|
|
05afe3 |
diff -uNr a/doc/man/Makefile.am b/doc/man/Makefile.am
|
|
|
05afe3 |
--- a/doc/man/Makefile.am 2018-06-27 13:22:31.576628598 +0200
|
|
|
05afe3 |
+++ b/doc/man/Makefile.am 2018-06-27 13:47:15.902753673 +0200
|
|
|
05afe3 |
@@ -75,6 +75,8 @@
|
|
|
05afe3 |
ocf_heartbeat_ManageRAID.7 \
|
|
|
05afe3 |
ocf_heartbeat_ManageVE.7 \
|
|
|
05afe3 |
ocf_heartbeat_NodeUtilization.7 \
|
|
|
05afe3 |
+ ocf_heartbeat_nova-compute-wait.7 \
|
|
|
05afe3 |
+ ocf_heartbeat_NovaEvacuate.7 \
|
|
|
05afe3 |
ocf_heartbeat_Pure-FTPd.7 \
|
|
|
05afe3 |
ocf_heartbeat_Raid1.7 \
|
|
|
05afe3 |
ocf_heartbeat_Route.7 \
|
|
|
05afe3 |
diff -uNr a/heartbeat/Makefile.am b/heartbeat/Makefile.am
|
|
|
05afe3 |
--- a/heartbeat/Makefile.am 2018-06-27 13:22:31.574628625 +0200
|
|
|
05afe3 |
+++ b/heartbeat/Makefile.am 2018-06-27 13:46:23.621453631 +0200
|
|
|
05afe3 |
@@ -29,6 +29,8 @@
|
|
|
05afe3 |
|
|
|
05afe3 |
ocfdir = $(OCF_RA_DIR_PREFIX)/heartbeat
|
|
|
05afe3 |
|
|
|
05afe3 |
+ospdir = $(OCF_RA_DIR_PREFIX)/openstack
|
|
|
05afe3 |
+
|
|
|
05afe3 |
dtddir = $(datadir)/$(PACKAGE_NAME)
|
|
|
05afe3 |
dtd_DATA = ra-api-1.dtd metadata.rng
|
|
|
05afe3 |
|
|
|
05afe3 |
@@ -50,6 +52,9 @@
|
|
|
05afe3 |
IPv6addr_LDADD = -lplumb $(LIBNETLIBS)
|
|
|
05afe3 |
send_ua_LDADD = $(LIBNETLIBS)
|
|
|
05afe3 |
|
|
|
05afe3 |
+osp_SCRIPTS = nova-compute-wait \
|
|
|
05afe3 |
+ NovaEvacuate
|
|
|
05afe3 |
+
|
|
|
05afe3 |
ocf_SCRIPTS = AoEtarget \
|
|
|
05afe3 |
AudibleAlarm \
|
|
|
05afe3 |
ClusterMon \
|
|
|
05afe3 |
diff -uNr a/heartbeat/nova-compute-wait b/heartbeat/nova-compute-wait
|
|
|
05afe3 |
--- a/heartbeat/nova-compute-wait 1970-01-01 01:00:00.000000000 +0100
|
|
|
05afe3 |
+++ b/heartbeat/nova-compute-wait 2018-06-27 13:27:15.166830889 +0200
|
|
|
05afe3 |
@@ -0,0 +1,317 @@
|
|
|
05afe3 |
+#!/bin/sh
|
|
|
05afe3 |
+# Copyright 2015 Red Hat, Inc.
|
|
|
05afe3 |
+#
|
|
|
05afe3 |
+# Description: Manages compute daemons
|
|
|
05afe3 |
+#
|
|
|
05afe3 |
+# Authors: Andrew Beekhof
|
|
|
05afe3 |
+#
|
|
|
05afe3 |
+# Support: openstack@lists.openstack.org
|
|
|
05afe3 |
+# License: Apache Software License (ASL) 2.0
|
|
|
05afe3 |
+#
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+#######################################################################
|
|
|
05afe3 |
+# Initialization:
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+###
|
|
|
05afe3 |
+: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
|
|
|
05afe3 |
+. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
|
|
|
05afe3 |
+###
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+: ${__OCF_ACTION=$1}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+#######################################################################
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+meta_data() {
|
|
|
05afe3 |
+ cat <
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<resource-agent name="nova-compute-wait" version="1.0">
|
|
|
05afe3 |
+<version>1.0</version>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+OpenStack Nova Compute Server.
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">OpenStack Nova Compute Server</shortdesc>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameters>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="auth_url" unique="0" required="1">
|
|
|
05afe3 |
+<longdesc lang="en">Deprecated - do not use anymore.</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Deprecated - do not use anymore</shortdesc>
|
|
|
05afe3 |
+<content type="string" default="" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="username" unique="0" required="1">
|
|
|
05afe3 |
+<longdesc lang="en">Deprecated - do not use anymore.</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Deprecated - do not use anymore</shortdesc>
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="password" unique="0" required="1">
|
|
|
05afe3 |
+<longdesc lang="en">Deprecated - do not use anymore.</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Deprecated - do not use anymore</shortdesc>
|
|
|
05afe3 |
+<content type="string" default="" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="tenant_name" unique="0" required="1">
|
|
|
05afe3 |
+<longdesc lang="en">Deprecated - do not use anymore.</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Deprecated - do not use anymore</shortdesc>
|
|
|
05afe3 |
+<content type="string" default="" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="domain" unique="0" required="0">
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+DNS domain in which hosts live, useful when the cluster uses short names and nova uses FQDN
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">DNS domain</shortdesc>
|
|
|
05afe3 |
+<content type="string" default="" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="endpoint_type" unique="0" required="0">
|
|
|
05afe3 |
+<longdesc lang="en">Deprecated - do not use anymore.</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Deprecated - do not use anymore</shortdesc>
|
|
|
05afe3 |
+<content type="string" default="" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="no_shared_storage" unique="0" required="0">
|
|
|
05afe3 |
+<longdesc lang="en">Deprecated - do not use anymore.</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Deprecated - do not use anymore</shortdesc>
|
|
|
05afe3 |
+<content type="boolean" default="0" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="evacuation_delay" unique="0" required="0">
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+How long to wait for nova to finish evacuating instances elsewhere
|
|
|
05afe3 |
+before starting nova-compute. Only used when the agent detects
|
|
|
05afe3 |
+evacuations might be in progress.
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+You may need to increase the start timeout when increasing this value.
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Delay to allow evacuations time to complete</shortdesc>
|
|
|
05afe3 |
+<content type="integer" default="120" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+</parameters>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<actions>
|
|
|
05afe3 |
+<action name="start" timeout="600" />
|
|
|
05afe3 |
+<action name="stop" timeout="300" />
|
|
|
05afe3 |
+<action name="monitor" timeout="20" interval="10" depth="0"/>
|
|
|
05afe3 |
+<action name="validate-all" timeout="20" />
|
|
|
05afe3 |
+<action name="meta-data" timeout="5" />
|
|
|
05afe3 |
+</actions>
|
|
|
05afe3 |
+</resource-agent>
|
|
|
05afe3 |
+END
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+#######################################################################
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+# don't exit on TERM, to test that lrmd makes sure that we do exit
|
|
|
05afe3 |
+trap sigterm_handler TERM
|
|
|
05afe3 |
+sigterm_handler() {
|
|
|
05afe3 |
+ ocf_log info "They use TERM to bring us down. No such luck."
|
|
|
05afe3 |
+ return
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+nova_usage() {
|
|
|
05afe3 |
+ cat <
|
|
|
05afe3 |
+usage: $0 {start|stop|monitor|validate-all|meta-data}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+Expects to have a fully populated OCF RA-compliant environment set.
