From fa4855a7c3468dcb870157050913b361b462253a Mon Sep 17 00:00:00 2001 From: Alex Kozyrev Date: Thu, 29 Nov 2018 11:44:50 -0500 Subject: [PATCH] OCF scripts to manage Barbican processes as an HA resource. Create OCF scripts for controlling Barbican processes lifecycle. There are three Barican proceses that needs to be managed: barbican-api, barbican-keystone-listener and barbican-worker. Change-Id: I2667d56a71b7d3881c03b6a5c1e5ed61d4f0b902 Story: 2003108 Task: 27700 Signed-off-by: Alex Kozyrev --- .../stx-ocf-scripts/centos/build_srpm.data | 2 +- .../stx-ocf-scripts/src/ocf/barbican-api | 361 ++++++++++++++++++ .../src/ocf/barbican-keystone-listener | 308 +++++++++++++++ .../stx-ocf-scripts/src/ocf/barbican-worker | 295 ++++++++++++++ 4 files changed, 965 insertions(+), 1 deletion(-) create mode 100644 openstack/stx-ocf-scripts/src/ocf/barbican-api create mode 100644 openstack/stx-ocf-scripts/src/ocf/barbican-keystone-listener create mode 100644 openstack/stx-ocf-scripts/src/ocf/barbican-worker diff --git a/openstack/stx-ocf-scripts/centos/build_srpm.data b/openstack/stx-ocf-scripts/centos/build_srpm.data index 68c4f32d..408254c1 100644 --- a/openstack/stx-ocf-scripts/centos/build_srpm.data +++ b/openstack/stx-ocf-scripts/centos/build_srpm.data @@ -1,2 +1,2 @@ SRC_DIR="$PKG_BASE/src" -TIS_PATCH_VER=1 +TIS_PATCH_VER=2 diff --git a/openstack/stx-ocf-scripts/src/ocf/barbican-api b/openstack/stx-ocf-scripts/src/ocf/barbican-api new file mode 100644 index 00000000..1ad992da --- /dev/null +++ b/openstack/stx-ocf-scripts/src/ocf/barbican-api @@ -0,0 +1,361 @@ +#!/bin/sh +# +# +# OpenStack Key Management API Service (barbican-api) +# +# Description: Manages an OpenStack Key Management API Service as an HA resource +# +# Authors: Alex Kozyrev +# +# Support: openstack@lists.launchpad.net +# License: Apache Software License (ASL) 2.0 +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# +# See usage() function below for more details ... +# +# OCF instance parameters: +# OCF_RESKEY_binary +# OCF_RESKEY_config +# OCF_RESKEY_user +# OCF_RESKEY_pid +# OCF_RESKEY_monitor_binary +# OCF_RESKEY_server_port +# OCF_RESKEY_additional_parameters +####################################################################### +# Initialization: + +: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} +. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs + +####################################################################### + +# Fill in some defaults if no values are specified + +OCF_RESKEY_binary_default="/etc/barbican/gunicorn-config.py" +OCF_RESKEY_config_default="/etc/barbican/barbican.conf" +OCF_RESKEY_user_default="root" +OCF_RESKEY_pid_default="/run/barbican/pid" +OCF_RESKEY_server_port_default="9311" + +: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}} +: ${OCF_RESKEY_config=${OCF_RESKEY_config_default}} +: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}} +: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}} +: ${OCF_RESKEY_server_port=${OCF_RESKEY_server_port_default}} + +####################################################################### + +usage() { + cat < + + +1.0 + + +Resource agent for the OpenStack Key Management API Service (barbican-api) +May Manage a barbican-api instance or a clone set that +creates a distributed barbican-api cluster. + +Manages the OpenStack Key Management API Service (barbican-api) + + + + +Location of the OpenStack Key Management API server binary (barbican-api) + +OpenStack Key Management API server binary (barbican-api) + + + + + +Location of the OpenStack Key Management API Service (barbican-api) configuration file + +OpenStack Key Management API (barbican-api) config file + + + + + +User running OpenStack Key Management API Service (barbican-api) + +OpenStack Key Management API Service (barbican-api) user + + + + + +The pid file to use for this OpenStack Key Management API Service (barbican-api) instance + +OpenStack Key Management API Service (barbican-api) pid file + + + + + +The listening port number of the barbican-api server. + + +barbican-api listening port + + + + + + + + + + + + + + +END +} + +####################################################################### +# Functions invoked by resource Manager actions + +barbican_api_check_port() { +# This function has been taken from the squid RA and improved a bit +# The length of the integer must be 4 +# Examples of valid port: "1080", "0080" +# Examples of invalid port: "1080bad", "0", "0000", "" + + local int + local cnt + + int="$1" + cnt=${#int} + echo $int |egrep -qx '[0-9]+(:[0-9]+)?