#!/bin/sh
#
#
# OpenStack Nova ConsoleAuth (nova-consoleauth)
#
# Description:  Manages an OpenStack Nova ConsoleAuth (nova-consoleauth)
#               process as an HA resource
#
# Authors:      Sébastien Han
# Mainly inspired by the Glance API resource agent written by Martin Gerhard
# Loschwitz from Hastexo: http://goo.gl/whLpr
#
# Support:      openstack@lists.openstack.org
# License:      Apache Software License (ASL) 2.0
#
#
# See usage() function below for more details ...
#
# OCF instance parameters:
#   OCF_RESKEY_binary
#   OCF_RESKEY_config
#   OCF_RESKEY_user
#   OCF_RESKEY_pid
#   OCF_RESKEY_database_server_port
#   OCF_RESKEY_amqp_server_port
#   OCF_RESKEY_zeromq
#   OCF_RESKEY_additional_parameters
#######################################################################
# Initialization:

: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs

#######################################################################

# Fill in some defaults if no values are specified

OCF_RESKEY_binary_default="nova-consoleauth"
OCF_RESKEY_config_default="/etc/nova/nova.conf"
OCF_RESKEY_user_default="nova"
OCF_RESKEY_pid_default="$HA_RSCTMP/$OCF_RESOURCE_INSTANCE.pid"
OCF_RESKEY_database_server_port_default="3306"
OCF_RESKEY_amqp_server_port_default="5672"
OCF_RESKEY_zeromq_default="false"

: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}}
: ${OCF_RESKEY_config=${OCF_RESKEY_config_default}}
: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}}
: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}}
: ${OCF_RESKEY_database_server_port=${OCF_RESKEY_database_server_port_default}}
: ${OCF_RESKEY_amqp_server_port=${OCF_RESKEY_amqp_server_port_default}}
: ${OCF_RESKEY_zeromq=${OCF_RESKEY_zeromq_default}}

#######################################################################

usage() {
    cat <<UEND
        usage: $0 (start|stop|validate-all|meta-data|status|monitor)

        $0 manages an OpenStack Nova ConsoleAuth (nova-consoleauth) process as an HA resource

        The 'start' operation starts the nova-consoleauth service.
        The 'stop' operation stops the nova-consoleauth service.
        The 'validate-all' operation reports whether the parameters are valid
        The 'meta-data' operation reports this RA's meta-data information
        The 'status' operation reports whether the nova-consoleauth service is running
        The 'monitor' operation reports whether the nova-consoleauth service seems to be working

UEND
}

meta_data() {
    cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="nova-consoleauth">
<version>1.0</version>

<longdesc lang="en">
Resource agent for the OpenStack Nova Console Auth Service (nova-consoleauth)
May manage a nova-consoleauth instance or a clone set that
creates a distributed nova-consoleauth cluster.
</longdesc>
<shortdesc lang="en">Manages the OpenStack Nova Console Auth (nova-consoleauth)</shortdesc>
<parameters>

<parameter name="binary" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack Nova Console Auth server binary (nova-consoleauth)
</longdesc>
<shortdesc lang="en">OpenStack Nova Console Auth server binary (nova-consoleauth)</shortdesc>
<content type="string" default="${OCF_RESKEY_binary_default}" />
</parameter>

<parameter name="config" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack Nova Console Auth (nova-consoleauth) configuration file
</longdesc>
<shortdesc lang="en">OpenStack Nova Console Auth (nova-consoleauth registry) config file</shortdesc>
<content type="string" default="${OCF_RESKEY_config_default}" />
</parameter>

<parameter name="user" unique="0" required="0">
<longdesc lang="en">
User running OpenStack Nova Console Auth (nova-consoleauth)
</longdesc>
<shortdesc lang="en">OpenStack Nova Console Auth (nova-consoleauth) user</shortdesc>
<content type="string" default="${OCF_RESKEY_user_default}" />
</parameter>

<parameter name="pid" unique="0" required="0">
<longdesc lang="en">
The pid file to use for this OpenStack Nova Console Auth (nova-consoleauth) instance
</longdesc>
<shortdesc lang="en">OpenStack Nova Console Auth (nova-consoleauth) pid file</shortdesc>
<content type="string" default="${OCF_RESKEY_pid_default}" />
</parameter>

<parameter name="database_server_port" unique="0" required="0">
<longdesc lang="en">
The listening port number of the database server. Mandatory to perform a monitor check
</longdesc>
<shortdesc lang="en">Database listening port</shortdesc>
<content type="integer" default="${OCF_RESKEY_database_server_port_default}" />
</parameter>

<parameter name="amqp_server_port" unique="0" required="0">
<longdesc lang="en">
The listening port number of the AMQP server. Mandatory to perform a monitor check
</longdesc>
<shortdesc lang="en">AMQP listening port</shortdesc>
<content type="integer" default="${OCF_RESKEY_amqp_server_port_default}" />
</parameter>

<parameter name="zeromq" unique="0" required="0">
<longdesc lang="en">
If zeromq is used, this will disable the connection test to the AMQP server
</longdesc>
<shortdesc lang="en">Zero-MQ usage</shortdesc>
<content type="boolean" default="${OCF_RESKEY_zeromq_default}" />
</parameter>

<parameter name="additional_parameters" unique="0" required="0">
<longdesc lang="en">
Additional parameters to pass on to the OpenStack Nova Console Auth (nova-consoleauth)
</longdesc>
<shortdesc lang="en">Additional parameters for nova-consoleauth</shortdesc>
<content type="string" />
</parameter>

</parameters>

<actions>
<action name="start" timeout="10" />
<action name="stop" timeout="10" />
<action name="status" timeout="10" />
<action name="monitor" timeout="5" interval="10" />
<action name="validate-all" timeout="5" />
<action name="meta-data" timeout="5" />
</actions>
</resource-agent>
END
}

#######################################################################
# Functions invoked by resource manager actions

nova_consoleauth_check_port() {
# This function has been taken from the squid RA and improved a bit
# The length of the integer must be 4
# Examples of valid port: "1080", "0080"
# Examples of invalid port: "1080bad", "0", "0000", ""

    local int
    local cnt

    int="$1"
    cnt=${#int}
    echo $int |egrep -qx '[0-9]+(:[0-9]+)?(,[0-9]+(:[0-9]+)?)*'

    if [ $? -ne 0 ] || [ $cnt -ne 4 ]; then
        ocf_log err "Invalid port number: $1"
        exit $OCF_ERR_CONFIGURED
    fi
}

nova_consoleauth_validate() {
    local rc

    check_binary $OCF_RESKEY_binary
    check_binary netstat

    nova_consoleauth_check_port $OCF_RESKEY_database_server_port
    nova_consoleauth_check_port $OCF_RESKEY_amqp_server_port

    # A config file on shared storage that is not available
    # during probes is OK.
    if [ ! -f $OCF_RESKEY_config ]; then
        if ! ocf_is_probe; then
            ocf_log err "Config $OCF_RESKEY_config doesn't exist"
            return $OCF_ERR_INSTALLED
        fi
        ocf_log_warn "Config $OCF_RESKEY_config not available during a probe"
    fi

    getent passwd $OCF_RESKEY_user >/dev/null 2>&1
    rc=$?
    if [ $rc -ne 0 ]; then
        ocf_log err "User $OCF_RESKEY_user doesn't exist"
        return $OCF_ERR_INSTALLED
    fi

    true
}

nova_consoleauth_status() {
    local pid
    local rc

    if [ ! -f $OCF_RESKEY_pid ]; then
        ocf_log info "OpenStack Nova Console Auth (nova-consoleauth) is not" \
            "running"
        return $OCF_NOT_RUNNING
    else
        pid=`cat $OCF_RESKEY_pid`
    fi

    ocf_run -warn kill -s 0 $pid
    rc=$?
    if [ $rc -eq 0 ]; then
        return $OCF_SUCCESS
    else
        ocf_log info "Old PID file found, but OpenStack Nova Console Auth" \
            "(nova-consoleauth) is not running"
        return $OCF_NOT_RUNNING
    fi
}

nova_consoleauth_monitor() {
    local rc
    local token
    local rc_database
    local rc_amqp
    local console_db_check
    local console_amqp_check

    nova_consoleauth_status
    rc=$?

    # If status returned anything but success, return that immediately
    if [ $rc -ne $OCF_SUCCESS ]; then
        return $rc
    fi

    # Check the connections according to the PID.
    # We are sure to hit the scheduler process and not other nova process with
    # the same connection behavior (for example nova-scheduler)
    if ocf_is_true "$OCF_RESKEY_zeromq"; then
        pid=`cat $OCF_RESKEY_pid`
        console_db_check=`netstat -punt | \
            grep -s "$OCF_RESKEY_database_server_port" | grep -s "$pid" | \
            grep -qs "ESTABLISHED"`
        rc_db=$?
        if [ $rc_db -ne 0 ]; then
            ocf_log err "Nova Console Auth is not connected to the database" \
                "server: $rc_db"
            return $OCF_NOT_RUNNING
        fi
    else
        pid=`cat $OCF_RESKEY_pid`
        # check the connections according to the PID
        console_db_check=`netstat -punt | \
            grep -s "$OCF_RESKEY_database_server_port" | grep -s "$pid" | \
            grep -qs "ESTABLISHED"`
        rc_db=$?
        console_amqp_check=`netstat -punt | \
            grep -s "$OCF_RESKEY_amqp_server_port" | egrep -s "$pid" | \
            grep -qs "ESTABLISHED"`
        rc_amqp=$?
        if [ $rc_amqp -ne 0 ] || [ $rc_db -ne 0 ]; then
            ocf_log err "Nova Console Auth is not connected to the AMQP" \
                "server and/or the database server: AMQP connection test" \
                "returned $rc_amqp and database connection test returned" \
                "$rc_db"
            return $OCF_NOT_RUNNING
        fi
    fi

    ocf_log debug "OpenStack Nova Console Auth (nova-consoleauth) monitor" \
        "succeeded"
    return $OCF_SUCCESS
}

nova_consoleauth_start() {
    local rc

    nova_consoleauth_status
    rc=$?
    if [ $rc -eq $OCF_SUCCESS ]; then
        ocf_log info "OpenStack Nova ConsoleAuth (nova-consoleauth) already" \
            "running"
        return $OCF_SUCCESS
    fi

    # run the actual nova-consoleauth daemon. Don't use ocf_run as we're
    # sending the tool's output straight to /dev/null anyway and using ocf_run
    # would break stdout-redirection here.
    su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} \
        --config-file=$OCF_RESKEY_config \
        $OCF_RESKEY_additional_parameters"' >> /dev/null 2>&1 & echo $!' \
        > $OCF_RESKEY_pid

    # Spin waiting for the server to come up.
    # Let the CRM/LRM time us out if required
    while true; do
    nova_consoleauth_monitor
    rc=$?
    [ $rc -eq $OCF_SUCCESS ] && break
    if [ $rc -ne $OCF_NOT_RUNNING ]; then
        ocf_log err "OpenStack Nova ConsoleAuth (nova-consoleauth)" \
            "start failed"
        exit $OCF_ERR_GENERIC
    fi
    sleep 1
    done

    ocf_log info "OpenStack Nova ConsoleAuth (nova-consoleauth) started"
    return $OCF_SUCCESS
}

nova_consoleauth_stop() {
    local rc
    local pid

    nova_consoleauth_status
    rc=$?
    if [ $rc -eq $OCF_NOT_RUNNING ]; then
        ocf_log info "OpenStack Nova ConsoleAuth (nova-consoleauth) already" \
            "stopped"
        return $OCF_SUCCESS
    fi

    # Try SIGTERM
    pid=`cat $OCF_RESKEY_pid`
    ocf_run kill -s TERM $pid
    rc=$?
    if [ $rc -ne 0 ]; then
        ocf_log err "OpenStack Nova ConsoleAuth (nova-consoleauth) couldn't" \
            "be stopped"
        exit $OCF_ERR_GENERIC
    fi

    # stop waiting
    shutdown_timeout=15
    if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then
        shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-5))
    fi
    count=0
    while [ $count -lt $shutdown_timeout ]; do
        nova_consoleauth_status
        rc=$?
        if [ $rc -eq $OCF_NOT_RUNNING ]; then
            break
        fi
        count=`expr $count + 1`
        sleep 1
        ocf_log debug "OpenStack Nova ConsoleAuth (nova-consoleauth) still" \
            "hasn't stopped yet. Waiting ..."
    done

    nova_consoleauth_status
    rc=$?
    if [ $rc -ne $OCF_NOT_RUNNING ]; then
        # SIGTERM didn't help either, try SIGKILL
        ocf_log info "OpenStack Nova ConsoleAuth (nova-consoleauth) failed" \
            "to stop after ${shutdown_timeout}s using SIGTERM. Trying" \
            "SIGKILL ..."
        ocf_run kill -s KILL $pid
    fi

    ocf_log info "OpenStack Nova ConsoleAuth (nova-consoleauth) stopped"

    rm -f $OCF_RESKEY_pid

    return $OCF_SUCCESS
}

#######################################################################

case "$1" in
    meta-data)
        meta_data
        exit $OCF_SUCCESS
        ;;
    usage|help)
        usage
        exit $OCF_SUCCESS
        ;;
esac

# Anything except meta-data and help must pass validation
nova_consoleauth_validate || exit $?

# What kind of method was invoked?
case "$1" in
    start)
        nova_consoleauth_start
        ;;
    stop)
        nova_consoleauth_stop
        ;;
    status)
        nova_consoleauth_status
        ;;
    monitor)
        nova_consoleauth_monitor
        ;;
    validate-all)
        ;;
    *)
        usage
        exit $OCF_ERR_UNIMPLEMENTED
        ;;
esac