Ejemplo n.º 1
0
def set_add_resource_sets(elem, sets, cib):
    allowed_options = {
        "sequential": ("true", "false"),
        "require-all": ("true", "false"),
        "action": ("start", "promote", "demote", "stop"),
        "role": ("Stopped", "Started", "Master", "Slave"),
    }

    for o_set in sets:
        set_id = "pcs_rsc_set"
        res_set = cib.createElement("resource_set")
        elem.appendChild(res_set)
        for opts in o_set:
            if opts.find("=") != -1:
                key, val = opts.split("=")
                if key not in allowed_options:
                    utils.err("invalid option '%s', allowed options are: %s" %
                              (key, ", ".join(allowed_options.keys())))
                if val not in allowed_options[key]:
                    utils.err(
                        "invalid value '%s' of option '%s', allowed values are: %s"
                        % (val, key, ", ".join(allowed_options[key])))
                res_set.setAttribute(key, val)
            else:
                res_valid, res_error = utils.validate_constraint_resource(
                    cib, opts)
                if not res_valid:
                    utils.err(res_error)
                se = cib.createElement("resource_ref")
                res_set.appendChild(se)
                se.setAttribute("id", opts)
                set_id = set_id + "_" + opts
        res_set.setAttribute("id", utils.find_unique_id(cib, set_id))
Ejemplo n.º 2
0
def colocation_set(argv):
    setoptions = []
    for i in range(len(argv)):
        if argv[i] == "setoptions":
            setoptions = argv[i+1:]
            argv[i:] = []
            break

    current_set = set_args_into_array(argv)
    colocation_id = "pcs_rsc_colocation"
    for a in argv:
        if a.find('=') == -1:
            colocation_id = colocation_id + "_" + a

    cib = utils.get_cib_etree()
    constraints = cib.find(".//constraints")
    if constraints == None:
        constraints = ET.SubElement(cib, "constraints")
    rsc_colocation = ET.SubElement(constraints,"rsc_colocation")
    rsc_colocation.set("id", utils.find_unique_id(cib,colocation_id))
    rsc_colocation.set("score","INFINITY")
    for opt in setoptions:
        if opt.find("=") != -1:
            name,value = opt.split("=")
            rsc_colocation.set(name,value)
    set_add_resource_sets(rsc_colocation, current_set, cib)
    utils.replace_cib_configuration(cib)
Ejemplo n.º 3
0
def set_add_resource_sets(elem, sets, cib):
    allowed_options = {
        "sequential": ("true", "false"),
        "require-all": ("true", "false"),
        "action" : ("start", "promote", "demote", "stop"),
        "role" : ("Stopped", "Started", "Master", "Slave"),
    }

    for o_set in sets:
        set_id = "pcs_rsc_set"
        res_set = ET.SubElement(elem,"resource_set")
        for opts in o_set:
            if opts.find("=") != -1:
                key,val = opts.split("=")
                if key not in allowed_options:
                    utils.err(
                        "invalid option '%s', allowed options are: %s"
                        % (key, ", ".join(allowed_options.keys()))
                    )
                if val not in allowed_options[key]:
                    utils.err(
                        "invalid value '%s' of option '%s', allowed values are: %s"
                        % (val, key, ", ".join(allowed_options[key]))
                    )
                res_set.set(key,val)
            else:
                se = ET.SubElement(res_set,"resource_ref")
                se.set("id",opts)
                set_id = set_id + "_" + opts
        res_set.set("id", utils.find_unique_id(cib,set_id))
Ejemplo n.º 4
0
def order_set(argv):
    setoptions = []
    for i in range(len(argv)):
        if argv[i] == "setoptions":
            setoptions = argv[i + 1:]
            argv[i:] = []
            break

    argv.insert(0, "set")
    resource_sets = set_args_into_array(argv)
    if not check_empty_resource_sets(resource_sets):
        usage.constraint(["order set"])
        sys.exit(1)
    cib, constraints = getCurrentConstraints(utils.get_cib_dom())

    attributes = []
    id_specified = False
    for opt in setoptions:
        if "=" not in opt:
            utils.err("missing value of '%s' option" % opt)
        name, value = opt.split("=", 1)
        if name == "id":
            id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
            if not id_valid:
                utils.err(id_error)
            if utils.does_id_exist(cib, value):
                utils.err(
                    "id '%s' is already in use, please specify another one" %
                    value)
            id_specified = True
            attributes.append((name, value))
        elif name == "kind":
            normalized_value = value.lower().capitalize()
            if normalized_value not in OPTIONS_KIND:
                utils.err("invalid kind value '%s', allowed values are: %s" %
                          (value, ", ".join(OPTIONS_KIND)))
            attributes.append((name, normalized_value))
        elif name == "symmetrical":
            if value.lower() not in OPTIONS_SYMMETRICAL:
                utils.err(
                    "invalid symmetrical value '%s', allowed values are: %s" %
                    (value, ", ".join(OPTIONS_SYMMETRICAL)))
            attributes.append((name, value.lower()))
        else:
            utils.err("invalid option '%s', allowed options are: %s" %
                      (name, "kind, symmetrical, id"))

    if not id_specified:
        order_id = "pcs_rsc_order"
        for a in argv:
            if "=" not in a:
                order_id += "_" + a
        attributes.append(("id", utils.find_unique_id(cib, order_id)))

    rsc_order = cib.createElement("rsc_order")
    for name, value in attributes:
        rsc_order.setAttribute(name, value)
    set_add_resource_sets(rsc_order, resource_sets, cib)
    constraints.appendChild(rsc_order)
    utils.replace_cib_configuration(cib)
Ejemplo n.º 5
0
def stonith_level_add(level, node, devices):
    dom = utils.get_cib_dom()

    if not "--force" in utils.pcs_options:
        for dev in devices.split(","):
            if not utils.is_stonith_resource(dev):
                utils.err("%s is not a stonith id (use --force to override)" % dev)
        if not utils.is_corosync_node(node):
            utils.err("%s is not currently a node (use --force to override)" % node)

    ft = dom.getElementsByTagName("fencing-topology")
    if len(ft) == 0:
        conf = dom.getElementsByTagName("configuration")[0]
        ft = dom.createElement("fencing-topology")
        conf.appendChild(ft)
    else:
        ft = ft[0]

    fls = ft.getElementsByTagName("fencing-level")
    for fl in fls:
        if fl.getAttribute("target") == node and fl.getAttribute("index") == level and fl.getAttribute("devices") == devices:
            utils.err("unable to add fencing level, fencing level for node: %s, at level: %s, with device: %s already exists" % (node,level,devices))

    new_fl = dom.createElement("fencing-level")
    ft.appendChild(new_fl)
    new_fl.setAttribute("target", node)
    new_fl.setAttribute("index", level)
    new_fl.setAttribute("devices", devices)
    new_fl.setAttribute("id", utils.find_unique_id(dom, "fl-" + node +"-" + level))

    utils.replace_cib_configuration(dom)
Ejemplo n.º 6
0
def colocation_add(argv):
    if len(argv) < 2:
        usage.constraint()
        sys.exit(1)

    resource1 = argv.pop(0)
    resource2 = argv.pop(0)

    if not utils.does_resource_exist(resource1):
        print "Error: Resource '" + resource1 + "' does not exist"
        sys.exit(1)

    if not utils.does_resource_exist(resource2):
        print "Error: Resource '" + resource2 + "' does not exist"
        sys.exit(1)

    score,nv_pairs = parse_score_options(argv)

    (dom,constraintsElement) = getCurrentConstraints()
    cl_id = utils.find_unique_id(dom, "colocation-" + resource1 + "-" +
            resource2 + "-" + score)

    element = dom.createElement("rsc_colocation")
    element.setAttribute("id",cl_id)
    element.setAttribute("rsc",resource1)
    element.setAttribute("with-rsc",resource2)
    element.setAttribute("score",score)
    for nv_pair in nv_pairs:
        element.setAttribute(nv_pair[0], nv_pair[1])
    constraintsElement.appendChild(element)
    xml_constraint_string = constraintsElement.toxml()
    args = ["cibadmin", "-c", "-R", "--xml-text", xml_constraint_string]
    output,retval = utils.run(args)
    if output != "":
        print output
Ejemplo n.º 7
0
def stonith_level_add(level, node, devices):
    dom = utils.get_cib_dom()

    if not "--force" in utils.pcs_options:
        for dev in devices.split(","):
            if not utils.is_stonith_resource(dev):
                utils.err("%s is not a stonith id (use --force to override)" % dev)
        if not utils.is_pacemaker_node(node) and not utils.is_corosync_node(node):
            utils.err("%s is not currently a node (use --force to override)" % node)

    ft = dom.getElementsByTagName("fencing-topology")
    if len(ft) == 0:
        conf = dom.getElementsByTagName("configuration")[0]
        ft = dom.createElement("fencing-topology")
        conf.appendChild(ft)
    else:
        ft = ft[0]

    fls = ft.getElementsByTagName("fencing-level")
    for fl in fls:
        if fl.getAttribute("target") == node and fl.getAttribute("index") == level and fl.getAttribute("devices") == devices:
            utils.err("unable to add fencing level, fencing level for node: %s, at level: %s, with device: %s already exists" % (node,level,devices))

    new_fl = dom.createElement("fencing-level")
    ft.appendChild(new_fl)
    new_fl.setAttribute("target", node)
    new_fl.setAttribute("index", level)
    new_fl.setAttribute("devices", devices)
    new_fl.setAttribute("id", utils.find_unique_id(dom, "fl-" + node +"-" + level))

    utils.replace_cib_configuration(dom)
Ejemplo n.º 8
0
Archivo: acl.py Proyecto: MichalCab/pcs
def acl_permission(argv):
    if len(argv) < 1:
        usage.acl("permission")
        sys.exit(1)

    dom = utils.get_cib_dom()
    dom, acls = get_acls(dom)

