diff --git a/heartbeat/syslog-ng b/heartbeat/syslog-ng index dfca65a4f..66ad9a524 100755 --- a/heartbeat/syslog-ng +++ b/heartbeat/syslog-ng @@ -1,372 +1,367 @@ #!/bin/bash # # Description: Manages a syslog-ng instance, provided by NTT OSSC as an # OCF High-Availability resource under Heartbeat/LinuxHA control # # Copyright (c) 2009 NIPPON TELEGRAPH AND TELEPHONE CORPORATION # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # ############################################################################## # OCF parameters: # OCF_RESKEY_syslog_ng_binary : Path to syslog-ng binary. # Default is "/sbin/syslog-ng" # OCF_RESKEY_configfile : Configuration file # OCF_RESKEY_start_opts : Startup options # OCF_RESKEY_kill_term_timeout: Number of seconds to await to confirm a # normal stop method # # Only OCF_RESKEY_configfile must be specified. Each of the rests # has its default value or refers OCF_RESKEY_configfile to make # its value when no explicit value is given. # # Further infomation for setup: # There are sample configurations at the end of this file. # ############################################################################### : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs usage() { cat <<-! usage: $0 action action: start : start a new syslog-ng instance stop : stop the running syslog-ng instance status : return the status of syslog-ng, run or down monitor : return TRUE if the syslog-ng appears to be working. meta-data : show meta data message validate-all: validate the instance parameters ! return $OCF_ERR_UNIMPLEMENTED } metadata_syslog_ng() { cat < 1.0 This script manages a syslog-ng instance as an HA resource. Syslog-ng resource agent This parameter specifies a configuration file for a syslog-ng instance managed by this RA. Configuration file This parameter specifies syslog-ng's executable file. syslog-ng executable This parameter specifies startup options for a syslog-ng instance managed by this RA. When no value is given, no startup options is used. Don't use option '-F'. It causes a stuck of a start action. Start options On a stop action, a normal stop method(pkill -TERM) is firstly used. And then the confirmation of its completion is waited for the specified seconds by this parameter. The default value is 10. Number of seconds to await to confirm a normal stop method END return $OCF_SUCCESS } monitor_syslog_ng() { set -- $(pgrep -f "$PROCESS_PATTERN" 2>/dev/null) case $# in 0) ocf_log debug "No syslog-ng process for $CONFIGFILE" return $OCF_NOT_RUNNING;; 1) return $OCF_SUCCESS;; esac ocf_log warn "Multiple syslog-ng process for $CONFIGFILE" return $OCF_SUCCESS } start_syslog_ng() { monitor_syslog_ng if [[ $? = "$OCF_SUCCESS" ]]; then return $OCF_SUCCESS fi # set -- $SYSLOG_NG_OPTS # ocf_run "$SYSLOG_NG_EXE" -f "$SYSLOG_NG_CONF" "$@" # reduce to this? ocf_run "$SYSLOG_NG_EXE" -f "$CONFIGFILE" $START_OPTS ocf_status=$? if [[ "$ocf_status" != "$OCF_SUCCESS" ]]; then return $OCF_ERR_GENERIC fi while true; do monitor_syslog_ng if [[ $? = "$OCF_SUCCESS" ]]; then return $OCF_SUCCESS fi sleep 1 done } stop_syslog_ng() { pkill -TERM -f "$PROCESS_PATTERN" typeset lapse_sec=0 while pgrep -f "$PROCESS_PATTERN" > /dev/null; do sleep 1 lapse_sec=$(( lapse_sec + 1 )) ocf_log debug "stop_syslog_ng[$SYSLOG_NG_NAME]: stop NORM $lapse_sec/$KILL_TERM_TIMEOUT" if [ $lapse_sec -ge $KILL_TERM_TIMEOUT ]; then break fi done # if the process can't be removed, then the following part is # not going to be executed (the RA will be killed by lrmd on # timeout) and the pidfile will remain; don't know if that # has any consequences # 2009/09/18 Nakahira # If the syslog-ng process hangs, syslog-ng RA waits # $KILL_TERM_TIMEOUT seconds. # The stop timeout of RA should be longer than $KILL_TERM_TIMEOUT. lapse_sec=0 while pgrep -f "$PROCESS_PATTERN" > /dev/null; do pkill -KILL -f "$PROCESS_PATTERN" sleep 1 lapse_sec=$(( lapse_sec + 1 )) ocf_log debug "stop_syslog_ng[$SYSLOG_NG_NAME]: suspend syslog_ng by SIGKILL ($lapse_sec/@@@)" done return $OCF_SUCCESS } status_syslog_ng() { # ???? why not monitor and then print running or stopped monitor_syslog_ng rc=$? if [ $rc = $OCF_SUCCESS ]; then echo "Syslog-ng service is running." elif [ $rc = $OCF_NOT_RUNNING ]; then echo "Syslog-ng service is stopped." else echo "Mutiple syslog-ng process for $CONFIGFILE." fi return $rc } validate_all_syslog_ng() { ocf_log info "validate_all_syslog_ng[$SYSLOG_NG_NAME]" return $OCF_SUCCESS } if [[ "$1" = "meta-data" ]]; then metadata_syslog_ng exit $? fi CONFIGFILE="${OCF_RESKEY_configfile}" if [[ -z "$CONFIGFILE" ]]; then ocf_log err "undefined parameter:configfile" exit $OCF_ERR_CONFIGURED fi SYSLOG_NG_NAME=${CONFIGFILE##*/} SYSLOG_NG_NAME=${SYSLOG_NG_NAME%.