starlingx/upstream
Code Issues Proposed changes

OCF scripts to manage Barbican processes as an HA resource.

Browse Source 
Create OCF scripts for controlling Barbican processes lifecycle.
There are three Barican proceses that needs to be managed:
barbican-api, barbican-keystone-listener and barbican-worker.

Change-Id: I2667d56a71b7d3881c03b6a5c1e5ed61d4f0b902
Story: 2003108
Task: 27700
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
This commit is contained in:
Alex Kozyrev 2018-11-29 11:44:50 -05:00
parent 46c1244644
commit fa4855a7c3
4 changed files with 965 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openstack/stx-ocf-scripts/centos/build_srpm.data
View File

@ -1,2 +1,2 @@
SRC_DIR="$PKG_BASE/src"
TIS_PATCH_VER=1
TIS_PATCH_VER=2

361
openstack/stx-ocf-scripts/src/ocf/barbican-api Normal file
View File

@ -0,0 +1,361 @@
#!/bin/sh
#
#
# OpenStack Key Management API Service (barbican-api)
#
# Description: Manages an OpenStack Key Management API Service as an HA resource
#
# Authors: Alex Kozyrev
#
# Support: openstack@lists.launchpad.net
# License: Apache Software License (ASL) 2.0
#
# Copyright (c) 2018 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#
# See usage() function below for more details ...
#
# OCF instance parameters:
# OCF_RESKEY_binary
# OCF_RESKEY_config
# OCF_RESKEY_user
# OCF_RESKEY_pid
# OCF_RESKEY_monitor_binary
# OCF_RESKEY_server_port
# OCF_RESKEY_additional_parameters
#######################################################################
# Initialization:
: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
#######################################################################
# Fill in some defaults if no values are specified
OCF_RESKEY_binary_default="/etc/barbican/gunicorn-config.py"
OCF_RESKEY_config_default="/etc/barbican/barbican.conf"
OCF_RESKEY_user_default="root"
OCF_RESKEY_pid_default="/run/barbican/pid"
OCF_RESKEY_server_port_default="9311"
: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}}
: ${OCF_RESKEY_config=${OCF_RESKEY_config_default}}
: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}}
: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}}
: ${OCF_RESKEY_server_port=${OCF_RESKEY_server_port_default}}
#######################################################################
usage() {
cat <<UEND
usage: $0 (start|stop|validate-all|meta-data|status|monitor)
$0 Manages an OpenStack Key Management API Service (barbican-api) process as an HA resource
The 'start' operation starts the barbican-api service.
The 'stop' operation stops the barbican-api service.
The 'validate-all' operation reports whether the parameters are valid
The 'meta-data' operation reports this RA's meta-data information
The 'status' operation reports whether the barbican-api service is running
The 'monitor' operation reports whether the barbican-api service seems to be working
UEND
}
meta_data() {
cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="barbican-api">
<version>1.0</version>
<longdesc lang="en">
Resource agent for the OpenStack Key Management API Service (barbican-api)
May Manage a barbican-api instance or a clone set that
creates a distributed barbican-api cluster.
</longdesc>
<shortdesc lang="en">Manages the OpenStack Key Management API Service (barbican-api)</shortdesc>
<parameters>
<parameter name="binary" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack Key Management API server binary (barbican-api)
</longdesc>
<shortdesc lang="en">OpenStack Key Management API server binary (barbican-api)</shortdesc>
<content type="string" default="${OCF_RESKEY_binary_default}" />
</parameter>
<parameter name="config" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack Key Management API Service (barbican-api) configuration file
</longdesc>
<shortdesc lang="en">OpenStack Key Management API (barbican-api) config file</shortdesc>
<content type="string" default="${OCF_RESKEY_config_default}" />
</parameter>
<parameter name="user" unique="0" required="0">
<longdesc lang="en">
User running OpenStack Key Management API Service (barbican-api)
</longdesc>
<shortdesc lang="en">OpenStack Key Management API Service (barbican-api) user</shortdesc>
<content type="string" default="${OCF_RESKEY_user_default}" />
</parameter>
<parameter name="pid" unique="0" required="0">
<longdesc lang="en">
The pid file to use for this OpenStack Key Management API Service (barbican-api) instance
</longdesc>
<shortdesc lang="en">OpenStack Key Management API Service (barbican-api) pid file</shortdesc>
<content type="string" default="${OCF_RESKEY_pid_default}" />
</parameter>
<parameter name="server_port" unique="0" required="0">
<longdesc lang="en">
The listening port number of the barbican-api server.
</longdesc>
<shortdesc lang="en">barbican-api listening port</shortdesc>
<content type="integer" default="${OCF_RESKEY_server_port_default}" />
</parameter>
</parameters>
<actions>
<action name="start" timeout="20" />
<action name="stop" timeout="20" />
<action name="status" timeout="20" />
<action name="monitor" timeout="30" interval="20" />
<action name="validate-all" timeout="5" />
<action name="meta-data" timeout="5" />
</actions>
</resource-agent>
END
}
#######################################################################
# Functions invoked by resource Manager actions
barbican_api_check_port() {
# This function has been taken from the squid RA and improved a bit
# The length of the integer must be 4
# Examples of valid port: "1080", "0080"
# Examples of invalid port: "1080bad", "0", "0000", ""
local int
local cnt
int="$1"
cnt=${#int}
echo $int |egrep -qx '[0-9]+(:[0-9]+)?(,[0-9]+(:[0-9]+)?)*'
if [ $? -ne 0 ] || [ $cnt -ne 4 ]; then
ocf_log err "Invalid port number: $1"
exit $OCF_ERR_CONFIGURED
fi
}
barbican_api_validate() {
local rc
check_binary netstat
barbican_api_check_port $OCF_RESKEY_server_port
# A config file on shared storage that is not available
# during probes is OK.
if [ ! -f $OCF_RESKEY_config ]; then
if ! ocf_is_probe; then
ocf_log err "Config $OCF_RESKEY_config doesn't exist"
return $OCF_ERR_INSTALLED
fi
ocf_log_warn "Config $OCF_RESKEY_config not available during a probe"
fi
getent passwd $OCF_RESKEY_user >/dev/null 2>&1
rc=$?
if [ $rc -ne 0 ]; then
ocf_log err "User $OCF_RESKEY_user doesn't exist"
return $OCF_ERR_INSTALLED
fi
true
}
barbican_api_status() {
local pid
local rc
if [ ! -f $OCF_RESKEY_pid ]; then
ocf_log info "OpenStack Key Management API (barbican-api) is not running"
return $OCF_NOT_RUNNING
else
pid=`cat $OCF_RESKEY_pid`
fi
ocf_run -warn kill -s 0 $pid
rc=$?
if [ $rc -eq 0 ]; then
return $OCF_SUCCESS
else
ocf_log info "Old PID file found, but OpenStack Key Management API \
(barbican-api) is not running"
rm -f $OCF_RESKEY_pid
return $OCF_NOT_RUNNING
fi
}
barbican_api_monitor() {
local rc
local pid
local rc_db
local engine_db_check
barbican_api_status
rc=$?
# If status returned anything but success, return that immediately
if [ $rc -ne $OCF_SUCCESS ]; then
return $rc
fi
# Check the server is listening on the server port
engine_db_check=`netstat -an | grep -s "$OCF_RESKEY_console_port" | grep -qs "LISTEN"`
rc_db=$?
if [ $rc_db -ne 0 ]; then
ocf_log err "barbican-api is not listening on $OCF_RESKEY_console_port: $rc_db"
return $OCF_NOT_RUNNING
fi
ocf_log debug "OpenStack Key Management API (barbican-api) monitor succeeded"
return $OCF_SUCCESS
}
barbican_api_start() {
local rc
local host
barbican_api_status
rc=$?
if [ $rc -eq $OCF_SUCCESS ]; then
ocf_log info "OpenStack Key Management API (barbican-api) already running"
return $OCF_SUCCESS
fi
# run the actual barbican-api daemon. Don't use ocf_run as we're sending the tool's output
# straight to /dev/null anyway and using ocf_run would break stdout-redirection here.
su ${OCF_RESKEY_user}
mkdir -p /run/barbican
chown barbican:barbican /run/barbican
/bin/python /usr/bin/gunicorn --pid $OCF_RESKEY_pid --config /etc/barbican/gunicorn-config.py \
--paste /etc/barbican/barbican-api-paste.ini >> /var/log/barbican/barbican-api.log 2>&1 &
# Spin waiting for the server to come up.
while true; do
barbican_api_monitor
rc=$?