(,[0-9]+(:[0-9]+)?)*' + + if [ $? -ne 0 ] || [ $cnt -ne 4 ]; then + ocf_log err "Invalid port number: $1" + exit $OCF_ERR_CONFIGURED + fi +} + +barbican_api_validate() { + local rc + + check_binary netstat + barbican_api_check_port $OCF_RESKEY_server_port + + # A config file on shared storage that is not available + # during probes is OK. + if [ ! -f $OCF_RESKEY_config ]; then + if ! ocf_is_probe; then + ocf_log err "Config $OCF_RESKEY_config doesn't exist" + return $OCF_ERR_INSTALLED + fi + ocf_log_warn "Config $OCF_RESKEY_config not available during a probe" + fi + + getent passwd $OCF_RESKEY_user >/dev/null 2>&1 + rc=$? + if [ $rc -ne 0 ]; then + ocf_log err "User $OCF_RESKEY_user doesn't exist" + return $OCF_ERR_INSTALLED + fi + + true +} + +barbican_api_status() { + local pid + local rc + + if [ ! -f $OCF_RESKEY_pid ]; then + ocf_log info "OpenStack Key Management API (barbican-api) is not running" + return $OCF_NOT_RUNNING + else + pid=`cat $OCF_RESKEY_pid` + fi + + ocf_run -warn kill -s 0 $pid + rc=$? + if [ $rc -eq 0 ]; then + return $OCF_SUCCESS + else + ocf_log info "Old PID file found, but OpenStack Key Management API \ + (barbican-api) is not running" + rm -f $OCF_RESKEY_pid + return $OCF_NOT_RUNNING + fi +} + +barbican_api_monitor() { + local rc + local pid + local rc_db + local engine_db_check + + barbican_api_status + rc=$? + + # If status returned anything but success, return that immediately + if [ $rc -ne $OCF_SUCCESS ]; then + return $rc + fi + + # Check the server is listening on the server port + engine_db_check=`netstat -an | grep -s "$OCF_RESKEY_console_port" | grep -qs "LISTEN"` + rc_db=$? + if [ $rc_db -ne 0 ]; then + ocf_log err "barbican-api is not listening on $OCF_RESKEY_console_port: $rc_db" + return $OCF_NOT_RUNNING + fi + + ocf_log debug "OpenStack Key Management API (barbican-api) monitor succeeded" + return $OCF_SUCCESS +} + +barbican_api_start() { + local rc + local host + + barbican_api_status + rc=$? + if [ $rc -eq $OCF_SUCCESS ]; then + ocf_log info "OpenStack Key Management API (barbican-api) already running" + return $OCF_SUCCESS + fi + # run the actual barbican-api daemon. Don't use ocf_run as we're sending the tool's output + # straight to /dev/null anyway and using ocf_run would break stdout-redirection here. + su ${OCF_RESKEY_user} + mkdir -p /run/barbican + chown barbican:barbican /run/barbican + /bin/python /usr/bin/gunicorn --pid $OCF_RESKEY_pid --config /etc/barbican/gunicorn-config.py \ + --paste /etc/barbican/barbican-api-paste.ini >> /var/log/barbican/barbican-api.log 2>&1 & + + # Spin waiting for the server to come up. + while true; do + barbican_api_monitor + rc=$? + [ $rc -eq $OCF_SUCCESS ] && break + if [ $rc -ne $OCF_NOT_RUNNING ]; then + ocf_log err "OpenStack Key Management API (barbican-api) start failed" + exit $OCF_ERR_GENERIC + fi + sleep 1 + done + + ocf_log info "OpenStack Key Management API (barbican-api) started" + return $OCF_SUCCESS +} + +barbican_api_confirm_stop() { + local my_bin + local my_processes + + my_processes=`pgrep -l -f "gunicorn.*master.*barbican-api"` + + if [ -n "${my_processes}" ] + then + ocf_log info "About to SIGKILL the following: ${my_processes}" + pkill -KILL -f "gunicorn.*master.