Hi Kazuhiko-san, On Wed, Mar 11, 2015 at 02:36:43PM +0900, 東一彦 wrote: > Hi, Dejan > > Thank you for the comment. > > I'd like to contribute it as glue stonith agents. > > So, I rename it to just "ec2". > > Would you please add it to glue repository (http://hg.linux-ha.org/glue/) ?
I just added your stonith agent. There were this change in the initial changeset: - replaced '-' which is not allowed in identifiers with '_' in function getinfo_xml(). There were other smaller changes. You can find them in the repository. I was not able to test it, hope it works :) Many thanks for the contribution. Cheers, Dejan > Regards, > Kazuhiko Higashi > > On 2015/03/06 2:38, Dejan Muhamedagic wrote: > >Hi, > > > >On Tue, Mar 03, 2015 at 05:13:49PM +0900, 東一彦 wrote: > >>Dear Markus, > >> > >>I was also thinking the same thing. > >>So, Already I've created a new one. > > > >Perhaps you'd like to then contribute it upstream? Either to > >glue stonith agents or RHT fencing agents. It appears that the > >agent is using the stonith interface, but the name reflects the > >fencing agents naming scheme. > > > >Cheers, > > > >Dejan > > > >>[ChangeSet] > >>- An API to be used was changed from "Amazon EC2 CLI" to "AWS CLI". > >> -- "AWS CLI" is based Python. So, CPU load might be reduced. > >> > >>- The "--private-key" and "--cert" options are deprecated in AWS CLI. > >> So, I add a new option "--profile". Use a specific profile from that > >> credential file. > >> default is "" > >> > >> > >>[How to use] > >>- Plaese install the "AWS CLI". > >> > >> http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html > >> > >>- Please copy the fence_ec2 in /usr/lib64/stonith/plugins/external/. > >> And , Please set the permissions to 755. > >> > >>- Please set crm settings as in this example. > >> - The instance that have been set as "node01" in the "Name" tag are > >> fence. > >> ------ > >> primitive prmStonith1-2 stonith:external/fence_ec2 \ > >> params \ > >> pcmk_off_timeout="300s" \ > >> port="node01" \ > >> tag="Name" \ > >> op start interval="0s" timeout="60s" \ > >> op monitor interval="3600s" timeout="60s" \ > >> op stop interval="0s" timeout="60s" > >> ------ > >> > >> > >>Regards, > >>Kazuhiko Higashi > >> > >>On 2015/02/25 7:22, Markus Guertler wrote: > >>>Dear list, > >>>I was just trying to configure the fence_ec2 stonith agent from 2012, > >>>written by Andrew Beekhof. It looks like, that this one not working > >>>anymore with newer stonith / cluster versions. Is there any other EC2 > >>>agent, that is still maintained? > >>> > >>>If not, I'll write one myself. However, I'd like to check all options > >>>first. > >>> > >>>Cheers, > >>>Markus > >>> > >>>_______________________________________________ > >>>Linux-HA mailing list > >>>Linux-HA@lists.linux-ha.org > >>>http://lists.linux-ha.org/mailman/listinfo/linux-ha > >>>See also: http://linux-ha.org/ReportingProblems > >>> > >> > >> > #!/bin/bash > > description=" > fence_ec2 is an I/O Fencing agent which can be used with Amazon EC2 instances. > > API functions used by this agent: > - aws ec2 describe-tags > - aws ec2 describe-instances > - aws ec2 stop-instances > - aws ec2 start-instances > - aws ec2 reboot-instances > > If the uname used by the cluster node is any of: > - Public DNS name (or part there of), > - Private DNS name (or part there of), > - Instance ID (eg. i-4f15a839) > - Contents of tag associated with the instance > then the agent should be able to automatically discover the instances it can > control. > > If the tag containing the uname is not [Name], then it will need to be > specified using the [tag] option. > " > > # > # Copyright (c) 2011-2013 Andrew Beekhof > # Copyright (c) 2014 NIPPON TELEGRAPH AND TELEPHONE CORPORATION > # All Rights Reserved. > # > # This program is free software; you can redistribute it and/or modify > # it under the terms of version 2 of the GNU General Public License as > # published by the Free Software Foundation. > # > # This program is distributed in the hope that it would be useful, but > # WITHOUT ANY WARRANTY; without even the implied warranty of > # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > # > # Further, this software is distributed without any warranty that it is > # free of the rightful claim of any third person regarding infringement > # or the like. Any license provided herein, whether implied or > # otherwise, applies only to this software file. Patent licenses, if > # any, provided herein do not apply to combinations of this program with > # other software, or any other product whatsoever. > # > # You should have received a copy of the GNU General Public License > # along with this program; if not, write the Free Software