Merge "Add cert-alarm service"
This commit is contained in:
commit
8996768fb2
|
@ -16,6 +16,9 @@ storageconfig
|
|||
# cert-mon
|
||||
cert-mon
|
||||
|
||||
# cert-alarm
|
||||
cert-alarm
|
||||
|
||||
# cgts-client
|
||||
cgts-client
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@ workerconfig
|
|||
controllerconfig
|
||||
storageconfig
|
||||
sysinv/cert-mon
|
||||
sysinv/cert-alarm
|
||||
sysinv/cgts-client
|
||||
sysinv/sysinv-agent
|
||||
sysinv/sysinv-fpga-agent
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
SRC_DIR="files"
|
||||
TIS_PATCH_VER=PKG_GITREVCOUNT
|
|
@ -0,0 +1,50 @@
|
|||
Summary: StarlingX Certificate Alarm Package
|
||||
Name: cert-alarm
|
||||
Version: 1.0
|
||||
Release: %{tis_patch_ver}%{?_tis_dist}
|
||||
License: Apache-2.0
|
||||
Group: base
|
||||
Packager: Wind River <info@windriver.com>
|
||||
URL: unknown
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
|
||||
BuildArch: noarch
|
||||
BuildRequires: systemd-devel
|
||||
|
||||
%define ocf_resourced /usr/lib/ocf/resource.d
|
||||
|
||||
%description
|
||||
StarlingX Certificate Alarm Package
|
||||
|
||||
%define local_etc_initd /etc/init.d/
|
||||
|
||||
%define debug_package %{nil}
|
||||
|
||||
%prep
|
||||
%setup
|
||||
|
||||
%build
|
||||
|
||||
%install
|
||||
install -m 755 -p -D cert-alarm %{buildroot}/usr/lib/ocf/resource.d/platform/cert-alarm
|
||||
install -m 644 -p -D cert-alarm.service %{buildroot}%{_unitdir}/cert-alarm.service
|
||||
install -m 644 -p -D cert-alarm.syslog %{buildroot}%{_sysconfdir}/syslog-ng/conf.d/cert-alarm.conf
|
||||
install -m 644 -p -D cert-alarm.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/cert-alarm.conf
|
||||
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%doc LICENSE
|
||||
|
||||
# SM OCF Start/Stop/Monitor Scripts
|
||||
%{ocf_resourced}/platform/cert-alarm
|
||||
|
||||
# systemctl service files
|
||||
%{_unitdir}/cert-alarm.service
|
||||
|
||||
# logfile config files
|
||||
%{_sysconfdir}/syslog-ng/conf.d/cert-alarm.conf
|
||||
%{_sysconfdir}/logrotate.d/cert-alarm.conf
|
|
@ -0,0 +1,202 @@
|
|||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
|
@ -0,0 +1,374 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (c) 2021 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
#
|
||||
# Support: www.windriver.com
|
||||
#
|
||||
#######################################################################
|
||||
# Initialization:
|
||||
|
||||
: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
|
||||
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
|
||||
|
||||
binname="cert-alarm"
|
||||
|
||||
#######################################################################
|
||||
|
||||
# Fill in some defaults if no values are specified
|
||||
OCF_RESKEY_binary_default=${binname}
|
||||
OCF_RESKEY_dbg_default="false"
|
||||
OCF_RESKEY_user_default="root"
|
||||
OCF_RESKEY_pid_default="/var/run/${binname}.pid"
|
||||
OCF_RESKEY_config_default="/etc/sysinv/cert-alarm.conf"
|
||||
|
||||
: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}}
|
||||
: ${OCF_RESKEY_dbg=${OCF_RESKEY_dbg_default}}
|
||||
: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}}
|
||||
: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}}
|
||||
: ${OCF_RESKEY_config=${OCF_RESKEY_config_default}}
|
||||
: ${OCF_RESKEY_client_binary=${OCF_RESKEY_client_binary_default}}
|
||||
|
||||
mydaemon="/usr/bin/${OCF_RESKEY_binary}"
|
||||
TMP_DIR=/var/run/cert-alarm_tmp
|
||||
|
||||
#######################################################################
|
||||
|
||||
usage() {
|
||||
cat <<UEND
|
||||
|
||||
usage: $0 (start|stop|status|reload|monitor|validate-all|meta-data)
|
||||
|
||||
$0 manages the Platform's System Certificate Alarm (cert-alarm) process as an HA resource
|
||||
|
||||
The 'start' ..... operation starts the cert-alarm service in the active state.
