diff --git a/centos_iso_image.inc b/centos_iso_image.inc index 21449921f5..faca20edf5 100644 --- a/centos_iso_image.inc +++ b/centos_iso_image.inc @@ -16,6 +16,9 @@ storageconfig # cert-mon cert-mon +# cert-alarm +cert-alarm + # cgts-client cgts-client diff --git a/centos_pkg_dirs b/centos_pkg_dirs index 61612ffe5f..771a092138 100644 --- a/centos_pkg_dirs +++ b/centos_pkg_dirs @@ -2,6 +2,7 @@ workerconfig controllerconfig storageconfig sysinv/cert-mon +sysinv/cert-alarm sysinv/cgts-client sysinv/sysinv-agent sysinv/sysinv-fpga-agent diff --git a/sysinv/cert-alarm/centos/build_srpm.data b/sysinv/cert-alarm/centos/build_srpm.data new file mode 100644 index 0000000000..b0740891cf --- /dev/null +++ b/sysinv/cert-alarm/centos/build_srpm.data @@ -0,0 +1,2 @@ +SRC_DIR="files" +TIS_PATCH_VER=PKG_GITREVCOUNT diff --git a/sysinv/cert-alarm/centos/cert-alarm.spec b/sysinv/cert-alarm/centos/cert-alarm.spec new file mode 100644 index 0000000000..31728a0299 --- /dev/null +++ b/sysinv/cert-alarm/centos/cert-alarm.spec @@ -0,0 +1,50 @@ +Summary: StarlingX Certificate Alarm Package +Name: cert-alarm +Version: 1.0 +Release: %{tis_patch_ver}%{?_tis_dist} +License: Apache-2.0 +Group: base +Packager: Wind River +URL: unknown +Source0: %{name}-%{version}.tar.gz + +BuildArch: noarch +BuildRequires: systemd-devel + +%define ocf_resourced /usr/lib/ocf/resource.d + +%description +StarlingX Certificate Alarm Package + +%define local_etc_initd /etc/init.d/ + +%define debug_package %{nil} + +%prep +%setup + +%build + +%install +install -m 755 -p -D cert-alarm %{buildroot}/usr/lib/ocf/resource.d/platform/cert-alarm +install -m 644 -p -D cert-alarm.service %{buildroot}%{_unitdir}/cert-alarm.service +install -m 644 -p -D cert-alarm.syslog %{buildroot}%{_sysconfdir}/syslog-ng/conf.d/cert-alarm.conf +install -m 644 -p -D cert-alarm.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/cert-alarm.conf + + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root,-) +%doc LICENSE + +# SM OCF Start/Stop/Monitor Scripts +%{ocf_resourced}/platform/cert-alarm + +# systemctl service files +%{_unitdir}/cert-alarm.service + +# logfile config files +%{_sysconfdir}/syslog-ng/conf.d/cert-alarm.conf +%{_sysconfdir}/logrotate.d/cert-alarm.conf diff --git a/sysinv/cert-alarm/files/LICENSE b/sysinv/cert-alarm/files/LICENSE new file mode 100644 index 0000000000..d645695673 --- /dev/null +++ b/sysinv/cert-alarm/files/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/sysinv/cert-alarm/files/cert-alarm b/sysinv/cert-alarm/files/cert-alarm new file mode 100644 index 0000000000..384af066f7 --- /dev/null +++ b/sysinv/cert-alarm/files/cert-alarm @@ -0,0 +1,374 @@ +#!/bin/sh +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# +# +# Support: www.windriver.com +# +####################################################################### +# Initialization: + +: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} +. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs + +binname="cert-alarm" + +####################################################################### + +# Fill in some defaults if no values are specified +OCF_RESKEY_binary_default=${binname} +OCF_RESKEY_dbg_default="false" +OCF_RESKEY_user_default="root" +OCF_RESKEY_pid_default="/var/run/${binname}.pid" +OCF_RESKEY_config_default="/etc/sysinv/cert-alarm.conf" + +: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}} +: ${OCF_RESKEY_dbg=${OCF_RESKEY_dbg_default}} +: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}} +: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}} +: ${OCF_RESKEY_config=${OCF_RESKEY_config_default}} +: ${OCF_RESKEY_client_binary=${OCF_RESKEY_client_binary_default}} + +mydaemon="/usr/bin/${OCF_RESKEY_binary}" +TMP_DIR=/var/run/cert-alarm_tmp + +####################################################################### + +usage() { + cat < + + +1.0 + + +This 'cert-alarm' is an OCF Compliant Resource Agent that manages start, stop +and in-service monitoring of the Certificate Alarm Process + + + +Manages the Certificate Alarm (cert-alarm) process + + + + + + + +dbg = false ... info, warn and err logs sent to output stream (default) +dbg = true ... Additional debug logs are also sent to the output stream + +Service Debug Control Option + + + + + +User running Certificate Alarm Service (cert-alarm) + +Certificate Alarm Service (cert-alarm) user + + + + + + + + + + + + + + +END + return ${OCF_SUCCESS} +} + +cert_alarm_tmpdir() { + local rc + + if [ ! -d "$TMP_DIR" ]; then + mkdir -p "$TMP_DIR" + rc=$? + if [ $rc -ne 0 ]; then + ocf_log err "Certificate Monitor Service (${OCF_RESKEY_binary}) failed to create temp dir (rc=${rc})" + return "${OCF_ERR_GENERIC}" + fi + chown "${OCF_RESKEY_user_default}:${OCF_RESKEY_user_default}" "$TMP_DIR" + fi + export TMPDIR="$TMP_DIR" + return "${OCF_SUCCESS}" +} + +cert_alarm_validate() { + + local rc + + proc="${binname}:validate" + if [ ${OCF_RESKEY_dbg} = "true" ] ; then + ocf_log info "${proc}" + fi + + check_binary ${OCF_RESKEY_binary} + + if [ ! -f ${OCF_RESKEY_config} ] ; then + ocf_log err "${OCF_RESKEY_binary} ini file missing (${OCF_RESKEY_config})" + return ${OCF_ERR_CONFIGURED} + fi + + getent passwd $OCF_RESKEY_user >/dev/null 2>&1 + rc=$? + if [ $rc -ne 0 ]; then + ocf_log err "User $OCF_RESKEY_user doesn't exist" + return ${OCF_ERR_CONFIGURED} + fi + + return ${OCF_SUCCESS} +} + +cert_alarm_status() { + local pid + local rc + + proc="${binname}:status" + if [ ${OCF_RESKEY_dbg} = "true" ] ; then + ocf_log info "${proc}" + fi + + if [ ! -f $OCF_RESKEY_pid ]; then + ocf_log info "${binname}:Certificate Alarm (cert-alarm) is not running" + return $OCF_NOT_RUNNING + else + pid=`cat $OCF_RESKEY_pid` + fi + + ocf_run -warn kill -s 0 $pid + rc=$? + if [ $rc -eq 0 ]; then + return $OCF_SUCCESS + else + ocf_log info "${binname}:Old PID file found, but Certificate Alarm Service (cert-alarm) is not running" + rm -f $OCF_RESKEY_pid + return $OCF_NOT_RUNNING + fi +} + +cert_alarm_monitor () { + local rc + + cert_alarm_status + rc=$? + # If status returned anything but success, return that immediately + if [ $rc -ne $OCF_SUCCESS ]; then + return $rc + fi + + ocf_log debug "Certificate Alarm Service (cert-alarm) monitor succeeded" + + return $OCF_SUCCESS +} + +cert_alarm_start () { + local rc + + cert_alarm_status + rc=$? + if [ $rc -ne ${OCF_SUCCESS} ] ; then + ocf_log err "${proc} ping test failed (rc=${rc})" + cert_alarm_stop + else + return ${OCF_SUCCESS} + fi + + if [ ${OCF_RESKEY_dbg} = "true" ] ; then + RUN_OPT_DEBUG="--debug" + else + RUN_OPT_DEBUG="" + fi + + su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} --config-file=${OCF_RESKEY_config} ${RUN_OPT_DEBUG}"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid + rc=$? + if [ ${rc} -ne ${OCF_SUCCESS} ] ; then + ocf_log err "${proc} failed ${mydaemon} daemon (rc=$rc)" + return ${OCF_ERR_GENERIC} + else + if [ -f ${OCF_RESKEY_pid} ] ; then + pid=`cat ${OCF_RESKEY_pid}` + ocf_log info "${proc} running with pid ${pid}" + else + ocf_log info "${proc} with no pid file" + fi + fi + + # Record success or failure and return status + if [ ${rc} -eq $OCF_SUCCESS ] ; then + ocf_log info "Certificate Alarm Service (${OCF_RESKEY_binary}) started (pid=${pid})" + else + ocf_log err "Certificate Alarm (${OCF_RESKEY_binary}) failed to start (rc=${rc})" + rc=${OCF_NOT_RUNNING} + fi + + return ${rc} +} + +cert_alarm_confirm_stop() { + local my_bin + local my_processes + + my_binary=`which ${OCF_RESKEY_binary}` + my_processes=`pgrep -l -f "^(python|/usr/bin/python|/usr/bin/python2|/usr/bin/python3) ${my_binary}([^\w-]|$)"` + + if [ -n "${my_processes}" ] + then + ocf_log info "About to SIGKILL the following: ${my_processes}" + pkill -KILL -f "^(python|/usr/bin/python|/usr/bin/python2|/usr/bin/python3) ${my_binary}([^\w-]|$)" + fi +} + +cert_alarm_stop () { + local rc + local pid + + cert_alarm_status + rc=$? + if [ $rc -eq $OCF_NOT_RUNNING ]; then + ocf_log info "${proc} Certificate Alarm (cert-alarm) already stopped" + cert_alarm_confirm_stop + return ${OCF_SUCCESS} + fi + + # Try SIGTERM + pid=`cat $OCF_RESKEY_pid` + ocf_run kill -s TERM $pid + rc=$? + if [ $rc -ne 0 ]; then + ocf_log err "${proc} Certificate Alarm (cert-alarm) couldn't be stopped" + cert_alarm_confirm_stop + exit $OCF_ERR_GENERIC + fi + + # stop waiting + shutdown_timeout=15 + if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then + shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-5)) + fi + count=0 + while [ $count -lt $shutdown_timeout ]; do + cert_alarm_status + rc=$? + if [ $rc -eq $OCF_NOT_RUNNING ]; then + break + fi + count=`expr $count + 1` + sleep 1 + ocf_log info "${proc} Certificate Alarm (cert-alarm) still hasn't stopped yet. Waiting ..." + done + + cert_alarm_status + rc=$? + if [ $rc -ne $OCF_NOT_RUNNING ]; then + # SIGTERM didn't help either, try SIGKILL + ocf_log info "${proc} Certificate Alarm (cert-alarm) failed to stop after ${shutdown_timeout}s using SIGTERM. Trying SIGKILL ..." + ocf_run kill -s KILL $pid + fi + cert_alarm_confirm_stop + + ocf_log info "${proc} Certificate Alarm (cert-alarm) stopped." + + rm -f $OCF_RESKEY_pid + + return $OCF_SUCCESS + +} + +cert_alarm_reload () { + local rc + + proc="${binname}:reload" + if [ ${OCF_RESKEY_dbg} = "true" ] ; then + ocf_log info "${proc}" + fi + + cert_alarm_stop + rc=$? + if [ $rc -eq ${OCF_SUCCESS} ] ; then + #sleep 1 + cert_alarm_start + rc=$? + if [ $rc -eq ${OCF_SUCCESS} ] ; then + ocf_log info "Certificate Alarm (${OCF_RESKEY_binary}) process restarted" + fi + fi + + if [ ${rc} -ne ${OCF_SUCCESS} ] ; then + ocf_log err "Certificate Alarm (${OCF_RESKEY_binary}) process failed to restart (rc=${rc})" + fi + + return ${rc} +} + +case ${__OCF_ACTION} in + meta-data) meta_data + exit ${OCF_SUCCESS} + ;; + usage|help) usage + exit ${OCF_SUCCESS} + ;; +esac + +# Anything except meta-data and help must pass validation +cert_alarm_validate || exit $? + +# Set up tmpfiles directory to avoid temp files being +# cleaned up by systemd tmpfiles clean service. +cert_alarm_tmpdir || exit $? + +if [ ${OCF_RESKEY_dbg} = "true" ] ; then + ocf_log info "${binname}:${__OCF_ACTION} action" +fi + +case ${__OCF_ACTION} in + + start) cert_alarm_start + ;; + stop) cert_alarm_stop + ;; + status) cert_alarm_status + ;; + reload) cert_alarm_reload + ;; + monitor) cert_alarm_monitor + ;; + validate-all) cert_alarm_validate + ;; + *) usage + exit ${OCF_ERR_UNIMPLEMENTED} + ;; +esac diff --git a/sysinv/cert-alarm/files/cert-alarm.logrotate b/sysinv/cert-alarm/files/cert-alarm.logrotate new file mode 100644 index 0000000000..0d9b0c0559 --- /dev/null +++ b/sysinv/cert-alarm/files/cert-alarm.logrotate @@ -0,0 +1,14 @@ +/var/log/cert-alarm.log +{ + nodateext + size 2M + start 1 + rotate 20 + missingok + notifempty + compress + sharedscripts + postrotate + systemctl reload syslog-ng > /dev/null 