diff --git a/heartbeat/syslog-ng.in b/heartbeat/syslog-ng.in index 77e3b9c1a..47a23f188 100644 --- a/heartbeat/syslog-ng.in +++ b/heartbeat/syslog-ng.in @@ -1,445 +1,467 @@ #!@BASH_SHELL@ # # Description: Manages a syslog-ng instance, provided by NTT OSSC as an # OCF High-Availability resource under Heartbeat/LinuxHA control # # Copyright (c) 2009 NIPPON TELEGRAPH AND TELEPHONE CORPORATION # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # ############################################################################## # OCF parameters: # OCF_RESKEY_syslog_ng_binary : Path to syslog-ng binary. # Default is "/sbin/syslog-ng" # OCF_RESKEY_configfile : Configuration file # OCF_RESKEY_start_opts : Startup options # OCF_RESKEY_kill_term_timeout: Number of seconds to await to confirm a # normal stop method # # Only OCF_RESKEY_configfile must be specified. Each of the rests # has its default value or refers OCF_RESKEY_configfile to make # its value when no explicit value is given. # # Further infomation for setup: # There are sample configurations at the end of this file. # ############################################################################### : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs +# Parameter defaults + +OCF_RESKEY_configfile_default="" +OCF_RESKEY_syslog_ng_binary_default="/sbin/syslog-ng" +OCF_RESKEY_syslog_ng_ctl_default="/sbin/syslog-ng-ctl" +OCF_RESKEY_qdisk_dir_default="" +OCF_RESKEY_control_file_default="" +OCF_RESKEY_persist_file_default="" +OCF_RESKEY_pidfile_default="" +OCF_RESKEY_start_opts_default="" +OCF_RESKEY_kill_term_timeout_default="10" + +: ${OCF_RESKEY_configfile=${OCF_RESKEY_configfile_default}} +: ${OCF_RESKEY_syslog_ng_binary=${OCF_RESKEY_syslog_ng_binary_default}} +: ${OCF_RESKEY_syslog_ng_ctl=${OCF_RESKEY_syslog_ng_ctl_default}} +: ${OCF_RESKEY_qdisk_dir=${OCF_RESKEY_qdisk_dir_default}} +: ${OCF_RESKEY_control_file=${OCF_RESKEY_control_file_default}} +: ${OCF_RESKEY_persist_file=${OCF_RESKEY_persist_file_default}} +: ${OCF_RESKEY_pidfile=${OCF_RESKEY_pidfile_default}} +: ${OCF_RESKEY_start_opts=${OCF_RESKEY_start_opts_default}} +: ${OCF_RESKEY_kill_term_timeout=${OCF_RESKEY_kill_term_timeout_default}} + usage() { cat <<-! usage: $0 action action: start : start a new syslog-ng instance stop : stop the running syslog-ng instance status : return the status of syslog-ng, run or down monitor : return TRUE if the syslog-ng appears to be working. meta-data : show meta data message validate-all: validate the instance parameters ! return $OCF_ERR_UNIMPLEMENTED } metadata_syslog_ng() { cat < 1.0 This script manages a syslog-ng instance as an HA resource. For Premium Edition you should set the following parameters (based on default path being "/opt/syslog-ng"): syslog_ng_binary="/opt/syslog-ng/sbin/syslog-ng" syslog_ng_ctl="/opt/syslog-ng/sbin/syslog-ng-ctl" control_file="/opt/syslog-ng/var/run/syslog-ng.ctl" persist_file="/opt/syslog-ng/var/syslog-ng.persist" pidfile="/opt/syslog-ng/var/run/syslog-ng.pid" Additional parameter for Premium Edition 6 only: qdisk_dir="/opt/syslog-ng/var/" Syslog-ng resource agent This parameter specifies a configuration file for a syslog-ng instance managed by this RA. Configuration file - + This parameter specifies syslog-ng's executable file. syslog-ng executable - + This parameter specifies the path of the syslog-ng-ctl executable file. syslog-ng-ctl executable - + This parameter specifies the directory used for holding disk buffers of syslog-ng (only supported in Premium Edition 6). disk buffer directory (PE6 only) - + This parameter specifies the path, where syslog-ng would place its control socket, through which it can be controlled. process control socket - + This parameter specifies the path for syslog-ng's persist file, which holds persistent information about the mapping of destinations and disk buffers, the internal