#!/bin/bash # # Copyright 2015 Red Hat, Inc. # # Description: Manages evacuation of nodes running nova-compute # # Authors: Andrew Beekhof # # Support: openstack@lists.openstack.org # License: Apache Software License (ASL) 2.0 # ####################################################################### # Initialization: ### : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs ### : ${__OCF_ACTION=$1} ####################################################################### meta_data() { cat < 1.0 Facility for tacking a list of compute nodes and reliably evacuating the ones that fence_evacuate has flagged. Evacuator for OpenStack Nova Compute Server Authorization URL for connecting to keystone in admin context Authorization URL Username for connecting to keystone in admin context Username Password for connecting to keystone in admin context Password Tenant name for connecting to keystone in admin context. Note that with Keystone V3 tenant names are only unique within a domain. Tenant name DNS domain in which hosts live, useful when the cluster uses short names and nova uses FQDN DNS domain Nova API location (internal, public or admin URL) Nova API location (internal, public or admin URL) Region name for connecting to nova. Region name Explicitly allow client to perform "insecure" TLS (https) requests. The server's certificate will not be verified against any certificate authorities. This option should be used with caution. Allow insecure TLS requests Indicate that nova storage for instances is not shared across compute nodes. This must match the reality of how nova storage is configured! Otherwise VMs could end up in error state upon evacuation. When storage is non-shared, instances on dead hypervisors will be rebuilt from their original image or volume, so anything on ephemeral storage will be lost. Disable shared storage recovery for instances Enable extra logging from the evacuation process Enable debug logging END } ####################################################################### # don't exit on TERM, to test that lrmd makes sure that we do exit trap sigterm_handler TERM sigterm_handler() { ocf_log info "They use TERM to bring us down. No such luck." return } evacuate_usage() { cat < >(grep -v "attribute does not exist" 1>&2) | sed 's/ value=""/ value="no"/' | tr '="' ' ' | awk '{print $4" "$6}' ) return $OCF_SUCCESS } evacuate_validate() { rc=$OCF_SUCCESS fence_options="" if ! have_binary fence_evacuate; then check_binary fence_compute fi # Is the state directory writable? state_dir=$(dirname $statefile) touch "$state_dir/$$" if [ $? != 0 ]; then ocf_exit_reason "Invalid state directory: $state_dir" return $OCF_ERR_ARGS fi rm -f "$state_dir/$$" if [ -z "${OCF_RESKEY_auth_url}" ]; then ocf_exit_reason "auth_url not configured" exit $OCF_ERR_CONFIGURED fi fence_options="${fence_options} -k ${OCF_RESKEY_auth_url}" if [ -z "${OCF_RESKEY_username}" ]; then ocf_exit_reason "username not configured" exit $OCF_ERR_CONFIGURED fi fence_options="${fence_options} -l ${OCF_RESKEY_username}" if [ -z "${OCF_RESKEY_password}" ]; then ocf_exit_reason "password not configured" exit $OCF_ERR_CONFIGURED fi fence_options="${fence_options} -p ${OCF_RESKEY_password}" if [ -z "${OCF_RESKEY_tenant_name}" ]; then ocf_exit_reason "tenant_name not configured" exit $OCF_ERR_CONFIGURED fi fence_options="${fence_options} -t ${OCF_RESKEY_tenant_name}" if [ -n "${OCF_RESKEY_domain}" ]; then fence_options="${fence_options} -d ${OCF_RESKEY_domain}" fi if [ -n "${OCF_RESKEY_region_name}" ]; then fence_options="${fence_options} \ --region-name ${OCF_RESKEY_region_name}" fi if [ -n "${OCF_RESKEY_insecure}" ]; then if ocf_is_true "${OCF_RESKEY_insecure}"; then fence_options="${fence_options} --insecure" fi fi if [ -n "${OCF_RESKEY_no_shared_storage}" ]; then if ocf_is_true "${OCF_RESKEY_no_shared_storage}"; then fence_options="${fence_options} --no-shared-storage" fi fi if [ -n "${OCF_RESKEY_verbose}" ]; then if ocf_is_true "${OCF_RESKEY_verbose}"; then fence_options="${fence_options} --verbose" fi fi if [ -n "${OCF_RESKEY_endpoint_type}" ]; then case ${OCF_RESKEY_endpoint_type} in adminURL|publicURL|internalURL) ;; *) ocf_exit_reason "endpoint_type ${OCF_RESKEY_endpoint_type}" \ "not valid. Use adminURL or publicURL or internalURL" exit $OCF_ERR_CONFIGURED ;; esac fence_options="${fence_options} -e ${OCF_RESKEY_endpoint_type}" fi if [ $rc != $OCF_SUCCESS ]; then exit $rc fi return $rc } statefile="${HA_RSCTMP}/${OCF_RESOURCE_INSTANCE}.active" case $__OCF_ACTION in start) evacuate_validate evacuate_start ;; stop) evacuate_stop ;; monitor) evacuate_validate evacuate_monitor ;; meta-data) meta_data exit $OCF_SUCCESS ;; usage|help) evacuate_usage exit $OCF_SUCCESS ;; validate-all) exit $OCF_SUCCESS ;; *) evacuate_usage exit $OCF_ERR_UNIMPLEMENTED ;; esac rc=$? ocf_log debug "${OCF_RESOURCE_INSTANCE} $__OCF_ACTION : $rc" exit $rc