def dom_rule_add(dom_element, argv): options = {"id": None, "role": None, "score": None, "score-attribute": None} # parse options while argv: found = False option = argv.pop(0) for name in options: if option.startswith(name + "="): options[name] = option.split("=", 1)[1] found = True break if not found: argv.insert(0, option) break # validate options if options["score"] and options["score-attribute"]: utils.err("can not specify both score and score-attribute") if options["score"] and not utils.is_score(options["score"]): # preserving legacy behaviour print("Warning: invalid score '%s', setting score-attribute=pingd instead" % options["score"]) options["score-attribute"] = "pingd" options["score"] = None if options["role"] and options["role"] not in ["master", "slave"]: utils.err("invalid role '%s', use 'master' or 'slave'" % options["role"]) if options["id"]: id_valid, id_error = utils.validate_xml_id(options["id"], "rule id") if not id_valid: utils.err(id_error) if utils.does_id_exist(dom_element.ownerDocument, options["id"]): utils.err("id '%s' is already in use, please specify another one" % options["id"]) # parse rule if not argv: utils.err("no rule expression was specified") try: dom_rule = CibBuilder().build(dom_element, RuleParser().parse(TokenPreprocessor().run(argv)), options["id"]) except SyntaxError as e: utils.err("'%s' is not a valid rule expression: %s" % (" ".join(argv), e)) except UnexpectedEndOfInput as e: utils.err("'%s' is not a valid rule expression: unexpected end of rule" % " ".join(argv)) except (ParserException, CibBuilderException) as e: utils.err("'%s' is not a valid rule expression" % " ".join(argv)) # add options into rule xml if not options["score"] and not options["score-attribute"]: options["score"] = "INFINITY" for name, value in options.iteritems(): if name != "id" and value is not None: dom_rule.setAttribute(name, value) # score or score-attribute is required for the nested rules in order to have # valid CIB, pacemaker does not use the score of the nested rules for rule in dom_rule.getElementsByTagName("rule"): rule.setAttribute("score", "0") if dom_element.hasAttribute("score"): dom_element.removeAttribute("score") if dom_element.hasAttribute("node"): dom_element.removeAttribute("node") return dom_element
def order_set(argv): setoptions = [] for i in range(len(argv)): if argv[i] == "setoptions": setoptions = argv[i + 1:] argv[i:] = [] break argv.insert(0, "set") resource_sets = set_args_into_array(argv) if not check_empty_resource_sets(resource_sets): usage.constraint(["order set"]) sys.exit(1) cib, constraints = getCurrentConstraints(utils.get_cib_dom()) attributes = [] id_specified = False for opt in setoptions: if "=" not in opt: utils.err("missing value of '%s' option" % opt) name, value = opt.split("=", 1) if name == "id": id_valid, id_error = utils.validate_xml_id(value, 'constraint id') if not id_valid: utils.err(id_error) if utils.does_id_exist(cib, value): utils.err( "id '%s' is already in use, please specify another one" % value) id_specified = True attributes.append((name, value)) elif name == "kind": normalized_value = value.lower().capitalize() if normalized_value not in OPTIONS_KIND: utils.err("invalid kind value '%s', allowed values are: %s" % (value, ", ".join(OPTIONS_KIND))) attributes.append((name, normalized_value)) elif name == "symmetrical": if value.lower() not in OPTIONS_SYMMETRICAL: utils.err( "invalid symmetrical value '%s', allowed values are: %s" % (value, ", ".join(OPTIONS_SYMMETRICAL))) attributes.append((name, value.lower())) else: utils.err("invalid option '%s', allowed options are: %s" % (name, "kind, symmetrical, id")) if not id_specified: order_id = "pcs_rsc_order" for a in argv: if "=" not in a: order_id += "_" + a attributes.append(("id", utils.find_unique_id(cib, order_id))) rsc_order = cib.createElement("rsc_order") for name, value in attributes: rsc_order.setAttribute(name, value) set_add_resource_sets(rsc_order, resource_sets, cib) constraints.appendChild(rsc_order) utils.replace_cib_configuration(cib)
def location_add(argv, rm=False): if len(argv) != 4 and (rm == False or len(argv) < 1): usage.constraint() sys.exit(1) constraint_id = argv.pop(0) # If we're removing, we only care about the id if (rm == True): resource_name = "" node = "" score = "" else: id_valid, id_error = utils.validate_xml_id(constraint_id, 'constraint id') if not id_valid: utils.err(id_error) resource_name = argv.pop(0) node = argv.pop(0) score = argv.pop(0) resource_valid, resource_error = utils.validate_constraint_resource( utils.get_cib_dom(), resource_name) if not resource_valid: utils.err(resource_error) if not utils.is_score(score): utils.err( "invalid score '%s', use integer or INFINITY or -INFINITY" % score) # Verify current constraint doesn't already exist # If it does we replace it with the new constraint (dom, constraintsElement) = getCurrentConstraints() elementsToRemove = [] # If the id matches, or the rsc & node match, then we replace/remove for rsc_loc in constraintsElement.getElementsByTagName('rsc_location'): if (constraint_id == rsc_loc.getAttribute("id")) or \ (rsc_loc.getAttribute("rsc") == resource_name and \ rsc_loc.getAttribute("node") == node and not rm): elementsToRemove.append(rsc_loc) for etr in elementsToRemove: constraintsElement.removeChild(etr) if (rm == True and len(elementsToRemove) == 0): utils.err("resource location id: " + constraint_id + " not found.") if (not rm): element = dom.createElement("rsc_location") element.setAttribute("id", constraint_id) element.setAttribute("rsc", resource_name) element.setAttribute("node", node) element.setAttribute("score", score) constraintsElement.appendChild(element) utils.replace_cib_configuration(dom)
def dom_rule_add(dom_element, options, rule_argv): # validate options if options.get("score") and options.get("score-attribute"): utils.err("can not specify both score and score-attribute") if options.get("score") and not utils.is_score(options["score"]): # preserving legacy behaviour print( "Warning: invalid score '%s', setting score-attribute=pingd instead" % options["score"]) options["score-attribute"] = "pingd" options["score"] = None if options.get("role") and options["role"] not in ["master", "slave"]: utils.err("invalid role '%s', use 'master' or 'slave'" % options["role"]) if options.get("id"): id_valid, id_error = utils.validate_xml_id(options["id"], 'rule id') if not id_valid: utils.err(id_error) if utils.does_id_exist(dom_element.ownerDocument, options["id"]): utils.err("id '%s' is already in use, please specify another one" % options["id"]) # parse rule if not rule_argv: utils.err("no rule expression was specified") try: dom_rule = CibBuilder().build( dom_element, RuleParser().parse(TokenPreprocessor().run(rule_argv)), options.get("id")) except SyntaxError as e: utils.err("'%s' is not a valid rule expression: %s" % (" ".join(rule_argv), e)) except UnexpectedEndOfInput as e: utils.err( "'%s' is not a valid rule expression: unexpected end of rule" % " ".join(rule_argv)) except (ParserException, CibBuilderException) as e: utils.err("'%s' is not a valid rule expression" % " ".join(rule_argv)) # add options into rule xml if not options.get("score") and not options.get("score-attribute"): options["score"] = "INFINITY" for name, value in options.iteritems(): if name != "id" and value is not None: dom_rule.setAttribute(name, value) # score or score-attribute is required for the nested rules in order to have # valid CIB, pacemaker does not use the score of the nested rules for rule in dom_rule.getElementsByTagName("rule"): rule.setAttribute("score", "0") if dom_element.hasAttribute("score"): dom_element.removeAttribute("score") if dom_element.hasAttribute("node"): dom_element.removeAttribute("node") return dom_element
def location_add(argv,rm=False): if len(argv) != 4 and (rm == False or len(argv) < 1): usage.constraint() sys.exit(1) constraint_id = argv.pop(0) # If we're removing, we only care about the id if (rm == True): resource_name = "" node = "" score = "" else: id_valid, id_error = utils.validate_xml_id(constraint_id, 'constraint id') if not id_valid: utils.err(id_error) resource_name = argv.pop(0) node = argv.pop(0) score = argv.pop(0) resource_valid, resource_error = utils.validate_constraint_resource( utils.get_cib_dom(), resource_name ) if not resource_valid: utils.err(resource_error) if not utils.is_score(score): utils.err("invalid score '%s', use integer or INFINITY or -INFINITY" % score) # Verify current constraint doesn't already exist # If it does we replace it with the new constraint (dom,constraintsElement) = getCurrentConstraints() elementsToRemove = [] # If the id matches, or the rsc & node match, then we replace/remove for rsc_loc in constraintsElement.getElementsByTagName('rsc_location'): if (constraint_id == rsc_loc.getAttribute("id")) or \ (rsc_loc.getAttribute("rsc") == resource_name and \ rsc_loc.getAttribute("node") == node and not rm): elementsToRemove.append(rsc_loc) for etr in elementsToRemove: constraintsElement.removeChild(etr) if (rm == True and len(elementsToRemove) == 0): utils.err("resource location id: " + constraint_id + " not found.") if (not rm): element = dom.createElement("rsc_location") element.setAttribute("id",constraint_id) element.setAttribute("rsc",resource_name) element.setAttribute("node",node) element.setAttribute("score",score) constraintsElement.appendChild(element) utils.replace_cib_configuration(dom)
