Allow IPs to be members of groups
This allows fencing requests with the appropriate key file to control VMs assigned to the same group. Signed-off-by: Lon Hohberger <lon@users.sourceforge.net>
This commit is contained in:
parent
2edeb6dfe8
commit
f38f9327d8
@ -63,7 +63,7 @@ _sc_dump_d(struct node *node, int depth, FILE *fp)
|
||||
|
||||
|
||||
static void
|
||||
_sc_dump(config_info_t *config, FILE *fp)
|
||||
_sc_dump(void *config, FILE *fp)
|
||||
{
|
||||
struct node *n, *node;
|
||||
struct value *v, *values;
|
||||
@ -129,7 +129,7 @@ _sc_free_node(struct node *node)
|
||||
|
||||
|
||||
static int
|
||||
_sc_free(config_info_t *config)
|
||||
_sc_free(void *config)
|
||||
{
|
||||
struct node *n, *nlist;
|
||||
struct value *v, *vlist;
|
||||
@ -163,7 +163,7 @@ _sc_free(config_info_t *config)
|
||||
|
||||
|
||||
static int
|
||||
_sc_get(config_info_t *config, const char *key, char *value, size_t valuesz)
|
||||
_sc_get(void *config, const char *key, char *value, size_t valuesz)
|
||||
{
|
||||
char buf[1024];
|
||||
struct node *n, *node = ((struct parser_context *)config)->node_list;
|
||||
@ -335,7 +335,7 @@ top:
|
||||
|
||||
|
||||
static int
|
||||
_sc_set(config_info_t *config, const char *key, const char *value)
|
||||
_sc_set(void *config, const char *key, const char *value)
|
||||
{
|
||||
char buf[1024];
|
||||
struct node *n, **nodes = &((struct parser_context *)config)->node_list;
|
||||
@ -412,7 +412,7 @@ _sc_set(config_info_t *config, const char *key, const char *value)
|
||||
|
||||
|
||||
static int
|
||||
_sc_parse(const char *filename, config_info_t **config)
|
||||
_sc_parse(const char *filename, void **config)
|
||||
{
|
||||
struct parser_context *c;
|
||||
FILE *fp = NULL;
|
||||
@ -441,7 +441,7 @@ _sc_parse(const char *filename, config_info_t **config)
|
||||
c->next = NULL;
|
||||
val_list = NULL;
|
||||
node_list = NULL;
|
||||
*config = (config_info_t *)c;
|
||||
*config = (void *)c;
|
||||
|
||||
if (fp)
|
||||
fclose(fp);
|
||||
|
@ -62,9 +62,9 @@ section about listeners below.
|
||||
|
||||
.SS groups
|
||||
|
||||
This section contains static maps of which virtual machines may fence
|
||||
which other virtual machines; see the
|
||||
section about groups below.
|
||||
This section contains static maps of which virtual machines
|
||||
may fence which other virtual machines; see the section
|
||||
about groups below.
|
||||
|
||||
|
||||
.SH LISTENERS
|
||||
@ -231,18 +231,23 @@ groups are arbitrary and are checked at fence time. Any member of
|
||||
a group may fence any other member. Hosts may be assigned to multiple
|
||||
groups if desired.
|
||||
|
||||
Note that this mode is only useful when using the serial listener, as
|
||||
as other listener plugins (e.g. multicast) have no reliable way to
|
||||
determine the originating VM of a fencing request.
|
||||
|
||||
.SS group
|
||||
|
||||
This defines a group.
|
||||
|
||||
.TP
|
||||
.B member
|
||||
.B uuid
|
||||
.
|
||||
defines a member of a group.
|
||||
defines UUID as a member of a group.
|
||||
|
||||
.TP
|
||||
.B ip
|
||||
.
|
||||
defines an IP which is allowed to send fencing requests
|
||||
for members of this group (e.g. for multicast). It is
|
||||
highly recommended that this be used in conjunction with
|
||||
a key file.