*barbican-api" + fi +} + +barbican_api_stop() { + local rc + local pid + + barbican_api_status + rc=$? + if [ $rc -eq $OCF_NOT_RUNNING ]; then + ocf_log info "OpenStack Key Management API (barbican-api) already stopped" + barbican_api_confirm_stop + return $OCF_SUCCESS + fi + + # Try SIGTERM + pid=`cat $OCF_RESKEY_pid` + ocf_run kill -s TERM $pid + rc=$? + if [ $rc -ne 0 ]; then + ocf_log err "OpenStack Key Management API (barbican-api) couldn't be stopped" + barbican_api_confirm_stop + exit $OCF_ERR_GENERIC + fi + + # stop waiting + shutdown_timeout=15 + if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then + shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-5)) + fi + count=0 + while [ $count -lt $shutdown_timeout ]; do + barbican_api_status + rc=$? + if [ $rc -eq $OCF_NOT_RUNNING ]; then + break + fi + count=`expr $count + 1` + sleep 1 + ocf_log debug "OpenStack Key Management API (barbican-api) still hasn't stopped yet. \ + Waiting ..." + done + + barbican_api_status + rc=$? + if [ $rc -ne $OCF_NOT_RUNNING ]; then + # SIGTERM didn't help either, try SIGKILL + ocf_log info "OpenStack Key Management API (barbican-api) failed to stop after \ + ${shutdown_timeout}s using SIGTERM. Trying SIGKILL ..." + ocf_run kill -s KILL $pid + fi + barbican_api_confirm_stop + + ocf_log info "OpenStack Key Management API (barbican-api) stopped" + + rm -f $OCF_RESKEY_pid + + return $OCF_SUCCESS +} + +####################################################################### + +case "$1" in + meta-data) meta_data + exit $OCF_SUCCESS;; + usage|help) usage + exit $OCF_SUCCESS;; +esac + +# Anything except meta-data and help must pass validation +barbican_api_validate || exit $? + +# What kind of method was invoked? +case "$1" in + start) barbican_api_start;; + stop) barbican_api_stop;; + status) barbican_api_status;; + monitor) barbican_api_monitor;; + validate-all) ;; + *) usage + exit $OCF_ERR_UNIMPLEMENTED;; +esac + diff --git a/openstack/stx-ocf-scripts/src/ocf/barbican-keystone-listener b/openstack/stx-ocf-scripts/src/ocf/barbican-keystone-listener new file mode 100644 index 00000000..ab364b7c --- /dev/null +++ b/openstack/stx-ocf-scripts/src/ocf/barbican-keystone-listener @@ -0,0 +1,308 @@ +#!/bin/sh +# +# +# OpenStack Key Manager Keystone Listener Service (barbican-keystone-listener) +# +# Description: Manages an OpenStack Key Manager Keystone Listener Service +# (barbican-keystone-listener) process as an HA resource +# +# Authors: Alex Kozyrev +# +# Support: openstack@lists.launchpad.net +# License: Apache Software License (ASL) 2.0 +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# +# See usage() function below for more details ... +# +# OCF instance parameters: +# OCF_RESKEY_binary +# OCF_RESKEY_user +# OCF_RESKEY_pid +####################################################################### +# Initialization: + +: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} +. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs +. /usr/bin/tsconfig + +####################################################################### + +# Fill in some defaults if no values are specified + +OCF_RESKEY_binary_default="barbican-keystone-listener" +OCF_RESKEY_user_default="root" +OCF_RESKEY_pid_default="$HA_RSCTMP/$OCF_RESOURCE_INSTANCE.pid" + +: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}} +: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}} +: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}} + +####################################################################### + +usage() { + cat < + + +1.0 + + +Resource agent for the OpenStack Key Manager Keystone Listener Service (barbican-keystone-listener) +May manage a barbican-keystone-listener instance or a clone set that +creates a distributed barbican-keystone-listener cluster. + + +Manages the OpenStack Key Manager Keystone Listener Service (barbican-keystone-listener) + + + + + +Location of the OpenStack Key Manager Keystone Listener server binary (barbican-keystone-listener) + + +OpenStack Key Manager Keystone Listener server binary (barbican-keystone-listener) + + + + + + +User running OpenStack Key Manager Keystone Listener Service (barbican-keystone-listener) + + +OpenStack Key Manager Keystone Listener Service (barbican-keystone-listener) user + + + + + + +The pid file to use for this OpenStack Key Manager Keystone Listener Service +(barbican-keystone-listener) instance + + +OpenStack Key Manager Keystone Listener Service (barbican-keystone-listener) pid file + + + + + + + + + + + + + + + +END +} + +####################################################################### +# Functions invoked by resource manager actions + +barbican_keystone_listener_validate() { + local rc + + check_binary $OCF_RESKEY_binary + + getent passwd $OCF_RESKEY_user >/dev/null 2>&1 + rc=$? + if [ $rc -ne 0 ]; then + ocf_log err "User $OCF_RESKEY_user doesn't exist" + return $OCF_ERR_INSTALLED + fi + + true +} + +barbican_keystone_listener_status() { + local pid + local rc + + if [ ! -f $OCF_RESKEY_pid ]; then + ocf_log info "OpenStack Key Manager Keystone Listener \ + (barbican-keystone-listener) is not running" + return $OCF_NOT_RUNNING + else + pid=`cat $OCF_RESKEY_pid` + fi + + ocf_run -warn kill -s 0 $pid + rc=$? + if [ $rc -eq 0 ]; then + return $OCF_SUCCESS + else + ocf_log info "Old PID file found, but OpenStack Key Manager Keystone Listener \ + (barbican-keystone-listener) is not running" + rm -f $OCF_RESKEY_pid + return $OCF_NOT_RUNNING + fi +} + +barbican_keystone_listener_monitor() { + local rc + local pid + + barbican_keystone_listener_status + rc=$? + + # If status returned anything but success, return that immediately + if [ $rc -ne $OCF_SUCCESS ]; then + return $rc + fi + + ocf_log debug "OpenStack Key Manager Keystone Listener \ + (barbican-keystone-listener) monitor succeeded" + return $OCF_SUCCESS +} + +barbican_keystone_listener_start() { + local rc + + barbican_keystone_listener_status + rc=$? + if [ $rc -eq $OCF_SUCCESS ]; then + ocf_log info "OpenStack Key Manager Keystone Listener \ + (barbican-keystone-listener) already running" + return $OCF_SUCCESS + fi + + # run the actual barbican-keystone-listener daemon. Don't use ocf_run as we're sending the + # tool's output straight to /dev/null anyway and using ocf_run would break stdout-redirection here. + su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} --logfile \ + /var/log/barbican/barbican-keystone-listener.log"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid + + # Spin waiting for the server to come up. + while true; do + barbican_keystone_listener_monitor + rc=$? + [ $rc -eq $OCF_SUCCESS ] && break + if [ $rc -ne $OCF_NOT_RUNNING ]; then + ocf_log err "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) start failed" + exit $OCF_ERR_GENERIC + fi + sleep 1 + done + + ocf_log info "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) started" + return $OCF_SUCCESS +} + +barbican_keystone_listener_confirm_stop() { + local my_bin + local my_processes + + my_binary=`which ${OCF_RESKEY_binary}` + my_processes=`pgrep -l -f "^(python|/usr/bin/python|/usr/bin/python2) ${my_binary}([^\w-]|$)"` + + if [ -n "${my_processes}" ] + then + ocf_log info "About to SIGKILL the following: ${my_processes}" + pkill -KILL -f "^(python|/usr/bin/python|/usr/bin/python2) ${my_binary}([^\w-]|$)" + fi +} + +barbican_keystone_listener_stop() { + local rc + local pid + + barbican_keystone_listener_status + rc=$? + if [ $rc -eq $OCF_NOT_RUNNING ]; then + ocf_log info "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) already stopped" + barbican_keystone_listener_confirm_stop + return $OCF_SUCCESS + fi + + # Try SIGTERM + pid=`cat $OCF_RESKEY_pid` + ocf_run kill -s TERM $pid + rc=$? + if [ $rc -ne 0 ]; then + ocf_log err "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) couldn't be stopped" + barbican_keystone_listener_confirm_stop + exit $OCF_ERR_GENERIC + fi + + # stop waiting + shutdown_timeout=2 + if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then + shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-5)) + fi + count=0 + while [ $count -lt $shutdown_timeout ]; do + barbican_keystone_listener_status + rc=$? + if [ $rc -eq $OCF_NOT_RUNNING ]; then + break + fi + count=`expr $count + 1` + sleep 1 + ocf_log