state of sources, etc. persist file path - + This parameter specifies the path where the pid file of syslog-ng resides. pidfile path - + This parameter specifies startup options for a syslog-ng instance managed by this RA. When no value is given, no startup options is used. Don't use option '-F'. It causes a stuck of a start action. Start options - + On a stop action, a normal stop method(pkill -TERM) is firstly used. And then the confirmation of its completion is waited for the specified seconds by this parameter. The default value is 10. Number of seconds to await to confirm a normal stop method - + END return $OCF_SUCCESS } monitor_syslog_ng() { set -- $(pgrep -f "$PROCESS_PATTERN" 2>/dev/null) case $# in 0) ocf_log debug "No syslog-ng process for $CONFIGFILE" return $OCF_NOT_RUNNING;; 1) return $OCF_SUCCESS;; esac ocf_log warn "Multiple syslog-ng process for $CONFIGFILE" return $OCF_SUCCESS } start_syslog_ng() { monitor_syslog_ng if [[ $? = "$OCF_SUCCESS" ]]; then return $OCF_SUCCESS fi # set -- $SYSLOG_NG_OPTS # ocf_run "$SYSLOG_NG_EXE" -f "$SYSLOG_NG_CONF" "$@" # reduce to this? ocf_run "$SYSLOG_NG_EXE" -f "$CONFIGFILE" $START_OPTS ocf_status=$? if [[ "$ocf_status" != "$OCF_SUCCESS" ]]; then return $OCF_ERR_GENERIC fi while true; do monitor_syslog_ng if [[ $? = "$OCF_SUCCESS" ]]; then return $OCF_SUCCESS fi sleep 1 done } stop_syslog_ng() { if [ -x "$SYSLOG_NG_CTL" ]; then if [ -n "${OCF_RESKEY_control_file}" ] && [ -S "${OCF_RESKEY_control_file}" ]; then "$SYSLOG_NG_CTL" stop "$CONTROL_FILE" CTL_STATUS=$? [ $CTL_STATUS -ne 0 ] && pkill -TERM -f "$PROCESS_PATTERN" else pkill -TERM -f "$PROCESS_PATTERN" fi else pkill -TERM -f "$PROCESS_PATTERN" fi typeset lapse_sec=0 while pgrep -f "$PROCESS_PATTERN" > /dev/null; do sleep 1 lapse_sec=$(( lapse_sec + 1 )) ocf_log debug "stop_syslog_ng[$SYSLOG_NG_NAME]: stop NORM $lapse_sec/$KILL_TERM_TIMEOUT" if [ $lapse_sec -ge $KILL_TERM_TIMEOUT ]; then break fi done # if the process can't be removed, then the following part is # not going to be executed (the RA will be killed by lrmd on # timeout) and the pidfile will remain; don't know if that # has any consequences # 2009/09/18 Nakahira # If the syslog-ng process hangs, syslog-ng RA waits # $KILL_TERM_TIMEOUT seconds. # The stop timeout of RA should be longer than $KILL_TERM_TIMEOUT. lapse_sec=0 while pgrep -f "$PROCESS_PATTERN" > /dev/null; do pkill -KILL -f "$PROCESS_PATTERN" sleep 1 lapse_sec=$(( lapse_sec + 1 )) ocf_log debug "stop_syslog_ng[$SYSLOG_NG_NAME]: suspend syslog_ng by SIGKILL ($lapse_sec/@@@)" done return $OCF_SUCCESS } status_syslog_ng() { # ???? why not monitor and then print running or stopped monitor_syslog_ng rc=$? if [ $rc = $OCF_SUCCESS ]; then echo "Syslog-ng service is running." elif [ $rc = $OCF_NOT_RUNNING ]; then echo "Syslog-ng service is stopped." else echo "Mutiple syslog-ng process for $CONFIGFILE." fi return $rc } validate_all_syslog_ng() { ocf_log info "validate_all_syslog_ng[$SYSLOG_NG_NAME]" return $OCF_SUCCESS } if [[ "$1" = "meta-data" ]]; then metadata_syslog_ng exit $? fi CONFIGFILE="${OCF_RESKEY_configfile}" if [[ -z "$CONFIGFILE" ]]; then ocf_log err "undefined parameter:configfile" exit $OCF_ERR_CONFIGURED fi SYSLOG_NG_NAME=${CONFIGFILE##*/} SYSLOG_NG_NAME=${SYSLOG_NG_NAME%.*} -SYSLOG_NG_EXE="${OCF_RESKEY_syslog_ng_binary:-/sbin/syslog-ng}" +SYSLOG_NG_EXE="${OCF_RESKEY_syslog_ng_binary}" if [[ ! -x "$SYSLOG_NG_EXE" ]]; then ocf_log err "Invalid value:syslog_ng_binary:$SYSLOG_NG_EXE" exit $OCF_ERR_CONFIGURED fi -SYSLOG_NG_CTL="${OCF_RESKEY_syslog_ng_ctl:-/sbin/syslog-ng-ctl}" +SYSLOG_NG_CTL="${OCF_RESKEY_syslog_ng_ctl}" # actually, the pidfile has no function; the status is checked by # testing for a running process only -KILL_TERM_TIMEOUT="${OCF_RESKEY_kill_term_timeout-10}" +KILL_TERM_TIMEOUT="${OCF_RESKEY_kill_term_timeout}" if ! ocf_is_decimal "$KILL_TERM_TIMEOUT"; then ocf_log err "Invalid value:kill_term_timeout:$KILL_TERM_TIMEOUT" exit $OCF_ERR_CONFIGURED fi QDISK_DIR="${OCF_RESKEY_qdisk_dir}" CONTROL_FILE="${OCF_RESKEY_control_file}" PERSIST_FILE="${OCF_RESKEY_persist_file}" PID_FILE="${OCF_RESKEY_pidfile}" EXECUTABLE=$(basename "$SYSLOG_NG_EXE") PROCESS_PATTERN="$EXECUTABLE -f $CONFIGFILE" COMMAND=$1 [ -n "$QDISK_DIR" ] && QDISK_DIR="--qdisk-dir $QDISK_DIR" [ -n "$PERSIST_FILE" ] && PERSIST_FILE="--persist-file $PERSIST_FILE" [ -n "$CONTROL_FILE" ] && CONTROL_FILE="--control $CONTROL_FILE" [ -n "$PID_FILE" ] && PID_FILE="--pidfile $PID_FILE" START_OPTS="${OCF_RESKEY_start_opts} $QDISK_DIR $CONTROL_FILE $PERSIST_FILE $PID_FILE" case "$COMMAND" in start) ocf_log debug "[$SYSLOG_NG_NAME] Enter syslog_ng start" start_syslog_ng func_status=$? ocf_log debug "[$SYSLOG_NG_NAME] Leave syslog_ng start $func_status" exit $func_status ;; stop) ocf_log debug "[$SYSLOG_NG_NAME] Enter syslog_ng stop" stop_syslog_ng func_status=$? ocf_log debug "[$SYSLOG_NG_NAME] Leave syslog_ng stop $func_status" exit $func_status ;; status) status_syslog_ng exit $? ;; monitor) #ocf_log debug "[$SYSLOG_NG_NAME] Enter syslog_ng monitor" monitor_syslog_ng func_status=$? #ocf_log debug "[$SYSLOG_NG_NAME] Leave syslog_ng monitor $func_status" exit $func_status ;; validate-all) validate_all_syslog_ng exit $? ;; *) usage ;; esac # vim: set sw=4 ts=4 : ### A sample snippet of cib.xml for a syslog-ng resource ## # # # # # # # # # # # # ### A sample syslog-ng configuration file for a log collecting host ### ### This sample is for a log collecting host by syslog-ng. ### A syslog-ng process configurated by this sample accepts all messages ### from a certain network. Any message from the network is preserved into ### a file for security infomation. Restricting messages to "authpriv" from ### the network is done on log sending hosts. (See the sample below) ### Any internal message of the syslog-ng process is preserved into its ### dedicated file. And any "authpriv" internal message of the syslog-ng ### process is also preserved into the security infomation file. ### ### Change "f_incoming" to suit your enviroment. ### If you use it as a configuration file for the sample cib.xml above, ### save it into "/etc/syslog-ng/syslog-ng-ext.conf". ## #options { # sync (0); # time_reopen (10); # log_fifo_size (1000); # long_hostnames (off); # use_dns (yes); # use_fqdn (no); # create_dirs (no); # keep_hostname (yes); }; # #source s_internal { internal(); }; #source s_incoming { udp(port(514)); }; #filter f_internal { facility(authpriv); }; #filter f_incoming { netmask("172.20.0.0/255.255.192.0"); }; # #destination d_internal { file("/var/log/syslog-ng-ext.log" perm(0640));}; #destination d_incoming { # file("/var/log/secure-ext.log" create_dirs(yes) perm(0640)); }; # #log { source(s_internal); destination(d_internal); }; #log { source(s_internal); filter(f_internal); destination(d_incoming); }; #log { source(s_incoming); filter(f_incoming); destination(d_incoming); }; ### A sample snippet of syslog-ng configuration file for a log sending host ### ### This sample is for a log sending host that uses syslog-ng. ### ### Replace "syslog-ng-ext" to the IP address or the hostname of your ### log collecting host and append it to "syslog-ng.conf" of each log sending ### host. See the install default syslog-ng.conf to know what "s_sys" and ### "f_auth" are. ## #destination d_outgoing { udp("syslog-ng-ext" port(514)); }; #log { source(s_sys); filter(f_auth); destination(d_outgoing); }; ### A sample snippet of syslog configuration file for a log sending host ### ### This sample is for a log sending host that uses syslog. ### ### Replace "syslog-ng-ext" to the IP address or the hostname of your ### log collecting host and append it to "syslog.conf" of each log sending ### host. ## # authpriv.* @syslog-ng-ext