With support for TLS authentication.
---
.gitignore | 1 +
configure.ac | 1 +
fence/agents/docker/Makefile.am | 20 +++++
fence/agents/docker/fence_docker.py | 152 +++++++++++++++++++++++++++++++++++
tests/data/metadata/fence_docker.xml | 129 +++++++++++++++++++++++++++++
5 files changed, 303 insertions(+)
create mode 100644 fence/agents/docker/Makefile.am
create mode 100644 fence/agents/docker/fence_docker.py
create mode 100644 tests/data/metadata/fence_docker.xml
diff --git a/.gitignore b/.gitignore
index 75b9aa7..8bcae2b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -39,6 +39,7 @@ fence/agents/bullpap/fence_bullpap
fence/agents/cisco_mds/fence_cisco_mds
fence/agents/cisco_ucs/fence_cisco_ucs
fence/agents/cpint/fence_cpint
+fence/agents/docker/fence_docker
fence/agents/drac/fence_drac
fence/agents/drac5/fence_drac5
fence/agents/eaton_snmp/fence_eaton_snmp
diff --git a/configure.ac b/configure.ac
index 4d0aa6a..bc9785b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -264,6 +264,7 @@ AC_CONFIG_FILES([Makefile
fence/agents/brocade/Makefile
fence/agents/cisco_mds/Makefile
fence/agents/cisco_ucs/Makefile
+ fence/agents/docker/Makefile
fence/agents/drac/Makefile
fence/agents/drac5/Makefile
fence/agents/dummy/Makefile
diff --git a/fence/agents/docker/Makefile.am b/fence/agents/docker/Makefile.am
new file mode 100644
index 0000000..a232902
--- /dev/null
+++ b/fence/agents/docker/Makefile.am
@@ -0,0 +1,20 @@
+MAINTAINERCLEANFILES = Makefile.in
+
+TARGET = fence_docker
+
+SRC = $(TARGET).py
+
+EXTRA_DIST = $(SRC)
+
+sbin_SCRIPTS = $(TARGET)
+
+man_MANS = $(TARGET).8
+
+FENCE_TEST_ARGS = -a test -n 1
+
+include $(top_srcdir)/make/fencebuild.mk
+include $(top_srcdir)/make/fenceman.mk
+include $(top_srcdir)/make/agentpycheck.mk
+
+clean-local: clean-man
+ rm -f $(TARGET)
diff --git a/fence/agents/docker/fence_docker.py
b/fence/agents/docker/fence_docker.py
new file mode 100644
index 0000000..7363611
--- /dev/null
+++ b/fence/agents/docker/fence_docker.py
@@ -0,0 +1,152 @@
+#!/usr/bin/python -tt
+
+import atexit
+import sys
+import StringIO
+import logging
+import pycurl
+import json
+
+sys.path.append("@FENCEAGENTSLIBDIR@")
+from fencing import fail_usage, all_opt, fence_action, atexit_handler,
check_input, process_input, show_docs, run_delay
+
+#BEGIN_VERSION_GENERATION
+RELEASE_VERSION = ""
+REDHAT_COPYRIGHT = ""
+BUILD_DATE = ""
+#END_VERSION_GENERATION
+
+def get_power_status(conn, options):
+ del conn
+ status = send_cmd(options, "containers/%s/json" % options["--plug"])
+ if status is None:
+ return None
+ return "on" if status["State"]["Running"] else "off"
+
+
+def set_power_status(conn, options):
+ del conn
+ if options["--action"] == "on":
+ send_cmd(options, "containers/%s/start" % options["--plug"],
True)
+ else:
+ send_cmd(options, "containers/%s/kill" % options["--plug"],
True)
+ return
+
+
+def reboot_cycle(conn, options):
+ del conn
+ send_cmd(options, "containers/%s/restart" % options["--plug"], True)
+ return get_power_status(conn, options)
+
+
+def get_list(conn, options):
+ del conn
+ output = send_cmd(options, "containers/json?all=1")
+ containers = {}
+ for container in output:
+ containers[container["Id"]] = (container["Names"][0],
{True:"off", False: "on"}[container["Status"][:4].lower() == "exit"])
+ return containers
+
+
+def send_cmd(options, cmd, post = False):
+ url = "http%s://%s:%s/v1.11/%s" % ("s" if "--ssl" in options else "",
options["--ip"], options["--ipport"], cmd)
+ conn = pycurl.Curl()
+ output_buffer = StringIO.StringIO()
+ if logging.getLogger().getEffectiveLevel() < logging.WARNING:
+ conn.setopt(pycurl.VERBOSE, True)
+ conn.setopt(pycurl.HTTPGET, 1)
+ conn.setopt(pycurl.URL, str(url))
+ if post:
+ conn.setopt(pycurl.POST, 1)
+ conn.setopt(pycurl.POSTFIELDSIZE, 0)
+ conn.setopt(pycurl.WRITEFUNCTION, output_buffer.write)
+ conn.setopt(pycurl.TIMEOUT, int(options["--shell-timeout"]))
+ if "--ssl" in options:
+ if not (set(("--tlscert", "--tlskey", "--tlscacert")) <=
set(options)):
+ fail_usage("Failed. If --ssl option is used, You have
to also \
+specify: --tlscert, --tlskey and --tlscacert")
+ conn.setopt(pycurl.SSL_VERIFYPEER, 1)
