def dom_rule_add(dom_element, argv):
options = {"id": None, "role": None, "score": None, "score-attribute": None}
# parse options
while argv:
found = False
option = argv.pop(0)
for name in options:
if option.startswith(name + "="):
options[name] = option.split("=", 1)[1]
found = True
break
if not found:
argv.insert(0, option)
break
# validate options
if options["score"] and options["score-attribute"]:
utils.err("can not specify both score and score-attribute")
if options["score"] and not utils.is_score(options["score"]):
# preserving legacy behaviour
print("Warning: invalid score '%s', setting score-attribute=pingd instead" % options["score"])
options["score-attribute"] = "pingd"
options["score"] = None
if options["role"] and options["role"] not in ["master", "slave"]:
utils.err("invalid role '%s', use 'master' or 'slave'" % options["role"])
if options["id"]:
id_valid, id_error = utils.validate_xml_id(options["id"], "rule id")
if not id_valid:
utils.err(id_error)
if utils.does_id_exist(dom_element.ownerDocument, options["id"]):
utils.err("id '%s' is already in use, please specify another one" % options["id"])
# parse rule
if not argv:
utils.err("no rule expression was specified")
try:
dom_rule = CibBuilder().build(dom_element, RuleParser().parse(TokenPreprocessor().run(argv)), options["id"])
except SyntaxError as e:
utils.err("'%s' is not a valid rule expression: %s" % (" ".join(argv), e))
except UnexpectedEndOfInput as e:
utils.err("'%s' is not a valid rule expression: unexpected end of rule" % " ".join(argv))
except (ParserException, CibBuilderException) as e:
utils.err("'%s' is not a valid rule expression" % " ".join(argv))
# add options into rule xml
if not options["score"] and not options["score-attribute"]:
options["score"] = "INFINITY"
for name, value in options.iteritems():
if name != "id" and value is not None:
dom_rule.setAttribute(name, value)
# score or score-attribute is required for the nested rules in order to have
# valid CIB, pacemaker does not use the score of the nested rules
for rule in dom_rule.getElementsByTagName("rule"):
rule.setAttribute("score", "0")
if dom_element.hasAttribute("score"):
dom_element.removeAttribute("score")
if dom_element.hasAttribute("node"):
dom_element.removeAttribute("node")
return dom_element
def order_set(argv):
setoptions = []
for i in range(len(argv)):
if argv[i] == "setoptions":
setoptions = argv[i + 1:]
argv[i:] = []
break
argv.insert(0, "set")
resource_sets = set_args_into_array(argv)
if not check_empty_resource_sets(resource_sets):
usage.constraint(["order set"])
sys.exit(1)
cib, constraints = getCurrentConstraints(utils.get_cib_dom())
attributes = []
id_specified = False
for opt in setoptions:
if "=" not in opt:
utils.err("missing value of '%s' option" % opt)
name, value = opt.split("=", 1)
if name == "id":
id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
if not id_valid:
utils.err(id_error)
if utils.does_id_exist(cib, value):
utils.err(
"id '%s' is already in use, please specify another one" %
value)
id_specified = True
attributes.append((name, value))
elif name == "kind":
normalized_value = value.lower().capitalize()
if normalized_value not in OPTIONS_KIND:
utils.err("invalid kind value '%s', allowed values are: %s" %
(value, ", ".join(OPTIONS_KIND)))
attributes.append((name, normalized_value))
elif name == "symmetrical":
if value.lower() not in OPTIONS_SYMMETRICAL:
utils.err(
"invalid symmetrical value '%s', allowed values are: %s" %
(value, ", ".join(OPTIONS_SYMMETRICAL)))
attributes.append((name, value.lower()))
else:
utils.err("invalid option '%s', allowed options are: %s" %
(name, "kind, symmetrical, id"))
if not id_specified:
order_id = "pcs_rsc_order"
for a in argv:
if "=" not in a:
order_id += "_" + a
attributes.append(("id", utils.find_unique_id(cib, order_id)))
rsc_order = cib.createElement("rsc_order")
for name, value in attributes:
rsc_order.setAttribute(name, value)
set_add_resource_sets(rsc_order, resource_sets, cib)
constraints.appendChild(rsc_order)
utils.replace_cib_configuration(cib)
def acl_target(argv, group=False):
if len(argv) < 2:
if group:
usage.acl("group")
sys.exit(1)
else:
usage.acl("target")
sys.exit(1)
dom = utils.get_cib_dom()
dom, acls = get_acls(dom)
command = argv.pop(0)
tug_id = argv.pop(0)
if command == "create":
if utils.does_id_exist(dom, tug_id):
utils.err(tug_id + " already exists in cib")
if group:
element = dom.createElement("acl_group")
else:
element = dom.createElement("acl_target")
element.setAttribute("id", tug_id)
acls.appendChild(element)
for role in argv:
r = dom.createElement("role")
r.setAttribute("id", role)
element.appendChild(r)
utils.replace_cib_configuration(dom)
elif command == "delete":
found = False
if group:
elist = dom.getElementsByTagName("acl_group")
else:
elist = dom.getElementsByTagName("acl_target")
for elem in elist:
if elem.getAttribute("id") == tug_id:
found = True
elem.parentNode.removeChild(elem)
break
if not found:
if group:
utils.err("unable to find acl group: %s" % tug_id)
else:
utils.err("unable to find acl target/user: %s" % tug_id)
utils.replace_cib_configuration(dom)
else:
if group:
usage.acl("group")
else:
usage.acl("target")
sys.exit(1)
def dom_rule_add(dom_element, options, rule_argv):
# validate options
if options.get("score") and options.get("score-attribute"):
utils.err("can not specify both score and score-attribute")
if options.get("score") and not utils.is_score(options["score"]):
# preserving legacy behaviour
print(
"Warning: invalid score '%s', setting score-attribute=pingd instead"
% options["score"])
options["score-attribute"] = "pingd"
options["score"] = None
if options.get("role") and options["role"] not in ["master", "slave"]:
utils.err("invalid role '%s', use 'master' or 'slave'" %
options["role"])
if options.get("id"):
id_valid, id_error = utils.validate_xml_id(options["id"], 'rule id')
if not id_valid:
utils.err(id_error)
if utils.does_id_exist(dom_element.ownerDocument, options["id"]):
utils.err("id '%s' is already in use, please specify another one" %
options["id"])
# parse rule
if not rule_argv:
utils.err("no rule expression was specified")
try:
dom_rule = CibBuilder().build(
dom_element,
RuleParser().parse(TokenPreprocessor().run(rule_argv)),
options.get("id"))
except SyntaxError as e:
utils.err("'%s' is not a valid rule expression: %s" %