2>&1 || true + endscript +} diff --git a/sysinv/cert-alarm/files/cert-alarm.service b/sysinv/cert-alarm/files/cert-alarm.service new file mode 100644 index 0000000000..91ee49cb5e --- /dev/null +++ b/sysinv/cert-alarm/files/cert-alarm.service @@ -0,0 +1,15 @@ +[Unit] +Description=Certificate Alarm +After=network-online.target syslog-ng.service config.service + +[Service] +Type=simple +RemainAfterExit=yes +User=root +Environment=OCF_ROOT=/usr/lib/ocf +ExecStart=/usr/lib/ocf/resource.d/platform/cert-alarm start +ExecStop=/usr/lib/ocf/resource.d/platform/cert-alarm stop +PIDFile=/var/run/cert-alarm.pid + +[Install] +WantedBy=multi-user.target diff --git a/sysinv/cert-alarm/files/cert-alarm.syslog b/sysinv/cert-alarm/files/cert-alarm.syslog new file mode 100644 index 0000000000..d20dc4af69 --- /dev/null +++ b/sysinv/cert-alarm/files/cert-alarm.syslog @@ -0,0 +1,3 @@ +filter f_certalarm { facility(local6) and program(cert-alarm); }; +destination d_certalarm { file("/var/log/cert-alarm.log"); }; +log { source(s_src); filter(f_certalarm); destination(d_certalarm); }; diff --git a/sysinv/sysinv/centos/sysinv.spec b/sysinv/sysinv/centos/sysinv.spec index a8258cdb4d..8ad40be74d 100644 --- a/sysinv/sysinv/centos/sysinv.spec +++ b/sysinv/sysinv/centos/sysinv.spec @@ -159,6 +159,7 @@ rm -rf $RPM_BUILD_ROOT %{_bindir}/sysinv-helm %{_bindir}/sysinv-utils %{_bindir}/cert-mon +%{_bindir}/cert-alarm %package wheels Summary: %{name} wheels diff --git a/sysinv/sysinv/sysinv/setup.cfg b/sysinv/sysinv/sysinv/setup.cfg index fad80d55f1..e1a1cdd35b 100644 --- a/sysinv/sysinv/sysinv/setup.cfg +++ b/sysinv/sysinv/sysinv/setup.cfg @@ -39,6 +39,7 @@ console_scripts = sysinv-helm = sysinv.cmd.helm:main sysinv-utils = sysinv.cmd.utils:main cert-mon = sysinv.cmd.cert_mon:main + cert-alarm = sysinv.cmd.cert_alarm:main sysinv-reset-n3000-fpgas = sysinv.cmd.reset_n3000_fpgas:main systemconfig.puppet_plugins = @@ -68,6 +69,7 @@ systemconfig.puppet_plugins = 038_certmon = sysinv.puppet.certmon:CertMonPuppet 039_helm = sysinv.puppet.helm:HelmPuppet 040_rook = sysinv.puppet.rook:RookPuppet + 041_certalarm = sysinv.puppet.certalarm:CertAlarmPuppet 099_service_parameter = sysinv.puppet.service_parameter:ServiceParamPuppet systemconfig.armada.manifest_ops = diff --git a/sysinv/sysinv/sysinv/sysinv/cert_alarm/__init__.py b/sysinv/sysinv/sysinv/sysinv/cert_alarm/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/sysinv/sysinv/sysinv/sysinv/cert_alarm/service.py b/sysinv/sysinv/sysinv/sysinv/cert_alarm/service.py new file mode 100644 index 0000000000..3453980710 --- /dev/null +++ b/sysinv/sysinv/sysinv/sysinv/cert_alarm/service.py @@ -0,0 +1,34 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# The right to copy, distribute, modify, or otherwise make use +# of this software may be licensed only pursuant to the terms +# of an applicable Wind River license agreement. +# +from oslo_config import cfg +from oslo_log import log as logging +# import oslo_messaging +from oslo_service import service +# from sysinv.common import constants + +CONF = cfg.CONF +LOG = logging.getLogger(__name__) + + +class CertificateAlarmService(service.Service): + """Lifecycle manager for a running audit service.""" + + def __init__(self): + super(CertificateAlarmService, self).__init__() diff --git a/sysinv/sysinv/sysinv/sysinv/cmd/cert_alarm.py b/sysinv/sysinv/sysinv/sysinv/cmd/cert_alarm.py new file mode 100644 index 0000000000..c45fffaea8 --- /dev/null +++ b/sysinv/sysinv/sysinv/sysinv/cmd/cert_alarm.py @@ -0,0 +1,54 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# The right to copy, distribute, modify, or otherwise make use +# of this software may be licensed only pursuant to the terms +# of an applicable Wind River license agreement. +# +from oslo_config import cfg +from oslo_log import log as logging +from oslo_service import service +# from sysinv.cert_alarm import messaging + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +def main(): + logging.register_options(CONF) + CONF(project='sysinv', prog='certalarm') + + common_opts = [ + cfg.StrOpt('host', + default='localhost', + help='hostname of the machine') + ] + CONF.register_opts(common_opts) + + logging.set_defaults() + logging.setup(cfg.CONF, 'certalarm') + # messaging.setup() + + from sysinv.cert_alarm import service as cert_alarm + LOG.info("Configuration:") + cfg.CONF.log_opt_values(LOG, logging.INFO) + + srv = cert_alarm.CertificateAlarmService() + launcher = service.launch(cfg.CONF, srv) + + launcher.wait() + + +if __name__ == '__main__': + main() diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/certalarm.py b/sysinv/sysinv/sysinv/sysinv/puppet/certalarm.py new file mode 100644 index 0000000000..14be4d0c07 --- /dev/null +++ b/sysinv/sysinv/sysinv/sysinv/puppet/certalarm.py @@ -0,0 +1,64 @@ +# +# Copyright (c) 2021 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from sysinv.puppet import openstack +from sysinv.common import constants + + +class CertAlarmPuppet(openstack.OpenstackBasePuppet): + """Class to encapsulate puppet operations for sysinv configuration""" + SYSINV_SERVICE_NAME = 'sysinv' + DC_SERVICE_NAME = 'dcmanager' + + def get_secure_static_config(self): + sysinv_kspass = self._get_service_password(self.SYSINV_SERVICE_NAME) + dc_kspass = self._get_service_password(self.DC_SERVICE_NAME) + return { + 'sysinv::certalarm::local_keystone_password': sysinv_kspass, + 'sysinv::certalarm::dc_keystone_password': dc_kspass, + } + + def get_system_config(self): + sysinv_user = self._get_service_user_name(self.SYSINV_SERVICE_NAME) + + config = {} + config.update({ + # The auth info for local authentication + 'sysinv::certalarm::local_keystone_auth_uri': self._keystone_auth_uri(), + 'sysinv::certalarm::local_keystone_identity_uri': self._keystone_identity_uri(), + 'sysinv::certalarm::local_keystone_project_domain': self._get_service_project_domain_name(), + 'sysinv::certalarm::local_keystone_tenant': self._get_service_project_name(), + 'sysinv::certalarm::local_keystone_user': sysinv_user, + 'sysinv::certalarm::local_keystone_user_domain': self._get_service_user_domain_name(), + 'sysinv::certalarm::local_region_name': self._keystone_region_name(), + }) + + if self._distributed_cloud_role() == constants.DISTRIBUTED_CLOUD_ROLE_SYSTEMCONTROLLER: + dc_user = self._get_service_user_name(self.DC_SERVICE_NAME), + config.update({ + # The auth info for DC authentication + 'sysinv::certalarm::dc_keystone_auth_uri': self._keystone_auth_uri(), + 'sysinv::certalarm::dc_keystone_identity_uri': self._keystone_identity_uri(), + 'sysinv::certalarm::dc_keystone_project_domain': self._get_service_project_domain_name(), + 'sysinv::certalarm::dc_keystone_tenant': self._get_service_project_name(), + 'sysinv::certalarm::dc_keystone_user': dc_user, + 'sysinv::certalarm::dc_keystone_user_domain': self._get_service_user_domain_name(), + 'sysinv::certalarm::dc_region_name': self._keystone_region_name(), + }) + + return config + + def get_public_url(self): + # not an openstack service + raise NotImplementedError() + + def get_internal_url(self): + # not an openstack service + raise NotImplementedError() + + def get_admin_url(self): + # not an openstack service + raise NotImplementedError()