File ECO-SLE-18232.diff of Package resource-agents.24246
diff -ru resource-agents-4.4.0+git57.70549516-orig/heartbeat/awseip resource-agents-4.4.0+git57.70549516/heartbeat/awseip
--- resource-agents-4.4.0+git57.70549516-orig/heartbeat/awseip 2020-02-24 12:23:11.000000000 +0100
+++ resource-agents-4.4.0+git57.70549516/heartbeat/awseip 2021-06-16 13:51:36.222454479 +0200
@@ -149,12 +149,12 @@
awseip_monitor && return $OCF_SUCCESS
if [ -n "${PRIVATE_IP_ADDRESS}" ]; then
- NETWORK_INTERFACES_MACS="$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/)"
+ NETWORK_INTERFACES_MACS=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/ -H "X-aws-ec2-metadata-token: $TOKEN")
for MAC in ${NETWORK_INTERFACES_MACS}; do
- curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/local-ipv4s |
+ curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/local-ipv4s -H "X-aws-ec2-metadata-token: $TOKEN" |
grep -q "^${PRIVATE_IP_ADDRESS}$"
if [ $? -eq 0 ]; then
- NETWORK_ID="$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/interface-id)"
+ NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN")
fi
done
$AWSCLI --profile $OCF_RESKEY_profile ec2 associate-address \
@@ -244,7 +244,8 @@
ELASTIC_IP="${OCF_RESKEY_elastic_ip}"
ALLOCATION_ID="${OCF_RESKEY_allocation_id}"
PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}"
-INSTANCE_ID="$(curl -s http://169.254.169.254/latest/meta-data/instance-id)"
+TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
+INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
case $__OCF_ACTION in
start)
diff -ru resource-agents-4.4.0+git57.70549516-orig/heartbeat/awsvip resource-agents-4.4.0+git57.70549516/heartbeat/awsvip
--- resource-agents-4.4.0+git57.70549516-orig/heartbeat/awsvip 2020-02-24 12:23:11.000000000 +0100
+++ resource-agents-4.4.0+git57.70549516/heartbeat/awsvip 2021-06-16 13:51:47.934374057 +0200
@@ -172,7 +172,7 @@
--instance-id "${INSTANCE_ID}" \
--query 'Reservations[].Instances[].NetworkInterfaces[].PrivateIpAddresses[].PrivateIpAddress[]' \
--output text | \
- grep -q "${SECONDARY_PRIVATE_IP}"
+ grep -qE "(^|\s)${SECONDARY_PRIVATE_IP}(\s|$)"
RET=$?
if [ $RET -ne 0 ]; then
@@ -206,9 +206,10 @@
AWSCLI="${OCF_RESKEY_awscli}"
SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}"
-INSTANCE_ID="$(curl -s http://169.254.169.254/latest/meta-data/instance-id)"
-MAC_ADDRESS="$(curl -s http://169.254.169.254/latest/meta-data/mac)"
-NETWORK_ID="$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDRESS}/interface-id)"
+TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
+INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
+MAC_ADDRESS=$(curl -s http://169.254.169.254/latest/meta-data/mac -H "X-aws-ec2-metadata-token: $TOKEN")
+NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDRESS}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN")
case $__OCF_ACTION in
start)
diff -ru resource-agents-4.4.0+git57.70549516-orig/heartbeat/aws-vpc-move-ip resource-agents-4.4.0+git57.70549516/heartbeat/aws-vpc-move-ip
--- resource-agents-4.4.0+git57.70549516-orig/heartbeat/aws-vpc-move-ip 2020-02-24 12:23:11.000000000 +0100
+++ resource-agents-4.4.0+git57.70549516/heartbeat/aws-vpc-move-ip 2021-06-16 13:50:38.246852580 +0200
@@ -37,19 +37,27 @@
# Defaults
OCF_RESKEY_awscli_default="/usr/bin/aws"
OCF_RESKEY_profile_default="default"
+OCF_RESKEY_region_default=""
OCF_RESKEY_ip_default=""
OCF_RESKEY_address_default=""
OCF_RESKEY_routing_table_default=""
+OCF_RESKEY_routing_table_role_default=""
OCF_RESKEY_interface_default="eth0"
OCF_RESKEY_monapi_default="false"
+OCF_RESKEY_lookup_type_default="InstanceId"
: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
+: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
: ${OCF_RESKEY_ip=${OCF_RESKEY_ip_default}}
: ${OCF_RESKEY_address=${OCF_RESKEY_address_default}}
: ${OCF_RESKEY_routing_table=${OCF_RESKEY_routing_table_default}}
+: ${OCF_RESKEY_routing_table_role=${OCF_RESKEY_routing_table_role_default}}
: ${OCF_RESKEY_interface=${OCF_RESKEY_interface_default}}
: ${OCF_RESKEY_monapi=${OCF_RESKEY_monapi_default}}
+: ${OCF_RESKEY_lookup_type=${OCF_RESKEY_lookup_type_default}}
+
+[ -n "$OCF_RESKEY_region" ] && region_opt="--region $OCF_RESKEY_region"
#######################################################################
@@ -93,6 +101,14 @@
<content type="string" default="${OCF_RESKEY_profile_default}" />
</parameter>
+<parameter name="region">
+<longdesc lang="en">
+Valid AWS region name (e.g., 'us-west-2')
+</longdesc>
+<shortdesc lang="en">region name</shortdesc>
+<content type="string" default="${OCF_RESKEY_region_default}" />
+</parameter>
+
<parameter name="ip" required="1">
<longdesc lang="en">
VPC private IP address
@@ -117,6 +133,14 @@
<content type="string" default="${OCF_RESKEY_routing_table_default}" />
</parameter>
+<parameter name="routing_table_role" required="0">
+<longdesc lang="en">
+Role to use to query/update the route table
+</longdesc>
+<shortdesc lang="en">route table query/update role</shortdesc>
+<content type="string" default="${OCF_RESKEY_routing_table_role_default}" />
+</parameter>
+
<parameter name="interface" required="1">
<longdesc lang="en">
Name of the network interface, i.e. eth0
@@ -132,6 +156,17 @@
<shortdesc lang="en">Enhanced Monitoring</shortdesc>
<content type="boolean" default="${OCF_RESKEY_monapi_default}" />
</parameter>
+
+<parameter name="lookup_type" required="0">
+<longdesc lang="en">
+Name of resource type to lookup in route table.
+"InstanceId" : EC2 instance ID. (default)
+"NetworkInterfaceId" : ENI ID. (useful in shared VPC setups).
+</longdesc>
+<shortdesc lang="en">lookup type for route table resource</shortdesc>
+<content type="string" default="${OCF_RESKEY_lookup_type_default}" />
+</parameter>
+
</parameters>
<actions>
@@ -145,15 +180,33 @@
END
}
+
+execute_cmd_as_role(){
+ cmd=$1
+ role=$2
+ output="$($OCF_RESKEY_awscli sts assume-role --role-arn $role --role-session-name AWSCLI-RouteTableUpdate --profile $OCF_RESKEY_profile $region_opt --output=text)"
+ export AWS_ACCESS_KEY_ID="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $5}')"
+ export AWS_SECRET_ACCESS_KEY="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $7}')"
+ export AWS_SESSION_TOKEN="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $8}')"
+
+ #Execute command
+ ocf_log debug "Assumed Role ${role}"
+ ocf_log debug "$($OCF_RESKEY_awscli sts get-caller-identity)"
+ ocf_log debug "executing command: $cmd"
+ response="$($cmd)"
+ unset output AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
+ echo $response
+}
+
ec2ip_set_address_param_compat(){
# Include backward compatibility for the deprecated address parameter
- if [ -z "$OCF_RESKEY_ip" ] && [ -n "$OCF_RESKEY_address" ]; then
+ if [ -z "$OCF_RESKEY_ip" ] && [ -n "$OCF_RESKEY_address" ]; then
OCF_RESKEY_ip="$OCF_RESKEY_address"
fi
}
ec2ip_validate() {
- for cmd in aws ip curl; do
+ for cmd in $OCF_RESKEY_awscli ip curl; do
check_binary "$cmd"
done
@@ -162,7 +215,8 @@
return $OCF_ERR_CONFIGURED
fi
- EC2_INSTANCE_ID="$(curl -s http://169.254.169.254/latest/meta-data/instance-id)"
+ TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
+ EC2_INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN")
if [ -z "${EC2_INSTANCE_ID}" ]; then
ocf_exit_reason "Instance ID not found. Is this a EC2 instance?"
@@ -173,20 +227,33 @@
}
ec2ip_monitor() {
- MON_RES=""
+ MON_RES=""
+ if [ "${OCF_RESKEY_lookup_type}" = "NetworkInterfaceId" ]; then
+ EC2_ID="$(ec2ip_get_instance_eni)"
+ RESOURCE_TYPE="interface"
+ else
+ EC2_ID="$EC2_INSTANCE_ID"
+ RESOURCE_TYPE="instance"
+ fi
+
if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ] || ocf_is_probe; then
for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do
ocf_log info "monitor: check routing table (API call) - $rtb"
- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].InstanceId"
- ocf_log debug "executing command: $cmd"
- ROUTE_TO_INSTANCE="$($cmd)"
+ if [ -z "${OCF_RESKEY_routing_table_role}" ]; then
+ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type"
+ ocf_log debug "executing command: $cmd"
+ ROUTE_TO_INSTANCE="$($cmd)"
+ else
+ cmd="$OCF_RESKEY_awscli $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type"
+ ROUTE_TO_INSTANCE="$(execute_cmd_as_role "$cmd" $OCF_RESKEY_routing_table_role)"
+ fi
ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}"
if [ -z "$ROUTE_TO_INSTANCE" ]; then
ROUTE_TO_INSTANCE="<unknown>"
fi
- if [ "$EC2_INSTANCE_ID" != "$ROUTE_TO_INSTANCE" ]; then
- ocf_log warn "not routed to this instance ($EC2_INSTANCE_ID) but to instance $ROUTE_TO_INSTANCE on $rtb"
+ if [ "$EC2_ID" != "$ROUTE_TO_INSTANCE" ]; then
+ ocf_log warn "not routed to this $RESOURCE_TYPE ($EC2_ID) but to $RESOURCE_TYPE $ROUTE_TO_INSTANCE on $rtb"
MON_RES="$MON_RES $rtb"
fi
sleep 1
@@ -204,7 +271,13 @@
ocf_log debug "executing command: $cmd"
RESULT=$($cmd | grep "$OCF_RESKEY_ip")
if [ -z "$RESULT" ]; then
- ocf_log warn "IP $OCF_RESKEY_ip not assigned to running interface"
+ if [ "$__OCF_ACTION" = "monitor" ] && ! ocf_is_probe; then
+ level="error"
+ else
+ level="info"
+ fi
+
+ ocf_log "$level" "IP $OCF_RESKEY_ip not assigned to running interface"
return $OCF_NOT_RUNNING
fi
@@ -216,17 +289,32 @@
ec2ip_drop() {
cmd="ip addr delete ${OCF_RESKEY_ip}/32 dev $OCF_RESKEY_interface"
ocf_log debug "executing command: $cmd"
- $cmd
+ output=$($cmd 2>&1)
rc=$?
+
if [ "$rc" -gt 0 ]; then
- ocf_log warn "command failed, rc $rc"
+ if [ "$__OCF_ACTION" = "start" ]; then
+ # expected to fail during start
+ level="debug"
+ else
+ level="warn"
+ fi
+
+ ocf_log "$level" "command failed, rc $rc"
+ ocf_log "$level" "output/error: $output"
return $OCF_ERR_GENERIC
+ else
+ ocf_log debug "output/error: $output"
fi
+ # delete remaining route-entries if any
+ ip route show to exact ${OCF_RESKEY_ip}/32 dev $OCF_RESKEY_interface | xargs -r ip route delete
+ ip route show table local to exact ${OCF_RESKEY_ip}/32 dev $OCF_RESKEY_interface | xargs -r ip route delete
+
return $OCF_SUCCESS
}
-ec2ip_get_and_configure() {
+ec2ip_get_instance_eni() {
MAC_FILE="/sys/class/net/${OCF_RESKEY_interface}/address"
if [ -f $MAC_FILE ]; then
cmd="cat ${MAC_FILE}"
@@ -242,7 +330,7 @@
fi
ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}"
- cmd="curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id"
+ cmd="curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id -H \"X-aws-ec2-metadata-token: $TOKEN\""
ocf_log debug "executing command: $cmd"
EC2_NETWORK_INTERFACE_ID="$(eval $cmd)"
rc=$?
@@ -251,11 +339,20 @@
return $OCF_ERR_GENERIC
fi
ocf_log debug "network interface id associated MAC address ${MAC_ADDR}: ${EC2_NETWORK_INTERFACE_ID}"
+ echo $EC2_NETWORK_INTERFACE_ID
+}
+ec2ip_get_and_configure() {
+ EC2_NETWORK_INTERFACE_ID="$(ec2ip_get_instance_eni)"
for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do
- cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID"
- ocf_log debug "executing command: $cmd"
- $cmd
+ if [ -z "${OCF_RESKEY_routing_table_role}" ]; then
+ cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID"
+ ocf_log debug "executing command: $cmd"
+ $cmd
+ else
+ cmd="$OCF_RESKEY_awscli $region_opt --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID"
+ update_response="$(execute_cmd_as_role "$cmd" $OCF_RESKEY_routing_table_role)"
+ fi
rc=$?
if [ "$rc" != 0 ]; then
ocf_log warn "command failed, rc: $rc"
@@ -363,7 +460,7 @@
ec2ip_monitor;;
validate-all)
exit $?;;
- *)
+ *)
echo $USAGE
exit $OCF_ERR_UNIMPLEMENTED
;;
diff -ru resource-agents-4.4.0+git57.70549516-orig/heartbeat/aws-vpc-route53.in resource-agents-4.4.0+git57.70549516/heartbeat/aws-vpc-route53.in
--- resource-agents-4.4.0+git57.70549516-orig/heartbeat/aws-vpc-route53.in 2020-02-24 12:23:11.000000000 +0100
+++ resource-agents-4.4.0+git57.70549516/heartbeat/aws-vpc-route53.in 2021-06-16 13:51:04.398673003 +0200
@@ -37,18 +37,34 @@
#
# Mar. 15, 2017, vers 1.0.2
+
#######################################################################
# Initialization:
: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
+# Defaults
+OCF_RESKEY_awscli_default="/usr/bin/aws"
+OCF_RESKEY_profile_default="default"
+OCF_RESKEY_hostedzoneid_default=""
+OCF_RESKEY_fullname_default=""
+OCF_RESKEY_ip_default="local"
OCF_RESKEY_ttl_default=10
+: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}}
+: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}}
+: ${OCF_RESKEY_hostedzoneid:=${OCF_RESKEY_hostedzoneid_default}}
+: ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}}
+: ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}}
: ${OCF_RESKEY_ttl:=${OCF_RESKEY_ttl_default}}
+#######################################################################
+
+AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10"
#######################################################################
+
usage() {
cat <<-EOT
usage: $0 {start|stop|status|monitor|validate-all|meta-data}
@@ -97,15 +113,44 @@
meta target-role=Started
</longdesc>
<shortdesc lang="en">Update Route53 VPC record for AWS EC2</shortdesc>
+
<parameters>
+<parameter name="awscli">
+<longdesc lang="en">
+Path to command line tools for AWS
+</longdesc>
+<shortdesc lang="en">Path to AWS CLI tools</shortdesc>
+<content type="string" default="${OCF_RESKEY_awscli_default}" />
+</parameter>
+
+<parameter name="profile">
+<longdesc lang="en">
+The name of the AWS CLI profile of the root account. This
+profile will have to use the "text" format for CLI output.
+The file /root/.aws/config should have an entry which looks
+like:
+
+ [profile cluster]
+ region = us-east-1
+ output = text
+
+"cluster" is the name which has to be used in the cluster
+configuration. The region has to be the current one. The
+output has to be "text".
+</longdesc>
+<shortdesc lang="en">AWS Profile Name</shortdesc>
+<content type="string" default="${OCF_RESKEY_profile_default}" />
+</parameter>
+
<parameter name="hostedzoneid" required="1">
<longdesc lang="en">
Hosted zone ID of Route 53. This is the table of
the Route 53 record.
</longdesc>
<shortdesc lang="en">AWS hosted zone ID</shortdesc>
-<content type="string" default="" />
+<content type="string" default="${OCF_RESKEY_hostedzoneid_default}" />
</parameter>
+
<parameter name="fullname" required="1">
<longdesc lang="en">
The full name of the service which will host the IP address.
@@ -113,8 +158,19 @@
Note: The trailing dot is important to Route53!
</longdesc>
<shortdesc lang="en">Full service name</shortdesc>
-<content type="string" default="" />
+<content type="string" default="${OCF_RESKEY_fullname_default}" />
+</parameter>
+
+<parameter name="ip" required="0">
+<longdesc lang="en">
+IP (local (default), public or secondary private IP address (e.g. 10.0.0.1).
+
+A secondary private IP can be setup with the awsvip agent.
+</longdesc>
+<shortdesc lang="en">Type of IP or secondary private IP address (local, public or e.g. 10.0.0.1)</shortdesc>
+<content type="string" default="${OCF_RESKEY_ip_default}" />
</parameter>
+
<parameter name="ttl" required="0">
<longdesc lang="en">
Time to live for Route53 ARECORD
@@ -122,25 +178,8 @@
<shortdesc lang="en">ARECORD TTL</shortdesc>
<content type="string" default="${OCF_RESKEY_ttl_default}" />
</parameter>
-<parameter name="profile" required="1">
-<longdesc lang="en">
-The name of the AWS CLI profile of the root account. This
-profile will have to use the "text" format for CLI output.
-The file /root/.aws/config should have an entry which looks
-like:
-
- [profile cluster]
- region = us-east-1
- output = text
-
-"cluster" is the name which has to be used in the cluster
-configuration. The region has to be the current one. The
-output has to be "text".
-</longdesc>
-<shortdesc lang="en">AWS Profile Name</shortdesc>
-<content type="string" default="" />
-</parameter>
</parameters>
+
<actions>
<action name="start" timeout="180s" />
<action name="stop" timeout="180s" />
@@ -167,6 +206,15 @@
# Hosted Zone ID
[[ -z "$OCF_RESKEY_hostedzoneid" ]] && ocf_log error "Hosted Zone ID parameter not set $OCF_RESKEY_hostedzoneid!" && exit $OCF_ERR_CONFIGURED
+ # Type of IP/secondary IP address
+ case $OCF_RESKEY_ip in
+ local|public|*.*.*.*)
+ ;;
+ *)
+ ocf_exit_reason "Invalid value for ip: ${OCF_RESKEY_ip}"
+ exit $OCF_ERR_CONFIGURED
+ esac
+
# profile
[[ -z "$OCF_RESKEY_profile" ]] && ocf_log error "AWS CLI profile not set $OCF_RESKEY_profile!" && exit $OCF_ERR_CONFIGURED
@@ -174,25 +222,44 @@
[[ -z "$OCF_RESKEY_ttl" ]] && ocf_log error "TTL not set $OCF_RESKEY_ttl!" && exit $OCF_ERR_CONFIGURED
ocf_log debug "Testing aws command"
- aws --version 2>&1
+ $OCF_RESKEY_awscli --version 2>&1
if [ "$?" -gt 0 ]; then
ocf_log error "Error while executing aws command as user root! Please check if AWS CLI tools (Python flavor) are properly installed and configured." && exit $OCF_ERR_INSTALLED
fi
ocf_log debug "ok"
- if [ -n "$OCF_RESKEY_profile" ]; then
- AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10"
- else
- AWS_PROFILE_OPT="--profile default --cli-connect-timeout 10"
+ return $OCF_SUCCESS
+}
+
+r53_start() {
+ #
+ # Start agent and config DNS in Route53
+ #
+ ocf_log info "Starting Route53 DNS update...."
+ _get_ip
+ r53_monitor
+ if [ $? != $OCF_SUCCESS ]; then
+ ocf_log info "Could not start agent - check configurations"
+ return $OCF_ERR_GENERIC
fi
+ return $OCF_SUCCESS
+}
+r53_stop() {
+ #
+ # Stop operation doesn't perform any API call or try to remove the DNS record
+ # this mostly because this is not necessarily mandatory or desired
+ # the start and monitor functions will take care of changing the DNS record
+ # if the agent starts in a different cluster node
+ #
+ ocf_log info "Bringing down Route53 agent. (Will NOT remove Route53 DNS record)"
return $OCF_SUCCESS
}
r53_monitor() {
#
# For every start action the agent will call Route53 API to check for DNS record
- # otherwise it will try to get results directly bu querying the DNS using "dig".
+ # otherwise it will try to get results directly by querying the DNS using "dig".
# Due to complexity in some DNS architectures "dig" can fail, and if this happens
# the monitor will fallback to the Route53 API call.
#
@@ -208,11 +275,11 @@
r53_validate
ocf_log debug "Checking Route53 record sets"
#
- IPADDRESS="$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)"
+ _get_ip
#
if [ "$__OCF_ACTION" = "start" ] || ocf_is_probe ; then
#
- cmd="aws $AWS_PROFILE_OPT route53 list-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --query ResourceRecordSets[?Name=='$OCF_RESKEY_fullname']"
+ cmd="$OCF_RESKEY_awscli $AWS_PROFILE_OPT route53 list-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --query ResourceRecordSets[?Name=='$OCF_RESKEY_fullname']"
ocf_log info "Route53 Agent Starting or probing - executing monitoring API call: $cmd"
CLIRES="$($cmd 2>&1)"
rc=$?
@@ -244,7 +311,7 @@
#
if [[ ! $ARECORD =~ $IPREGEX ]] || [ $rc -ne 0 ]; then
ocf_log info "Fallback to Route53 API query due to DNS resolution failure"
- cmd="aws $AWS_PROFILE_OPT route53 list-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --query ResourceRecordSets[?Name=='$OCF_RESKEY_fullname']"
+ cmd="$OCF_RESKEY_awscli $AWS_PROFILE_OPT route53 list-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --query ResourceRecordSets[?Name=='$OCF_RESKEY_fullname']"
ocf_log debug "executing monitoring API call: $cmd"
CLIRES="$($cmd 2>&1)"
rc=$?
@@ -277,6 +344,16 @@
return $OCF_SUCCESS
}
+_get_ip() {
+ case $OCF_RESKEY_ip in
+ local|public)
+ TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
+ IPADDRESS=$(curl -s http://169.254.169.254/latest/meta-data/${OCF_RESKEY_ip}-ipv4 -H "X-aws-ec2-metadata-token: $TOKEN");;
+ *.*.*.*)
+ IPADDRESS="${OCF_RESKEY_ip}";;
+ esac
+}
+
_update_record() {
#
# This function is the one that will actually execute Route53's API call
@@ -314,7 +391,7 @@
]
}
EOF
- cmd="aws --profile $OCF_RESKEY_profile route53 change-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --change-batch file://$ROUTE53RECORD "
+ cmd="$OCF_RESKEY_awscli $AWS_PROFILE_OPT route53 change-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --change-batch file://$ROUTE53RECORD "
ocf_log debug "Executing command: $cmd"
CLIRES="$($cmd 2>&1)"
rc=$?
@@ -334,36 +411,11 @@
MYSECONDS=20
while [ "$STATUS" = 'PENDING' ]; do
sleep $MYSECONDS
- STATUS="$(aws --profile $OCF_RESKEY_profile route53 get-change --id $CHANGEID | grep CHANGEINFO | awk -F'\t' '{ print $4 }' |cut -d'"' -f 2 )"
+ STATUS="$($OCF_RESKEY_awscli $AWS_PROFILE_OPT route53 get-change --id $CHANGEID | grep CHANGEINFO | awk -F'\t' '{ print $4 }' |cut -d'"' -f 2 )"
ocf_log debug "Waited for $MYSECONDS seconds and checked execution of Route 53 update status: $STATUS "
done
}
-r53_stop() {
- #
- # Stop operation doesn't perform any API call or try to remove the DNS record
- # this mostly because this is not necessarily mandatory or desired
- # the start and monitor functions will take care of changing the DNS record
- # if the agent starts in a different cluster node
- #
- ocf_log info "Bringing down Route53 agent. (Will NOT remove Route53 DNS record)"
- return $OCF_SUCCESS
-}
-
-r53_start() {
- #
- # Start agent and config DNS in Route53
- #
- ocf_log info "Starting Route53 DNS update...."
- IPADDRESS="$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)"
- r53_monitor
- if [ $? != $OCF_SUCCESS ]; then
- ocf_log info "Could not start agent - check configurations"
- return $OCF_ERR_GENERIC
- fi
- return $OCF_SUCCESS
-}
-
###############################################################################
case $__OCF_ACTION in
@@ -375,20 +427,23 @@
metadata
exit $OCF_SUCCESS
;;
- monitor)
- r53_monitor
+ start)
+ r53_validate || exit $?
+ r53_start
;;
stop)
r53_stop
;;
+ monitor)
+ r53_monitor
+ ;;
validate-all)
r53_validate
;;
- start)
- r53_start
- ;;
*)
usage
exit $OCF_ERR_UNIMPLEMENTED
;;
esac
+
+exit $?
