fuel-plugin-neutron-vpnaas/deployment_scripts/puppet/modules/vpnaas/files/ocf/ocf-neutron-vpn-agent

#!/bin/bash
#
#
# OpenStack L3 Service (neutron-vpn-agent)
#
# Description:  Manages an OpenStack L3 Service (neutron-vpn-agent) process as an HA resource
#
# Authors: Emilien Macchi
# Mainly inspired by the Nova Network resource agent written by Emilien Macchi & Sebastien Han
#
# Support:      openstack@lists.launchpad.net
# License:      Apache Software License (ASL) 2.0
#
#
# See usage() function below for more details ...
#
# OCF instance parameters:
#   OCF_RESKEY_binary
#   OCF_RESKEY_config
#   OCF_RESKEY_vpn_config
#   OCF_RESKEY_plugin_config
#   OCF_RESKEY_log_file
#   OCF_RESKEY_user
#   OCF_RESKEY_pid
#   OCF_RESKEY_external_bridge

#######################################################################
# Initialization:

: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs

#######################################################################

# Fill in some defaults if no values are specified

PATH=/sbin:/usr/sbin:/bin:/usr/bin

OCF_RESKEY_binary_default="neutron-vpn-agent"
OCF_RESKEY_config_default="/etc/neutron/neutron.conf"
OCF_RESKEY_plugin_config_default="/etc/neutron/l3_agent.ini"
OCF_RESKEY_vpn_config_default="/etc/neutron/vpn_agent.ini"
OCF_RESKEY_user_default="neutron"
OCF_RESKEY_pid_default="${HA_RSCTMP}/${__SCRIPT_NAME}/${__SCRIPT_NAME}.pid"
OCF_RESKEY_external_bridge_default="br-ex"
OCF_RESKEY_log_file_default="/var/log/neutron/vpn-agent.log"
OCF_RESKEY_remove_artifacts_on_stop_start_default='true'

: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}}
: ${OCF_RESKEY_config=${OCF_RESKEY_config_default}}
: ${OCF_RESKEY_vpn_config=${OCF_RESKEY_vpn_config_default}}
: ${OCF_RESKEY_plugin_config=${OCF_RESKEY_plugin_config_default}}
: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}}
: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}}
: ${OCF_RESKEY_external_bridge=${OCF_RESKEY_external_bridge_default}}
: ${OCF_RESKEY_log_file=${OCF_RESKEY_log_file_default}}
: ${OCF_RESKEY_remove_artifacts_on_stop_start=${OCF_RESKEY_remove_artifacts_on_stop_start_default}}

#######################################################################

usage() {
    cat <<UEND
        usage: $0 (start|stop|validate-all|meta-data|status|monitor)

        $0 manages an OpenStack L3 Service (neutron-vpn-agent) process as an HA resource

        The 'start' operation starts the networking service.
        The 'stop' operation stops the networking service.
        The 'reload' operation restarts the networking service without removing any artifacts
        The 'validate-all' operation reports whether the parameters are valid
        The 'meta-data' operation reports this RA's meta-data information
        The 'status' operation reports whether the networking service is running
        The 'monitor' operation reports whether the networking service seems to be working

UEND
}

meta_data() {
    cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="neutron-vpn-agent">
<version>1.0</version>

<longdesc lang="en">
Resource agent for the OpenStack VPN agent (neutron-vpn-agent)
May manage a neutron-vpn-agent instance or a clone set that
creates a distributed neutron-vpn-agent cluster.
</longdesc>
<shortdesc lang="en">Manages the OpenStack L3 Service (neutron-vpn-agent)</shortdesc>
<parameters>

<parameter name="dummy" unique="1">
<longdesc lang="en">
This is a dummy parameter.
Pacemaker needs it to enable reload operation for the resource
</longdesc>
<shortdesc lang="en">Dummy parameter</shortdesc>
<content type="boolean" default="false" />
</parameter>

<parameter name="binary" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack VPN agent server binary (neutron-vpn-agent)
</longdesc>
<shortdesc lang="en">OpenStack VPN agent server binary (neutron-vpn-agent)</shortdesc>
<content type="string" default="${OCF_RESKEY_binary_default}" />
</parameter>

<parameter name="config" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack VPN agent (neutron-server) configuration file
</longdesc>
<shortdesc lang="en">OpenStack VPN agent (neutron-server) config file</shortdesc>
<content type="string" default="${OCF_RESKEY_config_default}" />
</parameter>

<parameter name="plugin_config" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack L3 Service (neutron-vpn-agent) configuration file
</longdesc>
<shortdesc lang="en">OpenStack VPN agent (neutron-vpn-agent) config file</shortdesc>
<content type="string" default="${OCF_RESKEY_plugin_config_default}" />
</parameter>

<parameter name="vpn_config" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack L3 Service (neutron-vpn-agent) configuration file
</longdesc>
<shortdesc lang="en">OpenStack Router (neutron-vpn-agent) config file</shortdesc>
<content type="string" default="${OCF_RESKEY_vpn_config_default}" />
</parameter>

<parameter name="user" unique="0" required="0">
<longdesc lang="en">
User running OpenStack L3 Service (neutron-vpn-agent)
</longdesc>
<shortdesc lang="en">OpenStack L3 Service (neutron-vpn-agent) user</shortdesc>
<content type="string" default="${OCF_RESKEY_user_default}" />
</parameter>

<parameter name="pid" unique="0" required="0">
<longdesc lang="en">
The pid file to use for this OpenStack L3 Service (neutron-vpn-agent) instance
</longdesc>
<shortdesc lang="en">OpenStack L3 Service (neutron-vpn-agent) pid file</shortdesc>
<content type="string" default="${OCF_RESKEY_pid_default}" />
</parameter>

<parameter name="log_file" unique="0" required="0">
<longdesc lang="en">
The log file to use for this OpenStack L3 Service (neutron-vpn-agent) instance
</longdesc>
<shortdesc lang="en">OpenStack L3 Service (neutron-vpn-agent) log file</shortdesc>
<content type="string" default="${OCF_RESKEY_log_file_default}" />
</parameter>

<parameter name="external_bridge" unique="0" required="0">
<longdesc lang="en">
External bridge for l3-agent
</longdesc>
<shortdesc lang="en">External bridge</shortdesc>
<content type="string" />
</parameter>

<parameter name="remove_artifacts_on_stop_start" unique="0" required="0">
<longdesc lang="en">
Clean up all resources created by Neutron VPN agent, such as additional processes,
network namespaces, created interfaces, on agent stop and start.
</longdesc>
<shortdesc lang="en">Clean up all resources created by VPN agent on its start and stop</shortdesc>
<content type="string" />
</parameter>



</parameters>

<actions>
<action name="start" timeout="20" />
<action name="stop" timeout="20" />
<action name="reload" timeout="30" />
<action name="status" timeout="20" />
<action name="monitor" timeout="30" interval="20" />
<action name="validate-all" timeout="5" />
<action name="meta-data" timeout="5" />
</actions>
</resource-agent>
END
}

get_worker_pid() {
    local options
    local pid
    # FIXME: Remove if condition and set 'falo' statically once Fuel
    # discontinue support of Ubuntu 12.04 and CentOs 6.x where -a was not defined.
    if pgrep -V | awk 'match($0, /[0-9]\.[0-9].*/) {if (substr($0, RSTART, RLENGTH) < 3.3) {exit 1}}'; then
      options='falo'
    else
      options='flo'
    fi
    pid=`pgrep -u ${OCF_RESKEY_user} -${options} ${OCF_RESKEY_binary} | awk '/python \/usr\/bin/ {print $1}'`
    echo $pid
}