|
|
|
05afe3 |
+END
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+nova_start() {
|
|
|
05afe3 |
+ build_unfence_overlay
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ state=$(attrd_updater -p -n evacuate -N ${NOVA_HOST} | sed -e 's/.*value=//' | tr -d '"' )
|
|
|
05afe3 |
+ if [ "x$state" = x ]; then
|
|
|
05afe3 |
+ : never been fenced
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ elif [ "x$state" = xno ]; then
|
|
|
05afe3 |
+ : has been evacuated, however it could have been 1s ago
|
|
|
05afe3 |
+ ocf_log info "Pausing to give evacuations from ${NOVA_HOST} time to complete"
|
|
|
05afe3 |
+ sleep ${OCF_RESKEY_evacuation_delay}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ else
|
|
|
05afe3 |
+ while [ "x$state" != "xno" ]; do
|
|
|
05afe3 |
+ ocf_log info "Waiting for pending evacuations from ${NOVA_HOST}"
|
|
|
05afe3 |
+ state=$(attrd_updater -p -n evacuate -N ${NOVA_HOST} | sed -e 's/.*value=//' | tr -d '"' )
|
|
|
05afe3 |
+ sleep 5
|
|
|
05afe3 |
+ done
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ ocf_log info "Pausing to give evacuations from ${NOVA_HOST} time to complete"
|
|
|
05afe3 |
+ sleep ${OCF_RESKEY_evacuation_delay}
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ touch "$statefile"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ return $OCF_SUCCESS
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+nova_stop() {
|
|
|
05afe3 |
+ rm -f "$statefile"
|
|
|
05afe3 |
+ return $OCF_SUCCESS
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+nova_monitor() {
|
|
|
05afe3 |
+ if [ ! -f "$statefile" ]; then
|
|
|
05afe3 |
+ return $OCF_NOT_RUNNING
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ return $OCF_SUCCESS
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+nova_notify() {
|
|
|
05afe3 |
+ return $OCF_SUCCESS
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+build_unfence_overlay() {
|
|
|
05afe3 |
+ fence_options=""
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -z "${OCF_RESKEY_auth_url}" ]; then
|
|
|
05afe3 |
+ candidates=$(/usr/sbin/stonith_admin -l ${NOVA_HOST})
|
|
|
05afe3 |
+ for candidate in ${candidates}; do
|
|
|
05afe3 |
+ pcs stonith show $d | grep -q fence_compute
|
|
|
05afe3 |
+ if [ $? = 0 ]; then
|
|
|
05afe3 |
+ ocf_log info "Unfencing nova based on: $candidate"
|
|
|
05afe3 |
+ fence_auth=$(pcs stonith show $candidate | grep Attributes: | sed -e s/Attributes:// -e s/-/_/g -e 's/[^ ]\+=/OCF_RESKEY_\0/g' -e s/passwd/password/g)
|
|
|
05afe3 |
+ eval "export $fence_auth"
|
|
|
05afe3 |
+ break
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ done
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ # Copied from NovaEvacuate
|
|
|
05afe3 |
+ if [ -z "${OCF_RESKEY_auth_url}" ]; then
|
|
|
05afe3 |
+ ocf_exit_reason "auth_url not configured"
|
|
|
05afe3 |
+ exit $OCF_ERR_CONFIGURED
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ fence_options="${fence_options} -k ${OCF_RESKEY_auth_url}"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -z "${OCF_RESKEY_username}" ]; then
|
|
|
05afe3 |
+ ocf_exit_reason "username not configured"
|
|
|
05afe3 |
+ exit $OCF_ERR_CONFIGURED
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ fence_options="${fence_options} -l ${OCF_RESKEY_username}"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -z "${OCF_RESKEY_password}" ]; then
|
|
|
05afe3 |
+ ocf_exit_reason "password not configured"
|
|
|
05afe3 |
+ exit $OCF_ERR_CONFIGURED
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ fence_options="${fence_options} -p ${OCF_RESKEY_password}"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -z "${OCF_RESKEY_tenant_name}" ]; then
|
|
|
05afe3 |
+ ocf_exit_reason "tenant_name not configured"
|
|
|
05afe3 |
+ exit $OCF_ERR_CONFIGURED
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ fence_options="${fence_options} -t ${OCF_RESKEY_tenant_name}"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -n "${OCF_RESKEY_domain}" ]; then
|
|
|
05afe3 |