    command = argv.pop(0)
    if command == "add":
        if len(argv) < 4:
            usage.acl("permission add")
            sys.exit(1)
        role_id = argv.pop(0)
        found = False
        for role in dom.getElementsByTagName("acl_role"):
            if role.getAttribute("id") == role_id:
                found = True
                break
        if found == False:
            acl_role(["create", role_id] + argv) 
            return

        while len(argv) >= 3:
            kind = argv.pop(0)
            se = dom.createElement("acl_permission")
            se.setAttribute("id", utils.find_unique_id(dom, role_id + "-" + kind))
            se.setAttribute("kind", kind)
            xp_id = argv.pop(0)
            if xp_id == "xpath":
                xpath_query = argv.pop(0)
                se.setAttribute("xpath",xpath_query)
            elif xp_id == "id":
                acl_ref = argv.pop(0)
                se.setAttribute("reference",acl_ref)
            else:
                usage.acl("permission add")
            role.appendChild(se)

        utils.replace_cib_configuration(dom)

    elif command == "delete":
        if len(argv) < 1:
            usage.acl("permission delete")
            sys.exit(1)

        perm_id = argv.pop(0)
        found = False
        for elem in dom.getElementsByTagName("acl_permission"):
            if elem.getAttribute("id") == perm_id:
                elem.parentNode.removeChild(elem)
                found = True
        if not found:
            utils.err("Unable to find permission with id: %s" % perm_id)

        utils.replace_cib_configuration(dom)

    else:
        usage.acl("permission")
        sys.exit(1)
Ejemplo n.º 9
0
def location_rule(argv):
    if len(argv) < 3:
        usage.constraint("location rule")
        sys.exit(1)
    
    res_name = argv.pop(0)
    resource_valid, resource_error = utils.validate_constraint_resource(
        utils.get_cib_dom(), res_name
    )
    if not resource_valid:
        utils.err(resource_error)

    argv.pop(0)

    cib = utils.get_cib_dom()
    constraints = cib.getElementsByTagName("constraints")[0]
    lc = cib.createElement("rsc_location")
    constraints.appendChild(lc)
    lc_id = utils.find_unique_id(cib, "location-" + res_name)
    lc.setAttribute("id", lc_id)
    lc.setAttribute("rsc", res_name)

    rule_utils.dom_rule_add(lc, argv)

    utils.replace_cib_configuration(cib)
Ejemplo n.º 10
0
def colocation_add(argv):
    if len(argv) < 2:
        usage.constraint()
        sys.exit(1)

    resource1 = argv.pop(0)
    resource2 = argv.pop(0)

    score, nv_pairs = parse_score_options(argv)

    (dom, constraintsElement) = getCurrentConstraints()
    cl_id = utils.find_unique_id(
        dom, "colocation-" + resource1 + "-" + resource2 + "-" + score)

    element = dom.createElement("rsc_colocation")
    element.setAttribute("id", cl_id)
    element.setAttribute("rsc", resource1)
    element.setAttribute("with-rsc", resource2)
    element.setAttribute("score", score)
    for nv_pair in nv_pairs:
        element.setAttribute(nv_pair[0], nv_pair[1])
    constraintsElement.appendChild(element)
    xml_constraint_string = constraintsElement.toxml()
    args = ["cibadmin", "-c", "-R", "--xml-text", xml_constraint_string]
    output, retval = utils.run(args)
    if output != "":
        print output
Ejemplo n.º 11
0
def order_set(argv):
    current_set = set_args_into_array(argv)
    cib = utils.get_cib_etree()
    constraints = cib.find(".//constraints")
    if constraints == None:
        constraints = ET.SubElement(cib, "constraints")
    rsc_order = ET.SubElement(constraints,"rsc_order")
    rsc_order.set("id", utils.find_unique_id(cib,"pcs_rsc_order"))
    set_add_resource_sets(rsc_order, current_set, cib)
    utils.replace_cib_configuration(cib)
Ejemplo n.º 12
0
def order_set(argv):
    current_set = set_args_into_array(argv)
    cib = utils.get_cib_etree()
    constraints = cib.find(".//constraints")
    if constraints == None:
        constraints = ET.SubElement(cib, "constraints")
    rsc_order = ET.SubElement(constraints, "rsc_order")
    rsc_order.set("id", utils.find_unique_id(cib, "pcs_rsc_order"))
    set_add_resource_sets(rsc_order, current_set, cib)
    utils.replace_cib_configuration(cib)
Ejemplo n.º 13
0
def set_add_resource_sets(elem, sets, cib):
    for o_set in sets:
        res_set = ET.SubElement(elem,"resource_set")
        res_set.set("id", utils.find_unique_id(cib,"pcs_rsc_set"))
        for opts in o_set:
            if opts.find("=") != -1:
                key,val = opts.split("=")
                res_set.set(key,val)
            else:
                se = ET.SubElement(res_set,"resource_ref")
                se.set("id",opts)
Ejemplo n.º 14
0
def set_add_resource_sets(elem, sets, cib):
    for o_set in sets:
        res_set = ET.SubElement(elem, "resource_set")
        res_set.set("id", utils.find_unique_id(cib, "pcs_rsc_set"))
        for opts in o_set:
            if opts.find("=") != -1:
                key, val = opts.split("=")
                res_set.set(key, val)
            else:
                se = ET.SubElement(res_set, "resource_ref")
                se.set("id", opts)
Ejemplo n.º 15
0
def location_rule(argv):
    if len(argv) < 3:
        usage.constraint(["location", "rule"])
        sys.exit(1)

    res_name = argv.pop(0)
    resource_valid, resource_error, correct_id \
        = utils.validate_constraint_resource(utils.get_cib_dom(), res_name)
    if "--autocorrect" in utils.pcs_options and correct_id:
        res_name = correct_id
    elif not resource_valid:
        utils.err(resource_error)

    argv.pop(0)  # pop "rule"

    options, rule_argv = rule_utils.parse_argv(argv, {
        "constraint-id": None,
        "resource-discovery": None,
    })

    # If resource-discovery is specified, we use it with the rsc_location
    # element not the rule
    if "resource-discovery" in options and options["resource-discovery"]:
        utils.checkAndUpgradeCIB(2, 2, 0)
        cib, constraints = getCurrentConstraints(utils.get_cib_dom())
        lc = cib.createElement("rsc_location")
        lc.setAttribute("resource-discovery",
                        options.pop("resource-discovery"))
    else:
        cib, constraints = getCurrentConstraints(utils.get_cib_dom())
        lc = cib.createElement("rsc_location")

    constraints.appendChild(lc)
    if options.get("constraint-id"):
        id_valid, id_error = utils.validate_xml_id(options["constraint-id"],
                                                   'constraint id')
        if not id_valid:
            utils.err(id_error)
        if utils.does_id_exist(cib, options["constraint-id"]):
            utils.err("id '%s' is already in use, please specify another one" %
                      options["constraint-id"])
        lc.setAttribute("id", options["constraint-id"])
        del options["constraint-id"]
    else:
        lc.setAttribute("id", utils.find_unique_id(cib,
                                                   "location-" + res_name))
    lc.setAttribute("rsc", res_name)

    rule_utils.dom_rule_add(lc, options, rule_argv)
    location_rule_check_duplicates(constraints, lc)
    utils.replace_cib_configuration(cib)
Ejemplo n.º 16
0
def location_rule(argv):
    if len(argv) < 3:
        usage.constraint(["location", "rule"])
        sys.exit(1)
    
    res_name = argv.pop(0)
    resource_valid, resource_error, correct_id \
        = utils.validate_constraint_resource(utils.get_cib_dom(), res_name)
    if "--autocorrect" in utils.pcs_options and correct_id:
        res_name = correct_id
    elif not resource_valid:
        utils.err(resource_error)

    argv.pop(0) # pop "rule"

    options, rule_argv = rule_utils.parse_argv(argv, {"constraint-id": None, "resource-discovery": None,})

    # If resource-discovery is specified, we use it with the rsc_location
    # element not the rule
    if "resource-discovery" in options and options["resource-discovery"]:
        utils.checkAndUpgradeCIB(2,2,0)
        cib, constraints = getCurrentConstraints(utils.get_cib_dom())
        lc = cib.createElement("rsc_location")
        lc.setAttribute("resource-discovery", options.pop("resource-discovery"))
    else:
        cib, constraints = getCurrentConstraints(utils.get_cib_dom())
        lc = cib.createElement("rsc_location")


    constraints.appendChild(lc)
    if options.get("constraint-id"):
        id_valid, id_error = utils.validate_xml_id(
            options["constraint-id"], 'constraint id'
        )
        if not id_valid:
            utils.err(id_error)
        if utils.does_id_exist(cib, options["constraint-id"]):
            utils.err(
                "id '%s' is already in use, please specify another one"
                % options["constraint-id"]
            )
        lc.setAttribute("id", options["constraint-id"])
        del options["constraint-id"]
    else:
        lc.setAttribute("id", utils.find_unique_id(cib, "location-" + res_name))
    lc.setAttribute("rsc", res_name)

    rule_utils.dom_rule_add(lc, options, rule_argv)
    location_rule_check_duplicates(constraints, lc)
    utils.replace_cib_configuration(cib)
Ejemplo n.º 17
0
def order_set(argv):
    current_set = set_args_into_array(argv)

    order_id = "pcs_rsc_order"
    for a in argv:
        if a.find('=') == -1:
            order_id = order_id + "_" + a

    cib, constraints = getCurrentConstraints(utils.get_cib_dom())
    rsc_order = cib.createElement("rsc_order")
    constraints.appendChild(rsc_order)
    rsc_order.setAttribute("id", utils.find_unique_id(cib, order_id))
    set_add_resource_sets(rsc_order, current_set, cib)
    utils.replace_cib_configuration(cib)
Ejemplo n.º 18
0
def order_set(argv):
    current_set = set_args_into_array(argv)