Foundation, > # Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA. > # > ####################################################################### > > quiet=0 > port_default="" > > instance_not_found=0 > unknown_are_stopped=0 > > action_default="reset" # Default fence action > ec2_tag_default="Name" # EC2 Tag containing the instance's uname > > sleep_time="1" > > ec2_tag=${tag} > > : ${ec2_tag=${ec2_tag_default}} > : ${port=${port_default}} > > function usage() > { > cat <<EOF > `basename $0` - A fencing agent for Amazon EC2 instances > > $description > > Usage: `basename $0` -o|--action [-n|--port] [options] > Options: > -h, --help This text > -V, --version Version information > -q, --quiet Reduced output mode > > Commands: > -o, --action Action to perform: on|off|reboot|status|monitor > -n, --port The name of a machine/instance to control/check > > Additional Options: > -p, --profile Use a specific profile from your credential > file. > -t, --tag Name of the tag containing the instance's uname > > Dangerous options: > -U, --unknown-are-stopped Assume any unknown instance is safely stopped > > EOF > exit 0; > } > > function getinfo-xml() > { > cat <<EOF > <parameters> > <parameter name="port" unique="1" required="1"> > <content type="string" /> > <shortdesc lang="en">The name/id/tag of a instance to > control/check</shortdesc> > </parameter> > <parameter name="profile" unique="0" required="0"> > <content type="string" default="default" /> > <shortdesc lang="en">Use a specific profile from your > credential file.</shortdesc> > </parameter> > <parameter name="tag" unique="0" required="1"> > <content type="string" default="Name" /> > <shortdesc lang="en">Name of the tag containing the instances > uname</shortdesc> > </parameter> > <parameter name="unknown_are_stopped" unique="0" required="0"> > <content type="string" default="false" /> > <shortdesc lang="en">DANGER: Assume any unknown instance is > safely stopped</shortdesc> > </parameter> > </parameters> > EOF > exit 0; > } > > function metadata() > { > cat <<EOF > <?xml version="1.0" ?> > <resource-agent name="fence_ec2" shortdesc="Fencing agent for Amazon EC2 > instances" > > <longdesc> > $description > </longdesc> > <parameters> > <parameter name="action" unique="0" required="1"> > <getopt mixed="-o, --action=[action]" /> > <content type="string" default="reboot" /> > <shortdesc lang="en">Fencing Action</shortdesc> > </parameter> > <parameter name="port" unique="1" required="1"> > <getopt mixed="-n, --port=[port]" /> > <content type="string" /> > <shortdesc lang="en">The name/id/tag of a instance to > control/check</shortdesc> > </parameter> > <parameter name="profile" unique="0" required="0"> > <getopt mixed="-p, --profile=[profile]" /> > <content type="string" default="default" /> > <shortdesc lang="en">Use a specific profile from your > credential file.</shortdesc> > </parameter> > <parameter name="tag" unique="0" required="1"> > <getopt mixed="-t, --tag=[tag]" /> > <content type="string" default="Name" /> > <shortdesc lang="en">Name of the tag containing the instances > uname</shortdesc> > </parameter> > <parameter name="unknown-are-stopped" unique="0" required="0"> > <getopt mixed="-U, --unknown-are-stopped" /> > <content type="string" default="false" /> > <shortdesc lang="en">DANGER: Assume any unknown instance is > safely stopped</shortdesc> > </parameter> > </parameters> > <actions> > <action name="on" /> > <action name="off" /> > <action name="reboot" /> > <action name="status" /> > <action name="list" /> > <action name="monitor" /> > <action name="metadata" /> > </actions> > </resource-agent> > EOF > exit 0; > } > > function instance_for_port() > { > local port=$1 > local instance="" > > # Look for port name -n in the INSTANCE data > instance=`aws ec2 describe-instances $options | grep > "^INSTANCES[[:space:]].*[[:space:]]$port[[:space:]]" | awk '{print $8}'` > if [ -z $instance ]; then > # Look for port name -n in the Name TAG > instance=`aws ec2 describe-tags $options | grep > "^TAGS[[:space:]]$ec2_tag[[:space:]].*[[:space:]]instance[[:space:]]$port$" | > awk '{print $3}'` > fi > > if [ -z $instance ]; then > instance_not_found=1 > instance=$port > fi > > echo $instance > } > > function instance_on() > { > aws ec2 start-instances $options --instance-ids $instance > } > > function instance_off() > { > if [ $unknown_are_stopped = 1 -a $instance_not_found ]; then > : nothing to do > ha_log.sh info "Assuming unknown instance $instance is already > off" > else > aws ec2 stop-instances $options --instance-ids $instance --force > fi > } > > function instance_status() > { > local instance=$1 > local status="unknown" > local rc=1 > > # List of instances and their current status > if [ $unknown_are_stopped = 1 -a $instance_not_found ]; then > ha_log.sh info "$instance stopped (unknown)" > else > status=`aws ec2 describe-instances $options --instance-ids > $instance | awk '{ > if (/^STATE¥t/) { printf "%s", $3 } > }'` > rc=$? > fi > ha_log.sh info "status check for $instance is $status" > echo $status > return $rc > } > > > TEMP=`getopt -o qVho:e:p:n:t:U --long > version,help,action:,port:,option:,profile:,tag:,quiet,unknown-are-stopped ¥ > -n 'fence_ec2' -- "$@"` > > if [ $? != 0 ];then > usage > exit 1 > fi > > # Note the quotes around `$TEMP': they are essential! > eval set -- "$TEMP" > > if [ -z $1 ]; then > # If there are no command line args, look for options from stdin > while read line; do > case $line in > option=*|action=*) action=`echo $line | sed s/.