From ab1de07902d9f380c10405d6ddac3aeb43838c86 Mon Sep 17 00:00:00 2001
From: Klaus Wenninger <klaus.wenninger@aon.at>
Date: Thu, 28 Jul 2022 15:33:12 +0200
Subject: [PATCH] fence_sbd: improve error handling

basically when using 3 disks be happy with 2 answers
but give it 5s at least to collect all answers
increase default power-timeout to 30s so that waiting
those 5s still allows us to get done sending the
reboot

RHBZ#2033671
---
 agents/sbd/fence_sbd.py           |  77 +++++++++++++--------
 lib/fencing.py.py                 | 109 ++++++++++++++++++++++++++++++
 tests/data/metadata/fence_sbd.xml |   2 +-
 3 files changed, 158 insertions(+), 30 deletions(-)

diff --git a/agents/sbd/fence_sbd.py b/agents/sbd/fence_sbd.py
index 0c876b16e..2b0127d55 100644
--- a/agents/sbd/fence_sbd.py
+++ b/agents/sbd/fence_sbd.py
@@ -5,7 +5,7 @@
 import os
 import atexit
 sys.path.append("@FENCEAGENTSLIBDIR@")
-from fencing import fail_usage, run_command, fence_action, all_opt
+from fencing import fail_usage, run_commands, fence_action, all_opt
 from fencing import atexit_handler, check_input, process_input, show_docs
 from fencing import run_delay
 import itertools
@@ -81,7 +81,7 @@ def check_sbd_device(options, device_path):
 
     cmd = "%s -d %s dump" % (options["--sbd-path"], device_path)
 
-    (return_code, out, err) = run_command(options, cmd)
+    (return_code, out, err) = run_commands(options, [ cmd ])
 
     for line in itertools.chain(out.split("\n"), err.split("\n")):
         if len(line) == 0:
@@ -94,21 +94,35 @@ def check_sbd_device(options, device_path):
 
     return DEVICE_INIT
 
+
 def generate_sbd_command(options, command, arguments=None):
     """Generates a sbd command based on given arguments.
 
     Return Value:
-    generated sbd command (string)
+    generated list of sbd commands (strings) depending
+    on command multiple commands with a device each
+    or a single command with multiple devices
     """
-    cmd = options["--sbd-path"]
+    cmds = []
+
+    if not command in ["list", "dump"]:
+        cmd = options["--sbd-path"]
 
-    # add "-d" for each sbd device
-    for device in parse_sbd_devices(options):
-        cmd += " -d %s" % device
+        # add "-d" for each sbd device
+        for device in parse_sbd_devices(options):
+            cmd += " -d %s" % device
 
-    cmd += " %s %s" % (command, arguments)
+        cmd += " %s %s" % (command, arguments)
+        cmds.append(cmd)
+
+    else:
+        for device in parse_sbd_devices(options):
+            cmd = options["--sbd-path"]
+            cmd += " -d %s" % device
+            cmd += " %s %s" % (command, arguments)
+            cmds.append(cmd)
 
-    return cmd
+    return cmds
 
 def send_sbd_message(conn, options, plug, message):
     """Sends a message to all sbd devices.
@@ -128,7 +142,7 @@ def send_sbd_message(conn, options, plug, message):
     arguments = "%s %s" % (plug, message)
     cmd = generate_sbd_command(options, "message", arguments)
 
-    (return_code, out, err) = run_command(options, cmd)
+    (return_code, out, err) = run_commands(options, cmd)
 
     return (return_code, out, err)
 
@@ -147,7 +161,7 @@ def get_msg_timeout(options):
 
     cmd = generate_sbd_command(options, "dump")
 
-    (return_code, out, err) = run_command(options, cmd)
+    (return_code, out, err) = run_commands(options, cmd)
 
     for line in itertools.chain(out.split("\n"), err.split("\n")):
         if len(line) == 0:
@@ -288,7 +302,7 @@ def get_node_list(conn, options):
 
     cmd = generate_sbd_command(options, "list")
 
-    (return_code, out, err) = run_command(options, cmd)
+    (return_code, out, err) = run_commands(options, cmd)
 
     for line in out.split("\n"):
         if len(line) == 0:
@@ -356,6 +370,7 @@ def main():
 
     all_opt["method"]["default"] = "cycle"
     all_opt["method"]["help"] = "-m, --method=[method]          Method to fence (onoff|cycle) (Default: cycle)"
+    all_opt["power_timeout"]["default"] = "30"
 
     options = check_input(device_opt, process_input(device_opt))
 
@@ -376,23 +391,27 @@ def main():
 
