From mboxrd@z Thu Jan  1 00:00:00 1970
From: SGhosh <sghosh@redhat.com>
Date: Mon, 09 Jun 2014 14:09:32 -0400
Subject: [Cluster-devel] [PATCH] fence_docker: new fence agent for
 Docker containers
In-Reply-To: <131522850.16569170.1402325011684.JavaMail.zimbra@redhat.com>
References: <131522850.16569170.1402325011684.JavaMail.zimbra@redhat.com>
Message-ID: <5395F85C.3090501@redhat.com>
List-Id: <cluster-devel.redhat.com>
To: cluster-devel.redhat.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Docker's HTTP access is unauthenticated at this time - doubtful that it 
will be exposed outside the host.

Should account for that in the design.

On 06/09/2014 10:43 AM, Ondrej Mular wrote:
> ---
>   .gitignore                           |   1 +
>   configure.ac                         |   1 +
>   fence/agents/docker/Makefile.am      |  18 ++++++
>   fence/agents/docker/fence_docker.py  |  72 +++++++++++++++++++++++
>   tests/data/metadata/fence_docker.xml | 109 +++++++++++++++++++++++++++++++++++
>   5 files changed, 201 insertions(+)
>   create mode 100644 fence/agents/docker/Makefile.am
>   create mode 100644 fence/agents/docker/fence_docker.py
>   create mode 100644 tests/data/metadata/fence_docker.xml
>
> diff --git a/.gitignore b/.gitignore
> index 75b9aa7..8bcae2b 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -39,6 +39,7 @@ fence/agents/bullpap/fence_bullpap
>   fence/agents/cisco_mds/fence_cisco_mds
>   fence/agents/cisco_ucs/fence_cisco_ucs
>   fence/agents/cpint/fence_cpint
> +fence/agents/docker/fence_docker
>   fence/agents/drac/fence_drac
>   fence/agents/drac5/fence_drac5
>   fence/agents/eaton_snmp/fence_eaton_snmp
> diff --git a/configure.ac b/configure.ac
> index 4d0aa6a..bc9785b 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -264,6 +264,7 @@ AC_CONFIG_FILES([Makefile
>   		 fence/agents/brocade/Makefile
>   		 fence/agents/cisco_mds/Makefile
>   		 fence/agents/cisco_ucs/Makefile
> +		 fence/agents/docker/Makefile
>   		 fence/agents/drac/Makefile
>   		 fence/agents/drac5/Makefile
>   		 fence/agents/dummy/Makefile
> diff --git a/fence/agents/docker/Makefile.am b/fence/agents/docker/Makefile.am
> new file mode 100644
> index 0000000..f3d53be
> --- /dev/null
> +++ b/fence/agents/docker/Makefile.am
> @@ -0,0 +1,18 @@
> +MAINTAINERCLEANFILES	= Makefile.in
> +
> +TARGET			= fence_docker
> +
> +SRC			= $(TARGET).py
> +
> +EXTRA_DIST		= $(SRC)
> +
> +sbin_SCRIPTS		= $(TARGET)
> +
> +man_MANS		= $(TARGET).8
> +
> +include $(top_srcdir)/make/fencebuild.mk
> +include $(top_srcdir)/make/fenceman.mk
> +include $(top_srcdir)/make/agentpycheck.mk
> +
> +clean-local: clean-man
> +	rm -f $(TARGET)
> diff --git a/fence/agents/docker/fence_docker.py b/fence/agents/docker/fence_docker.py
> new file mode 100644
> index 0000000..63ce6b8
> --- /dev/null
> +++ b/fence/agents/docker/fence_docker.py
> @@ -0,0 +1,72 @@
> +#!/usr/bin/python -tt
> +
> +import atexit
> +import sys
> +import docker
> +import logging
> +
> +sys.path.append("@FENCEAGENTSLIBDIR@")
> +from fencing import fail_usage, all_opt, fence_action, atexit_handler, check_input, process_input, show_docs, run_delay, fail, EC_LOGIN_DENIED
> +
> +#BEGIN_VERSION_GENERATION
> +RELEASE_VERSION = ""
> +REDHAT_COPYRIGHT = ""
> +BUILD_DATE = ""
> +#END_VERSION_GENERATION
> +
> +def get_power_status(conn, options):
> +	try:
> +		status = conn.inspect_container(container=options["--plug"])
> +		return "on" if status["State"]["Running"] else "off"
> +	except Exception:
> +		return None
> +
> +
> +def set_power_status(conn, options):
> +	if options["--action"] == "on":
> +		conn.start(container=options["--plug"])
> +	else:
> +		conn.kill(container=options["--plug"])
> +	return
> +
> +
> +def reboot_cycle(conn, options):
> +	conn.restart(container=options["--plug"], timeout=float(options["--power-timeout"]))
> +	return get_power_status(conn, options)
> +
> +
> +def get_list(conn, options):
> +	output = conn.containers(all=True)
> +	containers = {}
> +	for container in output:
> +		containers[container["Id"]] = ("; ".join(container["Names"]), {True:"off", False: "on"}[container["Status"][:4].lower() == "exit"])
> +	return containers
> +
> +
> +def main():
> +	atexit.register(atexit_handler)
> +
> +	device_opt = ["ipaddr", "no_password", "port", "method"]
> +
> +	options = check_input(device_opt, process_input(device_opt))
> +
> +	docs = { }
> +	docs["shortdesc"] = "Fence agent for Docker"
> +	docs["longdesc"] = "fence_docker is I/O fencing agent which can be used with the Docker Engine containers."
> +	docs["vendorurl"] = "www.docker.io"
> +	show_docs(options, docs)
> +
> +	run_delay(options)
> +
> +	conn = docker.Client(base_url = "http://" + options["--ip"] + ":" + str(options["--ipport"]), version = "1.9", timeout = float(options["--shell-timeout"]))
> +
> +	try:
> +		result = fence_action(conn, options, set_power_status, get_power_status, get_list, reboot_cycle)
> +	except IOError as ex:
> +		logging.debug(ex.message)
> +		fail(EC_LOGIN_DENIED)
> +
> +	sys.exit(result)
> +
> +if __name__ == "__main__":
> +	main()
> diff --git a/tests/data/metadata/fence_docker.xml b/tests/data/metadata/fence_docker.xml
> new file mode 100644
> index 0000000..19cdd0a
> --- /dev/null
> +++ b/tests/data/metadata/fence_docker.xml
> @@ -0,0 +1,109 @@
> +<?xml version="1.0" ?>
> +<resource-agent name="fence_docker" shortdesc="Fence agent for Docker" >
> +<longdesc>fence_docker is I/O fencing agent which can be used with the Docker Engine containers.</longdesc>
> +<vendor-url>www.docker.io</vendor-url>
> +<parameters>
> +	<parameter name="ipport" unique="0" required="0">
> +		<getopt mixed="-u, --ipport=[port]" />
> +		<content type="string" default="23"  />
> +		<shortdesc lang="en">TCP/UDP port to use for connection with device</shortdesc>
> +	</parameter>
> +	<parameter name="inet6_only" unique="0" required="0">
> +		<getopt mixed="-6, --inet6-only" />
> +		<content type="boolean"  />
> +		<shortdesc lang="en">Forces agent to use IPv6 addresses only</shortdesc>
> +	</parameter>
> +	<parameter name="ipaddr" unique="0" required="1">
> +		<getopt mixed="-a, --ip=[ip]" />
> +		<content type="string"  />
> +		<shortdesc lang="en">IP Address or Hostname</shortdesc>
> +	</parameter>
> +	<parameter name="method" unique="0" required="0">
> +		<getopt mixed="-m, --method=[method]" />
> +		<content type="select" default="onoff"  >
> +			<option value="onoff" />
> +			<option value="cycle" />
> +		</content>
> +		<shortdesc lang="en">Method to fence (onoff|cycle)</shortdesc>
> +	</parameter>
> +	<parameter name="action" unique="0" required="1">
> +		<getopt mixed="-o, --action=[action]" />
> +		<content type="string" default="reboot"  />
> +		<shortdesc lang="en">Fencing Action</shortdesc>
> +	</parameter>
> +	<parameter name="inet4_only" unique="0" required="0">
> +		<getopt mixed="-4, --inet4-only" />
> +		<content type="boolean"  />
> +		<shortdesc lang="en">Forces agent to use IPv4 addresses only</shortdesc>
> +	</parameter>
> +	<parameter name="port" unique="0" required="1">
> +		<getopt mixed="-n, --plug=[id]" />
> +		<content type="string"  />
> +		<shortdesc lang="en">Physical plug number, name of virtual machine or UUID</shortdesc>
> +	</parameter>
> +	<parameter name="verbose" unique="0" required="0">
> +		<getopt mixed="-v, --verbose" />
> +		<content type="boolean"  />
> +		<shortdesc lang="en">Verbose mode</shortdesc>
> +	</parameter>
> +	<parameter name="debug" unique="0" required="0">
> +		<getopt mixed="-D, --debug-file=[debugfile]" />
> +		<content type="string"  />
> +		<shortdesc lang="en">Write debug information to given file</shortdesc>
> +	</parameter>
> +	<parameter name="version" unique="0" required="0">
> +		<getopt mixed="-V, --version" />
> +		<content type="boolean"  />
> +		<shortdesc lang="en">Display version information and exit</shortdesc>
> +	</parameter>
> +	<parameter name="help" unique="0" required="0">
> +		<getopt mixed="-h, --help" />
> +		<content type="boolean"  />
> +		<shortdesc lang="en">Display help and exit</shortdesc>
> +	</parameter>
> +	<parameter name="separator" unique="0" required="0">
> +		<getopt mixed="-C, --separator=[char]" />
> +		<content type="string" default=","  />
> +		<shortdesc lang="en">Separator for CSV created by operation list</shortdesc>
> +	</parameter>
> +	<parameter name="shell_timeout" unique="0" required="0">
> +		<getopt mixed="--shell-timeout=[seconds]" />
> +		<content type="string" default="3"  />
> +		<shortdesc lang="en">Wait X seconds for cmd prompt after issuing command</shortdesc>
> +	</parameter>
> +	<parameter name="power_timeout" unique="0" required="0">
> +		<getopt mixed="--power-timeout=[seconds]" />
> +		<content type="string" default="20"  />
> +		<shortdesc lang="en">Test X seconds for status change after ON/OFF</shortdesc>
> +	</parameter>
> +	<parameter name="power_wait" unique="0" required="0">
> +		<getopt mixed="--power-wait=[seconds]" />
> +		<content type="string" default="0"  />
> +		<shortdesc lang="en">Wait X seconds after issuing ON/OFF</shortdesc>
> +	</parameter>
> +	<parameter name="delay" unique="0" required="0">
> +		<getopt mixed="--delay=[seconds]" />
> +		<content type="string" default="0"  />
> +		<shortdesc lang="en">Wait X seconds before fencing is started</shortdesc>
> +	</parameter>
> +	<parameter name="login_timeout" unique="0" required="0">
> +		<getopt mixed="--login-timeout=[seconds]" />
> +		<content type="string" default="5"  />
> +		<shortdesc lang="en">Wait X seconds for cmd prompt after login</shortdesc>
> +	</parameter>
> +	<parameter name="retry_on" unique="0" required="0">
> +		<getopt mixed="--retry-on=[attempts]" />
> +		<content type="string" default="1"  />
> +		<shortdesc lang="en">Count of attempts to retry power on</shortdesc>
> +	</parameter>
> +</parameters>
> +<actions>
> +	<action name="on" automatic="0"/>
> +	<action name="off" />
> +	<action name="reboot" />
> +	<action name="status" />
> +	<action name="list" />
> +	<action name="monitor" />
> +	<action name="metadata" />
> +</actions>
> +</resource-agent>