(" ".join(rule_argv), e))
except UnexpectedEndOfInput as e:
utils.err(
"'%s' is not a valid rule expression: unexpected end of rule" %
" ".join(rule_argv))
except (ParserException, CibBuilderException) as e:
utils.err("'%s' is not a valid rule expression" % " ".join(rule_argv))
# add options into rule xml
if not options.get("score") and not options.get("score-attribute"):
options["score"] = "INFINITY"
for name, value in options.iteritems():
if name != "id" and value is not None:
dom_rule.setAttribute(name, value)
# score or score-attribute is required for the nested rules in order to have
# valid CIB, pacemaker does not use the score of the nested rules
for rule in dom_rule.getElementsByTagName("rule"):
rule.setAttribute("score", "0")
if dom_element.hasAttribute("score"):
dom_element.removeAttribute("score")
if dom_element.hasAttribute("node"):
dom_element.removeAttribute("node")
return dom_element
def acl_target(argv,group=False):
if len(argv) < 2:
if group:
usage.acl("group")
sys.exit(1)
else:
usage.acl("target")
sys.exit(1)
dom = utils.get_cib_dom()
dom, acls = get_acls(dom)
command = argv.pop(0)
tug_id = argv.pop(0)
if command == "create":
if utils.does_id_exist(dom,tug_id):
utils.err(tug_id + " already exists in cib")
if group:
element = dom.createElement("acl_group")
else:
element = dom.createElement("acl_target")
element.setAttribute("id", tug_id)
acls.appendChild(element)
for role in argv:
r = dom.createElement("role")
r.setAttribute("id", role)
element.appendChild(r)
utils.replace_cib_configuration(dom)
elif command == "delete":
found = False
if group:
elist = dom.getElementsByTagName("acl_group")
else:
elist = dom.getElementsByTagName("acl_target")
for elem in elist:
if elem.getAttribute("id") == tug_id:
found = True
elem.parentNode.removeChild(elem)
break
if not found:
if group:
utils.err("unable to find acl group: %s" % tug_id)
else:
utils.err("unable to find acl target/user: %s" % tug_id)
utils.replace_cib_configuration(dom)
else:
if group:
usage.acl("group")
else:
usage.acl("target")
sys.exit(1)
def location_rule(argv):
if len(argv) < 3:
usage.constraint(["location", "rule"])
sys.exit(1)
res_name = argv.pop(0)
resource_valid, resource_error, correct_id \
= utils.validate_constraint_resource(utils.get_cib_dom(), res_name)
if "--autocorrect" in utils.pcs_options and correct_id:
res_name = correct_id
elif not resource_valid:
utils.err(resource_error)
argv.pop(0) # pop "rule"
options, rule_argv = rule_utils.parse_argv(argv, {
"constraint-id": None,
"resource-discovery": None,
})
# If resource-discovery is specified, we use it with the rsc_location
# element not the rule
if "resource-discovery" in options and options["resource-discovery"]:
utils.checkAndUpgradeCIB(2, 2, 0)
cib, constraints = getCurrentConstraints(utils.get_cib_dom())
lc = cib.createElement("rsc_location")
lc.setAttribute("resource-discovery",
options.pop("resource-discovery"))
else:
cib, constraints = getCurrentConstraints(utils.get_cib_dom())
lc = cib.createElement("rsc_location")
constraints.appendChild(lc)
if options.get("constraint-id"):
id_valid, id_error = utils.validate_xml_id(options["constraint-id"],
'constraint id')
if not id_valid:
utils.err(id_error)
if utils.does_id_exist(cib, options["constraint-id"]):
utils.err("id '%s' is already in use, please specify another one" %
options["constraint-id"])
lc.setAttribute("id", options["constraint-id"])
del options["constraint-id"]
else:
lc.setAttribute("id", utils.find_unique_id(cib,
"location-" + res_name))
lc.setAttribute("rsc", res_name)
rule_utils.dom_rule_add(lc, options, rule_argv)
location_rule_check_duplicates(constraints, lc)
utils.replace_cib_configuration(cib)
def location_rule(argv):
if len(argv) < 3:
usage.constraint(["location", "rule"])
sys.exit(1)
res_name = argv.pop(0)
resource_valid, resource_error, correct_id \
= utils.validate_constraint_resource(utils.get_cib_dom(), res_name)
if "--autocorrect" in utils.pcs_options and correct_id:
res_name = correct_id
elif not resource_valid:
utils.err(resource_error)
argv.pop(0) # pop "rule"
options, rule_argv = rule_utils.parse_argv(argv, {"constraint-id": None, "resource-discovery": None,})
# If resource-discovery is specified, we use it with the rsc_location
# element not the rule
if "resource-discovery" in options and options["resource-discovery"]:
utils.checkAndUpgradeCIB(2,2,0)
cib, constraints = getCurrentConstraints(utils.get_cib_dom())
lc = cib.createElement("rsc_location")
lc.setAttribute("resource-discovery", options.pop("resource-discovery"))
else:
cib, constraints = getCurrentConstraints(utils.get_cib_dom())
lc = cib.createElement("rsc_location")
constraints.appendChild(lc)
if options.get("constraint-id"):
id_valid, id_error = utils.validate_xml_id(
options["constraint-id"], 'constraint id'
)
if not id_valid:
utils.err(id_error)
if utils.does_id_exist(cib, options["constraint-id"]):
utils.err(
"id '%s' is already in use, please specify another one"
% options["constraint-id"]
)
lc.setAttribute("id", options["constraint-id"])
del options["constraint-id"]
else:
lc.setAttribute("id", utils.find_unique_id(cib, "location-" + res_name))
lc.setAttribute("rsc", res_name)
rule_utils.dom_rule_add(lc, options, rule_argv)
location_rule_check_duplicates(constraints, lc)
utils.replace_cib_configuration(cib)
def colocation_set(argv):
setoptions = []
for i in range(len(argv)):
if argv[i] == "setoptions":
setoptions = argv[i+1:]
argv[i:] = []
break
argv.insert(0, "set")
resource_sets = set_args_into_array(argv)
if not check_empty_resource_sets(resource_sets):
usage.constraint(["colocation set"])
sys.exit(1)
cib, constraints = getCurrentConstraints(utils.get_cib_dom())
attributes = []
score_options = ("score", "score-attribute", "score-attribute-mangle")
score_specified = False
id_specified = False
for opt in setoptions:
if "=" not in opt:
utils.err("missing value of '%s' option" % opt)
name, value = opt.split("=", 1)
if name == "id":
id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
if not id_valid:
utils.err(id_error)
if utils.does_id_exist(cib, value):
utils.err(
"id '%s' is already in use, please specify another one"
% value
)
id_specified = True
attributes.append((name, value))
elif name in score_options:
if score_specified:
utils.err("you cannot specify multiple score options")
if name == "score" and not utils.is_score(value):
utils.err(
"invalid score '%s', use integer or INFINITY or -INFINITY"
% value
)
score_specified = True
attributes.append((name, value))
else:
utils.err(
"invalid option '%s', allowed options are: %s"
% (name, ", ".join(score_options + ("id",)))
)
if not score_specified:
attributes.append(("score", "INFINITY"))
if not id_specified:
colocation_id = "pcs_rsc_colocation"
for a in argv:
if "=" not in a:
colocation_id += "_" + a
attributes.append(("id", utils.find_unique_id(cib, colocation_id)))
rsc_colocation = cib.createElement("rsc_colocation")
for name, value in attributes:
rsc_colocation.setAttribute(name, value)
set_add_resource_sets(rsc_colocation, resource_sets, cib)
constraints.appendChild(rsc_colocation)
utils.replace_cib_configuration(cib)
def colocation_add(argv):
if len(argv) < 2:
usage.constraint()
sys.exit(1)
role1 = ""
role2 = ""
if len(argv) > 2:
if not utils.is_score_or_opt(argv[2]):
if argv[2] == "with":
role1 = argv.pop(0).lower().capitalize()
resource1 = argv.pop(0)
else:
resource1 = argv.pop(0)
argv.pop(0) # Pop 'with'
if len(argv) == 1:
resource2 = argv.pop(0)
else:
if utils.is_score_or_opt(argv[1]):
resource2 = argv.pop(0)
else:
role2 = argv.pop(0).lower().capitalize()
resource2 = argv.pop(0)
else:
resource1 = argv.pop(0)
resource2 = argv.pop(0)
else:
resource1 = argv.pop(0)
resource2 = argv.pop(0)
cib_dom = utils.get_cib_dom()
resource_valid, resource_error, correct_id \
= utils.validate_constraint_resource(cib_dom, resource1)
if "--autocorrect" in utils.pcs_options and correct_id:
resource1 = correct_id
elif not resource_valid:
utils.err(resource_error)
resource_valid, resource_error, correct_id \
= utils.validate_constraint_resource(cib_dom, resource2)
if "--autocorrect" in utils.pcs_options and correct_id:
resource2 = correct_id
elif not resource_valid:
utils.err(resource_error)
score,nv_pairs = parse_score_options(argv)
id_in_nvpairs = None
for name, value in nv_pairs:
if name == "id":
id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
if not id_valid:
utils.err(id_error)
if utils.does_id_exist(cib_dom, value):
utils.err(
"id '%s' is already in use, please specify another one"
% value
)
id_in_nvpairs = True
if not id_in_nvpairs:
nv_pairs.append((
"id",
utils.find_unique_id(
cib_dom,
"colocation-%s-%s-%s" % (resource1, resource2, score)
)
))
(dom,constraintsElement) = getCurrentConstraints(cib_dom)
# If one role is specified, the other should default to "started"
if role1 != "" and role2 == "":
role2 = DEFAULT_ROLE
if role2 != "" and role1 == "":
role1 = DEFAULT_ROLE
element = dom.createElement("rsc_colocation")
element.setAttribute("rsc",resource1)
element.setAttribute("with-rsc",resource2)
element.setAttribute("score",score)
if role1 != "":
element.setAttribute("rsc-role", role1)
if role2 != "":
element.setAttribute("with-rsc-role", role2)
for nv_pair in nv_pairs:
element.setAttribute(nv_pair[0], nv_pair[1])
if "--force" not in utils.pcs_options:
duplicates = colocation_find_duplicates(constraintsElement, element)
if duplicates:
utils.err(
"duplicate constraint already exists, use --force to override\n"
+ "\n".join([
" " + colocation_el_to_string(dup, True)
for dup in duplicates
])
)
constraintsElement.appendChild(element)
utils.replace_cib_configuration(dom)
def order_add(argv,returnElementOnly=False):
if len(argv) < 2:
usage.constraint()
sys.exit(1)
resource1 = argv.pop(0)
resource2 = argv.pop(0)
if not utils.does_resource_exist(resource1):
print "Error: Resource '" + resource1 + "' does not exist"
sys.exit(1)
if not utils.does_resource_exist(resource2):
print "Error: Resource '" + resource2 + "' does not exist"
sys.exit(1)
sym = "true" if (len(argv) == 0 or argv[0] != "nonsymmetrical") else "false"
order_options = []
if len(argv) != 0:
if argv[0] == "nonsymmetrical" or argv[0] == "symmetrical":
argv.pop(0)
for arg in argv:
if arg.count("=") == 1:
mysplit = arg.split("=")
order_options.append((mysplit[0],mysplit[1]))
if len(argv) != 0:
options = " (Options: " + " ".join(argv)+")"
else:
options = ""
scorekind = "kind: Mandatory"
id_suffix = "mandatory"
for opt in order_options:
if opt[0] == "score":
scorekind = "score: " + opt[1]
id_suffix = opt[1]
break
if opt[0] == "kind":
scorekind = "kind: " + opt[1]
id_suffix = opt[1]
break
print "Adding " + resource1 + " " + resource2 + " ("+scorekind+")" + options
order_id = "order-" + resource1 + "-" + resource2 + "-" + id_suffix
if utils.does_id_exist(utils.get_cib_dom(), order_id):
print "Error: Unable to create constraint, similar constraint already exists: %s" % order_id
sys.exit(1)
(dom,constraintsElement) = getCurrentConstraints()
element = dom.createElement("rsc_order")
element.setAttribute("id",order_id)
element.setAttribute("first",resource1)
element.setAttribute("then",resource2)
for order_opt in order_options:
element.setAttribute(order_opt[0], order_opt[1])
if (sym == "false"):
element.setAttribute("symmetrical", "false")
constraintsElement.appendChild(element)
if returnElementOnly == False:
xml_constraint_string = constraintsElement.toxml()
args = ["cibadmin", "-o", "constraints", "-R", "--xml-text", xml_constraint_string]
output,retval = utils.run(args)
if output != "":
print output
if retval != 0:
sys.exit(1)
else:
return element.toxml()
def acl_role(argv):
if len(argv) < 2:
usage.acl(["role"])
sys.exit(1)
dom = utils.get_cib_dom()
dom, acls = get_acls(dom)
command = argv.pop(0)
if command == "create":
role_name = argv.pop(0)
if argv and argv[0].startswith('description=') and len(argv[0]) > 12:
description = argv.pop(0)[12:]
else:
description = ""
id_valid, id_error = utils.validate_xml_id(role_name, 'ACL role')
if not id_valid:
utils.err(id_error)
if utils.dom_get_element_with_id(dom, "acl_role", role_name):
utils.err("role %s already exists" % role_name)
if utils.does_id_exist(dom,role_name):
utils.err(role_name + " already exists")
element = dom.createElement("acl_role")
element.setAttribute("id",role_name)
if description != "":
element.setAttribute("description", description)
acls.appendChild(element)
if not add_permissions_to_role(element, argv):
usage.acl(["role create"])
sys.exit(1)
utils.replace_cib_configuration(dom)
elif command == "delete":
if len(argv) < 1:
usage.acl(["role delete"])
sys.exit(1)
role_id = argv.pop(0)
found = False
for elem in dom.getElementsByTagName("acl_role"):
if elem.getAttribute("id") == role_id:
found = True
elem.parentNode.removeChild(elem)
break
if not found:
utils.err("unable to find acl role: %s" % role_id)
# Remove any references to this role in acl_target or acl_group
for elem in dom.getElementsByTagName("role"):
if elem.getAttribute("id") == role_id:
user_group = elem.parentNode
user_group.removeChild(elem)
if "--autodelete" in utils.pcs_options:
if not user_group.getElementsByTagName("role"):
user_group.parentNode.removeChild(user_group)
utils.replace_cib_configuration(dom)
elif command == "assign":
if len(argv) < 2:
usage.acl(["role assign"])
sys.exit(1)
if len(argv) == 2:
role_id = argv[0]
ug_id = argv[1]
elif len(argv) > 2 and argv[1] == "to":
role_id = argv[0]
ug_id = argv[2]
else:
usage.acl(["role assign"])
sys.exit(1)
found = False
for role in dom.getElementsByTagName("acl_role"):
if role.getAttribute("id") == role_id:
found = True
break
if not found:
utils.err("cannot find role: %s" % role_id)
found = False
for ug in dom.getElementsByTagName("acl_target") + dom.getElementsByTagName("acl_group"):
if ug.getAttribute("id") == ug_id:
found = True
break
if not found:
utils.err("cannot find user or group: %s" % ug_id)
for current_role in ug.getElementsByTagName("role"):
if current_role.getAttribute("id") == role_id:
utils.err(role_id + " is already assigned to " + ug_id)
new_role = dom.createElement("role")
new_role.setAttribute("id", role_id)
ug.appendChild(new_role)
utils.replace_cib_configuration(dom)
elif command == "unassign":
if len(argv) < 2:
usage.acl(["role unassign"])
sys.exit(1)
role_id = argv.pop(0)
if len(argv) > 1 and argv[0] == "from":
ug_id = argv[1]
else:
ug_id = argv[0]
found = False
for ug in dom.getElementsByTagName("acl_target") + dom.getElementsByTagName("acl_group"):
if ug.getAttribute("id") == ug_id:
found = True
break
if not found:
utils.err("cannot find user or group: %s" % ug_id)
found = False
for current_role in ug.getElementsByTagName("role"):
if current_role.getAttribute("id") == role_id:
found = True
current_role.parentNode.removeChild(current_role)
break
if not found:
utils.err("cannot find role: %s, assigned to user/group: %s" % (role_id, ug_id))
if "--autodelete" in utils.pcs_options:
if not ug.getElementsByTagName("role"):
ug.parentNode.removeChild(ug)
utils.replace_cib_configuration(dom)
else:
utils.err("Unknown pcs acl role command: '" + command + "' (try create or delete)")
def acl_target(argv, group=False):
if len(argv) < 2:
if group:
usage.acl(["group"])
sys.exit(1)
else:
usage.acl(["user"])
sys.exit(1)
dom = utils.get_cib_dom()
dom, acls = get_acls(dom)
command = argv.pop(0)
tug_id = argv.pop(0)
if command == "create":
# pcsd parses the error message in order to determine whether the id is
# assigned to user/group or some other cib element
if group and utils.dom_get_element_with_id(dom, "acl_group", tug_id):
utils.err("group %s already exists" % tug_id)
if not group and utils.dom_get_element_with_id(dom, "acl_target",
tug_id):
utils.err("user %s already exists" % tug_id)
if utils.does_id_exist(dom, tug_id):
utils.err(tug_id + " already exists")
if group:
element = dom.createElement("acl_group")
else:
element = dom.createElement("acl_target")
element.setAttribute("id", tug_id)
acls.appendChild(element)
for role in argv:
if not utils.dom_get_element_with_id(acls, "acl_role", role):
utils.err("cannot find acl role: %s" % role)
r = dom.createElement("role")
r.setAttribute("id", role)
element.appendChild(r)
utils.replace_cib_configuration(dom)
elif command == "delete":
found = False
if group:
elist = dom.getElementsByTagName("acl_group")
else:
elist = dom.getElementsByTagName("acl_target")
for elem in elist:
if elem.getAttribute("id") == tug_id:
found = True
elem.parentNode.removeChild(elem)
break
if not found:
if group:
utils.err("unable to find acl group: %s" % tug_id)
else:
utils.err("unable to find acl target/user: %s" % tug_id)
utils.replace_cib_configuration(dom)
else:
if group:
usage.acl(["group"])
else:
usage.acl(["user"])
sys.exit(1)
def resource_master_create(argv, update=False):
if (len(argv) < 2 and not update) or (len(argv) < 1 and update):
usage.resource()
sys.exit(1)
dom = utils.get_cib_dom()
master_id = argv.pop(0)
if (update):
master_found = False
for master in dom.getElementsByTagName("master"):
if master.getAttribute("id") == master_id:
master_element = master
master_found = True
break
if not master_found:
print "Error: Unable to find multi-state resource with id %s" % master_id
sys.exit(1)
else:
rg_id = argv.pop(0)
if utils.does_id_exist(dom, master_id):
print "Error: %s already exists in the cib" % master_id
sys.exit(1)
resources = dom.getElementsByTagName("resources")[0]
rg_found = False
for resource in (resources.getElementsByTagName("primitive") +
resources.getElementsByTagName("group")):
if resource.getAttribute("id") == rg_id:
rg_found = True
break
if not rg_found:
print "Error: Unable to find resource or group with id %s" % rg_id
sys.exit(1)
master_element = dom.createElement("master")
master_element.setAttribute("id", master_id)
resource.parentNode.removeChild(resource)
master_element.appendChild(resource)
resources.appendChild(master_element)
if len(argv) > 0:
meta = None
for child in master_element.childNodes:
if child.nodeType != xml.dom.Node.ELEMENT_NODE:
continue
if child.tagName == "meta_attributes":
meta = child
if meta == None:
meta = dom.createElement("meta_attributes")
meta.setAttribute("id", master_id + "-meta_attributes")
master_element.appendChild(meta)
for arg in convert_args_to_tuples(argv):
for nvpair in meta.getElementsByTagName("nvpair"):
if nvpair.getAttribute("name") == arg[0]:
meta.removeChild(nvpair)
break
if arg[1] == "":
continue
nvpair = dom.createElement("nvpair")
nvpair.setAttribute("id", meta.getAttribute("id") + "-" + arg[0])
nvpair.setAttribute("name", arg[0])
nvpair.setAttribute("value", arg[1])
meta.appendChild(nvpair)
if len(meta.getElementsByTagName("nvpair")) == 0:
master_element.removeChild(meta)
utils.replace_cib_configuration(dom)
if not update:
constraint.constraint_resource_update(rg_id)
def acl_role(argv):
if len(argv) < 2:
usage.acl("role")
sys.exit(1)
dom = utils.get_cib_dom()
dom, acls = get_acls(dom)
command = argv.pop(0)
if command == "create":
role_name = argv.pop(0)
if len(argv) < 3:
usage.acl("role create")
sys.exit(1)
