Browse Source

Ensure nova-compute unfences itself after starting

Change-Id: I687d01b346a45b0df96b66b767017356b0cf63c2
Andrew Beekhof 2 years ago
parent
commit
5b5c080a0b
1 changed files with 110 additions and 1 deletions
  1. 110
    1
      ocf/nova-compute-wait

+ 110
- 1
ocf/nova-compute-wait View File

@@ -150,6 +150,8 @@ END
150 150
 }
151 151
 
152 152
 nova_start() {
153
+    build_unfence_overlay
154
+
153 155
     state=$(attrd_updater -p -n evacuate -N ${NOVA_HOST} | sed -e 's/.*value=//' | tr -d '"' )
154 156
     if [ "x$state" = x ]; then
155 157
 	: never been fenced
@@ -160,8 +162,8 @@ nova_start() {
160 162
 	sleep ${OCF_RESKEY_evacuation_delay}
161 163
 
162 164
     else
163
-	ocf_log info "Waiting for pending evacuations from ${NOVA_HOST}"
164 165
 	while [ "x$state" != "xno" ]; do
166
+	    ocf_log info "Waiting for pending evacuations from ${NOVA_HOST}"
165 167
 	    state=$(attrd_updater -p -n evacuate -N ${NOVA_HOST} | sed -e 's/.*value=//' | tr -d '"' )
166 168
 	    sleep 5
167 169
 	done
@@ -169,14 +171,22 @@ nova_start() {
169 171
 	ocf_log info "Pausing to give evacuations from ${NOVA_HOST} time to complete"
170 172
 	sleep ${OCF_RESKEY_evacuation_delay}
171 173
     fi
174
+
175
+    touch "$statefile"
176
+
172 177
     return $OCF_SUCCESS
173 178
 }
174 179
 
175 180
 nova_stop() {
181
+    rm -f "$statefile"
176 182
     return $OCF_SUCCESS
177 183
 }
178 184
 
179 185
 nova_monitor() {
186
+    if [ ! -f "$statefile" ]; then
187
+        return $OCF_NOT_RUNNING
188
+    fi
189
+
180 190
     return $OCF_SUCCESS
181 191
 }
182 192
 
@@ -184,17 +194,113 @@ nova_notify() {
184 194
     return $OCF_SUCCESS
185 195
 }
186 196
 
