#!/bin/bash
#
#
# OpenStack Network Service (nova-network) (replaced by Neutron in Havana)
#
# Description:  Manages an OpenStack Network Service (nova-network) process as an HA resource
#
# Authors: Sebastien Han & Emilien Macchi
# Mainly inspired by the Nova Scheduler resource agent written by Sebastien Han : http://goo.gl/s8hOU
# Which are also inspired by the resource agents written by Martin Gerhard Loschwitz from Hastexo: http://goo.gl/whLpr
#
# Support:      openstack@lists.launchpad.net
# License:      Apache Software License (ASL) 2.0
#
#
# See usage() function below for more details ...
#
# OCF instance parameters:
#   OCF_RESKEY_binary
#   OCF_RESKEY_config
#   OCF_RESKEY_user
#   OCF_RESKEY_password
#   OCF_RESKEY_tenant
#   OCF_RESKEY_region
#   OCF_RESKEY_auth_url
#   OCF_RESKEY_pid
#   OCF_RESKEY_amqp_server_port
#   OCF_RESKEY_zeromq
#   OCF_RESKEY_additional_parameters
#######################################################################
# Initialization:

: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat}
. ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs
: ${OCF_FUEL_FUNCTIONS_DIR=${OCF_ROOT}/resource.d/fuel}
. ${OCF_FUEL_FUNCTIONS_DIR}/ocf-fuel-funcs

#######################################################################

# Fill in some defaults if no values are specified
PATH=/bin:/sbin:/usr/bin:/usr/sbin

OCF_RESKEY_binary_default="nova-network"
OCF_RESKEY_config_default="/etc/nova/nova.conf"
OCF_RESKEY_user_default="nova"
OCF_RESKEY_password_default="nova_password"
OCF_RESKEY_tenant_default="services"
OCF_RESKEY_auth_url_default="http://127.0.0.1:5000/v2.0/"
OCF_RESKEY_region_default="RegionOne"
OCF_RESKEY_pid_default="${HA_RSCTMP}/${__SCRIPT_NAME}/${__SCRIPT_NAME}.pid"
OCF_RESKEY_amqp_server_port_default="5672"
OCF_RESKEY_zeromq_default="false"

: ${HA_LOGTAG="ocf-nova-network"}
: ${HA_LOGFACILITY="daemon"}
: ${OCF_RESKEY_binary=${OCF_RESKEY_binary_default}}
: ${OCF_RESKEY_config=${OCF_RESKEY_config_default}}
: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}}
: ${OCF_RESKEY_password=${OCF_RESKEY_password_default}}
: ${OCF_RESKEY_tenant=${OCF_RESKEY_tenant_default}}
: ${OCF_RESKEY_auth_url=${OCF_RESKEY_auth_url_default}}
: ${OCF_RESKEY_region=${OCF_RESKEY_region_default}}
: ${OCF_RESKEY_pid=${OCF_RESKEY_pid_default}}
: ${OCF_RESKEY_amqp_server_port=${OCF_RESKEY_amqp_server_port_default}}
: ${OCF_RESKEY_zeromq=${OCF_RESKEY_zeromq_default}}

#######################################################################

usage() {
    cat <<UEND
        usage: $0 (start|stop|validate-all|meta-data|status|monitor)

        $0 manages an OpenStack Network Service (nova-network) process as an HA resource

        The 'start' operation starts the nova-network service.
        The 'stop' operation stops the nova-network service.
        The 'validate-all' operation reports whether the parameters are valid
        The 'meta-data' operation reports this RA's meta-data information
        The 'status' operation reports whether the nova-network service is running
        The 'monitor' operation reports whether the nova-network service seems to be working

UEND
}

meta_data() {
    cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="nova-network">
<version>1.0</version>

<longdesc lang="en">
Resource agent for the OpenStack Nova Network Service (nova-network)
May manage a nova-network instance or a clone set that
creates a distributed nova-network cluster.
</longdesc>
<shortdesc lang="en">Manages the OpenStack Network Service (nova-network)</shortdesc>
<parameters>

<parameter name="binary" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack Nova Network server binary (nova-network)
</longdesc>
<shortdesc lang="en">OpenStack Nova Network server binary (nova-network)</shortdesc>
<content type="string" default="${OCF_RESKEY_binary_default}" />
</parameter>

<parameter name="config" unique="0" required="0">
<longdesc lang="en">
Location of the OpenStack Network Service (nova-network) configuration file
</longdesc>
<shortdesc lang="en">OpenStack Nova Network (nova-network) config file</shortdesc>
<content type="string" default="${OCF_RESKEY_config_default}" />
</parameter>