[ $rc -eq $OCF_SUCCESS ] && break
if [ $rc -ne $OCF_NOT_RUNNING ]; then
ocf_log err "OpenStack Key Management API (barbican-api) start failed"
exit $OCF_ERR_GENERIC
fi
sleep 1
done
ocf_log info "OpenStack Key Management API (barbican-api) started"
return $OCF_SUCCESS
}
barbican_api_confirm_stop() {
local my_bin
local my_processes
my_processes=`pgrep -l -f "gunicorn.*master.*barbican-api"`
if [ -n "${my_processes}" ]
then
ocf_log info "About to SIGKILL the following: ${my_processes}"
pkill -KILL -f "gunicorn.*master.*barbican-api"
fi
}
barbican_api_stop() {
local rc
local pid
barbican_api_status
rc=$?
if [ $rc -eq $OCF_NOT_RUNNING ]; then
ocf_log info "OpenStack Key Management API (barbican-api) already stopped"
barbican_api_confirm_stop
return $OCF_SUCCESS
fi
# Try SIGTERM
pid=`cat $OCF_RESKEY_pid`
ocf_run kill -s TERM $pid
rc=$?
if [ $rc -ne 0 ]; then
ocf_log err "OpenStack Key Management API (barbican-api) couldn't be stopped"
barbican_api_confirm_stop
exit $OCF_ERR_GENERIC
fi
# stop waiting
shutdown_timeout=15
if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then
shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-5))
fi
count=0
while [ $count -lt $shutdown_timeout ]; do
barbican_api_status
rc=$?
if [ $rc -eq $OCF_NOT_RUNNING ]; then
break
fi
count=`expr $count + 1`
sleep 1
ocf_log debug "OpenStack Key Management API (barbican-api) still hasn't stopped yet. \
Waiting ..."
done
barbican_api_status
rc=$?
if [ $rc -ne $OCF_NOT_RUNNING ]; then
# SIGTERM didn't help either, try SIGKILL
ocf_log info "OpenStack Key Management API (barbican-api) failed to stop after \
${shutdown_timeout}s using SIGTERM. Trying SIGKILL ..."
ocf_run kill -s KILL $pid
fi
barbican_api_confirm_stop
ocf_log info "OpenStack Key Management API (barbican-api) stopped"
rm -f $OCF_RESKEY_pid
return $OCF_SUCCESS
}
#######################################################################
case "$1" in
meta-data) meta_data
exit $OCF_SUCCESS;;
usage|help) usage
exit $OCF_SUCCESS;;
esac
# Anything except meta-data and help must pass validation
barbican_api_validate || exit $?
# What kind of method was invoked?
case "$1" in
start) barbican_api_start;;
stop) barbican_api_stop;;
status) barbican_api_status;;
monitor) barbican_api_monitor;;
validate-all) ;;
*) usage
exit $OCF_ERR_UNIMPLEMENTED;;
esac

308
openstack/stx-ocf-scripts/src/ocf/barbican-keystone-listener Normal file
View File

@ -0,0 +1,308 @@
#!/bin/sh
#
#
# OpenStack Key Manager Keystone Listener Service (barbican-keystone-listener)
#
# Description: Manages an OpenStack Key Manager Keystone Listener Service
# (barbican-keystone-listener) process as an HA resource
#
# Authors: Alex Kozyrev
#
# Support: openstack@lists.launchpad.net
# License: Apache Software License (ASL) 2.0
#
# Copyright (c) 2018 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#
# See usage() function below for more details ...
#
# OCF instance parameters:
# OCF_RESKEY_binary
# OCF_RESKEY_user
# OCF_RESKEY_pid
#######################################################################
# Initialization:
: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
. /usr/bin/tsconfig
#######################################################################
# Fill in some defaults if no values are specified
OCF_RESKEY_binary_default="barbican-keystone-listener"
OCF_RESKEY_user_default="root"
OCF_RESKEY_pid_default="$HA_RSCTMP/$OCF_RESOURCE_INSTANCE.pid"
: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}}
: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}}
: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}}
#######################################################################
usage() {
cat <<UEND
usage: $0 (start|stop|validate-all|meta-data|status|monitor)
$0 manages an OpenStack Key Manager Keystone Listener Service
(barbican-keystone-listener) process as an HA resource
The 'start' operation starts the scheduler service.
