Closed IME-git closed 7 months ago
Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1899/1/input
We dont want a new agent for awsvip.
We can add the functionality to the current awsvip agent with an auth_type that defaults to the current behaviour, and can be set to policies for this new behaviour.
Please advise when I can review the changes to awsvip. Regards.
If you remove the --profile reference ( line 134 ) and the OCF_RESKEY_profile setting from the awsvip resource, you could make the documentation provide explicit examples.
If you're using AWS CLI you would create resource as follows:
pcs resource create NAMEaws awsvip awscli="/usr/bin/aws --profile YOUR_PROFILENAME" .....
OR
for use with AWS policies:
pcs resource create NAMEaws awsvip awscli="/usr/bin/aws --region us-east-1" ......
This way you could simply provide the portion of the command you need for you're situation.
Thanks. I'm trying to implement it into the main awsvip agent with the auth_type parameter.
Can you test my PR #1900?
You can see which commands are run by doing pcs resource disable <resource>
and then run e.g. pcs resource debug-start --full <resource>
to start it and show all the commands run by the agent.
I have to make a slight change - add x to test lines.
@.*** ~]# diff /usr/lib/ocf/resource.d/heartbeat/awsvip.orig /usr/lib/ocf/resource.d/heartbeat/awsvip|grep "> "
if [ "x${OCF_RESKEY_auth_type}" = "xkey" ]; then elif [ "x${OCF_RESKEY_auth_type}" = "xpolicy" ]; then
Command line to add resource:
pcs resource create imevip100aws awsvip auth_type=policy region=us-east-1 secondary_private_ip=10.0.1.100 --group imemst
pcs resource config imevip100aws
Resource: imevip100aws (class=ocf provider=heartbeat type=awsvip) Attributes: imevip100aws-instance_attributes auth_type=policy region=us-east-1 secondary_private_ip=10.0.1.100 Meta Attributes: imevip100aws-meta_attributes target-role=Stopped Operations: migrate_from: imevip100aws-migrate_from-interval-0s interval=0s timeout=30s migrate_to: imevip100aws-migrate_to-interval-0s interval=0s timeout=30s monitor: imevip100aws-monitor-interval-20s interval=20s timeout=30s start: imevip100aws-start-interval-0s interval=0s timeout=30s stop: imevip100aws-stop-interval-0s interval=0s timeout=30s validate: imevip100aws-validate-interval-0s interval=0s timeout=10s
@.*** ~]# pcs resource debug-start imevip100aws Operation force-start for imevip100aws (ocf:heartbeat:awsvip) returned 0 (ok)
@.*** ~]# pcs resource debug-stop imevip100aws Operation force-stop for imevip100aws (ocf:heartbeat:awsvip) returned 0 (ok) Nov 06 19:34:17 INFO: secondary_private_ip has been successfully brought down (10.0.1.100)
@.*** ~]# pcs resource debug-start --full imevip100aws
Operation force-start for imevip100aws (ocf:heartbeat:awsvip) returned 0 (ok) { "NetworkInterfaceId": "eni-05b063244aad66d17", "AssignedPrivateIpAddresses": [ { "PrivateIpAddress": "10.0.1.100" } ], "AssignedIpv4Prefixes": [] }
+++ 19:35:23: ocf_start_trace:991: echo +++ 19:35:23: ocf_start_trace:991: sort +++ 19:35:23: ocf_start_trace:991: printenv ++ 19:35:23: ocf_start_trace:991: env=' eval ${which_declare} ) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot $@ BASH_FUNC_which%%=() { ( alias; HA_debug=1 HA_logfacility=none HISTSIZE=1000 HOME=/root HOSTNAME=ip-10-0-1-228.ec2.internal LC_ALL=C LESSOPEN=||/usr/bin/lesspipe.sh %s LOGNAME=root LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:. lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war= 01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:. ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.webp=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=0 1;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=01;36:.au=01;36:.flac=01;36:.m4a=01; 36:.mid=01;36:.midi=01;36:.mka=01;36:.mp3=01;36:.mpc=01;36:.ogg=01;36:.ra=01;36:.wav=01;36:.oga=01;36:.opus=01;36:.spx=01;36:.xspf=01;36: MAIL=/var/spool/mail/ec2-user OCF_EXIT_REASON_PREFIX=ocf-exit-reason: OCF_OUTPUT_FORMAT=text OCF_RA_VERSION_MAJOR=1 OCF_RA_VERSION_MINOR=1 OCF_RESKEY_CRM_meta_class=ocf OCF_RESKEY_CRM_meta_id=imevip100aws OCF_RESKEY_CRM_meta_provider=heartbeat OCF_RESKEY_CRM_meta_resource_stickiness=1 OCF_RESKEY_CRM_meta_target_role=Stopped OCF_RESKEY_CRM_meta_timeout=30000 OCF_RESKEY_CRM_meta_type=awsvip OCF_RESKEY_auth_type=policy OCF_RESKEY_crm_feature_set=3.16.2 OCF_RESKEY_region=us-east-1 OCF_RESKEY_secondary_private_ip=10.0.1.100 OCF_RESOURCE_INSTANCE=imevip100aws OCF_RESOURCE_PROVIDER=heartbeat OCF_RESOURCE_TYPE=awsvip OCF_ROOT=/usr/lib/ocf OCF_TRACE_FILE=/dev/stderr OCF_TRACE_RA=1 OLDPWD=/root PATH=/root/.local/bin:/root/bin:/sbin:/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb PCMK_logfacility=none PCMK_service=crm_resource PWD=/root SHELL=/bin/bash SHLVL=0 SUDO_COMMAND=/bin/bash SUDO_GID=1000 SUDOUSER=ec2-user TERM=vt100 USER=root =/bin/printenv OCF_TRC_DEST=/dev/stderr OCF_TRC_MANAGE= which_declare=declare -f }' ++ 19:35:23: 1045: ocf_is_true '' ++ 19:35:23: ocf_is_true:105: case "$1" in ++ 19:35:23: ocf_is_true:107: false
Everett
From: Oyvind Albrigtsen @.*** Sent: Monday, November 6, 2023 10:00 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] Added awsvip2, imemst, and imeslv heartbeat resources. (PR #1899)
Can you test my PR #1900? You can see which commands are run by doing pcs resource disable
Can you test my PR #1900https://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1900__;!!GszH2LQudD4GjA!hA0abqKFaaQ7IjGkYjl5Pf4HDr2dRmkG5bIj3nM4P-9QXrNQ75WsO_HswDu_RTfOWCQyYOei9Q8SGHt_gdnIVbBOcg4$?
You can see which commands are run by doing pcs resource disable
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1795027680__;Iw!!GszH2LQudD4GjA!hA0abqKFaaQ7IjGkYjl5Pf4HDr2dRmkG5bIj3nM4P-9QXrNQ75WsO_HswDu_RTfOWCQyYOei9Q8SGHt_gdnI7aPv7G0$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXBKPFHKSNPZ3MIAAQLYDD3PJAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJVGAZDONRYGA__;!!GszH2LQudD4GjA!hA0abqKFaaQ7IjGkYjl5Pf4HDr2dRmkG5bIj3nM4P-9QXrNQ75WsO_HswDu_RTfOWCQyYOei9Q8SGHt_gdnIZQWXrUk$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
Why do you need that change in the if? The x is only needed if you compare to an empty string, in which case we mostly use -z or -n to check if it is empty or not.
https://unix.stackexchange.com/questions/136628/bash-script-x1-x
I renamed it to auth_type role (based on feedback from AWS dev) in the PR, and did some other minor improvements as well.
Here's the debug output that I sent you earlier.
Regards
19:35:23: 228: '[' xpolicy = xkey ']'
19:35:23: 230: '[' xpolicy = xpolicy ']'
Everett
From: Oyvind Albrigtsen @.*** Sent: Tuesday, November 7, 2023 3:04 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] Added awsvip2, imemst, and imeslv heartbeat resources. (PR #1899)
Why do you need that change in your if? The x is only needed if you compare to an empty string, in which case we mostly use -z or -n to check if it is empty or not. https: //unix. stackexchange. com/questions/136628/bash-script-x1-x —Reply
Why do you need that change in your if? The x is only needed if you compare to an empty string, in which case we mostly use -z or -n to check if it is empty or not.
https://unix.stackexchange.com/questions/136628/bash-script-x1-xhttps://urldefense.com/v3/__https://unix.stackexchange.com/questions/136628/bash-script-x1-x__;!!GszH2LQudD4GjA!hkJk6mYqHsC3QW3bJL2x9wC-feffuEkNF7TX-n1imML6YLalayB_3bifxBttV6BEKDeCYQavXSKh1SPL4MU55B0s3tI$
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1797996360__;Iw!!GszH2LQudD4GjA!hkJk6mYqHsC3QW3bJL2x9wC-feffuEkNF7TX-n1imML6YLalayB_3bifxBttV6BEKDeCYQavXSKh1SPL4MU5ROKmnEQ$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXC5VT6BLJAXA3BCXH3YDHTQVAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJXHE4TMMZWGA__;!!GszH2LQudD4GjA!hkJk6mYqHsC3QW3bJL2x9wC-feffuEkNF7TX-n1imML6YLalayB_3bifxBttV6BEKDeCYQavXSKh1SPL4MU5ULUIwQ0$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
Oh. I didnt notice that :)
Updated in the PR now.
is there simple way to say place a PCS heartbeat resource in something like:
/usr/local/ocf/resource.d/heartbeat/NAME_OF_RESOURCE
I know that for LSB you simply copy the resource to /etc/rc.d/init.d/NAME_OF_RESOURCE .
Everett
From: Oyvind Albrigtsen @.*** Sent: Tuesday, November 7, 2023 6:57 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] Added awsvip2, imemst, and imeslv heartbeat resources. (PR #1899)
Oh. I didnt notice that :) Updated in the PR now. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread. Message ID: ClusterLabs/resource-agents/pull/1899/c1798361547@ github. com
Oh. I didnt notice that :)
Updated in the PR now.
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1798361547__;Iw!!GszH2LQudD4GjA!lMYaCWGZIPyP4PndfdlMSlTjGCW7pd1SoVtKYVPRkOWGNs-fiJRPgfijaWDyLiYRUlBs3b6BvDS5iJchyzZfStwaodc$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXCQ5KVCKLNJBWKWM7LYDIO2VAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJYGM3DCNJUG4__;!!GszH2LQudD4GjA!lMYaCWGZIPyP4PndfdlMSlTjGCW7pd1SoVtKYVPRkOWGNs-fiJRPgfijaWDyLiYRUlBs3b6BvDS5iJchyzZfn9IAVoA$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
is there simple way to say place a PCS heartbeat resource in something like: /usr/local/ocf/resource.d/heartbeat/NAME_OF_RESOURCE I know that for LSB you simply copy the resource to /etc/rc.d/init.d/NAME_OF_RESOURCE . Everett …
No. Pacemaker and pcs has their default lookup path, , so we suggest putting them in "/usr/lib/ocf/resource.d/
Can you remove the awsvip2 commits from this PR? You can do it by running git rebase -i HEAD~4
and then replace "pick" with "d" for drop on the commits you're going to remove. After that you can run git push -f
.
From a quick look at the ime agents, I noticed the following that should be improved:
pcs resource create ...
).if ocf_is_true "$X"; then
or if ! ocf_is_true
for yes/no, true/false, 1/0 valuespcs resource debug-start --full <resource>
to get full trace which will also show values assigned to variables or pcs resource update <resource> trace_ra=1
to make the agent tracelog to /var/lib/heartbeat/trace_raocf_log debug
to only log certain info for pcs resource debug-<action> --full
or trace_ra=1 as explained above.See https://github.com/ClusterLabs/resource-agents/blob/main/doc/dev-guides/ra-dev-guide.asc for more info, or have a look at the nagios agent as a good minimal template for an agent.
Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/resource-agents/job/resource-agents-pipeline/job/PR-1899/2/input
Done
Everett
From: Oyvind Albrigtsen @.*** Sent: Tuesday, November 7, 2023 8:10 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
Can you remove the awsvip2 commits from this PR? You can do it by running git rebase -i HEAD~4 and then replace "pick" with "d" for drop on the commits you're going to remove. After that you can run git push -f. From a quick look at the ime
Can you remove the awsvip2 commits from this PR? You can do it by running git rebase -i HEAD~4 and then replace "pick" with "d" for drop on the commits you're going to remove. After that you can run git push -f.
From a quick look at the ime agents, I noticed the following that should be improved:
See https://github.com/ClusterLabs/resource-agents/blob/main/doc/dev-guides/ra-dev-guide.aschttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/blob/main/doc/dev-guides/ra-dev-guide.asc__;!!GszH2LQudD4GjA!jT5CkW6gbIRvPgyXmxF4iG95MnCWXZxjzoJS_L1D76HuOOdOVZrUPzSruIYX96BkTJziamo2aWGDmaRLELR4CKrFX1Y$ for more info, or have a look at the nagios agent as a good minimal template for an agent.
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1798475550__;Iw!!GszH2LQudD4GjA!jT5CkW6gbIRvPgyXmxF4iG95MnCWXZxjzoJS_L1D76HuOOdOVZrUPzSruIYX96BkTJziamo2aWGDmaRLELR4T5qsrvE$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXDH2FB2YA3RD46KSGDYDIXNFAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJYGQ3TKNJVGA__;!!GszH2LQudD4GjA!jT5CkW6gbIRvPgyXmxF4iG95MnCWXZxjzoJS_L1D76HuOOdOVZrUPzSruIYX96BkTJziamo2aWGDmaRLELR4mjCIo_k$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
How soon will the updated awsvip resource be able to REPO sites, etc?
Also, if I created an RPM for imemst and imeslv would that be distributed through EPEL or the standard OS REPO?
Everett
From: Oyvind Albrigtsen @.*** Sent: Tuesday, November 7, 2023 8:10 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
Can you remove the awsvip2 commits from this PR? You can do it by running git rebase -i HEAD~4 and then replace "pick" with "d" for drop on the commits you're going to remove. After that you can run git push -f. From a quick look at the ime
Can you remove the awsvip2 commits from this PR? You can do it by running git rebase -i HEAD~4 and then replace "pick" with "d" for drop on the commits you're going to remove. After that you can run git push -f.
From a quick look at the ime agents, I noticed the following that should be improved:
See https://github.com/ClusterLabs/resource-agents/blob/main/doc/dev-guides/ra-dev-guide.aschttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/blob/main/doc/dev-guides/ra-dev-guide.asc__;!!GszH2LQudD4GjA!jT5CkW6gbIRvPgyXmxF4iG95MnCWXZxjzoJS_L1D76HuOOdOVZrUPzSruIYX96BkTJziamo2aWGDmaRLELR4CKrFX1Y$ for more info, or have a look at the nagios agent as a good minimal template for an agent.
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1798475550__;Iw!!GszH2LQudD4GjA!jT5CkW6gbIRvPgyXmxF4iG95MnCWXZxjzoJS_L1D76HuOOdOVZrUPzSruIYX96BkTJziamo2aWGDmaRLELR4T5qsrvE$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXDH2FB2YA3RD46KSGDYDIXNFAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJYGQ3TKNJVGA__;!!GszH2LQudD4GjA!jT5CkW6gbIRvPgyXmxF4iG95MnCWXZxjzoJS_L1D76HuOOdOVZrUPzSruIYX96BkTJziamo2aWGDmaRLELR4mjCIo_k$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
How soon will the updated awsvip resource be able to REPO sites, etc?
I expect to release a new resource-agents version by the end of january, so it should be available in Fedora and other bleeding edge distros sometime in february. You can also create a ticket for distros to request getting it earlier.
Also, if I created an RPM for imemst and imeslv would that be distributed through EPEL or the standard OS REPO?
The standard OS repo depends on more testing, so you'll have to create a ticket to request it there, but could also request it on EPEL e.g. as resource-agents-extras, where they can exclude the regular agents/libs in the spec-file.
Also see above regarding my part-review, as these agents needs some changes before I can fully review and possibly merge this PR.
Everett …
What were changes for imemst and imeslv?
Everett
From: Oyvind Albrigtsen @.*** Sent: Wednesday, November 8, 2023 6:38 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
How soon will the updated awsvip resource be able to REPO sites, etc? I expect to release a new resource-agents version by the end of january, so it should be available in Fedora and other bleeding edge distros sometime in february. You can
How soon will the updated awsvip resource be able to REPO sites, etc? I expect to release a new resource-agents version by the end of january, so it should be available in Fedora and other bleeding edge distros sometime in february. You can also create a ticket for distros to request getting it earlier.
Also, if I created an RPM for imemst and imeslv would that be distributed through EPEL or the standard OS REPO? The standard OS repo depends on more testing, so you'll have to create a ticket to request it there, but could also request it on EPEL e.g. as resource-agents-extras, where they can exclude the regular agents/libs in the spec-file.
Also see above regarding my part-review, as these agents needs some changes before I can fully review and possibly merge this PR.
Everett …
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1801715054__;Iw!!GszH2LQudD4GjA!mOdgW_IIsweHXyUXRcFTFo30Evf6GjTuekjfDgvAjxi47Z7GsZ82x4RqPIuKrvtptuAG3wVwJ_FDLuRWJkxwTAOEF8A$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXB2XSAGE35KC2ZVARTYDNVLJAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBRG4YTKMBVGQ__;!!GszH2LQudD4GjA!mOdgW_IIsweHXyUXRcFTFo30Evf6GjTuekjfDgvAjxi47Z7GsZ82x4RqPIuKrvtptuAG3wVwJ_FDLuRWJkxwk0ccO58$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
Here's some backgroun on how to setup role, policy to allow fence commands and manage awsvip without using your AWS credentials.
AWS_PCS_ROLE=pcs-iam-role AWS_PCS_POLICY=pcs_to_ec2_trust_policy.json AWS_PCS_ROLE_POLICY=role_to_pcs_policy.json AWS_INST_PROFILE=pcs-iam-profile PCS_POLICY_NAME=pcs-policy file : .AWS/env/${AWS_PCS_POLICY}
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:RebootInstances", "ec2:DescribeInstances", "ec2:StartInstances", "ec2:DescribeTags", "ec2:DescribeInstanceAttribute", "ec2:UnassignPrivateIpAddresses", "ec2:ModifyInstanceAttribute", "ec2:AssignPrivateIpAddresses", "ec2:StopInstances" ], "Resource": "*" } ] }
CHK_PCS_POLICY=aws --profile ${AWS_PROFILE} iam list-policies --query 'Policies[?PolicyName==\
'${PCS_POLICY_NAME}'`].Arn' --output text 2>/dev/null`
echo CHK_PCS_POLICY=${CHK_PCS_POLICY}
'${PCS_POLICY_NAME}'
].PolicyArn' --output textaws --profile ${AWS_PROFILE} iam get-instance-profile --instance-profile-name ${AWS_INST_PROFILE} --query InstanceProfile.Roles[].RoleName --output text
curl -s http://169.254.169.254/latest/meta-data/instance-id
Everett
From: Oyvind Albrigtsen @.*** Sent: Wednesday, November 8, 2023 8:12 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1801866883__;Iw!!GszH2LQudD4GjA!mkz623OdR8mL8lmEYADHzdXMD5yrCK022h1rxgeIkjHFuk9IwvvpSmTA408OxzcQmmbxZWqM0yGzz00_ZlRPoO268GQ$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXGRR2SK6BQTYG436ODYDOANPAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBRHA3DMOBYGM__;!!GszH2LQudD4GjA!mkz623OdR8mL8lmEYADHzdXMD5yrCK022h1rxgeIkjHFuk9IwvvpSmTA408OxzcQmmbxZWqM0yGzz00_ZlRPRH14yPU$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
Here's some background on how to setup role, policy to allow fence commands and manage awsvip without using your AWS credentials. Not sure if this can be added to awsvip doc.
See attached filed awsvip.pcs.info.txt
Everett
From: Oyvind Albrigtsen @.*** Sent: Wednesday, November 8, 2023 8:12 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1801866883__;Iw!!GszH2LQudD4GjA!mkz623OdR8mL8lmEYADHzdXMD5yrCK022h1rxgeIkjHFuk9IwvvpSmTA408OxzcQmmbxZWqM0yGzz00_ZlRPoO268GQ$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXGRR2SK6BQTYG436ODYDOANPAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBRHA3DMOBYGM__;!!GszH2LQudD4GjA!mkz623OdR8mL8lmEYADHzdXMD5yrCK022h1rxgeIkjHFuk9IwvvpSmTA408OxzcQmmbxZWqM0yGzz00_ZlRPRH14yPU$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
AWS_PCS_ROLE=pcs-iam-role AWS_PCS_POLICY=pcs_to_ec2_trust_policy.json AWS_PCS_ROLE_POLICY=role_to_pcs_policy.json AWS_INST_PROFILE=pcs-iam-profile PCS_POLICY_NAME=pcs-policy EC2_NAME=rh9
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:RebootInstances", "ec2:DescribeInstances", "ec2:StartInstances", "ec2:DescribeTags", "ec2:DescribeInstanceAttribute", "ec2:UnassignPrivateIpAddresses", "ec2:ModifyInstanceAttribute", "ec2:AssignPrivateIpAddresses", "ec2:StopInstances" ], "Resource": "*" } ] }
aws --profile ${AWS_PROFILE} iam list-policies --query 'Policies[?PolicyName==\
'${PCS_POLICY_NAME}'`].Arn' --output text 2>/dev/null`'${PCS_POLICY_NAME}'
].PolicyArn' --output textaws --profile ebjr ec2 describe-instances --filter Name=tag:Name,Values=${EC2_NAME} --query 'Reservations[].Instances[0].InstanceId' Name=instance-state-name,Values=stopped --output text
OR
aws --profile ebjr ec2 describe-instances --filter Name=tag:Name,Values=${EC2_NAME} --query 'Reservations[].Instances[0].InstanceId' Name=instance-state-name,Values=running --output text
curl -s http://169.254.169.254/latest/meta-data/instance-id
Here's some background on how to setup role, policy to allow fence commands and manage awsvip without using your AWS credentials. See attached txt file.
Everett
From: Oyvind Albrigtsen @.*** Sent: Monday, November 6, 2023 8:59 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] Added awsvip2, imemst, and imeslv heartbeat resources. (PR #1899)
Thanks. I'm trying to implement it into the main awsvip agent with the auth_type parameter. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread. Message ID: ClusterLabs/resource-agents/pull/1899/c1794886396@ github. com
Thanks. I'm trying to implement it into the main awsvip agent with the auth_type parameter.
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1794886396__;Iw!!GszH2LQudD4GjA!lrp1BNWchWarE7Fndztbe3oFNJviWolT-9T8wU1nafwbSWzK3O7LdaGBYxG_VogmvLVFgZCd9J9INtgk7i_K2ZczH30$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXGVBJ7VOKDCM4KK653YDDUMFAVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJUHA4DMMZZGY__;!!GszH2LQudD4GjA!lrp1BNWchWarE7Fndztbe3oFNJviWolT-9T8wU1nafwbSWzK3O7LdaGBYxG_VogmvLVFgZCd9J9INtgk7i_KvsqTAjU$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
AWS_PCS_ROLE=pcs-iam-role AWS_PCS_POLICY=pcs_to_ec2_trust_policy.json AWS_PCS_ROLE_POLICY=role_to_pcs_policy.json AWS_INST_PROFILE=pcs-iam-profile PCS_POLICY_NAME=pcs-policy EC2_NAME=rh9
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:RebootInstances", "ec2:DescribeInstances", "ec2:StartInstances", "ec2:DescribeTags", "ec2:DescribeInstanceAttribute", "ec2:UnassignPrivateIpAddresses", "ec2:ModifyInstanceAttribute", "ec2:AssignPrivateIpAddresses", "ec2:StopInstances" ], "Resource": "*" } ] }
aws --profile ${AWS_PROFILE} iam list-policies --query 'Policies[?PolicyName==\
'${PCS_POLICY_NAME}'`].Arn' --output text 2>/dev/null`'${PCS_POLICY_NAME}'
].PolicyArn' --output textaws --profile ebjr ec2 describe-instances --filter Name=tag:Name,Values=${EC2_NAME} --query 'Reservations[].Instances[0].InstanceId' Name=instance-state-name,Values=stopped --output text
OR
aws --profile ebjr ec2 describe-instances --filter Name=tag:Name,Values=${EC2_NAME} --query 'Reservations[].Instances[0].InstanceId' Name=instance-state-name,Values=running --output text
curl -s http://169.254.169.254/latest/meta-data/instance-id
Thanks.
That's a bit much for metadata. Maybe I'll add it to a README.aws or something.
I sent an email with an attached file named awsvip.pcs.info.txt , look for that email.
I forgot to added the EC2 related steps to add profile etc
Everett
From: Oyvind Albrigtsen @.*** Sent: Tuesday, November 14, 2023 9:19 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
Thanks. That's a bit much for metadata. Maybe I'll add it to a README. aws or something. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread. Message ID: ClusterLabs/resource-agents/pull/1899/c1810304310@ github. com
Thanks.
That's a bit much for metadata. Maybe I'll add it to a README.aws or something.
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1810304310__;Iw!!GszH2LQudD4GjA!nKS_UMveOXznzT5mXgZfWb20cnt1YeiC_L6co224ZOZbTZFeG30NivJTmg7Rbmd-OLWw4HZAITzvUbx2kPqkKtUAARw$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXCV5MEHLDC3FSXBQTTYEN4Y3AVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJQGMYDIMZRGA__;!!GszH2LQudD4GjA!nKS_UMveOXznzT5mXgZfWb20cnt1YeiC_L6co224ZOZbTZFeG30NivJTmg7Rbmd-OLWw4HZAITzvUbx2kPqkzaxB1qY$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
On 14/11/23 14:15 -0800, gguifelixamz wrote:
I'm sorry I'm a few days behind here, but why do we need a new agent for AWS that the existing agents cannot be retrofitted with? The awsvip part was moved to a separate PR: https://github.com/ClusterLabs/resource-agents/pull/1900
-- Reply to this email directly or view it on GitHub: https://github.com/ClusterLabs/resource-agents/pull/1899#issuecomment-1811448261 You are receiving this because you commented.
Message ID: @.***>
No, the modification to allow the use of AWS policies is fine. I just sent you an example of how to setup role, profile, policy and attach to AWS EC2 for the AWS policy to work. Those were the commands in the aws.pcs.info.txt file I attached in previous message.
Everett
From: Oyvind Albrigtsen @.*** Sent: Wednesday, November 15, 2023 4:33 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
On 14/11/23 14: 15 -0800, gguifelixamz wrote: >I'm sorry I'm a few days behind here, but why do we need a new agent for AWS that the existing agents cannot be retrofitted with? The awsvip part was moved to a separate PR: https: //github. com/ClusterLabs/resource-agents/pull/1900
On 14/11/23 14:15 -0800, gguifelixamz wrote:
I'm sorry I'm a few days behind here, but why do we need a new agent for AWS that the existing agents cannot be retrofitted with? The awsvip part was moved to a separate PR: https://github.com/ClusterLabs/resource-agents/pull/1900https://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1900__;!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBas9p84JM$
-- Reply to this email directly or view it on GitHub: https://github.com/ClusterLabs/resource-agents/pull/1899#issuecomment-1811448261https://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1811448261__;Iw!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBaoZOTXC0$ You are receiving this because you commented.
Message ID: @.***>
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1812099834__;Iw!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBaZbSiSTs$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXDESCJS5ZBX3RGDFEDYESD57AVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJSGA4TSOBTGQ__;!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBaFJMfGC4$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
@IME-git I tried following your instructions, but it failed the final step of testing (after I moved credentials file out of the way).
Is there an email address I can use other than replying to this message? When I get a chance, I'll setup a simple AWS Rocky test for awsvip. The policy scheme does work. Everett
From: Oyvind Albrigtsen @.*** Sent: Wednesday, November 15, 2023 4:33 AM To: ClusterLabs/resource-agents Cc: Everett Bennett; Author Subject: [Marketing] Re: [ClusterLabs/resource-agents] imemst/imeslv: new resource agents (PR #1899)
On 14/11/23 14: 15 -0800, gguifelixamz wrote: >I'm sorry I'm a few days behind here, but why do we need a new agent for AWS that the existing agents cannot be retrofitted with? The awsvip part was moved to a separate PR: https: //github. com/ClusterLabs/resource-agents/pull/1900
On 14/11/23 14:15 -0800, gguifelixamz wrote:
I'm sorry I'm a few days behind here, but why do we need a new agent for AWS that the existing agents cannot be retrofitted with? The awsvip part was moved to a separate PR: https://github.com/ClusterLabs/resource-agents/pull/1900https://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1900__;!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBas9p84JM$
-- Reply to this email directly or view it on GitHub: https://github.com/ClusterLabs/resource-agents/pull/1899#issuecomment-1811448261https://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1811448261__;Iw!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBaoZOTXC0$ You are receiving this because you commented.
Message ID: @.***>
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/ClusterLabs/resource-agents/pull/1899*issuecomment-1812099834__;Iw!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBaZbSiSTs$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BDYDBXDESCJS5ZBX3RGDFEDYESD57AVCNFSM6AAAAAA67OEDYGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJSGA4TSOBTGQ__;!!GszH2LQudD4GjA!leFBEmd1So1tv0zl_tWQfUBoyglvHveVPeptmUO64dTmNloB7G3k8EY2spp_n5Qg8KSS_EE3KORwCeqV9FBaFJMfGC4$. You are receiving this because you authored the thread.Message ID: @.***>
All emails in this message string and any attachments are the confidential information of CSG Systems International, Inc. (CSG), or its affiliates and subsidiaries, and may contain privileged and/or confidential material. If you are not an intended recipient, please delete it immediately and notify the sender; unintended recipients are not authorized to read or otherwise use the information contained herein.
No worries. I just had to add the role to the nodes.
How do I pull this again and and then cancel
imemst/imeslv: new resource agents #1899