#######################################################################
# Functions invoked by resource manager actions

neutron_vpn_agent_validate() {
    local rc

    check_binary $OCF_RESKEY_binary
    check_binary netstat

    # A config file on shared storage that is not available
    # during probes is OK.
    if [ ! -f $OCF_RESKEY_config ]; then
        if ! ocf_is_probe; then
            ocf_log err "Config $OCF_RESKEY_config doesn't exist"
            return $OCF_ERR_INSTALLED
        fi
        ocf_log_warn "Config $OCF_RESKEY_config not available during a probe"
    fi

    getent passwd $OCF_RESKEY_user >/dev/null 2>&1
    rc=$?
    if [ $rc -ne 0 ]; then
        ocf_log err "User $OCF_RESKEY_user doesn't exist"
        return $OCF_ERR_INSTALLED
    fi

    true
}

neutron_vpn_agent_status() {
    local pid
    local f_pid
    local rc

    # check and make PID file dir
    local PID_DIR="$( dirname ${OCF_RESKEY_pid} )"
    if [ ! -d "${PID_DIR}" ] ; then
        ocf_log debug "Create pid file dir: ${PID_DIR} and chown to ${OCF_RESKEY_user}"
        mkdir -p "${PID_DIR}"
        chown -R ${OCF_RESKEY_user} "${PID_DIR}"
        chmod 755 "${PID_DIR}"
    fi

    pid=`get_worker_pid`
    if [ "xxx$pid" == "xxx" ] ; then
        ocf_log warn "OpenStack Neutron agent '$OCF_RESKEY_binary' not running."
        return $OCF_NOT_RUNNING
    fi
    #ocf_log debug "PID='$pid'"

    # Check PID file and create if need
    if [ ! -f $OCF_RESKEY_pid ] ; then
        ocf_log warn "OpenStack Neutron agent (${OCF_RESKEY_binary}) was run, but no PID file found."
        ocf_log warn "Writing PID='$pid' to '$OCF_RESKEY_pid' for '${OCF_RESKEY_binary}' worker..."
        echo $pid > $OCF_RESKEY_pid
        return $OCF_SUCCESS
    fi

    # compare PID from file with PID from `pgrep...`
    f_pid=`cat $OCF_RESKEY_pid | tr '\n' ' ' | awk '{print $1}'`
    if [ "xxx$pid" == "xxx$f_pid" ]; then
        return $OCF_SUCCESS
    fi

    # at this point we have PID file and PID from it
    # differents with PID from `pgrep...`
    if [ ! -d "/proc/$f_pid" ] || [ "xxx$f_pid" == "xxx" ] ; then
        # process with PID from PID-file not found
        ocf_log warn "Old PID file $OCF_RESKEY_pid found, but no running processes with PID=$f_pid found."
        ocf_log warn "PID-file will be re-created (with PID=$pid)."
        echo $pid > $OCF_RESKEY_pid
        return $OCF_SUCCESS
    fi

    # at this point we have alien PID-file and running prosess with this PID.
    ocf_log warn "Another daemon (with PID=$f_pid) running with PID file '$OCF_RESKEY_pid'. My PID=$pid"
    return $OCF_ERR_GENERIC
}


neutron_vpn_agent_monitor() {
    neutron_vpn_agent_status
    rc=$?
    return $rc

}


neutron_vpn_agent_start() {
    local rc
    # This variable is overridden by reload operation
    # to perform fast resource restart
    local remove_artifacts_on_stop_start=${1:-$OCF_RESKEY_remove_artifacts_on_stop_start}

    neutron_vpn_agent_status
    rc=$?
    if [ $rc -eq $OCF_SUCCESS ]; then
        ocf_log info "OpenStack neutron-vpn-agent already running"
        return $OCF_SUCCESS
    fi

    if ocf_is_true "$remove_artifacts_on_stop_start"; then
        neutron-netns-cleanup --agent-type=l3 --force --config-file $OCF_RESKEY_config
    fi