if argv[0].startswith('description=') and len(argv[0]) > 12:
description = argv.pop(0)[12:]
else:
description = ""
if utils.does_id_exist(dom, role_name):
utils.err(role_name + " already exists")
element = dom.createElement("acl_role")
element.setAttribute("id", role_name)
if description != "":
element.setAttribute("description", description)
acls.appendChild(element)
while (len(argv) > 2):
rwd = argv.pop(0)
if not rwd in ["read", "write", "deny"]:
usage.acl("role create")
sys.exit(1)
se = dom.createElement("acl_permission")
se.setAttribute("id",
utils.find_unique_id(dom, role_name + "-" + rwd))
se.setAttribute("kind", rwd)
xp_id = argv.pop(0)
if xp_id == "xpath":
xpath_query = argv.pop(0)
se.setAttribute("xpath", xpath_query)
elif xp_id == "id":
acl_ref = argv.pop(0)
se.setAttribute("reference", acl_ref)
else:
usage.acl("role create")
element.appendChild(se)
utils.replace_cib_configuration(dom)
elif command == "delete":
if len(argv) < 1:
usage.acl("acl role delete")
role_id = argv.pop(0)
found = False
for elem in dom.getElementsByTagName("acl_role"):
if elem.getAttribute("id") == role_id:
found = True
elem.parentNode.removeChild(elem)
break
if not found:
utils.err("unable to find acl role: %s" % role_id)
# Remove any references to this role in acl_target or acl_group
for elem in dom.getElementsByTagName("role"):
if elem.getAttribute("id") == role_id:
elem.parentNode.removeChild(elem)
utils.replace_cib_configuration(dom)
elif command == "assign":
if len(argv) < 2:
usage.acl("role assign")
sys.exit(1)
if len(argv) == 2:
role_id = argv[0]
ug_id = argv[1]
elif len(argv) > 2 and argv[1] == "to":
role_id = argv[0]
ug_id = argv[2]
else:
usage.acl("role assign")
sys.exit(1)
found = False
for role in dom.getElementsByTagName("acl_role"):
if role.getAttribute("id") == role_id:
found = True
break
if not found:
utils.err("cannot find role: %s" % role_id)
found = False
for ug in dom.getElementsByTagName(
"acl_target") + dom.getElementsByTagName("acl_group"):
if ug.getAttribute("id") == ug_id:
found = True
break
if not found:
utils.err("cannot find user or group: %s" % ug_id)
for current_role in ug.getElementsByTagName("role"):
if current_role.getAttribute("id") == role_id:
utils.err(role_id + " is already assigned to " + ug_id)
new_role = dom.createElement("role")
new_role.setAttribute("id", role_id)
ug.appendChild(new_role)
utils.replace_cib_configuration(dom)
elif command == "unassign":
if len(argv) < 2:
usage.acl("role unassign")
sys.exit(1)
role_id = argv.pop(0)
if len(argv) > 1 and argv[0] == "from":
ug_id = argv[1]
else:
ug_id = argv[0]
found = False
for ug in dom.getElementsByTagName(
"acl_target") + dom.getElementsByTagName("acl_group"):
if ug.getAttribute("id") == ug_id:
found = True
break
if not found:
utils.err("cannot find user or group: %s" % ug_id)
found = False
for current_role in ug.getElementsByTagName("role"):
if current_role.getAttribute("id") == role_id:
found = True
current_role.parentNode.removeChild(current_role)
break
if not found:
utils.err("cannot find role: %s, assigned to user/group: %s" %
(role_id, ug_id))
utils.replace_cib_configuration(dom)
else:
utils.err("Unknown pcs acl role command: '" + command +
"' (try create or delete)")
def colocation_set(argv):
setoptions = []
for i in range(len(argv)):
if argv[i] == "setoptions":
setoptions = argv[i + 1:]
argv[i:] = []
break
argv.insert(0, "set")
resource_sets = set_args_into_array(argv)
if not check_empty_resource_sets(resource_sets):
usage.constraint(["colocation set"])
sys.exit(1)
cib, constraints = getCurrentConstraints(utils.get_cib_dom())
attributes = []
score_options = ("score", "score-attribute", "score-attribute-mangle")
score_specified = False
id_specified = False
for opt in setoptions:
if "=" not in opt:
utils.err("missing value of '%s' option" % opt)
name, value = opt.split("=", 1)
if name == "id":
id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
if not id_valid:
utils.err(id_error)
if utils.does_id_exist(cib, value):
utils.err(
"id '%s' is already in use, please specify another one" %
value)
id_specified = True
attributes.append((name, value))
elif name in score_options:
if score_specified:
utils.err("you cannot specify multiple score options")
if name == "score" and not utils.is_score(value):
utils.err(
"invalid score '%s', use integer or INFINITY or -INFINITY"
% value)
score_specified = True
attributes.append((name, value))
else:
utils.err("invalid option '%s', allowed options are: %s" %
(name, ", ".join(score_options + ("id", ))))
if not score_specified:
attributes.append(("score", "INFINITY"))
if not id_specified:
colocation_id = "pcs_rsc_colocation"
for a in argv:
if "=" not in a:
colocation_id += "_" + a
attributes.append(("id", utils.find_unique_id(cib, colocation_id)))
rsc_colocation = cib.createElement("rsc_colocation")
for name, value in attributes:
rsc_colocation.setAttribute(name, value)
set_add_resource_sets(rsc_colocation, resource_sets, cib)
constraints.appendChild(rsc_colocation)
utils.replace_cib_configuration(cib)
def colocation_add(argv):
if len(argv) < 2:
usage.constraint()
sys.exit(1)
role1 = ""
role2 = ""
if len(argv) > 2:
if not utils.is_score_or_opt(argv[2]):
if argv[2] == "with":
role1 = argv.pop(0).lower().capitalize()
resource1 = argv.pop(0)
else:
resource1 = argv.pop(0)
argv.pop(0) # Pop 'with'
if len(argv) == 1:
resource2 = argv.pop(0)
else:
if utils.is_score_or_opt(argv[1]):
resource2 = argv.pop(0)
else:
role2 = argv.pop(0).lower().capitalize()
resource2 = argv.pop(0)
else:
resource1 = argv.pop(0)
resource2 = argv.pop(0)
else:
resource1 = argv.pop(0)
resource2 = argv.pop(0)
cib_dom = utils.get_cib_dom()
resource_valid, resource_error, correct_id \
= utils.validate_constraint_resource(cib_dom, resource1)
if "--autocorrect" in utils.pcs_options and correct_id:
resource1 = correct_id
elif not resource_valid:
utils.err(resource_error)
resource_valid, resource_error, correct_id \
= utils.validate_constraint_resource(cib_dom, resource2)
if "--autocorrect" in utils.pcs_options and correct_id:
resource2 = correct_id
elif not resource_valid:
utils.err(resource_error)
score, nv_pairs = parse_score_options(argv)
id_in_nvpairs = None
for name, value in nv_pairs:
if name == "id":
id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
if not id_valid:
utils.err(id_error)
if utils.does_id_exist(cib_dom, value):
