Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
resource-agents.22880
0001-gcp-ilb-resource-wrapping-nc-or-socat-to-r...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-gcp-ilb-resource-wrapping-nc-or-socat-to-respond-to-.patch of Package resource-agents.22880
From a5bfa25158f225a42f51d8e23c31b49c6f281ffd Mon Sep 17 00:00:00 2001 From: Lucia Subatin <24896969+Lsubatin@users.noreply.github.com> Date: Wed, 28 Apr 2021 03:07:37 -0400 Subject: [PATCH 1/1] gcp-ilb: resource wrapping nc or socat to respond to health checks (#1541) * Create gcp-ilb resource This is a wrapper for nc or socat (depending on availability) to reply to health check probes. The only GCP specific piece is the optional default logging using the gcloud CLI. --- heartbeat/gcp-ilb | 343 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 343 insertions(+) create mode 100644 heartbeat/gcp-ilb diff --git a/heartbeat/gcp-ilb b/heartbeat/gcp-ilb new file mode 100644 index 00000000..1ae0b61f --- /dev/null +++ b/heartbeat/gcp-ilb @@ -0,0 +1,343 @@ +#!/bin/sh +# --------------------------------------------------------------------- +# # Copyright 2021 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# Authors: Fatima Silveira, Lucia Subatin +# --------------------------------------------------------------------- +# Description: Wrapper to respond to probe requests from health +# check agents in Google Cloud Platform. Nothing is specific to Google +# Cloud. +# --------------------------------------------------------------------- + + +# Initialization: +: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} +. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs + +# Defaults +OCF_RESKEY_cat_default="socat" +OCF_RESKEY_port_default="60000" +OCF_RESKEY_log_enable_default="false" +OCF_RESKEY_log_cmd_default="gcloud" +OCF_RESKEY_log_params_default="logging write GCPILB" +OCF_RESKEY_log_end_params_default="" + + +if type "socat" > /dev/null 2>&1; then + OCF_RESKEY_cat_default="socat" +else + OCF_RESKEY_cat_default="nc" +fi; + + +: ${OCF_RESKEY_cat=${OCF_RESKEY_cat_default}} +: ${OCF_RESKEY_port=${OCF_RESKEY_port_default}} +: ${OCF_RESKEY_log_enable=${OCF_RESKEY_log_enable_default}} +: ${OCF_RESKEY_log_cmd=${OCF_RESKEY_log_cmd_default}} +: ${OCF_RESKEY_log_params=${OCF_RESKEY_log_params_default}} +: ${OCF_RESKEY_log_end_params=${OCF_RESKEY_log_end_params_default}} + + +process="$OCF_RESOURCE_INSTANCE" +pidfile="/var/run/$OCF_RESOURCE_INSTANCE.pid" + + +#Validate command for logging +if $OCF_RESKEY_log_enable = "true"; then + if type $OCF_RESKEY_log_cmd > /dev/null 2>&1; then + logging_cmd="$OCF_RESKEY_log_cmd $OCF_RESKEY_log_params" + ocf_log debug "Logging command is: \'$logging_cmd\' " + else + $OCF_RESKEY_log_enable = "false" + ocf_log err "\'$logging_cmd\' is invalid. External logging disabled." + + fi; +fi + + +####################################################################### +ilb_metadata() { +cat <<END +<?xml version="1.0"?> +<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd"> +<resource-agent name="gcp-lb"> +<version>1.0</version> +<longdesc lang="en"> + Resource Agent that wraps /usr/bin/nc or /usr/bin/socat to reply to health checks in Google Cloud. + See https://cloud.google.com/load-balancing/docs/health-checks for more information. +</longdesc> + +<shortdesc lang="en">Replies to health checks from Google Cloud</shortdesc> + +<parameters> + <parameter name="port"> + <longdesc lang="en"> + Listening port for health-check probes. Default: ${OCF_RESKEY_port_default} + </longdesc> + <shortdesc lang="en">Listening port (def ${OCF_RESKEY_port_default}) </shortdesc> + <content type="string" default="${OCF_RESKEY_port_default}" /> + </parameter> + + <parameter name="cat"> + <longdesc lang="en"> + Location of netcat (default: /usr/bin/nc ) or socat (default: /usr/bin/socat ). If present, is used /usr/bin/socat. + The recommended binary is socat, present in the following minimum versions if the package resource-agents: + - SLES 12 SP4/SP5: resource-agents-4.3.018.a7fb5035-3.30.1. + - SLES 15/15 SP1: resource-agents-4.3.0184.6ee15eb2-4.13.1. + </longdesc> + <shortdesc lang="en">Path to nc / socat </shortdesc> + <content type="string" default="${OCF_RESKEY_cat_default}" /> + </parameter> + <parameter name="log_enable"> + <longdesc lang="en"> + Logging with an external application is enabled (accepts "true" or "false"). The defaults are configured to call "gcloud logging" (see: https://cloud.google.com/sdk/gcloud/reference/logging). + </longdesc> + <shortdesc lang="en">Log enabled </shortdesc> + <content type="string" default="${OCF_RESKEY_log_enable_default}" /> + </parameter> + <parameter name="log_cmd"> + <longdesc lang="en"> + External logging command. The defaults are configured to call "gcloud logging" (see: https://cloud.google.com/sdk/gcloud/reference/logging). + This parameter should only have the binary that can be validated (e.g., gcloud). The rest of the command is formed with the additional parameters + and the message being logged as follows: + - log_cmd + log_params + "The message being logged" + log_end_params + + Using the gcloud command for Stackdriver logging, the parameters would be: + - log_cmd = gcloud + - log_params = logging write GCPILB + - "This is a message being sent by the app" + - log_end_params = (nothing in this case, this is reserved for use with other tools) + Which would result in this valid command (where GCPILB is the name of the log): + gcloud logging write GCPILB "This is a message being sent by the app" + + NOTE: Only the binary is validated for existence and no further checks are performed. The assumption is that only administrators with root access can configure this tool. + </longdesc> + <shortdesc lang="en">External log command </shortdesc> + <content type="string" default="${OCF_RESKEY_log_cmd_default}" /> + </parameter> + <parameter name="log_params"> + <longdesc lang="en"> + Additional input for the logging application. See explanation for log_cmd + </longdesc> + <shortdesc lang="en">Additional input 1 </shortdesc> + <content type="string" default="${OCF_RESKEY_log_params_default}" /> + </parameter> + <parameter name="log_end_params"> + <longdesc lang="en"> + Additional input for the logging application. Placed after the message being logged. + </longdesc> + <shortdesc lang="en">Additional input 1 </shortdesc> + <content type="string" default="${OCF_RESKEY_log_end_params_default}" /> + </parameter> + +</parameters> + +<actions> + <action name="start" timeout="10s" /> + <action name="stop" timeout="30s" /> + <action name="monitor" depth="0" timeout="30s" interval="30s" /> + <action name="validate-all" timeout="5s" /> + <action name="meta-data" timeout="5s" /> +</actions> +</resource-agent> +END +exit 0 +} + +####################################################################### + +log() { + lvl=$1 + msg=$2 + ocf_log $lvl "$0 - $process - $pid: $msg" + if ocf_is_true "${OCF_RESKEY_log_enable}" ; then + ( ${OCF_RESKEY_log_cmd} ${OCF_RESKEY_log_params} "L $lvl: $msg" ${OCF_RESKEY_log_end_params} ) + fi +} + +getpid() { + if ! [ -f "$pidfile" ] ; then + return + fi + + cat $pidfile +} + +ilb_usage() { + cat <<END +usage: $0 {start|stop|monitor|status|meta-data|validate-all} + +Agent wrapping socat or nc to reply to health probes. +END +} + + + + +ilb_monitor() { + + pid=`getpid` + log debug "pid is $pid" + + if [ -z "$pid" ] ; then + return $OCF_NOT_RUNNING + fi + + if [ -n "$pid" ] && kill -s 0 $pid ; then + log debug "Process is currently running" + return $OCF_SUCCESS + else + log warn "The process is not running but has a pidfile. Removing file" + rm -f $pidfile + return $OCF_NOT_RUNNING + fi + +} + +ilb_start() { + + if ilb_monitor; then + log debug "Process is already running" + return $OCF_SUCCESS + fi + + cmd="$OCF_RESKEY_cat -U TCP-LISTEN:$OCF_RESKEY_port,backlog=10,fork,reuseaddr /dev/null" + + if [ $( basename $OCF_RESKEY_cat ) = 'nc' ]; then + cmd="$OCF_RESKEY_cat -l -k $OCF_RESKEY_port" + fi + + log debug "Starting with \'$cmd\'" + ( ${cmd} ) & pid="$!" + disown + + if [ -n "$pid" ] ; then + log debug "$pid is started" + echo "$pid" > $pidfile + return $OCF_SUCCESS + else + log err "\'$cmd\' could not be started" + return $OCF_ERR_GENERIC + fi + +} + +ilb_stop() { + + if ! ilb_monitor; then + rm -f $pidfile + return $OCF_SUCCESS + fi + + if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then + # Allow 2/3 of the action timeout for the orderly shutdown + # (The origin unit is ms, hence the conversion) + stop_timeout=$((OCF_RESKEY_CRM_meta_timeout/1500)) + else + stop_timeout=10 + fi + + + pid=`getpid` + kill $pid + + i=0 + while [ $i -lt $stop_timeout ]; do + if ! ilb_monitor; then + rm -f $pidfile + return $OCF_SUCCESS + fi + sleep 1 + i=$((i+1)) + done + + log warn "Stop with SIGTERM failed/timed out, now sending SIGKILL." + + i=0 + while [ $i -lt $stop_timeout ]; do + + kill -s 9 $pid + + if ! ilb_monitor; then + log warn "SIGKILL did the job." + rm -f $pidfile + return $OCF_SUCCESS + fi + log info "The job still hasn't stopped yet. Re-trying SIGKILL..." + sleep 2 + i=$((i+2)) + done + + log err "The cat has more than 9 lives and could not be terminated." + return $OCF_ERR_GENERIC + +} + +ilb_validate() { + check_binary "$OCF_RESKEY_cat" + check_binary "$OCF_RESKEY_log_cmd" + + if ! ocf_is_decimal "$OCF_RESKEY_port"; then + ocf_exit_reason "$OCF_RESKEY_port is not a valid port" + exit $OCF_ERR_CONFIGURED + fi + + return $OCF_SUCCESS +} + +############################################################################### +# +# MAIN +# +############################################################################### + +case $__OCF_ACTION in + meta-data) + ilb_metadata + exit $OCF_SUCCESS + ;; + usage|help) + ilb_usage + exit $OCF_SUCCESS + ;; +esac + +if ! ocf_is_root; then + log err "You must be root for $__OCF_ACTION operation." + exit $OCF_ERR_PERM +fi + +case $__OCF_ACTION in + start) + ilb_validate + ilb_start + ;; + stop) + ilb_stop + ;; + monitor) + ilb_monitor + ;; + validate-all) + ilb_validate + ;; + *) + ilb_usage + exit $OCF_ERR_UNIMPLEMENTED + ;; +esac + +rc=$? +log debug "${OCF_RESOURCE_INSTANCE} $__OCF_ACTION returned $rc" + +exit $rc -- 2.26.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor