diff --git a/heartbeat/powervs-subnet.in b/heartbeat/powervs-subnet.in index 83a468e02..84e86c0c4 100755 --- a/heartbeat/powervs-subnet.in +++ b/heartbeat/powervs-subnet.in @@ -1,1109 +1,1109 @@ #!@PYTHON@ -tt # ------------------------------------------------------------------------ # Description: Resource Agent to move a Power Virtual Server subnet # and its IP address from one virtual server instance # to another. # # Authors: Edmund Haefele # Walter Orb # # Copyright (c) 2024 International Business Machines, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ------------------------------------------------------------------------ import ipaddress import json import math import os import re import socket import subprocess import sys import textwrap import time import requests import requests.adapters import urllib3.util OCF_FUNCTIONS_DIR = os.environ.get( "OCF_FUNCTIONS_DIR", "%s/lib/heartbeat" % os.environ.get("OCF_ROOT") ) sys.path.append(OCF_FUNCTIONS_DIR) try: import ocf except ImportError: sys.stderr.write("ImportError: ocf module import failed.") sys.exit(5) class PowerCloudAPIError(Exception): def __init__(self, message, exit_code): ocf.ocf_exit_reason(message) sys.exit(exit_code) class nmcli: """A wrapper class to run nmcli system commands.""" NMCLI_SYSTEM_CMD = ["nmcli", "-t"] CONN_PREFIX = "VIP_" DEV_PREFIX = "env" ROUTING_PRIO = 50 ROUTING_TABLE = ocf.get_parameter("route_table", 500) _WAIT_FOR_NIC_SLEEP = 3 def __init__(self): """Class implements only classmethods or staticmethods, instantiation is not used.""" pass @classmethod def _nmcli_os_cmd(cls, nmcli_args): """run os nmcli command with the specified arguments. Returns the output as a dictionary. """ ocf.logger.debug("_nmcli_os_cmd: args: {}".format(nmcli_args)) output = None try: result = subprocess.run( cls.NMCLI_SYSTEM_CMD + nmcli_args, capture_output=True, text=True, check=True, env={"LANG": "C"}, ) if len(nmcli_args) == 1 or nmcli_args[0] == "-g" or nmcli_args[1] == "show": # return output as dict output = dict( item.split(":", 1) for item in result.stdout.rstrip().splitlines() if ":" in item ) except subprocess.CalledProcessError as e: raise PowerCloudAPIError( f"_nmcli_os_cmd: error executing nmcli: {e.stderr}", ocf.OCF_ERR_GENERIC, ) return output @classmethod def _nmcli_cmd(cls, command, subcommand=None, name=None, **kwargs): """Prepare arguments to call nmcli command.""" ocf.logger.debug( f"_nmcli_cmd: args: command: {command}, subcommand: {subcommand}, name: {name}" ) if command in ["connection", "device"]: nmcli_args = [command] else: raise PowerCloudAPIError( f"_nmcli_cmd: nmcli {command} not implemented", ocf.OCF_ERR_GENERIC, ) if name: if subcommand in ("show", "delete", "down", "up"): nmcli_args += [subcommand, name] elif subcommand == "add": nmcli_args += [subcommand, "type", "ethernet", "con-name", name] else: raise PowerCloudAPIError( f"_nmcli_cmd: nmcli {command} {subcommand} not implemented", ocf.OCF_ERR_GENERIC, ) elif subcommand in ("add", "delete", "down", "up"): raise PowerCloudAPIError( f"_nmcli_cmd: name argument required for nmcli {command} {subcommand}", ocf.OCF_ERR_GENERIC, ) options = kwargs.get("options", {}) for k, v in options.items(): nmcli_args += [k, v] return cls._nmcli_os_cmd(nmcli_args) @classmethod def _nmcli_find(cls, command, match_key, match_value): """Find the network object whose attribute with the specified key matches the specified value.""" ocf.logger.debug( f"_nmcli_find: args: command: {command}, key: {match_key}, value: {match_value}" ) nm_object = None for name in cls._nmcli_cmd(command=command, subcommand="show"): if not re.search(f"({cls.CONN_PREFIX})?