Add fence-redfish support

With the release of fence-agents-4.2.1-11.el7_6.7 (BZ1666848) we
now have a fence_redfish agent. We can now add support for it
so it can be used when configuring fencing.

Added by adding the following to agent_generator/variables.sh:
   "fence_redfish:fence-agents-redfish"

And by running:
fence_redfish -o metadata > agent_generator/src_xml/fence_redfish.xml
and then filtering out the deprecated parameters in order to avoid lint
errors on parameters containing a '-' in the name. Then:
rake generate_stonith

Change-Id: I39d2895bc6c8221c4d30dc7da553be372cbf0e76

agent_generator/src_xml/fence_redfish.xml

@@ -0,0 +1,182 @@
+<?xml version="1.0" ?>
+<resource-agent name="fence_redfish" shortdesc="I/O Fencing agent for Redfish" >
+<longdesc>fence_redfish is an I/O Fencing agent which can be used with Out-of-Band controllers that support Redfish APIs. These controllers provide remote access to control power on a server.</longdesc>
+<vendor-url>http://www.dmtf.org</vendor-url>
+<parameters>
+	<parameter name="action" unique="0" required="1">
+		<getopt mixed="-o, --action=[action]" />
+		<content type="string" default="reboot"  />
+		<shortdesc lang="en">Fencing action</shortdesc>
+	</parameter>
+	<parameter name="inet4_only" unique="0" required="0">
+		<getopt mixed="-4, --inet4-only" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Forces agent to use IPv4 addresses only</shortdesc>
+	</parameter>
+	<parameter name="inet6_only" unique="0" required="0">
+		<getopt mixed="-6, --inet6-only" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Forces agent to use IPv6 addresses only</shortdesc>
+	</parameter>
+	<parameter name="ip" unique="0" required="0" obsoletes="ipaddr">
+		<getopt mixed="-a, --ip=[ip]" />
+		<content type="string"  />
+		<shortdesc lang="en">IP address or hostname of fencing device</shortdesc>
+	</parameter>
+	<parameter name="ipaddr" unique="0" required="0" deprecated="1">
+		<getopt mixed="-a, --ip=[ip]" />
+		<content type="string"  />
+		<shortdesc lang="en">IP address or hostname of fencing device</shortdesc>
+	</parameter>
+	<parameter name="ipport" unique="0" required="0">
+		<getopt mixed="-u, --ipport=[port]" />
+		<content type="integer" default="443"  />
+		<shortdesc lang="en">TCP/UDP port to use for connection with device</shortdesc>
+	</parameter>
+	<parameter name="login" unique="0" required="1" deprecated="1">
+		<getopt mixed="-l, --username=[name]" />
+		<content type="string"  />
+		<shortdesc lang="en">Login name</shortdesc>
+	</parameter>
+	<parameter name="passwd" unique="0" required="0" deprecated="1">
+		<getopt mixed="-p, --password=[password]" />
+		<content type="string"  />
+		<shortdesc lang="en">Login password or passphrase</shortdesc>
+	</parameter>
+	<parameter name="passwd_script" unique="0" required="0" deprecated="1">
+		<getopt mixed="-S, --password-script=[script]" />
+		<content type="string"  />
+		<shortdesc lang="en">Script to run to retrieve password</shortdesc>
+	</parameter>
+	<parameter name="password" unique="0" required="0" obsoletes="passwd">
+		<getopt mixed="-p, --password=[password]" />
+		<content type="string"  />
+		<shortdesc lang="en">Login password or passphrase</shortdesc>
+	</parameter>
+	<parameter name="password_script" unique="0" required="0" obsoletes="passwd_script">
+		<getopt mixed="-S, --password-script=[script]" />
+		<content type="string"  />
+		<shortdesc lang="en">Script to run to retrieve password</shortdesc>
+	</parameter>
+	<parameter name="plug" unique="0" required="0" obsoletes="port">
+		<getopt mixed="-n, --plug=[ip]" />
+		<content type="string"  />
+		<shortdesc lang="en">IP address or hostname of fencing device (together with --port-as-ip)</shortdesc>
+	</parameter>
+	<parameter name="port" unique="0" required="0" deprecated="1">
+		<getopt mixed="-n, --plug=[ip]" />
+		<content type="string"  />
+		<shortdesc lang="en">IP address or hostname of fencing device (together with --port-as-ip)</shortdesc>
+	</parameter>
+	<parameter name="redfish_uri" unique="0" required="0" obsoletes="redfish-uri">
+		<getopt mixed="--redfish-uri=[uri]" />
+		<content type="string" default="/redfish/v1"  />
+		<shortdesc lang="en">Base or starting Redfish URI</shortdesc>
+	</parameter>
+	<parameter name="ssl" unique="0" required="0">
+		<getopt mixed="-z, --ssl" />
+		<content type="boolean" default="1"  />
+		<shortdesc lang="en">Use SSL connection with verifying certificate</shortdesc>