def location_rule(argv): if len(argv) < 3: usage.constraint(["location", "rule"]) sys.exit(1) res_name = argv.pop(0) resource_valid, resource_error, correct_id \ = utils.validate_constraint_resource(utils.get_cib_dom(), res_name) if "--autocorrect" in utils.pcs_options and correct_id: res_name = correct_id elif not resource_valid: utils.err(resource_error) argv.pop(0) # pop "rule" options, rule_argv = rule_utils.parse_argv(argv, { "constraint-id": None, "resource-discovery": None, }) # If resource-discovery is specified, we use it with the rsc_location # element not the rule if "resource-discovery" in options and options["resource-discovery"]: utils.checkAndUpgradeCIB(2, 2, 0) cib, constraints = getCurrentConstraints(utils.get_cib_dom()) lc = cib.createElement("rsc_location") lc.setAttribute("resource-discovery", options.pop("resource-discovery")) else: cib, constraints = getCurrentConstraints(utils.get_cib_dom()) lc = cib.createElement("rsc_location") constraints.appendChild(lc) if options.get("constraint-id"): id_valid, id_error = utils.validate_xml_id(options["constraint-id"], 'constraint id') if not id_valid: utils.err(id_error) if utils.does_id_exist(cib, options["constraint-id"]): utils.err("id '%s' is already in use, please specify another one" % options["constraint-id"]) lc.setAttribute("id", options["constraint-id"]) del options["constraint-id"] else: lc.setAttribute("id", utils.find_unique_id(cib, "location-" + res_name)) lc.setAttribute("rsc", res_name) rule_utils.dom_rule_add(lc, options, rule_argv) location_rule_check_duplicates(constraints, lc) utils.replace_cib_configuration(cib)
def location_rule(argv): if len(argv) < 3: usage.constraint(["location", "rule"]) sys.exit(1) res_name = argv.pop(0) resource_valid, resource_error, correct_id \ = utils.validate_constraint_resource(utils.get_cib_dom(), res_name) if "--autocorrect" in utils.pcs_options and correct_id: res_name = correct_id elif not resource_valid: utils.err(resource_error) argv.pop(0) # pop "rule" options, rule_argv = rule_utils.parse_argv(argv, {"constraint-id": None, "resource-discovery": None,}) # If resource-discovery is specified, we use it with the rsc_location # element not the rule if "resource-discovery" in options and options["resource-discovery"]: utils.checkAndUpgradeCIB(2,2,0) cib, constraints = getCurrentConstraints(utils.get_cib_dom()) lc = cib.createElement("rsc_location") lc.setAttribute("resource-discovery", options.pop("resource-discovery")) else: cib, constraints = getCurrentConstraints(utils.get_cib_dom()) lc = cib.createElement("rsc_location") constraints.appendChild(lc) if options.get("constraint-id"): id_valid, id_error = utils.validate_xml_id( options["constraint-id"], 'constraint id' ) if not id_valid: utils.err(id_error) if utils.does_id_exist(cib, options["constraint-id"]): utils.err( "id '%s' is already in use, please specify another one" % options["constraint-id"] ) lc.setAttribute("id", options["constraint-id"]) del options["constraint-id"] else: lc.setAttribute("id", utils.find_unique_id(cib, "location-" + res_name)) lc.setAttribute("rsc", res_name) rule_utils.dom_rule_add(lc, options, rule_argv) location_rule_check_duplicates(constraints, lc) utils.replace_cib_configuration(cib)
def set_property(argv): for arg in argv: args = arg.split('=') if (len(args) != 2): print "Invalid Property: " + arg continue if "--node" in utils.pcs_options: utils.set_node_attribute(args[0], args[1], utils.pcs_options["--node"]) elif ("--force" in utils.pcs_options) or utils.is_valid_property(args[0]): id_valid, id_error = utils.validate_xml_id(args[0], 'property name') if not id_valid: utils.err(id_error) utils.set_cib_property(args[0],args[1]) else: utils.err("unknown cluster property: '%s', (use --force to override)" % args[0])
def order_add(argv,returnElementOnly=False): if len(argv) < 2: usage.constraint() sys.exit(1) resource1 = argv.pop(0) resource2 = argv.pop(0) cib_dom = utils.get_cib_dom() resource_valid, resource_error, correct_id \ = utils.validate_constraint_resource(cib_dom, resource1) if "--autocorrect" in utils.pcs_options and correct_id: resource1 = correct_id elif not resource_valid: utils.err(resource_error) resource_valid, resource_error, correct_id \ = utils.validate_constraint_resource(cib_dom, resource2) if "--autocorrect" in utils.pcs_options and correct_id: resource2 = correct_id elif not resource_valid: utils.err(resource_error) order_options = [] id_specified = False sym = None for arg in argv: if arg == "symmetrical": sym = "true" elif arg == "nonsymmetrical": sym = "false" elif "=" in arg: name, value = arg.split("=", 1) if name == "id": id_valid, id_error = utils.validate_xml_id(value, 'constraint id') if not id_valid: utils.err(id_error) if utils.does_id_exist(cib_dom, value): utils.err( "id '%s' is already in use, please specify another one" % value ) id_specified = True order_options.append((name, value)) elif name == "symmetrical": if value.lower() in OPTIONS_SYMMETRICAL: sym = value.lower() else: utils.err( "invalid symmetrical value '%s', allowed values are: %s" % (value, ", ".join(OPTIONS_SYMMETRICAL)) ) else: order_options.append((name, value)) if sym: order_options.append(("symmetrical", sym)) options = "" if order_options: options = " (Options: %s)" % " ".join([ "%s=%s" % (name, value) for name, value in order_options if name not in ("kind", "score") ]) scorekind = "kind: Mandatory" id_suffix = "mandatory" for opt in order_options: if opt[0] == "score": scorekind = "score: " + opt[1] id_suffix = opt[1] break if opt[0] == "kind": scorekind = "kind: " + opt[1] id_suffix = opt[1] break if not id_specified: order_id = "order-" + resource1 + "-" + resource2 + "-" + id_suffix order_id = utils.find_unique_id(cib_dom, order_id) order_options.append(("id", order_id)) (dom,constraintsElement) = getCurrentConstraints() element = dom.createElement("rsc_order") element.setAttribute("first",resource1) element.setAttribute("then",resource2) for order_opt in order_options: element.setAttribute(order_opt[0], order_opt[1]) constraintsElement.appendChild(element) if "--force" not in utils.pcs_options: duplicates = order_find_duplicates(constraintsElement, element) if duplicates: utils.err( "duplicate constraint already exists, use --force to override\n" + "\n".join([ " " + order_el_to_string(dup, True) for dup in duplicates ]) ) print( "Adding " + resource1 + " " + resource2 + " ("+scorekind+")" + options ) if returnElementOnly == False: utils.replace_cib_configuration(dom) else: return element.toxml()
def order_set(argv): setoptions = [] for i in range(len(argv)): if argv[i] == "setoptions": setoptions = argv[i+1:] argv[i:] = [] break argv.insert(0, "set") resource_sets = set_args_into_array(argv) if not check_empty_resource_sets(resource_sets): usage.constraint(["order set"]) sys.exit(1) cib, constraints = getCurrentConstraints(utils.get_cib_dom()) attributes = [] id_specified = False for opt in setoptions: if "=" not in opt: utils.err("missing value of '%s' option" % opt) name, value = opt.split("=", 1) if name == "id": id_valid, id_error = utils.validate_xml_id(value, 'constraint id') if not id_valid: utils.err(id_error) if utils.does_id_exist(cib, value): utils.err( "id '%s' is already in use, please specify another one" % value ) id_specified = True attributes.append((name, value)) elif name == "kind": normalized_value = value.lower().capitalize() if normalized_value not in OPTIONS_KIND: utils.err( "invalid kind value '%s', allowed values are: %s" % (value, ", ".join(OPTIONS_KIND)) ) attributes.append((name, normalized_value)) elif name == "symmetrical": if value.lower() not in OPTIONS_SYMMETRICAL: utils.err( "invalid symmetrical value '%s', allowed values are: %s" % (value, ", ".join(OPTIONS_SYMMETRICAL)) ) attributes.append((name, value.lower())) else: utils.err( "invalid option '%s', allowed options are: %s" % (name, "kind, symmetrical, id") ) if not id_specified: order_id = "pcs_rsc_order" for a in argv: if "=" not in a: order_id += "_" + a attributes.append(("id", utils.find_unique_id(cib, order_id))) rsc_order = cib.createElement("rsc_order") for name, value in attributes: rsc_order.setAttribute(name, value) set_add_resource_sets(rsc_order, resource_sets, cib) constraints.appendChild(rsc_order) utils.replace_cib_configuration(cib)
def colocation_set(argv): setoptions = [] for i in range(len(argv)): if argv[i] == "setoptions": setoptions = argv[i+1:] argv[i:] = [] break argv.insert(0, "set") resource_sets = set_args_into_array(argv) if not check_empty_resource_sets(resource_sets): usage.constraint(["colocation set"]) sys.exit(1) cib, constraints = getCurrentConstraints(utils.get_cib_dom()) attributes = [] score_options = ("score", "score-attribute", "score-attribute-mangle") score_specified = False id_specified = False for opt in setoptions: if "=" not in opt: utils.err("missing value of '%s' option" % opt) name, value = opt.split("=", 1) if name == "id": id_valid, id_error = utils.validate_xml_id(value, 'constraint id') if not id_valid: utils.err(id_error) if utils.does_id_exist(cib, value): utils.err( "id '%s' is already in use, please specify another one" % value ) id_specified = True attributes.append((name, value)) elif name in score_options: if score_specified: utils.err("you cannot specify multiple score options") if name == "score" and not utils.is_score(value): utils.err( "invalid score '%s', use integer or INFINITY or -INFINITY" % value ) score_specified = True attributes.append((name, value)) else: utils.err( "invalid option '%s', allowed options are: %s" % (name, ", ".join(score_options + ("id",))) ) if not score_specified: attributes.append(("score", "INFINITY")) if not id_specified: colocation_id = "pcs_rsc_colocation" for a in argv: if "=" not in a: colocation_id += "_" + a attributes.append(("id", utils.find_unique_id(cib, colocation_id))) rsc_colocation = cib.createElement("rsc_colocation") for name, value in attributes: rsc_colocation.setAttribute(name, value) set_add_resource_sets(rsc_colocation, resource_sets, cib) constraints.appendChild(rsc_colocation) utils.replace_cib_configuration(cib)
