Closed IME-git closed 7 months ago
IME-git
commented
8 months ago 
knet-jenkins[bot]
commented
8 months ago Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1899/1/input
oalbrigt
commented
8 months ago We dont want a new agent for awsvip.
We can add the functionality to the current awsvip agent with an auth_type that defaults to the current behaviour, and can be set to policies for this new behaviour.
IME-git
commented
8 months ago Please advise when I can review the changes to awsvip. Regards.
IME-git
commented
8 months ago If you remove the --profile reference ( line 134 ) and the OCF_RESKEY_profile setting from the awsvip resource, you could make the documentation provide explicit examples.
If you're using AWS CLI you would create resource as follows:
pcs resource create NAMEaws awsvip awscli="/usr/bin/aws --profile YOUR_PROFILENAME" .....
OR
for use with AWS policies:
pcs resource create NAMEaws awsvip awscli="/usr/bin/aws --region us-east-1" ......
This way you could simply provide the portion of the command you need for you're situation.
oalbrigt
commented
8 months ago Thanks. I'm trying to implement it into the main awsvip agent with the auth_type parameter.
oalbrigt
commented
8 months ago Can you test my PR #1900?
You can see which commands are run by doing pcs resource disable <resource> and then run e.g. pcs resource debug-start --full <resource> to start it and show all the commands run by the agent.
IME-git
commented
8 months ago I have to make a slight change - add x to test lines.
@.*** ~]# diff /usr/lib/ocf/resource.d/heartbeat/awsvip.orig /usr/lib/ocf/resource.d/heartbeat/awsvip|grep "> "
if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then elif [ "x${OCF_RESKEY_auth_type}" = "xpolicy" ]; then
Command line to add resource:
pcs resource create imevip100aws awsvip auth_type=policy region=us-east-1 secondary_private_ip=10.0.1.100 --group imemst
pcs resource config imevip100aws
Resource: imevip100aws (class=ocf provider=heartbeat type=awsvip) Attributes: imevip100aws-instance_attributes auth_type=policy region=us-east-1 secondary_private_ip=10.0.1.100 Meta Attributes: imevip100aws-meta_attributes target-role=Stopped Operations: migrate_from: imevip100aws-migrate_from-interval-0s interval=0s timeout=30s migrate_to: imevip100aws-migrate_to-interval-0s interval=0s timeout=30s monitor: imevip100aws-monitor-interval-20s interval=20s timeout=30s start: imevip100aws-start-interval-0s interval=0s timeout=30s stop: imevip100aws-stop-interval-0s interval=0s timeout=30s validate: imevip100aws-validate-interval-0s interval=0s timeout=10s
@.*** ~]# pcs resource debug-start imevip100aws Operation force-start for imevip100aws (ocf:heartbeat:awsvip) returned 0 (ok)
@.*** ~]# pcs resource debug-stop imevip100aws Operation force-stop for imevip100aws (ocf:heartbeat:awsvip) returned 0 (ok) Nov 06 19:34:17 INFO: secondary_private_ip has been successfully brought down (10.0.1.100)
@.*** ~]# pcs resource debug-start --full imevip100aws
Operation force-start for imevip100aws (ocf:heartbeat:awsvip) returned 0 (ok) { "NetworkInterfaceId": "eni-05b063244aad66d17", "AssignedPrivateIpAddresses": [ { "PrivateIpAddress": "10.0.1.100" } ], "AssignedIpv4Prefixes": [] }
+++ 19:35:23: ocf_start_trace:991: echo +++ 19:35:23: ocf_start_trace:991: sort +++ 19:35:23: ocf_start_trace:991: printenv ++ 19:35:23: ocf_start_trace:991: env=' eval ${which_declare} ) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot $@ BASH_FUNC_which%%=() { ( alias; HA_debug=1 HA_logfacility=none HISTSIZE=1000 HOME=/root HOSTNAME=ip-10-0-1-228.ec2.internal LC_ALL=C LESSOPEN=||/usr/bin/lesspipe.sh %s LOGNAME=root LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:. lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war= 01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:. ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.webp=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=0 1;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=01;36:.au=01;36:.flac=01;36:.m4a=01; 36:.mid=01;36:.midi=01;36:.mka=01;36:.mp3=01;36:.mpc=01;36:.ogg=01;36:.ra=01;36:.wav=01;36:.oga=01;36:.opus=01;36:.spx=01;36:.xspf=01;36: MAIL=/var/spool/mail/ec2-user OCF_EXIT_REASON_PREFIX=ocf-exit-reason: OCF_OUTPUT_FORMAT=text OCF_RA_VERSION_MAJOR=1 OCF_RA_VERSION_MINOR=1 OCF_RESKEY_CRM_meta_class=ocf OCF_RESKEY_CRM_meta_id=imevip100aws OCF_RESKEY_CRM_meta_provider=heartbeat OCF_RESKEY_CRM_meta_resource_stickiness=1 OCF_RESKEY_CRM_meta_target_role=Stopped OCF_RESKEY_CRM_meta_timeout=30000 OCF_RESKEY_CRM_meta_type=awsvip OCF_RESKEY_auth_type=policy OCF_RESKEY_crm_feature_set=3.16.2 OCF_RESKEY_region=us-east-1 OCF_RESKEY_secondary_private_ip=10.0.1.100 OCF_RESOURCE_INSTANCE=imevip100aws OCF_RESOURCE_PROVIDER=heartbeat OCF_RESOURCE_TYPE=awsvip OCF_ROOT=/usr/lib/ocf OCF_TRACE_FILE=/dev/stderr OCF_TRACE_RA=1 OLDPWD=/root PATH=/root/.local/bin:/root/bin:/sbin:/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb PCMK_logfacility=none PCMK_service=crm_resource PWD=/root SHELL=/bin/bash SHLVL=0 SUDO_COMMAND=/bin/bash SUDO_GID=1000 SUDOUSER=ec2-user TERM=vt100 USER=root =/bin/printenv OCF_TRC_DEST=/dev/stderr OCF_TRC_MANAGE= which_declare=declare -f }' ++ 19:35:23: 1045: ocf_is_true '' ++ 19:35:23: ocf_is_true:105: case "$1" in ++ 19:35:23: ocf_is_true:107: false
Everett
From: Oyvind Albrigtsen @.*** Sent: Monday, November 6, 2023 10:00 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] Added awsvip2, imemst, and imeslv heartbeat resources. (PR #1899)
Can you test my PR #1900? You can see which commands are run by doing pcs resource disable
Can you test my PR #1900https://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1900__;!!GszH2LQudD4GjA!hA0abqKFaaQ7IjGkYjl5Pf4HDr2dRmkG5bIj3nM4P-9QXrNQ75WsO_HswDu_RTfOWCQyYOei9Q8SGHt_gdnIVbBOcg4$?
You can see which commands are run by doing pcs resource disable
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1795027680__;Iw!!GszH2LQudD4GjA!hA0abqKFaaQ7IjGkYjl5Pf4HDr2dRmkG5bIj3nM4P-9QXrNQ75WsO_HswDu_RTfOWCQyYOei9Q8SGHt_gdnI7aPv7G0$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXBKPFHKSNPZ3MIAAQLYDD3PJAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJVGAZDONRYGA__;!!GszH2LQudD4GjA!hA0abqKFaaQ7IjGkYjl5Pf4HDr2dRmkG5bIj3nM4P-9QXrNQ75WsO_HswDu_RTfOWCQyYOei9Q8SGHt_gdnIZQWXrUk$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
oalbrigt
commented
8 months ago Why do you need that change in the if? The x is only needed if you compare to an empty string, in which case we mostly use -z or -n to check if it is empty or not.
https://unix.stackexchange.com/questions/136628/bash-script-x1-x
oalbrigt
commented
8 months ago I renamed it to auth_type role (based on feedback from AWS dev) in the PR, and did some other minor improvements as well.