    order_id = "pcs_rsc_order"
    for a in argv:
        if a.find('=') == -1:
            order_id = order_id + "_" + a

    cib, constraints = getCurrentConstraints(utils.get_cib_dom())
    rsc_order = cib.createElement("rsc_order")
    constraints.appendChild(rsc_order)
    rsc_order.setAttribute("id", utils.find_unique_id(cib, order_id))
    set_add_resource_sets(rsc_order, current_set, cib)
    utils.replace_cib_configuration(cib)
Ejemplo n.º 19
0
def set_add_resource_sets(elem, sets, cib):
    allowed_options = {
        "sequential": ("true", "false"),
        "require-all": ("true", "false"),
        "action" : OPTIONS_ACTION,
        "role" : OPTIONS_ROLE,
    }

    for o_set in sets:
        set_id = "pcs_rsc_set"
        res_set = cib.createElement("resource_set")
        elem.appendChild(res_set)
        for opts in o_set:
            if opts.find("=") != -1:
                key,val = opts.split("=")
                if key not in allowed_options:
                    utils.err(
                        "invalid option '%s', allowed options are: %s"
                        % (key, ", ".join(allowed_options.keys()))
                    )
                if val not in allowed_options[key]:
                    utils.err(
                        "invalid value '%s' of option '%s', allowed values are: %s"
                        % (val, key, ", ".join(allowed_options[key]))
                    )
                res_set.setAttribute(key, val)
            else:
                res_valid, res_error, correct_id \
                    = utils.validate_constraint_resource(cib, opts)
                if "--autocorrect" in utils.pcs_options and correct_id:
                    opts = correct_id
                elif not res_valid:
                    utils.err(res_error)
                se = cib.createElement("resource_ref")
                res_set.appendChild(se)
                se.setAttribute("id", opts)
                set_id = set_id + "_" + opts
        res_set.setAttribute("id", utils.find_unique_id(cib, set_id))
    if "--force" not in utils.pcs_options:
        duplicates = set_constraint_find_duplicates(cib, elem)
        if duplicates:
            utils.err(
                "duplicate constraint already exists, use --force to override\n"
                + "\n".join([
                    "  " + set_constraint_el_to_string(dup, True)
                    for dup in duplicates
                ])
            )
Ejemplo n.º 20
0
def resource_operation_add(res_id, argv):
    if len(argv) < 1:
        usage.resource()
        sys.exit(1)

    op_name = argv.pop(0)
    dom = utils.get_cib_dom()
    resource_found = False

    for resource in dom.getElementsByTagName("primitive"):
        if resource.getAttribute("id") == res_id:
            resource_found = True
            break

    if not resource_found:
        print "Unable to find resource: %s" % res_id
        sys.exit(1)

    op_properties = convert_args_to_tuples(argv)
    op_properties.sort(key=lambda a:a[0])
    op_properties.insert(0,('name', op_name))
    found_match = False

    op = dom.createElement("op")
    op_id = res_id + "-"
    for prop in op_properties:
        op.setAttribute(prop[0], prop[1])
        op_id += prop[0] + "-" + prop[1] + "-"
    op_id = op_id[:-1]
    op_id = utils.find_unique_id(dom, op_id)
    op.setAttribute("id", op_id)

    operations = resource.getElementsByTagName("operations")
    if len(operations) == 0:
        operations = dom.createElement("operations")
        resource.appendChild(operations)
    else:
        operations = operations[0]

    if utils.operation_exists(operations,op):
        print "Error: identical operation already exists for %s" % res_id
        sys.exit(1)

    operations.appendChild(op)
    utils.replace_cib_configuration(dom)
Ejemplo n.º 21
0
def location_rule(argv):
    if len(argv) < 3:
        usage.constraint("location rule")
        sys.exit(1)

    res_name = argv.pop(0)
    argv.pop(0)

    cib = utils.get_cib_etree()
    constraints = cib.find(".//constraints")
    lc = ET.SubElement(constraints, "rsc_location")
    lc_id = utils.find_unique_id(cib, "location-" + res_name)
    lc.set("id", lc_id)
    lc.set("rsc", res_name)

    utils.rule_add(lc, argv)

    utils.replace_cib_configuration(cib)
Ejemplo n.º 22
0
def location_rule(argv):
    if len(argv) < 3:
        usage.constraint("location rule")
        sys.exit(1)
    
    res_name = argv.pop(0)
    argv.pop(0)

    cib = utils.get_cib_etree()
    constraints = cib.find(".//constraints")
    lc = ET.SubElement(constraints,"rsc_location")
    lc_id = utils.find_unique_id(cib, "location-" + res_name)
    lc.set("id", lc_id)
    lc.set("rsc", res_name)

    utils.rule_add(lc, argv)

    utils.replace_cib_configuration(cib)
Ejemplo n.º 23
0
def set_add_resource_sets(elem, sets, cib):
    allowed_options = {
        "sequential": ("true", "false"),
        "require-all": ("true", "false"),
        "action": OPTIONS_ACTION,
        "role": OPTIONS_ROLE,
    }

    for o_set in sets:
        set_id = "pcs_rsc_set"
        res_set = cib.createElement("resource_set")
        elem.appendChild(res_set)
        for opts in o_set:
            if opts.find("=") != -1:
                key, val = opts.split("=")
                if key not in allowed_options:
                    utils.err("invalid option '%s', allowed options are: %s" %
                              (key, ", ".join(allowed_options.keys())))
                if val not in allowed_options[key]:
                    utils.err(
                        "invalid value '%s' of option '%s', allowed values are: %s"
                        % (val, key, ", ".join(allowed_options[key])))
                res_set.setAttribute(key, val)
            else:
                res_valid, res_error, correct_id \
                    = utils.validate_constraint_resource(cib, opts)
                if "--autocorrect" in utils.pcs_options and correct_id:
                    opts = correct_id
                elif not res_valid:
                    utils.err(res_error)
                se = cib.createElement("resource_ref")
                res_set.appendChild(se)
                se.setAttribute("id", opts)
                set_id = set_id + "_" + opts
        res_set.setAttribute("id", utils.find_unique_id(cib, set_id))
    if "--force" not in utils.pcs_options:
        duplicates = set_constraint_find_duplicates(cib, elem)
        if duplicates:
            utils.err(
                "duplicate constraint already exists, use --force to override\n"
                + "\n".join([
                    "  " + set_constraint_el_to_string(dup, True)
                    for dup in duplicates
                ]))
Ejemplo n.º 24
0
def location_rule(argv):
    if len(argv) < 3:
        usage.constraint("location rule")
        sys.exit(1)
    
    res_name = argv.pop(0)

    (dom, constraintsElement) = getCurrentConstraints()

    lc = dom.createElement("rsc_location")
    lc_id = utils.find_unique_id(dom, "location-" + res_name)
    lc.setAttribute("id", lc_id)
    lc.setAttribute("rsc", res_name)

    rule = utils.getRule(dom, lc, argv)
    lc.appendChild(rule)
    constraintsElement.appendChild(lc)

    utils.replace_cib_configuration(dom)
Ejemplo n.º 25
0
def location_rule(argv):
    if len(argv) < 3:
        usage.constraint("location rule")
        sys.exit(1)

    res_name = argv.pop(0)

    (dom, constraintsElement) = getCurrentConstraints()

    lc = dom.createElement("rsc_location")
    lc_id = utils.find_unique_id(dom, "location-" + res_name)
    lc.setAttribute("id", lc_id)
    lc.setAttribute("rsc", res_name)

    rule = utils.getRule(dom, lc, argv)
    lc.appendChild(rule)
    constraintsElement.appendChild(lc)

    utils.replace_cib_configuration(dom)
Ejemplo n.º 26
0
def colocation_set(argv):
    setoptions = []
    for i in range(len(argv)):
        if argv[i] == "setoptions":
            setoptions = argv[i+1:]
            argv[i:] = []
            break

    current_set = set_args_into_array(argv)
    colocation_id = "pcs_rsc_colocation"
    for a in argv:
        if a.find('=') == -1:
            colocation_id = colocation_id + "_" + a

    cib = utils.get_cib_etree()
    constraints = cib.find(".//constraints")
    if constraints == None:
        constraints = ET.SubElement(cib, "constraints")
    rsc_colocation = ET.SubElement(constraints,"rsc_colocation")
    rsc_colocation.set("id", utils.find_unique_id(cib,colocation_id))
    rsc_colocation.set("score","INFINITY")
    score_options = ("score", "score-attribute", "score-attribute-mangle")
    score_specified = False
    for opt in setoptions:
        if opt.find("=") != -1:
            name,value = opt.split("=")
            if name not in score_options:
                utils.err(
                    "invalid option '%s', allowed options are: %s"
                    % (name, ", ".join(score_options))
                )
            if score_specified:
                utils.err("you cannot specify multiple score options")
            score_specified = True
            if name == "score" and not utils.is_score(value):
                utils.err(
                    "invalid score '%s', use integer or INFINITY or -INFINITY"
                    % value
                )
            rsc_colocation.set(name,value)
    set_add_resource_sets(rsc_colocation, current_set, cib)
    utils.replace_cib_configuration(cib)
Ejemplo n.º 27
0
def colocation_set(argv):
    setoptions = []
    for i in range(len(argv)):
        if argv[i] == "setoptions":
            setoptions = argv[i + 1:]
            argv[i:] = []
            break