def colocation_add(argv): if len(argv) < 2: usage.constraint() sys.exit(1) role1 = "" role2 = "" if len(argv) > 2: if not utils.is_score_or_opt(argv[2]): if argv[2] == "with": role1 = argv.pop(0).lower().capitalize() resource1 = argv.pop(0) else: resource1 = argv.pop(0) argv.pop(0) # Pop 'with' if len(argv) == 1: resource2 = argv.pop(0) else: if utils.is_score_or_opt(argv[1]): resource2 = argv.pop(0) else: role2 = argv.pop(0).lower().capitalize() resource2 = argv.pop(0) else: resource1 = argv.pop(0) resource2 = argv.pop(0) else: resource1 = argv.pop(0) resource2 = argv.pop(0) cib_dom = utils.get_cib_dom() resource_valid, resource_error, correct_id \ = utils.validate_constraint_resource(cib_dom, resource1) if "--autocorrect" in utils.pcs_options and correct_id: resource1 = correct_id elif not resource_valid: utils.err(resource_error) resource_valid, resource_error, correct_id \ = utils.validate_constraint_resource(cib_dom, resource2) if "--autocorrect" in utils.pcs_options and correct_id: resource2 = correct_id elif not resource_valid: utils.err(resource_error) score,nv_pairs = parse_score_options(argv) id_in_nvpairs = None for name, value in nv_pairs: if name == "id": id_valid, id_error = utils.validate_xml_id(value, 'constraint id') if not id_valid: utils.err(id_error) if utils.does_id_exist(cib_dom, value): utils.err( "id '%s' is already in use, please specify another one" % value ) id_in_nvpairs = True if not id_in_nvpairs: nv_pairs.append(( "id", utils.find_unique_id( cib_dom, "colocation-%s-%s-%s" % (resource1, resource2, score) ) )) (dom,constraintsElement) = getCurrentConstraints(cib_dom) # If one role is specified, the other should default to "started" if role1 != "" and role2 == "": role2 = DEFAULT_ROLE if role2 != "" and role1 == "": role1 = DEFAULT_ROLE element = dom.createElement("rsc_colocation") element.setAttribute("rsc",resource1) element.setAttribute("with-rsc",resource2) element.setAttribute("score",score) if role1 != "": element.setAttribute("rsc-role", role1) if role2 != "": element.setAttribute("with-rsc-role", role2) for nv_pair in nv_pairs: element.setAttribute(nv_pair[0], nv_pair[1]) if "--force" not in utils.pcs_options: duplicates = colocation_find_duplicates(constraintsElement, element) if duplicates: utils.err( "duplicate constraint already exists, use --force to override\n" + "\n".join([ " " + colocation_el_to_string(dup, True) for dup in duplicates ]) ) constraintsElement.appendChild(element) utils.replace_cib_configuration(dom)
def acl_role(argv): if len(argv) < 2: usage.acl(["role"]) sys.exit(1) dom = utils.get_cib_dom() dom, acls = get_acls(dom) command = argv.pop(0) if command == "create": role_name = argv.pop(0) if argv and argv[0].startswith('description=') and len(argv[0]) > 12: description = argv.pop(0)[12:] else: description = "" id_valid, id_error = utils.validate_xml_id(role_name, 'ACL role') if not id_valid: utils.err(id_error) if utils.dom_get_element_with_id(dom, "acl_role", role_name): utils.err("role %s already exists" % role_name) if utils.does_id_exist(dom,role_name): utils.err(role_name + " already exists") element = dom.createElement("acl_role") element.setAttribute("id",role_name) if description != "": element.setAttribute("description", description) acls.appendChild(element) if not add_permissions_to_role(element, argv): usage.acl(["role create"]) sys.exit(1) utils.replace_cib_configuration(dom) elif command == "delete": if len(argv) < 1: usage.acl(["role delete"]) sys.exit(1) role_id = argv.pop(0) found = False for elem in dom.getElementsByTagName("acl_role"): if elem.getAttribute("id") == role_id: found = True elem.parentNode.removeChild(elem) break if not found: utils.err("unable to find acl role: %s" % role_id) # Remove any references to this role in acl_target or acl_group for elem in dom.getElementsByTagName("role"): if elem.getAttribute("id") == role_id: user_group = elem.parentNode user_group.removeChild(elem) if "--autodelete" in utils.pcs_options: if not user_group.getElementsByTagName("role"): user_group.parentNode.removeChild(user_group) utils.replace_cib_configuration(dom) elif command == "assign": if len(argv) < 2: usage.acl(["role assign"]) sys.exit(1) if len(argv) == 2: role_id = argv[0] ug_id = argv[1] elif len(argv) > 2 and argv[1] == "to": role_id = argv[0] ug_id = argv[2] else: usage.acl(["role assign"]) sys.exit(1) found = False for role in dom.getElementsByTagName("acl_role"): if role.getAttribute("id") == role_id: found = True break if not found: utils.err("cannot find role: %s" % role_id) found = False for ug in dom.getElementsByTagName("acl_target") + dom.getElementsByTagName("acl_group"): if ug.getAttribute("id") == ug_id: found = True break if not found: utils.err("cannot find user or group: %s" % ug_id) for current_role in ug.getElementsByTagName("role"): if current_role.getAttribute("id") == role_id: utils.err(role_id + " is already assigned to " + ug_id) new_role = dom.createElement("role") new_role.setAttribute("id", role_id) ug.appendChild(new_role) utils.replace_cib_configuration(dom) elif command == "unassign": if len(argv) < 2: usage.acl(["role unassign"]) sys.exit(1) role_id = argv.pop(0) if len(argv) > 1 and argv[0] == "from": ug_id = argv[1] else: ug_id = argv[0] found = False for ug in dom.getElementsByTagName("acl_target") + dom.getElementsByTagName("acl_group"): if ug.getAttribute("id") == ug_id: found = True break if not found: utils.err("cannot find user or group: %s" % ug_id) found = False for current_role in ug.getElementsByTagName("role"): if current_role.getAttribute("id") == role_id: found = True current_role.parentNode.removeChild(current_role) break if not found: utils.err("cannot find role: %s, assigned to user/group: %s" % (role_id, ug_id)) if "--autodelete" in utils.pcs_options: if not ug.getElementsByTagName("role"): ug.parentNode.removeChild(ug) utils.replace_cib_configuration(dom) else: utils.err("Unknown pcs acl role command: '" + command + "' (try create or delete)")
def acl_role(argv): if len(argv) < 2: usage.acl(["role"]) sys.exit(1) dom = utils.get_cib_dom() dom, acls = get_acls(dom) command = argv.pop(0) if command == "create": role_name = argv.pop(0) if argv and argv[0].startswith('description=') and len(argv[0]) > 12: description = argv.pop(0)[12:] else: description = "" id_valid, id_error = utils.validate_xml_id(role_name, 'ACL role') if not id_valid: utils.err(id_error) if utils.dom_get_element_with_id(dom, "acl_role", role_name): utils.err("role %s already exists" % role_name) if utils.does_id_exist(dom, role_name): utils.err(role_name + " already exists") element = dom.createElement("acl_role") element.setAttribute("id", role_name) if description != "": element.setAttribute("description", description) acls.appendChild(element) if not add_permissions_to_role(element, argv): usage.acl(["role create"]) sys.exit(1) utils.replace_cib_configuration(dom) elif command == "delete": if len(argv) < 1: usage.acl(["role delete"]) sys.exit(1) role_id = argv.pop(0) found = False for elem in dom.getElementsByTagName("acl_role"): if elem.getAttribute("id") == role_id: found = True elem.parentNode.removeChild(elem) break if not found: utils.err("unable to find acl role: %s" % role_id) # Remove any references to this role in acl_target or acl_group for elem in dom.getElementsByTagName("role"): if elem.getAttribute("id") == role_id: user_group = elem.parentNode user_group.removeChild(elem) if "--autodelete" in utils.pcs_options: if not user_group.getElementsByTagName("role"): user_group.parentNode.removeChild(user_group) utils.replace_cib_configuration(dom) elif command == "assign": if len(argv) < 2: usage.acl(["role assign"]) sys.exit(1) if len(argv) == 2: role_id = argv[0] ug_id = argv[1] elif len(argv) > 2 and argv[1] == "to": role_id = argv[0] ug_id = argv[2] else: usage.acl(["role assign"]) sys.exit(1) found = False for role in dom.getElementsByTagName("acl_role"): if role.getAttribute("id") == role_id: found = True break if not found: utils.err("cannot find role: %s" % role_id) found = False for ug in dom.getElementsByTagName( "acl_target") + dom.getElementsByTagName("acl_group"): if ug.getAttribute("id") == ug_id: found = True break if not found: utils.err("cannot find user or group: %s" % ug_id) for current_role in ug.getElementsByTagName("role"): if current_role.getAttribute("id") == role_id: utils.err(role_id + " is already assigned to " + ug_id) new_role = dom.createElement("role") new_role.setAttribute("id", role_id) ug.appendChild(new_role) utils.replace_cib_configuration(dom) elif command == "unassign": if len(argv) < 2: usage.acl(["role unassign"]) sys.exit(1) role_id = argv.pop(0) if len(argv) > 1 and argv[0] == "from": ug_id = argv[1] else: ug_id = argv[0] found = False for ug in dom.getElementsByTagName( "acl_target") + dom.getElementsByTagName("acl_group"): if ug.getAttribute("id") == ug_id: found = True break if not found: utils.err("cannot find user or group: %s" % ug_id) found = False for current_role in ug.getElementsByTagName("role"): if current_role.getAttribute("id") == role_id: found = True current_role.parentNode.removeChild(current_role) break if not found: utils.err("cannot find role: %s, assigned to user/group: %s" % (role_id, ug_id)) if "--autodelete" in utils.pcs_options: if not ug.getElementsByTagName("role"): ug.parentNode.removeChild(ug) utils.replace_cib_configuration(dom) else: utils.err("Unknown pcs acl role command: '" + command + "' (try create or delete)")