IME-git
commented
8 months ago Here's the debug output that I sent you earlier.
Regards
19:35:23: 228: '[' xpolicy = xkey ']'
19:35:23: 230: '[' xpolicy = xpolicy ']'
Everett
From: Oyvind Albrigtsen @.*** Sent: Tuesday, November 7, 2023 3:04 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] Added awsvip2, imemst, and imeslv heartbeat resources. (PR #1899)
Why do you need that change in your if? The x is only needed if you compare to an empty string, in which case we mostly use -z or -n to check if it is empty or not. https: //unix. stackexchange. com/questions/136628/bash-script-x1-x —Reply
Why do you need that change in your if? The x is only needed if you compare to an empty string, in which case we mostly use -z or -n to check if it is empty or not.
https://unix.stackexchange.com/questions/136628/bash-script-x1-xhttps://urldefense.com/v3/__https://unix.stackexchange.com/questions/136628/bash-script-x1-x__;!!GszH2LQudD4GjA!hkJk6mYqHsC3QW3bJL2x9wC-feffuEkNF7TX-n1imML6YLalayB_3bifxBttV6BEKDeCYQavXSKh1SPL4MU55B0s3tI$
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1797996360__;Iw!!GszH2LQudD4GjA!hkJk6mYqHsC3QW3bJL2x9wC-feffuEkNF7TX-n1imML6YLalayB_3bifxBttV6BEKDeCYQavXSKh1SPL4MU5ROKmnEQ$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXC5VT6BLJAXA3BCXH3YDHTQVAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJXHE4TMMZWGA__;!!GszH2LQudD4GjA!hkJk6mYqHsC3QW3bJL2x9wC-feffuEkNF7TX-n1imML6YLalayB_3bifxBttV6BEKDeCYQavXSKh1SPL4MU5ULUIwQ0$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
oalbrigt
commented
8 months ago Oh. I didnt notice that :)
Updated in the PR now.
IME-git
commented
8 months ago is there simple way to say place a PCS heartbeat resource in something like:
/usr/local/ocf/resource.d/heartbeat/NAME_OF_RESOURCE
I know that for LSB you simply copy the resource to /etc/rc.d/init.d/NAME_OF_RESOURCE .
Everett
From: Oyvind Albrigtsen @.*** Sent: Tuesday, November 7, 2023 6:57 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] Added awsvip2, imemst, and imeslv heartbeat resources. (PR #1899)
Oh. I didnt notice that :) Updated in the PR now. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread. Message ID: ClusterLabs/resource-agents/pull/1899/c1798361547@ github. com
Oh. I didnt notice that :)
Updated in the PR now.
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1798361547__;Iw!!GszH2LQudD4GjA!lMYaCWGZIPyP4PndfdlMSlTjGCW7pd1SoVtKYVPRkOWGNs-fiJRPgfijaWDyLiYRUlBs3b6BvDS5iJchyzZfStwaodc$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXCQ5KVCKLNJBWKWM7LYDIO2VAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJYGM3DCNJUG4__;!!GszH2LQudD4GjA!lMYaCWGZIPyP4PndfdlMSlTjGCW7pd1SoVtKYVPRkOWGNs-fiJRPgfijaWDyLiYRUlBs3b6BvDS5iJchyzZfn9IAVoA$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
oalbrigt
commented
8 months ago is there simple way to say place a PCS heartbeat resource in something like: /usr/local/ocf/resource.d/heartbeat/NAME_OF_RESOURCE I know that for LSB you simply copy the resource to /etc/rc.d/init.d/NAME_OF_RESOURCE . Everett …
No. Pacemaker and pcs has their default lookup path, , so we suggest putting them in "/usr/lib/ocf/resource.d/
oalbrigt
commented
8 months ago Can you remove the awsvip2 commits from this PR? You can do it by running git rebase -i HEAD~4 and then replace "pick" with "d" for drop on the commits you're going to remove. After that you can run git push -f.
From a quick look at the ime agents, I noticed the following that should be improved:
pcs resource create ...).if ocf_is_true "$X"; then or if ! ocf_is_true for yes/no, true/false, 1/0 valuespcs resource debug-start --full <resource> to get full trace which will also show values assigned to variables or pcs resource update <resource> trace_ra=1 to make the agent tracelog to /var/lib/heartbeat/trace_raocf_log debug to only log certain info for pcs resource debug-<action> --full or trace_ra=1 as explained above.See https://github.com/ClusterLabs/resource-agents/blob/main/doc/dev-guides/ra-dev-guide.asc for more info, or have a look at the nagios agent as a good minimal template for an agent.
knet-jenkins[bot]
commented
8 months ago Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1899/2/input
IME-git
commented
8 months ago Done
Everett
From: Oyvind Albrigtsen @.*** Sent: Tuesday, November 7, 2023 8:10 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
Can you remove the awsvip2 commits from this PR? You can do it by running git rebase -i HEAD~4 and then replace "pick" with "d" for drop on the commits you're going to remove. After that you can run git push -f. From a quick look at the ime
Can you remove the awsvip2 commits from this PR? You can do it by running git rebase -i HEAD~4 and then replace "pick" with "d" for drop on the commits you're going to remove. After that you can run git push -f.
From a quick look at the ime agents, I noticed the following that should be improved:
See https://github.com/ClusterLabs/resource-agents/blob/main/doc/dev-guides/ra-dev-guide.aschttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/blob/main/doc/dev-guides/ra-dev-guide.asc__;!!GszH2LQudD4GjA!jT5CkW6gbIRvPgyXmxF4iG95MnCWXZxjzoJS_L1D76HuOOdOVZrUPzSruIYX96BkTJziamo2aWGDmaRLELR4CKrFX1Y$ for more info, or have a look at the nagios agent as a good minimal template for an agent.
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1798475550__;Iw!!GszH2LQudD4GjA!jT5CkW6gbIRvPgyXmxF4iG95MnCWXZxjzoJS_L1D76HuOOdOVZrUPzSruIYX96BkTJziamo2aWGDmaRLELR4T5qsrvE$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXDH2FB2YA3RD46KSGDYDIXNFAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJYGQ3TKNJVGA__;!!GszH2LQudD4GjA!jT5CkW6gbIRvPgyXmxF4iG95MnCWXZxjzoJS_L1D76HuOOdOVZrUPzSruIYX96BkTJziamo2aWGDmaRLELR4mjCIo_k$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
IME-git
commented
8 months ago How soon will the updated awsvip resource be able to REPO sites, etc?
Also, if I created an RPM for imemst and imeslv would that be distributed through EPEL or the standard OS REPO?
Everett
From: Oyvind Albrigtsen @.*** Sent: Tuesday, November 7, 2023 8:10 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
Can you remove the awsvip2 commits from this PR? You can do it by running git rebase -i HEAD~4 and then replace "pick" with "d" for drop on the commits you're going to remove. After that you can run git push -f. From a quick look at the ime
Can you remove the awsvip2 commits from this PR? You can do it by running git rebase -i HEAD~4 and then replace "pick" with "d" for drop on the commits you're going to remove. After that you can run git push -f.
From a quick look at the ime agents, I noticed the following that should be improved:
See https://github.com/ClusterLabs/resource-agents/blob/main/doc/dev-guides/ra-dev-guide.aschttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/blob/main/doc/dev-guides/ra-dev-guide.asc__;!!GszH2LQudD4GjA!jT5CkW6gbIRvPgyXmxF4iG95MnCWXZxjzoJS_L1D76HuOOdOVZrUPzSruIYX96BkTJziamo2aWGDmaRLELR4CKrFX1Y$ for more info, or have a look at the nagios agent as a good minimal template for an agent.