+	</parameter>
+	<parameter name="ssl_insecure" unique="0" required="0">
+		<getopt mixed="--ssl-insecure" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Use SSL connection without verifying certificate</shortdesc>
+	</parameter>
+	<parameter name="ssl_secure" unique="0" required="0">
+		<getopt mixed="--ssl-secure" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Use SSL connection with verifying certificate</shortdesc>
+	</parameter>
+	<parameter name="systems_uri" unique="0" required="0" obsoletes="systems-uri">
+		<getopt mixed="--systems-uri=[uri]" />
+		<content type="string"  />
+		<shortdesc lang="en">Redfish Systems resource URI, i.e. /redfish/v1/Systems/System.Embedded.1</shortdesc>
+	</parameter>
+	<parameter name="username" unique="0" required="1" obsoletes="login">
+		<getopt mixed="-l, --username=[name]" />
+		<content type="string"  />
+		<shortdesc lang="en">Login name</shortdesc>
+	</parameter>
+	<parameter name="quiet" unique="0" required="0">
+		<getopt mixed="-q, --quiet" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Disable logging to stderr. Does not affect --verbose or --debug-file or logging to syslog.</shortdesc>
+	</parameter>
+	<parameter name="verbose" unique="0" required="0">
+		<getopt mixed="-v, --verbose" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Verbose mode</shortdesc>
+	</parameter>
+	<parameter name="debug" unique="0" required="0" deprecated="1">
+		<getopt mixed="-D, --debug-file=[debugfile]" />
+		<content type="string"  />
+		<shortdesc lang="en">Write debug information to given file</shortdesc>
+	</parameter>
+	<parameter name="debug_file" unique="0" required="0" obsoletes="debug">
+		<getopt mixed="-D, --debug-file=[debugfile]" />
+		<content type="string"  />
+		<shortdesc lang="en">Write debug information to given file</shortdesc>
+	</parameter>
+	<parameter name="version" unique="0" required="0">
+		<getopt mixed="-V, --version" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Display version information and exit</shortdesc>
+	</parameter>
+	<parameter name="help" unique="0" required="0">
+		<getopt mixed="-h, --help" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Display help and exit</shortdesc>
+	</parameter>
+	<parameter name="delay" unique="0" required="0">
+		<getopt mixed="--delay=[seconds]" />
+		<content type="second" default="0"  />
+		<shortdesc lang="en">Wait X seconds before fencing is started</shortdesc>
+	</parameter>
+	<parameter name="login_timeout" unique="0" required="0">
+		<getopt mixed="--login-timeout=[seconds]" />
+		<content type="second" default="5"  />
+		<shortdesc lang="en">Wait X seconds for cmd prompt after login</shortdesc>
+	</parameter>
+	<parameter name="port_as_ip" unique="0" required="0">
+		<getopt mixed="--port-as-ip" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Make "port/plug" to be an alias to IP address</shortdesc>
+	</parameter>
+	<parameter name="power_timeout" unique="0" required="0">
+		<getopt mixed="--power-timeout=[seconds]" />
+		<content type="second" default="20"  />
+		<shortdesc lang="en">Test X seconds for status change after ON/OFF</shortdesc>
+	</parameter>
+	<parameter name="power_wait" unique="0" required="0">
+		<getopt mixed="--power-wait=[seconds]" />
+		<content type="second" default="0"  />
+		<shortdesc lang="en">Wait X seconds after issuing ON/OFF</shortdesc>
+	</parameter>
+	<parameter name="shell_timeout" unique="0" required="0">
+		<getopt mixed="--shell-timeout=[seconds]" />
+		<content type="second" default="3"  />
+		<shortdesc lang="en">Wait X seconds for cmd prompt after issuing command</shortdesc>
+	</parameter>
+	<parameter name="retry_on" unique="0" required="0">
+		<getopt mixed="--retry-on=[attempts]" />
+		<content type="integer" default="1"  />
+		<shortdesc lang="en">Count of attempts to retry power on</shortdesc>
+	</parameter>
+	<parameter name="gnutlscli_path" unique="0" required="0">
+		<getopt mixed="--gnutlscli-path=[path]" />
+		<content type="string" default="/usr/bin/gnutls-cli"  />
+		<shortdesc lang="en">Path to gnutls-cli binary</shortdesc>
+	</parameter>
+</parameters>
+<actions>
+	<action name="on" automatic="0"/>
+	<action name="off" />
+	<action name="reboot" />
+	<action name="status" />
+	<action name="monitor" />
+	<action name="metadata" />
+	<action name="manpage" />
+	<action name="validate-all" />
+</actions>
+</resource-agent>

agent_generator/variables.sh

@@ -27,6 +27,7 @@ cmd_pkg_map=(
     "fence_ipmilan:fence-agents-ipmilan"
     "fence_ironic:None"
     "fence_kdump:fence-agents-kdump"
+    "fence_redfish:fence-agents-redfish"
     "fence_rhevm:fence-agents-rhevm"
     "fence_rsb:fence-agents-rsb"
     "fence_scsi:fence-agents-scsi"

manifests/stonith/fence_redfish.pp

@@ -0,0 +1,341 @@
+# == Define: pacemaker::stonith::fence_redfish
+#
+# Module for managing Stonith for fence_redfish.
+#
+# WARNING: Generated by "rake generate_stonith", manual changes will
+# be lost.
+#
+# === Parameters
+#
+# [*action*]
+#   Fencing action
+#
+# [*inet4_only*]
+#   Forces agent to use IPv4 addresses only
+#
+# [*inet6_only*]
+#   Forces agent to use IPv6 addresses only
+#
+# [*ip*]
+#   IP address or hostname of fencing device
+#
+# [*ipaddr*]
+#   IP address or hostname of fencing device
+#
+# [*ipport*]
+#   TCP/UDP port to use for connection with device
+#
+# [*login*]
+#   Login name
+#
+# [*passwd*]
+#   Login password or passphrase
+#
+# [*passwd_script*]
+#   Script to run to retrieve password
+#
+# [*password*]
+#   Login password or passphrase
+#
+# [*password_script*]
+#   Script to run to retrieve password
+#
+# [*plug*]
+#   IP address or hostname of fencing device (together with --port-as-ip)
+#
+# [*port*]
+#   IP address or hostname of fencing device (together with --port-as-ip)
+#
+# [*redfish_uri*]
+#   Base or starting Redfish URI
+#
+# [*ssl*]
+#   Use SSL connection with verifying certificate
+#
+# [*ssl_insecure*]
+#   Use SSL connection without verifying certificate
+#
+# [*ssl_secure*]
+#   Use SSL connection with verifying certificate
+#
+# [*systems_uri*]
+#   Redfish Systems resource URI, i.e. /redfish/v1/Systems/System.Embedded.1
+#
+# [*username*]
+#   Login name
+#
+# [*quiet*]
+#   Disable logging to stderr. Does not affect --verbose or --debug-file or logging to syslog.
+#
+# [*verbose*]
+#   Verbose mode
+#
+# [*debug*]
+#   Write debug information to given file
+#
+# [*debug_file*]
+#   Write debug information to given file
+#
+# [*delay*]
+#   Wait X seconds before fencing is started
+#
+# [*login_timeout*]
+#   Wait X seconds for cmd prompt after login
+#
+# [*port_as_ip*]
+#   Make "port/plug" to be an alias to IP address
+#
+# [*power_timeout*]
+#   Test X seconds for status change after ON/OFF
+#
+# [*power_wait*]
+#   Wait X seconds after issuing ON/OFF
+#
+# [*shell_timeout*]
+#   Wait X seconds for cmd prompt after issuing command
+#
+# [*retry_on*]
+#   Count of attempts to retry power on
+#
+# [*gnutlscli_path*]
+#   Path to gnutls-cli binary
+#
+#  [*interval*]
+#   Interval between tries.
+#
+# [*ensure*]
+#   The desired state of the resource.
+#
+# [*tries*]
+#   The number of tries.
+#
+# [*try_sleep*]
+#   Time to sleep between tries.
+#
+# [*pcmk_host_list*]
+#   List of Pacemaker hosts.
+#
+# [*meta_attr*]
+#   (optional) String of meta attributes
+#   Defaults to undef
+#
+# === Dependencies
+#  None
+#
+# === Authors
+#
+# Generated by rake generate_stonith task.
+#
+# === Copyright
+#
+# Copyright (C) 2016 Red Hat Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+define pacemaker::stonith::fence_redfish (
+  $action          = undef,
+  $inet4_only      = undef,
+  $inet6_only      = undef,
+  $ip              = undef,
+  $ipaddr          = undef,
+  $ipport          = undef,
+  $login           = undef,
+  $passwd          = undef,
+  $passwd_script   = undef,
+  $password        = undef,
+  $password_script = undef,
+  $plug            = undef,
+  $port            = undef,
+  $redfish_uri     = undef,
+  $ssl             = undef,
+  $ssl_insecure    = undef,
+  $ssl_secure      = undef,
+  $systems_uri     = undef,
+  $username        = undef,
+  $quiet           = undef,
+  $verbose         = undef,
+  $debug           = undef,
+  $debug_file      = undef,
+  $delay           = undef,
+  $login_timeout   = undef,
+  $port_as_ip      = undef,
+  $power_timeout   = undef,
+  $power_wait      = undef,
+  $shell_timeout   = undef,
+  $retry_on        = undef,
+  $gnutlscli_path  = undef,
+
+  $meta_attr       = undef,
+  $interval        = '60s',
+  $ensure          = present,
+  $pcmk_host_list  = undef,
+
+  $tries           = undef,
+  $try_sleep       = undef,
+
+) {
+  $action_chunk = $action ? {
+    undef   => '',
+    default => "action=\"${action}\"",
+  }
+  $inet4_only_chunk = $inet4_only ? {
+    undef   => '',
+    default => "inet4_only=\"${inet4_only}\"",
+  }
+  $inet6_only_chunk = $inet6_only ? {
+    undef   => '',
+    default => "inet6_only=\"${inet6_only}\"",
+  }
+  $ip_chunk = $ip ? {
+    undef   => '',
+    default => "ip=\"${ip}\"",
+  }
+  $ipaddr_chunk = $ipaddr ? {
+    undef   => '',
+    default => "ipaddr=\"${ipaddr}\"",
+  }
+  $ipport_chunk = $ipport ? {
+    undef   => '',
+    default => "ipport=\"${ipport}\"",
+  }
+  $login_chunk = $login ? {
+    undef   => '',
+    default => "login=\"${login}\"",
+  }
+  $passwd_chunk = $passwd ? {
+    undef   => '',
+    default => "passwd=\"${passwd}\"",
+  }
+  $passwd_script_chunk = $passwd_script ? {
+    undef   => '',
+    default => "passwd_script=\"${passwd_script}\"",
+  }
+  $password_chunk = $password ? {
+    undef   => '',
+    default => "password=\"${password}\"",
+  }
+  $password_script_chunk = $password_script ? {
+    undef   => '',
+    default => "password_script=\"${password_script}\"",
+  }
+  $plug_chunk = $plug ? {
+    undef   => '',
+    default => "plug=\"${plug}\"",
+  }
+  $port_chunk = $port ? {
+    undef   => '',
+    default => "port=\"${port}\"",
+  }
+  $redfish_uri_chunk = $redfish_uri ? {
+    undef   => '',
+    default => "redfish_uri=\"${redfish_uri}\"",
+  }
+  $ssl_chunk = $ssl ? {
+    undef   => '',
+    default => "ssl=\"${ssl}\"",
+  }
+  $ssl_insecure_chunk = $ssl_insecure ? {
+    undef   => '',
+    default => "ssl_insecure=\"${ssl_insecure}\"",
+  }
+  $ssl_secure_chunk = $ssl_secure ? {
+    undef   => '',
+    default => "ssl_secure=\"${ssl_secure}\"",
+  }
+  $systems_uri_chunk = $systems_uri ? {
+    undef   => '',
