diff --git a/heartbeat/openstack-cinder-volume b/heartbeat/openstack-cinder-volume index 4cea25f03..9297be4ef 100755 --- a/heartbeat/openstack-cinder-volume +++ b/heartbeat/openstack-cinder-volume @@ -1,313 +1,327 @@ #!/bin/sh # # # OCF resource agent to attach a cinder volume to an instance. # # Copyright (c) 2018 Mathieu GRZYBEK # Based on code of Markus Guertler # All Rights Reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of version 2 of the GNU General Public License as # published by the Free Software Foundation. # # This program is distributed in the hope that it would be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # # Further, this software is distributed without any warranty that it is # free of the rightful claim of any third person regarding infringement # or the like. Any license provided herein, whether implied or # otherwise, applies only to this software file. Patent licenses, if # any, provided herein do not apply to combinations of this program with # other software, or any other product whatsoever. # # You should have received a copy of the GNU General Public License # along with this program; if not, write the Free Software Foundation, # Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA. # ####################################################################### # Initialization: : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs # Defaults OCF_RESKEY_openstackcli_default="/usr/bin/openstack" OCF_RESKEY_volume_local_check_default="true" +OCF_RESKEY_insecure_default="false" : ${OCF_RESKEY_openstackcli=${OCF_RESKEY_openstackcli_default}} : ${OCF_RESKEY_volume_local_check=${OCF_RESKEY_volume_local_check_default}} +: ${OCF_RESKEY_insecure=${OCF_RESKEY_insecure_default}} ####################################################################### USAGE="usage: $0 {start|stop|status|meta-data}"; ############################################################################### ############################################################################### # # Functions # ############################################################################### metadata() { cat < 1.0 Resource Agent to attach a cinder volume to an instance. It relies on attributes given by openstack-info resource agent (openstack_id attribute). Attach a cinder volume Path to command line tools for openstack. Path to Openstack CLI tool This option allows the cluster to monitor the cinder volume presence without calling the API. Monitor cinder volume locally Valid Openstack credentials as openrc file from api_access/openrc. openrc file Cinder volume identifier to use to attach the bloc storage. Volume ID + + +Allow insecure connections + +Allow insecure connections + + + END } +if [ "${OCF_RESKEY_insecure}" = true ]; then + OCF_RESKEY_openstackcli="${OCF_RESKEY_openstackcli} --insecure" +fi + _get_node_id() { node_id=$(${HA_SBIN_DIR}/attrd_updater --query -n openstack_id -N $(crm_node -n) | awk -F= '{gsub("\"","");print $NF}') if ! echo $node_id|grep -P "^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$"; then ocf_exit_reason "openstack_id attribute must be set for node $crm_node" exit $OCF_ERR_CONFIGURED fi } osvol_validate() { check_binary "$OCF_RESKEY_openstackcli" if [ -z "$OCF_RESKEY_openrc" ]; then ocf_exit_reason "openrc parameter not set" return $OCF_ERR_CONFIGURED fi if [ ! -f "$OCF_RESKEY_openrc" ] ; then ocf_exit_reason "openrc file not found" return $OCF_ERR_CONFIGURED fi . $OCF_RESKEY_openrc if ! $OCF_RESKEY_openstackcli volume list|grep -q $OCF_RESKEY_volume_id ; then ocf_exit_reason "volume-id $OCF_RESKEY_volume_id not found" return $OCF_ERR_CONFIGURED fi ${HA_SBIN_DIR}/attrd_updater --query -n openstack_id -N $(crm_node -n) > /dev/null 2>&1 if [ $? -ne 0 ] ; then ocf_log warn "attr_updater failed to get openstack_id attribute of node $OCF_RESOURCE_INSTANCE" return $OCF_ERR_GENERIC fi return $OCF_SUCCESS } osvol_monitor() { local result local node_id local short_volume_id node_id=$(_get_node_id) if ocf_is_true $OCF_RESKEY_volume_local_check ; then # # Is the volue attached? # We check the local devices # short_volume_id=$(echo $OCF_RESKEY_volume_id | awk '{print substr($0, 0, 20)}') if lsblk /dev/disk/by-id/virtio-$short_volume_id 1>/dev/null 2>&1; then return $OCF_SUCCESS else ocf_log warn "$OCF_RESKEY_volume_id is not attached to instance $node_id" return $OCF_NOT_RUNNING fi fi # # Is the volue attached? # We use the API # result=$($OCF_RESKEY_openstackcli volume show \ --column status \ --column attachments \ --format value \ $OCF_RESKEY_volume_id) if echo "$result" | grep -q available ; then ocf_log warn "$OCF_RESKEY_volume_id is not attached to any instance" return $OCF_NOT_RUNNING else export attached_server_id=$(echo $result|head -n1| grep -P -o "'server_id': '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}'"| grep -P -o "[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}") ocf_log info "$OCF_RESKEY_volume_id is attached to instance $attached_server_id" # Compare node_id and the id of the node the volume is attached to if [ "$node_id" != "$attached_server_id" ] ; then ocf_log warn "$OCF_RESKEY_volume_id is not attached to this instance" return $OCF_NOT_RUNNING fi fi return $OCF_SUCCESS } osvol_stop() { local node_id # # Is the volume already attached? # osvol_monitor if [ $? = $OCF_NOT_RUNNING ]; then ocf_log info "Volume $OCF_RESKEY_volume_id already available" return $OCF_SUCCESS fi node_id=$(_get_node_id) # # Detach the volume # if ! $OCF_RESKEY_openstackcli server remove volume $node_id $OCF_RESKEY_volume_id ; then ocf_log error "Couldn't remove volume $OCF_RESKEY_volume_id from instance $node_id" return $OCF_ERR_GENERIC fi ocf_log info "Successfully removed $OCF_RESKEY_volume_id from instance $node_id" return $OCF_SUCCESS } osvol_start() { local node_id # # Is the volume already attached? # osvol_monitor if [ $? = $OCF_SUCCESS ]; then ocf_log info "$OCF_RESKEY_volume_id already attached" return $OCF_SUCCESS fi # # Detach it from another node # TODO: make it optional in case multi-attachment is allowed by Cinder # if [ ! -z $attached_server_id ] ; then if ! $OCF_RESKEY_openstackcli server remove volume $attached_server_id $OCF_RESKEY_volume_id ; then ocf_log error "Couldn't remove volume $OCF_RESKEY_volume_id from instance $attached_server_id" return $OCF_ERR_GENERIC fi fi export attached_server_id="" node_id=$(_get_node_id) # # Attach the volume # $OCF_RESKEY_openstackcli server add volume $node_id $OCF_RESKEY_volume_id if [ $? != $OCF_SUCCESS ]; then ocf_log error "Couldn't add volume $OCF_RESKEY_volume_id to instance $node_id" return $OCF_ERR_GENERIC fi return $OCF_SUCCESS } ############################################################################### # # MAIN # ############################################################################### case $__OCF_ACTION in meta-data) metadata exit $OCF_SUCCESS ;; usage|help) echo $USAGE exit $OCF_SUCCESS ;; esac if ! ocf_is_root; then ocf_log err "You must be root for $__OCF_ACTION operation." exit $OCF_ERR_PERM fi case $__OCF_ACTION in start) osvol_validate || exit $? osvol_start;; stop) osvol_validate || exit $? osvol_stop;; monitor|status) osvol_validate || exit $? osvol_monitor;; validate-all) osvol_validate ;; *) echo $USAGE exit $OCF_ERR_UNIMPLEMENTED ;; esac exit $? diff --git a/heartbeat/openstack-floating-ip b/heartbeat/openstack-floating-ip index 6a0c5bd7b..542861392 100755 --- a/heartbeat/openstack-floating-ip +++ b/heartbeat/openstack-floating-ip @@ -1,276 +1,290 @@ #!