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1798475550__;Iw!!GszH2LQudD4GjA!jT5CkW6gbIRvPgyXmxF4iG95MnCWXZxjzoJS_L1D76HuOOdOVZrUPzSruIYX96BkTJziamo2aWGDmaRLELR4T5qsrvE$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXDH2FB2YA3RD46KSGDYDIXNFAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJYGQ3TKNJVGA__;!!GszH2LQudD4GjA!jT5CkW6gbIRvPgyXmxF4iG95MnCWXZxjzoJS_L1D76HuOOdOVZrUPzSruIYX96BkTJziamo2aWGDmaRLELR4mjCIo_k$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
oalbrigt
commented
8 months ago How soon will the updated awsvip resource be able to REPO sites, etc?
I expect to release a new resource-agents version by the end of january, so it should be available in Fedora and other bleeding edge distros sometime in february. You can also create a ticket for distros to request getting it earlier.
Also, if I created an RPM for imemst and imeslv would that be distributed through EPEL or the standard OS REPO?
The standard OS repo depends on more testing, so you'll have to create a ticket to request it there, but could also request it on EPEL e.g. as resource-agents-extras, where they can exclude the regular agents/libs in the spec-file.
Also see above regarding my part-review, as these agents needs some changes before I can fully review and possibly merge this PR.
Everett …
IME-git
commented
8 months ago What were changes for imemst and imeslv?
Everett
From: Oyvind Albrigtsen @.*** Sent: Wednesday, November 8, 2023 6:38 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
How soon will the updated awsvip resource be able to REPO sites, etc? I expect to release a new resource-agents version by the end of january, so it should be available in Fedora and other bleeding edge distros sometime in february. You can
How soon will the updated awsvip resource be able to REPO sites, etc? I expect to release a new resource-agents version by the end of january, so it should be available in Fedora and other bleeding edge distros sometime in february. You can also create a ticket for distros to request getting it earlier.
Also, if I created an RPM for imemst and imeslv would that be distributed through EPEL or the standard OS REPO? The standard OS repo depends on more testing, so you'll have to create a ticket to request it there, but could also request it on EPEL e.g. as resource-agents-extras, where they can exclude the regular agents/libs in the spec-file.
Also see above regarding my part-review, as these agents needs some changes before I can fully review and possibly merge this PR.
Everett …
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1801715054__;Iw!!GszH2LQudD4GjA!mOdgW_IIsweHXyUXRcFTFo30Evf6GjTuekjfDgvAjxi47Z7GsZ82x4RqPIuKrvtptuAG3wVwJ_FDLuRWJkxwTAOEF8A$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXB2XSAGE35KC2ZVARTYDNVLJAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBRG4YTKMBVGQ__;!!GszH2LQudD4GjA!mOdgW_IIsweHXyUXRcFTFo30Evf6GjTuekjfDgvAjxi47Z7GsZ82x4RqPIuKrvtptuAG3wVwJ_FDLuRWJkxwk0ccO58$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
oalbrigt
commented
8 months ago IME-git
commented
8 months ago Here's some backgroun on how to setup role, policy to allow fence commands and manage awsvip without using your AWS credentials.
AWS_PCS_ROLE=pcs-iam-role AWS_PCS_POLICY=pcs_to_ec2_trust_policy.json AWS_PCS_ROLE_POLICY=role_to_pcs_policy.json AWS_INST_PROFILE=pcs-iam-profile PCS_POLICY_NAME=pcs-policy file : .AWS/env/${AWS_PCS_POLICY}
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:RebootInstances", "ec2:DescribeInstances", "ec2:StartInstances", "ec2:DescribeTags", "ec2:DescribeInstanceAttribute", "ec2:UnassignPrivateIpAddresses", "ec2:ModifyInstanceAttribute", "ec2:AssignPrivateIpAddresses", "ec2:StopInstances" ], "Resource": "*" } ] }
CHK_PCS_POLICY=aws --profile ${AWS_PROFILE} iam list-policies --query 'Policies[?PolicyName==\'${PCS_POLICY_NAME}'`].Arn' --output text 2>/dev/null`
echo CHK_PCS_POLICY=${CHK_PCS_POLICY}
'${PCS_POLICY_NAME}'].PolicyArn' --output textaws --profile ${AWS_PROFILE} iam get-instance-profile --instance-profile-name ${AWS_INST_PROFILE} --query InstanceProfile.Roles[].RoleName --output text
curl -s http://169.254.169.254/latest/meta-data/instance-id EverettFrom: Oyvind Albrigtsen @.*** Sent: Wednesday, November 8, 2023 8:12 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1801866883__;Iw!!GszH2LQudD4GjA!mkz623OdR8mL8lmEYADHzdXMD5yrCK022h1rxgeIkjHFuk9IwvvpSmTA408OxzcQmmbxZWqM0yGzz00_ZlRPoO268GQ$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXGRR2SK6BQTYG436ODYDOANPAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBRHA3DMOBYGM__;!!GszH2LQudD4GjA!mkz623OdR8mL8lmEYADHzdXMD5yrCK022h1rxgeIkjHFuk9IwvvpSmTA408OxzcQmmbxZWqM0yGzz00_ZlRPRH14yPU$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
IME-git
commented
8 months ago Here's some background on how to setup role, policy to allow fence commands and manage awsvip without using your AWS credentials. Not sure if this can be added to awsvip doc.
See attached filed awsvip.pcs.info.txt
EverettFrom: Oyvind Albrigtsen @.*** Sent: Wednesday, November 8, 2023 8:12 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1801866883__;Iw!!GszH2LQudD4GjA!mkz623OdR8mL8lmEYADHzdXMD5yrCK022h1rxgeIkjHFuk9IwvvpSmTA408OxzcQmmbxZWqM0yGzz00_ZlRPoO268GQ$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXGRR2SK6BQTYG436ODYDOANPAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBRHA3DMOBYGM__;!!GszH2LQudD4GjA!mkz623OdR8mL8lmEYADHzdXMD5yrCK022h1rxgeIkjHFuk9IwvvpSmTA408OxzcQmmbxZWqM0yGzz00_ZlRPRH14yPU$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
AWS_PCS_ROLE=pcs-iam-role AWS_PCS_POLICY=pcs_to_ec2_trust_policy.json AWS_PCS_ROLE_POLICY=role_to_pcs_policy.json AWS_INST_PROFILE=pcs-iam-profile PCS_POLICY_NAME=pcs-policy EC2_NAME=rh9
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:RebootInstances", "ec2:DescribeInstances", "ec2:StartInstances", "ec2:DescribeTags", "ec2:DescribeInstanceAttribute", "ec2:UnassignPrivateIpAddresses", "ec2:ModifyInstanceAttribute", "ec2:AssignPrivateIpAddresses", "ec2:StopInstances" ], "Resource": "*" } ] }
aws --profile ${AWS_PROFILE} iam list-policies --query 'Policies[?PolicyName==\'${PCS_POLICY_NAME}'`].Arn' --output text 2>/dev/null`'${PCS_POLICY_NAME}'].PolicyArn' --output textaws --profile ebjr ec2 describe-instances --filter Name=tag:Name,Values=${EC2_NAME} --query 'Reservations[].Instances[0].InstanceId' Name=instance-state-name,Values=stopped --output textORaws --profile ebjr ec2 describe-instances --filter Name=tag:Name,Values=${EC2_NAME} --query 'Reservations[].Instances[0].InstanceId' Name=instance-state-name,Values=running --output textcurl -s http://169.254.169.254/latest/meta-data/instance-idIME-git
commented
8 months ago Here's some background on how to setup role, policy to allow fence commands and manage awsvip without using your AWS credentials. See attached txt file.
