Add the ability to undo stonith

This commit makes the role able also to undo the stonith steps, by adding a new variable named "stonith_config" which can be "apply" (default) or "undo". Change-Id: I7c010da6b23083ab5106807571b55bf1098d9162
2017-08-02 06:25:30 -04:00 · 2017-08-02 06:25:30 -04:00 · c440ae7b18
commit c440ae7b18
parent c438c47b2a
5 changed files with 132 additions and 96 deletions
--- a/roles/stonith-config/defaults/main.yml
+++ b/roles/stonith-config/defaults/main.yml
@ -4,6 +4,10 @@ overcloud_working_dir: "/home/heat-admin"
 working_dir: "/home/stack"
 instack_env_file: "{{ working_dir }}/instackenv.json"

-create_stonith_python_script: create-stonith-from-instackenv.py.j2
-# Can be all, controllers, computes
+config_stonith_python_script: config-stonith-from-instackenv.py.j2
+
+# Can be apply or undo
+stonith_config: "apply"                                                     
+
+# Can be none, all, controllers or computes
 stonith_devices: all
--- a/roles/stonith-config/tasks/main.yml
+++ b/roles/stonith-config/tasks/main.yml
@ -1,19 +1,25 @@
 ---
 - name: Load the STONITH creation script on the undercloud
  template:
-    src: "{{ create_stonith_python_script }}"
-    dest: "{{ working_dir }}/create_stonith_from_instackenv.py"
+    src: "{{ config_stonith_python_script }}"
+    dest: "{{ working_dir }}/config_stonith_from_instackenv.py"
    mode: 0755

 - name: Generate STONITH script
  shell: |
    source {{ working_dir }}/stackrc
-    {{ working_dir }}/create_stonith_from_instackenv.py {{ instack_env_file }} {{ stonith_devices }}
+    {{ working_dir }}/config_stonith_from_instackenv.py {{ instack_env_file }} {{ stonith_config }} {{ stonith_devices }}
  register: stonith_script

+- name: Delete the STONITH script on the overcloud (if exists)
+  file:
+    path: "{{ overcloud_working_dir }}/config-stonith.sh"
+    state: absent
+  delegate_to: overcloud-controller-0
+
 - name: Create the STONITH script on the overcloud
  lineinfile:
-    destfile: "{{ overcloud_working_dir }}/create-stonith.sh"
+    destfile: "{{ overcloud_working_dir }}/config-stonith.sh"
    line: "{{ stonith_script.stdout }}"
    create: yes
    mode: 0755
@ -23,4 +29,4 @@
  become: true
  delegate_to: overcloud-controller-0
  shell: >
-    {{ overcloud_working_dir }}/create-stonith.sh &> create_stonith.log
+    {{ overcloud_working_dir }}/config-stonith.sh &> config_stonith.log
--- a/roles/stonith-config/templates/config-stonith-from-instackenv.py.j2
+++ b/roles/stonith-config/templates/config-stonith-from-instackenv.py.j2
@ -0,0 +1,55 @@
+#!/bin/python
+
+import os
+import json
+import sys
+from keystoneauth1.identity import v2
+from keystoneauth1 import session
+from pprint import pprint
+from novaclient import client
+
+# JSon file as first parameter
+jdata = open(sys.argv[1])
+data = json.load(jdata)
+
+# apply, undo
+fence_config = sys.argv[2]
+# controllers, computes, all or none
+fence_devices = sys.argv[3]
+
+# Define variables to connect to nova
+os_username = os.environ['OS_USERNAME']
+os_password = os.environ['OS_PASSWORD']
+os_auth_url = os.environ['OS_AUTH_URL']
+if os.environ['OS_TENANT_NAME']:
+ os_tenant_name = os.environ['OS_TENANT_NAME']
+else:
+ os_tenant_name = os.environ['OS_PROJECT_NAME']
+os_compute_api_version = os.environ['COMPUTE_API_VERSION']
+
+# If fence_devices includes controllers then we act on the overall stonith-enabled property of the cluster
+if (fence_devices in ['controllers','all']):
+ # If we're undoying then we disable stonith
+ if (fence_config == 'undo'):
+  print('pcs property set stonith-enabled=false')
+ # If we're applying then we enable it
+ elif (fence_config == 'apply'):
+  print('pcs property set stonith-enabled=true')
+
+# Connect to nova
+auth = v2.Password(auth_url=os_auth_url, username=os_username, password=os_password, tenant_name=os_tenant_name)
+sess = session.Session(auth=auth)
+nt = client.Client("2.1", session=sess)
+
+# Parse instances
+for instance in nt.servers.list():
+ for node in data["nodes"]:
+  if (node["mac"][0] == instance.addresses['ctlplane'][0]['OS-EXT-IPS-MAC:mac_addr'] and (('controller' in instance.name and fence_devices in ['controllers','all']) or ('compute' in instance.name and fence_devices in ['computes','all']))):
+   if (fence_config == 'undo'):
+    print('pcs stonith delete ipmilan-{} || /bin/true'.format(instance.name))
+   elif (fence_config == 'apply'):
+    print('pcs stonith create ipmilan-{} fence_ipmilan pcmk_host_list="{}" ipaddr="{}" login="{}" passwd="{}" lanplus="true" delay=20 op monitor interval=60s'.format(instance.name,instance.name,node["pm_addr"],node["pm_user"],node["pm_password"]))
+    print('pcs constraint location ipmilan-{} avoids {}'.format(instance.name,instance.name))
+
+# Close nova connection
+jdata.close()
--- a/roles/stonith-config/templates/config-stonith-from-instackenv.py.readme
+++ b/roles/stonith-config/templates/config-stonith-from-instackenv.py.readme
@ -0,0 +1,60 @@
+################
+# Python imports
+################
+import os
+import json
+import sys
+# The below will be enabled once OS_AUTH_URL=http://192.0.2.1:5000/v3
+#from keystoneauth1.identity import v3
+from keystoneauth1.identity import v2
+from keystoneauth1 import session
+from pprint import pprint
+from novaclient import client
+
+##########################################################
+# Environment variables (need to source before launching):
+##########################################################
+export NOVA_VERSION=1.1
+export OS_PASSWORD=$(sudo hiera admin_password)
+# If v3:
+ export OS_AUTH_URL=http://192.0.2.1:5000/v3
+# else
+ export OS_AUTH_URL=http://192.0.2.1:5000/v2.0
+export OS_USERNAME=admin
+export OS_TENANT_NAME=admin
+export COMPUTE_API_VERSION=1.1
+export OS_NO_CACHE=True
+
+##############
+# JSON format:
+##############
+{ "nodes": [
+{
+  "mac": [
+"b8:ca:3a:66:e3:82"
+  ],
+  "_comment":"host12-rack03.scale.openstack.engineering.redhat.com",
+  "cpu": "",
+  "memory": "",
+  "disk": "",
+  "arch": "x86_64",
+  "pm_type":"pxe_ipmitool",
+  "pm_user":"qe-scale",
+  "pm_password":"d0ckingSt4tion",
+  "pm_addr":"10.1.8.102"
+},
+...
+
+########################################################################
+# To make the below working os_auth_url must be http://192.0.2.1:5000/v3
+########################################################################
+auth = v3.Password(auth_url=os_auth_url,
+                   username=os_username,
+                   password=os_password,
+{% if release in [ 'liberty', 'mitaka' ] %}
+                   tenant_name=os_tenant_name,
+{% else %}
+                   project_name=os_tenant_name,
+{% endif %}
+                   user_domain_id='default',
+                   project_domain_id='default')
--- a/roles/stonith-config/templates/create-stonith-from-instackenv.py.j2
+++ b/roles/stonith-config/templates/create-stonith-from-instackenv.py.j2
@ -1,89 +0,0 @@
-#!/bin/python
-
-import os
-import json
-import sys
-# The below will be enabled once OS_AUTH_URL=http://192.0.2.1:5000/v3
-#from keystoneauth1.identity import v3
-from keystoneauth1.identity import v2
-from keystoneauth1 import session
-from pprint import pprint
-from novaclient import client
-
-# Environment variables (need to source before launching):
-# export NOVA_VERSION=1.1
-# export OS_PASSWORD=$(sudo hiera admin_password)
-# If v3:
-#  export OS_AUTH_URL=http://192.0.2.1:5000/v3
-# else
-#  export OS_AUTH_URL=http://192.0.2.1:5000/v2.0
-# export OS_USERNAME=admin
-# export OS_TENANT_NAME=admin
-# export COMPUTE_API_VERSION=1.1
-# export OS_NO_CACHE=True
-
-# JSON format:
-#{ "nodes": [
-#{
-#  "mac": [
-#"b8:ca:3a:66:e3:82"
-#  ],
-#  "_comment":"host12-rack03.scale.openstack.engineering.redhat.com",
-#  "cpu": "",
-#  "memory": "",
-#  "disk": "",
-#  "arch": "x86_64",
-#  "pm_type":"pxe_ipmitool",
-#  "pm_user":"qe-scale",
-#  "pm_password":"d0ckingSt4tion",
-#  "pm_addr":"10.1.8.102"
-#},
-#...
-
-# JSon file as first parameter
-jdata = open(sys.argv[1])
-data = json.load(jdata)
-
-# controllers, computes or all
-fence_devices = sys.argv[2]
-
-os_username = os.environ['OS_USERNAME']
-os_password = os.environ['OS_PASSWORD']
-os_auth_url = os.environ['OS_AUTH_URL']
-
-if os.environ['OS_TENANT_NAME']:
- os_tenant_name = os.environ['OS_TENANT_NAME']
-else:
- os_tenant_name = os.environ['OS_PROJECT_NAME']
-
-os_compute_api_version = os.environ['COMPUTE_API_VERSION']
-
-print('pcs property set stonith-enabled=false')
-
-# To make the below working os_auth_url must be http://192.0.2.1:5000/v3
-#auth = v3.Password(auth_url=os_auth_url,
-#                   username=os_username,
-#                   password=os_password,
-#{% if release in [ 'liberty', 'mitaka' ] %}
-#                   tenant_name=os_tenant_name,
-#{% else %}
-#                   project_name=os_tenant_name,
-#{% endif %}
-#                   user_domain_id='default',
-#                   project_domain_id='default')
-
-auth = v2.Password(auth_url=os_auth_url, username=os_username, password=os_password, tenant_name=os_tenant_name)
-
-sess = session.Session(auth=auth)
-nt = client.Client("2.1", session=sess)
-
-for instance in nt.servers.list():
- for node in data["nodes"]:
-  if (node["mac"][0] == instance.addresses['ctlplane'][0]['OS-EXT-IPS-MAC:mac_addr'] and (('controller' in instance.name and fence_devices in ['controllers','all']) or ('compute' in instance.name and fence_devices in ['computes','all']))):
-   print('pcs stonith delete ipmilan-{} || /bin/true'.format(instance.name))
-   print('pcs stonith create ipmilan-{} fence_ipmilan pcmk_host_list="{}" ipaddr="{}" login="{}" passwd="{}" lanplus="true" delay=20 op monitor interval=60s'.format(instance.name,instance.name,node["pm_addr"],node["pm_user"],node["pm_password"]))
-   print('pcs location ipmilan-{} avoids {}'.format(instance.name,instance.name))
-
-print('pcs property set stonith-enabled=true')
-
-jdata.close()