Add support for fence_ironic fencing agent.

We can now generate Pacemaker stonith fencing that uses the fence_ironic
fencing agent to control power for failed nodes in an HA deployment.

Partial-Bug: #1649695

Change-Id: I315f9bb78a1296f691dadaeb39fb0a48df1d5f06

agent_generator/src_xml/fence_ironic.xml

@@ -0,0 +1,61 @@
+<?xml version="1.0" ?>
+<resource-agent name="fence_ironic" shortdesc="Fence agent for Ironic nodes">
+<longdesc>fence_ironic is an I/O Fencing agent which can be used with Ironic-managed nodes.</longdesc>
+<parameters>
+	<parameter name="debug">
+		<getopt mixed="-d" />
+		<content type="boolean" />
+		<shortdesc lang="en">Specify (stdin) or increment (command line) debug level</shortdesc>
+	</parameter>
+	<parameter name="auth_url">
+		<content type="string" />
+		<shortdesc lang="en">Keystone URL to authenticate against</shortdesc>
+	</parameter>
+	<parameter name="login">
+		<content type="string" />
+		<shortdesc lang="en">Keystone username to use for authentication</shortdesc>
+	</parameter>
+	<parameter name="password">
+		<content type="string" />
+		<shortdesc lang="en">Keystone password to use for authentication</shortdesc>
+	</parameter>
+	<parameter name="tenant_name">
+		<content type="string" />
+		<shortdesc lang="en">Keystone tenant name to use for authentication</shortdesc>
+	</parameter>
+	<parameter name="pcmk_host_map">
+		<content type="string" />
+		<shortdesc lang="en">A mapping of UUIDs to node names</shortdesc>
+	</parameter>
+	<parameter name="action">
+		<getopt mixed="-o" />
+		<content type="string" default="reboot" />
+		<shortdesc lang="en">Fencing action (null, off, on, [reboot], status, list, monitor, metadata)</shortdesc>
+	</parameter>
+	<parameter name="timeout">
+		<getopt mixed="-t" />
+		<content type="string" default="30" />
+		<shortdesc lang="en">Fencing timeout (in seconds; default=30)</shortdesc>
+	</parameter>
+	<parameter name="delay">
+		<getopt mixed="-w" />
+		<content type="string" default="0" />
+		<shortdesc lang="en">Fencing delay (in seconds; default=0)</shortdesc>
+	</parameter>
+	<parameter name="domain">
+		<!-- DEPRECATED; FOR COMPATIBILITY ONLY -->
+		<content type="string" />
+		<shortdesc lang="en">Virtual Machine (domain name) to fence (deprecated; use port)</shortdesc>
+	</parameter>
+</parameters>
+<actions>
+	<action name="null" />
+	<action name="on" />
+	<action name="off" />
+	<action name="reboot" />
+	<action name="metadata" />
+	<action name="status" />
+	<action name="monitor" />
+	<action name="list" />
+</actions>
+</resource-agent>

agent_generator/variables.sh

@@ -23,6 +23,7 @@ cmd_pkg_map=(
     "fence_intelmodular:fence-agents-intelmodular"
     "fence_ipdu:fence-agents-ipdu"
     "fence_ipmilan:fence-agents-ipmilan"
+    "fence_ironic:fence-agents-ironic"
     "fence_kdump:fence-agents-kdump"
     "fence_rhevm:fence-agents-rhevm"
     "fence_rsb:fence-agents-rsb"