197
+build_unfence_overlay() {
198
+    fence_options=""
199
+
200
+    if [ -z "${OCF_RESKEY_auth_url}" ]; then
201
+	candidates=$(/usr/sbin/stonith_admin -l ${NOVA_HOST})
202
+	for candidate in ${candidates}; do
203
+	    pcs stonith show $d | grep -q fence_compute
204
+	    if [ $? = 0 ]; then
205
+		ocf_log info "Unfencing nova based on: $candidate"
206
+		fence_auth=$(pcs stonith show $candidate | grep Attributes: | sed -e s/Attributes:// -e s/-/_/g -e 's/[^ ]\+=/OCF_RESKEY_\0/g' -e s/passwd/password/g)
207
+		eval "export $fence_auth"
208
+		break
209
+	    fi
210
+	done
211
+    fi    
212
+
213
+    # Copied from NovaEvacuate 
214
+    if [ -z "${OCF_RESKEY_auth_url}" ]; then
215
+        ocf_exit_reason "auth_url not configured"
216
+        exit $OCF_ERR_CONFIGURED
217
+    fi
218
+
219
+    fence_options="${fence_options} -k ${OCF_RESKEY_auth_url}"
220
+
221
+    if [ -z "${OCF_RESKEY_username}" ]; then
222
+        ocf_exit_reason "username not configured"
223
+        exit $OCF_ERR_CONFIGURED
224
+    fi
225
+
226
+    fence_options="${fence_options} -l ${OCF_RESKEY_username}"
227
+
228
+    if [ -z "${OCF_RESKEY_password}" ]; then
229
+        ocf_exit_reason "password not configured"
230
+        exit $OCF_ERR_CONFIGURED
231
+    fi
232
+
233
+    fence_options="${fence_options} -p ${OCF_RESKEY_password}"
234
+
235
+    if [ -z "${OCF_RESKEY_tenant_name}" ]; then
236
+        ocf_exit_reason "tenant_name not configured"
237
+        exit $OCF_ERR_CONFIGURED
238
+    fi
239
+
240
+    fence_options="${fence_options} -t ${OCF_RESKEY_tenant_name}"
241
+
242
+    if [ -n "${OCF_RESKEY_domain}" ]; then
243
+        fence_options="${fence_options} -d ${OCF_RESKEY_domain}"
244
+    fi
245
+
246
+    if [ -n "${OCF_RESKEY_region_name}" ]; then
247
+        fence_options="${fence_options} \
248
+            --region-name ${OCF_RESKEY_region_name}"
249
+    fi
250
+
251
+    if [ -n "${OCF_RESKEY_insecure}" ]; then
252
+        if ocf_is_true "${OCF_RESKEY_insecure}"; then
253
+            fence_options="${fence_options} --insecure"
254
+        fi
255
+    fi
256
+
257
+    if [ -n "${OCF_RESKEY_no_shared_storage}" ]; then
258
+        if ocf_is_true "${OCF_RESKEY_no_shared_storage}"; then
259
+            fence_options="${fence_options} --no-shared-storage"
260
+        fi
261
+    fi
262
+
263
+    if [ -n "${OCF_RESKEY_endpoint_type}" ]; then
264
+        case ${OCF_RESKEY_endpoint_type} in
265
+            adminURL|publicURL|internalURL)
266
+                ;;
267
+            *)
268
+                ocf_exit_reason "endpoint_type ${OCF_RESKEY_endpoint_type}" \
269
+                    "not valid. Use adminURL or publicURL or internalURL"
270
+                exit $OCF_ERR_CONFIGURED
271
+                ;;
272
+        esac
273
+        fence_options="${fence_options} -e ${OCF_RESKEY_endpoint_type}"
274
+    fi
275
+
276
+    mkdir -p /run/systemd/system/openstack-nova-compute.service.d
277
+    cat<<EOF>/run/systemd/system/openstack-nova-compute.service.d/unfence-20.conf
278
+[Service]
279
+ExecStartPost=/sbin/fence_compute ${fence_options} -o on -n ${NOVA_HOST}
280
+EOF
281
+}
282
+
187 283
 nova_validate() {
188 284
     rc=$OCF_SUCCESS
189 285
 
190 286
     check_binary crudini
191 287
     check_binary nova-compute
288
+    check_binary fence_compute
192 289
 
193 290
     if [ ! -f /etc/nova/nova.conf ]; then
194 291
 	   ocf_exit_reason "/etc/nova/nova.conf not found"
195 292
 	   exit $OCF_ERR_CONFIGURED
196 293
     fi
197 294
 
295
+    # Is the state directory writable?
296
+    state_dir=$(dirname $statefile)
297
+    touch "$state_dir/$$"
298
+    if [ $? != 0 ]; then
299
+        ocf_exit_reason "Invalid state directory: $state_dir"
300
+        return $OCF_ERR_ARGS
301
+    fi
302
+    rm -f "$state_dir/$$"
303
+
198 304
     NOVA_HOST=$(crudini --get /etc/nova/nova.conf DEFAULT host 2>/dev/null)
199 305
     if [ $? = 1 ]; then
200 306
         short_host=$(uname -n | awk -F. '{print $1}')
@@ -211,6 +317,8 @@ nova_validate() {
211 317
     return $rc
212 318
 }
213 319
 
320
+statefile="${HA_RSCTMP}/${OCF_RESOURCE_INSTANCE}.active"
321
+
214 322
 : ${OCF_RESKEY_evacuation_delay=120}
215 323
 case $__OCF_ACTION in
216 324
 meta-data)	meta_data
@@ -234,3 +342,4 @@ esac
234 342
 rc=$?
235 343
 ocf_log debug "${OCF_RESOURCE_INSTANCE} $__OCF_ACTION : $rc"
236 344
 exit $rc
345
+

Loading…
Cancel
Save