Dear Markus,
I was also thinking the same thing.
So, Already I've created a new one.
[ChangeSet]
- An API to be used was changed from "Amazon EC2 CLI" to "AWS CLI".
-- "AWS CLI" is based Python. So, CPU load might be reduced.
- The "--private-key" and "--cert" options are deprecated in AWS CLI.
So, I add a new option "--profile". Use a specific profile from that
credential file.
default is ""
[How to use]
- Plaese install the "AWS CLI".
http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
- Please copy the fence_ec2 in /usr/lib64/stonith/plugins/external/.
And , Please set the permissions to 755.
- Please set crm settings as in this example.
- The instance that have been set as "node01" in the "Name" tag are fence.
------
primitive prmStonith1-2 stonith:external/fence_ec2 \
params \
pcmk_off_timeout="300s" \
port="node01" \
tag="Name" \
op start interval="0s" timeout="60s" \
op monitor interval="3600s" timeout="60s" \
op stop interval="0s" timeout="60s"
------
Regards,
Kazuhiko Higashi
On 2015/02/25 7:22, Markus Guertler wrote:
Dear list,
I was just trying to configure the fence_ec2 stonith agent from 2012, written
by Andrew Beekhof. It looks like, that this one not working anymore with newer
stonith / cluster versions. Is there any other EC2 agent, that is still
maintained?
If not, I'll write one myself. However, I'd like to check all options first.
Cheers,
Markus
_______________________________________________
Linux-HA mailing list
Linux-HA@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
#!/bin/bash
description="
fence_ec2 is an I/O Fencing agent which can be used with Amazon EC2 instances.
API functions used by this agent:
- aws ec2 describe-tags
- aws ec2 describe-instances
- aws ec2 stop-instances
- aws ec2 start-instances
- aws ec2 reboot-instances
If the uname used by the cluster node is any of:
- Public DNS name (or part there of),
- Private DNS name (or part there of),
- Instance ID (eg. i-4f15a839)
- Contents of tag associated with the instance
then the agent should be able to automatically discover the instances it can
control.
If the tag containing the uname is not [Name], then it will need to be
specified using the [tag] option.
"
#
# Copyright (c) 2011-2013 Andrew Beekhof
# Copyright (c) 2014 NIPPON TELEGRAPH AND TELEPHONE CORPORATION
# All Rights Reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of version 2 of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Further, this software is distributed without any warranty that it is
# free of the rightful claim of any third person regarding infringement
# or the like. Any license provided herein, whether implied or
# otherwise, applies only to this software file. Patent licenses, if
# any, provided herein do not apply to combinations of this program with
# other software, or any other product whatsoever.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA.
#
#######################################################################
quiet=0
port_default=""
instance_not_found=0
unknown_are_stopped=0
action_default="reset" # Default fence action
ec2_tag_default="Name" # EC2 Tag containing the instance's uname
sleep_time="1"
ec2_tag=${tag}
: ${ec2_tag=${ec2_tag_default}}
: ${port=${port_default}}
function usage()
{
cat <<EOF
`basename $0` - A fencing agent for Amazon EC2 instances
$description
Usage: `basename $0` -o|--action [-n|--port] [options]
Options:
-h, --help This text
-V, --version Version information
-q, --quiet Reduced output mode
Commands:
-o, --action Action to perform: on|off|reboot|status|monitor
-n, --port The name of a machine/instance to control/check
Additional Options:
-p, --profile Use a specific profile from your credential file.