utils.err(
"id '%s' is already in use, please specify another one" %
value)
id_in_nvpairs = True
if not id_in_nvpairs:
nv_pairs.append(
("id",
utils.find_unique_id(
cib_dom,
"colocation-%s-%s-%s" % (resource1, resource2, score))))
(dom, constraintsElement) = getCurrentConstraints(cib_dom)
# If one role is specified, the other should default to "started"
if role1 != "" and role2 == "":
role2 = DEFAULT_ROLE
if role2 != "" and role1 == "":
role1 = DEFAULT_ROLE
element = dom.createElement("rsc_colocation")
element.setAttribute("rsc", resource1)
element.setAttribute("with-rsc", resource2)
element.setAttribute("score", score)
if role1 != "":
element.setAttribute("rsc-role", role1)
if role2 != "":
element.setAttribute("with-rsc-role", role2)
for nv_pair in nv_pairs:
element.setAttribute(nv_pair[0], nv_pair[1])
if "--force" not in utils.pcs_options:
duplicates = colocation_find_duplicates(constraintsElement, element)
if duplicates:
utils.err(
"duplicate constraint already exists, use --force to override\n"
+ "\n".join([
" " + colocation_el_to_string(dup, True)
for dup in duplicates
]))
constraintsElement.appendChild(element)
utils.replace_cib_configuration(dom)
def acl_role(argv):
if len(argv) < 2:
usage.acl("role")
sys.exit(1)
dom = utils.get_cib_dom()
dom, acls = get_acls(dom)
command = argv.pop(0)
if command == "create":
role_name = argv.pop(0)
if len(argv) < 3:
usage.acl("role create")
sys.exit(1)
if argv[0].startswith('description=') and len(argv[0]) > 12:
description = argv.pop(0)[12:]
else:
description = ""
if utils.does_id_exist(dom,role_name):
utils.err(role_name + " already exists")
element = dom.createElement("acl_role")
element.setAttribute("id",role_name)
if description != "":
element.setAttribute("description", description)
acls.appendChild(element)
while (len(argv) > 2):
rwd = argv.pop(0)
if not rwd in ["read","write","deny"]:
usage.acl("role create")
sys.exit(1)
se = dom.createElement("acl_permission")
se.setAttribute("id", utils.find_unique_id(dom,role_name + "-" + rwd))
se.setAttribute("kind", rwd)
xp_id = argv.pop(0)
if xp_id == "xpath":
xpath_query = argv.pop(0)
se.setAttribute("xpath",xpath_query)
elif xp_id == "id":
acl_ref = argv.pop(0)
se.setAttribute("reference",acl_ref)
else:
usage.acl("role create")
element.appendChild(se)
utils.replace_cib_configuration(dom)
elif command == "delete":
if len(argv) < 1:
usage.acl("acl role delete")
role_id = argv.pop(0)
found = False
for elem in dom.getElementsByTagName("acl_role"):
if elem.getAttribute("id") == role_id:
found = True
elem.parentNode.removeChild(elem)
break
if not found:
utils.err("unable to find acl role: %s" % role_id)
# Remove any references to this role in acl_target or acl_group
for elem in dom.getElementsByTagName("role"):
if elem.getAttribute("id") == role_id:
elem.parentNode.removeChild(elem)
utils.replace_cib_configuration(dom)
elif command == "assign":
if len(argv) < 2:
usage.acl("role assign")
sys.exit(1)
if len(argv) == 2:
role_id = argv[0]
ug_id = argv[1]
elif len(argv) > 2 and argv[1] == "to":
role_id = argv[0]
ug_id = argv[2]
else:
usage.acl("role assign")
sys.exit(1)
found = False
for role in dom.getElementsByTagName("acl_role"):
if role.getAttribute("id") == role_id:
found = True
break
if not found:
utils.err("cannot find role: %s" % role_id)
found = False
for ug in dom.getElementsByTagName("acl_target") + dom.getElementsByTagName("acl_group"):
if ug.getAttribute("id") == ug_id:
found = True
break
if not found:
utils.err("cannot find user or group: %s" % ug_id)
for current_role in ug.getElementsByTagName("role"):
if current_role.getAttribute("id") == role_id:
utils.err(role_id + " is already assigned to " + ug_id)
new_role = dom.createElement("role")
new_role.setAttribute("id", role_id)
ug.appendChild(new_role)
utils.replace_cib_configuration(dom)
elif command == "unassign":
if len(argv) < 2:
usage.acl("role unassign")
sys.exit(1)
role_id = argv.pop(0)
if len(argv) > 1 and argv[0] == "from":
ug_id = argv[1]
else:
ug_id = argv[0]
found = False
for ug in dom.getElementsByTagName("acl_target") + dom.getElementsByTagName("acl_group"):
if ug.getAttribute("id") == ug_id:
found = True
break
if not found:
utils.err("cannot find user or group: %s" % ug_id)
found = False
for current_role in ug.getElementsByTagName("role"):
if current_role.getAttribute("id") == role_id:
found = True
current_role.parentNode.removeChild(current_role)
break
if not found:
utils.err("cannot find role: %s, assigned to user/group: %s" % (role_id, ug_id))
utils.replace_cib_configuration(dom)
else:
utils.err("Unknown pcs acl role command: '" + command + "' (try create or delete)")
def order_set(argv):
setoptions = []
for i in range(len(argv)):
if argv[i] == "setoptions":
setoptions = argv[i+1:]
argv[i:] = []
break
argv.insert(0, "set")
resource_sets = set_args_into_array(argv)
if not check_empty_resource_sets(resource_sets):
usage.constraint(["order set"])
sys.exit(1)
cib, constraints = getCurrentConstraints(utils.get_cib_dom())
attributes = []
id_specified = False
for opt in setoptions:
if "=" not in opt:
utils.err("missing value of '%s' option" % opt)
name, value = opt.split("=", 1)
if name == "id":
id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
if not id_valid:
utils.err(id_error)
if utils.does_id_exist(cib, value):
utils.err(
"id '%s' is already in use, please specify another one"
% value
)
id_specified = True
attributes.append((name, value))
elif name == "kind":
normalized_value = value.lower().capitalize()
if normalized_value not in OPTIONS_KIND:
utils.err(
"invalid kind value '%s', allowed values are: %s"
% (value, ", ".join(OPTIONS_KIND))
)
attributes.append((name, normalized_value))
elif name == "symmetrical":
if value.lower() not in OPTIONS_SYMMETRICAL:
utils.err(
"invalid symmetrical value '%s', allowed values are: %s"
% (value, ", ".join(OPTIONS_SYMMETRICAL))
)
attributes.append((name, value.lower()))
else:
utils.err(
"invalid option '%s', allowed options are: %s"
% (name, "kind, symmetrical, id")
)
if not id_specified:
order_id = "pcs_rsc_order"
for a in argv:
if "=" not in a:
order_id += "_" + a
attributes.append(("id", utils.find_unique_id(cib, order_id)))
rsc_order = cib.createElement("rsc_order")
for name, value in attributes:
rsc_order.setAttribute(name, value)
set_add_resource_sets(rsc_order, resource_sets, cib)
constraints.appendChild(rsc_order)
utils.replace_cib_configuration(cib)
def order_add(argv, returnElementOnly=False):
if len(argv) < 2:
usage.constraint()
sys.exit(1)
resource1 = argv.pop(0)
resource2 = argv.pop(0)
cib_dom = utils.get_cib_dom()
resource_valid, resource_error, correct_id \
= utils.validate_constraint_resource(cib_dom, resource1)
if "--autocorrect" in utils.pcs_options and correct_id:
resource1 = correct_id
elif not resource_valid:
utils.err(resource_error)
resource_valid, resource_error, correct_id \
= utils.validate_constraint_resource(cib_dom, resource2)
if "--autocorrect" in utils.pcs_options and correct_id:
resource2 = correct_id
elif not resource_valid:
utils.err(resource_error)
order_options = []
id_specified = False
sym = None
for arg in argv:
if arg == "symmetrical":
sym = "true"
elif arg == "nonsymmetrical":
sym = "false"
elif "=" in arg:
name, value = arg.split("=", 1)
if name == "id":
id_valid, id_error = utils.validate_xml_id(
value, 'constraint id')
if not id_valid:
utils.err(id_error)
if utils.does_id_exist(cib_dom, value):
utils.err(
"id '%s' is already in use, please specify another one"
% value)
id_specified = True
order_options.append((name, value))
elif name == "symmetrical":
if value.lower() in OPTIONS_SYMMETRICAL:
sym = value.lower()
else:
utils.err(
"invalid symmetrical value '%s', allowed values are: %s"
% (value, ", ".join(OPTIONS_SYMMETRICAL)))
else:
order_options.append((name, value))
if sym:
order_options.append(("symmetrical", sym))
options = ""
if order_options:
options = " (Options: %s)" % " ".join([
"%s=%s" % (name, value)
for name, value in order_options if name not in ("kind", "score")
])
scorekind = "kind: Mandatory"
id_suffix = "mandatory"
for opt in order_options:
if opt[0] == "score":
scorekind = "score: " + opt[1]
id_suffix = opt[1]
break
if opt[0] == "kind":
scorekind = "kind: " + opt[1]
id_suffix = opt[1]
break
if not id_specified:
order_id = "order-" + resource1 + "-" + resource2 + "-" + id_suffix
order_id = utils.find_unique_id(cib_dom, order_id)
order_options.append(("id", order_id))
(dom, constraintsElement) = getCurrentConstraints()
element = dom.createElement("rsc_order")
element.setAttribute("first", resource1)
element.setAttribute("then", resource2)
for order_opt in order_options:
element.setAttribute(order_opt[0], order_opt[1])
constraintsElement.appendChild(element)
if "--force" not in utils.pcs_options:
duplicates = order_find_duplicates(constraintsElement, element)
if duplicates:
utils.err(
"duplicate constraint already exists, use --force to override\n"
+ "\n".join([
" " + order_el_to_string(dup, True) for dup in duplicates
]))
print("Adding " + resource1 + " " + resource2 + " (" + scorekind + ")" +
options)
if returnElementOnly == False:
utils.replace_cib_configuration(dom)
else:
return element.toxml()
def order_add(argv,returnElementOnly=False):
if len(argv) < 2:
usage.constraint()
sys.exit(1)
resource1 = argv.pop(0)
resource2 = argv.pop(0)
cib_dom = utils.get_cib_dom()
resource_valid, resource_error, correct_id \
= utils.validate_constraint_resource(cib_dom, resource1)
if "--autocorrect" in utils.pcs_options and correct_id:
resource1 = correct_id
elif not resource_valid:
utils.err(resource_error)
resource_valid, resource_error, correct_id \
= utils.validate_constraint_resource(cib_dom, resource2)
if "--autocorrect" in utils.pcs_options and correct_id:
resource2 = correct_id
elif not resource_valid:
utils.err(resource_error)
order_options = []
id_specified = False
sym = None
for arg in argv:
if arg == "symmetrical":
sym = "true"
elif arg == "nonsymmetrical":
sym = "false"
elif "=" in arg:
name, value = arg.split("=", 1)
if name == "id":
id_valid, id_error = utils.validate_xml_id(value, 'constraint id')
if not id_valid:
utils.err(id_error)
if utils.does_id_exist(cib_dom, value):
utils.err(
"id '%s' is already in use, please specify another one"
% value
)
id_specified = True
order_options.append((name, value))
elif name == "symmetrical":
if value.lower() in OPTIONS_SYMMETRICAL:
sym = value.lower()
else:
utils.err(
"invalid symmetrical value '%s', allowed values are: %s"
% (value, ", ".join(OPTIONS_SYMMETRICAL))
)
else:
order_options.append((name, value))
if sym:
order_options.append(("symmetrical", sym))
options = ""
if order_options:
options = " (Options: %s)" % " ".join([
"%s=%s" % (name, value)
for name, value in order_options
if name not in ("kind", "score")
])
scorekind = "kind: Mandatory"
id_suffix = "mandatory"
for opt in order_options:
if opt[0] == "score":
scorekind = "score: " + opt[1]
id_suffix = opt[1]
break
if opt[0] == "kind":
scorekind = "kind: " + opt[1]
id_suffix = opt[1]
break
if not id_specified:
order_id = "order-" + resource1 + "-" + resource2 + "-" + id_suffix
order_id = utils.find_unique_id(cib_dom, order_id)
order_options.append(("id", order_id))
(dom,constraintsElement) = getCurrentConstraints()
element = dom.createElement("rsc_order")
element.setAttribute("first",resource1)
element.setAttribute("then",resource2)
for order_opt in order_options:
element.setAttribute(order_opt[0], order_opt[1])
constraintsElement.appendChild(element)
if "--force" not in utils.pcs_options:
duplicates = order_find_duplicates(constraintsElement, element)
if duplicates:
utils.err(
"duplicate constraint already exists, use --force to override\n"
+ "\n".join([
" " + order_el_to_string(dup, True) for dup in duplicates
])
)
print(
"Adding " + resource1 + " " + resource2 + " ("+scorekind+")" + options
)
if returnElementOnly == False:
utils.replace_cib_configuration(dom)
else:
return element.toxml()
def acl_target(argv,group=False):
if len(argv) < 2:
if group:
usage.acl(["group"])
sys.exit(1)
else:
usage.acl(["user"])
sys.exit(1)
dom = utils.get_cib_dom()
dom, acls = get_acls(dom)
command = argv.pop(0)
tug_id = argv.pop(0)
if command == "create":
# pcsd parses the error message in order to determine whether the id is
# assigned to user/group or some other cib element
if group and utils.dom_get_element_with_id(dom, "acl_group", tug_id):
utils.err("group %s already exists" % tug_id)
if not group and utils.dom_get_element_with_id(dom, "acl_target", tug_id):
utils.err("user %s already exists" % tug_id)
if utils.does_id_exist(dom,tug_id):
utils.err(tug_id + " already exists")
if group:
element = dom.createElement("acl_group")
else:
element = dom.createElement("acl_target")
element.setAttribute("id", tug_id)
acls.appendChild(element)
for role in argv:
if not utils.dom_get_element_with_id(acls, "acl_role", role):
utils.err("cannot find acl role: %s" % role)
r = dom.createElement("role")
r.setAttribute("id", role)
element.appendChild(r)
utils.replace_cib_configuration(dom)
elif command == "delete":
found = False
if group:
elist = dom.getElementsByTagName("acl_group")
else:
elist = dom.getElementsByTagName("acl_target")
for elem in elist:
if elem.getAttribute("id") == tug_id:
found = True
elem.parentNode.removeChild(elem)
break
if not found:
if group:
utils.err("unable to find acl group: %s" % tug_id)
else:
utils.err("unable to find acl target/user: %s" % tug_id)
utils.replace_cib_configuration(dom)
else:
if group:
usage.acl(["group"])
else:
usage.acl(["user"])
sys.exit(1)
def order_add(argv, returnElementOnly=False):
if len(argv) < 2:
usage.constraint()
sys.exit(1)
resource1 = argv.pop(0)
resource2 = argv.pop(0)
if not utils.is_valid_constraint_resource(resource1):
utils.err("Resource '" + resource1 + "' does not exist")
if not utils.is_valid_constraint_resource(resource2):
utils.err("Resource '" + resource2 + "' does not exist")
sym = "true" if (len(argv) == 0
or argv[0] != "nonsymmetrical") else "false"
order_options = []
if len(argv) != 0:
if argv[0] == "nonsymmetrical" or argv[0] == "symmetrical":
argv.pop(0)
for arg in argv:
if arg.count("=") == 1:
mysplit = arg.split("=")
order_options.append((mysplit[0], mysplit[1]))
if len(argv) != 0:
options = " (Options: " + " ".join(argv) + ")"
else:
options = ""
scorekind = "kind: Mandatory"
id_suffix = "mandatory"
for opt in order_options:
if opt[0] == "score":
scorekind = "score: " + opt[1]
id_suffix = opt[1]
break
if opt[0] == "kind":
scorekind = "kind: " + opt[1]
id_suffix = opt[1]
break
print "Adding " + resource1 + " " + resource2 + " (" + scorekind + ")" + options
order_id = "order-" + resource1 + "-" + resource2 + "-" + id_suffix
if utils.does_id_exist(utils.get_cib_dom(), order_id):
utils.err(
"Unable to create constraint, similar constraint already exists: %s"
% order_id)
(dom, constraintsElement) = getCurrentConstraints()
element = dom.createElement("rsc_order")
element.setAttribute("id", order_id)
element.setAttribute("first", resource1)
element.setAttribute("then", resource2)
for order_opt in order_options:
element.setAttribute(order_opt[0], order_opt[1])
if (sym == "false"):
element.setAttribute("symmetrical", "false")
constraintsElement.appendChild(element)
if returnElementOnly == False:
xml_constraint_string = constraintsElement.toxml()
args = [
"cibadmin", "-o", "constraints", "-R", "--xml-text",
xml_constraint_string
]
output, retval = utils.run(args)
if output != "":
print output
if retval != 0:
sys.exit(1)
else:
return element.toxml()
def acl_role(argv):
if len(argv) < 2:
usage.acl(["role"])
sys.exit(1)
dom = utils.get_cib_dom()
dom, acls = get_acls(dom)
command = argv.pop(0)
if command == "create":
role_name = argv.pop(0)
if argv and argv[0].startswith('description=') and len(argv[0]) > 12:
description = argv.pop(0)[12:]
else:
description = ""
id_valid, id_error = utils.validate_xml_id(role_name, 'ACL role')
if not id_valid:
utils.err(id_error)
if utils.dom_get_element_with_id(dom, "acl_role", role_name):
utils.err("role %s already exists" % role_name)
if utils.does_id_exist(dom, role_name):
utils.err(role_name + " already exists")
element = dom.createElement("acl_role")
element.setAttribute("id", role_name)
if description != "":
element.setAttribute("description", description)
acls.appendChild(element)
if not add_permissions_to_role(element, argv):
usage.acl(["role create"])
sys.exit(1)
utils.replace_cib_configuration(dom)
elif command == "delete":
if len(argv) < 1:
usage.acl(["role delete"])
sys.exit(1)
role_id = argv.pop(0)
found = False
for elem in dom.getElementsByTagName("acl_role"):
if elem.getAttribute("id") == role_id:
found = True
elem.parentNode.removeChild(elem)
break
if not found:
utils.err("unable to find acl role: %s" % role_id)
# Remove any references to this role in acl_target or acl_group
for elem in dom.getElementsByTagName("role"):
if elem.getAttribute("id") == role_id:
user_group = elem.parentNode
user_group.removeChild(elem)
if "--autodelete" in utils.pcs_options:
if not user_group.getElementsByTagName("role"):
user_group.parentNode.removeChild(user_group)
utils.replace_cib_configuration(dom)
elif command == "assign":
if len(argv) < 2:
usage.acl(["role assign"])
sys.exit(1)
if len(argv) == 2:
role_id = argv[0]
ug_id = argv[1]
elif len(argv) > 2 and argv[1] == "to":
role_id = argv[0]
ug_id = argv[2]
else:
usage.acl(["role assign"])
sys.exit(1)
found = False
for role in dom.getElementsByTagName("acl_role"):
if role.getAttribute("id") == role_id:
found = True
break
if not found:
utils.err("cannot find role: %s" % role_id)
found = False
for ug in dom.getElementsByTagName(
"acl_target") + dom.getElementsByTagName("acl_group"):
if ug.getAttribute("id") == ug_id:
found = True
break
if not found:
utils.err("cannot find user or group: %s" % ug_id)
for current_role in ug.getElementsByTagName("role"):
if current_role.getAttribute("id") == role_id:
utils.err(role_id + " is already assigned to " + ug_id)
new_role = dom.createElement("role")
new_role.setAttribute("id", role_id)
ug.appendChild(new_role)
utils.replace_cib_configuration(dom)
elif command == "unassign":
if len(argv) < 2:
usage.acl(["role unassign"])
sys.exit(1)
role_id = argv.pop(0)
if len(argv) > 1 and argv[0] == "from":
ug_id = argv[1]
else:
ug_id = argv[0]
found = False
for ug in dom.getElementsByTagName(
"acl_target") + dom.getElementsByTagName("acl_group"):
if ug.getAttribute("id") == ug_id:
found = True
break
if not found:
utils.err("cannot find user or group: %s" % ug_id)
found = False
for current_role in ug.getElementsByTagName("role"):
if current_role.getAttribute("id") == role_id:
found = True
current_role.parentNode.removeChild(current_role)
break
if not found:
utils.err("cannot find role: %s, assigned to user/group: %s" %
(role_id, ug_id))
if "--autodelete" in utils.pcs_options:
if not ug.getElementsByTagName("role"):
ug.parentNode.removeChild(ug)
utils.replace_cib_configuration(dom)
else:
utils.err("Unknown pcs acl role command: '" + command +
"' (try create or delete)")
