File 0001-Backport-fence_compute-to-4.0.17-fate-320346.patch of Package fence-agents.1956

From a9d6e82df730572bed78dfd82ebfe312b0c1e5b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kristoffer=20Gr=C3=B6nlund?= <krig@koru.se>
Date: Fri, 5 Feb 2016 14:10:50 +0100
Subject: [PATCH] Backport fence_compute (fate#320346) (bsc#964748)

---
 configure.ac                          |   2 +
 fence/agents/compute/Makefile.am      |  17 ++
 fence/agents/compute/fence_compute.py | 358 ++++++++++++++++++++++++++++++++++
 fence/agents/lib/fencing.py.py        |   4 +-
 make/fencebuild.mk                    |   1 +
 tests/data/metadata/fence_compute.xml | 142 ++++++++++++++
 6 files changed, 522 insertions(+), 2 deletions(-)
 create mode 100644 fence/agents/compute/Makefile.am
 create mode 100644 fence/agents/compute/fence_compute.py
 create mode 100644 tests/data/metadata/fence_compute.xml

diff --git a/configure.ac b/configure.ac
index ce2ca46..42e8ffc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -174,6 +174,7 @@ AC_PATH_PROG([SUDO_PATH], [sudo], [/usr/bin/sudo])
 AC_PATH_PROG([SNMPWALK_PATH], [snmpwalk], [/usr/bin/snmpwalk])
 AC_PATH_PROG([SNMPSET_PATH], [snmpset], [/usr/bin/snmpset])
 AC_PATH_PROG([SNMPGET_PATH], [snmpget], [/usr/bin/snmpget])
+AC_PATH_PROG([NOVA_PATH], [nova], [/usr/bin/nova])
 
 ## do subst
 
@@ -274,6 +275,7 @@ AC_CONFIG_FILES([Makefile
 		 fence/agents/brocade/Makefile
 		 fence/agents/cisco_mds/Makefile
 		 fence/agents/cisco_ucs/Makefile
+		 fence/agents/compute/Makefile
 		 fence/agents/docker/Makefile
 		 fence/agents/drac/Makefile
 		 fence/agents/drac5/Makefile
diff --git a/fence/agents/compute/Makefile.am b/fence/agents/compute/Makefile.am
new file mode 100644
index 0000000..ab21272
--- /dev/null
+++ b/fence/agents/compute/Makefile.am
@@ -0,0 +1,17 @@
+MAINTAINERCLEANFILES	= Makefile.in
+
+TARGET			= fence_compute
+
+SRC			= $(TARGET).py
+
+EXTRA_DIST		= $(SRC)
+
+sbin_SCRIPTS		= $(TARGET)
+
+man_MANS		= $(TARGET).8
+
+FENCE_TEST_ARGS		= -l test -p test -n 1
+
+include $(top_srcdir)/make/fencebuild.mk
+include $(top_srcdir)/make/fenceman.mk
+include $(top_srcdir)/make/agentpycheck.mk
diff --git a/fence/agents/compute/fence_compute.py b/fence/agents/compute/fence_compute.py
new file mode 100644
index 0000000..eccab99
--- /dev/null
+++ b/fence/agents/compute/fence_compute.py
@@ -0,0 +1,358 @@
+#!/usr/bin/python -tt
+
+import sys
+import time
+import atexit
+import logging
+import requests.exceptions
+
+sys.path.append("@FENCEAGENTSLIBDIR@")
+from fencing import *
+from fencing import fail_usage, is_executable, run_command, run_delay
+
+#BEGIN_VERSION_GENERATION
+RELEASE_VERSION="4.0.11"
+BUILD_DATE="(built Wed Nov 12 06:33:38 EST 2014)"
+REDHAT_COPYRIGHT="Copyright (C) Red Hat, Inc. 2004-2010 All rights reserved."