|
||||
|
||||
|
||||
|
||||
.SH EXAMPLE
|
||||
@ -268,8 +273,9 @@ defines a member of a group.
|
||||
|
||||
groups {
|
||||
group {
|
||||
member = "44179d3f-6c63-474f-a212-20c8b4b25b16";
|
||||
member = "1ce02c4b-dfa1-42cb-b5b1-f0b1091ece60";
|
||||
ip = "192.168.1.1";
|
||||
uuid = "44179d3f-6c63-474f-a212-20c8b4b25b16";
|
||||
uuid = "1ce02c4b-dfa1-42cb-b5b1-f0b1091ece60";
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -26,17 +26,16 @@ CMAN_LIBS=-lcman
|
||||
VIRT_LIBS=-lvirt
|
||||
VIRT_QPID=-lqmfconsole
|
||||
NSS_LIBS=-lnss3
|
||||
UUID_LIBS=-luuid
|
||||
INCLUDES=-I../include `nss-config --cflags` `nspr-config --cflags` `xml2-config --cflags`
|
||||
|
||||
LIBS+=-L../common -lfence_virt -Wl,-wrap,syslog,-wrap,closelog -lpthread
|
||||
LIBS+=-L../common -lfence_virt -Wl,-wrap,syslog,-wrap,closelog -lpthread -luuid
|
||||
|
||||
MODULE_PATH=${libdir}/${PACKAGE_NAME}
|
||||
|
||||
#
|
||||
# Module sources
|
||||
#
|
||||
fence_virtd_SOURCES = main.c plugin.c config.c static_map.c
|
||||
fence_virtd_SOURCES = main.c plugin.c config.c static_map.c uuid-test.c
|
||||
libvirt_so_SOURCES = libvirt.c virt.c uuid-test.c
|
||||
null_so_SOURCES = null.c
|
||||
libvirt_qpid_so_SOURCES = uuid-test.c
|
||||
|
@ -10,6 +10,7 @@
|
||||
#include <debug.h>
|
||||
|
||||
#include "serial.h"
|
||||
#include "uuid-test.h"
|
||||
|
||||
struct perm_entry {
|
||||
list_head();
|
||||
@ -18,7 +19,8 @@ struct perm_entry {
|
||||
|
||||
struct perm_group {
|
||||
list_head();
|
||||
struct perm_entry *entries;
|
||||
struct perm_entry *uuids;
|
||||
struct perm_entry *ips;
|
||||
char name[128];
|
||||
};
|
||||
|
||||
@ -33,9 +35,14 @@ static_map_cleanup(void **info)
|
||||
while (groups) {
|
||||
group = groups;
|
||||
list_remove(&groups, group);
|
||||
while (group->entries) {
|
||||
entry = group->entries;
|
||||
list_remove(&group->entries, entry);
|
||||
while (group->uuids) {
|
||||
entry = group->uuids;
|
||||
list_remove(&group->uuids, entry);
|
||||
free(entry);
|
||||
}
|
||||
while (group->ips) {
|
||||
entry = group->ips;
|
||||
list_remove(&group->ips, entry);
|
||||
free(entry);
|
||||
}
|
||||
free(group);
|
||||
@ -51,25 +58,36 @@ static_map_check(void *info, const char *value1, const char *value2)
|
||||
struct perm_group *groups = (struct perm_group *)info;
|
||||
struct perm_group *group;
|
||||
struct perm_entry *left, *tmp;
|
||||
int x, y;
|
||||
int x, y, uuid = 0;
|
||||
|
||||
if (!info)
|
||||
return 1; /* no maps == wide open */
|
||||
|
||||
uuid = is_uuid(value1);
|
||||
|
||||
list_for(&groups, group, x) {
|
||||
left = NULL;
|
||||
|
||||
list_for(&group->entries, tmp, y) {
|
||||
if (!strcasecmp(tmp->name, value1)) {
|
||||
left = tmp;
|
||||
break;
|
||||
if (uuid) {
|
||||
list_for(&group->uuids, tmp, y) {
|
||||
