Add support for fence_kubevirt fencing agent

This adds support for new fence_kubevirt kubevirt (CNV) fencing agent, where CNV virtual machines acting as cluster nodes: https://github.com/ClusterLabs/fence-agents/pull/412 Change-Id: I18fd2297063c7157d6b743c7fc9c161bf23dca39
2021-09-01 12:40:00 +02:00 · 2021-09-01 12:40:00 +02:00 · 744f3b78aa
parent 4399c3a834
commit 744f3b78aa
4 changed files with 404 additions and 0 deletions
--- a/agent_generator/src_xml/fence_kubevirt.xml
+++ b/agent_generator/src_xml/fence_kubevirt.xml
@ -0,0 +1,129 @@
+<?xml version="1.0" ?>
+<resource-agent name="fence_kubevirt" shortdesc="Fence agent for KubeVirt" >
+<longdesc>fence_kubevirt is an I/O Fencing agent for KubeVirt.</longdesc>
+<vendor-url>https://kubevirt.io/</vendor-url>
+<parameters>
+	<parameter name="action" unique="0" required="1">
+		<getopt mixed="-o, --action=[action]" />
+		<content type="string" default="reboot"  />
+		<shortdesc lang="en">Fencing action</shortdesc>
+	</parameter>
+	<parameter name="plug" unique="0" required="1" obsoletes="port">
+		<getopt mixed="-n, --plug=[id]" />
+		<content type="string"  />
+		<shortdesc lang="en">Physical plug number on device, UUID or identification of machine</shortdesc>
+	</parameter>
+	<parameter name="port" unique="0" required="1" deprecated="1">
+		<getopt mixed="-n, --plug=[id]" />
+		<content type="string"  />
+		<shortdesc lang="en">Physical plug number on device, UUID or identification of machine</shortdesc>
+	</parameter>
+	<parameter name="ssl_insecure" unique="0" required="0">
+		<getopt mixed="--ssl-insecure" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Use SSL connection without verifying certificate</shortdesc>
+	</parameter>
+	<parameter name="namespace" unique="0" required="1">
+		<getopt mixed="--namespace=[namespace]" />
+		<content type="string"  />
+		<shortdesc lang="en">Namespace of the KubeVirt machine.</shortdesc>
+	</parameter>
+	<parameter name="kubeconfig" unique="0" required="0">
+		<getopt mixed="--kubeconfig=[kubeconfig]" />
+		<content type="string"  />
+		<shortdesc lang="en">Kubeconfig file path</shortdesc>
+	</parameter>
+	<parameter name="quiet" unique="0" required="0">
+		<getopt mixed="-q, --quiet" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Disable logging to stderr. Does not affect --verbose or --debug-file or logging to syslog.</shortdesc>
+	</parameter>
+	<parameter name="verbose" unique="0" required="0">
+		<getopt mixed="-v, --verbose" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Verbose mode. Multiple -v flags can be stacked on the command line (e.g., -vvv) to increase verbosity.</shortdesc>
+	</parameter>
+	<parameter name="verbose_level" unique="0" required="0">
+		<getopt mixed="--verbose-level" />
+		<content type="integer"  />
+		<shortdesc lang="en">Level of debugging detail in output. Defaults to the number of --verbose flags specified on the command line, or to 1 if verbose=1 in a stonith device configuration (i.e., on stdin).</shortdesc>
+	</parameter>
+	<parameter name="debug" unique="0" required="0" deprecated="1">
+		<getopt mixed="-D, --debug-file=[debugfile]" />
+		<content type="string"  />
+		<shortdesc lang="en">Write debug information to given file</shortdesc>
+	</parameter>
+	<parameter name="debug_file" unique="0" required="0" obsoletes="debug">
+		<getopt mixed="-D, --debug-file=[debugfile]" />
+		<content type="string"  />
+		<shortdesc lang="en">Write debug information to given file</shortdesc>
+	</parameter>
+	<parameter name="version" unique="0" required="0">
+		<getopt mixed="-V, --version" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Display version information and exit</shortdesc>
+	</parameter>