    # run and detach to background agent as daemon.
    # Don't use ocf_run as we're sending the tool's output to /dev/null
    su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} --config-file=$OCF_RESKEY_config \
        --config-file=$OCF_RESKEY_plugin_config --config-file=$OCF_RESKEY_vpn_config --log-file=$OCF_RESKEY_log_file \
        >> /dev/null"' 2>&1 & echo \$! > $OCF_RESKEY_pid'
    ocf_log debug "Create pid file: ${OCF_RESKEY_pid} with content $(cat ${OCF_RESKEY_pid})"

    # Spin waiting for the server to come up.
    # Let the CRM/LRM time us out if required
    while true; do
        neutron_vpn_agent_monitor
        rc=$?
        [ $rc -eq $OCF_SUCCESS ] && break
        if [ $rc -ne $OCF_NOT_RUNNING ] ; then
            ocf_log err "OpenStack neutron-vpn-agent start failed"
            exit $OCF_ERR_GENERIC
        fi
        sleep 3
    done

    ocf_log info "OpenStack VPN agent (neutron-vpn-agent) started"
    return $OCF_SUCCESS
}

neutron_vpn_agent_stop() {
    local rc
    local pid
    # This variable is overridden by reload operation
    # to perform fast resource restart
    local remove_artifacts_on_stop_start=${1:-$OCF_RESKEY_remove_artifacts_on_stop_start}

    neutron_vpn_agent_status
    rc=$?
    if [ $rc -eq $OCF_NOT_RUNNING ]; then
        if ocf_is_true "$remove_artifacts_on_stop_start"; then
            neutron-netns-cleanup --agent-type=l3 --force --config-file $OCF_RESKEY_config
        fi
        ocf_log info "OpenStack VPN agent ($OCF_RESKEY_binary) already stopped"
        return $OCF_SUCCESS
    fi

    # Terminate agent daemon
    pid=`get_worker_pid`
    shutdown_timeout=15
    iteration_time=1

    if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then
        shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-6))
    fi

    clock=0

    # Try to terminate gracefully
    while [ -d /proc/${pid}/ ] && [ $clock -lt $shutdown_timeout ]; do
        ocf_log debug "Stopping VPN agent (${OCF_RESKEY_binary}) gracefully with SIGTERM"
        ocf_run kill -s TERM ${pid}

        sleep $iteration_time
        ((clock+=$iteration_time))
    done

    # Send kill signal if process is still up
    if [ -d /proc/${pid}/ ] ; then
        ocf_log debug "Killing VPN agent (${OCF_RESKEY_binary}) with SIGKILL"
        ocf_run kill -s KILL ${pid}

        sleep 1
        if [ -d /proc/${pid}/ ] ; then
            ocf_log err "OpenStack VPN agent (${OCF_RESKEY_binary}) stop failed"
            return $OCF_ERR_GENERIC
        fi
    fi

    ocf_log info "OpenStack VPN agent ($OCF_RESKEY_binary) stopped"

    ocf_log debug "Delete pid file: ${OCF_RESKEY_pid} with content $(cat ${OCF_RESKEY_pid})"
    rm -f $OCF_RESKEY_pid

    if ocf_is_true "$remove_artifacts_on_stop_start"; then
        neutron-netns-cleanup --agent-type=l3 --force --config-file $OCF_RESKEY_config
    fi

    return $OCF_SUCCESS
}

neutron_vpn_agent_reload() {
    # Call stop and start without removing artifacts
    neutron_vpn_agent_stop false
    neutron_vpn_agent_start false
}
#######################################################################

case "$1" in
  meta-data)    meta_data
                exit $OCF_SUCCESS;;
  usage|help)   usage
                exit $OCF_SUCCESS;;
esac

# Anything except meta-data and help must pass validation
neutron_vpn_agent_validate || exit $?
umask 0022

# What kind of method was invoked?
case "$1" in
  start)        neutron_vpn_agent_start;;
  stop)         neutron_vpn_agent_stop;;
  reload)       neutron_vpn_agent_reload;;
  status)       neutron_vpn_agent_status;;
  monitor)      neutron_vpn_agent_monitor;;
  validate-all) ;;
  *)            usage
                exit $OCF_ERR_UNIMPLEMENTED;;
esac