     # We need to check if the provided sbd_devices exists. We need to do
     # that for every given device.
-    for device_path in parse_sbd_devices(options):
-        logging.debug("check device \"%s\"", device_path)
-
-        return_code = check_sbd_device(options, device_path)
-        if PATH_NOT_EXISTS == return_code:
-            logging.error("\"%s\" does not exist", device_path)
-        elif PATH_NOT_BLOCK == return_code:
-            logging.error("\"%s\" is not a valid block device", device_path)
-        elif DEVICE_NOT_INIT == return_code:
-            logging.error("\"%s\" is not initialized", device_path)
-        elif DEVICE_INIT != return_code:
-            logging.error("UNKNOWN error while checking \"%s\"", device_path)
-
-        # If we get any error while checking the device we need to exit at this
-        # point.
-        if DEVICE_INIT != return_code:
-            exit(return_code)
+    # Just for the case we are really rebooting / powering off a device
+    # (pacemaker as well uses the list command to generate a dynamic list)
+    # we leave it to sbd to try and decide if it was successful
+    if not options["--action"] in ["reboot", "off", "list"]:
+        for device_path in parse_sbd_devices(options):
+            logging.debug("check device \"%s\"", device_path)
+
+            return_code = check_sbd_device(options, device_path)
+            if PATH_NOT_EXISTS == return_code:
+                logging.error("\"%s\" does not exist", device_path)
+            elif PATH_NOT_BLOCK == return_code:
+                logging.error("\"%s\" is not a valid block device", device_path)
+            elif DEVICE_NOT_INIT == return_code:
+                logging.error("\"%s\" is not initialized", device_path)
+            elif DEVICE_INIT != return_code:
+                logging.error("UNKNOWN error while checking \"%s\"", device_path)
+
+            # If we get any error while checking the device we need to exit at this
+            # point.
+            if DEVICE_INIT != return_code:
+                exit(return_code)
 
     # we check against the defined timeouts. If the pacemaker timeout is smaller
     # then that defined within sbd we should report this.
diff --git a/lib/fencing.py.py b/lib/fencing.py.py
index b746ede8b..fc3679e33 100644
--- a/lib/fencing.py.py
+++ b/lib/fencing.py.py
@@ -1088,6 +1088,115 @@ def is_executable(path):
 			return True
 	return False
 
+def run_commands(options, commands, timeout=None, env=None, log_command=None):
+	# inspired by psutils.wait_procs (BSD License)
+	def check_gone(proc, timeout):
+		try:
+			returncode = proc.wait(timeout=timeout)
+		except subprocess.TimeoutExpired:
+			pass
+		else:
+			if returncode is not None or not proc.is_running():
+				proc.returncode = returncode
+				gone.add(proc)
+
+	if timeout is None and "--power-timeout" in options:
+		timeout = options["--power-timeout"]
+	if timeout == 0:
+		timeout = None
+	if timeout is not None:
+		timeout = float(timeout)
+
+	time_start = time.time()
+	procs = []
+	status = None
+	pipe_stdout = ""
+	pipe_stderr = ""
+
+	for command in commands:
+		logging.info("Executing: %s\n", log_command or command)
+
+		try:
+			process = subprocess.Popen(shlex.split(command), stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env,
+					# decodes newlines and in python3 also converts bytes to str
+					universal_newlines=(sys.version_info[0] > 2))
+		except OSError:
+			fail_usage("Unable to run %s\n" % command)
+
+		procs.append(process)
+
+	gone = set()
+	alive = set(procs)
+
+	while True:
+		if alive:
+			max_timeout = 2.0 / len(alive)
+			for proc in alive:
+				if timeout is not None:
+					if time.time()-time_start >= timeout:
+						# quickly go over the rest
+						max_timeout = 0
+				check_gone(proc, max_timeout)
+			alive = alive - gone
+
+		if not alive:
+			break
+
+		if time.time()-time_start < 5.0:
+			# give it at least 5s to get a complete answer
+			# afterwards we're OK with a quorate answer
+			continue
+
+		if len(gone) > len(alive):
+			good_cnt = 0
+			for proc in gone:
+				if proc.returncode == 0:
+					good_cnt += 1
+			# a positive result from more than half is fine
+			if good_cnt > len(procs)/2:
+				break
+
+		if timeout is not None:
+			if time.time() - time_start >= timeout:
+				logging.debug("Stop waiting after %s\n", str(timeout))
+				break
+
+	logging.debug("Done: %d gone, %d alive\n", len(gone), len(alive))
+
+	for proc in gone:
+		if (status != 0):
+			status = proc.returncode
+		# hand over the best status we have
+		# but still collect as much stdout/stderr feedback
+		# avoid communicate as we know already process
+		# is gone and it seems to block when there
+		# are D state children we don't get rid off
+		os.set_blocking(proc.stdout.fileno(), False)
+		os.set_blocking(proc.stderr.fileno(), False)
+		try:
+			pipe_stdout += proc.stdout.read()
+		except:
+			pass
+		try:
+			pipe_stderr += proc.stderr.read()
+		except:
+			pass
+		proc.stdout.close()
+		proc.stderr.close()
+
+	for proc in alive:
+		proc.kill()
+
+	if status is None:
+		fail(EC_TIMED_OUT, stop=(int(options.get("retry", 0)) < 1))
+		status = EC_TIMED_OUT
+		pipe_stdout = ""
+		pipe_stderr = "timed out"
+
+	logging.debug("%s %s %s\n", str(status), str(pipe_stdout), str(pipe_stderr))
+
+	return (status, pipe_stdout, pipe_stderr)
+
 def run_command(options, command, timeout=None, env=None, log_command=None):
 	if timeout is None and "--power-timeout" in options:
 		timeout = options["--power-timeout"]
diff --git a/tests/data/metadata/fence_sbd.xml b/tests/data/metadata/fence_sbd.xml
index 516370c40..7248b864a 100644
--- a/tests/data/metadata/fence_sbd.xml
+++ b/tests/data/metadata/fence_sbd.xml
@@ -87,7 +87,7 @@
 	</parameter>
 	<parameter name="power_timeout" unique="0" required="0">
 		<getopt mixed="--power-timeout=[seconds]" />
-		<content type="second" default="20"  />
+		<content type="second" default="30"  />
 		<shortdesc lang="en">Test X seconds for status change after ON/OFF</shortdesc>
 	</parameter>
 	<parameter name="power_wait" unique="0" required="0">