|
||||
The 'stop' ...... operation stops the cert-alarm service.
|
||||
The 'reload' .... operation stops and then starts the cert-alarm service.
|
||||
The 'status' .... operation checks the status of the cert-alarm service.
|
||||
The 'monitor' .... operation indicates the in-service status of the cert-alarm service.
|
||||
The 'validate-all' operation reports whether the parameters are valid.
|
||||
The 'meta-data' .. operation reports the cert-alarm's meta-data information.
|
||||
|
||||
UEND
|
||||
}
|
||||
|
||||
#######################################################################
|
||||
|
||||
meta_data() {
|
||||
if [ ${OCF_RESKEY_dbg} = "true" ] ; then
|
||||
ocf_log info "${binname}:meta_data"
|
||||
fi
|
||||
|
||||
cat <<END
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
|
||||
<resource-agent name="cert-alarm">
|
||||
<version>1.0</version>
|
||||
|
||||
<longdesc lang="en">
|
||||
This 'cert-alarm' is an OCF Compliant Resource Agent that manages start, stop
|
||||
and in-service monitoring of the Certificate Alarm Process
|
||||
</longdesc>
|
||||
|
||||
<shortdesc lang="en">
|
||||
Manages the Certificate Alarm (cert-alarm) process
|
||||
</shortdesc>
|
||||
|
||||
|
||||
<parameters>
|
||||
|
||||
<parameter name="dbg" unique="0" required="0">
|
||||
<longdesc lang="en">
|
||||
dbg = false ... info, warn and err logs sent to output stream (default)
|
||||
dbg = true ... Additional debug logs are also sent to the output stream
|
||||
</longdesc>
|
||||
<shortdesc lang="en">Service Debug Control Option</shortdesc>
|
||||
<content type="boolean" default="${OCF_RESKEY_dbg_default}"/>
|
||||
</parameter>
|
||||
|
||||
<parameter name="user" unique="0" required="0">
|
||||
<longdesc lang="en">
|
||||
User running Certificate Alarm Service (cert-alarm)
|
||||
</longdesc>
|
||||
<shortdesc lang="en">Certificate Alarm Service (cert-alarm) user</shortdesc>
|
||||
<content type="string" default="${OCF_RESKEY_user_default}" />
|
||||
</parameter>
|
||||
|
||||
</parameters>
|
||||
|
||||
|
||||
<actions>
|
||||
<action name="start" timeout="10s" />
|
||||
<action name="stop" timeout="10s" />
|
||||
<action name="monitor" timeout="10s" interval="10m" />
|
||||
<action name="meta-data" timeout="10s" />
|
||||
<action name="validate-all" timeout="10s" />
|
||||
</actions>
|
||||
</resource-agent>
|
||||
END
|
||||
return ${OCF_SUCCESS}
|
||||
}
|
||||
|
||||
cert_alarm_tmpdir() {
|
||||
local rc
|
||||
|
||||
if [ ! -d "$TMP_DIR" ]; then
|
||||
mkdir -p "$TMP_DIR"
|
||||
rc=$?
|
||||
if [ $rc -ne 0 ]; then
|
||||
ocf_log err "Certificate Monitor Service (${OCF_RESKEY_binary}) failed to create temp dir (rc=${rc})"
|
||||
return "${OCF_ERR_GENERIC}"
|
||||
fi
|
||||
chown "${OCF_RESKEY_user_default}:${OCF_RESKEY_user_default}" "$TMP_DIR"
|
||||
fi
|
||||
export TMPDIR="$TMP_DIR"
|
||||
return "${OCF_SUCCESS}"
|
||||
}
|
||||
|
||||
cert_alarm_validate() {
|
||||
|
||||
local rc
|
||||
|
||||
proc="${binname}:validate"
|
||||
if [ ${OCF_RESKEY_dbg} = "true" ] ; then
|
||||
ocf_log info "${proc}"
|
||||
fi
|
||||
|
||||
check_binary ${OCF_RESKEY_binary}
|
||||
|
||||
if [ ! -f ${OCF_RESKEY_config} ] ; then
|
||||
ocf_log err "${OCF_RESKEY_binary} ini file missing (${OCF_RESKEY_config})"
|
||||
return ${OCF_ERR_CONFIGURED}
|
||||
fi
|
||||
|
||||
getent passwd $OCF_RESKEY_user >/dev/null 2>&1
|
||||
rc=$?
|
||||
if [ $rc -ne 0 ]; then
|
||||
ocf_log err "User $OCF_RESKEY_user doesn't exist"
|
||||
return ${OCF_ERR_CONFIGURED}
|
||||
fi
|
||||
|
||||
return ${OCF_SUCCESS}
|
||||
}
|
||||
|
||||
cert_alarm_status() {
|
||||
local pid
|
||||
local rc
|
||||
|
||||
proc="${binname}:status"
|
||||
if [ ${OCF_RESKEY_dbg} = "true" ] ; then
|
||||
ocf_log info "${proc}"
|
||||
fi
|
||||
|
||||
if [ ! -f $OCF_RESKEY_pid ]; then
|
||||
ocf_log info "${binname}:Certificate Alarm (cert-alarm) is not running"
|
||||
return $OCF_NOT_RUNNING
|
||||
else
|
||||
pid=`cat $OCF_RESKEY_pid`
|
||||
fi
|
||||
|
||||
ocf_run -warn kill -s 0 $pid
|
||||
rc=$?
|
||||
if [ $rc -eq 0 ]; then
|
||||
return $OCF_SUCCESS
|
||||
else
|
||||
ocf_log info "${binname}:Old PID file found, but Certificate Alarm Service (cert-alarm) is not running"
|
||||
rm -f $OCF_RESKEY_pid
|
||||
return $OCF_NOT_RUNNING
|
||||
fi
|
||||
}
|
||||
|
||||
cert_alarm_monitor () {
|
||||
local rc
|
||||
|
||||
cert_alarm_status
|
||||
rc=$?
|
||||
# If status returned anything but success, return that immediately
|
||||
if [ $rc -ne $OCF_SUCCESS ]; then
|
||||
return $rc
|
||||
fi
|
||||
|
||||
ocf_log debug "Certificate Alarm Service (cert-alarm) monitor succeeded"
|
||||
|
||||
return $OCF_SUCCESS
|
||||
}
|
||||
|
||||
cert_alarm_start () {
|
||||
local rc
|
||||
|
||||
cert_alarm_status
|
||||
rc=$?
|
||||
if [ $rc -ne ${OCF_SUCCESS} ] ; then
|
||||
ocf_log err "${proc} ping test failed (rc=${rc})"
|
||||
cert_alarm_stop
|
||||
else
|
||||
return ${OCF_SUCCESS}
|
||||
fi
|
||||
|
||||
if [ ${OCF_RESKEY_dbg} = "true" ] ; then
|
||||
RUN_OPT_DEBUG="--debug"
|
||||
else
|
||||
RUN_OPT_DEBUG=""
|
||||
fi
|
||||
|
||||
su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} --config-file=${OCF_RESKEY_config} ${RUN_OPT_DEBUG}"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid
|
||||
rc=$?
|
||||
if [ ${rc} -ne ${OCF_SUCCESS} ] ; then
|
||||
ocf_log err "${proc} failed ${mydaemon} daemon (rc=$rc)"
|
||||
return ${OCF_ERR_GENERIC}
|
||||
else
|
||||
if [ -f ${OCF_RESKEY_pid} ] ; then
|
||||
pid=`cat ${OCF_RESKEY_pid}`
|
||||
ocf_log info "${proc} running with pid ${pid}"
|
||||
else
|
||||
ocf_log info "${proc} with no pid file"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Record success or failure and return status
|
||||
if [ ${rc} -eq $OCF_SUCCESS ] ; then
|
||||
ocf_log info "Certificate Alarm Service (${OCF_RESKEY_binary}) started (pid=${pid})"
|
||||
else
|
||||
ocf_log err "Certificate Alarm (${OCF_RESKEY_binary}) failed to start (rc=${rc})"
|
||||
rc=${OCF_NOT_RUNNING}
|
||||
fi
|
||||
|
||||
return ${rc}
|
||||
}
|
||||
|
||||
cert_alarm_confirm_stop() {
|
||||
local my_bin
|
||||
local my_processes
|
||||
|
||||
my_binary=`which ${OCF_RESKEY_binary}`
|
||||
my_processes=`pgrep -l -f "^(python|/usr/bin/python|/usr/bin/python2|/usr/bin/python3) ${my_binary}([^\w-]|$)"`
|
||||
|
||||
if [ -n "${my_processes}" ]
|
||||
then
|
||||
ocf_log info "About to SIGKILL the following: ${my_processes}"
|
||||
pkill -KILL -f "^(python|/usr/bin/python|/usr/bin/python2|/usr/bin/python3) ${my_binary}([^\w-]|$)"
|
||||
fi
|
||||
}
|
||||
|
||||
cert_alarm_stop () {
|
||||
local rc
|
||||
local pid
|
||||
|
||||
cert_alarm_status
|
||||
rc=$?
|
||||
if [ $rc -eq $OCF_NOT_RUNNING ]; then
|
||||
ocf_log info "${proc} Certificate Alarm (cert-alarm) already stopped"
|
||||
cert_alarm_confirm_stop
|
||||
return ${OCF_SUCCESS}
|
||||
fi
|
||||
|
||||
# Try SIGTERM
|
||||
pid=`cat $OCF_RESKEY_pid`
|
||||
ocf_run kill -s TERM $pid
|
||||
rc=$?
|
||||
if [ $rc -ne 0 ]; then
|
||||
ocf_log err "${proc} Certificate Alarm (cert-alarm) couldn't be stopped"
|
||||
cert_alarm_confirm_stop
|
||||
exit $OCF_ERR_GENERIC
|
||||
fi
|
||||
|
||||
# stop waiting
|
||||
shutdown_timeout=15
|
||||
if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then
|
||||
shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-5))
|
||||
fi
|
||||
count=0
|
||||
while [ $count -lt $shutdown_timeout ]; do
|
||||
cert_alarm_status
|
||||
rc=$?
|
||||
if [ $rc -eq $OCF_NOT_RUNNING ]; then
|
||||
break
|
||||
fi
|
||||
count=`expr $count + 1`
|
||||
sleep 1
|
||||
ocf_log info "${proc} Certificate Alarm (cert-alarm) still hasn't stopped yet. Waiting ..."
|
||||
done
|
||||
|
||||
cert_alarm_status
|
||||
rc=$?
|
||||
if [ $rc -ne $OCF_NOT_RUNNING ]; then
|
||||
# SIGTERM didn't help either, try SIGKILL
|
||||
ocf_log info "${proc} Certificate Alarm (cert-alarm) failed to stop after ${shutdown_timeout}s using SIGTERM. Trying SIGKILL ..."
|
||||
ocf_run kill -s KILL $pid
|
||||
fi
|
||||
cert_alarm_confirm_stop
|
||||
|
||||
ocf_log info "${proc} Certificate Alarm (cert-alarm) stopped."
|
||||
|
||||
rm -f $OCF_RESKEY_pid
|
||||
|
||||
return $OCF_SUCCESS
|
||||
|
||||
}
|
||||
|
||||
cert_alarm_reload () {
|
||||
local rc
|
||||
|
||||
proc="${binname}:reload"
|
||||
if [ ${OCF_RESKEY_dbg} = "true" ] ; then
|
||||
ocf_log info "${proc}"
|
||||
fi
|
||||
|
||||
cert_alarm_stop
|
||||
rc=$?
|
||||
if [ $rc -eq ${OCF_SUCCESS} ] ; then
|
||||
#sleep 1
|
||||
cert_alarm_start
|
||||
rc=$?
|
||||
if [ $rc -eq ${OCF_SUCCESS} ] ; then
|
||||
ocf_log info "Certificate Alarm (${OCF_RESKEY_binary}) process restarted"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ${rc} -ne ${OCF_SUCCESS} ] ; then
|
||||
ocf_log err "Certificate Alarm (${OCF_RESKEY_binary}) process failed to restart (rc=${rc})"
|
||||
fi
|
||||
|
||||
return ${rc}
|
||||
}
|
||||
|
||||
case ${__OCF_ACTION} in
|
||||
meta-data) meta_data
|
||||
exit ${OCF_SUCCESS}
|
||||
;;
|
||||
usage|help) usage
|
||||
exit ${OCF_SUCCESS}
|
||||
;;
|
||||
esac
|
||||
|
||||
# Anything except meta-data and help must pass validation
|
||||
cert_alarm_validate || exit $?
|
||||
|
||||
# Set up tmpfiles directory to avoid temp files being
|
||||
# cleaned up by systemd tmpfiles clean service.
|
||||
cert_alarm_tmpdir || exit $?
|
||||
|
||||
if [ ${OCF_RESKEY_dbg} = "true" ] ; then
|
||||
ocf_log info "${binname}:${__OCF_ACTION} action"
|
||||
fi
|
||||
|
||||
case ${__OCF_ACTION} in
|
||||
|
||||
start) cert_alarm_start
|
||||
;;
|
||||
stop) cert_alarm_stop
|
||||
;;
|
||||
status) cert_alarm_status
|
||||
;;
|
||||
reload) cert_alarm_reload
|
||||
;;
|
||||
monitor) cert_alarm_monitor
|
||||
;;
|
||||
validate-all) cert_alarm_validate
|
||||
;;
|
||||
*) usage
|
||||
exit ${OCF_ERR_UNIMPLEMENTED}
|
||||
;;
|
||||
esac
|
|
@ -0,0 +1,14 @@
|
|||
/var/log/cert-alarm.log
|
||||
{
|
||||
nodateext
|
||||
size 2M
|
||||
start 1
|
||||
rotate 20
|
||||
missingok
|
||||
notifempty
|
||||
compress
|
||||
sharedscripts
|
||||
postrotate
|
||||
systemctl reload syslog-ng > /dev/null 2>&1 || true
|
||||
endscript
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
[Unit]
|
||||
Description=Certificate Alarm
|
||||
After=network-online.target syslog-ng.service config.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
RemainAfterExit=yes
|
||||
User=root
|
||||
Environment=OCF_ROOT=/usr/lib/ocf
|
||||
ExecStart=/usr/lib/ocf/resource.d/platform/cert-alarm start
|
||||
ExecStop=/usr/lib/ocf/resource.d/platform/cert-alarm stop
|
||||
PIDFile=/var/run/cert-alarm.pid
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,3 @@
|
|||
filter f_certalarm { facility(local6) and program(cert-alarm); };
|
||||
destination d_certalarm { file("/var/log/cert-alarm.log"); };
|
||||
log { source(s_src); filter(f_certalarm); destination(d_certalarm); };
|
|
@ -159,6 +159,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_bindir}/sysinv-helm
|
||||
%{_bindir}/sysinv-utils
|
||||
%{_bindir}/cert-mon
|
||||
%{_bindir}/cert-alarm
|
||||
|
||||
%package wheels
|
||||
Summary: %{name} wheels
|
||||
|
|
|
@ -39,6 +39,7 @@ console_scripts =
|
|||
sysinv-helm = sysinv.cmd.helm:main
|
||||
sysinv-utils = sysinv.cmd.utils:main
|
||||
cert-mon = sysinv.cmd.cert_mon:main
|
||||
cert-alarm = sysinv.cmd.cert_alarm:main
|
||||
sysinv-reset-n3000-fpgas = sysinv.cmd.reset_n3000_fpgas:main
|
||||
|
||||
systemconfig.puppet_plugins =
|
||||
|
@ -68,6 +69,7 @@ systemconfig.puppet_plugins =
|
|||
038_certmon = sysinv.puppet.certmon:CertMonPuppet
|
||||
039_helm = sysinv.puppet.helm:HelmPuppet
|
||||
040_rook = sysinv.puppet.rook:RookPuppet
|
||||
041_certalarm = sysinv.puppet.certalarm:CertAlarmPuppet
|
||||
099_service_parameter = sysinv.puppet.service_parameter:ServiceParamPuppet
|
||||
|
||||
systemconfig.armada.manifest_ops =
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
# Copyright (c) 2021 Wind River Systems, Inc.
|
||||
#
|
||||
# The right to copy, distribute, modify, or otherwise make use
|
||||
# of this software may be licensed only pursuant to the terms
|
||||
# of an applicable Wind River license agreement.
|
||||
#
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
# import oslo_messaging
|
||||
from oslo_service import service
|
||||
# from sysinv.common import constants
|
||||
|
||||
CONF = cfg.CONF
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class CertificateAlarmService(service.Service):
|
||||
"""Lifecycle manager for a running audit service."""
|
||||
|
||||
def __init__(self):
|
||||
super(CertificateAlarmService, self).__init__()
|
|
@ -0,0 +1,54 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# Copyright (c) 2021 Wind River Systems, Inc.
|
||||
#
|
||||
# The right to copy, distribute, modify, or otherwise make use
|
||||
# of this software may be licensed only pursuant to the terms
|
||||
# of an applicable Wind River license agreement.
|
||||
#
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_service import service
|
||||
# from sysinv.cert_alarm import messaging
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
CONF = cfg.CONF
|
||||
|
||||
|
||||
def main():
|
||||
logging.register_options(CONF)
|
||||
CONF(project='sysinv', prog='certalarm')
|
||||
|
||||
common_opts = [
|
||||
cfg.StrOpt('host',
|
||||
default='localhost',
|
||||
help='hostname of the machine')
|
||||
]
|
||||
CONF.register_opts(common_opts)
|
||||
|
||||
logging.set_defaults()
|
||||
logging.setup(cfg.CONF, 'certalarm')
|
||||
# messaging.setup()
|
||||
|
||||
from sysinv.cert_alarm import service as cert_alarm
|
||||
LOG.info("Configuration:")
|
||||
cfg.CONF.log_opt_values(LOG, logging.INFO)
|
||||
|
||||
srv = cert_alarm.CertificateAlarmService()
|
||||
launcher = service.launch(cfg.CONF, srv)
|
||||
|
||||
launcher.wait()
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -0,0 +1,64 @@
|
|||
#
|
||||
# Copyright (c) 2021 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
|
||||
from sysinv.puppet import openstack
|
||||
from sysinv.common import constants
|
||||
|
||||
|
||||
class CertAlarmPuppet(openstack.OpenstackBasePuppet):
|
||||
"""Class to encapsulate puppet operations for sysinv configuration"""
|
||||
SYSINV_SERVICE_NAME = 'sysinv'
|
||||
DC_SERVICE_NAME = 'dcmanager'
|
||||
|
||||
def get_secure_static_config(self):
|
||||
sysinv_kspass = self._get_service_password(self.SYSINV_SERVICE_NAME)
|
||||
dc_kspass = self._get_service_password(self.DC_SERVICE_NAME)
|
||||
return {
|
||||
'sysinv::certalarm::local_keystone_password': sysinv_kspass,
|
||||
'sysinv::certalarm::dc_keystone_password': dc_kspass,
|
||||
}
|
||||
|
||||
def get_system_config(self):
|
||||
sysinv_user = self._get_service_user_name(self.SYSINV_SERVICE_NAME)
|
||||
|
||||
config = {}
|
||||
config.update({
|
||||
# The auth info for local authentication
|
||||
'sysinv::certalarm::local_keystone_auth_uri': self._keystone_auth_uri(),
|
||||
'sysinv::certalarm::local_keystone_identity_uri': self._keystone_identity_uri(),
|
||||
'sysinv::certalarm::local_keystone_project_domain': self._get_service_project_domain_name(),
|
||||
'sysinv::certalarm::local_keystone_tenant': self._get_service_project_name(),
|
||||
'sysinv::certalarm::local_keystone_user': sysinv_user,
|
||||
'sysinv::certalarm::local_keystone_user_domain': self._get_service_user_domain_name(),
|
||||
'sysinv::certalarm::local_region_name': self._keystone_region_name(),
|
||||
})
|
||||
|
||||
if self._distributed_cloud_role() == constants.DISTRIBUTED_CLOUD_ROLE_SYSTEMCONTROLLER:
|
||||
dc_user = self._get_service_user_name(self.DC_SERVICE_NAME),
|
||||
config.update({
|
||||
# The auth info for DC authentication
|
||||
'sysinv::certalarm::dc_keystone_auth_uri': self._keystone_auth_uri(),
|
||||
'sysinv::certalarm::dc_keystone_identity_uri': self._keystone_identity_uri(),
|
||||
'sysinv::certalarm::dc_keystone_project_domain': self._get_service_project_domain_name(),
|
||||
'sysinv::certalarm::dc_keystone_tenant': self._get_service_project_name(),
|
||||
'sysinv::certalarm::dc_keystone_user': dc_user,
|
||||
'sysinv::certalarm::dc_keystone_user_domain': self._get_service_user_domain_name(),
|
||||
'sysinv::certalarm::dc_region_name': self._keystone_region_name(),
|
||||
})
|
||||
|
||||
return config
|
||||
|
||||
def get_public_url(self):
|
||||
# not an openstack service
|
||||
raise NotImplementedError()
|
||||
|
||||
def get_internal_url(self):
|
||||
# not an openstack service
|
||||
raise NotImplementedError()
|
||||
|
||||
def get_admin_url(self):
|
||||
# not an openstack service
|
||||
raise NotImplementedError()
|
Loading…
Reference in New Issue