-t, --tag Name of the tag containing the instance's uname
Dangerous options:
-U, --unknown-are-stopped Assume any unknown instance is safely stopped
EOF
exit 0;
}
function getinfo-xml()
{
cat <<EOF
<parameters>
<parameter name="port" unique="1" required="1">
<content type="string" />
<shortdesc lang="en">The name/id/tag of a instance to
control/check</shortdesc>
</parameter>
<parameter name="profile" unique="0" required="0">
<content type="string" default="default" />
<shortdesc lang="en">Use a specific profile from your
credential file.</shortdesc>
</parameter>
<parameter name="tag" unique="0" required="1">
<content type="string" default="Name" />
<shortdesc lang="en">Name of the tag containing the instances
uname</shortdesc>
</parameter>
<parameter name="unknown_are_stopped" unique="0" required="0">
<content type="string" default="false" />
<shortdesc lang="en">DANGER: Assume any unknown instance is
safely stopped</shortdesc>
</parameter>
</parameters>
EOF
exit 0;
}
function metadata()
{
cat <<EOF
<?xml version="1.0" ?>
<resource-agent name="fence_ec2" shortdesc="Fencing agent for Amazon EC2
instances" >
<longdesc>
$description
</longdesc>
<parameters>
<parameter name="action" unique="0" required="1">
<getopt mixed="-o, --action=[action]" />
<content type="string" default="reboot" />
<shortdesc lang="en">Fencing Action</shortdesc>
</parameter>
<parameter name="port" unique="1" required="1">
<getopt mixed="-n, --port=[port]" />
<content type="string" />
<shortdesc lang="en">The name/id/tag of a instance to
control/check</shortdesc>
</parameter>
<parameter name="profile" unique="0" required="0">
<getopt mixed="-p, --profile=[profile]" />
<content type="string" default="default" />
<shortdesc lang="en">Use a specific profile from your
credential file.</shortdesc>
</parameter>
<parameter name="tag" unique="0" required="1">
<getopt mixed="-t, --tag=[tag]" />
<content type="string" default="Name" />
<shortdesc lang="en">Name of the tag containing the instances
uname</shortdesc>
</parameter>
<parameter name="unknown-are-stopped" unique="0" required="0">
<getopt mixed="-U, --unknown-are-stopped" />
<content type="string" default="false" />
<shortdesc lang="en">DANGER: Assume any unknown instance is
safely stopped</shortdesc>
</parameter>
</parameters>
<actions>
<action name="on" />
<action name="off" />
<action name="reboot" />
<action name="status" />
<action name="list" />
<action name="monitor" />
<action name="metadata" />
</actions>
</resource-agent>
EOF
exit 0;
}
function instance_for_port()
{
local port=$1
local instance=""
# Look for port name -n in the INSTANCE data
instance=`aws ec2 describe-instances $options | grep
"^INSTANCES[[:space:]].*[[:space:]]$port[[:space:]]" | awk '{print $8}'`
if [ -z $instance ]; then
# Look for port name -n in the Name TAG
instance=`aws ec2 describe-tags $options | grep
"^TAGS[[:space:]]$ec2_tag[[:space:]].*[[:space:]]instance[[:space:]]$port$" |
awk '{print $3}'`
fi
if [ -z $instance ]; then
instance_not_found=1
instance=$port
fi
echo $instance
}
function instance_on()
{
aws ec2 start-instances $options --instance-ids $instance
}
function instance_off()
{
if [ $unknown_are_stopped = 1 -a $instance_not_found ]; then
: nothing to do
ha_log.sh info "Assuming unknown instance $instance is already
off"
else
aws ec2 stop-instances $options --instance-ids $instance --force
fi
}
function instance_status()
{
local instance=$1
local status="unknown"
local rc=1
# List of instances and their current status
if [ $unknown_are_stopped = 1 -a $instance_not_found ]; then
ha_log.sh info "$instance stopped (unknown)"
else
status=`aws ec2 describe-instances $options --instance-ids
$instance | awk '{
if (/^STATE\t/) { printf "%s", $3 }
}'`
rc=$?
fi
ha_log.sh info "status check for $instance is $status"
echo $status
return $rc
}
TEMP=`getopt -o qVho:e:p:n:t:U --long
version,help,action:,port:,option:,profile:,tag:,quiet,unknown-are-stopped \
-n 'fence_ec2' -- "$@"`
if [ $? != 0 ];then
usage
exit 1
fi
# Note the quotes around `$TEMP': they are essential!
eval set -- "$TEMP"
if [ -z $1 ]; then
# If there are no command line args, look for options from stdin
while read line; do
case $line in
option=*|action=*) action=`echo $line | sed s/.*=//`;;
port=*) port=`echo $line | sed s/.*=//`;;
profile=*) ec2_profile=`echo $line | sed s/.*=//`;;
tag=*) ec2_tag=`echo $line | sed s/.*=//`;;
quiet*) quiet=1;;
unknown-are-stopped*) unknown_are_stopped=1;;
--);;
*) ha_log.sh err "Invalid command: $line";;
esac
done
fi
while true ; do
case "$1" in
-o|--action|--option) action=$2; shift; shift;;
-n|--port) port=$2; shift; shift;;
-p|--profile) ec2_profile=$2; shift; shift;;
-t|--tag) ec2_tag=$2; shift; shift;;
-U|--unknown-are-stopped) unknown_are_stopped=1; shift;;
-q|--quiet) quiet=1; shift;;
-V|--version) echo "1.0.0"; exit 0;;
--help|-h)
usage;
exit 0;;
--) shift ; break ;;
*) ha_log.sh err "Unknown option: $1. See --help for details.";
exit 1;;
esac
done
[ -n "$1" ] && action=$1
if [ -z "$ec2_profile"]; then
options="--output text --profile default"
else
options="--output text --profile $ec2_profile "
fi
action=`echo $action | tr 'A-Z' 'a-z'`
case $action in
metadata)
metadata
;;
getinfo-xml)
getinfo-xml
;;
getconfignames)
for i in profile port tag
do
echo $i
done
exit 0
;;
getinfo-devid)
echo "EC2 STONITH device"
exit 0
;;
getinfo-devname)
echo "EC2 STONITH external device"
exit 0
;;
getinfo-devdescr)
echo "fence_ec2 is an I/O Fencing agent which can be used with
Amazon EC2 instances."
exit 0
;;
getinfo-devurl)
echo ""
exit 0
;;
esac
# get my instance id
myinstance=`curl http://169.254.169.254/latest/meta-data/instance-id`
# check my status.
# When the EC2 instance be stopped by the "aws ec2 stop-instances" , the stop
processing of the OS is executed.
# While the OS stop processing, Pacemaker can execute the STONITH processing.
# So, If my status is not "running", it determined that I was already fenced.
And to prevent fencing each other
# in split-brain, I don't fence other node.
if [ -z "$myinstance" ]; then
ha_log.sh err "Failed to get My Instance ID. so can not check my
status."
exit 1
fi
mystatus=`instance_status $myinstance`
if [ "$mystatus" != "running" ]; then #do not fence
ha_log.sh warn "I was already fenced (My instance status=$mystatus). I
don't fence other node."
exit 1
fi
# get target's instance id
instance=""
if [ ! -z "$port" ]; then
instance=`instance_for_port $port $options`
fi
case $action in
reboot|reset)
status=`instance_status $instance`
if [ "$status" != "stopped" ]; then
instance_off
fi
while true;
do
status=`instance_status $instance`
if [ "$status" = "stopped" ]; then
break
fi
sleep $sleep_time
done
instance_on
while true;
do
status=`instance_status $instance`
if [ "$status" = "running" ]; then
break
fi
sleep $sleep_time
done
;;
poweron|on)
instance_on
while true;
do
status=`instance_status $instance`
if [ "$status" = "running" ]; then
break
fi
done
;;
poweroff|off)
instance_off
while true;
do
status=`instance_status $instance`
if [ "$status" = "stopped" ]; then
break
fi
sleep $sleep_time
done
;;
monitor)
# Is the device ok?
aws ec2 describe-instances $options | grep INSTANCES &>
/dev/null
;;
gethosts|hostlist|list)
# List of names we know about
a=`aws ec2 describe-instances $options | awk -v
tag_pat="^TAGS\t$ec2_tag\t" -F '\t' '{
if (/^INSTANCES/) { printf "%s\n", $8 }
else if ( $1"\t"$2"\t" ~ tag_pat ) { printf "%s\n", $3 }
}' | sort -u`
echo $a
;;
stat|status)
instance_status $instance > /dev/null
;;
*) ha_log.sh err "Unknown action: $action"; exit 1;;
esac
status=$?
if [ $quiet -eq 1 ]; then
: nothing
elif [ $status -eq 0 ]; then
ha_log.sh info "Operation $action passed"
else
ha_log.sh err "Operation $action failed: $status"
fi
exit $status
_______________________________________________
Linux-HA mailing list
Linux-HA@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