+ fence_options="${fence_options} -d ${OCF_RESKEY_domain}"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -n "${OCF_RESKEY_region_name}" ]; then
|
|
|
05afe3 |
+ fence_options="${fence_options} \
|
|
|
05afe3 |
+ --region-name ${OCF_RESKEY_region_name}"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -n "${OCF_RESKEY_insecure}" ]; then
|
|
|
05afe3 |
+ if ocf_is_true "${OCF_RESKEY_insecure}"; then
|
|
|
05afe3 |
+ fence_options="${fence_options} --insecure"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -n "${OCF_RESKEY_no_shared_storage}" ]; then
|
|
|
05afe3 |
+ if ocf_is_true "${OCF_RESKEY_no_shared_storage}"; then
|
|
|
05afe3 |
+ fence_options="${fence_options} --no-shared-storage"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -n "${OCF_RESKEY_endpoint_type}" ]; then
|
|
|
05afe3 |
+ case ${OCF_RESKEY_endpoint_type} in
|
|
|
05afe3 |
+ adminURL|publicURL|internalURL)
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+ *)
|
|
|
05afe3 |
+ ocf_exit_reason "endpoint_type ${OCF_RESKEY_endpoint_type}" \
|
|
|
05afe3 |
+ "not valid. Use adminURL or publicURL or internalURL"
|
|
|
05afe3 |
+ exit $OCF_ERR_CONFIGURED
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+ esac
|
|
|
05afe3 |
+ fence_options="${fence_options} -e ${OCF_RESKEY_endpoint_type}"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ mkdir -p /run/systemd/system/openstack-nova-compute.service.d
|
|
|
05afe3 |
+ cat<<EOF>/run/systemd/system/openstack-nova-compute.service.d/unfence-20.conf
|
|
|
05afe3 |
+[Service]
|
|
|
05afe3 |
+ExecStartPost=/sbin/fence_compute ${fence_options} -o on -n ${NOVA_HOST}
|
|
|
05afe3 |
+EOF
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+nova_validate() {
|
|
|
05afe3 |
+ rc=$OCF_SUCCESS
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ check_binary crudini
|
|
|
05afe3 |
+ check_binary nova-compute
|
|
|
05afe3 |
+ check_binary fence_compute
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ ! -f /etc/nova/nova.conf ]; then
|
|
|
05afe3 |
+ ocf_exit_reason "/etc/nova/nova.conf not found"
|
|
|
05afe3 |
+ exit $OCF_ERR_CONFIGURED
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ # Is the state directory writable?
|
|
|
05afe3 |
+ state_dir=$(dirname $statefile)
|
|
|
05afe3 |
+ touch "$state_dir/$$"
|
|
|
05afe3 |
+ if [ $? != 0 ]; then
|
|
|
05afe3 |
+ ocf_exit_reason "Invalid state directory: $state_dir"
|
|
|
05afe3 |
+ return $OCF_ERR_ARGS
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ rm -f "$state_dir/$$"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ NOVA_HOST=$(crudini --get /etc/nova/nova.conf DEFAULT host 2>/dev/null)
|
|
|
05afe3 |
+ if [ $? = 1 ]; then
|
|
|
05afe3 |
+ short_host=$(uname -n | awk -F. '{print $1}')
|
|
|
05afe3 |
+ if [ "x${OCF_RESKEY_domain}" != x ]; then
|
|
|
05afe3 |
+ NOVA_HOST=${short_host}.${OCF_RESKEY_domain}
|
|
|
05afe3 |
+ else
|
|
|
05afe3 |
+ NOVA_HOST=$(uname -n)
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ $rc != $OCF_SUCCESS ]; then
|
|
|
05afe3 |
+ exit $rc
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ return $rc
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+statefile="${HA_RSCTMP}/${OCF_RESOURCE_INSTANCE}.active"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+: ${OCF_RESKEY_evacuation_delay=120}
|
|
|
05afe3 |
+case $__OCF_ACTION in
|
|
|
05afe3 |
+meta-data) meta_data
|
|
|
05afe3 |
+ exit $OCF_SUCCESS
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+usage|help) nova_usage
|
|
|
05afe3 |
+ exit $OCF_SUCCESS
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+esac
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+case $__OCF_ACTION in
|
|
|
05afe3 |
+start) nova_validate; nova_start;;
|
|
|
05afe3 |
+stop) nova_stop;;
|
|
|
05afe3 |
+monitor) nova_validate; nova_monitor;;
|
|
|
05afe3 |
+notify) nova_notify;;
|
|
|
05afe3 |
+validate-all) exit $OCF_SUCCESS;;
|
|
|
05afe3 |
+*) nova_usage
|
|
|
05afe3 |
+ exit $OCF_ERR_UNIMPLEMENTED
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+esac
|
|
|
05afe3 |
+rc=$?
|
|
|
05afe3 |
+ocf_log debug "${OCF_RESOURCE_INSTANCE} $__OCF_ACTION : $rc"
|
|
|
05afe3 |
+exit $rc
|
|
|
05afe3 |
+
|
|
|
05afe3 |
diff -uNr a/heartbeat/NovaEvacuate b/heartbeat/NovaEvacuate
|
|
|
05afe3 |
--- a/heartbeat/NovaEvacuate 1970-01-01 01:00:00.000000000 +0100
|
|
|
05afe3 |
+++ b/heartbeat/NovaEvacuate 2018-06-27 13:27:18.835781756 +0200
|
|
|
05afe3 |
@@ -0,0 +1,388 @@
|
|
|
05afe3 |
+#!/bin/sh
|
|
|
05afe3 |
+#
|
|
|
05afe3 |
+# Copyright 2015 Red Hat, Inc.
|
|
|
05afe3 |
+#
|
|
|
05afe3 |
+# Description: Manages evacuation of nodes running nova-compute
|
|
|
05afe3 |
+#
|
|
|
05afe3 |
+# Authors: Andrew Beekhof
|
|
|
05afe3 |
+#
|
|
|
05afe3 |
+# Support: openstack@lists.openstack.org
|
|
|
05afe3 |
+# License: Apache Software License (ASL) 2.0
|
|
|
05afe3 |
+#
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+#######################################################################
|
|
|
05afe3 |
+# Initialization:
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+###
|
|
|
05afe3 |
+: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
|
|
|
05afe3 |
+. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
|
|
|
05afe3 |
+###
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+: ${__OCF_ACTION=$1}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+#######################################################################
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+meta_data() {
|
|
|
05afe3 |
+ cat <
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<resource-agent name="NovaEvacuate" version="1.0">
|
|
|
05afe3 |
+<version>1.0</version>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+Facility for tacking a list of compute nodes and reliably evacuating the ones that fence_evacuate has flagged.
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Evacuator for OpenStack Nova Compute Server</shortdesc>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameters>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="auth_url" unique="0" required="1">
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+Authorization URL for connecting to keystone in admin context
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Authorization URL</shortdesc>
|
|
|
05afe3 |
+<content type="string" default="" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="username" unique="0" required="1">
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+Username for connecting to keystone in admin context
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Username</shortdesc>
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="password" unique="0" required="1">
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+Password for connecting to keystone in admin context
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Password</shortdesc>
|
|
|
05afe3 |
+<content type="string" default="" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="tenant_name" unique="0" required="1">
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+Tenant name for connecting to keystone in admin context.
|
|
|
05afe3 |
+Note that with Keystone V3 tenant names are only unique within a domain.
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Keystone v2 Tenant or v3 Project Name</shortdesc>
|
|
|
05afe3 |
+<content type="string" default="" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="user_domain" unique="0" required="1">
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+User's domain name. Used when authenticating to Keystone.
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Keystone v3 User Domain</shortdesc>
|
|
|
05afe3 |
+<content type="string" default="" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="project_domain" unique="0" required="1">
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+Domain name containing project. Used when authenticating to Keystone.
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Keystone v3 Project Domain</shortdesc>
|
|
|
05afe3 |
+<content type="string" default="" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="endpoint_type" unique="0" required="0">
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+Nova API location (internal, public or admin URL)
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Nova API location (internal, public or admin URL)</shortdesc>
|
|
|
05afe3 |
+<content type="string" default="" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="region_name" unique="0" required="0">
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+Region name for connecting to nova.
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Region name</shortdesc>
|
|
|
05afe3 |
+<content type="string" default="" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="insecure" unique="0" required="0">
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+Explicitly allow client to perform "insecure" TLS (https) requests.
|
|
|
05afe3 |
+The server's certificate will not be verified against any certificate authorities.
|
|
|
05afe3 |
+This option should be used with caution.
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Allow insecure TLS requests</shortdesc>
|
|
|
05afe3 |
+<content type="boolean" default="0" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="no_shared_storage" unique="0" required="0">
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+Disable shared storage recovery for instances. Use at your own risk!
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Disable shared storage recovery for instances</shortdesc>
|
|
|
05afe3 |
+<content type="boolean" default="0" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<parameter name="verbose" unique="0" required="0">
|
|
|
05afe3 |
+<longdesc lang="en">
|
|
|
05afe3 |
+Enable extra logging from the evacuation process
|
|
|
05afe3 |
+</longdesc>
|
|
|
05afe3 |
+<shortdesc lang="en">Enable debug logging</shortdesc>
|
|
|
05afe3 |
+<content type="boolean" default="0" />
|
|
|
05afe3 |
+</parameter>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+</parameters>
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+<actions>
|
|
|
05afe3 |
+<action name="start" timeout="20" />
|
|
|
05afe3 |
+<action name="stop" timeout="20" />
|
|
|
05afe3 |
+<action name="monitor" timeout="600" interval="10" depth="0"/>
|
|
|
05afe3 |
+<action name="validate-all" timeout="20" />
|
|
|
05afe3 |
+<action name="meta-data" timeout="5" />
|
|
|
05afe3 |
+</actions>
|
|
|
05afe3 |
+</resource-agent>
|
|
|
05afe3 |
+END
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+#######################################################################
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+# don't exit on TERM, to test that lrmd makes sure that we do exit
|
|
|
05afe3 |
+trap sigterm_handler TERM
|
|
|
05afe3 |
+sigterm_handler() {
|
|
|
05afe3 |
+ ocf_log info "They use TERM to bring us down. No such luck."
|
|
|
05afe3 |
+ return
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+evacuate_usage() {
|
|
|
05afe3 |
+ cat <
|
|
|
05afe3 |
+usage: $0 {start|stop|monitor|validate-all|meta-data}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+Expects to have a fully populated OCF RA-compliant environment set.
|
|
|
05afe3 |
+END
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+evacuate_stop() {
|
|
|
05afe3 |
+ rm -f "$statefile"
|
|
|
05afe3 |
+ return $OCF_SUCCESS
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+evacuate_start() {
|
|
|
05afe3 |
+ touch "$statefile"
|
|
|
05afe3 |
+ # Do not invole monitor here so that the start timeout can be low
|
|
|
05afe3 |
+ return $?
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+update_evacuation() {
|
|
|
05afe3 |
+ attrd_updater -p -n evacuate -Q -N ${1} -v ${2}
|
|
|
05afe3 |
+ arc=$?
|
|
|
05afe3 |
+ if [ ${arc} != 0 ]; then
|
|
|
05afe3 |
+ ocf_log warn "Can not set evacuation state of ${1} to ${2}: ${arc}"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ return ${arc}
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+handle_evacuations() {
|
|
|
05afe3 |
+ while [ $# -gt 0 ]; do
|
|
|
05afe3 |
+ node=$1
|
|
|
05afe3 |
+ state=$2
|
|
|
05afe3 |
+ shift; shift;
|
|
|
05afe3 |
+ need_evacuate=0
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ case $state in
|
|
|
05afe3 |
+ "")
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+ no)
|
|
|
05afe3 |
+ ocf_log debug "$node is either fine or already handled"