manifests/stonith/fence_ironic.pp

@@ -0,0 +1,168 @@
+# == Define: pacemaker::stonith::fenceironic_
+#
+# Configures stonith to use fence_ironic
+#
+# === Parameters:
+#
+# [*debug*]
+#   (optional) Specify (stdin) or increment (command line) debug level
+#   Defaults to undef
+#
+# [*auth-url*]
+#   Keystone URL to authenticate against
+#   Defaults to undef
+#
+# [*tenant-name*]
+#   Keystone tenant name to authenticate with
+#   Defaults to undef
+#
+# [*login*]
+#   Keystone username to authenticate with
+#   Defaults to undef
+#
+# [*passwd*]
+#   Keystone password to authenticate with
+#   Defaults to undef
+#
+# [*pcmk_host_map*]
+#   Mapping of Ironic UUID to node name
+#   Defaults to undef
+#
+# [*timeout*]
+#   (optional) Fencing timeout (in seconds)
+#   Defaults to undef
+#
+# [*delay*]
+#   (optional) Fencing delay (in seconds)
+#   Defaults to undef
+#
+# [*interval*]
+#   (optional) Monitor interval
+#   Defaults to 60s
+#
+# [*ensure*]
+#   (optional) Whether to make sure resource is present or absent
+#   Defaults to present
+#
+# [*pcmk_host_list*]
+#   (optional) List of nodes
+#   Defaults to undef
+#
+# [*tries*]
+#   (optional) How many times to attempt creating or deleting this resource
+#   Defaults to undef
+#
+# [*try_sleep*]
+#   (optional) How long to wait between tries
+#   Defaults to undef
+#
+# === Dependencies
+#  openstack command line interface
+#
+# === Authors:
+#  Chris Jones <cmsj@tenshu.net>
+#
+# === Copyright
+#
+# Copyright (C) 2016 Red Hat Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+define pacemaker::stonith::fence_ironic (
+  $debug             = undef,
+  $auth_url          = undef,
+  $login             = undef,
+  $passwd            = undef,
+  $tenant_name       = undef,
+  $pcmk_host_map     = undef,
+  $timeout           = undef,
+  $delay             = undef,
+  $domain            = undef,
+
+  $interval          = '60s',
+  $ensure            = present,
+  $pcmk_host_list    = undef,
+
+  $tries             = undef,
+  $try_sleep         = undef,
+) {
+  $debug_chunk = $debug ? {
+    undef   => '',
+    default => "debug=\"${debug}\"",
+  }
+  $auth_url_chunk = $auth_url ? {
+    undef   => '',
+    default => "auth-url=\"${auth_url}\"",
+  }
+  $login_chunk = $login ? {
+    undef   => '',
+    default => "login=\"${login}\"",
+  }
+  $passwd_chunk = $passwd ? {
+    undef   => '',
+    default => "passwd=\"${passwd}\"",
+  }
+  $tenant_name_chunk = $tenant_name ? {
+    undef   => '',
+    default => "tenant-name=\"${tenant_name}\"",
+  }
+  $pcmk_host_map_chunk = $pcmk_host_map ? {
+    undef   => '',
+    default => "pcmk_host_map=\"${pcmk_host_map}\"",
+  }
+  $timeout_chunk = $timeout ? {
+    undef   => '',
+    default => "timeout=\"${timeout}\"",
+  }
+  $delay_chunk = $delay ? {
+    undef   => '',
+    default => "delay=\"${delay}\"",
+  }
+  $domain_chunk = $domain ? {
+    undef   => '',
+    default => "domain=\"${domain}\"",
+  }
+
+  $pcmk_host_value_chunk = $pcmk_host_list ? {
+    undef   => '$(/usr/sbin/crm_node -n)',
+    default => $pcmk_host_list,
+  }
+
+  # $title can be a mac address, remove the colons for pcmk resource name
+  $safe_title = regsubst($title, ':', '', 'G')
+
+  if($ensure == absent) {
+    exec { "Delete stonith-fence_ironic-${safe_title}":
+      command => "/usr/sbin/pcs stonith delete stonith-fence_ironic-${safe_title}",
+      onlyif  => "/usr/sbin/pcs stonith show stonith-fence_ironic-${safe_title} > /dev/null 2>&1",
+      require => Class['pacemaker::corosync'],
+    }
+  } else {
+    package {
+      'fence-agents-ironic': ensure => installed,
+    } ->
+    exec { "Create stonith-fence_ironic-${safe_title}":
+      command   => "/usr/sbin/pcs stonith create stonith-fence_ironic-${safe_title} fence_ironic ${auth_url_chunk} ${login_chunk} ${passwd_chunk} ${tenant_name_chunk} ${pcmk_host_map_chunk} ${debug_chunk} ${timeout_chunk} ${delay_chunk} ${domain_chunk}  op monitor interval=${interval}",
+      unless    => "/usr/sbin/pcs stonith show stonith-fence_ironic-${safe_title} > /dev/null 2>&1",
+      tries     => $tries,
+      try_sleep => $try_sleep,
+      require   => Class['pacemaker::corosync'],
+    } ~>
+    exec { "Add non-local constraint for stonith-fence_ironic-${safe_title}":
+      command     => "/usr/sbin/pcs constraint location stonith-fence_ironic-${safe_title} avoids ${pcmk_host_value_chunk}",
+      tries       => $tries,
+      try_sleep   => $try_sleep,
+      refreshonly => true,
+    }
+  }
+}