beekhof · April 26, 2011 10:32
diff --git a/gistfile1.txt b/gistfile1.txt
 #!/bin/bash

 description="
 fence_ec2 is an I/O Fencing agent which can be used with Amazon EC2 instances.
 In order to function, the agent needs the private key and cert used by the Amazon EC2 API.

 API functions used by this agent:
 - ec2-describe-tags
 - ec2-describe-instances
 - ec2-stop-instances
 - ec2-start-instances
 - ec2-reboot-instances

 If the uname used by the cluster node is any of:
 - Public DNS name (or part there of),
 - Private DNS name (or part there of),
 - Instance ID (eg. i-4f15a839)
 - Contents of tag associated with the instance
 then the agent should be able to automatically discover the instances it can control.

 If the tag containing the uname is not [Name], then it will need to be specified using the [tag] option.
 "

 #
 # Copyright (c) 2011 Andrew Beekhof
 #                    All Rights Reserved.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of version 2 of the GNU General Public License as
 # published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it would be useful, but
 # WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 #
 # Further, this software is distributed without any warranty that it is
 # free of the rightful claim of any third person regarding infringement
 # or the like.  Any license provided herein, whether implied or
 # otherwise, applies only to this software file.  Patent licenses, if
 # any, provided herein do not apply to combinations of this program with
 # other software, or any other product whatsoever.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write the Free Software Foundation,
 # Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA.
 #
 #######################################################################

 quiet=0
 port=""

 instance_not_found=0
 unknown_are_stopped=0

 action="reset"         # Default fence action
 ec2_tag="Name"	       # EC2 Tag containing the instance's uname
 ec2_key=""	       # EC2 Private Key
 ec2_cert=""	       # EC2 Cert
 ec2_region="us-east-1" # EC2 Region


 if [ -z "$EC2_HOME" ]; then
    EC2_HOME="$HOME/.ec2"
 fi

 function usage()
 {
 cat <<EOF
 `basename $0` - A fencing agent for Amazon EC2 instances
 
 $description
 
 Usage: `basename $0` -o|--action [-n|--port] [options]
 Options:
 -h, --help 		This text
 -V, --version		Version information
 -q, --quiet 		Reduced output mode
 
 Commands:
 -o, --action		Action to perform: on|off|reboot|status|monitor
 -n, --port 		The name of a machine/instance to control/check

 Additional Options:
 -e, --ec2-home 	Location of Amazon EC2 command line tools
 -k, --private-key 	The private key to use when constructing requests to Amazon EC2
 -c, --cert 		The X.509 certificate to use when constructing requests to Amazon EC2
 -r, --region		The Amazon region for which the device should control instances (defaults to us-east-1)
 -t, --tag 		Name of the tag containing the instance's uname

 Dangerous options:
 -U, --unknown-are-stopped 	Assume any unknown instance is safely stopped

 EOF
    exit 0;
 }

 function metadata()
 {
 cat <<EOF

 <?xml version="1.0" ?>
 <resource-agent name="fence_ec2" shortdesc="Fencing agent for Amazon EC2 instances" >
    <longdesc>
 $description
    </longdesc>
    <parameters>
 	<parameter name="action" unique="1" required="1">
 		<getopt mixed="-o, --action=[action]" />
 		<content type="string" default="reboot" />
 		<shortdesc lang="en">Fencing Action</shortdesc>
 	</parameter>
 	<parameter name="port" unique="1" required="1">
 		<getopt mixed="-n, --port=[port]" />
 		<content type="string" />
 		<shortdesc lang="en">The name/id/tag of a instance to control/check</shortdesc>
 	</parameter>
 	<parameter name="ec2-home" unique="1" required="1">
 		<getopt mixed="-e, --ec2-home=[directory]" />
 		<content type="string" default="~/.ec2" />
 		<shortdesc lang="en">Location of Amazon EC2 command line tools</shortdesc>
 	</parameter>
 	<parameter name="private-key" unique="1" required="1">
 		<getopt mixed="-k, --private-key=[filename]" />
 		<content type="string" default="$ec2-home/pk-*.pem" />
 		<shortdesc lang="en">The private key to use when constructing requests to Amazon EC2</shortdesc>
 	</parameter>
 	<parameter name="cert" unique="1" required="1">
 		<getopt mixed="-c, --cert=[filename]" />
 		<content type="string" default="$ec2-home/cert-*.pem" />
 		<shortdesc lang="en">The X.509 certificate to use when constructing requests to Amazon EC2</shortdesc>
 	</parameter>
 	<parameter name="region" unique="1" required="1">
 		<getopt mixed="-r, --region=[region]" />
 		<content type="string" default="us-east-1" />
 		<shortdesc lang="en">The Amazon region for which the device should control instances</shortdesc>
 	</parameter>
 	<parameter name="tag" unique="1" required="1">
 		<getopt mixed="-t, --tag=[tag]" />
 		<content type="string" default="Name" />
 		<shortdesc lang="en">Name of the tag containing the instances uname</shortdesc>
 	</parameter>
 	<parameter name="unknown-are-stopped" unique="1" required="1">
 		<getopt mixed="-U, --unknown-are-stopped" />
 		<content type="string" default="false" />
 		<shortdesc lang="en">DANGER: Assume any unknown instance is safely stopped</shortdesc>
 	</parameter>
    </parameters>
    <actions>
 	<action name="on" />
 	<action name="off" />
 	<action name="reboot" />
 	<action name="status" />
 	<action name="list" />
 	<action name="monitor" />
 	<action name="metadata" />
    </actions>
 </resource-agent>
 EOF
    exit 0;
 }

 function instance_for_port()
 {
    port=$1; shift

    # Look for port name -n in the INSTANCE data
    instance=`ec2-describe-instances $* | grep INSTANCE.*$port | awk '{print $2}'`	
    if [ -z $instance ]; then
 	# Look for port name -n in the Name TAG
 	instance=`ec2-describe-tags $* | grep TAG.*$ec2_tag.*$port | awk '{print $3}'`
    fi

    if [ -z $instance ]; then
 	instance_not_found=1
 	instance=$port
    fi

    echo $instance
 }

 TEMP=`getopt -o qVo:e:k:c:r:n:t:U --long version,help,region:,action:,port:,option:,ec2-home:,private-key:,cert:,tag:,quiet,unknown-are-stopped \
     -n 'fence_ec2' -- "$@"`

 if [ $? != 0 ];then 
    usage
    exit 1
 fi

 # Note the quotes around `$TEMP': they are essential!
 eval set -- "$TEMP"

 if [ -z $1 ]; then
    # If there are no command line args, look for options from stdin
    while read line; do
 	case $line in 
            option=*|action=*) action=`echo $line | sed s/.*=//`;;
            port=*)        port=`echo $line | sed s/.*=//`;;
 	    ec2-home=*)    EC2_HOME=`echo $line | sed s/.*=//`;;
 	    private-key=*) ec2_key=`echo $line | sed s/.*=//`;;
 	    cert=*)        ec2_cert=`echo $line | sed s/.*=//`;;
 	    region=*)      ec2_region=`echo $line | sed s/.*=//`;;
 	    tag=*)         ec2_tag=`echo $line | sed s/.*=//`;;
 	    quiet*)        quiet=1;;
 	    unknown-are-stopped*) unknown_are_stopped=1;;
 	    --);;
 	    *) echo "Invalid command: $line";;
 	esac
    done
 fi
 
 while true ; do
    case "$1" in
 	-o|--action|--option) action=$2;   shift; shift;;
 	-n|--port)            port=$2;     shift; shift;;
 	-e|--ec2-home)        EC2_HOME=$2; shift; shift;;
 	-k|--private-key)     ec2_key=$2;  shift; shift;;
 	-c|--cert)	      ec2_cert=$2; shift; shift;;
 	-r|--region)          ec2_region=$2; shift; shift;;
 	-t|--tag)	      ec2_tag=$2; shift; shift;;
 	-U|--unknown-are-stopped) unknown_are_stopped=1; shift;;
 	-q|--quiet) quiet=1; shift;;
 	-V|--version) echo "1.0.0"; exit 0;;
 	--help|-h) 
 	    usage;
 	    exit 0;;
 	--) shift ; break ;;
 	*) echo "Unknown option: $1. See --help for details."; exit 1;;
    esac
 done

 export EC2_HOME
 PATH=$PATH:$EC2_HOME/bin

 if [ -z "$JAVA_HOME" ]; then
    java=`which java`
    while [ -L "$java" ]; do
 	java=`/bin/ls -l $java | awk '{print $11}'`
    done
    export JAVA_HOME=`dirname $java`/..
 fi

 if [ -z "$ec2_key" ]; then
    ec2_key=`ls $EC2_HOME/pk-*.pem`;
 fi

 if [ -z "$ec2_cert" ]; then
    ec2_cert=`ls $EC2_HOME/cert-*.pem`;
 fi

 options="--region $ec2_region --private-key $ec2_key --cert $ec2_cert"
 action=`echo $action | tr 'A-Z' 'a-z'`

 instance=""
 if [ ! -z "$port" ]; then
    instance=`instance_for_port $port $options`
 fi

 case $action in 
    reboot|reset) 
 	if [ $unknown_are_stopped = 1 -a $instance_not_found ]; then
 	    : nothing we _can_ do
 	    echo "Assuming unknown instance $instance is already off, cannot restart"
 	else
 	    ec2-reboot-instances $options $instance
 	fi
 	;;
    poweron|on)
 	ec2-start-instances $options $instance
 	;;
    poweroff|off)
 	if [ $unknown_are_stopped = 1 -a $instance_not_found ]; then
 	    : nothing to do
 	    echo "Assuming unknown instance $instance is already off"
 	else
 	    ec2-stop-instances $options $instance
 	fi
 	;;
    monitor)
 	# Is the device ok?
 	ec2-describe-instances | grep INSTANCE &> /dev/null
 	;;
    hostlist|list)
 	# List of names we know about
 	ec2-describe-instances $options | awk -v tag_pat="^TAG\tinstance\t.*\t$ec2_tag" -F '\t' '{ 
               if (/^INSTANCE.*pending/) { printf "%s\n", $2 }
               else if (/^INSTANCE.*stopped/) { printf "%s\n", $2 }
               else if (/^INSTANCE/) { printf "%s\n%s\n%s\n", $2, $4, $5 }
               else if ( $1"\t"$2"\t"$3"\t"$4 ~ tag_pat ) { printf "%s\n", $5 }
            }' | sort -u
 	;;
    stat|status)
 	# List of instances and their current status
 	if [ $unknown_are_stopped = 1 -a $instance_not_found ]; then
 	    echo "$instance stopped (unknown)"
 	else
 	    ec2-describe-instances $options $instance | awk '{ 
               if (/^INSTANCE.*pending/) { printf "%s %s\n", $2, $4 }
               else if (/^INSTANCE.*stopped/) { printf "%s %s\n", $2, $4 }
               else if (/^INSTANCE/) { printf "%s %s %s %s\n", $2, $6, $4, $5 }
            }'
 	fi
 	;;
    metadata)
 	metadata
 	;;
    *) echo "Unknown action: $action"; exit 1;;
 esac

 status=$?

 if [ $quiet -eq 1 ]; then
    : nothing
 elif [ $status -eq 0 ]; then
    echo "Operation $action passed"
 else
    echo "Operation $action failed: $status"
 fi
 exit $status
	#!/bin/bash

	description="
	fence_ec2 is an I/O Fencing agent which can be used with Amazon EC2 instances.
	In order to function, the agent needs the private key and cert used by the Amazon EC2 API.

	API functions used by this agent:
	- ec2-describe-tags
	- ec2-describe-instances
	- ec2-stop-instances
	- ec2-start-instances
	- ec2-reboot-instances

	If the uname used by the cluster node is any of:
	- Public DNS name (or part there of),
	- Private DNS name (or part there of),
	- Instance ID (eg. i-4f15a839)
	- Contents of tag associated with the instance
	then the agent should be able to automatically discover the instances it can control.

	If the tag containing the uname is not [Name], then it will need to be specified using the [tag] option.
	"

	#
	# Copyright (c) 2011 Andrew Beekhof
	# All Rights Reserved.
	#
	# This program is free software; you can redistribute it and/or modify
	# it under the terms of version 2 of the GNU General Public License as
	# published by the Free Software Foundation.
	#
	# This program is distributed in the hope that it would be useful, but
	# WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	#
	# Further, this software is distributed without any warranty that it is
	# free of the rightful claim of any third person regarding infringement
	# or the like. Any license provided herein, whether implied or
	# otherwise, applies only to this software file. Patent licenses, if
	# any, provided herein do not apply to combinations of this program with
	# other software, or any other product whatsoever.
	#
	# You should have received a copy of the GNU General Public License
	# along with this program; if not, write the Free Software Foundation,
	# Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA.
	#
	#######################################################################

	quiet=0
	port=""

	instance_not_found=0
	unknown_are_stopped=0

	action="reset" # Default fence action
	ec2_tag="Name" # EC2 Tag containing the instance's uname
	ec2_key="" # EC2 Private Key
	ec2_cert="" # EC2 Cert
	ec2_region="us-east-1" # EC2 Region


	if [ -z "$EC2_HOME" ]; then
	EC2_HOME="$HOME/.ec2"
	fi

	function usage()
	{
	cat <<EOF
	`basename $0` - A fencing agent for Amazon EC2 instances

	$description

	Usage: `basename $0` -o\|--action [-n\|--port] [options]
	Options:
	-h, --help This text
	-V, --version Version information
	-q, --quiet Reduced output mode

	Commands:
	-o, --action Action to perform: on\|off\|reboot\|status\|monitor
	-n, --port The name of a machine/instance to control/check

	Additional Options:
	-e, --ec2-home Location of Amazon EC2 command line tools
	-k, --private-key The private key to use when constructing requests to Amazon EC2
	-c, --cert The X.509 certificate to use when constructing requests to Amazon EC2
	-r, --region The Amazon region for which the device should control instances (defaults to us-east-1)
	-t, --tag Name of the tag containing the instance's uname

	Dangerous options:
	-U, --unknown-are-stopped Assume any unknown instance is safely stopped

	EOF
	exit 0;
	}

	function metadata()
	{
	cat <<EOF

	<?xml version="1.0" ?>
	<resource-agent name="fence_ec2" shortdesc="Fencing agent for Amazon EC2 instances" >
	<longdesc>
	$description
	</longdesc>
	<parameters>
	<parameter name="action" unique="1" required="1">
	<getopt mixed="-o, --action=[action]" />
	<content type="string" default="reboot" />
	<shortdesc lang="en">Fencing Action</shortdesc>
	</parameter>
	<parameter name="port" unique="1" required="1">
	<getopt mixed="-n, --port=[port]" />
	<content type="string" />
	<shortdesc lang="en">The name/id/tag of a instance to control/check</shortdesc>
	</parameter>
	<parameter name="ec2-home" unique="1" required="1">
	<getopt mixed="-e, --ec2-home=[directory]" />
	<content type="string" default="~/.ec2" />
	<shortdesc lang="en">Location of Amazon EC2 command line tools</shortdesc>
	</parameter>
	<parameter name="private-key" unique="1" required="1">
	<getopt mixed="-k, --private-key=[filename]" />
	<content type="string" default="$ec2-home/pk-*.pem" />
	<shortdesc lang="en">The private key to use when constructing requests to Amazon EC2</shortdesc>
	</parameter>
	<parameter name="cert" unique="1" required="1">
	<getopt mixed="-c, --cert=[filename]" />
	<content type="string" default="$ec2-home/cert-*.pem" />
	<shortdesc lang="en">The X.509 certificate to use when constructing requests to Amazon EC2</shortdesc>
	</parameter>
	<parameter name="region" unique="1" required="1">
	<getopt mixed="-r, --region=[region]" />
	<content type="string" default="us-east-1" />
	<shortdesc lang="en">The Amazon region for which the device should control instances</shortdesc>
	</parameter>
	<parameter name="tag" unique="1" required="1">
	<getopt mixed="-t, --tag=[tag]" />
	<content type="string" default="Name" />
	<shortdesc lang="en">Name of the tag containing the instances uname</shortdesc>
	</parameter>
	<parameter name="unknown-are-stopped" unique="1" required="1">
	<getopt mixed="-U, --unknown-are-stopped" />
	<content type="string" default="false" />
	<shortdesc lang="en">DANGER: Assume any unknown instance is safely stopped</shortdesc>
	</parameter>
	</parameters>
	<actions>
	<action name="on" />
	<action name="off" />
	<action name="reboot" />
	<action name="status" />
	<action name="list" />
	<action name="monitor" />
	<action name="metadata" />
	</actions>
	</resource-agent>
	EOF
	exit 0;
	}

	function instance_for_port()
	{
	port=$1; shift

	# Look for port name -n in the INSTANCE data
	instance=`ec2-describe-instances $* \| grep INSTANCE.*$port \| awk '{print $2}'`
	if [ -z $instance ]; then
	# Look for port name -n in the Name TAG
	instance=`ec2-describe-tags $* \| grep TAG.$ec2_tag.$port \| awk '{print $3}'`
	fi

	if [ -z $instance ]; then
	instance_not_found=1
	instance=$port
	fi

	echo $instance
	}

	TEMP=`getopt -o qVo:e:k:c:r:n:t:U --long version,help,region:,action:,port:,option:,ec2-home:,private-key:,cert:,tag:,quiet,unknown-are-stopped \
	-n 'fence_ec2' -- "$@"`

	if [ $? != 0 ];then
	usage
	exit 1
	fi

	# Note the quotes around `$TEMP': they are essential!
	eval set -- "$TEMP"

	if [ -z $1 ]; then
	# If there are no command line args, look for options from stdin
	while read line; do
	case $line in
	option=\|action=) action=`echo $line \| sed s/.*=//`;;
	port=) port=`echo $line \| sed s/.=//`;;
	ec2-home=) EC2_HOME=`echo $line \| sed s/.=//`;;
	private-key=) ec2_key=`echo $line \| sed s/.=//`;;
	cert=) ec2_cert=`echo $line \| sed s/.=//`;;
	region=) ec2_region=`echo $line \| sed s/.=//`;;
	tag=) ec2_tag=`echo $line \| sed s/.=//`;;
	quiet*) quiet=1;;
	unknown-are-stopped*) unknown_are_stopped=1;;
	--);;
	*) echo "Invalid command: $line";;
	esac
	done
	fi

	while true ; do
	case "$1" in
	-o\|--action\|--option) action=$2; shift; shift;;
	-n\|--port) port=$2; shift; shift;;
	-e\|--ec2-home) EC2_HOME=$2; shift; shift;;
	-k\|--private-key) ec2_key=$2; shift; shift;;
	-c\|--cert) ec2_cert=$2; shift; shift;;
	-r\|--region) ec2_region=$2; shift; shift;;
	-t\|--tag) ec2_tag=$2; shift; shift;;
	-U\|--unknown-are-stopped) unknown_are_stopped=1; shift;;
	-q\|--quiet) quiet=1; shift;;
	-V\|--version) echo "1.0.0"; exit 0;;
	--help\|-h)
	usage;
	exit 0;;
	--) shift ; break ;;
	*) echo "Unknown option: $1. See --help for details."; exit 1;;
	esac
	done

	export EC2_HOME
	PATH=$PATH:$EC2_HOME/bin

	if [ -z "$JAVA_HOME" ]; then
	java=`which java`
	while [ -L "$java" ]; do
	java=`/bin/ls -l $java \| awk '{print $11}'`
	done
	export JAVA_HOME=`dirname $java`/..
	fi

	if [ -z "$ec2_key" ]; then
	ec2_key=`ls $EC2_HOME/pk-*.pem`;
	fi

	if [ -z "$ec2_cert" ]; then
	ec2_cert=`ls $EC2_HOME/cert-*.pem`;
	fi

	options="--region $ec2_region --private-key $ec2_key --cert $ec2_cert"
	action=`echo $action \| tr 'A-Z' 'a-z'`

	instance=""
	if [ ! -z "$port" ]; then
	instance=`instance_for_port $port $options`
	fi

	case $action in
	reboot\|reset)
	if [ $unknown_are_stopped = 1 -a $instance_not_found ]; then
	: nothing we _can_ do
	echo "Assuming unknown instance $instance is already off, cannot restart"
	else
	ec2-reboot-instances $options $instance
	fi
	;;
	poweron\|on)
	ec2-start-instances $options $instance
	;;
	poweroff\|off)
	if [ $unknown_are_stopped = 1 -a $instance_not_found ]; then
	: nothing to do
	echo "Assuming unknown instance $instance is already off"
	else
	ec2-stop-instances $options $instance
	fi
	;;
	monitor)
	# Is the device ok?
	ec2-describe-instances \| grep INSTANCE &> /dev/null
	;;
	hostlist\|list)
	# List of names we know about
	ec2-describe-instances $options \| awk -v tag_pat="^TAG\tinstance\t.*\t$ec2_tag" -F '\t' '{
	if (/^INSTANCE.*pending/) { printf "%s\n", $2 }
	else if (/^INSTANCE.*stopped/) { printf "%s\n", $2 }
	else if (/^INSTANCE/) { printf "%s\n%s\n%s\n", $2, $4, $5 }
	else if ( $1"\t"$2"\t"$3"\t"$4 ~ tag_pat ) { printf "%s\n", $5 }
	}' \| sort -u
	;;
	stat\|status)
	# List of instances and their current status
	if [ $unknown_are_stopped = 1 -a $instance_not_found ]; then
	echo "$instance stopped (unknown)"
	else
	ec2-describe-instances $options $instance \| awk '{
	if (/^INSTANCE.*pending/) { printf "%s %s\n", $2, $4 }
	else if (/^INSTANCE.*stopped/) { printf "%s %s\n", $2, $4 }
	else if (/^INSTANCE/) { printf "%s %s %s %s\n", $2, $6, $4, $5 }
	}'
	fi
	;;
	metadata)
	metadata
	;;
	*) echo "Unknown action: $action"; exit 1;;
	esac

	status=$?

	if [ $quiet -eq 1 ]; then
	: nothing
	elif [ $status -eq 0 ]; then
	echo "Operation $action passed"
	else
	echo "Operation $action failed: $status"
	fi
	exit $status