/bin/sh # # # OCF resource agent to move a floating address in an Openstack tenant. # # Copyright (c) 2018 Mathieu GRZYBEK # Based on code of Markus Guertler # All Rights Reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of version 2 of the GNU General Public License as # published by the Free Software Foundation. # # This program is distributed in the hope that it would be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # # Further, this software is distributed without any warranty that it is # free of the rightful claim of any third person regarding infringement # or the like. Any license provided herein, whether implied or # otherwise, applies only to this software file. Patent licenses, if # any, provided herein do not apply to combinations of this program with # other software, or any other product whatsoever. # # You should have received a copy of the GNU General Public License # along with this program; if not, write the Free Software Foundation, # Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA. # ####################################################################### # Initialization: : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs # Defaults OCF_RESKEY_openstackcli_default="/usr/bin/openstack" +OCF_RESKEY_insecure_default="false" : ${OCF_RESKEY_openstackcli=${OCF_RESKEY_openstackcli_default}} +: ${OCF_RESKEY_insecure=${OCF_RESKEY_insecure_default}} ####################################################################### USAGE="usage: $0 {start|stop|status|meta-data}"; ############################################################################### ############################################################################### # # Functions # ############################################################################### metadata() { cat < 1.0 Resource Agent to move a floating IP address from an instance to another one. It relies on attributes given by openstack-info resource agent (openstack_ports, openstack_id attributes). The attribute called "openstack_floating_ip" is updated. Move a floating IP Path to command line tools for openstack. Path to Openstack CLI tool Valid Openstack credentials as openrc file from api_access/openrc. openrc file Floating IP Identifier. IP ID Subnet Identifier to use to attach the address. Subnet ID + + +Allow insecure connections + +Allow insecure connections + + + END } +if [ "${OCF_RESKEY_insecure}" = true ]; then + OCF_RESKEY_openstackcli="${OCF_RESKEY_openstackcli} --insecure" +fi + osflip_validate() { check_binary "$OCF_RESKEY_openstackcli" if [ -z "$OCF_RESKEY_openrc" ]; then ocf_exit_reason "openrc parameter not set" return $OCF_ERR_CONFIGURED fi if [ ! -f "$OCF_RESKEY_openrc" ] ; then ocf_exit_reason "openrc file not found" return $OCF_ERR_CONFIGURED fi . $OCF_RESKEY_openrc if ! $OCF_RESKEY_openstackcli floating ip list|grep -q $OCF_RESKEY_ip_id ; then ocf_exit_reason "ip-id $OCF_RESKEY_ip_id not found" return $OCF_ERR_CONFIGURED fi ${HA_SBIN_DIR}/attrd_updater --query -n openstack_ports -N $(crm_node -n) > /dev/null 2>&1 if [ $? -ne 0 ] ; then ocf_log warn "attr_updater failed to get openstack_ports attribute of node $OCF_RESOURCE_INSTANCE" return $OCF_ERR_GENERIC fi return $OCF_SUCCESS } osflip_monitor() { local result local floating_ip local node_port_ids local port local buffer node_port_ids=$(${HA_SBIN_DIR}/attrd_updater --query -n openstack_ports -N $(crm_node -n) \ | awk -F= '{gsub("\"","");print $NF}' \ | tr ',' ' ' \ | awk -F: '{print $NF}') # Is the IP active and attached? result=$($OCF_RESKEY_openstackcli floating ip show \ --column port_id --column floating_ip_address \ --format yaml \ $OCF_RESKEY_ip_id) for port in $node_port_ids ; do if echo $result | grep -q $port ; then floating_ip=$(echo $result | awk '/floating_ip_address/ {print $2}') ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -S status -n openstack_floating_ip -v $floating_ip return $OCF_SUCCESS fi done ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -S state -n openstack_floating_ip ocf_log warn "$OCF_RESKEY_ip_id is not attached to any fixed address" return $OCF_NOT_RUNNING } osflip_stop() { ocf_log info "Bringing down IP address $OCF_RESKEY_ip_id" osflip_monitor