<parameter name="user" unique="0" required="0">
<longdesc lang="en">
User running OpenStack Network Service (nova-network)
</longdesc>
<shortdesc lang="en">OpenStack Network Service (nova-network) user</shortdesc>
<content type="string" default="${OCF_RESKEY_user_default}" />
</parameter>

<parameter name="password" unique="0" required="0">
<longdesc lang="en">
Password for nova-network
</longdesc>
<shortdesc lang="en">nova-network password</shortdesc>
<content type="string" default="${OCF_RESKEY_password_default}" />
</parameter>

<parameter name="auth_url" unique="0" required="0">
<longdesc lang="en">
OpenStack Identity Service (Keystone) URL
</longdesc>
<shortdesc lang="en">Keystone URL for nova-network</shortdesc>
<content type="string" default="${OCF_RESKEY_auth_url_default}" />
</parameter>

<parameter name="region" unique="0" required="0">
<longdesc lang="en">
OpenStack Identity Service (Keystone) Region
</longdesc>
<shortdesc lang="en">Keystone Region for nova-network</shortdesc>
<content type="string" default="${OCF_RESKEY_region_default}" />
</parameter>

<parameter name="pid" unique="0" required="0">
<longdesc lang="en">
The pid file to use for this OpenStack Network Service (nova-network) instance
</longdesc>
<shortdesc lang="en">OpenStack Network Service (nova-network) pid file</shortdesc>
<content type="string" default="${OCF_RESKEY_pid_default}" />
</parameter>

<parameter name="amqp_server_port" unique="0" required="0">
<longdesc lang="en">
The listening port number of the AMQP server. Mandatory to perform a monitor check
</longdesc>
<shortdesc lang="en">AMQP listening port</shortdesc>
<content type="integer" default="${OCF_RESKEY_amqp_server_port_default}" />
</parameter>

<parameter name="zeromq" unique="0" required="0">
<longdesc lang="en">
If zeromq is used, this will disable the connection test to the AMQP server
</longdesc>
<shortdesc lang="en">Zero-MQ usage</shortdesc>
<content type="boolean" default="${OCF_RESKEY_zeromq_default}" />
</parameter>

<parameter name="additional_parameters" unique="0" required="0">
<longdesc lang="en">
Additional parameters to pass on to the OpenStack Network Service (nova-network)
</longdesc>
<shortdesc lang="en">Additional parameters for nova-network</shortdesc>
<content type="string" />
</parameter>

</parameters>

<actions>
<action name="start" timeout="20" />
<action name="stop" timeout="20" />
<action name="status" timeout="20" />
<action name="monitor" timeout="30" interval="20" />
<action name="validate-all" timeout="5" />
<action name="meta-data" timeout="5" />
</actions>
</resource-agent>
END
}

#######################################################################
# Functions invoked by resource manager actions

nova_network_validate() {
    local rc

    check_binary $OCF_RESKEY_binary
    check_binary netstat
    check_binary ip
    check_binary iptables
    check_binary ip6tables

    if ! validate_port $OCF_RESKEY_amqp_server_port; then
      return ${OCF_ERR_CONFIGURED}
    fi

    # A config file on shared storage that is not available
    # during probes is OK.
    if [ ! -f $OCF_RESKEY_config ]; then
        if ! ocf_is_probe; then
            ocf_log err "Config $OCF_RESKEY_config doesn't exist"
            return $OCF_ERR_INSTALLED
        fi
        ocf_log warn "Config $OCF_RESKEY_config not available during a probe"
    fi

    getent passwd $OCF_RESKEY_user >/dev/null 2>&1
    rc=$?
    if [ $rc -ne 0 ]; then
        ocf_log err "User $OCF_RESKEY_user doesn't exist"
        return $OCF_ERR_INSTALLED
    fi

    return ${OCF_SUCCESS}
}

nova_network_cleanup() {
    network_manager_nlines=$(egrep -c -e '^network_manager' $OCF_RESKEY_config)

    if [ $network_manager_nlines -eq 0 ]; then
        ocf_log err "You must specify 'network_manager' in $OCF_RESKEY_config"
        return OCF_ERR_CONFIGURED
    fi

    shutdown_timeout=15
    if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then
        shutdown_timeout=$((($OCF_RESKEY_CRM_meta_timeout/1000)-6))
    fi

    count=0
    alive=$(ls /var/lib/nova/networks/*.pid | wc -l)
    dnsmasq_pids=$(cat /var/lib/nova/networks/*.pid)
    while [ $alive -gt 0 ] && [ $count -lt $shutdown_timeout ]; do
        ocf_run kill -s TERM $dnsmasq_pids

        iteration_time=3
        sleep $iteration_time

        alive=0
        np=""

        # Find out if there are dnsmasq processes that are
        # still alive after receiveing TERM signal
        for pid in $dnsmasq_pids ; do
            # Check if process with $pid is running
            ocf_run ps -p $pid > /dev/null
            if [ $? -eq 0 ]; then
                np="$np $pid"
                ((alive++))
            fi
        done

        if [ $alive -gt 0 ] ; then
            dnsmasq_pids=$np
            ocf_log debug "dnsmasq processes started by nova-network still hasn't stopped yet. Waiting ..."
        fi

        ((count+=$iteration_time))
    done

    if [ $alive -gt 0 ] ; then
        alive=0

        ocf_run kill -s KILL $dnsmasq_pids
        sleep 1

        for pid in $dnsmasq_pids ; do
            ocf_run ps -p $pid > /dev/null
            if [ $? -eq 0 ]; then
                ((alive++))
            fi
        done
        if [ $alive -gt 0 ] ; then
            ocf_log err "Termination of dnsmasq processes stop failed"
            return $OCF_ERR_GENERIC
        fi
    fi
    ocf_log info "dnsmasq processes started by nova-network stopped"

    use_ipv6=$(egrep -e '^use_ipv6' $OCF_RESKEY_config | sed -e "s/$regexp/\1/")

    # Consider IPv4 if 'use_ipv6' was not explicitly defined
    if [ -z $use_ipv6 ];then
            use_ipv6=false
    fi

    # Flush firewall rules that nova-network creates
    prefix="nova-network"
    case $use_ipv6 in
            # IPv4
            false)
                filter_chains="$prefix-FORWARD $prefix-INPUT $prefix-OUTPUT $prefix-local"
                for filter_chain in $filter_chains
                do
                    ocf_run iptables -t filter -F $filter_chain
                done

                nat_chains="$prefix-OUTPUT $prefix-POSTROUTING $prefix-PREROUTING \
                    $prefix-float-snat $prefix-snat"
                for nat_chain in $nat_chains
                do
                    ocf_run iptables -t nat -F $nat_chain
                done

                ocf_run iptables -t mangle -F $prefix-POSTROUTING
            ;;

            # IPv6
            true)
                filter_chains="$prefix-FORWARD $prefix-INPUT $prefix-OUTPUT $prefix-local"

                for chain in $filter_chains
                do
                    ocf_run ip6tables -t filter -F $chain
                done
            ;;
    esac
    ocf_log debug "firewall rules created by nova-network removed"


    # Regular expression to extract value from .ini style config file line
    regexp='.*=\s*\(\w\+\)'

    # Grab last network manager value (FlatDHCP or VLAN) from config file
    network_manager=$(egrep -e '^network_manager' $OCF_RESKEY_config | sed -e "s/$regexp/\1/" | tail -n 1)
    case $network_manager in
        nova.network.manager.FlatDHCPManager)

            flat_network_bridge_nlines=`egrep --count -e '^flat_network_bridge' $OCF_RESKEY_config`
            if [ $flat_network_bridge_nlines -ne 1 ]; then
                ocf_log err "Specifying more than one 'flat_network_bridge' in $OCF_RESKEY_config is not supported"
                return OCF_ERR_CONFIGURED
            fi

            # Flush IP address assigned to 'flat_network_bridge' (usually called 'br100')
            flat_network_bridge=$(egrep -e '^flat_network_bridge' $OCF_RESKEY_config | sed -e "s/$regexp/\1/")
            ocf_run ip addr flush dev $flat_network_bridge
        ;;
        nova.network.manager.VlanManager)
            # Collect all bridge interfaces that were created by
            # nova-network and remove IP addresses assigned to them
            nova_bridges=$(OS_TENANT_NAME=$OCF_RESKEY_tenant \
                           OS_USERNAME=$OCF_RESKEY_user        \
                           OS_PASSWORD=$OCF_RESKEY_password    \
                           OS_AUTH_URL=$OCF_RESKEY_auth_url    \
                           OS_ENDPOINT_TYPE=internalURL        \
                           OS_REGION_NAME=$OCF_RESKEY_region   \
                           nova network-list --fields bridge | egrep -o -e 'br[0-9]{1,4}')
            for bridge in $nova_bridges
            do
                    ocf_run ip addr flush dev $bridge
            done
        ;;
        *)
            ocf_log err "Unsupported network manager $NETWORK_MANAGER"
            return OCF_ERR_GENERIC
        ;;
    esac
}

nova_network_status() {
    local pid
    local rc

    # check and make PID file dir
    local PID_DIR="$( dirname $OCF_RESKEY_pid )"
    if [ ! -d "${PID_DIR}" ] ; then
        ocf_log debug "Create pid file dir: ${PID_DIR} and chown to ${OCF_RESKEY_user}"
        mkdir -p "${PID_DIR}"
        chown -R ${OCF_RESKEY_user} "${PID_DIR}"
        chmod 755 "${PID_DIR}"
    fi

    if [ ! -f $OCF_RESKEY_pid ]; then
        ocf_log info "OpenStack Nova Network (nova-network) is not running"
        return $OCF_NOT_RUNNING
    else
        pid=`cat $OCF_RESKEY_pid`
    fi

    if [ -n "${pid}" ]; then
      ocf_run -warn kill -s 0 $pid
      rc=$?
    else
      ocf_log err "PID file ${OCF_RESKEY_pid} is empty!"
      return $OCF_ERR_GENERIC
    fi

    if [ $rc -eq 0 ]; then
        return $OCF_SUCCESS
    else
        ocf_log info "Old PID file found, but OpenStack Nova Network (nova-network) is not running"
        return $OCF_NOT_RUNNING
    fi
}

nova_network_monitor() {
    local rc
    local pid
    local rc_amqp
    local network_amqp_check

    nova_network_status
    rc=$?

    # If status returned anything but success, return that immediately
    if [ $rc -ne $OCF_SUCCESS ]; then
        return $rc
    fi

    ocf_log debug "OpenStack Nova Network (nova-network) monitor succeeded"
    return $OCF_SUCCESS
}

nova_network_start() {
    local rc

    nova_network_status
    rc=$?
    if [ $rc -eq $OCF_SUCCESS ]; then
        ocf_log info "OpenStack Nova Network (nova-network) already running"
        return $OCF_SUCCESS
    fi

    nova_network_cleanup
    sleep 2

    # run the actual nova-network daemon. Don't use ocf_run as we're sending the tool's output
    # straight to /dev/null anyway and using ocf_run would break stdout-redirection here.
    su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} --config-file=$OCF_RESKEY_config \
       $OCF_RESKEY_additional_parameters"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid

    ocf_log debug "Create pid file: ${OCF_RESKEY_pid} with content $(cat ${OCF_RESKEY_pid})"
    # Note: we do NOT need to start dnsmasq here, because nova-network starts it.

    # Spin waiting for the server to come up.
    # Let the CRM/LRM time us out if required
    while true; do
        nova_network_monitor
        rc=$?
        [ $rc -eq $OCF_SUCCESS ] && break
        if [ $rc -ne $OCF_NOT_RUNNING ]; then
                ocf_log err "OpenStack Nova Network (nova-network) start failed"
                exit $OCF_ERR_GENERIC
        fi
        sleep 3
    done

    ocf_log info "OpenStack Nova Network (nova-network) started"
    return $OCF_SUCCESS
}

nova_network_stop() {
    local rc
    local shutdown_timeout=15
    if [ -n "$OCF_RESKEY_CRM_meta_timeout" ]; then
        shutdown_timeout=$(( ($OCF_RESKEY_CRM_meta_timeout/1000) ))
    fi

    nova_network_status
    rc="${?}"
    if [ "${rc}" -eq "${OCF_NOT_RUNNING}" ]; then
        nova_network_cleanup
        sleep 2
        ocf_log info "OpenStack Nova Network (${OCF_RESKEY_binary}) already stopped"
        return "${OCF_SUCCESS}"
    fi

    proc_stop "${OCF_RESKEY_pid}" "${OCF_RESKEY_binary}" $shutdown_timeout
    rc="${?}"
    if [ "${rc}" -ne "${OCF_SUCCESS}" ]; then
        ocf_log err "OpenStack Nova Network (${OCF_RESKEY_binary}) couldn't be stopped"
        return "${rc}"
    fi

    nova_network_cleanup
    sleep 2

    return "${OCF_SUCCESS}"
}

#######################################################################

case "$1" in
  meta-data)    meta_data
                exit $OCF_SUCCESS;;
  usage|help)   usage
                exit $OCF_SUCCESS;;
esac

# Anything except meta-data and help must pass validation
nova_network_validate || exit $?

# What kind of method was invoked?
case "$1" in
  start)        nova_network_start;;
  stop)         nova_network_stop;;
  status)       nova_network_status;;
  monitor)      nova_network_monitor;;
  validate-all) ;;
  *)            usage
                exit $OCF_ERR_UNIMPLEMENTED;;
esac
