Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
resource-agents.21849
ECO-SLE-18232.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ECO-SLE-18232.diff of Package resource-agents.21849
diff -ru resource-agents-4.4.0+git57.70549516-orig/heartbeat/awseip resource-agents-4.4.0+git57.70549516/heartbeat/awseip --- resource-agents-4.4.0+git57.70549516-orig/heartbeat/awseip 2020-02-24 12:23:11.000000000 +0100 +++ resource-agents-4.4.0+git57.70549516/heartbeat/awseip 2021-06-16 13:51:36.222454479 +0200 @@ -149,12 +149,12 @@ awseip_monitor && return $OCF_SUCCESS if [ -n "${PRIVATE_IP_ADDRESS}" ]; then - NETWORK_INTERFACES_MACS="$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/)" + NETWORK_INTERFACES_MACS=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/ -H "X-aws-ec2-metadata-token: $TOKEN") for MAC in ${NETWORK_INTERFACES_MACS}; do - curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/local-ipv4s | + curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/local-ipv4s -H "X-aws-ec2-metadata-token: $TOKEN" | grep -q "^${PRIVATE_IP_ADDRESS}$" if [ $? -eq 0 ]; then - NETWORK_ID="$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/interface-id)" + NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN") fi done $AWSCLI --profile $OCF_RESKEY_profile ec2 associate-address \ @@ -244,7 +244,8 @@ ELASTIC_IP="${OCF_RESKEY_elastic_ip}" ALLOCATION_ID="${OCF_RESKEY_allocation_id}" PRIVATE_IP_ADDRESS="${OCF_RESKEY_private_ip_address}" -INSTANCE_ID="$(curl -s http://169.254.169.254/latest/meta-data/instance-id)" +TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") +INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN") case $__OCF_ACTION in start) diff -ru resource-agents-4.4.0+git57.70549516-orig/heartbeat/awsvip resource-agents-4.4.0+git57.70549516/heartbeat/awsvip --- resource-agents-4.4.0+git57.70549516-orig/heartbeat/awsvip 2020-02-24 12:23:11.000000000 +0100 +++ resource-agents-4.4.0+git57.70549516/heartbeat/awsvip 2021-06-16 13:51:47.934374057 +0200 @@ -172,7 +172,7 @@ --instance-id "${INSTANCE_ID}" \ --query 'Reservations[].Instances[].NetworkInterfaces[].PrivateIpAddresses[].PrivateIpAddress[]' \ --output text | \ - grep -q "${SECONDARY_PRIVATE_IP}" + grep -qE "(^|\s)${SECONDARY_PRIVATE_IP}(\s|$)" RET=$? if [ $RET -ne 0 ]; then @@ -206,9 +206,10 @@ AWSCLI="${OCF_RESKEY_awscli}" SECONDARY_PRIVATE_IP="${OCF_RESKEY_secondary_private_ip}" -INSTANCE_ID="$(curl -s http://169.254.169.254/latest/meta-data/instance-id)" -MAC_ADDRESS="$(curl -s http://169.254.169.254/latest/meta-data/mac)" -NETWORK_ID="$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDRESS}/interface-id)" +TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") +INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN") +MAC_ADDRESS=$(curl -s http://169.254.169.254/latest/meta-data/mac -H "X-aws-ec2-metadata-token: $TOKEN") +NETWORK_ID=$(curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDRESS}/interface-id -H "X-aws-ec2-metadata-token: $TOKEN") case $__OCF_ACTION in start) diff -ru resource-agents-4.4.0+git57.70549516-orig/heartbeat/aws-vpc-move-ip resource-agents-4.4.0+git57.70549516/heartbeat/aws-vpc-move-ip --- resource-agents-4.4.0+git57.70549516-orig/heartbeat/aws-vpc-move-ip 2020-02-24 12:23:11.000000000 +0100 +++ resource-agents-4.4.0+git57.70549516/heartbeat/aws-vpc-move-ip 2021-06-16 13:50:38.246852580 +0200 @@ -37,19 +37,27 @@ # Defaults OCF_RESKEY_awscli_default="/usr/bin/aws" OCF_RESKEY_profile_default="default" +OCF_RESKEY_region_default="" OCF_RESKEY_ip_default="" OCF_RESKEY_address_default="" OCF_RESKEY_routing_table_default="" +OCF_RESKEY_routing_table_role_default="" OCF_RESKEY_interface_default="eth0" OCF_RESKEY_monapi_default="false" +OCF_RESKEY_lookup_type_default="InstanceId" : ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} : ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}} +: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}} : ${OCF_RESKEY_ip=${OCF_RESKEY_ip_default}} : ${OCF_RESKEY_address=${OCF_RESKEY_address_default}} : ${OCF_RESKEY_routing_table=${OCF_RESKEY_routing_table_default}} +: ${OCF_RESKEY_routing_table_role=${OCF_RESKEY_routing_table_role_default}} : ${OCF_RESKEY_interface=${OCF_RESKEY_interface_default}} : ${OCF_RESKEY_monapi=${OCF_RESKEY_monapi_default}} +: ${OCF_RESKEY_lookup_type=${OCF_RESKEY_lookup_type_default}} + +[ -n "$OCF_RESKEY_region" ] && region_opt="--region $OCF_RESKEY_region" ####################################################################### @@ -93,6 +101,14 @@ <content type="string" default="${OCF_RESKEY_profile_default}" /> </parameter> +<parameter name="region"> +<longdesc lang="en"> +Valid AWS region name (e.g., 'us-west-2') +</longdesc> +<shortdesc lang="en">region name</shortdesc> +<content type="string" default="${OCF_RESKEY_region_default}" /> +</parameter> + <parameter name="ip" required="1"> <longdesc lang="en"> VPC private IP address @@ -117,6 +133,14 @@ <content type="string" default="${OCF_RESKEY_routing_table_default}" /> </parameter> +<parameter name="routing_table_role" required="0"> +<longdesc lang="en"> +Role to use to query/update the route table +</longdesc> +<shortdesc lang="en">route table query/update role</shortdesc> +<content type="string" default="${OCF_RESKEY_routing_table_role_default}" /> +</parameter> + <parameter name="interface" required="1"> <longdesc lang="en"> Name of the network interface, i.e. eth0 @@ -132,6 +156,17 @@ <shortdesc lang="en">Enhanced Monitoring</shortdesc> <content type="boolean" default="${OCF_RESKEY_monapi_default}" /> </parameter> + +<parameter name="lookup_type" required="0"> +<longdesc lang="en"> +Name of resource type to lookup in route table. +"InstanceId" : EC2 instance ID. (default) +"NetworkInterfaceId" : ENI ID. (useful in shared VPC setups). +</longdesc> +<shortdesc lang="en">lookup type for route table resource</shortdesc> +<content type="string" default="${OCF_RESKEY_lookup_type_default}" /> +</parameter> + </parameters> <actions> @@ -145,15 +180,33 @@ END } + +execute_cmd_as_role(){ + cmd=$1 + role=$2 + output="$($OCF_RESKEY_awscli sts assume-role --role-arn $role --role-session-name AWSCLI-RouteTableUpdate --profile $OCF_RESKEY_profile $region_opt --output=text)" + export AWS_ACCESS_KEY_ID="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $5}')" + export AWS_SECRET_ACCESS_KEY="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $7}')" + export AWS_SESSION_TOKEN="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $8}')" + + #Execute command + ocf_log debug "Assumed Role ${role}" + ocf_log debug "$($OCF_RESKEY_awscli sts get-caller-identity)" + ocf_log debug "executing command: $cmd" + response="$($cmd)" + unset output AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN + echo $response +} + ec2ip_set_address_param_compat(){ # Include backward compatibility for the deprecated address parameter - if [ -z "$OCF_RESKEY_ip" ] && [ -n "$OCF_RESKEY_address" ]; then + if [ -z "$OCF_RESKEY_ip" ] && [ -n "$OCF_RESKEY_address" ]; then OCF_RESKEY_ip="$OCF_RESKEY_address" fi } ec2ip_validate() { - for cmd in aws ip curl; do + for cmd in $OCF_RESKEY_awscli ip curl; do check_binary "$cmd" done @@ -162,7 +215,8 @@ return $OCF_ERR_CONFIGURED fi - EC2_INSTANCE_ID="$(curl -s http://169.254.169.254/latest/meta-data/instance-id)" + TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") + EC2_INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token: $TOKEN") if [ -z "${EC2_INSTANCE_ID}" ]; then ocf_exit_reason "Instance ID not found. Is this a EC2 instance?" @@ -173,20 +227,33 @@ } ec2ip_monitor() { - MON_RES="" + MON_RES="" + if [ "${OCF_RESKEY_lookup_type}" = "NetworkInterfaceId" ]; then + EC2_ID="$(ec2ip_get_instance_eni)" + RESOURCE_TYPE="interface" + else + EC2_ID="$EC2_INSTANCE_ID" + RESOURCE_TYPE="instance" + fi + if ocf_is_true ${OCF_RESKEY_monapi} || [ "$__OCF_ACTION" = "start" ] || ocf_is_probe; then for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do ocf_log info "monitor: check routing table (API call) - $rtb" - cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].InstanceId" - ocf_log debug "executing command: $cmd" - ROUTE_TO_INSTANCE="$($cmd)" + if [ -z "${OCF_RESKEY_routing_table_role}" ]; then + cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type" + ocf_log debug "executing command: $cmd" + ROUTE_TO_INSTANCE="$($cmd)" + else + cmd="$OCF_RESKEY_awscli $region_opt --output text ec2 describe-route-tables --route-table-ids $rtb --query RouteTables[*].Routes[?DestinationCidrBlock=='$OCF_RESKEY_ip/32'].$OCF_RESKEY_lookup_type" + ROUTE_TO_INSTANCE="$(execute_cmd_as_role "$cmd" $OCF_RESKEY_routing_table_role)" + fi ocf_log debug "Overlay IP is currently routed to ${ROUTE_TO_INSTANCE}" if [ -z "$ROUTE_TO_INSTANCE" ]; then ROUTE_TO_INSTANCE="<unknown>" fi - if [ "$EC2_INSTANCE_ID" != "$ROUTE_TO_INSTANCE" ]; then - ocf_log warn "not routed to this instance ($EC2_INSTANCE_ID) but to instance $ROUTE_TO_INSTANCE on $rtb" + if [ "$EC2_ID" != "$ROUTE_TO_INSTANCE" ]; then + ocf_log warn "not routed to this $RESOURCE_TYPE ($EC2_ID) but to $RESOURCE_TYPE $ROUTE_TO_INSTANCE on $rtb" MON_RES="$MON_RES $rtb" fi sleep 1 @@ -204,7 +271,13 @@ ocf_log debug "executing command: $cmd" RESULT=$($cmd | grep "$OCF_RESKEY_ip") if [ -z "$RESULT" ]; then - ocf_log warn "IP $OCF_RESKEY_ip not assigned to running interface" + if [ "$__OCF_ACTION" = "monitor" ] && ! ocf_is_probe; then + level="error" + else + level="info" + fi + + ocf_log "$level" "IP $OCF_RESKEY_ip not assigned to running interface" return $OCF_NOT_RUNNING fi @@ -216,17 +289,32 @@ ec2ip_drop() { cmd="ip addr delete ${OCF_RESKEY_ip}/32 dev $OCF_RESKEY_interface" ocf_log debug "executing command: $cmd" - $cmd + output=$($cmd 2>&1) rc=$? + if [ "$rc" -gt 0 ]; then - ocf_log warn "command failed, rc $rc" + if [ "$__OCF_ACTION" = "start" ]; then + # expected to fail during start + level="debug" + else + level="warn" + fi + + ocf_log "$level" "command failed, rc $rc" + ocf_log "$level" "output/error: $output" return $OCF_ERR_GENERIC + else + ocf_log debug "output/error: $output" fi + # delete remaining route-entries if any + ip route show to exact ${OCF_RESKEY_ip}/32 dev $OCF_RESKEY_interface | xargs -r ip route delete + ip route show table local to exact ${OCF_RESKEY_ip}/32 dev $OCF_RESKEY_interface | xargs -r ip route delete + return $OCF_SUCCESS } -ec2ip_get_and_configure() { +ec2ip_get_instance_eni() { MAC_FILE="/sys/class/net/${OCF_RESKEY_interface}/address" if [ -f $MAC_FILE ]; then cmd="cat ${MAC_FILE}" @@ -242,7 +330,7 @@ fi ocf_log debug "MAC address associated with interface ${OCF_RESKEY_interface}: ${MAC_ADDR}" - cmd="curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id" + cmd="curl -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/${MAC_ADDR}/interface-id -H \"X-aws-ec2-metadata-token: $TOKEN\"" ocf_log debug "executing command: $cmd" EC2_NETWORK_INTERFACE_ID="$(eval $cmd)" rc=$? @@ -251,11 +339,20 @@ return $OCF_ERR_GENERIC fi ocf_log debug "network interface id associated MAC address ${MAC_ADDR}: ${EC2_NETWORK_INTERFACE_ID}" + echo $EC2_NETWORK_INTERFACE_ID +} +ec2ip_get_and_configure() { + EC2_NETWORK_INTERFACE_ID="$(ec2ip_get_instance_eni)" for rtb in $(echo $OCF_RESKEY_routing_table | sed -e 's/,/ /g'); do - cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID" - ocf_log debug "executing command: $cmd" - $cmd + if [ -z "${OCF_RESKEY_routing_table_role}" ]; then + cmd="$OCF_RESKEY_awscli --profile $OCF_RESKEY_profile $region_opt --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID" + ocf_log debug "executing command: $cmd" + $cmd + else + cmd="$OCF_RESKEY_awscli $region_opt --output text ec2 replace-route --route-table-id $rtb --destination-cidr-block ${OCF_RESKEY_ip}/32 --network-interface-id $EC2_NETWORK_INTERFACE_ID" + update_response="$(execute_cmd_as_role "$cmd" $OCF_RESKEY_routing_table_role)" + fi rc=$? if [ "$rc" != 0 ]; then ocf_log warn "command failed, rc: $rc" @@ -363,7 +460,7 @@ ec2ip_monitor;; validate-all) exit $?;; - *) + *) echo $USAGE exit $OCF_ERR_UNIMPLEMENTED ;; diff -ru resource-agents-4.4.0+git57.70549516-orig/heartbeat/aws-vpc-route53.in resource-agents-4.4.0+git57.70549516/heartbeat/aws-vpc-route53.in --- resource-agents-4.4.0+git57.70549516-orig/heartbeat/aws-vpc-route53.in 2020-02-24 12:23:11.000000000 +0100 +++ resource-agents-4.4.0+git57.70549516/heartbeat/aws-vpc-route53.in 2021-06-16 13:51:04.398673003 +0200 @@ -37,18 +37,34 @@ # # Mar. 15, 2017, vers 1.0.2 + ####################################################################### # Initialization: : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs +# Defaults +OCF_RESKEY_awscli_default="/usr/bin/aws" +OCF_RESKEY_profile_default="default" +OCF_RESKEY_hostedzoneid_default="" +OCF_RESKEY_fullname_default="" +OCF_RESKEY_ip_default="local" OCF_RESKEY_ttl_default=10 +: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} +: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}} +: ${OCF_RESKEY_hostedzoneid:=${OCF_RESKEY_hostedzoneid_default}} +: ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}} +: ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}} : ${OCF_RESKEY_ttl:=${OCF_RESKEY_ttl_default}} +####################################################################### + +AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10" ####################################################################### + usage() { cat <<-EOT usage: $0 {start|stop|status|monitor|validate-all|meta-data} @@ -97,15 +113,44 @@ meta target-role=Started </longdesc> <shortdesc lang="en">Update Route53 VPC record for AWS EC2</shortdesc> + <parameters> +<parameter name="awscli"> +<longdesc lang="en"> +Path to command line tools for AWS +</longdesc> +<shortdesc lang="en">Path to AWS CLI tools</shortdesc> +<content type="string" default="${OCF_RESKEY_awscli_default}" /> +</parameter> + +<parameter name="profile"> +<longdesc lang="en"> +The name of the AWS CLI profile of the root account. This +profile will have to use the "text" format for CLI output. +The file /root/.aws/config should have an entry which looks +like: + + [profile cluster] + region = us-east-1 + output = text + +"cluster" is the name which has to be used in the cluster +configuration. The region has to be the current one. The +output has to be "text". +</longdesc> +<shortdesc lang="en">AWS Profile Name</shortdesc> +<content type="string" default="${OCF_RESKEY_profile_default}" /> +</parameter> + <parameter name="hostedzoneid" required="1"> <longdesc lang="en"> Hosted zone ID of Route 53. This is the table of the Route 53 record. </longdesc> <shortdesc lang="en">AWS hosted zone ID</shortdesc> -<content type="string" default="" /> +<content type="string" default="${OCF_RESKEY_hostedzoneid_default}" /> </parameter> + <parameter name="fullname" required="1"> <longdesc lang="en"> The full name of the service which will host the IP address. @@ -113,8 +158,19 @@ Note: The trailing dot is important to