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+ yes) need_evacuate=1
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+ *@*)
|
|
|
05afe3 |
+ where=$(echo $state | awk -F@ '{print $1}')
|
|
|
05afe3 |
+ when=$(echo $state | awk -F@ '{print $2}')
|
|
|
05afe3 |
+ now=$(date +%s)
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ $(($now - $when)) -gt 60 ]; then
|
|
|
05afe3 |
+ ocf_log info "Processing partial evacuation of $node by $where at $when"
|
|
|
05afe3 |
+ need_evacuate=1
|
|
|
05afe3 |
+ else
|
|
|
05afe3 |
+ # Give some time for any in-flight evacuations to either complete or fail
|
|
|
05afe3 |
+ # Nova won't react well if there are two overlapping requests
|
|
|
05afe3 |
+ ocf_log info "Deferring processing partial evacuation of $node by $where at $when"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+ esac
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ $need_evacuate = 1 ]; then
|
|
|
05afe3 |
+ fence_agent="fence_compute"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if have_binary fence_evacuate
|
|
|
05afe3 |
+ then
|
|
|
05afe3 |
+ fence_agent="fence_evacuate"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ ocf_log notice "Initiating evacuation of $node with $fence_agent"
|
|
|
05afe3 |
+ $fence_agent ${fence_options} -o status -n ${node}
|
|
|
05afe3 |
+ if [ $? = 1 ]; then
|
|
|
05afe3 |
+ ocf_log info "Nova does not know about ${node}"
|
|
|
05afe3 |
+ # Dont mark as no because perhaps nova is unavailable right now
|
|
|
05afe3 |
+ continue
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ update_evacuation ${node} "$(uname -n)@$(date +%s)"
|
|
|
05afe3 |
+ if [ $? != 0 ]; then
|
|
|
05afe3 |
+ return $OCF_SUCCESS
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ $fence_agent ${fence_options} -o off -n $node
|
|
|
05afe3 |
+ rc=$?
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ $rc = 0 ]; then
|
|
|
05afe3 |
+ update_evacuation ${node} no
|
|
|
05afe3 |
+ ocf_log notice "Completed evacuation of $node"
|
|
|
05afe3 |
+ else
|
|
|
05afe3 |
+ ocf_log warn "Evacuation of $node failed: $rc"
|
|
|
05afe3 |
+ update_evacuation ${node} yes
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ done
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ return $OCF_SUCCESS
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+evacuate_monitor() {
|
|
|
05afe3 |
+ if [ ! -f "$statefile" ]; then
|
|
|
05afe3 |
+ return $OCF_NOT_RUNNING
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ handle_evacuations $(
|
|
|
05afe3 |
+ attrd_updater -n evacuate -A |
|
|
|
05afe3 |
+ sed 's/ value=""/ value="no"/' |
|
|
|
05afe3 |
+ tr '="' ' ' |
|
|
|
05afe3 |
+ awk '{print $4" "$6}'
|
|
|
05afe3 |
+ )
|
|
|
05afe3 |
+ return $OCF_SUCCESS
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+evacuate_validate() {
|
|
|
05afe3 |
+ rc=$OCF_SUCCESS
|
|
|
05afe3 |
+ fence_options=""
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if ! have_binary fence_evacuate; then
|
|
|
05afe3 |
+ check_binary fence_compute
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ # Is the state directory writable?
|
|
|
05afe3 |
+ state_dir=$(dirname $statefile)
|
|
|
05afe3 |
+ touch "$state_dir/$$"
|
|
|
05afe3 |
+ if [ $? != 0 ]; then
|
|
|
05afe3 |
+ ocf_exit_reason "Invalid state directory: $state_dir"
|
|
|
05afe3 |
+ return $OCF_ERR_ARGS
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ rm -f "$state_dir/$$"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -z "${OCF_RESKEY_auth_url}" ]; then
|
|
|
05afe3 |
+ ocf_exit_reason "auth_url not configured"
|
|
|
05afe3 |
+ exit $OCF_ERR_CONFIGURED
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ fence_options="${fence_options} -k ${OCF_RESKEY_auth_url}"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -z "${OCF_RESKEY_username}" ]; then
|
|
|
05afe3 |
+ ocf_exit_reason "username not configured"