+ conn.setopt(pycurl.SSLCERT, options["--tlscert"])
+ conn.setopt(pycurl.SSLKEY, options["--tlskey"])
+ conn.setopt(pycurl.CAINFO, options["--tlscacert"])
+ else:
+ conn.setopt(pycurl.SSL_VERIFYPEER, 0)
+ conn.setopt(pycurl.SSL_VERIFYHOST, 0)
+
+ logging.debug("URL: " + url)
+
+ try:
+ conn.perform()
+ result = output_buffer.getvalue()
+ return_code = conn.getinfo(pycurl.RESPONSE_CODE)
+
+ logging.debug("RESULT [" + str(return_code) + \
+ "]: " + result)
+ conn.close()
+ if return_code == 200:
+ return json.loads(result)
+ except pycurl.error:
+ logging.error("Connection failed")
+ except:
+ logging.error("Cannot parse json")
+ return None
+
+
+def main():
+ atexit.register(atexit_handler)
+
+ all_opt["tlscert"] = {
+ "getopt" : ":",
+ "longopt" : "tlscert",
+ "help" : "--tlscert "
+ "Path to client certificate for TLS authentication",
+ "required" : "0",
+ "shortdesc" : "Path to client certificate (PEM format) \
+for TLS authentication. Required if --ssl option is used.",
+ "order": 2
+ }
+
+ all_opt["tlskey"] = {
+ "getopt" : ":",
+ "longopt" : "tlskey",
+ "help" : "--tlskey "
+ "Path to client key for TLS authentication",
+ "required" : "0",
+ "shortdesc" : "Path to client key (PEM format) for TLS \
+authentication. Required if --ssl option is used.",
+ "order": 2
+ }
+
+ all_opt["tlscacert"] = {
+ "getopt" : ":",
+ "longopt" : "tlscacert",
+ "help" : "--tlscacert "
+ "Path to CA certificate for TLS authentication",
+ "required" : "0",
+ "shortdesc" : "Path to CA certificate (PEM format) for \
+TLS authentication. Required if --ssl option is used.",
+ "order": 2
+ }
+
+ device_opt = ["ipaddr", "no_password", "no_login", "port", "method",
"web", "tlscert", "tlskey", "tlscacert", "ssl"]
+
+ options = check_input(device_opt, process_input(device_opt))
+
+ docs = { }
+ docs["shortdesc"] = "Fence agent for Docker"
+ docs["longdesc"] = "fence_docker is I/O fencing agent which \
+can be used with the Docker Engine containers. You can use this \
+fence-agent without any authentication, or you can use TLS authentication \
+(use --ssl option, more info about TLS authentication in docker: \
+http://docs.docker.com/examples/https/)."
+ docs["vendorurl"] = "www.docker.io"
+ show_docs(options, docs)
+
+ run_delay(options)
+
+ result = fence_action(None, options, set_power_status,
get_power_status, get_list, reboot_cycle)
+
+ sys.exit(result)
+
+if __name__ == "__main__":
+ main()
diff --git a/tests/data/metadata/fence_docker.xml
b/tests/data/metadata/fence_docker.xml
new file mode 100644
index 0000000..bda31d01
--- /dev/null
+++ b/tests/data/metadata/fence_docker.xml
@@ -0,0 +1,129 @@
+<?xml version="1.0" ?>
+<resource-agent name="fence_docker" shortdesc="Fence agent for Docker" >
+<longdesc>fence_docker is I/O fencing agent which can be used with the Docker
Engine containers. You can use this fence-agent without any authentication, or
you can use TLS authentication (use --ssl option, more info about TLS
authentication in docker: http://docs.docker.com/examples/https/).</longdesc>
+<vendor-url>www.docker.io</vendor-url>
+<parameters>
+ <parameter name="ipport" unique="0" required="0">
+ <getopt mixed="-u, --ipport=[port]" />
+ <content type="string" default="80" />
+ <shortdesc lang="en">TCP/UDP port to use for connection with
device</shortdesc>
+ </parameter>
+ <parameter name="port" unique="0" required="1">
+ <getopt mixed="-n, --plug=[id]" />
+ <content type="string" />
+ <shortdesc lang="en">Physical plug number, name of virtual
machine or UUID</shortdesc>
+ </parameter>
+ <parameter name="inet6_only" unique="0" required="0">
+ <getopt mixed="-6, --inet6-only" />
+ <content type="boolean" />
+ <shortdesc lang="en">Forces agent to use IPv6 addresses
only</shortdesc>
+ </parameter>
+ <parameter name="ipaddr" unique="0" required="1">
+ <getopt mixed="-a, --ip=[ip]" />
+ <content type="string" />
+ <shortdesc lang="en">IP Address or Hostname</shortdesc>
+ </parameter>
+ <parameter name="inet4_only" unique="0" required="0">
+ <getopt mixed="-4, --inet4-only" />
+ <content type="boolean" />
+ <shortdesc lang="en">Forces agent to use IPv4 addresses
only</shortdesc>
+ </parameter>
+ <parameter name="method" unique="0" required="0">
+ <getopt mixed="-m, --method=[method]" />
+ <content type="select" default="onoff" >
+ <option value="onoff" />
+ <option value="cycle" />
+ </content>
+ <shortdesc lang="en">Method to fence (onoff|cycle)</shortdesc>
+ </parameter>
+ <parameter name="ssl" unique="0" required="0">
+ <getopt mixed="-z, --ssl" />
+ <content type="boolean" />
+ <shortdesc lang="en">SSL connection</shortdesc>
+ </parameter>
+ <parameter name="action" unique="0" required="1">
+ <getopt mixed="-o, --action=[action]" />
+ <content type="string" default="reboot" />
+ <shortdesc lang="en">Fencing Action</shortdesc>
+ </parameter>
+ <parameter name="tlskey" unique="0" required="0">
+ <getopt mixed="--tlskey" />
+ <content type="string" />
+ <shortdesc lang="en">Path to client key (PEM format) for TLS
authentication. Required if --ssl option is used.</shortdesc>
+ </parameter>
+ <parameter name="tlscacert" unique="0" required="0">
+ <getopt mixed="--tlscacert" />
+ <content type="string" />
+ <shortdesc lang="en">Path to CA certificate (PEM format) for
TLS authentication. Required if --ssl option is used.</shortdesc>
+ </parameter>
+ <parameter name="tlscert" unique="0" required="0">
+ <getopt mixed="--tlscert" />
+ <content type="string" />
+ <shortdesc lang="en">Path to client certificate (PEM format)
for TLS authentication. Required if --ssl option is used.</shortdesc>
+ </parameter>
+ <parameter name="verbose" unique="0" required="0">
+ <getopt mixed="-v, --verbose" />
+ <content type="boolean" />
+ <shortdesc lang="en">Verbose mode</shortdesc>
+ </parameter>
+ <parameter name="debug" unique="0" required="0">
+ <getopt mixed="-D, --debug-file=[debugfile]" />
+ <content type="string" />
+ <shortdesc lang="en">Write debug information to given
file</shortdesc>
+ </parameter>
+ <parameter name="version" unique="0" required="0">
+ <getopt mixed="-V, --version" />
+ <content type="boolean" />
+ <shortdesc lang="en">Display version information and
exit</shortdesc>
+ </parameter>
+ <parameter name="help" unique="0" required="0">
+ <getopt mixed="-h, --help" />
+ <content type="boolean" />
+ <shortdesc lang="en">Display help and exit</shortdesc>
+ </parameter>
+ <parameter name="separator" unique="0" required="0">
+ <getopt mixed="-C, --separator=[char]" />
+ <content type="string" default="," />
+ <shortdesc lang="en">Separator for CSV created by operation
list</shortdesc>
+ </parameter>
+ <parameter name="power_wait" unique="0" required="0">
+ <getopt mixed="--power-wait=[seconds]" />
+ <content type="string" default="0" />
+ <shortdesc lang="en">Wait X seconds after issuing
ON/OFF</shortdesc>
+ </parameter>
+ <parameter name="power_timeout" unique="0" required="0">
+ <getopt mixed="--power-timeout=[seconds]" />
+ <content type="string" default="20" />
+ <shortdesc lang="en">Test X seconds for status change after
ON/OFF</shortdesc>
+ </parameter>
+ <parameter name="delay" unique="0" required="0">
+ <getopt mixed="--delay=[seconds]" />
+ <content type="string" default="0" />
+ <shortdesc lang="en">Wait X seconds before fencing is
started</shortdesc>
+ </parameter>
+ <parameter name="login_timeout" unique="0" required="0">
+ <getopt mixed="--login-timeout=[seconds]" />
+ <content type="string" default="5" />
+ <shortdesc lang="en">Wait X seconds for cmd prompt after
login</shortdesc>
+ </parameter>
+ <parameter name="shell_timeout" unique="0" required="0">
+ <getopt mixed="--shell-timeout=[seconds]" />
+ <content type="string" default="3" />
+ <shortdesc lang="en">Wait X seconds for cmd prompt after
issuing command</shortdesc>
+ </parameter>
+ <parameter name="retry_on" unique="0" required="0">
+ <getopt mixed="--retry-on=[attempts]" />
+ <content type="string" default="1" />
+ <shortdesc lang="en">Count of attempts to retry power
on</shortdesc>
+ </parameter>
+</parameters>
+<actions>
+ <action name="on" automatic="0"/>
+ <action name="off" />
+ <action name="reboot" />
+ <action name="status" />
+ <action name="list" />
+ <action name="monitor" />
+ <action name="metadata" />
+</actions>
+</resource-agent>
--
1.8.3.1