{cls.DEV_PREFIX}", name): # check only connections or devices with device prefix in name continue obj_attrs = cls._nmcli_cmd(command=command, subcommand="show", name=name) if re.search(match_value, obj_attrs.get(match_key, "")): ocf.logger.debug(f"_nmcli_find: found match: name: {name}") nm_object = obj_attrs break return nm_object @classmethod def cleanup(cls): """Clean up orphaned Network Manager connections.""" connections = cls._nmcli_os_cmd(["-g", "UUID,NAME,ACTIVE", "connection"]) for uuid in connections: name, active = connections[uuid].split(":") if active == "no" and name.startswith(f"{cls.CONN_PREFIX}{cls.DEV_PREFIX}"): ocf.logger.debug(f"nmcli.cleanup: delete orphaned connection {name}") nmcli.connection.delete(uuid) @classmethod def wait_for_nic(cls, mac, timeout=720): """Wait for a NIC with a given MAC address to become available.""" ocf.logger.debug(f"wait_for_nic: args: mac: {mac}, timeout: {timeout} s") mac_address = mac.upper() retries = math.ceil((timeout * 0.95) / cls._WAIT_FOR_NIC_SLEEP) - 1 for attempt in range(1, retries + 1): try: ocf.logger.debug( f"wait_for_nic: waiting for nic with mac address {mac_address} ..." ) nm_object = cls._nmcli_find("device", "GENERAL.HWADDR", mac_address) if nm_object: break finally: time.sleep(cls._WAIT_FOR_NIC_SLEEP) else: # no break raise PowerCloudAPIError( f"wait_for_nic: timeout while waiting for nic with MAC address {mac_address}", ocf.OCF_ERR_GENERIC, ) nic = nm_object.get("GENERAL.DEVICE") wait_time = (attempt - 1) * cls._WAIT_FOR_NIC_SLEEP ocf.logger.info( f"wait_for_nic: found network device {nic} with MAC address {mac_address} after waiting {wait_time} seconds" ) return nic @classmethod def find_gateway(cls, ip): """Find the gateway address for a given IP.""" ocf.logger.debug(f"find_gateway: args: ip: {ip}") gateway = None ip_address = ip.split("/")[0] dev = cls._nmcli_find("device", "IP4.ADDRESS[1]", ip_address) if dev: # Sample IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 10.10.10.101, mt = 102, table=200 # extract next hop (nh) value ip4_route2 = dict( item.split("=") for item in dev["IP4.ROUTE[2]"].replace(" ", "").split(",") ) gateway = ip4_route2.get("nh", None) return gateway class connection: """Provides methods to run nmcli connection commands.""" @staticmethod def show(name=None, **kwargs): return nmcli._nmcli_cmd("connection", "show", name, **kwargs) @staticmethod def add(name, **kwargs): return nmcli._nmcli_cmd("connection", "add", name, **kwargs) @staticmethod def delete(name, **kwargs): return nmcli._nmcli_cmd("connection", "delete", name, **kwargs) @staticmethod def down(name, **kwargs): return nmcli._nmcli_cmd("connection", "down", name, **kwargs) @staticmethod def up(name, **kwargs): return nmcli._nmcli_cmd("connection", "up", name, **kwargs) @staticmethod def find(match_key, match_value): return nmcli._nmcli_find("connection", match_key, match_value) class device: """Provides methods to run nmcli device commands.""" @staticmethod def show(name=None, **kwargs): return nmcli._nmcli_cmd("device", "show", name, **kwargs) @staticmethod def find(match_key, match_value): return nmcli._nmcli_find("device", match_key, match_value) class PowerCloudAPI: """Provides methods to manage Power Virtual Server resources through its REST API.""" _URL_IAM_GLOBAL = "https://iam.cloud.ibm.com/identity/token" _URL_IAM_PRIVATE = "https://private.iam.cloud.ibm.com/identity/token" _URL_API_PUBLIC = "https://{}.power-iaas.cloud.ibm.com" _URL_API_PRIVATE = "https://private.{}.power-iaas.cloud.ibm.com" _URL_API_BASE = "/pcloud/v1/cloud-instances/{}" _HTTP_MAX_RETRIES = 10 _HTTP_BACKOFF_FACTOR = 0.4 _HTTP_STATUS_FORCE_RETRIES = (500, 502, 503, 504) _HTTP_RETRY_ALLOWED_METHODS = frozenset({"GET", "POST", "DELETE"}) _START_TIME = time.time() _RESOURCE_ACTION_TIMEOUT = int( int(os.environ.get("OCF_RESKEY_CRM_meta_timeout", 7200000)) / 1000 ) def __init__( self, ip="", cidr="", subnet_name="", api_key="", api_type="", region="", crn_host_map="", vsi_host_map="", proxy="", jumbo="", use_remote_workspace=False, ): """Initialize class variables, including the API token, Cloud Resource Name (CRN), IBM Power Cloud API endpoint URL, and HTTP header.""" self._res_options = locals() self._validate_and_set_options() self._set_api_key() self._set_token() self._set_header() self._instance_check_status() self.network_id = self._subnet_search_by_cidr() def _rest_create_session(self): """Create a request session with a retry strategy.""" # Define the retry strategy retry_strategy = urllib3.util.Retry( total=self._HTTP_MAX_RETRIES, # Maximum number of retries status_forcelist=self._HTTP_STATUS_FORCE_RETRIES, # HTTP status codes to retry on allowed_methods=self._HTTP_RETRY_ALLOWED_METHODS, # Allowed methods for retry operation backoff_factor=self._HTTP_BACKOFF_FACTOR, # Sleep for {backoff factor} * (2 ** ({number of previous retries})) ) # Create an HTTP adapter with the retry strategy and mount it to session adapter = requests.adapters.HTTPAdapter(max_retries=retry_strategy) # Create a new session object session = requests.Session() session.mount("https://", adapter) self._session = session return session def _rest_api_call(self, method, resource, **kwargs): """Perform a REST call to the specified URL.""" url = self._url + self._base + resource method = method.upper() ocf.logger.debug(f"_rest_api_call: {method} {resource}") session = self._session or self._rest_create_session() r = session.request( method, url, headers=self._header, proxies=self._proxy, **kwargs ) if not r.ok: raise PowerCloudAPIError( f"_rest_api_call: {method} call {resource} to {url} failed with reason: {r.reason}, status code: {r.status_code}", ocf.OCF_ERR_GENERIC, ) return r.json() def _set_api_key(self): """Store an API key in a class variable. api_key is a string. If the first character of the string is @, the rest of the string is assumed to be the name of a file containing the API key. """ api_key = self._res_options["api_key"] if api_key[0] == "@": api_key_file = api_key[1:] try: with open(api_key_file, "r") as f: # read the API key from a file try: keys = json.loads(f.read()) # data seems to be in json format # return the value of the item with the key 'Apikey' # backward compatibility: In the past, the key name was 'apikey' api_key = keys.get("Apikey", "") if not api_key: api_key = keys.get("apikey", "") except ValueError: # data is text, return as is api_key = f.read().strip() except FileNotFoundError: raise PowerCloudAPIError( f"_set_api_key: API key file '{api_key_file}' not found", ocf.OCF_ERR_ARGS, ) self._api_key = api_key def _set_token(self): """Use the stored API key to obtain an IBM Cloud IAM access token.""" url = self._URL_IAM headers = { "content-type": "application/x-www-form-urlencoded", "accept": "application/json", } data = { "grant_type": "urn:ibm:params:oauth:grant-type:apikey", "apikey": f"{self._api_key}", } token_response = requests.post( url, headers=headers, data=data, proxies=self._proxy ) if token_response.status_code != 200: raise PowerCloudAPIError( f"_set_token: failed to obtain token from IBM Cloud IAM: {token_response.status_code}", ocf.OCF_ERR_GENERIC, ) self._token = json.loads(token_response.text)["access_token"] def _set_header(self): """Set the Cloud Resource Name (CRN), IBM Power Cloud API endpoint URL, and HTTP header.""" self._header = { "Authorization": f"Bearer {self._token}", "CRN": f"{self._crn}", "Content-Type": "application/json", } def _instance_check_status(self): """Check if instance exists in workspace and log the current status.""" resource = f"/pvm-instances/{self.instance_id}" instance = self._rest_api_call("GET", resource) server_name = instance["serverName"] status = instance["status"] health = instance["health"]["status"] if status == "SHUTOFF" or (status == "ACTIVE" and health == "OK"): ocf.logger.debug( f"_instance_check_status: OK server_name: {server_name}, status: {status}, health: {health}" ) else: if not (self._ocf_action == "monitor"): raise PowerCloudAPIError( f"_instance_check_status: FAIL server_name: {server_name}, status: {status}, health: {health}", ocf.OCF_ERR_GENERIC, ) def _instance_subnet_is_attached(self): """Check if a virtual server instance is connected to a specific subnet.""" for net in self._instance_subnet_list(): if self.network_id == net["networkID"]: return True return False def _instance_subnet_get(self): """Obtain information about a particular subnet connected to a virtual server instance.""" resource = f"/pvm-instances/{self.instance_id}/networks/{self.network_id}" response = self._rest_api_call("GET", resource) return response["networks"][0] def _instance_subnet_list(self): """List all subnets connected to a virtual server instance.""" resource = f"/pvm-instances/{self.instance_id}/networks" response = self._rest_api_call("GET", resource) return response["networks"] def _instance_subnet_attach(self): """Attach a subnet to a virtual server instance.""" data = ( f'{{"networkID":"{self.network_id}","ipAddress":"{self.ip}"}}' if self.ip else f'{{"networkID":"{self.network_id}"}}' ) resource = f"/pvm-instances/{self.instance_id}/networks/" _ = self._rest_api_call("POST", resource, data=data) def _instance_subnet_detach(self): """Detach a subnet from a virtual server instance.""" resource = f"/pvm-instances/{self.instance_id}/networks/{self.network_id}" _ = self._rest_api_call("DELETE", resource) def _subnet_create(self): """Create a subnet in the workspace.""" data = ( f'{{"type":"vlan","cidr":"{self.cidr}","mtu":9000,"name":"{self.subnet_name}"}}' if self.jumbo else f'{{"type":"vlan","cidr":"{self.cidr}","name":"{self.subnet_name}"}}' ) resource = "/networks" response = self._rest_api_call("POST", resource, data=data) self.network_id = response["networkID"] def _subnet_delete(self): """Delete a subnet in the workspace.""" resource = f"/networks/{self.network_id}" _ = self._rest_api_call("DELETE", resource) def _subnet_get(self, network_id): """Get information about a specific subnet in the workspace.""" resource = f"/networks/{network_id}" response = self._rest_api_call("GET", resource) return response def _subnet_list(self): """List all subnets in the workspace.""" resource = "/networks/" response = self._rest_api_call("GET", resource) return response def _subnet_search_by_cidr(self): """Find the subnet for a given CIDR.""" for network in self._subnet_list()["networks"]: network_id = network["networkID"] if self.cidr == self._subnet_get(network_id)["cidr"]: return network_id return None def _subnet_port_get_all(self): """Obtain information about the ports for a specific subnet.""" resource = f"/networks/{self.network_id}/ports" response = self._rest_api_call("GET", resource) return response["ports"] def _subnet_port_delete(self, port_id): """Delete an orphaned port for a particular subnet.""" resource = f"/networks/{self.network_id}/ports/{port_id}" _ = self._rest_api_call("DELETE", resource) def _subnet_port_get_reserved(self): """Check if a port is already reserved on the subnet for the IP address.""" for port in self._subnet_port_get_all(): if self.ip == port["ipAddress"]: return port["portID"] return None def _validate_and_set_options(self): """Validate the options of the resource agent and derive class variables from the options.""" self._ocf_action = os.environ.get("__OCF_ACTION") if self._ocf_action is None and len(sys.argv) == 2: self._ocf_action = sys.argv[1] ip = self._res_options["ip"] try: validated_ip = ipaddress.ip_address(ip) except ValueError: raise PowerCloudAPIError( f"_validate_and_set_options: {ip} is not a valid IP address.", ocf.OCF_ERR_CONFIGURED, ) self.ip = ip cidr = self._res_options["cidr"] try: validated_cidr = ipaddress.ip_network(cidr) except ValueError: raise PowerCloudAPIError( f"_validate_and_set_options: {cidr} is not a valid CIDR notation.", ocf.OCF_ERR_CONFIGURED, ) self.cidr = cidr if validated_ip not in validated_cidr: raise PowerCloudAPIError( f"_validate_and_set_options: {ip} is not in {cidr} range.", ocf.OCF_ERR_CONFIGURED, ) subnet_name = self._res_options["subnet_name"] self.subnet_name = subnet_name if subnet_name else self.cidr crn_host_map = self._res_options["crn_host_map"] try: self._crn_host_map = dict( item.split(":", 1) for item in crn_host_map.split(";") ) except ValueError: raise PowerCloudAPIError( f"_validate_and_set_options: crn_host_map: {crn_host_map} has an invalid format.", ocf.OCF_ERR_CONFIGURED, ) self._hostname = os.uname().nodename if self._res_options["use_remote_workspace"]: self._nodename = [k for k in self._crn_host_map if k != self._hostname][0] else: self._nodename = self._hostname if self._nodename not in self._crn_host_map: raise PowerCloudAPIError( f"_validate_and_set_options: {self._nodename} not found in crn_host_map: {crn_host_map}.", ocf.OCF_ERR_ARGS, ) self._crn = self._crn_host_map[self._nodename] try: self._cloud_instance_id = self._crn.split(":")[7] except IndexError: raise PowerCloudAPIError( f"_validate_and_set_options: {self._crn} is not a valid CRN.", ocf.OCF_ERR_CONFIGURED, ) vsi_host_map = self._res_options["vsi_host_map"] try: self._vsi_host_map = dict( item.split(":") for item in vsi_host_map.split(";") ) except ValueError: raise PowerCloudAPIError( f"_validate_and_set_options: Option vsi_host_map: {vsi_host_map} has an invalid format.", ocf.OCF_ERR_CONFIGURED, ) if self._nodename not in self._vsi_host_map: raise PowerCloudAPIError( f"_validate_and_set_options: {self._nodename} not found in vsi_host_map: {vsi_host_map}.", ocf.OCF_ERR_ARGS, ) self.instance_id = self._vsi_host_map[self._nodename] jumbo = self._res_options["jumbo"].lower() if ocf.is_true(jumbo): self.jumbo = True else: if jumbo not in ("no", "false", "0", 0, "nein", "off", False): raise PowerCloudAPIError( f"_validate_and_set_options: option jumbo: {jumbo} does not match True or False.", ocf.OCF_ERR_CONFIGURED, ) self.jumbo = False # Check connect to proxy server self._proxy = "" proxy = self._res_options["proxy"] if proxy: # extract ip address and port match = re.search(r"^https?://([^:]+):(\d+)$", proxy) if match: proxy_ip, proxy_port = match.group(1), match.group(2) try: with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: s.settimeout(30) s.connect((proxy_ip, int(proxy_port))) except socket.error: raise PowerCloudAPIError( f"_validate_and_set_options: cannot connect to port {proxy_port} at {proxy_ip}, check option proxy: {proxy}.", ocf.OCF_ERR_CONFIGURED, ) self._proxy = {"https": f"{proxy}"} else: raise PowerCloudAPIError( f"_validate_and_set_options: the option proxy: {proxy} has an invalid format.", ocf.OCF_ERR_CONFIGURED, ) api_type = self._res_options["api_type"] if api_type not in ("public", "private"): raise PowerCloudAPIError( f"_validate_and_set_options: option api_type: {api_type} does not match public or private.", ocf.OCF_ERR_CONFIGURED, ) # Set API endpoint url url_api_fmt = ( self._URL_API_PRIVATE if api_type == "private" else self._URL_API_PUBLIC ) self._url = url_api_fmt.format(self._res_options["region"]) self._URL_IAM = ( self._URL_IAM_PRIVATE if api_type == "private" else self._URL_IAM_GLOBAL ) self._base = self._URL_API_BASE.format(self._cloud_instance_id) self._session = None def subnet_add(self): """Create and attach subnet in local workspace""" ocf.logger.debug( f"subnet_add: options: ip: {self.ip}, cidr: {self.cidr}, name: {self.subnet_name}" ) if self.network_id: ocf.logger.debug( f"subnet_add: subnet cidr: {self.cidr} already exists with network id: {self.network_id}" ) else: ocf.logger.debug( f"subnet_add: create subnet name: {self.subnet_name} with cidr: {self.cidr} and jumbo: {self.jumbo}" ) self._subnet_create() if self._instance_subnet_is_attached(): ocf.logger.debug( f"subnet_add: subnet id {self.network_id} is already attached to instance id {self.instance_id}" ) else: ocf.logger.debug( f"subnet_add: attach subnet id: {self.network_id} to instance id: {self.instance_id} (IP address {self.ip})" ) self._instance_subnet_attach() subnet = self._subnet_get(self.network_id) gateway = subnet["gateway"] port = self._instance_subnet_get() mac = port["macAddress"] ip_address = port["ipAddress"] self.jumbo = subnet.get("mtu", "") == 9000 timeout = self._RESOURCE_ACTION_TIMEOUT - int(time.time() - self._START_TIME) nic = nmcli.wait_for_nic(mac, timeout) return nic, ip_address, mac, gateway def subnet_remove(self): """Detach and delete subnet in local or remote workspace""" ocf.logger.debug( f"subnet_remove: options: cidr: {self.cidr}, network id: {self.network_id}, instance id: {self.instance_id}" ) if self.network_id: ocf.logger.debug( f"subnet_remove: subnet id: {self.network_id} with cidr: {self.cidr} exists" ) if self._instance_subnet_is_attached(): ocf.logger.debug( f"subnet_remove: subnet id: {self.network_id} is attached to instance id {self.instance_id}" ) port = self._instance_subnet_get() mac = port["macAddress"] dev = nmcli.device.find("GENERAL.HWADDR", mac.upper()) if dev: nm_object = nmcli.connection.find( "GENERAL.IP-IFACE", dev["GENERAL.DEVICE"] ) if nm_object: conn_name = nm_object["connection.id"] ocf.logger.debug( f"stop_action: unconfigure network connection conn_name: {conn_name} with mac address {mac}" ) nmcli.connection.down(conn_name) nmcli.connection.delete(conn_name) ocf.logger.debug( f"subnet_remove: detach network id: {self.network_id} from instance id: {self.instance_id}" ) self._instance_subnet_detach() port_id = self._subnet_port_get_reserved() if port_id: ocf.logger.debug( f"subnet_remove: delete port port_id: {port_id} for subnet network id: {self.network_id}" ) self._subnet_port_delete(port_id) ocf.logger.debug(f"subnet_remove: delete network id: {self.network_id}") self._subnet_delete() def os_ping(ip): """Ping an IP address.""" command = ["ping", "-c", "1", ip] response = subprocess.call(command) return response == 0 def start_action( ip="", cidr="", subnet_name="", api_key="", api_type="", region="", crn_host_map="", vsi_host_map="", proxy="", jumbo="", ): """start_action: assign the service ip. Create a subnet in the workspace, connect it to the virtual server instance, and configure the NIC. """ res_options = locals() ocf.logger.info(f"start_action: options: {res_options}") # Detach and remove subnet in remote workspace remote_ws = PowerCloudAPI(**res_options, use_remote_workspace=True) ocf.logger.debug( f"start_action: remove subnet from remote workspace: cidr: {remote_ws.cidr}" ) remote_ws.subnet_remove() # Delete orphaned Network Manager connections nmcli.cleanup() # Create and attach subnet in local workspace ws = PowerCloudAPI(**res_options) nic, ip_address, mac, gateway = ws.subnet_add() ocf.logger.debug( f"start_action: add nmcli connection: nic: {nic}, ip: {ip_address}, mac: {mac}, gateway: {gateway}, jumbo: {ws.jumbo}, table {nmcli.ROUTING_TABLE}" ) conn_name = f"{nmcli.CONN_PREFIX}{nic}" conn_options = { "ifname": nic, "autoconnect": "no", "ipv4.method": "manual", "ipv4.addresses": ip_address, "ipv4.routes": f"0.0.0.0/0 {gateway} table={nmcli.ROUTING_TABLE}", "ipv4.routing-rules": f"priority {nmcli.ROUTING_PRIO} from {ws.cidr} table {nmcli.ROUTING_TABLE}", } if ws.jumbo: conn_options.update({"802-3-ethernet.mtu": "9000", "ethtool.feature-tso": "on"}) nmcli.connection.add(conn_name, options=conn_options) nmcli.connection.up(conn_name) if monitor_action(**res_options) != ocf.OCF_SUCCESS: raise PowerCloudAPIError(f"start_action: start subnet: {ws.subnet_name} failed") ocf.logger.info( f"start_action: finished, added connection {conn_name} for subnet {ws.subnet_name}" ) return ocf.OCF_SUCCESS def stop_action( ip="", cidr="", subnet_name="", api_key="", api_type="", region="", crn_host_map="", vsi_host_map="", proxy="", jumbo="", ): """stop_action: unassign the service ip. Delete NIC, detach subnet from virtual server instance, and delete subnet. """ res_options = locals() ocf.logger.info(f"stop_action: options: {res_options}") ws = PowerCloudAPI(**res_options) ws.subnet_remove() if monitor_action(**res_options) != ocf.OCF_NOT_RUNNING: raise PowerCloudAPIError(f"stop_action: stop subnet {ws.subnet_name} failed") ocf.logger.info( f"stop_action: finished, deleted connection for subnet {ws.subnet_name}" ) return ocf.OCF_SUCCESS def monitor_action( ip="", cidr="", subnet_name="", api_key="", api_type="", region="", crn_host_map="", vsi_host_map="", proxy="", jumbo="", ): """monitor_action: check if service ip and gateway are responding.""" res_options = locals() is_probe = ocf.is_probe() ocf.logger.debug(f"monitor_action: options: {res_options}, is_probe: {is_probe}") gateway = nmcli.find_gateway(ip) if gateway and os_ping(gateway): if os_ping(ip): ocf.logger.debug( f"monitor_action: ping to gateway: {gateway} and ip: {ip} successful" ) return ocf.OCF_SUCCESS else: raise PowerCloudAPIError( f"monitor_action: ping to ip: {ip} failed", ocf.OCF_ERR_GENERIC ) if not is_probe: ocf.logger.error(f"monitor_action: ping to gateway: {gateway} failed") ws = PowerCloudAPI(**res_options) ocf.logger.debug(f"monitor_action: instance id: {ws.instance_id}") if not ws.network_id or is_probe: return ocf.OCF_NOT_RUNNING # monitor should never reach this code, exit with raise raise PowerCloudAPIError( f"monitor_action: unknown problem with subnet id: {ws.network_id}", ocf.OCF_ERR_GENERIC, ) def validate_all_action( ip="", cidr="", subnet_name="", api_key="", api_type="", region="", crn_host_map="", vsi_host_map="", proxy="", jumbo="", ): """validate_all_action: Validate the resource agent parameters.""" res_options = locals() # The class instantiation validates the resource agent options and that the instance exists try: # Check instance in local workspace _ = PowerCloudAPI(**res_options, use_remote_workspace=False) except Exception: ocf.logger.error( "validate_all_action: failed to instantiate class in local workspace." ) raise try: # Check instance in remote workspace _ = PowerCloudAPI(**res_options, use_remote_workspace=True) except Exception: ocf.logger.error( "validate_all_action: failed to instantiate class in remote workspace." ) raise return ocf.OCF_SUCCESS def main(): """Instantiate the resource agent.""" agent_description = textwrap.dedent("""\ Resource Agent to move a Power Virtual Server subnet and its IP address from one virtual server instance to another. The prerequisites for the use of this resource agent are as follows: 1. Red Hat Enterprise Linux 9.2 or higher: Install with @server group to ensure that NetworkManager settings are correct. Verify that the NetworkManager-config-server package is installed. 