EverettFrom: Oyvind Albrigtsen @.*** Sent: Monday, November 6, 2023 8:59 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] Added awsvip2, imemst, and imeslv heartbeat resources. (PR #1899)
Thanks. I'm trying to implement it into the main awsvip agent with the auth_type parameter. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread. Message ID: ClusterLabs/resource-agents/pull/1899/c1794886396@ github. com
Thanks. I'm trying to implement it into the main awsvip agent with the auth_type parameter.
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1794886396__;Iw!!GszH2LQudD4GjA!lrp1BNWchWarE7Fndztbe3oFNJviWolT-9T8wU1nafwbSWzK3O7LdaGBYxG_VogmvLVFgZCd9J9INtgk7i_K2ZczH30$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXGVBJ7VOKDCM4KK653YDDUMFAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJUHA4DMMZZGY__;!!GszH2LQudD4GjA!lrp1BNWchWarE7Fndztbe3oFNJviWolT-9T8wU1nafwbSWzK3O7LdaGBYxG_VogmvLVFgZCd9J9INtgk7i_KvsqTAjU$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
AWS_PCS_ROLE=pcs-iam-role AWS_PCS_POLICY=pcs_to_ec2_trust_policy.json AWS_PCS_ROLE_POLICY=role_to_pcs_policy.json AWS_INST_PROFILE=pcs-iam-profile PCS_POLICY_NAME=pcs-policy EC2_NAME=rh9
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:RebootInstances", "ec2:DescribeInstances", "ec2:StartInstances", "ec2:DescribeTags", "ec2:DescribeInstanceAttribute", "ec2:UnassignPrivateIpAddresses", "ec2:ModifyInstanceAttribute", "ec2:AssignPrivateIpAddresses", "ec2:StopInstances" ], "Resource": "*" } ] }
aws --profile ${AWS_PROFILE} iam list-policies --query 'Policies[?PolicyName==\'${PCS_POLICY_NAME}'`].Arn' --output text 2>/dev/null`'${PCS_POLICY_NAME}'].PolicyArn' --output textaws --profile ebjr ec2 describe-instances --filter Name=tag:Name,Values=${EC2_NAME} --query 'Reservations[].Instances[0].InstanceId' Name=instance-state-name,Values=stopped --output textORaws --profile ebjr ec2 describe-instances --filter Name=tag:Name,Values=${EC2_NAME} --query 'Reservations[].Instances[0].InstanceId' Name=instance-state-name,Values=running --output textcurl -s http://169.254.169.254/latest/meta-data/instance-idoalbrigt
commented
8 months ago Thanks.
That's a bit much for metadata. Maybe I'll add it to a README.aws or something.
IME-git
commented
8 months ago I sent an email with an attached file named awsvip.pcs.info.txt , look for that email.
I forgot to added the EC2 related steps to add profile etc
EverettFrom: Oyvind Albrigtsen @.*** Sent: Tuesday, November 14, 2023 9:19 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
Thanks. That's a bit much for metadata. Maybe I'll add it to a README. aws or something. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread. Message ID: ClusterLabs/resource-agents/pull/1899/c1810304310@ github. com
Thanks.
That's a bit much for metadata. Maybe I'll add it to a README.aws or something.
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1810304310__;Iw!!GszH2LQudD4GjA!nKS_UMveOXznzT5mXgZfWb20cnt1YeiC_L6co224ZOZbTZFeG30NivJTmg7Rbmd-OLWw4HZAITzvUbx2kPqkKtUAARw$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXCV5MEHLDC3FSXBQTTYEN4Y3AVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJQGMYDIMZRGA__;!!GszH2LQudD4GjA!nKS_UMveOXznzT5mXgZfWb20cnt1YeiC_L6co224ZOZbTZFeG30NivJTmg7Rbmd-OLWw4HZAITzvUbx2kPqkzaxB1qY$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
oalbrigt
commented
8 months ago On 14/11/23 14:15 -0800, gguifelixamz wrote:
I'm sorry I'm a few days behind here, but why do we need a new agent for AWS that the existing agents cannot be retrofitted with? The awsvip part was moved to a separate PR: https://github.com/ClusterLabs/resource-agents/pull/1900
-- Reply to this email directly or view it on GitHub: https://github.com/ClusterLabs/resource-agents/pull/1899#issuecomment-1811448261 You are receiving this because you commented.
Message ID: @.***>
IME-git
commented
8 months ago No, the modification to allow the use of AWS policies is fine. I just sent you an example of how to setup role, profile, policy and attach to AWS EC2 for the AWS policy to work. Those were the commands in the aws.pcs.info.txt file I attached in previous message.
EverettFrom: Oyvind Albrigtsen @.*** Sent: Wednesday, November 15, 2023 4:33 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
On 14/11/23 14: 15 -0800, gguifelixamz wrote: >I'm sorry I'm a few days behind here, but why do we need a new agent for AWS that the existing agents cannot be retrofitted with? The awsvip part was moved to a separate PR: https: //github. com/ClusterLabs/resource-agents/pull/1900
On 14/11/23 14:15 -0800, gguifelixamz wrote:
I'm sorry I'm a few days behind here, but why do we need a new agent for AWS that the existing agents cannot be retrofitted with? The awsvip part was moved to a separate PR: https://github.com/ClusterLabs/resource-agents/pull/1900https://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1900__;!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBas9p84JM$
-- Reply to this email directly or view it on GitHub: https://github.com/ClusterLabs/resource-agents/pull/1899#issuecomment-1811448261https://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1811448261__;Iw!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBaoZOTXC0$ You are receiving this because you commented.
Message ID: @.***>
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1812099834__;Iw!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBaZbSiSTs$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXDESCJS5ZBX3RGDFEDYESD57AVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJSGA4TSOBTGQ__;!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBaFJMfGC4$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
oalbrigt
commented
8 months ago @IME-git I tried following your instructions, but it failed the final step of testing (after I moved credentials file out of the way).
IME-git
commented
8 months ago Is there an email address I can use other than replying to this message? When I get a chance, I'll setup a simple AWS Rocky test for awsvip. The policy scheme does work. Everett
From: Oyvind Albrigtsen @.*** Sent: Wednesday, November 15, 2023 4:33 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
On 14/11/23 14: 15 -0800, gguifelixamz wrote: >I'm sorry I'm a few days behind here, but why do we need a new agent for AWS that the existing agents cannot be retrofitted with? The awsvip part was moved to a separate PR: https: //github. com/ClusterLabs/resource-agents/pull/1900
On 14/11/23 14:15 -0800, gguifelixamz wrote:
I'm sorry I'm a few days behind here, but why do we need a new agent for AWS that the existing agents cannot be retrofitted with? The awsvip part was moved to a separate PR: https://github.com/ClusterLabs/resource-agents/pull/1900https://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1900__;!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBas9p84JM$
-- Reply to this email directly or view it on GitHub: https://github.com/ClusterLabs/resource-agents/pull/1899#issuecomment-1811448261https://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1811448261__;Iw!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBaoZOTXC0$ You are receiving this because you commented.
Message ID: @.***>
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1812099834__;Iw!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBaZbSiSTs$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXDESCJS5ZBX3RGDFEDYESD57AVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJSGA4TSOBTGQ__;!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBaFJMfGC4$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
oalbrigt
commented
8 months ago No worries. I just had to add the role to the nodes.
IME-git
commented
7 months ago How do I pull this again and and then cancel
imemst/imeslv: new resource agents #1899