From 64a1dc0330e2733c266b99e0cd8cfbd72f1f96a1 Mon Sep 17 00:00:00 2001
From: Marek 'marx' Grac <mgrac@redhat.com>
Date: Mon, 27 Sep 2010 09:59:48 +0200
Subject: [PATCH] fence_ifmib: New fence agent for IF-MIB
Fence agent imported from STABLE3
Resolves: rhbz#572863
---
fence/agents/Makefile | 3 +
fence/agents/ifmib/Makefile | 38 ++++++++++
fence/agents/ifmib/README | 45 +++++++++++
fence/agents/ifmib/fence_ifmib.py | 149 +++++++++++++++++++++++++++++++++++++
4 files changed, 235 insertions(+), 0 deletions(-)
create mode 100644 fence/agents/ifmib/Makefile
create mode 100644 fence/agents/ifmib/README
create mode 100644 fence/agents/ifmib/fence_ifmib.py
diff --git a/fence/agents/Makefile b/fence/agents/Makefile
index 3c16fc5..716530c 100644
--- a/fence/agents/Makefile
+++ b/fence/agents/Makefile
@@ -27,6 +27,7 @@ all:
${MAKE} -C drac all
${MAKE} -C egenera all
# ${MAKE} -C ibmblade all
+ ${MAKE} -C ifmib all
${MAKE} -C ilo all
${MAKE} -C ilo_mp all
${MAKE} -C ipmilan all
@@ -61,6 +62,7 @@ install: all
${MAKE} -C drac install
${MAKE} -C egenera install
# ${MAKE} -C ibmblade install
+ ${MAKE} -C ifmib install
${MAKE} -C ilo install
${MAKE} -C ilo_mp install
${MAKE} -C ipmilan install
@@ -95,6 +97,7 @@ clean:
${MAKE} -C drac clean
${MAKE} -C egenera clean
# ${MAKE} -C ibmblade clean
+ ${MAKE} -C ifmib clean
${MAKE} -C ilo clean
${MAKE} -C ilo_mp clean
${MAKE} -C ipmilan clean
diff --git a/fence/agents/ifmib/Makefile b/fence/agents/ifmib/Makefile
new file mode 100644
index 0000000..e564689
--- /dev/null
+++ b/fence/agents/ifmib/Makefile
@@ -0,0 +1,38 @@
+###############################################################################
+###############################################################################
+##
+## Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved.
+## Copyright (C) 2004 Red Hat, Inc. All rights reserved.
+##
+## This copyrighted material is made available to anyone wishing to use,
+## modify, copy, or redistribute it subject to the terms and conditions
+## of the GNU General Public License v.2.
+##
+###############################################################################
+###############################################################################
+
+SOURCE= fence_ifmib.py
+TARGET= fence_ifmib
+
+top_srcdir=../..
+include ${top_srcdir}/make/defines.mk
+
+all: $(TARGET)
+
+fence_ifmib: $(SOURCE)
+ : > $(TARGET)
+ awk "{print}(\$$1 ~ /#BEGIN_VERSION_GENERATION/){exit 0}" $(SOURCE) >> $(TARGET)
+ echo "FENCE_RELEASE_NAME=\"${RELEASE}\";" >> $(TARGET)
+ ${top_srcdir}/scripts/define2var ${top_srcdir}/config/copyright.cf sh REDHAT_COPYRIGHT >> $(TARGET)
+ echo "BUILD_DATE=\"(built `date`)\";" >> $(TARGET)
+ awk -v p=0 "(\$$1 ~ /#END_VERSION_GENERATION/){p = 1} {if(p==1)print}" $(SOURCE) >> $(TARGET)
+ chmod +x $(TARGET)
+
+install: all
+ if [ ! -d ${sbindir} ]; then \
+ install -d ${sbindir}; \
+ fi
+ install -m755 ${TARGET} ${sbindir}
+
+clean:
+ rm -f $(TARGET)
diff --git a/fence/agents/ifmib/README b/fence/agents/ifmib/README
new file mode 100644
index 0000000..cd2a3c1
--- /dev/null
+++ b/fence/agents/ifmib/README
@@ -0,0 +1,45 @@
+Intro:
+------
+This is an SNMP-based fencing agent for RHCS. It was designed with the use-case
+of disabling ethernet ports on an iSCSI SAN, but could be used to disable any
+port on any SNMP v1/2c/3 device that implementes the IF-MIB.
+
+The script requires NetSNMP to be installed and working on all nodes
+in the cluster. There are no requirements for any MIBs to be setup --- all of
+the required OIDs are hard-coded into the script. Since the IF-MIB is an IETF
+standard, these identifiers are very widely supported and will not change.
+
+
+Typical usage:
+--------------
+To use this agen with the switch used on the iSCSI network, you'll require:
+ 1) A managed switch running SNMP.
+ 2) An SNMP community with write privileges.
+ 3) Permission to send SNMP through any ACLs or firewalls from the nodes.
+ 4) The ifIndex or ifPort associated with the ports being used by the cluster nodes.
+
+Consider a three-node cluster composed of A, B, and C. Each node has two
+network interfaces - one used for network and cluster communication, the second
+used for iSCSI traffic. If A needs to be fenced, B and C will run this script
+to administratively disable the switchport for A's connection to the iSCSI
+storage.
+
+If you are using a single interface for cluster and iSCSI traffic, this will
+still work, but you will lose network connectivity to the fenced host.
+
+
+cluster.conf:
+-------------
+There is no GUI support for this fence agent at this time. To use it, you will
+need something like this cluster.conf
+
+<fencedevice agent="fence_ifmib" name="myswitch" comm="fencing" ipaddr="sw1"/>
+
+In a node's fencing methods, you'll include a line like this:
+
+<device name="myswitch" port="43" option="off"/>
+
+This node will be fenced by disabling the port with ifIndex 43 on the host sw1.
+In SNMP speak, we set IF-MIB::ifAdminStatus.43 = down(2).
+
+If you will use port name (like fc1/1), script will try to find ifIndex.
diff --git a/fence/agents/ifmib/fence_ifmib.py b/fence/agents/ifmib/fence_ifmib.py
new file mode 100644
index 0000000..a0f979c
--- /dev/null
+++ b/fence/agents/ifmib/fence_ifmib.py
@@ -0,0 +1,149 @@
+#!/usr/bin/python
+
+# The Following agent has been tested on:
+# - Cisco MDS UROS 9134 FC (1 Slot) Chassis ("1/2/4 10 Gbps FC/Supervisor-2") Motorola, e500v2
+# with BIOS 1.0.16, kickstart 4.1(1c), system 4.1(1c)
+# - Cisco MDS 9124 (1 Slot) Chassis ("1/2/4 Gbps FC/Supervisor-2") Motorola, e500
+# with BIOS 1.0.16, kickstart 4.1(1c), system 4.1(1c)
+# - Partially with APC PDU (Network Management Card AOS v2.7.0, Rack PDU APP v2.7.3)
+# Only lance if is visible
+
+import sys, re, pexpect
+sys.path.append("/usr/lib/fence")
+from fencing import *
+from fencing_snmp import *
+
+#BEGIN_VERSION_GENERATION
+FENCE_RELEASE_NAME=""
+REDHAT_COPYRIGHT=""
+BUILD_DATE=""
+#END_VERSION_GENERATION
+
+### CONSTANTS ###
+# IF-MIB trees for alias, status and port
+ALIASES_OID=".1.3.6.1.2.1.31.1.1.1.18"
+PORTS_OID=".1.3.6.1.2.1.2.2.1.2"
+STATUSES_OID=".1.3.6.1.2.1.2.2.1.7"
+
+# Status constants returned as value from SNMP
+STATUS_UP=1
+STATUS_DOWN=2
+STATUS_TESTING=3
+
+### GLOBAL VARIABLES ###
+# Port number converted from port name or index
+port_num=None
+
+### FUNCTIONS ###
+
+# Convert port index or name to port index
+def port2index(conn,port):
+ res=None
+
+ if (port.isdigit()):
+ res=int(port)
+ else:
+ ports=conn.walk(PORTS_OID,30)
+
+ for x in ports:
+ if (x[1].strip('"')==port):
+ res=int(x[0].split('.')[-1])
+ break
+
+ if (res==None):
+ fail_usage("Can't find port with name %s!"%(port))
+
+ return res
+
+def get_power_status(conn,options):
+ global port_num
+
+ if (port_num==None):
+ port_num=port2index(conn,options["-n"])
+
+ (oid,status)=conn.get("%s.%d"%(STATUSES_OID,port_num))
+ return (status==str(STATUS_UP) and "on" or "off")
+
+def set_power_status(conn, options):
+ global port_num
+
+ if (port_num==None):
+ port_num=port2index(conn,options["-n"])
+
+ conn.set("%s.%d"%(STATUSES_OID,port_num),(options["-o"]=="on" and STATUS_UP or STATUS_DOWN))
+
+# Convert array of format [[key1, value1], [key2, value2], ... [keyN, valueN]] to dict, where key is
+# in format a.b.c.d...z and returned dict has key only z
+def array_to_dict(ar):
+ return dict(map(lambda y:[y[0].split('.')[-1],y[1]],ar))
+
+def get_outlets_status(conn, options):
+ result={}
+
+ res_fc=conn.walk(PORTS_OID,30)
+ res_aliases=array_to_dict(conn.walk(ALIASES_OID,30))
+
+ for x in res_fc:
+ port_num=x[0].split('.')[-1]
+
+ port_name=x[1].strip('"')
+ port_alias=(res_aliases.has_key(port_num) and res_aliases[port_num].strip('"') or "")
+ port_status=""
+ result[port_name]=(port_alias,port_status)
+
+ return result
+
+# Define new options
+def ifmib_define_defaults():
+ all_opt["snmp_version"]["default"]="2c"
+
+# Main agent method
+def main():
+ global port_oid
+
+ device_opt = [ "help", "version", "agent", "quiet", "verbose", "debug",
+ "action", "ipaddr", "login", "passwd", "passwd_script",
+ "test", "port", "separator", "no_login", "no_password",
+ "snmp_version", "community", "snmp_auth_prot", "snmp_sec_level",
+ "snmp_priv_prot", "snmp_priv_passwd", "snmp_priv_passwd_script",
+ "udpport","inet4_only","inet6_only",
+ "power_timeout", "shell_timeout", "login_timeout", "power_wait" ]
+
+ atexit.register(atexit_handler)
+
+ snmp_define_defaults ()
+
+ options=process_input(device_opt)
+
+ # Emulate enable/disable functionality
+ if (options.has_key("-o")):
+ options["-o"]=options["-o"].lower()
+
+ if (options["-o"]=="enable"):
+ options["-o"]="on"
+ if (options["-o"]=="disable"):
+ options["-o"]="off"
+ else:
+ options["-o"]="off"
+
+ options = check_input(device_opt, options)
+
+ docs = { }
+ docs["shortdesc"] = "Fence agent for IF MIB"
+ docs["longdesc"] = "fence_ifmib is an I/O Fencing agent \
+which can be used with any SNMP IF-MIB capable device. \
+\n.P\n\
+It was written with managed ethernet switches in mind, in order to \
+fence iSCSI SAN connections. However, there are many devices that \
+support the IF-MIB interface. The agent uses IF-MIB::ifAdminStatus \
+to control the state of an interface."
+ docs["vendorurl"] = "http://www.ietf.org/wg/concluded/ifmib.html"
+ show_docs(options, docs)
+
+ # Operate the fencing device
+ result = fence_action(FencingSnmp(options), options, set_power_status, get_power_status, get_outlets_status)
+
+ sys.exit(result)
+
+if __name__ == "__main__":
+ main()
--
1.6.0.6
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
d236c5da97a239a1b6991cfba2865b66
>
files
>
61