+	<parameter name="help" unique="0" required="0">
+		<getopt mixed="-h, --help" />
+		<content type="boolean"  />
+		<shortdesc lang="en">Display help and exit</shortdesc>
+	</parameter>
+	<parameter name="separator" unique="0" required="0">
+		<getopt mixed="-C, --separator=[char]" />
+		<content type="string" default=","  />
+		<shortdesc lang="en">Separator for CSV created by 'list' operation</shortdesc>
+	</parameter>
+	<parameter name="delay" unique="0" required="0">
+		<getopt mixed="--delay=[seconds]" />
+		<content type="second" default="0"  />
+		<shortdesc lang="en">Wait X seconds before fencing is started</shortdesc>
+	</parameter>
+	<parameter name="disable_timeout" unique="0" required="0">
+		<getopt mixed="--disable-timeout=[true/false]" />
+		<content type="string"  />
+		<shortdesc lang="en">Disable timeout (true/false) (default: true when run from Pacemaker 2.0+)</shortdesc>
+	</parameter>
+	<parameter name="login_timeout" unique="0" required="0">
+		<getopt mixed="--login-timeout=[seconds]" />
+		<content type="second" default="5"  />
+		<shortdesc lang="en">Wait X seconds for cmd prompt after login</shortdesc>
+	</parameter>
+	<parameter name="power_timeout" unique="0" required="0">
+		<getopt mixed="--power-timeout=[seconds]" />
+		<content type="second" default="20"  />
+		<shortdesc lang="en">Test X seconds for status change after ON/OFF</shortdesc>
+	</parameter>
+	<parameter name="power_wait" unique="0" required="0">
+		<getopt mixed="--power-wait=[seconds]" />
+		<content type="second" default="0"  />
+		<shortdesc lang="en">Wait X seconds after issuing ON/OFF</shortdesc>
+	</parameter>
+	<parameter name="shell_timeout" unique="0" required="0">
+		<getopt mixed="--shell-timeout=[seconds]" />
+		<content type="second" default="3"  />
+		<shortdesc lang="en">Wait X seconds for cmd prompt after issuing command</shortdesc>
+	</parameter>
+	<parameter name="stonith_status_sleep" unique="0" required="0">
+		<getopt mixed="--stonith-status-sleep=[seconds]" />
+		<content type="second" default="1"  />
+		<shortdesc lang="en">Sleep X seconds between status calls during a STONITH action</shortdesc>
+	</parameter>
+	<parameter name="retry_on" unique="0" required="0">
+		<getopt mixed="--retry-on=[attempts]" />
+		<content type="integer" default="1"  />
+		<shortdesc lang="en">Count of attempts to retry power on</shortdesc>
+	</parameter>
+</parameters>
+<actions>
+	<action name="on" automatic="0"/>
+	<action name="off" />
+	<action name="reboot" />
+	<action name="status" />
+	<action name="list" />
+	<action name="list-status" />
+	<action name="monitor" />
+	<action name="metadata" />
+	<action name="manpage" />
+	<action name="validate-all" />
+</actions>
+</resource-agent>
--- a/agent_generator/variables.sh
+++ b/agent_generator/variables.sh
@ -28,6 +28,7 @@ cmd_pkg_map=(
    "fence_ipmilan:fence-agents-ipmilan"
    "fence_ironic:None"
    "fence_kdump:fence-agents-kdump"
+    "fence_kubevirt:None"
    "fence_rhevm:fence-agents-rhevm"
    "fence_rsb:fence-agents-rsb"
    "fence_scsi:fence-agents-scsi"
@ -40,4 +41,8 @@ cmd_pkg_map=(
    # Until https://bugzilla.redhat.com/show_bug.cgi?id=1677020 is fixed properly
    # we need to manually use deprecated parameters
    #"fence_redfish:fence-agents-redfish"
+
+    # re fence_kubevirt:
+    # change to fence-agents-kubevirt when we have it with
+    # https://bugzilla.redhat.com/show_bug.cgi?id=1984803
 )
--- a/manifests/stonith/fence_kubevirt.pp
+++ b/manifests/stonith/fence_kubevirt.pp
@ -0,0 +1,266 @@
+# == Define: pacemaker::stonith::fence_kubevirt
+#
+# Module for managing Stonith for fence_kubevirt.
+#
+# WARNING: Generated by "rake generate_stonith", manual changes will
+# be lost.