debug "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) still hasn't stopped yet. \ + Waiting ..." + done + + barbican_keystone_listener_status + rc=$? + if [ $rc -ne $OCF_NOT_RUNNING ]; then + # SIGTERM didn't help either, try SIGKILL + ocf_log info "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) failed to stop after \ + ${shutdown_timeout}s using SIGTERM. Trying SIGKILL ..." + ocf_run kill -s KILL $pid + fi + barbican_keystone_listener_confirm_stop + + ocf_log info "OpenStack Key Manager Keystone Listener (barbican-keystone-listener) stopped" + + rm -f $OCF_RESKEY_pid + + return $OCF_SUCCESS +} + +####################################################################### + +case "$1" in + meta-data) meta_data + exit $OCF_SUCCESS;; + usage|help) usage + exit $OCF_SUCCESS;; +esac + +# Anything except meta-data and help must pass validation +barbican_keystone_listener_validate || exit $? + +# What kind of method was invoked? +case "$1" in + start) barbican_keystone_listener_start;; + stop) barbican_keystone_listener_stop;; + status) barbican_keystone_listener_status;; + monitor) barbican_keystone_listener_monitor;; + validate-all) ;; + *) usage + exit $OCF_ERR_UNIMPLEMENTED;; +esac diff --git a/openstack/stx-ocf-scripts/src/ocf/barbican-worker b/openstack/stx-ocf-scripts/src/ocf/barbican-worker new file mode 100644 index 00000000..a63a9cca --- /dev/null +++ b/openstack/stx-ocf-scripts/src/ocf/barbican-worker @@ -0,0 +1,295 @@ +#!/bin/sh +# +# +# OpenStack Key Manager Worker Service (barbican-worker) +# +# Description: Manages an OpenStack Key Manager Worker Service +# (barbican-worker) process as an HA resource +# +# Authors: Alex Kozyrev +# +# Support: openstack@lists.launchpad.net +# License: Apache Software License (ASL) 2.0 +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# +# See usage() function below for more details ... +# +# OCF instance parameters: +# OCF_RESKEY_binary +# OCF_RESKEY_user +# OCF_RESKEY_pid +####################################################################### +# Initialization: + +: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} +. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs +. /usr/bin/tsconfig + +####################################################################### + +# Fill in some defaults if no values are specified + +OCF_RESKEY_binary_default="barbican-worker" +OCF_RESKEY_user_default="root" +OCF_RESKEY_pid_default="$HA_RSCTMP/$OCF_RESOURCE_INSTANCE.pid" + +: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}} +: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}} +: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}} + +####################################################################### + +usage() { + cat < + + +1.0 + + +Resource agent for the OpenStack Key Manager Worker Service (barbican-worker) +May manage a barbican-worker instance or a clone set that +creates a distributed barbican-worker cluster. + +Manages the OpenStack Key Manager Worker Service (barbican-worker) + + + + +Location of the OpenStack Key Manager Worker server binary (barbican-worker) + +OpenStack Key Manager Worker server binary (barbican-worker) + + + + + +User running OpenStack Key Manager Worker Service (barbican-worker) + +OpenStack Key Manager Worker Service (barbican-worker) user + + + + + +The pid file to use for this OpenStack Key Manager Worker Service (barbican-worker) instance + +OpenStack Key Manager Worker Service (barbican-worker) pid file + + + + + + + + + + + + + + +END +} + +####################################################################### +# Functions invoked by resource manager actions + +barbican_worker_validate() { + local rc + + check_binary $OCF_RESKEY_binary + + getent passwd $OCF_RESKEY_user >/dev/null 2>&1 + rc=$? + if [ $rc -ne 0 ]; then + ocf_log err "User $OCF_RESKEY_user doesn't exist" + return $OCF_ERR_INSTALLED + fi + + true +} + +barbican_worker_status() { + local pid + local rc + + if [ ! -f $OCF_RESKEY_pid ]; then + ocf_log info "OpenStack Key Manager Worker (barbican-worker) is not running" + return $OCF_NOT_RUNNING + else + pid=`cat $OCF_RESKEY_pid` + fi + + ocf_run -warn kill -s 0 $pid + rc=$? + if [ $rc -eq 0 ]; then + return $OCF_SUCCESS + else + ocf_log info "Old PID file found, but OpenStack Key Manager Worker (barbican-worker) is not running" + rm -f $OCF_RESKEY_pid + return $OCF_NOT_RUNNING + fi +} + +barbican_worker_monitor() { + local rc + local pid + + barbican_worker_status + rc=$? + + # If status returned anything but success, return that immediately + if [ $rc -ne $OCF_SUCCESS ]; then + return $rc + fi + + ocf_log debug "OpenStack Key Manager Worker (barbican-worker) monitor succeeded" + return $OCF_SUCCESS +} + +barbican_worker_start() { + local rc + + barbican_worker_status + rc=$? + if [ $rc -eq $OCF_SUCCESS ]; then + ocf_log info "OpenStack Key Manager Worker (barbican-worker) already running" + return $OCF_SUCCESS + fi + + # run the actual barbican-worker daemon. Don't use ocf_run as we're sending the tool's output + # straight to /dev/null anyway and using ocf_run would break stdout-redirection here. + su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} \ + --logfile /var/log/barbican/barbican-worker.log"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid + + # Spin waiting for the server to come up. + while true; do + barbican_worker_monitor + rc=$? + [ $rc -eq $OCF_SUCCESS ] && break + if [ $rc -ne $OCF_NOT_RUNNING ]; then + ocf_log err "OpenStack Key Manager Worker (barbican-worker) start failed" + exit $OCF_ERR_GENERIC + fi + sleep 1 + done + + ocf_log info "OpenStack Key Manager Worker (barbican-worker) started" + return $OCF_SUCCESS +} + +barbican_worker_confirm_stop() { + local my_bin + local my_processes + + my_binary=`which ${OCF_RESKEY_binary}` + my_processes=`pgrep -l -f "^(python|/usr/bin/python|/usr/bin/python2) ${my_binary}([^\w-]|$)"` + + if [ -n "${my_processes}" ] + then + ocf_log info "About to SIGKILL the following: ${my_processes}" + pkill -KILL -f "^(python|/usr/bin/python|/usr/bin/python2) ${my_binary}([^\w-]|$)" + fi +} + +barbican_worker_stop() { + local rc + local pid + + barbican_worker_status + rc=$? + if [ $rc -eq $OCF_NOT_RUNNING ]; then + ocf_log info "OpenStack Key Manager Worker (barbican-worker) already stopped" + barbican_worker_confirm_stop + return $OCF_SUCCESS + fi + + # Try SIGTERM + pid=`cat $OCF_RESKEY_pid` + ocf_run kill -s TERM $pid + rc=$? + if [ $rc -ne 0 ]; then + ocf_log err "OpenStack Key Manager Worker (barbican-worker) couldn't be stopped" + barbican_worker_confirm_stop + exit $OCF_ERR_GENERIC + fi + + # stop waiting + shutdown_timeout=2 + if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then + shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-5)) + fi + count=0 + while [ $count -lt $shutdown_timeout ]; do + barbican_worker_status + rc=$? + if [ $rc -eq $OCF_NOT_RUNNING ]; then + break + fi + count=`expr $count + 1` + sleep 1 + ocf_log debug "OpenStack Key Manager Worker (barbican-worker) still hasn't stopped yet. \ + Waiting ..." + done + + barbican_worker_status + rc=$? + if [ $rc -ne $OCF_NOT_RUNNING ]; then + # SIGTERM didn't help either, try SIGKILL + ocf_log info "OpenStack Key Manager Worker (barbican-worker) failed to stop after \ + ${shutdown_timeout}s using SIGTERM. Trying SIGKILL ..." + ocf_run kill -s KILL $pid + fi + barbican_worker_confirm_stop + + ocf_log info "OpenStack Key Manager Worker (barbican-worker) stopped" + + rm -f $OCF_RESKEY_pid + + return $OCF_SUCCESS +} + +####################################################################### + +case "$1" in + meta-data) meta_data + exit $OCF_SUCCESS;; + usage|help) usage + exit $OCF_SUCCESS;; +esac + +# Anything except meta-data and help must pass validation +barbican_worker_validate || exit $? + +# What kind of method was invoked? +case "$1" in + start) barbican_worker_start;; + stop) barbican_worker_stop;; + status) barbican_worker_status;; + monitor) barbican_worker_monitor;; + validate-all) ;; + *) usage + exit $OCF_ERR_UNIMPLEMENTED;; +esac