if [ $? = $OCF_NOT_RUNNING ]; then ocf_log info "Address $OCF_RESKEY_ip_id already down" return $OCF_SUCCESS fi if ! $OCF_RESKEY_openstackcli floating ip unset --port $OCF_RESKEY_ip_id ; then return $OCF_ERR_GENERIC fi osflip_monitor if [ $? != $OCF_NOT_RUNNING ]; then ocf_log error "Couldn't unset IP address $OCF_RESKEY_ip_id." return $OCF_ERR_GENERIC fi ocf_log info "Successfully brought down $OCF_RESKEY_ip_id" return $OCF_SUCCESS } osflip_start() { local node_port_id local node_port_ids osflip_monitor if [ $? = $OCF_SUCCESS ]; then ocf_log info "$OCF_RESKEY_ip_id already started" return $OCF_SUCCESS fi # Get port_id from subnet_id node_port_ids=$(${HA_SBIN_DIR}/attrd_updater --query -n openstack_ports -N $(crm_node -n) \ | awk '{gsub("value=","") ; gsub("\"","") ; print $NF}') node_port_id=$(echo $node_port_ids \ | tr ',' '\n' \ | awk -F: "/$OCF_RESKEY_subnet_id/ {print \$2}") ocf_log info "Moving IP address $OCF_RESKEY_ip_id to port ID $node_port_id" $OCF_RESKEY_openstackcli floating ip set --port $node_port_id $OCF_RESKEY_ip_id if [ $? != $OCF_SUCCESS ]; then ocf_log error "$OCF_RESKEY_ip_id Cannot be set to port $node_port_id" return $OCF_ERR_GENERIC fi osflip_monitor if [ $? != $OCF_SUCCESS ]; then ocf_log error "$OCF_RESKEY_ip_id Cannot be set to port $node_port_id" return $OCF_ERR_GENERIC fi ocf_log info "Successfully brought up $OCF_RESKEY_ip_id" return $OCF_SUCCESS } ############################################################################### # # MAIN # ############################################################################### case $__OCF_ACTION in meta-data) metadata exit $OCF_SUCCESS ;; usage|help) echo $USAGE exit $OCF_SUCCESS ;; esac if ! ocf_is_root; then ocf_log err "You must be root for $__OCF_ACTION operation." exit $OCF_ERR_PERM fi case $__OCF_ACTION in start) osflip_validate || exit $? osflip_start;; stop) osflip_validate || exit $? osflip_stop;; monitor) osflip_validate || exit $? osflip_monitor;; validate-all) osflip_validate ;; *) echo $USAGE exit $OCF_ERR_UNIMPLEMENTED ;; esac exit $? diff --git a/heartbeat/openstack-info.in b/heartbeat/openstack-info.in index 53215ed2e..f96f148aa 100755 --- a/heartbeat/openstack-info.in +++ b/heartbeat/openstack-info.in @@ -1,290 +1,304 @@ #!/bin/sh # # # OCF resource agent to set attributes from Openstack instance details. # It records (in the CIB) various attributes of a node # # Copyright (c) 2018 Mathieu Grzybek # All Rights Reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of version 2 of the GNU General Public License as # published by the Free Software Foundation. # # This program is distributed in the hope that it would be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # # Further, this software is distributed without any warranty that it is # free of the rightful claim of any third person regarding infringement # or the like. Any license provided herein, whether implied or # otherwise, applies only to this software file. Patent licenses, if # any, provided herein do not apply to combinations of this program with # other software, or any other product whatsoever. # # You should have received a copy of the GNU General Public License # along with this program; if not, write the Free Software Foundation, # Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA. # ####################################################################### # Initialization: : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs # Defaults OCF_RESKEY_pidfile_default="$HA_RSCTMP/OSInfo-${OCF_RESOURCE_HOSTNAME}" OCF_RESKEY_delay_default="0" OCF_RESKEY_clone_default="0" OCF_RESKEY_curlcli_default="/usr/bin/curl" OCF_RESKEY_openstackcli_default="/usr/bin/openstack" OCF_RESKEY_pythoncli_default="@PYTHON@" +OCF_RESKEY_insecure_default="false" : ${OCF_RESKEY_curlcli=${OCF_RESKEY_curlcli_default}} : ${OCF_RESKEY_openstackcli=${OCF_RESKEY_openstackcli_default}} : ${OCF_RESKEY_pythoncli=${OCF_RESKEY_pythoncli_default}} : ${OCF_RESKEY_pidfile=${OCF_RESKEY_pidfile_default}} : ${OCF_RESKEY_delay=${OCF_RESKEY_delay_default}} : ${OCF_RESKEY_clone=${OCF_RESKEY_clone_default}} +: ${OCF_RESKEY_insecure=${OCF_RESKEY_insecure_default}} ####################################################################### meta_data() { cat < 1.0 OCF resource agent to set attributes from Openstack instance details. It records (in the CIB) various attributes of a node. Sample output: openstack_az : nova openstack_flavor : c1.small openstack_id : 60ac4343-5828-49b1-8aac-7c69b1417f31 openstack_ports : 7960d889-9750-4160-bf41-c69a41ad72d9:96530d18-57a3-4718-af32-30f2a74c22a2,b0e55a06-bd75-468d-8baa-22cfeb65799f:a55ae917-8016-4b1e-8ffa-04311b9dc7d6 The layout of openstack_ports is a comma-separated list of tuples "subnet_id:port_id". Records various node attributes in the CIB PID file PID file Interval to allow values to stabilize Dampening Delay Valid Openstack credentials as openrc file from api_access/openrc. openrc file Path to command line cURL binary. Path to cURL binary Path to command line tools for openstack. Path to Openstack CLI tool Path to command line Python interpreter. Path to Python interpreter + + +Allow insecure connections + +Allow insecure connections + + + END } ####################################################################### +if [ "${OCF_RESKEY_insecure}" = true ]; then + OCF_RESKEY_openstackcli="${OCF_RESKEY_openstackcli} --insecure" +fi + OSInfoStats() { local result local value local node local node_id . $OCF_RESKEY_openrc # Nova data: server ID node_id=$($OCF_RESKEY_curlcli \ -s http://169.254.169.254/openstack/latest/meta_data.json | $OCF_RESKEY_pythoncli -m json.tool | grep -P '\"uuid\": \".*\",$' | grep -P -o '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}') if [ $? -ne 0 ] ; then ocf_exit_reason "Cannot find server ID" exit $OCF_ERR_GENERIC fi ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n openstack_id -v "$node_id" # Nova data: flavor value=$($OCF_RESKEY_openstackcli server show \ --format value \ --column flavor \ $node_id) ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n openstack_flavor -v "$value" # Nova data: availability zone value=$($OCF_RESKEY_openstackcli server show \ --format value \ --column OS-EXT-AZ:availability_zone \ $node_id) ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n openstack_az -v "$value" # Network data: ports value="" for port_id in $($OCF_RESKEY_openstackcli port list \ --format value \ --column id \ --server $node_id); do subnet_id=$($OCF_RESKEY_openstackcli port show \ --format json \ --column fixed_ips \ ${port_id} | grep -P '\"subnet_id\": \".*\",$' | grep -P -o '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}') value+="${subnet_id}:${port_id}," done value=$(echo ${value} | sed -e 's/,$//g') ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n openstack_ports -v "$value" if [ ! -z "$OS_REGION_NAME" ] ; then ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n openstack_region -v "$OS_REGION_NAME" fi if [ ! -z "$OS_TENANT_ID" ] ; then ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n openstack_tenant_id -v "$OS_TENANT_ID" if [ ! -z "$OS_TENANT_NAME" ] ; then ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n openstack_tenant_name -v "$OS_TENANT_NAME" fi else ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n openstack_project_id -v "$OS_PROJECT_ID" if [ ! -z "$OS_PROJECT_NAME" ] ; then ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -n openstack_project_name -v "$OS_PROJECT_NAME" fi fi } OSInfo_usage() { cat < $OCF_RESKEY_pidfile OSInfoStats exit $OCF_SUCCESS } OSInfo_stop() { rm -f $OCF_RESKEY_pidfile ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n openstack_id ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n openstack_flavor ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n