This file is indexed.

/usr/lib/ocf/resource.d/openstack/nova-cert is in openstack-resource-agents 2012.2~f3-1ubuntu3.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
#!/bin/sh
#
#
# OpenStack Nova Cert (nova-cert)
#
# Description:  Manages an OpenStack Nova Cert (nova-cert) process as an HA resource
#
# Authors:      Sébastien Han
# Mainly inspired by the Glance API resource agent written by Martin Gerhard Loschwitz from Hastexo: http://goo.gl/whLpr
#
# Support:      openstack@lists.launchpad.net
# License:      Apache Software License (ASL) 2.0
#
#
# See usage() function below for more details ...
#
# OCF instance parameters:
#   OCF_RESKEY_binary
#   OCF_RESKEY_config
#   OCF_RESKEY_user
#   OCF_RESKEY_pid
#   OCF_RESKEY_database_server_port
#   OCF_RESKEY_amqp_server_port
#   OCF_RESKEY_zeromq
#   OCF_RESKEY_additional_parameters
#######################################################################
# Initialization:

: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs

#######################################################################

# Fill in some defaults if no values are specified

OCF_RESKEY_binary_default="nova-cert"
OCF_RESKEY_config_default="/etc/nova/nova.conf"
OCF_RESKEY_user_default="nova"
OCF_RESKEY_pid_default="$HA_RSCTMP/$OCF_RESOURCE_INSTANCE.pid"
OCF_RESKEY_database_server_port_default="3306"
OCF_RESKEY_amqp_server_port_default="5672"
OCF_RESKEY_zeromq_default="false"

: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}}
: ${OCF_RESKEY_config=${OCF_RESKEY_config_default}}
: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}}
: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}}
: ${OCF_RESKEY_database_server_port=${OCF_RESKEY_database_server_port_default}}
: ${OCF_RESKEY_amqp_server_port=${OCF_RESKEY_amqp_server_port_default}}
: ${OCF_RESKEY_zeromq=${OCF_RESKEY_zeromq_default}}

#######################################################################

usage() {
    cat <<UEND
        usage: $0 (start|stop|validate-all|meta-data|status|monitor)

        $0 manages an OpenStack Nova Cert (nova-cert) process as an HA resource 

        The 'start' operation starts the nova-cert service.
        The 'stop' operation stops the nova-cert service.
        The 'validate-all' operation reports whether the parameters are valid
        The 'meta-data' operation reports this RA's meta-data information
        The 'status' operation reports whether the nova-cert service is running
        The 'monitor' operation reports whether the nova-cert service seems to be working

UEND
}

meta_data() {
    cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="nova-cert">
<version>1.0</version>

<longdesc lang="en">
Resource agent for the OpenStack Nova Cert Service (nova-cert)
May manage a nova-cert instance or a clone set that 
creates a distributed nova-cert cluster.
</longdesc>
<shortdesc lang="en">Manages the OpenStack Nova Cert (nova-cert)</shortdesc>
<parameters>

<parameter name="binary" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack Nova Cert server binary (nova-cert)
</longdesc>
<shortdesc lang="en">OpenStack Nova Cert server binary (nova-cert)</shortdesc>
<content type="string" default="${OCF_RESKEY_binary_default}" />
</parameter>

<parameter name="config" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack Nova Cert (nova-cert) configuration file
</longdesc>
<shortdesc lang="en">OpenStack Nova Cert (nova-cert registry) config file</shortdesc>
<content type="string" default="${OCF_RESKEY_config_default}" />
</parameter>

<parameter name="user" unique="0" required="0">
<longdesc lang="en">
User running OpenStack Nova Cert (nova-cert)
</longdesc>
<shortdesc lang="en">OpenStack Nova Cert (nova-cert) user</shortdesc>
<content type="string" default="${OCF_RESKEY_user_default}" />
</parameter>

<parameter name="pid" unique="0" required="0">
<longdesc lang="en">
The pid file to use for this OpenStack Nova Cert (nova-cert) instance
</longdesc>
<shortdesc lang="en">OpenStack Nova Cert (nova-cert) pid file</shortdesc>
<content type="string" default="${OCF_RESKEY_pid_default}" />
</parameter>

<parameter name="database_server_port" unique="0" required="0">                                                                                                                                                              
<longdesc lang="en">                                                                                                                                                                                                      
The listening port number of the database server. Mandatory to perform a monitor check                                                                                                                                        
</longdesc>                                                                                                                                                                                                               
<shortdesc lang="en">Database listening port</shortdesc>                                                                                                                                                                      
<content type="integer" default="${OCF_RESKEY_database_server_port_default}" />                                                                                                                                              
</parameter>  