    current_set = set_args_into_array(argv)
    cib = utils.get_cib_etree()
    constraints = cib.find(".//constraints")
    if constraints == None:
        constraints = ET.SubElement(cib, "constraints")
    rsc_colocation = ET.SubElement(constraints, "rsc_colocation")
    rsc_colocation.set("id", utils.find_unique_id(cib, "pcs_rsc_colocation"))
    for opt in setoptions:
        if opt.find("=") != -1:
            name, value = opt.split("=")
            rsc_colocation.set(name, value)
    set_add_resource_sets(rsc_colocation, current_set, cib)
    utils.replace_cib_configuration(cib)
Ejemplo n.º 28
0
Archivo: acl.py Proyecto: tradej/pcs
def add_permissions_to_role(role_element, argv):
    dom = role_element.ownerDocument
    role_id = role_element.getAttribute("id")
    while argv:
        if len(argv) < 3:
            return False
        rwd = argv.pop(0).lower()
        if not rwd in ["read", "write", "deny"]:
            return False
        se = dom.createElement("acl_permission")
        se.setAttribute("id", utils.find_unique_id(dom, role_id + "-" + rwd))
        se.setAttribute("kind", rwd)
        xp_id = argv.pop(0).lower()
        if xp_id == "xpath":
            xpath_query = argv.pop(0)
            se.setAttribute("xpath", xpath_query)
        elif xp_id == "id":
            acl_ref = argv.pop(0)
            se.setAttribute("reference", acl_ref)
        else:
            return False
        role_element.appendChild(se)
    return True
Ejemplo n.º 29
0
Archivo: acl.py Proyecto: ingted/pcs
def add_permissions_to_role(role_element, argv):
    dom = role_element.ownerDocument
    role_id = role_element.getAttribute("id")
    while argv:
        if len(argv) < 3:
            return False
        rwd = argv.pop(0).lower()
        if not rwd in ["read", "write", "deny"]:
            return False
        se = dom.createElement("acl_permission")
        se.setAttribute("id", utils.find_unique_id(dom, role_id + "-" + rwd))
        se.setAttribute("kind", rwd)
        xp_id = argv.pop(0).lower()
        if xp_id == "xpath":
            xpath_query = argv.pop(0)
            se.setAttribute("xpath", xpath_query)
        elif xp_id == "id":
            acl_ref = argv.pop(0)
            se.setAttribute("reference", acl_ref)
        else:
            return False
        role_element.appendChild(se)
    return True
Ejemplo n.º 30
0
def set_add_resource_sets(elem, sets, cib):
    allowed_options = {
        "sequential": ("true", "false"),
        "require-all": ("true", "false"),
        "action" : ("start", "promote", "demote", "stop"),
        "role" : ("Stopped", "Started", "Master", "Slave"),
    }

    for o_set in sets:
        set_id = "pcs_rsc_set"
        res_set = cib.createElement("resource_set")
        elem.appendChild(res_set)
        for opts in o_set:
            if opts.find("=") != -1:
                key,val = opts.split("=")
                if key not in allowed_options:
                    utils.err(
                        "invalid option '%s', allowed options are: %s"
                        % (key, ", ".join(allowed_options.keys()))
                    )
                if val not in allowed_options[key]:
                    utils.err(
                        "invalid value '%s' of option '%s', allowed values are: %s"
                        % (val, key, ", ".join(allowed_options[key]))
                    )
                res_set.setAttribute(key, val)
            else:
                res_valid, res_error = utils.validate_constraint_resource(
                    cib, opts
                )
                if not res_valid:
                    utils.err(res_error)
                se = cib.createElement("resource_ref")
                res_set.appendChild(se)
                se.setAttribute("id", opts)
                set_id = set_id + "_" + opts
        res_set.setAttribute("id", utils.find_unique_id(cib, set_id))
Ejemplo n.º 31
0
def location_rule(argv):
    if len(argv) < 3:
        usage.constraint("location rule")
        sys.exit(1)

    res_name = argv.pop(0)
    resource_valid, resource_error = utils.validate_constraint_resource(
        utils.get_cib_dom(), res_name)
    if not resource_valid:
        utils.err(resource_error)

    argv.pop(0)

    cib = utils.get_cib_dom()
    constraints = cib.getElementsByTagName("constraints")[0]
    lc = cib.createElement("rsc_location")
    constraints.appendChild(lc)
    lc_id = utils.find_unique_id(cib, "location-" + res_name)
    lc.setAttribute("id", lc_id)
    lc.setAttribute("rsc", res_name)

    rule_utils.dom_rule_add(lc, argv)

    utils.replace_cib_configuration(cib)
Ejemplo n.º 32
0
def colocation_add(argv):
    if len(argv) < 2:
        usage.constraint()
        sys.exit(1)

    role1 = ""
    role2 = ""
    if len(argv) > 2:
        if not utils.is_score_or_opt(argv[2]):
            if argv[2] == "with":
                role1 = argv.pop(0).lower().capitalize()
                resource1 = argv.pop(0)
            else:
                resource1 = argv.pop(0)

            argv.pop(0)  # Pop 'with'

            if len(argv) == 1:
                resource2 = argv.pop(0)
            else:
                if utils.is_score_or_opt(argv[1]):
                    resource2 = argv.pop(0)
                else:
                    role2 = argv.pop(0).lower().capitalize()
                    resource2 = argv.pop(0)
        else:
            resource1 = argv.pop(0)
            resource2 = argv.pop(0)
    else:
        resource1 = argv.pop(0)
        resource2 = argv.pop(0)

    if not utils.is_valid_constraint_resource(resource1):
        utils.err("Resource '" + resource1 + "' does not exist")

    if not utils.is_valid_constraint_resource(resource2):
        utils.err("Resource '" + resource2 + "' does not exist")

    score, nv_pairs = parse_score_options(argv)

    (dom, constraintsElement) = getCurrentConstraints()
    cl_id = utils.find_unique_id(
        dom, "colocation-" + resource1 + "-" + resource2 + "-" + score)

    # If one role is specified, the other should default to "started"
    if role1 != "" and role2 == "":
        role2 = "Started"
    if role2 != "" and role1 == "":
        role1 = "Started"

    element = dom.createElement("rsc_colocation")
    element.setAttribute("id", cl_id)
    element.setAttribute("rsc", resource1)
    element.setAttribute("with-rsc", resource2)
    element.setAttribute("score", score)
    if role1 != "":
        element.setAttribute("rsc-role", role1)
    if role2 != "":
        element.setAttribute("with-rsc-role", role2)
    for nv_pair in nv_pairs:
        element.setAttribute(nv_pair[0], nv_pair[1])
    constraintsElement.appendChild(element)
    xml_constraint_string = constraintsElement.toxml()
    args = ["cibadmin", "-c", "-R", "--xml-text", xml_constraint_string]
    output, retval = utils.run(args)
    if output != "":
        print output
Ejemplo n.º 33
0
def order_add(argv,returnElementOnly=False):
    if len(argv) < 2:
        usage.constraint()
        sys.exit(1)

    resource1 = argv.pop(0)
    resource2 = argv.pop(0)

    cib_dom = utils.get_cib_dom()
    resource_valid, resource_error, correct_id \
        = utils.validate_constraint_resource(cib_dom, resource1)
    if "--autocorrect" in utils.pcs_options and correct_id:
        resource1 = correct_id
    elif not resource_valid:
        utils.err(resource_error)
    resource_valid, resource_error, correct_id \
        = utils.validate_constraint_resource(cib_dom, resource2)
    if "--autocorrect" in utils.pcs_options and correct_id:
        resource2 = correct_id
    elif not resource_valid:
        utils.err(resource_error)

    order_options = []
    id_specified = False
    sym = None
    for arg in argv:
        if arg == "symmetrical":
            sym = "true"
        elif arg == "nonsymmetrical":
            sym = "false"
        elif "=" in arg:
            name, value = arg.split("=", 1)
            if name == "id":
                id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
                if not id_valid:
                    utils.err(id_error)
                if utils.does_id_exist(cib_dom, value):
                    utils.err(
                        "id '%s' is already in use, please specify another one"
                        % value
                    )
                id_specified = True
                order_options.append((name, value))
            elif name == "symmetrical":
                if value.lower() in OPTIONS_SYMMETRICAL:
                    sym = value.lower()
                else:
                    utils.err(
                        "invalid symmetrical value '%s', allowed values are: %s"
                        % (value, ", ".join(OPTIONS_SYMMETRICAL))
                    )
            else:
                order_options.append((name, value))
    if sym:
        order_options.append(("symmetrical", sym))

    options = ""
    if order_options:
        options = " (Options: %s)" % " ".join([
            "%s=%s" % (name, value)
                for name, value in order_options
                    if name not in ("kind", "score")
        ])

    scorekind = "kind: Mandatory"
    id_suffix = "mandatory"
    for opt in order_options:
        if opt[0] == "score":
            scorekind = "score: " + opt[1]
            id_suffix = opt[1]
            break
        if opt[0] == "kind":
            scorekind = "kind: " + opt[1]
            id_suffix = opt[1]
            break

    if not id_specified:
        order_id = "order-" + resource1 + "-" + resource2 + "-" + id_suffix
        order_id = utils.find_unique_id(cib_dom, order_id)
        order_options.append(("id", order_id))

    (dom,constraintsElement) = getCurrentConstraints()
    element = dom.createElement("rsc_order")
    element.setAttribute("first",resource1)
    element.setAttribute("then",resource2)
    for order_opt in order_options:
        element.setAttribute(order_opt[0], order_opt[1])
    constraintsElement.appendChild(element)
    if "--force" not in utils.pcs_options:
        duplicates = order_find_duplicates(constraintsElement, element)
        if duplicates:
            utils.err(
                "duplicate constraint already exists, use --force to override\n"
                + "\n".join([
                    "  " + order_el_to_string(dup, True) for dup in duplicates
                ])
            )
    print(
        "Adding " + resource1 + " " + resource2 + " ("+scorekind+")" + options
    )

    if returnElementOnly == False:
        utils.replace_cib_configuration(dom)
    else:
        return element.toxml()
Ejemplo n.º 34
0
def order_set(argv):
    setoptions = []
    for i in range(len(argv)):
        if argv[i] == "setoptions":
            setoptions = argv[i+1:]
            argv[i:] = []
            break

    argv.insert(0, "set")
    resource_sets = set_args_into_array(argv)
    if not check_empty_resource_sets(resource_sets):
        usage.constraint(["order set"])
        sys.exit(1)
    cib, constraints = getCurrentConstraints(utils.get_cib_dom())

    attributes = []
    id_specified = False
    for opt in setoptions:
        if "=" not in opt:
            utils.err("missing value of '%s' option" % opt)
        name, value = opt.split("=", 1)
        if name == "id":
            id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
            if not id_valid:
                utils.err(id_error)
            if utils.does_id_exist(cib, value):
                utils.err(
                    "id '%s' is already in use, please specify another one"
                    % value
                )
            id_specified = True
            attributes.append((name, value))
        elif name == "kind":
            normalized_value = value.lower().capitalize()
            if normalized_value not in OPTIONS_KIND:
                utils.err(
                    "invalid kind value '%s', allowed values are: %s"
                    % (value, ", ".join(OPTIONS_KIND))
                )
            attributes.append((name, normalized_value))
        elif name == "symmetrical":
            if value.lower() not in OPTIONS_SYMMETRICAL:
                utils.err(
                    "invalid symmetrical value '%s', allowed values are: %s"
                    % (value, ", ".join(OPTIONS_SYMMETRICAL))
                )
            attributes.append((name, value.lower()))
        else:
            utils.err(
                "invalid option '%s', allowed options are: %s"
                % (name, "kind, symmetrical, id")
            )

    if not id_specified:
        order_id = "pcs_rsc_order"
        for a in argv:
            if "=" not in a:
                order_id += "_" + a
        attributes.append(("id", utils.find_unique_id(cib, order_id)))

    rsc_order = cib.createElement("rsc_order")
    for name, value in attributes:
        rsc_order.setAttribute(name, value)
    set_add_resource_sets(rsc_order, resource_sets, cib)
    constraints.appendChild(rsc_order)
    utils.replace_cib_configuration(cib)
Ejemplo n.º 35
0
 def add_element(self, parent, tag_name, element_id):
     dom = parent.ownerDocument
     child = parent.appendChild(dom.createElement(tag_name))
     child.setAttribute("id", utils.find_unique_id(dom, element_id))
     return child
Ejemplo n.º 36
0
def constraint_rule(argv):
    if len(argv) < 2:
        usage.constraint("rule")
        sys.exit(1)

    found = False
    command = argv.pop(0)

    constraint_id = None
    rule_id = None
    cib = utils.get_cib_etree()

    if command == "add":
        constraint_id = argv.pop(0)
        constraint = None

        rule_type = "expression"
        if len(argv) != 0:
            if argv[1].find('=') == -1:
                rule_type = argv[1]

        if rule_type != "expression" and rule_type != "date_expression":
            utils.err("rule_type must either be expression or date_expression")

        for a in cib.findall(".//configuration//"):
            if a.get("id") == constraint_id and a.tag == "rsc_location":
                found = True
                constraint = a

        if not found:
            utils.err("Unable to find constraint: " + constraint_id)

        rule = ET.SubElement(constraint, "rule")
        expression = ET.SubElement(rule, rule_type)
        args = resource.convert_args_to_tuples(argv)
        dict_args = dict()
        for k, v in args:
            dict_args[k] = v
        if rule_type == "expression":
            if "operation" not in dict_args or "attribute" not in dict_args:
                utils.err(
                    "with rule_type: expression you must specify an attribute and operation"
                )
        elif rule_type == "date_expression":
            if "operation" not in dict_args or ("start" not in dict_args
                                                and "stop" not in dict_args):
                utils.err(
                    "with rule_type: date_expression you must specify an operation and a start/end"
                )

        for arg in args:
            if arg[0] == "id" or arg[0] == "score":
                rule.set(arg[0], arg[1])
            else:
                expression.set(arg[0], arg[1])

        if rule.get("score") == None and rule.get("score-attribute") == None:
            rule.set("score", "INFINITY")

        dom = utils.get_cib_dom()
        if rule.get("id") == None:
            rule.set("id",
                     utils.find_unique_id(dom,
                                          constraint.get("id") + "-rule"))
        if expression.get("id") == None:
            expression.set("id",
                           utils.find_unique_id(dom,
                                                rule.get("id") + "-expr"))
        if "score" in constraint.attrib:
            del constraint.attrib["score"]
        if "node" in constraint.attrib:
            del constraint.attrib["node"]

        utils.replace_cib_configuration(cib)

    elif command == "rm":
        temp_id = argv.pop(0)
        constraints = cib.find('.//constraints')
        loc_cons = cib.findall('.//rsc_location')

        rules = cib.findall('.//rule')
        for loc_con in loc_cons:
            for rule in loc_con:
                if rule.get("id") == temp_id:
                    if len(loc_con) > 1:
                        print "Removing Rule:", rule.get("id")
                        loc_con.remove(rule)
                        found = True
                        break
                    else:
                        print "Removing Constraint:", loc_con.get("id")
                        constraints.remove(loc_con)
                        found = True
                        break

            if found == True:
                break

        if found:
            utils.replace_cib_configuration(cib)
        else:
            utils.err("unable to find rule with id: %s" % temp_id)
    else:
        usage.constraint("rule")
        sys.exit(1)
Ejemplo n.º 37
0
def colocation_set(argv):
    setoptions = []
    for i in range(len(argv)):
        if argv[i] == "setoptions":
            setoptions = argv[i + 1:]
            argv[i:] = []
            break

    argv.insert(0, "set")
    resource_sets = set_args_into_array(argv)
    if not check_empty_resource_sets(resource_sets):
        usage.constraint(["colocation set"])
        sys.exit(1)
    cib, constraints = getCurrentConstraints(utils.get_cib_dom())

    attributes = []
    score_options = ("score", "score-attribute", "score-attribute-mangle")
    score_specified = False
    id_specified = False
    for opt in setoptions:
        if "=" not in opt:
            utils.err("missing value of '%s' option" % opt)
        name, value = opt.split("=", 1)
        if name == "id":
            id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
            if not id_valid:
                utils.err(id_error)
            if utils.does_id_exist(cib, value):
                utils.err(
                    "id '%s' is already in use, please specify another one" %
                    value)
            id_specified = True
            attributes.append((name, value))
        elif name in score_options:
            if score_specified:
                utils.err("you cannot specify multiple score options")
            if name == "score" and not utils.is_score(value):
                utils.err(
                    "invalid score '%s', use integer or INFINITY or -INFINITY"
                    % value)
            score_specified = True
            attributes.append((name, value))
        else:
            utils.err("invalid option '%s', allowed options are: %s" %
                      (name, ", ".join(score_options + ("id", ))))

    if not score_specified:
        attributes.append(("score", "INFINITY"))
    if not id_specified:
        colocation_id = "pcs_rsc_colocation"
        for a in argv:
            if "=" not in a:
                colocation_id += "_" + a
        attributes.append(("id", utils.find_unique_id(cib, colocation_id)))

    rsc_colocation = cib.createElement("rsc_colocation")
    for name, value in attributes:
        rsc_colocation.setAttribute(name, value)
    set_add_resource_sets(rsc_colocation, resource_sets, cib)
    constraints.appendChild(rsc_colocation)
    utils.replace_cib_configuration(cib)
Ejemplo n.º 38
0
def colocation_add(argv):
    if len(argv) < 2:
        usage.constraint()
        sys.exit(1)

    role1 = ""
    role2 = ""
    if len(argv) > 2:
        if not utils.is_score_or_opt(argv[2]):
            if argv[2] == "with":
                role1 = argv.pop(0).lower().capitalize()
                resource1 = argv.pop(0)
            else:
                resource1 = argv.pop(0)

            argv.pop(0) # Pop 'with'

            if len(argv) == 1:
                resource2 = argv.pop(0)
            else:
                if utils.is_score_or_opt(argv[1]):
                    resource2 = argv.pop(0)
                else:
                    role2 = argv.pop(0).lower().capitalize()
                    resource2 = argv.pop(0)
        else:
            resource1 = argv.pop(0)
            resource2 = argv.pop(0)
    else:
        resource1 = argv.pop(0)
        resource2 = argv.pop(0)

    if not utils.is_valid_constraint_resource(resource1):
        utils.err("Resource '" + resource1 + "' does not exist")

    if not utils.is_valid_constraint_resource(resource2):
        utils.err("Resource '" + resource2 + "' does not exist")

    if utils.is_resource_masterslave(resource1):
        utils.err(resource1 + " is a master/slave resource, you must use the master id: "+utils.get_resource_master_id(resource1)+ " when adding constraints")
    if utils.is_resource_masterslave(resource2):
        utils.err(resource2 + " is a master/slave resource, you must use the master id: "+utils.get_resource_master_id(resource2)+ " when adding constraints")
    score,nv_pairs = parse_score_options(argv)

    (dom,constraintsElement) = getCurrentConstraints()
    cl_id = utils.find_unique_id(dom, "colocation-" + resource1 + "-" +
            resource2 + "-" + score)

# If one role is specified, the other should default to "started"
    if role1 != "" and role2 == "":
        role2 = "Started"
    if role2 != "" and role1 == "":
        role1 = "Started"

    element = dom.createElement("rsc_colocation")
    element.setAttribute("id",cl_id)
    element.setAttribute("rsc",resource1)
    element.setAttribute("with-rsc",resource2)
    element.setAttribute("score",score)
    if role1 != "":
        element.setAttribute("rsc-role", role1)
    if role2 != "":
        element.setAttribute("with-rsc-role", role2)
    for nv_pair in nv_pairs:
        element.setAttribute(nv_pair[0], nv_pair[1])
    constraintsElement.appendChild(element)
    utils.replace_cib_configuration(dom)
Ejemplo n.º 39
0
def constraint_rule(argv):
    if len(argv) < 2:
        usage.constraint("rule")
        sys.exit(1)

    found = False
    command = argv.pop(0)


    constraint_id = None
    rule_id = None
    cib = utils.get_cib_etree()

    if command == "add":
        constraint_id = argv.pop(0)
        constraint = None

        rule_type = "expression"
        if len(argv) != 0:
            if argv[1].find('=') == -1:
                rule_type = argv[1]

        if rule_type != "expression" and rule_type != "date_expression":
            utils.err("rule_type must either be expression or date_expression")

        for a in cib.findall(".//configuration//"):
            if a.get("id") == constraint_id and a.tag == "rsc_location":
                found = True
                constraint = a

        if not found:
            utils.err("Unable to find constraint: " + constraint_id)

        rule = ET.SubElement(constraint,"rule")
        expression = ET.SubElement(rule,rule_type)
        args = resource.convert_args_to_tuples(argv)
        dict_args = dict()
        for k,v in args:
            dict_args[k] = v
        if rule_type == "expression": 
            if "operation" not in dict_args or "attribute" not in dict_args:
                utils.err("with rule_type: expression you must specify an attribute and operation")
        elif rule_type == "date_expression":
            if "operation" not in dict_args or ("start" not in dict_args and "stop" not in dict_args):
                utils.err("with rule_type: date_expression you must specify an operation and a start/end")

        for arg in args:
            if arg[0] == "id" or arg[0] == "score":
                rule.set(arg[0], arg[1])
            else:
                expression.set(arg[0],arg[1])

        if rule.get("score") == None and rule.get("score-attribute") == None:
            rule.set("score", "INFINITY")

        dom = utils.get_cib_dom()
        if rule.get("id") == None:
            rule.set("id", utils.find_unique_id(dom,constraint.get("id") + "-rule"))
        if expression.get("id") == None:
            expression.set("id", utils.find_unique_id(dom,rule.get("id") + "-expr"))
        if "score" in constraint.attrib:
            del constraint.attrib["score"]
        if "node" in constraint.attrib:
            del constraint.attrib["node"]

        utils.replace_cib_configuration(cib)

    elif command == "rm":
        temp_id = argv.pop(0)
        constraints = cib.find('.//constraints')
        loc_cons = cib.findall('.//rsc_location')

        rules = cib.findall('.//rule')
        for loc_con in loc_cons:
            for rule in loc_con:
                if rule.get("id") == temp_id:
                    if len(loc_con) > 1:
                        print "Removing Rule:",rule.get("id")
                        loc_con.remove(rule)
                        found = True
                        break
                    else:
                        print "Removing Constraint:",loc_con.get("id") 
                        constraints.remove(loc_con)
                        found = True
                        break

            if found == True:
                break

        if found:
            utils.replace_cib_configuration(cib)
        else:
            utils.err("unable to find rule with id: %s" % temp_id)
    else:
        usage.constraint("rule")
        sys.exit(1)
Ejemplo n.º 40
0
def acl_permission(argv):
    if len(argv) < 1:
        usage.acl("permission")
        sys.exit(1)

    dom = utils.get_cib_dom()
    dom, acls = get_acls(dom)

    command = argv.pop(0)
    if command == "add":
        if len(argv) < 4:
            usage.acl("permission add")
            sys.exit(1)
        role_id = argv.pop(0)
        found = False
        for role in dom.getElementsByTagName("acl_role"):
            if role.getAttribute("id") == role_id:
                found = True
                break
        if found == False:
            acl_role(["create", role_id] + argv)
            return

        while len(argv) >= 3:
            kind = argv.pop(0)
            se = dom.createElement("acl_permission")
            se.setAttribute("id",
                            utils.find_unique_id(dom, role_id + "-" + kind))
            se.setAttribute("kind", kind)
            xp_id = argv.pop(0)
            if xp_id == "xpath":
                xpath_query = argv.pop(0)
                se.setAttribute("xpath", xpath_query)
            elif xp_id == "id":
                acl_ref = argv.pop(0)
                se.setAttribute("reference", acl_ref)
            else:
                usage.acl("permission add")
            role.appendChild(se)

        utils.replace_cib_configuration(dom)

    elif command == "delete":
        if len(argv) < 1:
            usage.acl("permission delete")
            sys.exit(1)

        perm_id = argv.pop(0)
        found = False
        for elem in dom.getElementsByTagName("acl_permission"):
            if elem.getAttribute("id") == perm_id:
                elem.parentNode.removeChild(elem)
                found = True
        if not found:
            utils.err("Unable to find permission with id: %s" % perm_id)

        utils.replace_cib_configuration(dom)

    else:
        usage.acl("permission")
        sys.exit(1)
Ejemplo n.º 41
0
def colocation_add(argv):
    if len(argv) < 2:
        usage.constraint()
        sys.exit(1)

    role1 = ""
    role2 = ""
    if len(argv) > 2:
        if not utils.is_score_or_opt(argv[2]):
            if argv[2] == "with":
                role1 = argv.pop(0).lower().capitalize()
                resource1 = argv.pop(0)
            else:
                resource1 = argv.pop(0)

            argv.pop(0) # Pop 'with'

            if len(argv) == 1:
                resource2 = argv.pop(0)
            else:
                if utils.is_score_or_opt(argv[1]):
                    resource2 = argv.pop(0)
                else:
                    role2 = argv.pop(0).lower().capitalize()
                    resource2 = argv.pop(0)
        else:
            resource1 = argv.pop(0)
            resource2 = argv.pop(0)
    else:
        resource1 = argv.pop(0)
        resource2 = argv.pop(0)

    if not utils.is_valid_constraint_resource(resource1):
        utils.err("Resource '" + resource1 + "' does not exist")

    if not utils.is_valid_constraint_resource(resource2):
        utils.err("Resource '" + resource2 + "' does not exist")

    score,nv_pairs = parse_score_options(argv)

    (dom,constraintsElement) = getCurrentConstraints()
    cl_id = utils.find_unique_id(dom, "colocation-" + resource1 + "-" +
            resource2 + "-" + score)

# If one role is specified, the other should default to "started"
    if role1 != "" and role2 == "":
        role2 = "Started"
    if role2 != "" and role1 == "":
        role1 = "Started"

    element = dom.createElement("rsc_colocation")
    element.setAttribute("id",cl_id)
    element.setAttribute("rsc",resource1)
    element.setAttribute("with-rsc",resource2)
    element.setAttribute("score",score)
    if role1 != "":
        element.setAttribute("rsc-role", role1)
    if role2 != "":
        element.setAttribute("with-rsc-role", role2)
    for nv_pair in nv_pairs:
        element.setAttribute(nv_pair[0], nv_pair[1])
    constraintsElement.appendChild(element)
    xml_constraint_string = constraintsElement.toxml()
    args = ["cibadmin", "-c", "-R", "--xml-text", xml_constraint_string]
    output,retval = utils.run(args)
    if output != "":
        print output
Ejemplo n.º 42
0
def colocation_add(argv):
    if len(argv) < 2:
        usage.constraint()
        sys.exit(1)

    role1 = ""
    role2 = ""
    if len(argv) > 2:
        if not utils.is_score_or_opt(argv[2]):
            if argv[2] == "with":
                role1 = argv.pop(0).lower().capitalize()
                resource1 = argv.pop(0)
            else:
                resource1 = argv.pop(0)

            argv.pop(0) # Pop 'with'

            if len(argv) == 1:
                resource2 = argv.pop(0)
            else:
                if utils.is_score_or_opt(argv[1]):
                    resource2 = argv.pop(0)
                else:
                    role2 = argv.pop(0).lower().capitalize()
                    resource2 = argv.pop(0)
        else:
            resource1 = argv.pop(0)
            resource2 = argv.pop(0)
    else:
        resource1 = argv.pop(0)
        resource2 = argv.pop(0)

    cib_dom = utils.get_cib_dom()
    resource_valid, resource_error, correct_id \
        = utils.validate_constraint_resource(cib_dom, resource1)
    if "--autocorrect" in utils.pcs_options and correct_id:
        resource1 = correct_id
    elif not resource_valid:
        utils.err(resource_error)
    resource_valid, resource_error, correct_id \
        = utils.validate_constraint_resource(cib_dom, resource2)
    if "--autocorrect" in utils.pcs_options and correct_id:
        resource2 = correct_id
    elif not resource_valid:
        utils.err(resource_error)

    score,nv_pairs = parse_score_options(argv)
    id_in_nvpairs = None
    for name, value in nv_pairs:
        if name == "id":
            id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
            if not id_valid:
                utils.err(id_error)
            if utils.does_id_exist(cib_dom, value):
                utils.err(
                    "id '%s' is already in use, please specify another one"
                    % value
                )
            id_in_nvpairs = True
    if not id_in_nvpairs:
        nv_pairs.append((
            "id",
            utils.find_unique_id(
                cib_dom,
                "colocation-%s-%s-%s" % (resource1, resource2, score)
            )
        ))

    (dom,constraintsElement) = getCurrentConstraints(cib_dom)

# If one role is specified, the other should default to "started"
    if role1 != "" and role2 == "":
        role2 = DEFAULT_ROLE
    if role2 != "" and role1 == "":
        role1 = DEFAULT_ROLE

    element = dom.createElement("rsc_colocation")
    element.setAttribute("rsc",resource1)
    element.setAttribute("with-rsc",resource2)
    element.setAttribute("score",score)
    if role1 != "":
        element.setAttribute("rsc-role", role1)
    if role2 != "":
        element.setAttribute("with-rsc-role", role2)
    for nv_pair in nv_pairs:
        element.setAttribute(nv_pair[0], nv_pair[1])
    if "--force" not in utils.pcs_options:
        duplicates = colocation_find_duplicates(constraintsElement, element)
        if duplicates:
            utils.err(
                "duplicate constraint already exists, use --force to override\n"
                + "\n".join([
                    "  " + colocation_el_to_string(dup, True)
                    for dup in duplicates
                ])
            )
    constraintsElement.appendChild(element)
    utils.replace_cib_configuration(dom)
Ejemplo n.º 43
0
def colocation_set(argv):
    setoptions = []
    for i in range(len(argv)):
        if argv[i] == "setoptions":
            setoptions = argv[i+1:]
            argv[i:] = []
            break

    argv.insert(0, "set")
    resource_sets = set_args_into_array(argv)
    if not check_empty_resource_sets(resource_sets):
        usage.constraint(["colocation set"])
        sys.exit(1)
    cib, constraints = getCurrentConstraints(utils.get_cib_dom())

    attributes = []
    score_options = ("score", "score-attribute", "score-attribute-mangle")
    score_specified = False
    id_specified = False
    for opt in setoptions:
        if "=" not in opt:
            utils.err("missing value of '%s' option" % opt)
        name, value = opt.split("=", 1)
        if name == "id":
            id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
            if not id_valid:
                utils.err(id_error)
            if utils.does_id_exist(cib, value):
                utils.err(
                    "id '%s' is already in use, please specify another one"
                    % value
                )
            id_specified = True
            attributes.append((name, value))
        elif name in score_options:
            if score_specified:
                utils.err("you cannot specify multiple score options")
            if name == "score" and not utils.is_score(value):
                utils.err(
                    "invalid score '%s', use integer or INFINITY or -INFINITY"
                    % value
                )
            score_specified = True
            attributes.append((name, value))
        else:
            utils.err(
                "invalid option '%s', allowed options are: %s"
                % (name, ", ".join(score_options + ("id",)))
            )

    if not score_specified:
        attributes.append(("score", "INFINITY"))
    if not id_specified:
        colocation_id = "pcs_rsc_colocation"
        for a in argv:
            if "=" not in a:
                colocation_id += "_" + a
        attributes.append(("id", utils.find_unique_id(cib, colocation_id)))

    rsc_colocation = cib.createElement("rsc_colocation")
    for name, value in attributes:
        rsc_colocation.setAttribute(name, value)
    set_add_resource_sets(rsc_colocation, resource_sets, cib)
    constraints.appendChild(rsc_colocation)
    utils.replace_cib_configuration(cib)
Ejemplo n.º 44
0
def acl_role(argv):
    if len(argv) < 2:
        usage.acl("role")
        sys.exit(1)

    dom = utils.get_cib_dom()
    dom, acls = get_acls(dom)

    command = argv.pop(0)
    if command == "create":
        role_name = argv.pop(0)
        if len(argv) < 3:
            usage.acl("role create")
            sys.exit(1)
        if argv[0].startswith('description=') and len(argv[0]) > 12:
            description = argv.pop(0)[12:]
        else:
            description = ""
        if utils.does_id_exist(dom, role_name):
            utils.err(role_name + " already exists")

        element = dom.createElement("acl_role")
        element.setAttribute("id", role_name)
        if description != "":
            element.setAttribute("description", description)
        acls.appendChild(element)

        while (len(argv) > 2):
            rwd = argv.pop(0)
            if not rwd in ["read", "write", "deny"]:
                usage.acl("role create")
                sys.exit(1)
            se = dom.createElement("acl_permission")
            se.setAttribute("id",
                            utils.find_unique_id(dom, role_name + "-" + rwd))
            se.setAttribute("kind", rwd)
            xp_id = argv.pop(0)
            if xp_id == "xpath":
                xpath_query = argv.pop(0)
                se.setAttribute("xpath", xpath_query)
            elif xp_id == "id":
                acl_ref = argv.pop(0)
                se.setAttribute("reference", acl_ref)
            else:
                usage.acl("role create")

            element.appendChild(se)

        utils.replace_cib_configuration(dom)
    elif command == "delete":
        if len(argv) < 1:
            usage.acl("acl role delete")

        role_id = argv.pop(0)
        found = False
        for elem in dom.getElementsByTagName("acl_role"):
            if elem.getAttribute("id") == role_id:
                found = True
                elem.parentNode.removeChild(elem)
                break
        if not found:
            utils.err("unable to find acl role: %s" % role_id)

        # Remove any references to this role in acl_target or acl_group
        for elem in dom.getElementsByTagName("role"):
            if elem.getAttribute("id") == role_id:
                elem.parentNode.removeChild(elem)

        utils.replace_cib_configuration(dom)
    elif command == "assign":
        if len(argv) < 2:
            usage.acl("role assign")
            sys.exit(1)

        if len(argv) == 2:
            role_id = argv[0]
            ug_id = argv[1]
        elif len(argv) > 2 and argv[1] == "to":
            role_id = argv[0]
            ug_id = argv[2]
        else:
            usage.acl("role assign")
            sys.exit(1)

        found = False
        for role in dom.getElementsByTagName("acl_role"):
            if role.getAttribute("id") == role_id:
                found = True
                break

        if not found:
            utils.err("cannot find role: %s" % role_id)

        found = False
        for ug in dom.getElementsByTagName(
                "acl_target") + dom.getElementsByTagName("acl_group"):
            if ug.getAttribute("id") == ug_id:
                found = True
                break

        if not found:
            utils.err("cannot find user or group: %s" % ug_id)

        for current_role in ug.getElementsByTagName("role"):
            if current_role.getAttribute("id") == role_id:
                utils.err(role_id + " is already assigned to " + ug_id)

        new_role = dom.createElement("role")
        new_role.setAttribute("id", role_id)
        ug.appendChild(new_role)
        utils.replace_cib_configuration(dom)
    elif command == "unassign":
        if len(argv) < 2:
            usage.acl("role unassign")
            sys.exit(1)

        role_id = argv.pop(0)
        if len(argv) > 1 and argv[0] == "from":
            ug_id = argv[1]
        else:
            ug_id = argv[0]

        found = False
        for ug in dom.getElementsByTagName(
                "acl_target") + dom.getElementsByTagName("acl_group"):
            if ug.getAttribute("id") == ug_id:
                found = True
                break

        if not found:
            utils.err("cannot find user or group: %s" % ug_id)

        found = False
        for current_role in ug.getElementsByTagName("role"):
            if current_role.getAttribute("id") == role_id:
                found = True
                current_role.parentNode.removeChild(current_role)
                break

        if not found:
            utils.err("cannot find role: %s, assigned to user/group: %s" %
                      (role_id, ug_id))
        utils.replace_cib_configuration(dom)

    else:
        utils.err("Unknown pcs acl role command: '" + command +
                  "' (try create or delete)")
Ejemplo n.º 45
0
 def add_element(self, parent, tag_name, element_id):
     dom = parent.ownerDocument
     child = parent.appendChild(dom.createElement(tag_name))
     child.setAttribute("id", utils.find_unique_id(dom, element_id))
     return child
Ejemplo n.º 46
0
Archivo: acl.py Proyecto: MichalCab/pcs
def acl_role(argv):
    if len(argv) < 2:
        usage.acl("role")
        sys.exit(1)

    dom = utils.get_cib_dom()
    dom, acls = get_acls(dom)

    command = argv.pop(0)
    if command == "create":
        role_name = argv.pop(0)
        if len(argv) < 3:
            usage.acl("role create")
            sys.exit(1)
        if argv[0].startswith('description=') and len(argv[0]) > 12:
            description = argv.pop(0)[12:]
        else:
            description = ""
        if utils.does_id_exist(dom,role_name):
            utils.err(role_name + " already exists")

        element = dom.createElement("acl_role")
        element.setAttribute("id",role_name)
        if description != "":
            element.setAttribute("description", description)
        acls.appendChild(element)
        
        while (len(argv) > 2):
            rwd = argv.pop(0)
            if not rwd in ["read","write","deny"]:
                usage.acl("role create")
                sys.exit(1)
            se = dom.createElement("acl_permission")
            se.setAttribute("id", utils.find_unique_id(dom,role_name + "-" + rwd))
            se.setAttribute("kind", rwd)
            xp_id = argv.pop(0)
            if xp_id == "xpath":
                xpath_query = argv.pop(0)
                se.setAttribute("xpath",xpath_query)
            elif xp_id == "id":
                acl_ref = argv.pop(0)
                se.setAttribute("reference",acl_ref)
            else:
                usage.acl("role create")

            element.appendChild(se)

        utils.replace_cib_configuration(dom)
    elif command == "delete":
        if len(argv) < 1:
            usage.acl("acl role delete")

        role_id = argv.pop(0)
        found = False
        for elem in dom.getElementsByTagName("acl_role"):
            if elem.getAttribute("id") == role_id:
                found = True
                elem.parentNode.removeChild(elem)
                break
        if not found:
            utils.err("unable to find acl role: %s" % role_id)

        # Remove any references to this role in acl_target or acl_group
        for elem in dom.getElementsByTagName("role"):
            if elem.getAttribute("id") == role_id:
                elem.parentNode.removeChild(elem)

        utils.replace_cib_configuration(dom)
    elif command == "assign":
        if len(argv) < 2:
            usage.acl("role assign")
            sys.exit(1)

        if len(argv) == 2:
            role_id = argv[0]
            ug_id = argv[1]
        elif len(argv) > 2 and argv[1] == "to":
            role_id = argv[0]
            ug_id = argv[2]
        else:
            usage.acl("role assign")
            sys.exit(1)

        found = False
        for role in dom.getElementsByTagName("acl_role"):
            if role.getAttribute("id") == role_id:
                found = True
                break

        if not found:
            utils.err("cannot find role: %s" % role_id)

        found = False
        for ug in dom.getElementsByTagName("acl_target") + dom.getElementsByTagName("acl_group"):
            if ug.getAttribute("id") == ug_id:
                found = True
                break

        if not found:
            utils.err("cannot find user or group: %s" % ug_id)

        for current_role in ug.getElementsByTagName("role"):
            if current_role.getAttribute("id") == role_id:
                utils.err(role_id + " is already assigned to " + ug_id)

        new_role = dom.createElement("role")
        new_role.setAttribute("id", role_id)
        ug.appendChild(new_role)
        utils.replace_cib_configuration(dom)
    elif command == "unassign":
        if len(argv) < 2:
            usage.acl("role unassign")
            sys.exit(1)

        role_id = argv.pop(0)
        if len(argv) > 1 and argv[0] == "from":
            ug_id = argv[1]
        else:
            ug_id = argv[0]

        found = False
        for ug in dom.getElementsByTagName("acl_target") + dom.getElementsByTagName("acl_group"):
            if ug.getAttribute("id") == ug_id:
                found = True
                break

        if not found:
            utils.err("cannot find user or group: %s" % ug_id)

        found = False
        for current_role in ug.getElementsByTagName("role"):
            if current_role.getAttribute("id") == role_id:
                found = True
                current_role.parentNode.removeChild(current_role)
                break

        if not found:
            utils.err("cannot find role: %s, assigned to user/group: %s" % (role_id, ug_id))
        utils.replace_cib_configuration(dom)
        
    else:
        utils.err("Unknown pcs acl role command: '" + command + "' (try create or delete)")
Ejemplo n.º 47
0
def colocation_add(argv):
    if len(argv) < 2:
        usage.constraint()
        sys.exit(1)

    role1 = ""
    role2 = ""
    if len(argv) > 2:
        if not utils.is_score_or_opt(argv[2]):
            if argv[2] == "with":
                role1 = argv.pop(0).lower().capitalize()
                resource1 = argv.pop(0)
            else:
                resource1 = argv.pop(0)

            argv.pop(0)  # Pop 'with'

            if len(argv) == 1:
                resource2 = argv.pop(0)
            else:
                if utils.is_score_or_opt(argv[1]):
                    resource2 = argv.pop(0)
                else:
                    role2 = argv.pop(0).lower().capitalize()
                    resource2 = argv.pop(0)
        else:
            resource1 = argv.pop(0)
            resource2 = argv.pop(0)
    else:
        resource1 = argv.pop(0)
        resource2 = argv.pop(0)

    cib_dom = utils.get_cib_dom()
    resource_valid, resource_error, correct_id \
        = utils.validate_constraint_resource(cib_dom, resource1)
    if "--autocorrect" in utils.pcs_options and correct_id:
        resource1 = correct_id
    elif not resource_valid:
        utils.err(resource_error)
    resource_valid, resource_error, correct_id \
        = utils.validate_constraint_resource(cib_dom, resource2)
    if "--autocorrect" in utils.pcs_options and correct_id:
        resource2 = correct_id
    elif not resource_valid:
        utils.err(resource_error)

    score, nv_pairs = parse_score_options(argv)
    id_in_nvpairs = None
    for name, value in nv_pairs:
        if name == "id":
            id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
            if not id_valid:
                utils.err(id_error)
            if utils.does_id_exist(cib_dom, value):
                utils.err(
                    "id '%s' is already in use, please specify another one" %
                    value)
            id_in_nvpairs = True
    if not id_in_nvpairs:
        nv_pairs.append(
            ("id",
             utils.find_unique_id(
                 cib_dom,
                 "colocation-%s-%s-%s" % (resource1, resource2, score))))

    (dom, constraintsElement) = getCurrentConstraints(cib_dom)

    # If one role is specified, the other should default to "started"
    if role1 != "" and role2 == "":
        role2 = DEFAULT_ROLE
    if role2 != "" and role1 == "":
        role1 = DEFAULT_ROLE

    element = dom.createElement("rsc_colocation")
    element.setAttribute("rsc", resource1)
    element.setAttribute("with-rsc", resource2)
    element.setAttribute("score", score)
    if role1 != "":
        element.setAttribute("rsc-role", role1)
    if role2 != "":
        element.setAttribute("with-rsc-role", role2)
    for nv_pair in nv_pairs:
        element.setAttribute(nv_pair[0], nv_pair[1])
    if "--force" not in utils.pcs_options:
        duplicates = colocation_find_duplicates(constraintsElement, element)
        if duplicates:
            utils.err(
                "duplicate constraint already exists, use --force to override\n"
                + "\n".join([
                    "  " + colocation_el_to_string(dup, True)
                    for dup in duplicates
                ]))
    constraintsElement.appendChild(element)
    utils.replace_cib_configuration(dom)
Ejemplo n.º 48
0
def order_add(argv,returnElementOnly=False):
    if len(argv) < 2:
        usage.constraint()
        sys.exit(1)

    resource1 = argv.pop(0)
    resource2 = argv.pop(0)

    if not utils.is_valid_constraint_resource(resource1):
        utils.err("Resource '" + resource1 + "' does not exist")

    if not utils.is_valid_constraint_resource(resource2):
        utils.err("Resource '" + resource2 + "' does not exist")

    sym = "true" if (len(argv) == 0 or argv[0] != "nonsymmetrical") else "false"

    order_options = []
    if len(argv) != 0:
        if argv[0] == "nonsymmetrical" or argv[0] == "symmetrical":
            argv.pop(0)
        for arg in argv:
            if arg.count("=") == 1:
                mysplit = arg.split("=")
                order_options.append((mysplit[0],mysplit[1]))

    if len(argv) != 0:
        options = " (Options: " + " ".join(argv)+")"
    else:
        options = ""

    scorekind = "kind: Mandatory"
    id_suffix = "mandatory"
    for opt in order_options:
        if opt[0] == "score":
            scorekind = "score: " + opt[1]
            id_suffix = opt[1]
            break
        if opt[0] == "kind":
            scorekind = "kind: " + opt[1]
            id_suffix = opt[1]
            break

    print "Adding " + resource1 + " " + resource2 + " ("+scorekind+")" + options

    order_id = "order-" + resource1 + "-" + resource2 + "-" + id_suffix
    order_id = utils.find_unique_id(utils.get_cib_dom(), order_id)

    (dom,constraintsElement) = getCurrentConstraints()
    element = dom.createElement("rsc_order")
    element.setAttribute("id",order_id)
    element.setAttribute("first",resource1)
    element.setAttribute("then",resource2)
    for order_opt in order_options:
        element.setAttribute(order_opt[0], order_opt[1])
    if (sym == "false"):
        element.setAttribute("symmetrical", "false")
    constraintsElement.appendChild(element)

    if returnElementOnly == False:
        utils.replace_cib_configuration(dom)
    else:
        return element.toxml()
Ejemplo n.º 49
0
def order_add(argv, returnElementOnly=False):
    if len(argv) < 2:
        usage.constraint()
        sys.exit(1)

    resource1 = argv.pop(0)
    resource2 = argv.pop(0)

    cib_dom = utils.get_cib_dom()
    resource_valid, resource_error, correct_id \
        = utils.validate_constraint_resource(cib_dom, resource1)
    if "--autocorrect" in utils.pcs_options and correct_id:
        resource1 = correct_id
    elif not resource_valid:
        utils.err(resource_error)
    resource_valid, resource_error, correct_id \
        = utils.validate_constraint_resource(cib_dom, resource2)
    if "--autocorrect" in utils.pcs_options and correct_id:
        resource2 = correct_id
    elif not resource_valid:
        utils.err(resource_error)

    order_options = []
    id_specified = False
    sym = None
    for arg in argv:
        if arg == "symmetrical":
            sym = "true"
        elif arg == "nonsymmetrical":
            sym = "false"
        elif "=" in arg:
            name, value = arg.split("=", 1)
            if name == "id":
                id_valid, id_error = utils.validate_xml_id(
                    value, 'constraint id')
                if not id_valid:
                    utils.err(id_error)
                if utils.does_id_exist(cib_dom, value):
                    utils.err(
                        "id '%s' is already in use, please specify another one"
                        % value)
                id_specified = True
                order_options.append((name, value))
            elif name == "symmetrical":
                if value.lower() in OPTIONS_SYMMETRICAL:
                    sym = value.lower()
                else:
                    utils.err(
                        "invalid symmetrical value '%s', allowed values are: %s"
                        % (value, ", ".join(OPTIONS_SYMMETRICAL)))
            else:
                order_options.append((name, value))
    if sym:
        order_options.append(("symmetrical", sym))

    options = ""
    if order_options:
        options = " (Options: %s)" % " ".join([
            "%s=%s" % (name, value)
            for name, value in order_options if name not in ("kind", "score")
        ])

    scorekind = "kind: Mandatory"
    id_suffix = "mandatory"
    for opt in order_options:
        if opt[0] == "score":
            scorekind = "score: " + opt[1]
            id_suffix = opt[1]
            break
        if opt[0] == "kind":
            scorekind = "kind: " + opt[1]
            id_suffix = opt[1]
            break

    if not id_specified:
        order_id = "order-" + resource1 + "-" + resource2 + "-" + id_suffix
        order_id = utils.find_unique_id(cib_dom, order_id)
        order_options.append(("id", order_id))

    (dom, constraintsElement) = getCurrentConstraints()
    element = dom.createElement("rsc_order")
    element.setAttribute("first", resource1)
    element.setAttribute("then", resource2)
    for order_opt in order_options:
        element.setAttribute(order_opt[0], order_opt[1])
    constraintsElement.appendChild(element)
    if "--force" not in utils.pcs_options:
        duplicates = order_find_duplicates(constraintsElement, element)
        if duplicates:
            utils.err(
                "duplicate constraint already exists, use --force to override\n"
                + "\n".join([
                    "  " + order_el_to_string(dup, True) for dup in duplicates
                ]))
    print("Adding " + resource1 + " " + resource2 + " (" + scorekind + ")" +
          options)

    if returnElementOnly == False:
        utils.replace_cib_configuration(dom)
    else:
        return element.toxml()