openstack_az ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n openstack_ports ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n openstack_region ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n openstack_tenant_id ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n openstack_tenant_name ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n openstack_project_id ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -n openstack_project_name exit $OCF_SUCCESS } OSInfo_monitor() { if [ -f "$OCF_RESKEY_pidfile" ] ; then OSInfoStats exit $OCF_RUNNING fi exit $OCF_NOT_RUNNING } OSInfo_validate() { check_binary "$OCF_RESKEY_curlcli" check_binary "$OCF_RESKEY_openstackcli" check_binary "$OCF_RESKEY_pythoncli" if [ -z "$OCF_RESKEY_openrc" ]; then ocf_exit_reason "openrc parameter not set" return $OCF_ERR_CONFIGURED fi if [ ! -f "$OCF_RESKEY_openrc" ] ; then ocf_exit_reason "openrc file not found" return $OCF_ERR_CONFIGURED fi return $OCF_SUCCESS } if [ $# -ne 1 ]; then OSInfo_usage exit $OCF_ERR_ARGS fi if [ x != x${OCF_RESKEY_delay} ]; then OCF_RESKEY_delay="-d ${OCF_RESKEY_delay}" fi case $__OCF_ACTION in meta-data) meta_data exit $OCF_SUCCESS ;; start) OSInfo_validate || exit $? OSInfo_start ;; stop) OSInfo_stop ;; monitor) OSInfo_monitor ;; validate-all) OSInfo_validate ;; usage|help) OSInfo_usage exit $OCF_SUCCESS ;; *) OSInfo_usage exit $OCF_ERR_UNIMPLEMENTED ;; esac exit $? diff --git a/heartbeat/openstack-virtual-ip b/heartbeat/openstack-virtual-ip index d96705fdf..ee8951980 100755 --- a/heartbeat/openstack-virtual-ip +++ b/heartbeat/openstack-virtual-ip @@ -1,280 +1,294 @@ #!/bin/sh # # # OCF resource agent to move a virtual address in an Openstack tenant. # # Copyright (c) 2018 Mathieu GRZYBEK # Based on code of Markus Guertler # All Rights Reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of version 2 of the GNU General Public License as # published by the Free Software Foundation. # # This program is distributed in the hope that it would be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # # Further, this software is distributed without any warranty that it is # free of the rightful claim of any third person regarding infringement # or the like. Any license provided herein, whether implied or # otherwise, applies only to this software file. Patent licenses, if # any, provided herein do not apply to combinations of this program with # other software, or any other product whatsoever. # # You should have received a copy of the GNU General Public License # along with this program; if not, write the Free Software Foundation, # Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA. # ####################################################################### # Initialization: : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs # Defaults OCF_RESKEY_openstackcli_default="/usr/bin/openstack" +OCF_RESKEY_insecure_default="false" : ${OCF_RESKEY_openstackcli=${OCF_RESKEY_openstackcli_default}} +: ${OCF_RESKEY_insecure=${OCF_RESKEY_insecure_default}} ####################################################################### USAGE="usage: $0 {start|stop|status|meta-data}"; ############################################################################### ############################################################################### # # Functions # ############################################################################### metadata() { cat < 1.0 Resource Agent to move a virtual IP address from an instance to another one by adding an allowed-address pair associated with an instance port. It relies on attributes given by openstack-info resource agent (openstack_ports, openstack_id attributes). The attribute called "openstack_virtual_ip" is updated. Move a virtual IP Path to command line tools for openstack. Path to Openstack CLI tool Valid Openstack credentials as openrc file from api_access/openrc. openrc