+    default => "systems_uri=\"${systems_uri}\"",
+  }
+  $username_chunk = $username ? {
+    undef   => '',
+    default => "username=\"${username}\"",
+  }
+  $quiet_chunk = $quiet ? {
+    undef   => '',
+    default => "quiet=\"${quiet}\"",
+  }
+  $verbose_chunk = $verbose ? {
+    undef   => '',
+    default => "verbose=\"${verbose}\"",
+  }
+  $debug_chunk = $debug ? {
+    undef   => '',
+    default => "debug=\"${debug}\"",
+  }
+  $debug_file_chunk = $debug_file ? {
+    undef   => '',
+    default => "debug_file=\"${debug_file}\"",
+  }
+  $delay_chunk = $delay ? {
+    undef   => '',
+    default => "delay=\"${delay}\"",
+  }
+  $login_timeout_chunk = $login_timeout ? {
+    undef   => '',
+    default => "login_timeout=\"${login_timeout}\"",
+  }
+  $port_as_ip_chunk = $port_as_ip ? {
+    undef   => '',
+    default => "port_as_ip=\"${port_as_ip}\"",
+  }
+  $power_timeout_chunk = $power_timeout ? {
+    undef   => '',
+    default => "power_timeout=\"${power_timeout}\"",
+  }
+  $power_wait_chunk = $power_wait ? {
+    undef   => '',
+    default => "power_wait=\"${power_wait}\"",
+  }
+  $shell_timeout_chunk = $shell_timeout ? {
+    undef   => '',
+    default => "shell_timeout=\"${shell_timeout}\"",
+  }
+  $retry_on_chunk = $retry_on ? {
+    undef   => '',
+    default => "retry_on=\"${retry_on}\"",
+  }
+  $gnutlscli_path_chunk = $gnutlscli_path ? {
+    undef   => '',
+    default => "gnutlscli_path=\"${gnutlscli_path}\"",
+  }
+
+  $pcmk_host_value_chunk = $pcmk_host_list ? {
+    undef   => '$(/usr/sbin/crm_node -n)',
+    default => $pcmk_host_list,
+  }
+
+  $meta_attr_value_chunk = $meta_attr ? {
+    undef   => '',
+    default => "meta ${meta_attr}",
+  }
+
+  # $title can be a mac address, remove the colons for pcmk resource name
+  $safe_title = regsubst($title, ':', '', 'G')
+
+  Exec<| title == 'wait-for-settle' |> -> Pcmk_stonith<||>
+
+  $param_string = "${action_chunk} ${inet4_only_chunk} ${inet6_only_chunk} ${ip_chunk} ${ipaddr_chunk} ${ipport_chunk} ${login_chunk} ${passwd_chunk} ${passwd_script_chunk} ${password_chunk} ${password_script_chunk} ${plug_chunk} ${port_chunk} ${redfish_uri_chunk} ${ssl_chunk} ${ssl_insecure_chunk} ${ssl_secure_chunk} ${systems_uri_chunk} ${username_chunk} ${quiet_chunk} ${verbose_chunk} ${debug_chunk} ${debug_file_chunk} ${delay_chunk} ${login_timeout_chunk} ${port_as_ip_chunk} ${power_timeout_chunk} ${power_wait_chunk} ${shell_timeout_chunk} ${retry_on_chunk} ${gnutlscli_path_chunk}  op monitor interval=${interval} ${meta_attr_value_chunk}"
+
+  if $ensure != 'absent' {
+    ensure_resource('package', 'fence-agents-redfish', { ensure => 'installed' })
+    Package['fence-agents-redfish'] -> Pcmk_stonith["stonith-fence_redfish-${safe_title}"]
+  }
+  pcmk_stonith { "stonith-fence_redfish-${safe_title}":
+    ensure           => $ensure,
+    stonith_type     => 'fence_redfish',
+    pcmk_host_list   => $pcmk_host_value_chunk,
+    pcs_param_string => $param_string,
+    tries            => $tries,
+    try_sleep        => $try_sleep,
+  }
+}