summaryrefslogtreecommitdiffstats
path: root/agents/pve/fence_pve.py
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 06:50:17 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 06:50:17 +0000
commit86ed03f8adee56c050c73018537371c230a664a6 (patch)
treeeae3d04cdf1c49848e5a671327ab38297f4acb0d /agents/pve/fence_pve.py
parentInitial commit. (diff)
downloadfence-agents-86ed03f8adee56c050c73018537371c230a664a6.tar.xz
fence-agents-86ed03f8adee56c050c73018537371c230a664a6.zip
Adding upstream version 4.12.1.upstream/4.12.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'agents/pve/fence_pve.py')
-rwxr-xr-xagents/pve/fence_pve.py240
1 files changed, 240 insertions, 0 deletions
diff --git a/agents/pve/fence_pve.py b/agents/pve/fence_pve.py
new file mode 100755
index 0000000..0d82035
--- /dev/null
+++ b/agents/pve/fence_pve.py
@@ -0,0 +1,240 @@
+#!@PYTHON@ -tt
+
+# This agent uses Proxmox VE API
+# Thanks to Frank Brendel (author of original perl fence_pve)
+# for help with writing and testing this agent.
+
+import sys
+import json
+import pycurl
+import io
+import atexit
+import logging
+sys.path.append("@FENCEAGENTSLIBDIR@")
+from fencing import fail, fail_usage, EC_LOGIN_DENIED, atexit_handler, all_opt, check_input, process_input, show_docs, fence_action, run_delay
+
+if sys.version_info[0] > 2: import urllib.parse as urllib
+else: import urllib
+
+def get_power_status(conn, options):
+ del conn
+ state = {"running" : "on", "stopped" : "off"}
+ if options["--pve-node"] is None:
+ nodes = send_cmd(options, "nodes")
+ if type(nodes) is not dict or "data" not in nodes or type(nodes["data"]) is not list:
+ return None
+ for node in nodes["data"]: # lookup the node holding the vm
+ if type(node) is not dict or "node" not in node:
+ return None
+ options["--pve-node"] = node["node"]
+ status = get_power_status(None, options)
+ if status is not None:
+ logging.info("vm found on node: " + options["--pve-node"])
+ break
+ else:
+ options["--pve-node"] = None
+ return status
+ else:
+ cmd = "nodes/" + options["--pve-node"] + "/" + options["--vmtype"] +"/" + options["--plug"] + "/status/current"
+ result = send_cmd(options, cmd)
+ if type(result) is dict and "data" in result:
+ if type(result["data"]) is dict and "status" in result["data"]:
+ if result["data"]["status"] in state:
+ return state[result["data"]["status"]]
+ return None
+
+
+def set_power_status(conn, options):
+ del conn
+ action = {
+ 'on' : "start",
+ 'off': "stop"
+ }[options["--action"]]
+ cmd = "nodes/" + options["--pve-node"] + "/" + options["--vmtype"] +"/" + options["--plug"] + "/status/" + action
+ send_cmd(options, cmd, post={"skiplock":1})
+
+
+def reboot_cycle(conn, options):
+ del conn
+ cmd = "nodes/" + options["--pve-node"] + "/" + options["--vmtype"] + "/" + options["--plug"] + "/status/reset"
+ result = send_cmd(options, cmd, post={"skiplock":1})
+ return type(result) is dict and "data" in result
+
+
+def get_outlet_list(conn, options):
+ del conn
+ nodes = send_cmd(options, "nodes")
+ outlets = dict()
+ if type(nodes) is not dict or "data" not in nodes or type(nodes["data"]) is not list:
+ return None
+ for node in nodes["data"]:
+ if type(node) is not dict or "node" not in node:
+ return None
+ vms = send_cmd(options, "nodes/" + node["node"] + "/" + options["--vmtype"])
+ if type(vms) is not dict or "data" not in vms or type(vms["data"]) is not list:
+ return None
+ for vm in vms["data"]:
+ outlets[vm["vmid"]] = [vm["name"], vm["status"]]
+ return outlets
+
+
+def get_ticket(options):
+ post = {'username': options["--username"], 'password': options["--password"]}
+ result = send_cmd(options, "access/ticket", post=post)
+ if type(result) is dict and "data" in result:
+ if type(result["data"]) is dict and "ticket" in result["data"] and "CSRFPreventionToken" in result["data"]:
+ return {
+ "ticket" : str("PVEAuthCookie=" + result["data"]["ticket"] + "; " + \
+ "version=0; path=/; domain=" + options["--ip"] + \
+ "; port=" + str(options["--ipport"]) + "; path_spec=0; secure=1; " + \
+ "expires=7200; discard=0"),
+ "CSRF_token" : str("CSRFPreventionToken: " + result["data"]["CSRFPreventionToken"])
+ }
+ return None
+
+
+def send_cmd(options, cmd, post=None):
+ url = options["url"] + cmd
+ conn = pycurl.Curl()
+ output_buffer = io.BytesIO()
+ if logging.getLogger().getEffectiveLevel() < logging.WARNING:
+ conn.setopt(pycurl.VERBOSE, True)
+ conn.setopt(pycurl.HTTPGET, 1)
+ conn.setopt(pycurl.URL, url.encode("ascii"))
+ if "auth" in options and options["auth"] is not None:
+ conn.setopt(pycurl.COOKIE, options["auth"]["ticket"])
+ conn.setopt(pycurl.HTTPHEADER, [options["auth"]["CSRF_token"]])
+ if post is not None:
+ if "skiplock" in post:
+ conn.setopt(conn.CUSTOMREQUEST, 'POST')
+ else:
+ conn.setopt(pycurl.POSTFIELDS, urllib.urlencode(post))
+ conn.setopt(pycurl.WRITEFUNCTION, output_buffer.write)
+ conn.setopt(pycurl.TIMEOUT, int(options["--shell-timeout"]))
+
+ if "--ssl-insecure" in options:
+ conn.setopt(pycurl.SSL_VERIFYPEER, 0)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 0)
+ else:
+ conn.setopt(pycurl.SSL_VERIFYPEER, 1)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 2)
+
+ logging.debug("URL: " + url)
+
+ try:
+ conn.perform()
+ result = output_buffer.getvalue().decode()
+
+ logging.debug("RESULT [" + str(conn.getinfo(pycurl.RESPONSE_CODE)) + \
+ "]: " + result)
+ conn.close()
+
+ return json.loads(result)
+ except pycurl.error:
+ logging.error("Connection failed")
+ except:
+ logging.error("Cannot parse json")
+ return None
+
+
+def main():
+ atexit.register(atexit_handler)
+
+ all_opt["pve_node_auto"] = {
+ "getopt" : "A",
+ "longopt" : "pve-node-auto",
+ "help" : "-A, --pve-node-auto "
+ "Automatically select proxmox node",
+ "required" : "0",
+ "shortdesc" : "Automatically select proxmox node. "
+ "(This option overrides --pve-node)",
+ "type": "boolean",
+ "order": 2
+ }
+ all_opt["pve_node"] = {
+ "getopt" : "N:",
+ "longopt" : "pve-node",
+ "help" : "-N, --pve-node=[node_name] "
+ "Proxmox node name on which machine is located",
+ "required" : "0",
+ "shortdesc" : "Proxmox node name on which machine is located. "
+ "(Must be specified if not using --pve-node-auto)",
+ "order": 2
+ }
+ all_opt["node_name"] = {
+ "getopt" : ":",
+ "longopt" : "nodename",
+ "help" : "--nodename "
+ "Replaced by --pve-node",
+ "required" : "0",
+ "shortdesc" : "Replaced by --pve-node",
+ "order": 3
+ }
+ all_opt["vmtype"] = {
+ "getopt" : ":",
+ "longopt" : "vmtype",
+ "default" : "qemu",
+ "help" : "--vmtype "
+ "Virtual machine type lxc or qemu (default: qemu)",
+ "required" : "1",
+ "shortdesc" : "Virtual machine type lxc or qemu. "
+ "(Default: qemu)",
+ "order": 2
+ }
+
+ device_opt = ["ipaddr", "login", "passwd", "ssl", "web", "port", "pve_node", "pve_node_auto", "node_name", "vmtype", "method"]
+
+ all_opt["login"]["required"] = "0"
+ all_opt["login"]["default"] = "root@pam"
+ all_opt["ipport"]["default"] = "8006"
+ all_opt["ssl"]["default"] = "1"
+ all_opt["port"]["shortdesc"] = "Id of the virtual machine."
+ all_opt["ipaddr"]["shortdesc"] = "IP Address or Hostname of a node " +\
+ "within the Proxmox cluster."
+
+ options = check_input(device_opt, process_input(device_opt))
+ docs = {}
+ docs["shortdesc"] = "Fencing agent for the Proxmox Virtual Environment"
+ docs["longdesc"] = "The fence_pve agent can be used to fence virtual \
+machines acting as nodes in a virtualized cluster."
+ docs["vendorurl"] = "http://www.proxmox.com/"
+
+ show_docs(options, docs)
+
+ run_delay(options)
+
+ if "--pve-node-auto" in options:
+ # Force pve-node to None to allow autodiscovery
+ options["--pve-node"] = None
+ elif "--pve-node" in options and options["--pve-node"]:
+ # Leave pve-node alone
+ pass
+ elif "--nodename" in options and options["--nodename"]:
+ # map nodename into pve-node to support legacy implementations
+ options["--pve-node"] = options["--nodename"]
+ else:
+ fail_usage("At least one of pve-node-auto or pve-node must be supplied")
+
+
+ if options["--vmtype"] != "qemu":
+ # For vmtypes other than qemu, only the onoff method is valid
+ options["--method"] = "onoff"
+
+ options["url"] = "https://" + options["--ip"] + ":" + str(options["--ipport"]) + "/api2/json/"
+
+ options["auth"] = get_ticket(options)
+ if options["auth"] is None:
+ fail(EC_LOGIN_DENIED)
+
+ # Workaround for unsupported API call on some Proxmox hosts
+ outlets = get_outlet_list(None, options) # Unsupported API-Call will result in value: None
+ if outlets is None:
+ result = fence_action(None, options, set_power_status, get_power_status, None, reboot_cycle)
+ sys.exit(result)
+
+ result = fence_action(None, options, set_power_status, get_power_status, get_outlet_list, reboot_cycle)
+
+ sys.exit(result)
+
+if __name__ == "__main__":
+ main()