|
|
|
05afe3 |
+ exit $OCF_ERR_CONFIGURED
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ fence_options="${fence_options} -l ${OCF_RESKEY_username}"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -z "${OCF_RESKEY_password}" ]; then
|
|
|
05afe3 |
+ ocf_exit_reason "password not configured"
|
|
|
05afe3 |
+ exit $OCF_ERR_CONFIGURED
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ fence_options="${fence_options} -p ${OCF_RESKEY_password}"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -z "${OCF_RESKEY_tenant_name}" ]; then
|
|
|
05afe3 |
+ ocf_exit_reason "tenant_name not configured"
|
|
|
05afe3 |
+ exit $OCF_ERR_CONFIGURED
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ fence_options="${fence_options} -t ${OCF_RESKEY_tenant_name}"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -n "${OCF_RESKEY_user_domain}" ]; then
|
|
|
05afe3 |
+ fence_options="${fence_options} -u ${OCF_RESKEY_user_domain}"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -n "${OCF_RESKEY_project_domain}" ]; then
|
|
|
05afe3 |
+ fence_options="${fence_options} -P ${OCF_RESKEY_project_domain}"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -n "${OCF_RESKEY_region_name}" ]; then
|
|
|
05afe3 |
+ fence_options="${fence_options} \
|
|
|
05afe3 |
+ --region-name ${OCF_RESKEY_region_name}"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -n "${OCF_RESKEY_insecure}" ]; then
|
|
|
05afe3 |
+ if ocf_is_true "${OCF_RESKEY_insecure}"; then
|
|
|
05afe3 |
+ fence_options="${fence_options} --insecure"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -n "${OCF_RESKEY_no_shared_storage}" ]; then
|
|
|
05afe3 |
+ if ocf_is_true "${OCF_RESKEY_no_shared_storage}"; then
|
|
|
05afe3 |
+ fence_options="${fence_options} --no-shared-storage"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -n "${OCF_RESKEY_verbose}" ]; then
|
|
|
05afe3 |
+ if ocf_is_true "${OCF_RESKEY_verbose}"; then
|
|
|
05afe3 |
+ fence_options="${fence_options} --verbose"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ -n "${OCF_RESKEY_endpoint_type}" ]; then
|
|
|
05afe3 |
+ case ${OCF_RESKEY_endpoint_type} in
|
|
|
05afe3 |
+ adminURL|publicURL|internalURL) ;;
|
|
|
05afe3 |
+ *)
|
|
|
05afe3 |
+ ocf_exit_reason "endpoint_type ${OCF_RESKEY_endpoint_type} not valid. Use adminURL or publicURL or internalURL"
|
|
|
05afe3 |
+ exit $OCF_ERR_CONFIGURED
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+ esac
|
|
|
05afe3 |
+ fence_options="${fence_options} -e ${OCF_RESKEY_endpoint_type}"
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+ if [ $rc != $OCF_SUCCESS ]; then
|
|
|
05afe3 |
+ exit $rc
|
|
|
05afe3 |
+ fi
|
|
|
05afe3 |
+ return $rc
|
|
|
05afe3 |
+}
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+statefile="${HA_RSCTMP}/${OCF_RESOURCE_INSTANCE}.active"
|
|
|
05afe3 |
+
|
|
|
05afe3 |
+case $__OCF_ACTION in
|
|
|
05afe3 |
+ start)
|
|
|
05afe3 |
+ evacuate_validate
|
|
|
05afe3 |
+ evacuate_start
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+ stop)
|
|
|
05afe3 |
+ evacuate_stop
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+ monitor)
|
|
|
05afe3 |
+ evacuate_validate
|
|
|
05afe3 |
+ evacuate_monitor
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+ meta-data)
|
|
|
05afe3 |
+ meta_data
|
|
|
05afe3 |
+ exit $OCF_SUCCESS
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+ usage|help)
|
|
|
05afe3 |
+ evacuate_usage
|
|
|
05afe3 |
+ exit $OCF_SUCCESS
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+ validate-all)
|
|
|
05afe3 |
+ exit $OCF_SUCCESS
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+ *)
|
|
|
05afe3 |
+ evacuate_usage
|
|
|
05afe3 |
+ exit $OCF_ERR_UNIMPLEMENTED
|
|
|
05afe3 |
+ ;;
|
|
|
05afe3 |
+esac
|
|
|
05afe3 |
+rc=$?
|
|
|
05afe3 |
+ocf_log debug "${OCF_RESOURCE_INSTANCE} $__OCF_ACTION : $rc"
|
|
|
05afe3 |
+exit $rc
|