2. A two-node cluster that is distributed across two different Power Virtual Server workspaces in two data centers in a region. 3. IBM Cloud API Key: Create a service API key that is privileged for both Power Virtual Server workspaces. Save the service API key in a file and copy the file to both cluster nodes. Use same filename and directory location on both cluster nodes. Reference the path to the key file in the resource definition. For comprehensive documentation on implementing high availability for SAP applications on IBM Power Virtual Server, visit https://cloud.ibm.com/docs/sap?topic=sap-ha-overview. """) agent = ocf.Agent( "powervs-subnet", shortdesc="Manages moving a Power Virtual Server subnet", longdesc=agent_description, version=1.04, ) agent.add_parameter( "ip", shortdesc="IP address", longdesc=( "IP address within the subnet. The IP address moves together with the subnet." ), content_type="string", required=True, ) agent.add_parameter( "cidr", shortdesc="CIDR", longdesc="Classless Inter-Domain Routing (CIDR) of the subnet.", content_type="string", required=True, ) agent.add_parameter( "subnet_name", shortdesc="Name of the subnet", longdesc="Name of the subnet. If not specified, CIDR is used as name.", content_type="string", required=False, ) agent.add_parameter( "api_type", shortdesc="API type", longdesc="Connect to Power Virtual Server regional endpoints over a public or private network (public|private).", content_type="string", - required=True, + required=False, default="private", ) agent.add_parameter( "region", shortdesc="Power Virtual Server region", longdesc=( "Region that represents the geographic area where the instance is located. " "The region is used to identify the Cloud API endpoint." ), content_type="string", required=True, ) agent.add_parameter( "api_key", shortdesc="API Key or @API_KEY_FILE_PATH", longdesc=( "API Key or @API_KEY_FILE_PATH for IBM Cloud access. " "The API key content or the path of an API key file that is indicated by the @ symbol." ), content_type="string", required=True, ) agent.add_parameter( "crn_host_map", shortdesc="Mapping of hostnames to IBM Cloud CRN", longdesc=( "Map the hostname of the Power Virtual Server instance to the CRN of the Power Virtual Server workspaces hosting the instance. " "Separate hostname and CRN with a colon ':', separate different hostname and CRN pairs with a semicolon ';'. " "Example: hostname01:CRN-of-Instance01;hostname02:CRN-of-Instance02" ), content_type="string", required=True, ) agent.add_parameter( "vsi_host_map", shortdesc="Mapping of hostnames to PowerVS instance ids", longdesc=( "Map the hostname of the Power Virtual Server instance to its instance id. " "Separate hostname and instance id with a colon ':', separate different hostname and instance id pairs with a semicolon ';'. " "Example: hostname01:instance-id-01;hostname02:instance-id-02" ), content_type="string", required=True, ) agent.add_parameter( "proxy", shortdesc="Proxy", longdesc="Proxy server to access IBM Cloud API endpoints.", content_type="string", required=False, ) agent.add_parameter( "jumbo", shortdesc="Use Jumbo frames", longdesc="Create a Power Virtual Server subnet with an MTU size of 9000 (true|false).", content_type="string", required=False, default="false", ) agent.add_parameter( "route_table", shortdesc="route table ID", longdesc="ID of the route table for the interface. Default is 500.", content_type="string", required=False, default="500", ) agent.add_action("start", timeout=900, handler=start_action) agent.add_action("stop", timeout=450, handler=stop_action) agent.add_action( "monitor", depth=0, timeout=60, interval=60, handler=monitor_action ) agent.add_action("validate-all", timeout=300, handler=validate_all_action) agent.run() if __name__ == "__main__": main()