STABLE2 - fence: Fence agent for VMware ESX

[Jan Friesse <honzaf at fedoraproject dot org>]

Gitweb:        http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=b510f49442c733617c88051057f538abff17b412
Commit:        b510f49442c733617c88051057f538abff17b412
Parent:        d23899a10e804a8a871a3f3510f4efb3ac9815a8
Author:        Jan Friesse <jfriesse@redhat.com>
AuthorDate:    Thu Sep 11 15:56:09 2008 +0200
Committer:     Jan Friesse <jfriesse@redhat.com>
CommitterDate: Thu Sep 11 16:10:48 2008 +0200

fence: Fence agent for VMware ESX

Another fence agent for VMware ESX which is written in Python using our fencing
library. Old agent (written in Perl) segfaulted in my test environment. This
agent is tested on VMware ESX 3.5 and Server 1.0.7.

bz 251048
---
 fence/agents/lib/fencing.py.py      |   34 +++++++++-
 fence/agents/vmware/fence_vmware.py |  111 +++++++++++++++++++++++++++++
 fence/man/fence_vmware.8            |  131 +++++++++++++++++++++++++++++++++++
 3 files changed, 274 insertions(+), 2 deletions(-)

diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py
index f3f9e6c..8eab0e5 100644
--- a/fence/agents/lib/fencing.py.py
+++ b/fence/agents/lib/fencing.py.py
@@ -108,7 +108,7 @@ all_opt = {
 		"order" : 1 },
 	"port" : {
 		"getopt" : "n:",
-		"help" : "-n <id>        Physical plug number on device",
+		"help" : "-n <id>        Physical plug number on device or name of virtual machine",
 		"order" : 1 },
 	"switch" : {
 		"getopt" : "s:",
@@ -126,7 +126,23 @@ all_opt = {
 		"getopt" : "T",
 		"help" : "",
 		"order" : 1,
-		"obsolete" : "use -o status instead" }
+		"obsolete" : "use -o status instead" },
+	"vmipaddr" : {
+		"getopt" : "A:",
+		"help" : "-A <ip>        IP address or hostname of managed VMware ESX (default localhost)",
+		"order" : 2 },
+	"vmlogin" : {
+		"getopt" : "L:",
+		"help" : "-L <name>      VMware ESX management login name",
+		"order" : 2 },
+	"vmpasswd" : {
+		"getopt" : "P:",
+		"help" : "-P <password>  VMware ESX management login password",
+		"order" : 2 },
+	"vmpasswd_script" : {
+		"getopt" : "B:",
+		"help" : "-B <script>    Script to run to retrieve VMware ESX management password",
+		"order" : 2 }
 }
 
 class fspawn(pexpect.spawn):
@@ -305,6 +321,20 @@ def check_input(device_opt, opt):
 	if options.has_key("-v") and options.has_key("debug_fh") == 0:
 		options["debug_fh"] = sys.stderr
 
+	## VMware
+	#######
+	if options.has_key("-B"):
+		options["-P"] = os.popen(options["-B"]).read().rstrip()
+
+	if (device_opt.count("vmlogin") and (not options.has_key("-L"))):
+		fail_usage("Failed: You have to set login name for VMware ESX management console")
+
+	if (options.has_key("-L") and (not (options.has_key("-P") or options.has_key("-C")))):
+		fail_usage("Failed: You have to enter password or password script for VMware ESX management console")
+
+	if (options.has_key("-L") and (not (options.has_key("-n")))):
+		fail_usage("Failed: You have to enter virtual machine name")
+		
 	return options
 	
 def wait_power_status(tn, options, get_power_fn):
diff --git a/fence/agents/vmware/fence_vmware.py b/fence/agents/vmware/fence_vmware.py
new file mode 100755
index 0000000..5e01ffb
--- /dev/null
+++ b/fence/agents/vmware/fence_vmware.py
@@ -0,0 +1,111 @@
+#!/usr/bin/python
+
+##
+## Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
+##
+## The Following Agent Has Been Tested On VMware ESX 3.5 and VMware Server 1.0.7
+## 
+#####
+
+import sys, re, pexpect
+sys.path.append("/usr/lib/fence")
+from fencing import *
+
+#BEGIN_VERSION_GENERATION
+FENCE_RELEASE_NAME=""
+REDHAT_COPYRIGHT=""
+BUILD_DATE=""
+#END_VERSION_GENERATION
+
+VMWARE_COMMAND="/usr/bin/vmware-cmd"
+COMMAND_PROMPT_REG="\[PEXPECT\]\$ "
+COMMAND_PROMPT_NEW="[PEXPECT]\$ "
+
+# Start comunicating after login. Prepare good environment.
+def start_communication(conn, options):
+	conn.sendline ("PS1='"+COMMAND_PROMPT_NEW+"'");
+	conn.log_expect(options,COMMAND_PROMPT_REG,SHELL_TIMEOUT)
+
+# Prepare command line for vmware-cmd with parameters.
+def prepare_cmdline(conn,options):
+	cmd_line=VMWARE_COMMAND+" -H "+options["-A"]+" -U "+options["-L"]+" -P "+options["-P"]+" '"+options["-n"]+"'"
+        if options.has_key("-A"):
+    		cmd_line+=" -v"
+    	return cmd_line
+    	
+def get_power_status(conn, options):
+	result = ""
+	try:
+		start_communication(conn,options)
+		
+		cmd_line=prepare_cmdline(conn,options)
+            	
+            	cmd_line+=" getstate"
+            	
+		conn.sendline(cmd_line)
+		    
+		conn.log_expect(options,COMMAND_PROMPT_REG,SHELL_TIMEOUT)
+		status_err = re.search("vmcontrol\ error\ ([-+]?\d+)\:(.*)",conn.before.lower())
+		if (status_err!=None):
+			fail_usage("VMware error "+status_err.group(1)+": "+status_err.group(2))
+			
+		status = re.search("getstate\(\)\ =\ on",conn.before.lower())
+		
+		result=(status==None and "off" or "on")
+		
+	except pexpect.EOF:
+		fail(EC_CONNECTION_LOST)
+	except pexpect.TIMEOUT:
+		fail(EC_TIMED_OUT)
+
+	return result
+
+def set_power_status(conn, options):
+	try:
+		start_communication(conn,options)
+
+		cmd_line=prepare_cmdline(conn,options)
+            	
+            	cmd_line+=" "+(options["-o"]=="on" and "start" or "stop hard")
+            	
+		conn.sendline(cmd_line)
+		    
+		conn.log_expect(options,COMMAND_PROMPT_REG,POWER_TIMEOUT)
+		
+	except pexpect.EOF:
+		fail(EC_CONNECTION_LOST)
+	except pexpect.TIMEOUT:
+		fail(EC_TIMED_OUT)
+		
+def main():
+	device_opt = [  "help", "version", "agent", "quiet", "verbose", "debug",
+			"action", "ipaddr", "login", "passwd", "passwd_script",
+			"secure",  "test" , "vmipaddr", "vmlogin", "vmpasswd", 
+			"port", "vmpasswd_script" ]
+
+	options = check_input(device_opt, process_input(device_opt))
+
+	## 
+	## Fence agent specific defaults
+	#####
+        if 0 == options.has_key("-c"):
+            options["-c"] = "\$ "
+
+        if 0 == options.has_key("-A"):
+            options["-A"] = "localhost"
+    
+    	options["-x"] = 1
+	##
+	## Operate the fencing device
+	####
+	conn = fence_login(options)
+	fence_action(conn, options, set_power_status, get_power_status)
+
+	##
+	## Logout from system
+	######
+	conn.sendline("logout")
+	conn.close()
+
+if __name__ == "__main__":
+	main()
diff --git a/fence/man/fence_vmware.8 b/fence/man/fence_vmware.8
new file mode 100644
index 0000000..de9b6ff
--- /dev/null
+++ b/fence/man/fence_vmware.8
@@ -0,0 +1,131 @@
+.\"  Copyright (C) 2008 Red Hat, Inc.  All rights reserved.
+.\"  
+.\"  This copyrighted material is made available to anyone wishing to use,
+.\"  modify, copy, or redistribute it subject to the terms and conditions
+.\"  of the GNU General Public License v.2.
+
+.TH fence_vmware 8
+
+.SH NAME
+fence_vmware - I/O Fencing agent for VMware virtual machines
+
+.SH SYNOPSIS
+.B 
+fence_vmware
+[\fIOPTION\fR]...
+
+.SH DESCRIPTION
+fence_vmware is an I/O Fencing agent which can be used with the VMware ESX or
+VMware Server to fence virtual machines. It logs via ssh to a VMware ESX (or Server) 
+physical machine and there run vmware-cmd, which does all work. 
+
+By default, VMware ESX has disabled root account so you must create annother user 
+account with limited permissions on VMWare ESX machine. 
+
+Better idea is install right version of vmware-cmd (with same API) to any other machine 
+in network and use it for fencing.
+
+fence_vmware accepts options on the command line as well as from stdin.  
+Fenced sends parameters through stdin when it execs the agent.  fence_vmware
+can be run by itself with command line options.  This is useful for testing 
+and for turning outlets on or off from scripts.
+
+.SH OPTIONS
+.TP
+\fB-a\fP \fIIPaddress\fR
+IP address or hostname of machine where is vmware-cmd.
+.TP
+\fB-A\fP \fIIPAdress\fR
+IP adress or hostname of machine where is runing vmware. Default is localhost.
+.TP
+\fB-h\fP 
+Print out a help message describing available options, then exit.
+.TP
+\fB-l\fP \fIlogin\fR
+Login name of machine with vmware-cmd.
+.TP
+\fB-L\fP \fIlogin\fR
+Login name to VMware administration interface.
+.TP
+\fB-o\fP \fIaction\fR
+The action required.  Reboot (default), Status, Off or On.
+.TP
+\fB-p\fP \fIpassword\fR
+Password for login or for passphrase for machine with vmware-cmd.
+.TP
+\fB-P\fP \fIpassword\fR
+Password for login to VMware administration interface.
+.TP
+\fB-B\fP \fIscript\fR
+Script to run to retrieve password for machine with vmware-cmd.
+.TP
+\fB-R\fP \fIscript\fR
+Script to run to retrieve password for VMware administration interface.
+.TP
+\fB-n\fP \fIname\fR
+Name of virtual machine to fence (ie. /vmfs/volumes/48bfcbd1-4624461c-8250-0015c5f3ef0f/Rhel/Rhel.vmx)
+.TP
+\fB-x\fP
+Use secure connection over ssh (this is default, and can't be disabled) 
+.TP
+\fB-T\fP
+Test only.  Answer NO to the confirmation prompt instead of YES.
+.TP
+\fB-v\fP
+Verbose. Record session to stdout, or debug file if specified (see -D).
+.TP
+\fB-D\fP
+Specifies file, where will be written debug messages from session.
+.TP
+\fB-V\fP
+Print out a version message, then exit.
+
+.SH STDIN PARAMETERS
+.TP
+\fIagent = < param >\fR
+This option is used by fence_node(8) and is ignored by fence_vmware.
+.TP
+\fIipaddr = < hostname | ip >\fR
+IP address or hostname of machine where is vmware-cmd.
+.TP
+\fIvmipaddr = < hostname | ip >\fR
+IP adress or hostname of machine where is runing vmware. Default is localhost.
+.TP
+\fIlogin = < param >\fR
+Login name of machine with vmware-cmd.
+.TP
+\fIvmlogin = < param >\fR
+Login name to VMware administration interface.
+.TP
+\fIoption = < param >\fR
+The action required.  Reboot (default), Off or On.
+.TP
+\fIpasswd = < param >\fR
+Password for login or for passphrase for machine with vmware-cmd.
+.TP
+\fIvmpasswd = < param >\fR
+Password for login to VMware administration interface.
+.TP
+\fIpasswd_script = < param >\fR
+Script to run to retrieve password for machine with vmware-cmd.
+.TP
+\fIvmpasswd_script = < param >\fR
+Script to run to retrieve password for VMware administration interface.
+.TP
+\fIport = < param >\fR
+Name of virtual machine to fence (ie. /vmfs/volumes/48bfcbd1-4624461c-8250-0015c5f3ef0f/Rhel/Rhel.vmx)
+.TP
+\fIsecure = < param >\fR
+Use secure connection over ssh (this is default, and can't be disabled) 
+.TP
+\fItest = < param >\fR
+Test only.  Answer NO to the confirmation prompt instead of YES.
+.TP
+\fIverbose = < param >\fR
+Verbose.  Record session to stdout, or debug file if specified (see debug).
+.TP
+\fIdebug = < param >\fR
+Specifies file, where will be written debug messages from session.
+
+.SH SEE ALSO
+fence(8), fence_node(8)