if (!strcasecmp(tmp->name, value1)) {
|
||||
left = tmp;
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
list_for(&group->ips, tmp, y) {
|
||||
if (!strcasecmp(tmp->name, value1)) {
|
||||
left = tmp;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!left)
|
||||
continue;
|
||||
|
||||
list_for(&group->entries, tmp, y) {
|
||||
list_for(&group->uuids, tmp, y) {
|
||||
if (!strcasecmp(tmp->name, value2)) {
|
||||
return 1;
|
||||
}
|
||||
@ -100,12 +118,16 @@ static_map_load(void *config_ptr, void **perm_info)
|
||||
snprintf(buf, sizeof(buf)-1, "groups/group[%d]", ++group_idx);
|
||||
|
||||
if (sc_get(config, buf, value, sizeof(value)) != 0) {
|
||||
snprintf(buf2, sizeof(buf2)-1, "%s/@member", buf);
|
||||
snprintf(buf2, sizeof(buf2)-1, "%s/@uuid", buf);
|
||||
if (sc_get(config, buf2, value, sizeof(value)) != 0) {
|
||||
break;
|
||||
} else {
|
||||
snprintf(value, sizeof(value), "unnamed-%d", group_idx);
|
||||
snprintf(buf2, sizeof(buf2)-1, "%s/@ip", buf);
|
||||
if (sc_get(config, buf2, value,
|
||||
sizeof(value)) != 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
snprintf(value, sizeof(value), "unnamed-%d",
|
||||
group_idx);
|
||||
}
|
||||
|
||||
group = malloc(sizeof(*group));
|
||||
@ -114,10 +136,11 @@ static_map_load(void *config_ptr, void **perm_info)
|
||||
strncpy(group->name, value, sizeof(group->name));
|
||||
dbg_printf(3, "Group: %s\n", value);
|
||||
|
||||
entry_idx = 0;
|
||||
found = 0;
|
||||
entry_idx = 0;
|
||||
do {
|
||||
snprintf(buf2, sizeof(buf2)-1, "%s/@member[%d]", buf, ++entry_idx);
|
||||
snprintf(buf2, sizeof(buf2)-1, "%s/@uuid[%d]",
|
||||
buf, ++entry_idx);
|
||||
|
||||
if (sc_get(config, buf2, value, sizeof(value)) != 0) {
|
||||
break;
|
||||
@ -128,12 +151,33 @@ static_map_load(void *config_ptr, void **perm_info)
|
||||
assert(entry);
|
||||
memset(entry, 0, sizeof(*entry));
|
||||
strncpy(entry->name, value, sizeof(entry->name));
|
||||
dbg_printf(3, " - Entry: %s\n", value);
|
||||
dbg_printf(3, " - UUID Entry: %s\n", value);
|
||||
|
||||
list_insert(&group->entries, entry);
|
||||
list_insert(&group->uuids, entry);
|
||||
|
||||
} while (1);
|
||||
|
||||
entry_idx = 0;
|
||||
do {
|
||||
snprintf(buf2, sizeof(buf2)-1, "%s/@ip[%d]",
|
||||
buf, ++entry_idx);
|
||||
|
||||
if (sc_get(config, buf2, value, sizeof(value)) != 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
++found;
|
||||
entry = malloc(sizeof(*entry));
|
||||
assert(entry);
|
||||
memset(entry, 0, sizeof(*entry));
|
||||
strncpy(entry->name, value, sizeof(entry->name));
|
||||
dbg_printf(3, " - IP Entry: %s\n", value);
|
||||
|
||||
list_insert(&group->ips, entry);
|
||||
|
||||
} while (1);
|
||||
|
||||
|
||||
if (!found)
|
||||
free(group);
|
||||
else
|
||||
|
Loading…
Reference in New Issue
Block a user