Route53! </longdesc> <shortdesc lang="en">Full service name</shortdesc> -<content type="string" default="" /> +<content type="string" default="${OCF_RESKEY_fullname_default}" /> +</parameter> + +<parameter name="ip" required="0"> +<longdesc lang="en"> +IP (local (default), public or secondary private IP address (e.g. 10.0.0.1). + +A secondary private IP can be setup with the awsvip agent. +</longdesc> +<shortdesc lang="en">Type of IP or secondary private IP address (local, public or e.g. 10.0.0.1)</shortdesc> +<content type="string" default="${OCF_RESKEY_ip_default}" /> </parameter> + <parameter name="ttl" required="0"> <longdesc lang="en"> Time to live for Route53 ARECORD @@ -122,25 +178,8 @@ <shortdesc lang="en">ARECORD TTL</shortdesc> <content type="string" default="${OCF_RESKEY_ttl_default}" /> </parameter> -<parameter name="profile" required="1"> -<longdesc lang="en"> -The name of the AWS CLI profile of the root account. This -profile will have to use the "text" format for CLI output. -The file /root/.aws/config should have an entry which looks -like: - - [profile cluster] - region = us-east-1 - output = text - -"cluster" is the name which has to be used in the cluster -configuration. The region has to be the current one. The -output has to be "text". -</longdesc> -<shortdesc lang="en">AWS Profile Name</shortdesc> -<content type="string" default="" /> -</parameter> </parameters> + <actions> <action name="start" timeout="180s" /> <action name="stop" timeout="180s" /> @@ -167,6 +206,15 @@ # Hosted Zone ID [[ -z "$OCF_RESKEY_hostedzoneid" ]] && ocf_log error "Hosted Zone ID parameter not set $OCF_RESKEY_hostedzoneid!" && exit $OCF_ERR_CONFIGURED + # Type of IP/secondary IP address + case $OCF_RESKEY_ip in + local|public|*.*.*.*) + ;; + *) + ocf_exit_reason "Invalid value for ip: ${OCF_RESKEY_ip}" + exit $OCF_ERR_CONFIGURED + esac + # profile [[ -z "$OCF_RESKEY_profile" ]] && ocf_log error "AWS CLI profile not set $OCF_RESKEY_profile!" && exit $OCF_ERR_CONFIGURED @@ -174,25 +222,44 @@ [[ -z "$OCF_RESKEY_ttl" ]] && ocf_log error "TTL not set $OCF_RESKEY_ttl!" && exit $OCF_ERR_CONFIGURED ocf_log debug "Testing aws command" - aws --version 2>&1 + $OCF_RESKEY_awscli --version 2>&1 if [ "$?" -gt 0 ]; then ocf_log error "Error while executing aws command as user root! Please check if AWS CLI tools (Python flavor) are properly installed and configured." && exit $OCF_ERR_INSTALLED fi ocf_log debug "ok" - if [ -n "$OCF_RESKEY_profile" ]; then - AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10" - else - AWS_PROFILE_OPT="--profile default --cli-connect-timeout 10" + return $OCF_SUCCESS +} + +r53_start() { + # + # Start agent and config DNS in Route53 + # + ocf_log info "Starting Route53 DNS update...." + _get_ip + r53_monitor + if [ $? != $OCF_SUCCESS ]; then + ocf_log info "Could not start agent - check configurations" + return $OCF_ERR_GENERIC fi + return $OCF_SUCCESS +} +r53_stop() { + # + # Stop operation doesn't perform any API call or try to remove the DNS record + # this mostly because this is not necessarily mandatory or desired + # the start and monitor functions will take care of changing the DNS record + # if the agent starts in a different cluster node + # + ocf_log info "Bringing down Route53 agent. (Will NOT remove Route53 DNS record)" return $OCF_SUCCESS } r53_monitor() { # # For every start action the agent will call Route53 API to check for DNS record - # otherwise it will try to get results directly bu querying the DNS using "dig". + # otherwise it will try to get results directly by querying the DNS using "dig". # Due to complexity in some DNS architectures "dig" can fail, and if this happens # the monitor will fallback to the Route53 API call. # @@ -208,11 +275,11 @@ r53_validate ocf_log debug "Checking Route53 record sets" # - IPADDRESS="$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)" + _get_ip # if [ "$__OCF_ACTION" = "start" ] || ocf_is_probe ; then # - cmd="aws $AWS_PROFILE_OPT route53 list-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --query ResourceRecordSets[?Name=='$OCF_RESKEY_fullname']" + cmd="$OCF_RESKEY_awscli $AWS_PROFILE_OPT route53 list-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --query ResourceRecordSets[?Name=='$OCF_RESKEY_fullname']" ocf_log info "Route53 Agent Starting or probing - executing monitoring API call: $cmd" CLIRES="$($cmd 2>&1)" rc=$? @@ -244,7 +311,7 @@ # if [[ ! $ARECORD =~ $IPREGEX ]] || [ $rc -ne 0 ]; then ocf_log info "Fallback to Route53 API query due to DNS resolution failure" - cmd="aws $AWS_PROFILE_OPT route53 list-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --query ResourceRecordSets[?Name=='$OCF_RESKEY_fullname']" + cmd="$OCF_RESKEY_awscli $AWS_PROFILE_OPT route53 list-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --query ResourceRecordSets[?Name=='$OCF_RESKEY_fullname']" ocf_log debug "executing monitoring API call: $cmd" CLIRES="$($cmd 2>&1)" rc=$? @@ -277,6 +344,16 @@ return $OCF_SUCCESS } +_get_ip() { + case $OCF_RESKEY_ip in + local|public) + TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") + IPADDRESS=$(curl -s http://169.254.169.254/latest/meta-data/${OCF_RESKEY_ip}-ipv4 -H "X-aws-ec2-metadata-token: $TOKEN");; + *.*.*.*) + IPADDRESS="${OCF_RESKEY_ip}";; + esac +} + _update_record() { # # This function is the one that will actually execute Route53's API call @@ -314,7 +391,7 @@ ] } EOF - cmd="aws --profile $OCF_RESKEY_profile route53 change-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --change-batch file://$ROUTE53RECORD " + cmd="$OCF_RESKEY_awscli $AWS_PROFILE_OPT route53 change-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --change-batch file://$ROUTE53RECORD " ocf_log debug "Executing command: $cmd" CLIRES="$($cmd 2>&1)" rc=$? @@ -334,36 +411,11 @@ MYSECONDS=20 while [ "$STATUS" = 'PENDING' ]; do sleep $MYSECONDS - STATUS="$(aws --profile $OCF_RESKEY_profile route53 get-change --id $CHANGEID | grep CHANGEINFO | awk -F'\t' '{ print $4 }' |cut -d'"' -f 2 )" + STATUS="$($OCF_RESKEY_awscli $AWS_PROFILE_OPT route53 get-change --id $CHANGEID | grep CHANGEINFO | awk -F'\t' '{ print $4 }' |cut -d'"' -f 2 )" ocf_log debug "Waited for $MYSECONDS seconds and checked execution of Route 53 update status: $STATUS " done } -r53_stop() { - # - # Stop operation doesn't perform any API call or try to remove the DNS record - # this mostly because this is not necessarily mandatory or desired - # the start and monitor functions will take care of changing the DNS record - # if the agent starts in a different cluster node - # - ocf_log info "Bringing down Route53 agent. (Will NOT remove Route53 DNS record)" - return $OCF_SUCCESS -} - -r53_start() { - # - # Start agent and config DNS in Route53 - # - ocf_log info "Starting Route53 DNS update...." - IPADDRESS="$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)" - r53_monitor - if [ $? != $OCF_SUCCESS ]; then - ocf_log info "Could not start agent - check configurations" - return $OCF_ERR_GENERIC - fi - return $OCF_SUCCESS -} - ############################################################################### case $__OCF_ACTION in @@ -375,20 +427,23 @@ metadata exit $OCF_SUCCESS ;; - monitor) - r53_monitor + start) + r53_validate || exit $? + r53_start ;; stop) r53_stop ;; + monitor) + r53_monitor + ;; validate-all) r53_validate ;; - start) - r53_start - ;; *) usage exit $OCF_ERR_UNIMPLEMENTED ;; esac + +exit $?
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor