#!/bin/bash # # # OpenStack Network Service (nova-network) (replaced by Neutron in Havana) # # Description: Manages an OpenStack Network Service (nova-network) process as an HA resource # # Authors: Sebastien Han & Emilien Macchi # Mainly inspired by the Nova Scheduler resource agent written by Sebastien Han : http://goo.gl/s8hOU # Which are also inspired by the resource agents written by Martin Gerhard Loschwitz from Hastexo: http://goo.gl/whLpr # # Support: openstack@lists.launchpad.net # License: Apache Software License (ASL) 2.0 # # # See usage() function below for more details ... # # OCF instance parameters: # OCF_RESKEY_binary # OCF_RESKEY_config # OCF_RESKEY_user # OCF_RESKEY_password # OCF_RESKEY_tenant # OCF_RESKEY_region # OCF_RESKEY_auth_url # OCF_RESKEY_pid # OCF_RESKEY_amqp_server_port # OCF_RESKEY_zeromq # OCF_RESKEY_additional_parameters ####################################################################### # Initialization: : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs ####################################################################### # Fill in some defaults if no values are specified PATH=/bin:/sbin:/usr/bin:/usr/sbin OCF_RESKEY_binary_default="nova-network" OCF_RESKEY_config_default="/etc/nova/nova.conf" OCF_RESKEY_user_default="nova" OCF_RESKEY_password_default="nova_password" OCF_RESKEY_tenant_default="services" OCF_RESKEY_auth_url_default="http://127.0.0.1:5000/v2.0/" OCF_RESKEY_region_default="RegionOne" OCF_RESKEY_pid_default="${HA_RSCTMP}/${__SCRIPT_NAME}/${__SCRIPT_NAME}.pid" OCF_RESKEY_amqp_server_port_default="5672" OCF_RESKEY_zeromq_default="false" : ${HA_LOGTAG="ocf-nova-network"} : ${HA_LOGFACILITY="daemon"} : ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}} : ${OCF_RESKEY_config=${OCF_RESKEY_config_default}} : ${OCF_RESKEY_user=${OCF_RESKEY_user_default}} : ${OCF_RESKEY_password=${OCF_RESKEY_password_default}} : ${OCF_RESKEY_tenant=${OCF_RESKEY_tenant_default}} : ${OCF_RESKEY_auth_url=${OCF_RESKEY_auth_url_default}} : ${OCF_RESKEY_region=${OCF_RESKEY_region_default}} : ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}} : ${OCF_RESKEY_amqp_server_port=${OCF_RESKEY_amqp_server_port_default}} : ${OCF_RESKEY_zeromq=${OCF_RESKEY_zeromq_default}} ####################################################################### usage() { cat < 1.0 Resource agent for the OpenStack Nova Network Service (nova-network) May manage a nova-network instance or a clone set that creates a distributed nova-network cluster. Manages the OpenStack Network Service (nova-network) Location of the OpenStack Nova Network server binary (nova-network) OpenStack Nova Network server binary (nova-network) Location of the OpenStack Network Service (nova-network) configuration file OpenStack Nova Network (nova-network) config file User running OpenStack Network Service (nova-network) OpenStack Network Service (nova-network) user Password for nova-network nova-network password OpenStack Identity Service (Keystone) URL Keystone URL for nova-network OpenStack Identity Service (Keystone) Region Keystone Region for nova-network The pid file to use for this OpenStack Network Service (nova-network) instance OpenStack Network Service (nova-network) pid file The listening port number of the AMQP server. Mandatory to perform a monitor check AMQP listening port If zeromq is used, this will disable the connection test to the AMQP server Zero-MQ usage Additional parameters to pass on to the OpenStack Network Service (nova-network) Additional parameters for nova-network END } ####################################################################### # Functions invoked by resource manager actions nova_network_check_port() { # This function has been taken from the squid RA and improved a bit # The length of the integer must be 4 # Examples of valid port: "1080", "0080" # Examples of invalid port: "1080bad", "0", "0000", "" local int local cnt int="$1" cnt=${#int} echo $int | egrep -qx '[0-9]+(:[0-9]+)?(,[0-9]+(:[0-9]+)?)*' if [ $? -ne 0 ] || [ $cnt -ne 4 ]; then ocf_log err "Invalid port number: $1" exit $OCF_ERR_CONFIGURED fi } nova_network_validate() { local rc check_binary $OCF_RESKEY_binary check_binary netstat check_binary ip check_binary iptables check_binary ip6tables nova_network_check_port $OCF_RESKEY_amqp_server_port # A config file on shared storage that is not available # during probes is OK. if [ ! -f $OCF_RESKEY_config ]; then if ! ocf_is_probe; then ocf_log err "Config $OCF_RESKEY_config doesn't exist" return $OCF_ERR_INSTALLED fi ocf_log_warn "Config $OCF_RESKEY_config not available during a probe" fi getent passwd $OCF_RESKEY_user >/dev/null 2>&1 rc=$? if [ $rc -ne 0 ]; then ocf_log err "User $OCF_RESKEY_user doesn't exist" return $OCF_ERR_INSTALLED fi true } nova_network_cleanup() { network_manager_nlines=$(egrep -c -e '^network_manager' $OCF_RESKEY_config) if [ $network_manager_nlines -eq 0 ]; then ocf_log err "You must specify 'network_manager' in $OCF_RESKEY_config" return OCF_ERR_CONFIGURED fi shutdown_timeout=15 if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-6)) fi count=0 alive=$(ls /var/lib/nova/networks/*.pid | wc -l) dnsmasq_pids=$(cat /var/lib/nova/networks/*.pid) while [ $alive -gt 0 ] && [ $count -lt $shutdown_timeout ]; do ocf_run kill -s TERM $dnsmasq_pids iteration_time=3 sleep $iteration_time alive=0 np="" # Find out if there are dnsmasq processes that are # still alive after receiveing TERM signal for pid in $dnsmasq_pids ; do # Check if process with $pid is running ocf_run ps -p $pid > /dev/null if [ $? -eq 0 ]; then np="$np $pid" ((alive++)) fi done if [ $alive -gt 0 ] ; then dnsmasq_pids=$np ocf_log debug "dnsmasq processes started by nova-network still hasn't stopped yet. Waiting ..." fi ((count+=$iteration_time)) done if [ $alive -gt 0 ] ; then alive=0 ocf_run kill -s KILL $dnsmasq_pids sleep 1 for pid in $dnsmasq_pids ; do ocf_run ps -p $pid > /dev/null if [ $? -eq 0 ]; then ((alive++)) fi done if [ $alive -gt 0 ] ; then ocf_log err "Termination of dnsmasq processes stop failed" return $OCF_ERR_GENERIC fi fi ocf_log info "dnsmasq processes started by nova-network stopped" use_ipv6=$(egrep -e '^use_ipv6' $OCF_RESKEY_config | sed -e "s/$regexp/\1/") # Consider IPv4 if 'use_ipv6' was not explicitly defined if [ -z $use_ipv6 ];then use_ipv6=false fi # Flush firewall rules that nova-network creates prefix="nova-network" case $use_ipv6 in # IPv4 false) filter_chains="$prefix-FORWARD $prefix-INPUT $prefix-OUTPUT $prefix-local" for filter_chain in $filter_chains do ocf_run iptables -t filter -F $filter_chain done nat_chains="$prefix-OUTPUT $prefix-POSTROUTING $prefix-PREROUTING \ $prefix-float-snat $prefix-snat" for nat_chain in $nat_chains do ocf_run iptables -t nat -F $nat_chain done ocf_run iptables -t mangle -F $prefix-POSTROUTING ;; # IPv6 true) filter_chains="$prefix-FORWARD $prefix-INPUT $prefix-OUTPUT $prefix-local" for chain in $filter_chains do ocf_run ip6tables -t filter -F $chain done ;; esac ocf_log debug "firewall rules created by nova-network removed" # Regular expression to extract value from .ini style config file line regexp='.*=\s*$\w\+$' # Grab last network manager value (FlatDHCP or VLAN) from config file network_manager=$(egrep -e '^network_manager' $OCF_RESKEY_config | sed -e "s/$regexp/\1/" | tail -n 1) case $network_manager in nova.network.manager.FlatDHCPManager) flat_network_bridge_nlines=`egrep --count -e '^flat_network_bridge' $OCF_RESKEY_config` if [ $flat_network_bridge_nlines -ne 1 ]; then ocf_log err "Specifying more than one 'flat_network_bridge' in $OCF_RESKEY_config is not supported" return OCF_ERR_CONFIGURED fi # Flush IP address assigned to 'flat_network_bridge' (usually called 'br100') flat_network_bridge=$(egrep -e '^flat_network_bridge' $OCF_RESKEY_config | sed -e "s/$regexp/\1/") ocf_run ip addr flush dev $flat_network_bridge ;; nova.network.manager.VlanManager) # Collect all bridge interfaces that were created by # nova-network and remove IP addresses assigned to them nova_bridges=$(OS_TENANT_NAME=$OCF_RESKEY_tenant \ OS_USERNAME=$OCF_RESKEY_user \ OS_PASSWORD=$OCF_RESKEY_password \ OS_AUTH_URL=$OCF_RESKEY_auth_url \ OS_ENDPOINT_TYPE=internalURL \ OS_REGION_NAME=$OCF_RESKEY_region \ nova network-list --fields bridge | egrep -o -e 'br[0-9]{1,4}') for