The 'stop' operation stops the scheduler service.
The 'validate-all' operation reports whether the parameters are valid
The 'meta-data' operation reports this RA's meta-data information
The 'status' operation reports whether the scheduler service is running
The 'monitor' operation reports whether the scheduler service seems to be working
UEND
}
meta_data() {
cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="barbican-keystone-listener">
<version>1.0</version>
<longdesc lang="en">
Resource agent for the OpenStack Key Manager Keystone Listener Service (barbican-keystone-listener)
May manage a barbican-keystone-listener instance or a clone set that
creates a distributed barbican-keystone-listener cluster.
</longdesc>
<shortdesc lang="en">
Manages the OpenStack Key Manager Keystone Listener Service (barbican-keystone-listener)
</shortdesc>
<parameters>
<parameter name="binary" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack Key Manager Keystone Listener server binary (barbican-keystone-listener)
</longdesc>
<shortdesc lang="en">
OpenStack Key Manager Keystone Listener server binary (barbican-keystone-listener)
</shortdesc>
<content type="string" default="${OCF_RESKEY_binary_default}" />
</parameter>
<parameter name="user" unique="0" required="0">
<longdesc lang="en">
User running OpenStack Key Manager Keystone Listener Service (barbican-keystone-listener)
</longdesc>
<shortdesc lang="en">
OpenStack Key Manager Keystone Listener Service (barbican-keystone-listener) user
</shortdesc>
<content type="string" default="${OCF_RESKEY_user_default}" />
</parameter>
<parameter name="pid" unique="0" required="0">
<longdesc lang="en">
The pid file to use for this OpenStack Key Manager Keystone Listener Service
(barbican-keystone-listener) instance
</longdesc>
<shortdesc lang="en">
OpenStack Key Manager Keystone Listener Service (barbican-keystone-listener) pid file
</shortdesc>
<content type="string" default="${OCF_RESKEY_pid_default}" />
</parameter>
</parameters>
<actions>
<action name="start" timeout="20" />
<action name="stop" timeout="20" />
<action name="status" timeout="20" />
<action name="monitor" timeout="30" interval="20" />
<action name="validate-all" timeout="5" />
<action name="meta-data" timeout="5" />
</actions>
</resource-agent>
END
}
#######################################################################
# Functions invoked by resource manager actions
barbican_keystone_listener_validate() {
local rc
check_binary $OCF_RESKEY_binary
getent passwd $OCF_RESKEY_user >/dev/null 2>&1
rc=$?
if [ $rc -ne 0 ]; then
ocf_log err "User $OCF_RESKEY_user doesn't exist"
return $OCF_ERR_INSTALLED
fi
true
}
barbican_keystone_listener_status() {
local pid
local rc
if [ ! -f $OCF_RESKEY_pid ]; then
ocf_log info "OpenStack Key Manager Keystone Listener \
(barbican-keystone-listener) is not running"
return $OCF_NOT_RUNNING
else
pid=`cat $OCF_RESKEY_pid`
fi
ocf_run -warn kill -s 0 $pid
rc=$?
if [ $rc -eq 0 ]; then
return $OCF_SUCCESS
else
ocf_log info "Old PID file found, but OpenStack Key Manager Keystone Listener \
(barbican-keystone-listener) is not running"
rm -f $OCF_RESKEY_pid
return $OCF_NOT_RUNNING
fi
}
barbican_keystone_listener_monitor() {
local rc
local pid
barbican_keystone_listener_status
rc=$?
# If status returned anything but success, return that immediately
if [ $rc -ne $OCF_SUCCESS ]; then
return $rc
fi
ocf_log debug "OpenStack Key Manager Keystone Listener \
(barbican-keystone-listener) monitor succeeded"
return $OCF_SUCCESS
}
barbican_keystone_listener_start() {
local rc
barbican_keystone_listener_status
rc=$?
if [ $rc -eq $OCF_SUCCESS ]; then
ocf_log info "OpenStack Key Manager Keystone Listener \
(barbican-keystone-listener) already running"
return $OCF_SUCCESS
fi
# run the actual barbican-keystone-listener daemon. Don't use ocf_run as we're sending the
# tool's output straight to /dev/null anyway and using ocf_run would break stdout-redirection here.
su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} --logfile \
/var/log/barbican/barbican-keystone-listener.log"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid
# Spin waiting for the server to come up.
while true; do
barbican_keystone_listener_monitor
rc=$?
[ $rc -eq $OCF_SUCCESS ] && break
if [ $rc -ne $OCF_NOT_RUNNING ]; then
ocf_log err "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) start failed"
exit $OCF_ERR_GENERIC
fi
sleep 1
done
ocf_log info "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) started"
return $OCF_SUCCESS
}
barbican_keystone_listener_confirm_stop() {
local my_bin
local my_processes
my_binary=`which ${OCF_RESKEY_binary}`
my_processes=`pgrep -l -f "^(python|/usr/bin/python|/usr/bin/python2) ${my_binary}([^\w-]|$)"`
if [ -n "${my_processes}" ]
then
ocf_log info "About to SIGKILL the following: ${my_processes}"
pkill -KILL -f "^(python|/usr/bin/python|/usr/bin/python2) ${my_binary}([^\w-]|$)"
fi
}
barbican_keystone_listener_stop() {
local rc
local pid
barbican_keystone_listener_status
rc=$?
if [ $rc -eq $OCF_NOT_RUNNING ]; then
ocf_log info "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) already stopped"
barbican_keystone_listener_confirm_stop
return $OCF_SUCCESS
fi
# Try SIGTERM
pid=`cat $OCF_RESKEY_pid`
ocf_run kill -s TERM $pid
rc=$?
if [ $rc -ne 0 ]; then
ocf_log err "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) couldn't be stopped"
barbican_keystone_listener_confirm_stop
exit $OCF_ERR_GENERIC
fi
# stop waiting
shutdown_timeout=2
if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then
shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-5))
fi
count=0
while [ $count -lt $shutdown_timeout ]; do
barbican_keystone_listener_status
rc=$?
if [ $rc -eq $OCF_NOT_RUNNING ]; then
break
fi
count=`expr $count + 1`
sleep 1
ocf_log debug "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) still hasn't stopped yet. \
Waiting ..."
done
barbican_keystone_listener_status
rc=$?
if [ $rc -ne $OCF_NOT_RUNNING ]; then
# SIGTERM didn't help either, try SIGKILL
ocf_log info "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) failed to stop after \
${shutdown_timeout}s using SIGTERM. Trying SIGKILL ..."
ocf_run kill -s KILL $pid
fi
barbican_keystone_listener_confirm_stop
ocf_log info "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) stopped"
rm -f $OCF_RESKEY_pid
return $OCF_SUCCESS
}
#######################################################################
case "$1" in
meta-data) meta_data
exit $OCF_SUCCESS;;
usage|help) usage
exit $OCF_SUCCESS;;
esac
# Anything except meta-data and help must pass validation
barbican_keystone_listener_validate || exit $?
# What kind of method was invoked?
case "$1" in
start) barbican_keystone_listener_start;;
stop) barbican_keystone_listener_stop;;
status) barbican_keystone_listener_status;;
monitor) barbican_keystone_listener_monitor;;
validate-all) ;;
*) usage
exit $OCF_ERR_UNIMPLEMENTED;;
esac

295
openstack/stx-ocf-scripts/src/ocf/barbican-worker Normal file
View File

@ -0,0 +1,295 @@
#!/bin/sh
#
#
# OpenStack Key Manager Worker Service (barbican-worker)
#
# Description: Manages an OpenStack Key Manager Worker Service
# (barbican-worker) process as an HA resource
#
# Authors: Alex Kozyrev
#
# Support: openstack@lists.launchpad.net
# License: Apache Software License (ASL) 2.0
#
# Copyright (c) 2018 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#
# See usage() function below for more details ...
#
# OCF instance parameters:
# OCF_RESKEY_binary
# OCF_RESKEY_user
# OCF_RESKEY_pid
#######################################################################
# Initialization:
: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
. /usr/bin/tsconfig
#######################################################################
# Fill in some defaults if no values are specified
OCF_RESKEY_binary_default="barbican-worker"
OCF_RESKEY_user_default="root"
OCF_RESKEY_pid_default="$HA_RSCTMP/$OCF_RESOURCE_INSTANCE.pid"
: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}}
: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}}
: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}}
#######################################################################
usage() {
cat <<UEND
usage: $0 (start|stop|validate-all|meta-data|status|monitor)
$0 manages an OpenStack Key Manager Worker Service
(barbican-worker) process as an HA resource
The 'start' operation starts the scheduler service.
The 'stop' operation stops the scheduler service.
The 'validate-all' operation reports whether the parameters are valid
The 'meta-data' operation reports this RA's meta-data information
The 'status' operation reports whether the scheduler service is running
The 'monitor' operation reports whether the scheduler service seems to be working
UEND
}
meta_data() {
cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="barbican-worker">
<version>1.0</version>
<longdesc lang="en">
Resource agent for the OpenStack Key Manager Worker Service (barbican-worker)
May manage a barbican-worker instance or a clone set that
creates a distributed barbican-worker cluster.
</longdesc>
<shortdesc lang="en">Manages the OpenStack Key Manager Worker Service (barbican-worker)</shortdesc>
<parameters>
<parameter name="binary" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack Key Manager Worker server binary (barbican-worker)
</longdesc>
<shortdesc lang="en">OpenStack Key Manager Worker server binary (barbican-worker)</shortdesc>
<content type="string" default="${OCF_RESKEY_binary_default}" />
</parameter>
<parameter name="user" unique="0" required="0">
<longdesc lang="en">
User running OpenStack Key Manager Worker Service (barbican-worker)
</longdesc>
<shortdesc lang="en">OpenStack Key Manager Worker Service (barbican-worker) user</shortdesc>
<content type="string" default="${OCF_RESKEY_user_default}" />
</parameter>
<parameter name="pid" unique="0" required="0">
<longdesc lang="en">
The pid file to use for this OpenStack Key Manager Worker Service (barbican-worker) instance
</longdesc>
<shortdesc lang="en">OpenStack Key Manager Worker Service (barbican-worker) pid file</shortdesc>
<content type="string" default="${OCF_RESKEY_pid_default}" />
</parameter>
</parameters>
<actions>
<action name="start" timeout="20" />
<action name="stop" timeout="20" />
<action name="status" timeout="20" />
<action name="monitor" timeout="30" interval="20" />
<action name="validate-all" timeout="5" />
<action name="meta-data" timeout="5" />
</actions>
</resource-agent>
END
}
#######################################################################
# Functions invoked by resource manager actions
barbican_worker_validate() {
local rc
check_binary $OCF_RESKEY_binary
getent passwd $OCF_RESKEY_user >/dev/null 2>&1
rc=$?
if [ $rc -ne 0 ]; then
ocf_log err "User $OCF_RESKEY_user doesn't exist"
return $OCF_ERR_INSTALLED
fi
true
}
barbican_worker_status() {
local pid
local rc
if [ ! -f $OCF_RESKEY_pid ]; then
ocf_log info "OpenStack Key Manager Worker (barbican-worker) is not running"
return $OCF_NOT_RUNNING
else
pid=`cat $OCF_RESKEY_pid`
fi
ocf_run -warn kill -s 0 $pid
rc=$?
if [ $rc -eq 0 ]; then
return $OCF_SUCCESS
else
ocf_log info "Old PID file found, but OpenStack Key Manager Worker (barbican-worker) is not running"
rm -f $OCF_RESKEY_pid
return $OCF_NOT_RUNNING
fi
}
barbican_worker_monitor() {
local rc
local pid
barbican_worker_status
rc=$?
# If status returned anything but success, return that immediately
if [ $rc -ne $OCF_SUCCESS ]; then
return $rc
fi
ocf_log debug "OpenStack Key Manager Worker (barbican-worker) monitor succeeded"
return $OCF_SUCCESS
}
barbican_worker_start() {
local rc
barbican_worker_status
rc=$?
if [ $rc -eq $OCF_SUCCESS ]; then
ocf_log info "OpenStack Key Manager Worker (barbican-worker) already running"
return $OCF_SUCCESS
fi
# run the actual barbican-worker daemon. Don't use ocf_run as we're sending the tool's output
# straight to /dev/null anyway and using ocf_run would break stdout-redirection here.
su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} \
--logfile /var/log/barbican/barbican-worker.log"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid
# Spin waiting for the server to come up.
while true; do
barbican_worker_monitor
rc=$?
[ $rc -eq $OCF_SUCCESS ] && break
if [ $rc -ne $OCF_NOT_RUNNING ]; then
ocf_log err "OpenStack Key Manager Worker (barbican-worker) start failed"
exit $OCF_ERR_GENERIC
fi
sleep 1
done
ocf_log info "OpenStack Key Manager Worker (barbican-worker) started"
return $OCF_SUCCESS
}
barbican_worker_confirm_stop() {
local my_bin
local my_processes
my_binary=`which ${OCF_RESKEY_binary}`
my_processes=`pgrep -l -f "^(python|/usr/bin/python|/usr/bin/python2) ${my_binary}([^\w-]|$)"`
if [ -n "${my_processes}" ]
then
ocf_log info "About to SIGKILL the following: ${my_processes}"
pkill -KILL -f "^(python|/usr/bin/python|/usr/bin/python2) ${my_binary}([^\w-]|$)"
fi
}
barbican_worker_stop() {
local rc
local pid
barbican_worker_status
rc=$?
if [ $rc -eq $OCF_NOT_RUNNING ]; then
ocf_log info "OpenStack Key Manager Worker (barbican-worker) already stopped"
barbican_worker_confirm_stop
return $OCF_SUCCESS
fi
# Try SIGTERM
pid=`cat $OCF_RESKEY_pid`
ocf_run kill -s TERM $pid
rc=$?
if [ $rc -ne 0 ]; then
ocf_log err "OpenStack Key Manager Worker (barbican-worker) couldn't be stopped"
barbican_worker_confirm_stop
exit $OCF_ERR_GENERIC
fi
# stop waiting
shutdown_timeout=2
if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then
shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-5))
fi
count=0
while [ $count -lt $shutdown_timeout ]; do
barbican_worker_status
rc=$?
if [ $rc -eq $OCF_NOT_RUNNING ]; then
break
fi
count=`expr $count + 1`
sleep 1
ocf_log debug "OpenStack Key Manager Worker (barbican-worker) still hasn't stopped yet. \
Waiting ..."
done
barbican_worker_status
rc=$?
if [ $rc -ne $OCF_NOT_RUNNING ]; then
# SIGTERM didn't help either, try SIGKILL
ocf_log info "OpenStack Key Manager Worker (barbican-worker) failed to stop after \
${shutdown_timeout}s using SIGTERM. Trying SIGKILL ..."
ocf_run kill -s KILL $pid
fi
barbican_worker_confirm_stop
ocf_log info "OpenStack Key Manager Worker (barbican-worker) stopped"
rm -f $OCF_RESKEY_pid
return $OCF_SUCCESS
}
#######################################################################
case "$1" in
meta-data) meta_data
exit $OCF_SUCCESS;;
usage|help) usage
exit $OCF_SUCCESS;;
esac
# Anything except meta-data and help must pass validation
barbican_worker_validate || exit $?
# What kind of method was invoked?
case "$1" in
start) barbican_worker_start;;
stop) barbican_worker_stop;;
status) barbican_worker_status;;
monitor) barbican_worker_monitor;;
validate-all) ;;
*) usage
exit $OCF_ERR_UNIMPLEMENTED;;
esac