+#
+# === Parameters
+#
+# [*action*]
+#   Fencing action
+#
+# [*plug*]
+#   Physical plug number on device, UUID or identification of machine
+#
+# [*port*]
+#   Physical plug number on device, UUID or identification of machine
+#
+# [*ssl_insecure*]
+#   Use SSL connection without verifying certificate
+#
+# [*namespace*]
+#   Namespace of the KubeVirt machine.
+#
+# [*kubeconfig*]
+#   Kubeconfig file path
+#
+# [*quiet*]
+#   Disable logging to stderr. Does not affect --verbose or --debug-file or logging to syslog.
+#
+# [*verbose*]
+#   Verbose mode. Multiple -v flags can be stacked on the command line (e.g., -vvv) to increase verbosity.
+#
+# [*verbose_level*]
+#   Level of debugging detail in output. Defaults to the number of --verbose flags specified on the command line, or to 1 if verbose=1 in a stonith device configuration (i.e., on stdin).
+#
+# [*debug*]
+#   Write debug information to given file
+#
+# [*debug_file*]
+#   Write debug information to given file
+#
+# [*separator*]
+#   Separator for CSV created by 'list' operation
+#
+# [*delay*]
+#   Wait X seconds before fencing is started
+#
+# [*disable_timeout*]
+#   Disable timeout (true/false) (default: true when run from Pacemaker 2.0+)
+#
+# [*login_timeout*]
+#   Wait X seconds for cmd prompt after login
+#
+# [*power_timeout*]
+#   Test X seconds for status change after ON/OFF
+#
+# [*power_wait*]
+#   Wait X seconds after issuing ON/OFF
+#
+# [*shell_timeout*]
+#   Wait X seconds for cmd prompt after issuing command
+#
+# [*stonith_status_sleep*]
+#   Sleep X seconds between status calls during a STONITH action
+#
+# [*retry_on*]
+#   Count of attempts to retry power on
+#
+#  [*interval*]
+#   Interval between tries.
+#
+# [*ensure*]
+#   The desired state of the resource.
+#
+# [*tries*]
+#   The number of tries.
+#
+# [*try_sleep*]
+#   Time to sleep between tries.
+#
+# [*pcmk_host_list*]
+#   List of Pacemaker hosts.
+#
+# [*meta_attr*]
+#   (optional) String of meta attributes
+#   Defaults to undef
+#
+# [*deep_compare*]
+#   Enable deep comparing of resources and bundles
+#   When set to true a resource will be compared in full (options, meta parameters,..)
+#   to the existing one and in case of difference it will be repushed to the CIB
+#   Defaults to false
+#
+# [*update_settle_secs*]
+#   When deep_compare is enabled and puppet updates a resource, this
+#   parameter represents the number (in seconds) to wait for the cluster to settle
+#   after the resource update.
+#   Defaults to 600 (seconds)
+#
+# === Dependencies
+#  None
+#
+# === Authors
+#
+# Generated by rake generate_stonith task.
+#
+# === Copyright
+#
+# Copyright (C) 2016 Red Hat Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+define pacemaker::stonith::fence_kubevirt (
+  $action               = undef,
+  $plug                 = undef,
+  $port                 = undef,
+  $ssl_insecure         = undef,
+  $namespace            = undef,
+  $kubeconfig           = undef,
+  $quiet                = undef,
+  $verbose              = undef,
+  $verbose_level        = undef,
+  $debug                = undef,
+  $debug_file           = undef,
+  $separator            = undef,
+  $delay                = undef,
+  $disable_timeout      = undef,
+  $login_timeout        = undef,
+  $power_timeout        = undef,
+  $power_wait           = undef,
+  $shell_timeout        = undef,
+  $stonith_status_sleep = undef,
+  $retry_on             = undef,
+
+  $meta_attr            = undef,
+  $interval             = '60s',
+  $ensure               = present,
+  $pcmk_host_list       = undef,
+
+  $tries                = undef,
+  $try_sleep            = undef,
+
+  $deep_compare       = false,
+  $update_settle_secs = 600,
+) {
+  $action_chunk = $action ? {
+    undef   => '',
+    default => "action=\"${action}\"",
+  }
+  $plug_chunk = $plug ? {
+    undef   => '',
+    default => "plug=\"${plug}\"",
+  }
+  $port_chunk = $port ? {
+    undef   => '',
+    default => "port=\"${port}\"",
+  }
+  $ssl_insecure_chunk = $ssl_insecure ? {
+    undef   => '',
+    default => "ssl_insecure=\"${ssl_insecure}\"",
+  }
+  $namespace_chunk = $namespace ? {
+    undef   => '',
+    default => "namespace=\"${namespace}\"",
+  }
+  $kubeconfig_chunk = $kubeconfig ? {
+    undef   => '',
+    default => "kubeconfig=\"${kubeconfig}\"",
+  }
+  $quiet_chunk = $quiet ? {
+    undef   => '',
+    default => "quiet=\"${quiet}\"",
+  }
+  $verbose_chunk = $verbose ? {
+    undef   => '',
+    default => "verbose=\"${verbose}\"",
+  }
+  $verbose_level_chunk = $verbose_level ? {
+    undef   => '',
+    default => "verbose_level=\"${verbose_level}\"",
+  }
+  $debug_chunk = $debug ? {
+    undef   => '',
+    default => "debug=\"${debug}\"",
+  }
+  $debug_file_chunk = $debug_file ? {
+    undef   => '',
+    default => "debug_file=\"${debug_file}\"",
+  }
+  $separator_chunk = $separator ? {
+    undef   => '',
+    default => "separator=\"${separator}\"",
+  }
+  $delay_chunk = $delay ? {
+    undef   => '',
+    default => "delay=\"${delay}\"",
+  }
+  $disable_timeout_chunk = $disable_timeout ? {
+    undef   => '',
+    default => "disable_timeout=\"${disable_timeout}\"",
+  }
+  $login_timeout_chunk = $login_timeout ? {
+    undef   => '',
+    default => "login_timeout=\"${login_timeout}\"",
+  }
+  $power_timeout_chunk = $power_timeout ? {
+    undef   => '',
+    default => "power_timeout=\"${power_timeout}\"",
+  }
+  $power_wait_chunk = $power_wait ? {
+    undef   => '',
+    default => "power_wait=\"${power_wait}\"",
+  }
+  $shell_timeout_chunk = $shell_timeout ? {
+    undef   => '',
+    default => "shell_timeout=\"${shell_timeout}\"",
+  }
+  $stonith_status_sleep_chunk = $stonith_status_sleep ? {
+    undef   => '',
+    default => "stonith_status_sleep=\"${stonith_status_sleep}\"",
+  }
+  $retry_on_chunk = $retry_on ? {
+    undef   => '',
+    default => "retry_on=\"${retry_on}\"",
+  }
+
+  $pcmk_host_value_chunk = $pcmk_host_list ? {
+    undef   => '$(/usr/sbin/crm_node -n)',
+    default => $pcmk_host_list,
+  }
+
+  $meta_attr_value_chunk = $meta_attr ? {
+    undef   => '',
+    default => "meta ${meta_attr}",
+  }
+
+  # $title can be a mac address, remove the colons for pcmk resource name
+  $safe_title = regsubst($title, ':', '', 'G')
+
+  Exec<| title == 'wait-for-settle' |> -> Pcmk_stonith<||>
+
+  $param_string = "${action_chunk} ${plug_chunk} ${port_chunk} ${ssl_insecure_chunk} ${namespace_chunk} ${kubeconfig_chunk} ${quiet_chunk} ${verbose_chunk} ${verbose_level_chunk} ${debug_chunk} ${debug_file_chunk} ${separator_chunk} ${delay_chunk} ${disable_timeout_chunk} ${login_timeout_chunk} ${power_timeout_chunk} ${power_wait_chunk} ${shell_timeout_chunk} ${stonith_status_sleep_chunk} ${retry_on_chunk}  op monitor interval=${interval} ${meta_attr_value_chunk}"
+
+
+  pcmk_stonith { "stonith-fence_kubevirt-${safe_title}":
+    ensure             => $ensure,
+    stonith_type       => 'fence_kubevirt',
+    pcmk_host_list     => $pcmk_host_value_chunk,
+    pcs_param_string   => $param_string,
+    tries              => $tries,
+    try_sleep          => $try_sleep,
+    deep_compare       => $deep_compare,
+    update_settle_secs => $update_settle_secs,
+  }
+}
--- a/releasenotes/notes/fence_kubevirt-435249b87ac6c4a1.yaml
+++ b/releasenotes/notes/fence_kubevirt-435249b87ac6c4a1.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Adds support for fence_kubevirt fencing agent.