+#END_VERSION_GENERATION
+
+override_status = ""
+nova = None
+
+EVACUABLE_TAG = "evacuable"
+TRUE_TAGS = ['true']
+
+def get_power_status(_, options):
+	global override_status
+
+	status = "unknown"
+	logging.debug("get action: " + options["--action"])
+
+	if len(override_status):
+		logging.debug("Pretending we're " + override_status)
+		return override_status
+
+	if nova:
+		try:
+			services = nova.services.list(host=options["--plug"], binary="nova-compute")
+			for service in services:
+				logging.debug("Status of %s is %s" % (service.binary, service.state))
+				if service.binary == "nova-compute":
+					if service.state == "up":
+						status = "on"
+					elif service.state == "down":
+						status = "off"
+					else:
+						logging.debug("Unknown status detected from nova: " + service.state)
+					break
+		except ConnectionError as (err):
+			logging.warning("Nova connection failed: " + str(err))
+	return status
+
+# NOTE(sbauza); We mimic the host-evacuate module since it's only a contrib
+# module which is not stable
+def _server_evacuate(server, on_shared_storage):
+	success = False
+	error_message = ""
+	try:
+		logging.debug("Resurrecting instance: %s" % server)
+		(response, dictionary) = nova.servers.evacuate(server=server, on_shared_storage=on_shared_storage)
+
+		if response == None:
+			error_message = "No response while evacuating instance"
+		elif response.status_code == 200:
+			success = True
+			error_message = response.reason
+		else:
+			error_message = response.reason
+
+	except Exception as e:
+		error_message = "Error while evacuating instance: %s" % e
+
+	return {
+		"uuid": server,
+		"accepted": success,
+		"reason": error_message,
+		}
+
+def _is_server_evacuable(server, evac_flavors, evac_images):
+	if server.flavor.get('id') in evac_flavors:
+		return True
+	if server.image.get('id') in evac_images:
+		return True
+	return False
+
+def _get_evacuable_flavors():
+	result = []
+	flavors = nova.flavors.list()
+	# Since the detailed view for all flavors doesn't provide the extra specs,
+	# we need to call each of the flavor to get them.
+	for flavor in flavors:
+		if flavor.get_keys().get(EVACUABLE_TAG).strip().lower() in TRUE_TAGS:
+			result.append(flavor.id)
+	return result
+
+def _get_evacuable_images():
+	result = []
+	images = nova.images.list(detailed=True)
+	for image in images:
+		if hasattr(image, 'metadata'):
+			if image.metadata.get(EVACUABLE_TAG).strip.lower() in TRUE_TAGS:
+				result.append(image.id)
+	return result
+
+def _host_evacuate(options):
+	result = True
+	servers = nova.servers.list(search_opts={'host': options["--plug"], 'all_tenants': 1})
+	if options["--instance-filtering"] == "False":
+		evacuables = servers
+	else:
+		flavors = _get_evacuable_flavors()
+		images = _get_evacuable_images()
+		# Identify all evacuable servers
+		evacuables = [server for server in servers
+				if _is_server_evacuable(server, flavors, images)]
+
+	if options["--no-shared-storage"] != "False":
+		on_shared_storage = False
+	else:
+		on_shared_storage = True
+
+	for server in evacuables:
+		if hasattr(server, 'id'):
+			response = _server_evacuate(server.id, on_shared_storage)
+			if response["accepted"]:
+				logging.debug("Evacuated %s from %s: %s" %
+					      (response["uuid"], options["--plug"], response["reason"]))
+			else:
+				logging.error("Evacuation of %s on %s failed: %s" %
+					      (response["uuid"], options["--plug"], response["reason"]))
+				result = False
+		else:
+			logging.error("Could not evacuate instance: %s" % server.to_dict())
+			# Should a malformed instance result in a failed evacuation?
+			# result = False
+	return result
+
+def set_attrd_status(host, status, options):
+	logging.debug("Setting fencing status for %s to %s" % (host, status))
+	run_command(options, "attrd_updater -p -n evacuate -Q -N %s -U %s" % (host, status))
+
+def set_power_status(_, options):
+	global override_status
+
+	override_status = ""
+	logging.debug("set action: " + options["--action"])
+
+	if not nova:
+		return
+
+	if options["--action"] == "on":
+		try:
+			# Forcing the host back up
+			nova.services.force_down(
+				options["--plug"], "nova-compute", force_down=False)
+		except Exception as e:
+			# In theory, if foce_down=False fails, that's for the exact
+			# same possible reasons that below with force_down=True
+			# eg. either an incompatible version or an old client.
