcp-vpc-move-vip start
Traceback (most recent call last):
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-vpc-move-vip", line 466, in <module>
    main()
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-vpc-move-vip", line 456, in main
    gcp_alias_start(ALIAS)
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-vpc-move-vip", line 349, in gcp_alias_start
    hostlist = get_instances_list(project, THIS_VM)
  File "/usr/lib/ocf/resource.d/heartbeat/gcp-vpc-move-vip", line 323, in get_instances_list
    for zone in zones.values():
UnboundLocalError: local variable 'zones' referenced before assignment

      Please provide the package NVR for which bug is seen:

      [root@rhel8-1 ~]# rpm -q resource-agents-gcp
      resource-agents-gcp-4.9.0-16.el8_6.5.x86_64

      How reproducible:

      100%

      Steps to reproduce

      1. Create a Google Cloud resource with any of the agents.
      2.  
      3.  

      Expected results

      Works.

      Actual results

      gcp-pd-move fails on 8.4-8.10 builds, and gcp-vpc-move-route/gcp-vpc-move-vip only fail on 8.4-8.6.

              rhn-engineering-oalbrigt Oyvind Albrigtsen
              rhn-engineering-oalbrigt Oyvind Albrigtsen
              Oyvind Albrigtsen Oyvind Albrigtsen
              Ilias Romanos Ilias Romanos
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: