From eff8f93c54b6bdd355da9eb6663f6499fe16dc7f Mon Sep 17 00:00:00 2001 From: Lon Hohberger <lon@users.sourceforge.net> Date: Sat, 9 Jan 2010 11:51:25 -0500 Subject: [PATCH] Add static map functions. NOTE: This will not have any effect until the vmchannel bits are completed and integrated. Signed-off-by: Lon Hohberger <lon@users.sourceforge.net> --- man/fence_virtd.conf.5 | 46 ++++++++++++++ server/Makefile.in | 2 +- server/static_map.c | 138 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 185 insertions(+), 1 deletion(-) create mode 100644 server/static_map.c diff --git a/man/fence_virtd.conf.5 b/man/fence_virtd.conf.5 index a701d4d..0f467c6 100644 --- a/man/fence_virtd.conf.5 +++ b/man/fence_virtd.conf.5 @@ -35,6 +35,14 @@ the listener plugin for receiving fencing requests from clients . the plugin to be used to carry out fencing requests +.TP +.B perm +. +the permission mode to use. The default is "none", in which case, the +hypervisor or mananagement framework is expected to know which VMs may +fence which other VMs. Fence_virtd also supports static maps. + + .SS listeners This section contains listener-specific configuration information; see the @@ -45,12 +53,23 @@ section about listeners below. This section contains listener-specific configuration information; see the section about listeners below. +.SS groups + +This section contains static maps of which virtual machines may fence +which other virtual machines; see the +section about groups below. + + .SH LISTENERS There are various listeners available for fence_virtd, each one handles decoding and authentication of a given fencing request. The following configuration blocks belong in the \fBlisteners\fP section of fence_virtd.conf +.SS vmchannel +To be done. This listener utilizes serial vmchannel tied to Unix domain +sockets on the host in order to receive and route fencing requests. + .SS multicast .TP .B key_file @@ -135,6 +154,26 @@ is still the default. However, it is strongly recommended to use 'uuid' instead of 'name' in all cluster environments involving more than one physical host in order to avoid the potential for name collisions. +.SH GROUPS + +Fence_virtd supports static maps which allow grouping of VMs. The +groups are arbitrary and are checked at fence time. Any member of +a group may fence any other member. Hosts may be assigned to multiple +groups if desired. + +Note that this mode is only useful when using the VMChannel listener, as +as other listener plugins (e.g. multicast) have no reliable way to determine +the originating VM of a fencing request. + +.SS group + +This defines a group. + +.TP +.B member +. +defines a member of a group. + .SH EXAMPLE @@ -156,6 +195,13 @@ physical host in order to avoid the potential for name collisions. uri = "qemu:///system"; } } + + groups { + group { + member = "44179d3f-6c63-474f-a212-20c8b4b25b16"; + member = "1ce02c4b-dfa1-42cb-b5b1-f0b1091ece60"; + } + } .SH SEE ALSO fence_virtd(8) diff --git a/server/Makefile.in b/server/Makefile.in index 577ea5d..2eed0b8 100644 --- a/server/Makefile.in +++ b/server/Makefile.in @@ -36,7 +36,7 @@ MODULE_PATH=${libdir}/${PACKAGE_NAME} # # Module sources # -fence_virtd_SOURCES = main.c plugin.c config.c +fence_virtd_SOURCES = main.c plugin.c config.c static_map.c libvirt_so_SOURCES = libvirt.c virt.c uuid-test.c null_so_SOURCES = null.c libvirt_qpid_so_SOURCES = uuid-test.c diff --git a/server/static_map.c b/server/static_map.c new file mode 100644 index 0000000..496db55 --- /dev/null +++ b/server/static_map.c @@ -0,0 +1,138 @@ +#include <stdio.h> +#include <simpleconfig.h> +#include <string.h> +#include <signal.h> +#include <stdlib.h> +#include <assert.h> +#include <stdio.h> +#include <list.h> +#include <debug.h> + +struct perm_entry { + list_head(); + char name[128]; +}; + +struct perm_group { + list_head(); + struct perm_entry *entries; + char name[128]; +}; + + +void +static_map_cleanup(void *info) +{ + struct perm_group *groups = (struct perm_group *)info; + struct perm_group *group; + struct perm_entry *entry; + + while (groups) { + group = groups; + list_remove(&groups, group); + while (group->entries) { + entry = group->entries; + list_remove(&group->entries, entry); + free(entry); + } + free(group); + } +} + + +int +static_map_check(void *info, const char *value1, const char *value2) +{ + struct perm_group *groups = (struct perm_group *)info; + struct perm_group *group; + struct perm_entry *left, *tmp; + int x, y; + + list_for(&groups, group, x) { + left = NULL; + + list_for(&group->entries, tmp, y) { + if (!strcasecmp(tmp->name, value1)) { + left = tmp; + break; + } + } + + if (!left) + continue; + + list_for(&group->entries, tmp, y) { + if (!strcasecmp(tmp->name, value2)) { + return 1; + } + } + } + + return 0; +} + + +int +static_map_init(config_object_t *config, void **perm_info) +{ + int group_idx = 0; + int entry_idx = 0; + int found; + char value[128]; + char buf[256]; + char buf2[512]; + struct perm_group *group = NULL, *groups = NULL; + struct perm_entry *entry = NULL; + + if (!perm_info) + return -1; + + do { + snprintf(buf, sizeof(buf)-1, "groups/group[%d]", ++group_idx); + + if (sc_get(config, buf, value, sizeof(value)) != 0) { + snprintf(buf2, sizeof(buf2)-1, "%s/@member", buf); + if (sc_get(config, buf2, value, sizeof(value)) != 0) { + break; + } else { + snprintf(value, sizeof(value), "unnamed-%d", group_idx); + } + } + + group = malloc(sizeof(*group)); + assert(group); + memset(group, 0, sizeof(*group)); + strncpy(group->name, value, sizeof(group->name)); + dbg_printf(3, "Group: %s\n", value); + + entry_idx = 0; + found = 0; + do { + snprintf(buf2, sizeof(buf2)-1, "%s/@member[%d]", buf, ++entry_idx); + + if (sc_get(config, buf2, value, sizeof(value)) != 0) { + break; + } + + ++found; + entry = malloc(sizeof(*entry)); + assert(entry); + memset(entry, 0, sizeof(*entry)); + strncpy(entry->name, value, sizeof(entry->name)); + dbg_printf(3, " - Entry: %s\n", value); + + list_insert(&group->entries, entry); + + } while (1); + + if (!found) + free(group); + else + list_insert(&groups, group); + + } while (1); + + *perm_info = groups; + + return 0; +}