bridge in $nova_bridges do ocf_run ip addr flush dev $bridge done ;; *) ocf_log err "Unsupported network manager $NETWORK_MANAGER" return OCF_ERR_GENERIC ;; esac } nova_network_status() { local pid local rc # check and make PID file dir local PID_DIR="$( dirname $OCF_RESKEY_pid )" if [ ! -d "${PID_DIR}" ] ; then ocf_log debug "Create pid file dir: ${PID_DIR} and chown to ${OCF_RESKEY_user}" mkdir -p "${PID_DIR}" chown -R ${OCF_RESKEY_user} "${PID_DIR}" chmod 755 "${PID_DIR}" fi if [ ! -f $OCF_RESKEY_pid ]; then ocf_log info "OpenStack Nova Network (nova-network) is not running" return $OCF_NOT_RUNNING else pid=`cat $OCF_RESKEY_pid` fi if [ -n "${pid}" ]; then ocf_run -warn kill -s 0 $pid rc=$? else ocf_log err "PID file ${OCF_RESKEY_pid} is empty!" return $OCF_ERR_GENERIC fi if [ $rc -eq 0 ]; then return $OCF_SUCCESS else ocf_log info "Old PID file found, but OpenStack Nova Network (nova-network) is not running" return $OCF_NOT_RUNNING fi } nova_network_monitor() { local rc local pid local rc_amqp local network_amqp_check nova_network_status rc=$? # If status returned anything but success, return that immediately if [ $rc -ne $OCF_SUCCESS ]; then return $rc fi ocf_log debug "OpenStack Nova Network (nova-network) monitor succeeded" return $OCF_SUCCESS } nova_network_start() { local rc nova_network_status rc=$? if [ $rc -eq $OCF_SUCCESS ]; then ocf_log info "OpenStack Nova Network (nova-network) already running" return $OCF_SUCCESS fi nova_network_cleanup sleep 2 # run the actual nova-network daemon. Don't use ocf_run as we're sending the tool's output # straight to /dev/null anyway and using ocf_run would break stdout-redirection here. su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} --config-file=$OCF_RESKEY_config \ $OCF_RESKEY_additional_parameters"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid ocf_log debug "Create pid file: ${OCF_RESKEY_pid} with content $(cat ${OCF_RESKEY_pid})" # Note: we do NOT need to start dnsmasq here, because nova-network starts it. # Spin waiting for the server to come up. # Let the CRM/LRM time us out if required while true; do nova_network_monitor rc=$? [ $rc -eq $OCF_SUCCESS ] && break if [ $rc -ne $OCF_NOT_RUNNING ]; then ocf_log err "OpenStack Nova Network (nova-network) start failed" exit $OCF_ERR_GENERIC fi sleep 3 done ocf_log info "OpenStack Nova Network (nova-network) started" return $OCF_SUCCESS } nova_network_stop() { local rc local pid nova_network_status rc=$? if [ $rc -eq $OCF_NOT_RUNNING ]; then nova_network_cleanup sleep 2 ocf_log info "OpenStack Nova Network (nova-network) already stopped" return $OCF_SUCCESS fi # Try SIGTERM pid=`cat $OCF_RESKEY_pid` ocf_run kill -s TERM $pid rc=$? if [ $rc -ne 0 ]; then ocf_log err "OpenStack Nova Network (nova-network) couldn't be stopped" exit $OCF_ERR_GENERIC fi # stop waiting shutdown_timeout=15 if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-5)) fi count=0 while [ $count -lt $shutdown_timeout ]; do nova_network_status rc=$? if [ $rc -eq $OCF_NOT_RUNNING ]; then break fi count=`expr $count + 1` sleep 1 ocf_log debug "OpenStack Nova Network (nova-network) still hasn't stopped yet. Waiting ..." done nova_network_status rc=$? if [ $rc -ne $OCF_NOT_RUNNING ]; then # SIGTERM didn't help either, try SIGKILL ocf_log info "OpenStack Nova Network (nova-network) failed to stop after ${shutdown_timeout}s \ using SIGTERM. Trying SIGKILL ..." ocf_run kill -s KILL $pid fi ocf_log info "OpenStack Nova Network (nova-network) stopped" ocf_log debug "Delete pid file: ${OCF_RESKEY_pid} with content $(cat ${OCF_RESKEY_pid})" rm -f $OCF_RESKEY_pid nova_network_cleanup sleep 2 return $OCF_SUCCESS } ####################################################################### case "$1" in meta-data) meta_data exit $OCF_SUCCESS;; usage|help) usage exit $OCF_SUCCESS;; esac # Anything except meta-data and help must pass validation nova_network_validate || exit $? # What kind of method was invoked? case "$1" in start) nova_network_start;; stop) nova_network_stop;; status) nova_network_status;; monitor) nova_network_monitor;; validate-all) ;; *) usage exit $OCF_ERR_UNIMPLEMENTED;; esac