*=//`;; > port=*) port=`echo $line | sed s/.*=//`;; > profile=*) ec2_profile=`echo $line | sed s/.*=//`;; > tag=*) ec2_tag=`echo $line | sed s/.*=//`;; > quiet*) quiet=1;; > unknown-are-stopped*) unknown_are_stopped=1;; > --);; > *) ha_log.sh err "Invalid command: $line";; > esac > done > fi > > while true ; do > case "$1" in > -o|--action|--option) action=$2; shift; shift;; > -n|--port) port=$2; shift; shift;; > -p|--profile) ec2_profile=$2; shift; shift;; > -t|--tag) ec2_tag=$2; shift; shift;; > -U|--unknown-are-stopped) unknown_are_stopped=1; shift;; > -q|--quiet) quiet=1; shift;; > -V|--version) echo "1.0.0"; exit 0;; > --help|-h) > usage; > exit 0;; > --) shift ; break ;; > *) ha_log.sh err "Unknown option: $1. See --help for details."; > exit 1;; > esac > done > > [ -n "$1" ] && action=$1 > > if [ -z "$ec2_profile"]; then > options="--output text --profile default" > else > options="--output text --profile $ec2_profile " > fi > > action=`echo $action | tr 'A-Z' 'a-z'` > > case $action in > metadata) > metadata > ;; > getinfo-xml) > getinfo-xml > ;; > getconfignames) > for i in profile port tag > do > echo $i > done > exit 0 > ;; > getinfo-devid) > echo "EC2 STONITH device" > exit 0 > ;; > getinfo-devname) > echo "EC2 STONITH external device" > exit 0 > ;; > getinfo-devdescr) > echo "fence_ec2 is an I/O Fencing agent which can be used with > Amazon EC2 instances." > exit 0 > ;; > getinfo-devurl) > echo "" > exit 0 > ;; > esac > > # get my instance id > myinstance=`curl http://169.254.169.254/latest/meta-data/instance-id` > > # check my status. > # When the EC2 instance be stopped by the "aws ec2 stop-instances" , the stop > processing of the OS is executed. > # While the OS stop processing, Pacemaker can execute the STONITH processing. > # So, If my status is not "running", it determined that I was already fenced. > And to prevent fencing each other > # in split-brain, I don't fence other node. > if [ -z "$myinstance" ]; then > ha_log.sh err "Failed to get My Instance ID. so can not check my > status." > exit 1 > fi > mystatus=`instance_status $myinstance` > if [ "$mystatus" != "running" ]; then #do not fence > ha_log.sh warn "I was already fenced (My instance status=$mystatus). I > don't fence other node." > exit 1 > fi > > # get target's instance id > instance="" > if [ ! -z "$port" ]; then > instance=`instance_for_port $port $options` > fi > > case $action in > reboot|reset) > status=`instance_status $instance` > if [ "$status" != "stopped" ]; then > instance_off > fi > while true; > do > status=`instance_status $instance` > if [ "$status" = "stopped" ]; then > break > fi > sleep $sleep_time > done > instance_on > while true; > do > status=`instance_status $instance` > if [ "$status" = "running" ]; then > break > fi > sleep $sleep_time > done > ;; > poweron|on) > instance_on > while true; > do > status=`instance_status $instance` > if [ "$status" = "running" ]; then > break > fi > done > ;; > poweroff|off) > instance_off > while true; > do > status=`instance_status $instance` > if [ "$status" = "stopped" ]; then > break > fi > sleep $sleep_time > done > ;; > monitor) > # Is the device ok? > aws ec2 describe-instances $options | grep INSTANCES &> > /dev/null > ;; > gethosts|hostlist|list) > # List of names we know about > a=`aws ec2 describe-instances $options | awk -v > tag_pat="^TAGS¥t$ec2_tag¥t" -F '¥t' '{ > if (/^INSTANCES/) { printf "%s¥n", $8 } > else if ( $1"¥t"$2"¥t" ‾ tag_pat ) { printf "%s¥n", $3 } > }' | sort -u` > echo $a > ;; > stat|status) > instance_status $instance > /dev/null > ;; > *) ha_log.sh err "Unknown action: $action"; exit 1;; > esac > > status=$? > > if [ $quiet -eq 1 ]; then > : nothing > elif [ $status -eq 0 ]; then > ha_log.sh info "Operation $action passed" > else > ha_log.sh err "Operation $action failed: $status" > fi > exit $status > _______________________________________________ > Linux-HA mailing list > Linux-HA@lists.linux-ha.org > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems _______________________________________________ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