file Virtual IP Address. IP Address Subnet Identifier to use to attach the address. Subnet ID + + +Allow insecure connections + +Allow insecure connections + + + END } +if [ "${OCF_RESKEY_insecure}" = true ]; then + OCF_RESKEY_openstackcli="${OCF_RESKEY_openstackcli} --insecure" +fi + osvip_port_id() { # Get port_id from subnet_id node_port_ids=$(${HA_SBIN_DIR}/attrd_updater --query -n openstack_ports -N $(crm_node -n) \ | awk '{gsub("value=","") ; gsub("\"","") ; print $NF}') node_port_id=$(echo $node_port_ids \ | tr ',' '\n' \ | awk -F: "/$OCF_RESKEY_subnet_id/ {print \$2}") echo ${node_port_id} } osvip_validate() { check_binary "$OCF_RESKEY_openstackcli" if [ -z "$OCF_RESKEY_openrc" ]; then ocf_exit_reason "openrc parameter not set" return $OCF_ERR_CONFIGURED fi if [ ! -f "$OCF_RESKEY_openrc" ] ; then ocf_exit_reason "openrc file not found" return $OCF_ERR_CONFIGURED fi . $OCF_RESKEY_openrc ${HA_SBIN_DIR}/attrd_updater --query -n openstack_ports -N $(crm_node -n) > /dev/null 2>&1 if [ $? -ne 0 ] ; then ocf_log warn "attr_updater failed to get openstack_ports attribute of node $OCF_RESOURCE_INSTANCE" return $OCF_ERR_GENERIC fi return $OCF_SUCCESS } osvip_monitor() { local result node_port_id=$(osvip_port_id) result=$($OCF_RESKEY_openstackcli port show \ --format value \ --column allowed_address_pairs \ ${node_port_id}) if echo $result | grep -q $OCF_RESKEY_ip ; then ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -S status -n openstack_virtual_ip -v $OCF_RESKEY_ip return $OCF_SUCCESS fi ${HA_SBIN_DIR}/attrd_updater ${OCF_RESKEY_delay} -D -S state -n openstack_virtual_ip ocf_log warn "$OCF_RESKEY_ip is not attached to any fixed address" return $OCF_NOT_RUNNING } osvip_stop() { node_port_id=$(osvip_port_id) ocf_log info "Bringing down IP address $OCF_RESKEY_ip" osvip_monitor if [ $? = $OCF_NOT_RUNNING ]; then ocf_log info "Address $OCF_RESKEY_ip already down" return $OCF_SUCCESS fi mac_address=$($OCF_RESKEY_openstackcli port show \ --format value \ --column mac_address \ $node_port_id) echo ${mac_address} | grep -q -P "^([0-9a-f]{2}:){5}[0-9a-f]{2}$" if [ $? -ne 0 ]; then ocf_log error "MAC address '${mac_address}' is not valid." return $OCF_ERR_GENERIC fi if ! $OCF_RESKEY_openstackcli port unset \ --allowed-address \ ip-address=$OCF_RESKEY_ip,mac-address=${mac_address} \ $node_port_id; then return $OCF_ERR_GENERIC fi osvip_monitor if [ $? != $OCF_NOT_RUNNING ]; then ocf_log error "Couldn't unset IP address $OCF_RESKEY_ip." return $OCF_ERR_GENERIC fi ocf_log info "Successfully brought down $OCF_RESKEY_ip" return $OCF_SUCCESS } osvip_start() { node_port_id=$(osvip_port_id) osvip_monitor if [ $? = $OCF_SUCCESS ]; then ocf_log info "$OCF_RESKEY_ip already started" return $OCF_SUCCESS fi ocf_log info "Moving IP address $OCF_RESKEY_ip to port ID $node_port_id" $OCF_RESKEY_openstackcli port set \ --allowed-address ip-address=$OCF_RESKEY_ip \ $node_port_id if [ $? != $OCF_SUCCESS ]; then ocf_log error "$OCF_RESKEY_ip Cannot be set to port $node_port_id" return $OCF_ERR_GENERIC fi osvip_monitor if [ $? != $OCF_SUCCESS ]; then ocf_log error "$OCF_RESKEY_ip Cannot be set to port $node_port_id" return $OCF_ERR_GENERIC fi ocf_log info "Successfully brought up $OCF_RESKEY_ip" return $OCF_SUCCESS } ############################################################################### # # MAIN # ############################################################################### case $__OCF_ACTION in meta-data) metadata exit $OCF_SUCCESS ;; usage|help) echo $USAGE exit $OCF_SUCCESS ;; esac if ! ocf_is_root; then ocf_log err "You must be root for $__OCF_ACTION operation." exit $OCF_ERR_PERM fi case $__OCF_ACTION in start) osvip_validate || exit $? osvip_start;; stop) osvip_validate || exit $? osvip_stop;; monitor) osvip_validate || exit $? osvip_monitor;; validate-all) osvip_validate ;; *) echo $USAGE exit $OCF_ERR_UNIMPLEMENTED ;; esac exit $?