*} -SYSLOG_NG_EXE="${OCF_RESKEY_syslog_ng_binary-/sbin/syslog-ng}" -# why not default to /sbin/syslog-ng? -#if [[ -z "$SYSLOG_NG_EXE" ]]; then -# ocf_log err "Undefined parameter:syslog_ng_binary" -# exit $OCF_ERR_CONFIGURED -#fi +SYSLOG_NG_EXE="${OCF_RESKEY_syslog_ng_binary:-/sbin/syslog-ng}" if [[ ! -x "$SYSLOG_NG_EXE" ]]; then ocf_log err "Invalid value:syslog_ng_binary:$SYSLOG_NG_EXE" exit $OCF_ERR_CONFIGURED fi # actually, the pidfile has no function; the status is checked by # testing for a running process only KILL_TERM_TIMEOUT="${OCF_RESKEY_kill_term_timeout-10}" if ! ocf_is_decimal "$KILL_TERM_TIMEOUT"; then ocf_log err "Invalid value:kill_term_timeout:$KILL_TERM_TIMEOUT" exit $OCF_ERR_CONFIGURED fi START_OPTS=${OCF_RESKEY_start_opts} PROCESS_PATTERN="$SYSLOG_NG_EXE -f $CONFIGFILE" COMMAND=$1 case "$COMMAND" in start) ocf_log debug "[$SYSLOG_NG_NAME] Enter syslog_ng start" start_syslog_ng func_status=$? ocf_log debug "[$SYSLOG_NG_NAME] Leave syslog_ng start $func_status" exit $func_status ;; stop) ocf_log debug "[$SYSLOG_NG_NAME] Enter syslog_ng stop" stop_syslog_ng func_status=$? ocf_log debug "[$SYSLOG_NG_NAME] Leave syslog_ng stop $func_status" exit $func_status ;; status) status_syslog_ng exit $? ;; monitor) #ocf_log debug "[$SYSLOG_NG_NAME] Enter syslog_ng monitor" monitor_syslog_ng func_status=$? #ocf_log debug "[$SYSLOG_NG_NAME] Leave syslog_ng monitor $func_status" exit $func_status ;; validate-all) validate_all_syslog_ng exit $? ;; *) usage ;; esac # vim: set sw=4 ts=4 : ### A sample snippet of cib.xml for a syslog-ng resource ## # # # # # # # # # # # # ### A sample syslog-ng configuration file for a log collecting host ### ### This sample is for a log collecting host by syslog-ng. ### A syslog-ng process configurated by this sample accepts all messages ### from a certain network. Any message from the network is preserved into ### a file for security infomation. Restricting messages to "authpriv" from ### the network is done on log sending hosts. (See the sample below) ### Any internal message of the syslog-ng process is preserved into its ### dedicated file. And any "authpriv" internal message of the syslog-ng ### process is also preserved into the security infomation file. ### ### Change "f_incoming" to suit your enviroment. ### If you use it as a configuration file for the sample cib.xml above, ### save it into "/etc/syslog-ng/syslog-ng-ext.conf". ## #options { # sync (0); # time_reopen (10); # log_fifo_size (1000); # long_hostnames (off); # use_dns (yes); # use_fqdn (no); # create_dirs (no); # keep_hostname (yes); }; # #source s_internal { internal(); }; #source s_incoming { udp(port(514)); }; #filter f_internal { facility(authpriv); }; #filter f_incoming { netmask("172.20.0.0/255.255.192.0"); }; # #destination d_internal { file("/var/log/syslog-ng-ext.log" perm(0640));}; #destination d_incoming { # file("/var/log/secure-ext.log" create_dirs(yes) perm(0640)); }; # #log { source(s_internal); destination(d_internal); }; #log { source(s_internal); filter(f_internal); destination(d_incoming); }; #log { source(s_incoming); filter(f_incoming); destination(d_incoming); }; ### A sample snippet of syslog-ng configuration file for a log sending host ### ### This sample is for a log sending host that uses syslog-ng. ### ### Replace "syslog-ng-ext" to the IP address or the hostname of your ### log collecting host and append it to "syslog-ng.conf" of each log sending ### host. See the install default syslog-ng.conf to know what "s_sys" and ### "f_auth" are. ## #destination d_outgoing { udp("syslog-ng-ext" port(514)); }; #log { source(s_sys); filter(f_auth); destination(d_outgoing); }; ### A sample snippet of syslog configuration file for a log sending host ### ### This sample is for a log sending host that uses syslog. ### ### Replace "syslog-ng-ext" to the IP address or the hostname of your ### log collecting host and append it to "syslog.conf" of each log sending ### host. ## # authpriv.* @syslog-ng-ext