/usr/lib/drbd/rhcs_fence is in drbd-utils 8.9.2~rc1-2+deb8u1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 | #!/bin/bash
Author="Lars Ellenberg <lars.ellenberg@linbit.com>"
Date="2014-09-18"
Version="1.0"
License="GPL v2+"
#
# Inspired by the rhcs_fence perl version
# by Digimer (digimer@alteeve.ca)
# Alteeve's Niche! - https://alteeve.ca/w/
# As found at https://github.com/digimer/rhcs_fence/releases/tag/0.2.8
#
# This program ties Linbit's DRBD into Red Hat's RHCS's fence daemon via the
# 'fence_node' shell call.
# from environment
# if tools do not yet export the plural,
# use the (deprecated) singular.
: ${DRBD_PEERS:=$DRBD_PEER}
PROG=${0##*/}
: ${DEBUG:=1}
LOG_PRIO=daemon.warning
LOG_TAG="$PROG[$$] $DRBD_PEERS: $DRBD_RESOURCE(minor $DRBD_MINOR)"
##############################################################################
# helper functions
##############################################################################
die() { echo "$*"; exit 1; }
all_minors_up_to_date()
{
set -- $DRBD_MINOR
local n_minors=$#
[[ $n_minors != 0 ]] ||
die "Resource minor numbers unknown! Unable to proceed."
# build a "grep extended regex"
local _OLDIFS=$IFS
IFS="|"
local minor_regex="^ *($*): cs:"
IFS=$_OLDIFS
# grep -c -Ee '^ *(m|i|n|o|r|s): cs:.* ds:UpToDate' /proc/drbd
local proc_drbd=$(</proc/drbd)
local minors_of_resource=$(echo "$proc_drbd" | grep -E -e "$minor_regex")
local n_up_to_date=$(echo "$minors_of_resource" | grep -c -e "ds:UpToDate")
debug "n_minors: $n_minors; n_up_to_date: $n_up_to_date"
[[ $n_up_to_date = $n_minors ]] # return code is propagated
}
wait_for_fence_domain_state_change()
{
local retries=$1 i
for (( i=0; $i < $retries; i++ )); do
sleep 1
# canonicalize white space by word splitting
# append one space (last line is "members")
# for easier pattern matching on member id)
set -- $(fence_tool ls)
fence_tool_ls="$* "
debug "$i: fence_tool ls: $fence_tool_ls"
wait_condition && return 0
done
echo "still not met wait condition after $i retries"
return 1 # timed out
}
wait_for_id_to_become_victim()
{
wait_condition() [[ $fence_tool_ls = *"victim now $id "* ]]
echo "waiting for $id to become victim"
wait_for_fence_domain_state_change 30 # return value propagates
}
wait_for_id_to_drop_out_of_membership()
{
wait_condition() [[ $fence_tool_ls != *"members"*" $id "* ]]
echo "waiting for $id to drop out of membership"
wait_for_fence_domain_state_change 240 || return 1
echo "successfully fenced $name (by fenced)"
return 0
}
eject_target()
{
# tell cman to eject this node
debug "call: cman_tool kill -n $name"
cman_tool kill -n $name
# if it was member in the fence domain,
# wait for it to become victim,
# wait for it to drop out of the membership.
if [[ $fence_tool_ls = *"members"*" $id "* ]]; then
wait_for_id_to_become_victim &&
wait_for_id_to_drop_out_of_membership &&
return 0 # Yes!
fi
return 1
}
##############################################################################
# logging preparations
##############################################################################
# Funky redirection to avoid logger feeding its own output to itself accidentally.
# Funky double exec to avoid an intermediate sub-shell.
# Sometimes, the sub-shell lingers around, keeps file descriptors open,
# and logger then won't notice the main script has finished,
# forever waiting for further input.
# The second exec replaces the subshell, and logger will notice directly
# when its stdin is closed once the main script exits.
# This avoids the spurious logger processes.
if test -t 2 ; then
[[ $DEBUG != 0 ]] &&
exec 3> >( exec 1>&- logger -s -p ${LOG_PRIO%.*}.debug -t "$LOG_TAG: DEBUG" )
exec 1> >( exec 1>&- logger -s -p $LOG_PRIO -t "$LOG_TAG" )
else
[[ $DEBUG != 0 ]] &&
exec 3> >( exec 1>&- 2>&- logger -p ${LOG_PRIO%.*}.debug -t "$LOG_TAG: DEBUG" )
exec 1> >( exec 1>&- 2>&- logger -p $LOG_PRIO -t "$LOG_TAG" )
fi
# and now point stderr to logger, too
exec 2>&1
if [[ $DEBUG = 0 ]]; then
debug() { :; }
else
debug() { echo >&3 "$*" ; }
if [[ $DEBUG -gt 1 ]]; then
BASH_XTRACEFD=3
set -x
fi
fi
##############################################################################
# "main"
##############################################################################
[[ $DRBD_PEERS ]] || die "No target list specified. You need to pass DRBD_PEERS via environment."
all_minors_up_to_date || die "some minor device is NOT 'UpToDate', will not fence peer"
for peer in $DRBD_PEERS; do
for name in $peer ${peer%%.*}; do
set -- $(cman_tool -F id,type nodes -n $name)
id=$1 state=$2
[[ $id ]] && break
done
if [[ -z $id ]] || [[ $id = *[!0-9]* ]] ; then
die "could not resolve cman node id of $peer, giving up"
fi
echo "resolved $peer as cman node $name, id $id, state $state"
# record fence domain state now
set -- $(fence_tool ls)
fence_tool_ls="$* "
debug "fence_tool ls: $fence_tool_ls"
if [[ $state = M ]] ; then
eject_target && continue # with next peer, if any
else
# maybe cman noticed before the handler triggered,
# and fencing is already active anyways.
if [[ $fence_tool_ls = *"victim now $id "* ]]; then
wait_for_id_to_drop_out_of_membership && continue # with next peer, if any
fi
fi
# apparently it was not in the member list.
# or we timed out waiting for fenced
debug "trying direct fence of $name"
dash_v=-v
[[ $DEBUG -gt 1 ]] && dash_v=-vv
echo "fence_node $dash_v $name"
if fence_node $dash_v $name ; then
echo "successfully fenced $name"
continue # with next peer, if any
else
die "fencing $name failed, giving up"
fi
done
# if we fenced more than one peer,
# add an other log line
[[ $peer != $DRBD_PEERS ]] &&
echo "SUCCESSFULLY FENCED $DRBD_PEERS"
exit 7
|