<parameter name="amqp_server_port" unique="0" required="0">                                                                                                                                                              
<longdesc lang="en">                                                                                                                                                                                                      
The listening port number of the AMQP server. Mandatory to perform a monitor check                                                                                                                                        
</longdesc>                                                                                                                                                                                                               
<shortdesc lang="en">AMQP listening port</shortdesc>                                                                                                                                                                      
<content type="integer" default="${OCF_RESKEY_amqp_server_port_default}" />                                                                                                                                              
</parameter>  

<parameter name="zeromq" unique="0" required="0">                                                                                                                                                              
<longdesc lang="en">                                                                                                                                                                                                      
If zeromq is used, this will disable the connection test to the AMQP server                                                                                                                                     
</longdesc>                                                                                                                                                                                                               
<shortdesc lang="en">Zero-MQ usage</shortdesc>                                                                                                                                                                      
<content type="boolean" default="${OCF_RESKEY_zeromq_default}" />                                                                                                                                              
</parameter>

<parameter name="additional_parameters" unique="0" required="0">
<longdesc lang="en">
Additional parameters to pass on to the OpenStack Nova Cert (nova-cert)
</longdesc>
<shortdesc lang="en">Additional parameters for nova-cert</shortdesc>
<content type="string" />
</parameter>

</parameters>

<actions>
<action name="start" timeout="10" />
<action name="stop" timeout="10" />
<action name="status" timeout="10" />
<action name="monitor" timeout="5" interval="10" />
<action name="validate-all" timeout="5" />
<action name="meta-data" timeout="5" />
</actions>
</resource-agent>
END
}

#######################################################################
# Functions invoked by resource manager actions

nova_cert_check_port() {
# This function has been taken from the squid RA and improved a bit
# The length of the integer must be 4
# Examples of valid port: "1080", "0080"
# Examples of invalid port: "1080bad", "0", "0000", ""

    local int
    local cnt
    
    int="$1"
    cnt=${#int}
    echo $int |egrep -qx '[0-9]+(:[0-9]+)?(,[0-9]+(:[0-9]+)?)*'

    if [ $? -ne 0 ] || [ $cnt -ne 4 ]; then
        ocf_log err "Invalid port number: $1"
        exit $OCF_ERR_CONFIGURED
    fi
}

nova_cert_validate() {
    local rc

    check_binary $OCF_RESKEY_binary
    check_binary netstat

    nova_cert_check_port $OCF_RESKEY_database_server_port
    nova_cert_check_port $OCF_RESKEY_amqp_server_port
    
    # A config file on shared storage that is not available
    # during probes is OK.
    if [ ! -f $OCF_RESKEY_config ]; then
        if ! ocf_is_probe; then
            ocf_log err "Config $OCF_RESKEY_config doesn't exist"
            return $OCF_ERR_INSTALLED
        fi
        ocf_log_warn "Config $OCF_RESKEY_config not available during a probe"
    fi

    getent passwd $OCF_RESKEY_user >/dev/null 2>&1
    rc=$?
    if [ $rc -ne 0 ]; then
        ocf_log err "User $OCF_RESKEY_user doesn't exist"
        return $OCF_ERR_INSTALLED
    fi

    true
}

nova_cert_status() {
    local pid
    local rc

    if [ ! -f $OCF_RESKEY_pid ]; then
        ocf_log info "OpenStack Nova Cert (nova-cert) is not running"
        return $OCF_NOT_RUNNING
    else
        pid=`cat $OCF_RESKEY_pid`
    fi

    ocf_run -warn kill -s 0 $pid
    rc=$?
    if [ $rc -eq 0 ]; then
        return $OCF_SUCCESS
    else
        ocf_log info "Old PID file found, but OpenStack Nova Cert (nova-cert) is not running"
        return $OCF_NOT_RUNNING
    fi
}

nova_cert_monitor() {
    local rc
    local pid
    local rc_db
    local rc_amqp
    local cert_db_check
    local cert_amqp_check
    
    nova_cert_status
    rc=$?

    # If status returned anything but success, return that immediately
    if [ $rc -ne $OCF_SUCCESS ]; then
        return $rc
    fi

    # Check the connections according to the PID.
    # We are sure to hit the cert process and not other nova process with the same connection behavior (for example nova-scheduler)
	if ocf_is_true "$OCF_RESKEY_zeromq"; then
	    pid=`cat $OCF_RESKEY_pid`
		cert_db_check=`netstat -punt | grep -s "$OCF_RESKEY_database_server_port" | grep -s "$pid" | grep -qs "ESTABLISHED"`
		rc_db=$?
		if [ $rc_db -ne 0 ]; then
		    ocf_log err "Nova Cert is not connected to the database server: $rc_db"
		    return $OCF_NOT_RUNNING
		fi
	else
        pid=`cat $OCF_RESKEY_pid`
        # check the connections according to the PID
        cert_db_check=`netstat -punt | grep -s "$OCF_RESKEY_database_server_port" | grep -s "$pid" | grep -sq "ESTABLISHED"`
        rc_db=$?
        cert_amqp_check=`netstat -punt | grep -s "$OCF_RESKEY_amqp_server_port" | grep -s "$pid" | grep -sq "ESTABLISHED"`
        rc_amqp=$?
	    if [ $rc_amqp -ne 0 ] || [ $rc_db -ne 0 ]; then
		    ocf_log err "Nova Cert is not connected to the AMQP server and/or the database server: AMQP connection test returned $rc_amqp and database connection test returned $rc_db"
		    return $OCF_NOT_RUNNING
		fi
	fi
    
    ocf_log debug "OpenStack Nova Cert (nova-cert) monitor succeeded"
    return $OCF_SUCCESS
}

nova_cert_start() {
    local rc

    nova_cert_status
    rc=$?
    if [ $rc -eq $OCF_SUCCESS ]; then
        ocf_log info "OpenStack Nova Cert (nova-cert) already running"
        return $OCF_SUCCESS
    fi

    # run the actual nova-cert daemon. Don't use ocf_run as we're sending the tool's output
    # straight to /dev/null anyway and using ocf_run would break stdout-redirection here.
    su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} --config-file=$OCF_RESKEY_config \
       $OCF_RESKEY_additional_parameters"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid

    # Spin waiting for the server to come up.
    # Let the CRM/LRM time us out if required
    while true; do
    nova_cert_monitor
    rc=$?
    [ $rc -eq $OCF_SUCCESS ] && break
    if [ $rc -ne $OCF_NOT_RUNNING ]; then
        ocf_log err "OpenStack Nova Cert (nova-cert) start failed"
        exit $OCF_ERR_GENERIC
    fi
    sleep 1
    done

    ocf_log info "OpenStack Nova Cert (nova-cert) started"
    return $OCF_SUCCESS
}

nova_cert_stop() {
    local rc
    local pid

    nova_cert_status
    rc=$?
    if [ $rc -eq $OCF_NOT_RUNNING ]; then
        ocf_log info "OpenStack Nova Cert (nova-cert) already stopped"
        return $OCF_SUCCESS
    fi

    # Try SIGTERM
    pid=`cat $OCF_RESKEY_pid`
    ocf_run kill -s TERM $pid
    rc=$?
    if [ $rc -ne 0 ]; then
        ocf_log err "OpenStack Nova Cert (nova-cert) couldn't be stopped"
        exit $OCF_ERR_GENERIC
    fi

    # stop waiting
    shutdown_timeout=15
    if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then
        shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-5))
    fi
    count=0
    while [ $count -lt $shutdown_timeout ]; do
        nova_cert_status
        rc=$?
        if [ $rc -eq $OCF_NOT_RUNNING ]; then
            break
        fi
        count=`expr $count + 1`
        sleep 1
        ocf_log debug "OpenStack Nova Cert (nova-cert) still hasn't stopped yet. Waiting ..."
    done

    nova_cert_status
    rc=$?
    if [ $rc -ne $OCF_NOT_RUNNING ]; then
        # SIGTERM didn't help either, try SIGKILL
        ocf_log info "OpenStack Nova Cert (nova-cert) failed to stop after ${shutdown_timeout}s \
          using SIGTERM. Trying SIGKILL ..."
        ocf_run kill -s KILL $pid
    fi

    ocf_log info "OpenStack Nova Cert (nova-cert) stopped"

    rm -f $OCF_RESKEY_pid

    return $OCF_SUCCESS
}

#######################################################################

case "$1" in
  meta-data)    meta_data
                exit $OCF_SUCCESS;;
  usage|help)   usage
                exit $OCF_SUCCESS;;
esac

# Anything except meta-data and help must pass validation
nova_cert_validate || exit $?

# What kind of method was invoked?
case "$1" in
  start)        nova_cert_start;;
  stop)         nova_cert_stop;;
  status)       nova_cert_status;;
  monitor)      nova_cert_monitor;;
  validate-all) ;;
  *)            usage
                exit $OCF_ERR_UNIMPLEMENTED;;
esac