+			# Since it's about forcing back to a default value, there is
+			# no real worries to just consider it's still okay even if the
+			# command failed
+			logging.info("Exception from attempt to force "
+					  "host back up via nova API: "
+					  "%s: %s" % (e.__class__.__name__, e))
+		if get_power_status(_, options) == "on":
+			# Forcing the service back up in case it was disabled
+			nova.services.enable(options["--plug"], 'nova-compute')
+		else:
+			# Pretend we're 'on' so that the fencing library doesn't loop forever waiting for the node to boot
+			override_status = "on"
+		return
+
+	try:
+		nova.services.force_down(
+			options["--plug"], "nova-compute", force_down=True)
+	except Exception as e:
+		# Something went wrong when we tried to force the host down.
+		# That could come from either an incompatible API version
+		# eg. UnsupportedVersion or VersionNotFoundForAPIMethod
+		# or because novaclient is old and doesn't include force_down yet
+		# eg. AttributeError
+		# In that case, fallbacking to wait for Nova to catch the right state.
+
+		logging.error("Exception from attempt to force host down via nova API: "
+			      "%s: %s" % (e.__class__.__name__, e))
+		# need to wait for nova to update its internal status or we
+		# cannot call host-evacuate
+		while get_power_status(_, options) != "off":
+			# Loop forever if need be.
+			#
+			# Some callers (such as Pacemaker) will have a timer
+			# running and kill us if necessary
+			logging.debug("Waiting for nova to update it's internal state for %s" % options["--plug"])
+			time.sleep(1)
+
+	if not _host_evacuate(options):
+		sys.exit(1)
+
+	return
+
+def get_plugs_list(_, options):
+	result = {}
+
+	if nova:
+		services = nova.services.list(binary="nova-compute")
+		for service in services:
+			result[service.host] = ("", None)
+	return result
+
+
+def define_new_opts():
+	all_opt["endpoint-type"] = {
+		"getopt" : "e:",
+		"longopt" : "endpoint-type",
+		"help" : "-e, --endpoint-type=[endpoint] Nova Endpoint type (publicURL, internalURL, adminURL)",
+		"required" : "0",
+		"shortdesc" : "Nova Endpoint type",
+		"default" : "internalURL",
+		"order": 1,
+	}
+	all_opt["tenant-name"] = {
+		"getopt" : "t:",
+		"longopt" : "tenant-name",
+		"help" : "-t, --tenant-name=[tenant]     Keystone Admin Tenant",
+		"required" : "0",
+		"shortdesc" : "Keystone Admin Tenant",
+		"default" : "",
+		"order": 1,
+	}
+	all_opt["auth-url"] = {
+		"getopt" : "k:",
+		"longopt" : "auth-url",
+		"help" : "-k, --auth-url=[tenant]        Keystone Admin Auth URL",
+		"required" : "0",
+		"shortdesc" : "Keystone Admin Auth URL",
+		"default" : "",
+		"order": 1,
+	}
+	all_opt["region-name"] = {
+		"getopt" : "",
+		"longopt" : "region-name",
+		"help" : "--region-name=[region]         Region Name",
+		"required" : "0",
+		"shortdesc" : "Region Name",
+		"default" : "",
+		"order": 1,
+	}
+	all_opt["insecure"] = {
+		"getopt" : "",
+		"longopt" : "insecure",
+		"help" : "--insecure                     Explicitly allow agent to perform \"insecure\" TLS (https) requests",
+		"required" : "0",
+		"shortdesc" : "Allow Insecure TLS Requests",
+		"default" : "False",
+		"order": 2,
+	}
+	all_opt["domain"] = {
+		"getopt" : "d:",
+		"longopt" : "domain",
+		"help" : "-d, --domain=[string]          Deprecated option; do not do anything anymore",
+		"required" : "0",
+		"shortdesc" : "Deprecated option",
+		"default" : "",
+		"order": 5,
+	}
+	all_opt["record-only"] = {
+		"getopt" : "r:",
+		"longopt" : "record-only",
+		"help" : "--record-only                  Record the target as needing evacuation but as yet do not intiate it",
+		"required" : "0",
+		"shortdesc" : "Only record the target as needing evacuation",
+		"default" : "False",
+		"order": 5,
+	}
+	all_opt["instance-filtering"] = {
+		"getopt" : "",
+		"longopt" : "instance-filtering",
+		"help" : "--instance-filtering           Only evacuate instances create from images and flavors with evacuable=true",
+		"required" : "0",
+		"shortdesc" : "Only evacuate flagged instances",
+		"default" : "False",
+		"order": 5,
+	}
+	all_opt["no-shared-storage"] = {
+		"getopt" : "",
+		"longopt" : "no-shared-storage",
+		"help" : "--no-shared-storage            Disable functionality for shared storage",
+		"required" : "0",
+		"shortdesc" : "Disable functionality for dealing with shared storage",
+		"default" : "False",
+		"order": 5,
+	}
+
+def main():
+	global override_status
+	global nova
+	atexit.register(atexit_handler)
+
+	device_opt = ["login", "passwd", "tenant-name", "auth-url", "fabric_fencing", "on_target",
+		"no_login", "no_password", "port", "domain", "no-shared-storage", "endpoint-type",
+		"record-only", "instance-filtering", "insecure", "region-name"]
+	define_new_opts()
+	all_opt["shell_timeout"]["default"] = "180"
+
+	options = check_input(device_opt, process_input(device_opt))
+
+	docs = {}
+	docs["shortdesc"] = "Fence agent for the automatic resurrection of OpenStack compute instances"
+	docs["longdesc"] = "Used to tell Nova that compute nodes are down and to reschedule flagged instances"
+	docs["vendorurl"] = ""
+
+	show_docs(options, docs)
+
+	run_delay(options)
+
+	try:
+		from novaclient import client as nova_client
+	except ImportError:
+		fail_usage("nova not found or not accessible")
+
+	if options["--record-only"] in [ "2", "Disabled", "disabled" ]:
+		sys.exit(0)
+
+	elif options["--record-only"] in [ "1", "True", "true", "Yes", "yes"]:
+		if options["--action"] == "on":
+			set_attrd_status(options["--plug"], "no", options)
+			sys.exit(0)
+
+		elif options["--action"] in ["off", "reboot"]:
+			set_attrd_status(options["--plug"], "yes", options)
+			sys.exit(0)
+
+		elif options["--action"] in ["monitor", "status"]:
+			sys.exit(0)
+
+	# The first argument is the Nova client version
+	nova = nova_client.Client('2.11',
+		options["--username"],
+		options["--password"],
+		options["--tenant-name"],
+		options["--auth-url"],
+		insecure=options["--insecure"],
+		region_name=options["--region-name"],
+		endpoint_type=options["--endpoint-type"])
+
+	if options["--action"] in ["off", "reboot"]:
+		# Pretend we're 'on' so that the fencing library will always call set_power_status(off)
+		override_status = "on"
+
+	if options["--action"] == "on":
+		# Pretend we're 'off' so that the fencing library will always call set_power_status(on)
+		override_status = "off"
+
+	result = fence_action(None, options, set_power_status, get_power_status, get_plugs_list, None)
+	sys.exit(result)
+
+if __name__ == "__main__":
+	main()
diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py
index ede151e..be69c0e 100644
--- a/fence/agents/lib/fencing.py.py
+++ b/fence/agents/lib/fencing.py.py
@@ -790,9 +790,9 @@ def fence_action(connection, options, set_power_fn, get_power_fn, get_outlet_lis
 				## keys can be numbers (port numbers) or strings (names of VM, UUID)
 				for outlet_id in outlets.keys():
 					(alias, status) = outlets[outlet_id]
-					status = status.upper()
-					if not status in ["ON", "OFF"]:
+					if status is None or (not status.upper() in ["ON", "OFF"]):
 						status = "UNKNOWN"
+						status = status.upper()
 
 					if options["--action"] == "list":
 						print outlet_id + options["--separator"] + alias
diff --git a/make/fencebuild.mk b/make/fencebuild.mk
index 3a035e9..9b39484 100644
--- a/make/fencebuild.mk
+++ b/make/fencebuild.mk
@@ -24,6 +24,7 @@ $(TARGET): $(SRC)
 		-e 's#@''SNMPWALK_PATH@#${SNMPWALK_PATH}#g' \
 		-e 's#@''SNMPSET_PATH@#${SNMPSET_PATH}#g' \
 		-e 's#@''SNMPGET_PATH@#${SNMPGET_PATH}#g' \
+		-e 's#@''NOVA_PATH@#${NOVA_PATH}#g' \
 	> $@
 
 	if [ 0 -eq `echo "$(SRC)" | grep fence_ &> /dev/null; echo $$?` ]; then \
diff --git a/tests/data/metadata/fence_compute.xml b/tests/data/metadata/fence_compute.xml
new file mode 100644
index 0000000..82e0fde
--- /dev/null
+++ b/tests/data/metadata/fence_compute.xml
@@ -0,0 +1,142 @@
+<?xml version="1.0" ?>
+<resource-agent name="fence_compute" shortdesc="Fence agent for the automatic resurrection of OpenStack compute instances" >
+<longdesc>Used to tell Nova that compute nodes are down and to reschedule flagged instances</longdesc>
+<vendor-url></vendor-url>
+<parameters>
+	<parameter name="action" unique="0" required="1">
+		<getopt mixed="-o, --action=[action]" />
+		<content type="string" default="off"  />
+		<shortdesc lang="en">Fencing action</shortdesc>
+	</parameter>
+	<parameter name="auth-url" unique="0" required="0">
+		<getopt mixed="-k, --auth-url=[tenant]" />
+		<content type="string" default=""  />
+		<shortdesc lang="en">Keystone Admin Auth URL</shortdesc>
+	</parameter>
+	<parameter name="endpoint-type" unique="0" required="0">
+		<getopt mixed="-e, --endpoint-type=[endpoint]" />
+		<content type="string" default="internalURL"  />
+		<shortdesc lang="en">Nova Endpoint type</shortdesc>
+	</parameter>
+	<parameter name="login" unique="0" required="0">
+		<getopt mixed="-l, --username=[name]" />
+		<content type="string"  />
+		<shortdesc lang="en">Login name</shortdesc>
+	</parameter>
+	<parameter name="passwd" unique="0" required="0">
+		<getopt mixed="-p, --password=[password]" />
+		<content type="string"  />
+		<shortdesc lang="en">Login password or passphrase</shortdesc>
+	</parameter>
+	<parameter name="passwd_script" unique="0" required="0">
+		<getopt mixed="-S, --password-script=[script]" />
+		<content type="string"  />
+		<shortdesc lang="en">Script to run to retrieve password</shortdesc>
+	</parameter>
+	<parameter name="port" unique="0" required="1">
+		<getopt mixed="-n, --plug=[id]" />
+		<content type="string"  />
+		<shortdesc lang="en">Physical plug number on device, UUID or identification of machine</shortdesc>
+	</parameter>
+	<parameter name="region-name" unique="0" required="0">
+		<getopt mixed="--region-name=[region]" />
+		<content type="boolean" default=""  />
+		<shortdesc lang="en">Region Name</shortdesc>
+	</parameter>
+	<parameter name="tenant-name" unique="0" required="0">
+		<getopt mixed="-t, --tenant-name=[tenant]" />
+		<content type="string" default=""  />
+		<shortdesc lang="en">Keystone Admin Tenant</shortdesc>
+	</parameter>
+	<parameter name="insecure" unique="0" required="0">
+		<getopt mixed="--insecure" />
+		<content type="boolean" default="False"  />
+		<shortdesc lang="en">Allow Insecure TLS Requests</shortdesc>
+	</parameter>
+	<parameter name="domain" unique="0" required="0">
+		<getopt mixed="-d, --domain=[string]" />
+		<content type="string" default=""  />
+		<shortdesc lang="en">Deprecated option</shortdesc>
+	</parameter>
+	<parameter name="instance-filtering" unique="0" required="0">
+		<getopt mixed="--instance-filtering" />
+		<content type="boolean" default="False"  />
+		<shortdesc lang="en">Only evacuate flagged instances</shortdesc>
+	</parameter>
+	<parameter name="no-shared-storage" unique="0" required="0">
+		<getopt mixed="--no-shared-storage" />
+		<content type="boolean" default="False"  />
+		<shortdesc lang="en">Disable functionality for dealing with shared storage</shortdesc>
+	</parameter>
+	<parameter name="record-only" unique="0" required="0">
+		<getopt mixed="--record-only" />
+		<content type="string" default="False"  />
+		<shortdesc lang="en">Only record the target as needing evacuation</shortdesc>
+	</parameter>
+	<parameter name="verbose" unique="0" required="0">
+		<getopt mixed="-v, --verbose" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Verbose mode</shortdesc>
+	</parameter>
+	<parameter name="debug" unique="0" required="0">
+		<getopt mixed="-D, --debug-file=[debugfile]" />
+		<content type="string"  />
+		<shortdesc lang="en">Write debug information to given file</shortdesc>
+	</parameter>
+	<parameter name="version" unique="0" required="0">
+		<getopt mixed="-V, --version" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Display version information and exit</shortdesc>
+	</parameter>
+	<parameter name="help" unique="0" required="0">
+		<getopt mixed="-h, --help" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Display help and exit</shortdesc>
+	</parameter>
+	<parameter name="separator" unique="0" required="0">
+		<getopt mixed="-C, --separator=[char]" />
+		<content type="string" default=","  />
+		<shortdesc lang="en">Separator for CSV created by 'list' operation</shortdesc>
+	</parameter>
+	<parameter name="delay" unique="0" required="0">
+		<getopt mixed="--delay=[seconds]" />
+		<content type="string" default="0"  />
+		<shortdesc lang="en">Wait X seconds before fencing is started</shortdesc>
+	</parameter>
+	<parameter name="login_timeout" unique="0" required="0">
+		<getopt mixed="--login-timeout=[seconds]" />
+		<content type="string" default="5"  />
+		<shortdesc lang="en">Wait X seconds for cmd prompt after login</shortdesc>
+	</parameter>
+	<parameter name="power_timeout" unique="0" required="0">
+		<getopt mixed="--power-timeout=[seconds]" />
+		<content type="string" default="20"  />
+		<shortdesc lang="en">Test X seconds for status change after ON/OFF</shortdesc>
+	</parameter>
+	<parameter name="power_wait" unique="0" required="0">
+		<getopt mixed="--power-wait=[seconds]" />
+		<content type="string" default="0"  />
+		<shortdesc lang="en">Wait X seconds after issuing ON/OFF</shortdesc>
+	</parameter>
+	<parameter name="shell_timeout" unique="0" required="0">
+		<getopt mixed="--shell-timeout=[seconds]" />
+		<content type="string" default="180"  />
+		<shortdesc lang="en">Wait X seconds for cmd prompt after issuing command</shortdesc>
+	</parameter>
+	<parameter name="retry_on" unique="0" required="0">
+		<getopt mixed="--retry-on=[attempts]" />
+		<content type="string" default="1"  />
+		<shortdesc lang="en">Count of attempts to retry power on</shortdesc>
+	</parameter>
+</parameters>
+<actions>
+	<action name="on" on_target="1" automatic="1"/>
+	<action name="off" />
+	<action name="status" />
+	<action name="list" />
+	<action name="list-status" />
+	<action name="monitor" />
+	<action name="metadata" />
+	<action name="validate-all" />
+</actions>
+</resource-agent>
-- 
2.6.2
openSUSE Build Service is sponsored by