def order_add(argv, returnElementOnly=False): if len(argv) < 2: usage.constraint() sys.exit(1) resource1 = argv.pop(0) resource2 = argv.pop(0) cib_dom = utils.get_cib_dom() resource_valid, resource_error, correct_id \ = utils.validate_constraint_resource(cib_dom, resource1) if "--autocorrect" in utils.pcs_options and correct_id: resource1 = correct_id elif not resource_valid: utils.err(resource_error) resource_valid, resource_error, correct_id \ = utils.validate_constraint_resource(cib_dom, resource2) if "--autocorrect" in utils.pcs_options and correct_id: resource2 = correct_id elif not resource_valid: utils.err(resource_error) order_options = [] id_specified = False sym = None for arg in argv: if arg == "symmetrical": sym = "true" elif arg == "nonsymmetrical": sym = "false" elif "=" in arg: name, value = arg.split("=", 1) if name == "id": id_valid, id_error = utils.validate_xml_id( value, 'constraint id') if not id_valid: utils.err(id_error) if utils.does_id_exist(cib_dom, value): utils.err( "id '%s' is already in use, please specify another one" % value) id_specified = True order_options.append((name, value)) elif name == "symmetrical": if value.lower() in OPTIONS_SYMMETRICAL: sym = value.lower() else: utils.err( "invalid symmetrical value '%s', allowed values are: %s" % (value, ", ".join(OPTIONS_SYMMETRICAL))) else: order_options.append((name, value)) if sym: order_options.append(("symmetrical", sym)) options = "" if order_options: options = " (Options: %s)" % " ".join([ "%s=%s" % (name, value) for name, value in order_options if name not in ("kind", "score") ]) scorekind = "kind: Mandatory" id_suffix = "mandatory" for opt in order_options: if opt[0] == "score": scorekind = "score: " + opt[1] id_suffix = opt[1] break if opt[0] == "kind": scorekind = "kind: " + opt[1] id_suffix = opt[1] break if not id_specified: order_id = "order-" + resource1 + "-" + resource2 + "-" + id_suffix order_id = utils.find_unique_id(cib_dom, order_id) order_options.append(("id", order_id)) (dom, constraintsElement) = getCurrentConstraints() element = dom.createElement("rsc_order") element.setAttribute("first", resource1) element.setAttribute("then", resource2) for order_opt in order_options: element.setAttribute(order_opt[0], order_opt[1]) constraintsElement.appendChild(element) if "--force" not in utils.pcs_options: duplicates = order_find_duplicates(constraintsElement, element) if duplicates: utils.err( "duplicate constraint already exists, use --force to override\n" + "\n".join([ " " + order_el_to_string(dup, True) for dup in duplicates ])) print("Adding " + resource1 + " " + resource2 + " (" + scorekind + ")" + options) if returnElementOnly == False: utils.replace_cib_configuration(dom) else: return element.toxml()
def colocation_set(argv): setoptions = [] for i in range(len(argv)): if argv[i] == "setoptions": setoptions = argv[i + 1:] argv[i:] = [] break argv.insert(0, "set") resource_sets = set_args_into_array(argv) if not check_empty_resource_sets(resource_sets): usage.constraint(["colocation set"]) sys.exit(1) cib, constraints = getCurrentConstraints(utils.get_cib_dom()) attributes = [] score_options = ("score", "score-attribute", "score-attribute-mangle") score_specified = False id_specified = False for opt in setoptions: if "=" not in opt: utils.err("missing value of '%s' option" % opt) name, value = opt.split("=", 1) if name == "id": id_valid, id_error = utils.validate_xml_id(value, 'constraint id') if not id_valid: utils.err(id_error) if utils.does_id_exist(cib, value): utils.err( "id '%s' is already in use, please specify another one" % value) id_specified = True attributes.append((name, value)) elif name in score_options: if score_specified: utils.err("you cannot specify multiple score options") if name == "score" and not utils.is_score(value): utils.err( "invalid score '%s', use integer or INFINITY or -INFINITY" % value) score_specified = True attributes.append((name, value)) else: utils.err("invalid option '%s', allowed options are: %s" % (name, ", ".join(score_options + ("id", )))) if not score_specified: attributes.append(("score", "INFINITY")) if not id_specified: colocation_id = "pcs_rsc_colocation" for a in argv: if "=" not in a: colocation_id += "_" + a attributes.append(("id", utils.find_unique_id(cib, colocation_id))) rsc_colocation = cib.createElement("rsc_colocation") for name, value in attributes: rsc_colocation.setAttribute(name, value) set_add_resource_sets(rsc_colocation, resource_sets, cib) constraints.appendChild(rsc_colocation) utils.replace_cib_configuration(cib)
def colocation_add(argv): if len(argv) < 2: usage.constraint() sys.exit(1) role1 = "" role2 = "" if len(argv) > 2: if not utils.is_score_or_opt(argv[2]): if argv[2] == "with": role1 = argv.pop(0).lower().capitalize() resource1 = argv.pop(0) else: resource1 = argv.pop(0) argv.pop(0) # Pop 'with' if len(argv) == 1: resource2 = argv.pop(0) else: if utils.is_score_or_opt(argv[1]): resource2 = argv.pop(0) else: role2 = argv.pop(0).lower().capitalize() resource2 = argv.pop(0) else: resource1 = argv.pop(0) resource2 = argv.pop(0) else: resource1 = argv.pop(0) resource2 = argv.pop(0) cib_dom = utils.get_cib_dom() resource_valid, resource_error, correct_id \ = utils.validate_constraint_resource(cib_dom, resource1) if "--autocorrect" in utils.pcs_options and correct_id: resource1 = correct_id elif not resource_valid: utils.err(resource_error) resource_valid, resource_error, correct_id \ = utils.validate_constraint_resource(cib_dom, resource2) if "--autocorrect" in utils.pcs_options and correct_id: resource2 = correct_id elif not resource_valid: utils.err(resource_error) score, nv_pairs = parse_score_options(argv) id_in_nvpairs = None for name, value in nv_pairs: if name == "id": id_valid, id_error = utils.validate_xml_id(value, 'constraint id') if not id_valid: utils.err(id_error) if utils.does_id_exist(cib_dom, value): utils.err( "id '%s' is already in use, please specify another one" % value) id_in_nvpairs = True if not id_in_nvpairs: nv_pairs.append( ("id", utils.find_unique_id( cib_dom, "colocation-%s-%s-%s" % (resource1, resource2, score)))) (dom, constraintsElement) = getCurrentConstraints(cib_dom) # If one role is specified, the other should default to "started" if role1 != "" and role2 == "": role2 = DEFAULT_ROLE if role2 != "" and role1 == "": role1 = DEFAULT_ROLE element = dom.createElement("rsc_colocation") element.setAttribute("rsc", resource1) element.setAttribute("with-rsc", resource2) element.setAttribute("score", score) if role1 != "": element.setAttribute("rsc-role", role1) if role2 != "": element.setAttribute("with-rsc-role", role2) for nv_pair in nv_pairs: element.setAttribute(nv_pair[0], nv_pair[1]) if "--force" not in utils.pcs_options: duplicates = colocation_find_duplicates(constraintsElement, element) if duplicates: utils.err( "duplicate constraint already exists, use --force to override\n" + "\n".join([ " " + colocation_el_to_string(dup, True) for dup in duplicates ])) constraintsElement.appendChild(element) utils.replace_cib_configuration(dom)
def testValidateXmlId(self): self.assertEquals((True, ""), utils.validate_xml_id("dummy")) self.assertEquals((True, ""), utils.validate_xml_id("DUMMY")) self.assertEquals((True, ""), utils.validate_xml_id("dUmMy")) self.assertEquals((True, ""), utils.validate_xml_id("dummy0")) self.assertEquals((True, ""), utils.validate_xml_id("dum0my")) self.assertEquals((True, ""), utils.validate_xml_id("dummy-")) self.assertEquals((True, ""), utils.validate_xml_id("dum-my")) self.assertEquals((True, ""), utils.validate_xml_id("dummy.")) self.assertEquals((True, ""), utils.validate_xml_id("dum.my")) self.assertEquals((True, ""), utils.validate_xml_id("_dummy")) self.assertEquals((True, ""), utils.validate_xml_id("dummy_")) self.assertEquals((True, ""), utils.validate_xml_id("dum_my")) self.assertEquals((False, "test id cannot be empty"), utils.validate_xml_id("", "test id")) msg = "invalid test id '%s', '%s' is not a valid first character for a test id" self.assertEquals((False, msg % ("0", "0")), utils.validate_xml_id("0", "test id")) self.assertEquals((False, msg % ("-", "-")), utils.validate_xml_id("-", "test id")) self.assertEquals((False, msg % (".", ".")), utils.validate_xml_id(".", "test id")) self.assertEquals((False, msg % (":", ":")), utils.validate_xml_id(":", "test id")) self.assertEquals((False, msg % ("0dummy", "0")), utils.validate_xml_id("0dummy", "test id")) self.assertEquals((False, msg % ("-dummy", "-")), utils.validate_xml_id("-dummy", "test id")) self.assertEquals((False, msg % (".dummy", ".")), utils.validate_xml_id(".dummy", "test id")) self.assertEquals((False, msg % (":dummy", ":")), utils.validate_xml_id(":dummy", "test id")) msg = "invalid test id '%s', '%s' is not a valid character for a test id" self.assertEquals((False, msg % ("dum:my", ":")), utils.validate_xml_id("dum:my", "test id")) self.assertEquals((False, msg % ("dummy:", ":")), utils.validate_xml_id("dummy:", "test id")) self.assertEquals((False, msg % ("dum?my", "?")), utils.validate_xml_id("dum?my", "test id")) self.assertEquals((False, msg % ("dummy?", "?")), utils.validate_xml_id("dummy?", "test id"))
def location_add(argv,rm=False): if len(argv) < 4 and (rm == False or len(argv) < 1): usage.constraint() sys.exit(1) constraint_id = argv.pop(0) # If we're removing, we only care about the id if (rm == True): resource_name = "" node = "" score = "" else: id_valid, id_error = utils.validate_xml_id(constraint_id, 'constraint id') if not id_valid: utils.err(id_error) resource_name = argv.pop(0) node = argv.pop(0) score = argv.pop(0) options = [] # For now we only allow setting resource-discovery if len(argv) > 0: for arg in argv: if '=' in arg: options.append(arg.split('=',1)) else: print("Error: bad option '%s'" % arg) usage.constraint(["location add"]) sys.exit(1) if options[-1][0] != "resource-discovery" and "--force" not in utils.pcs_options: utils.err("bad option '%s', use --force to override" % options[-1][0]) resource_valid, resource_error, correct_id \ = utils.validate_constraint_resource( utils.get_cib_dom(), resource_name ) if "--autocorrect" in utils.pcs_options and correct_id: resource_name = correct_id elif not resource_valid: utils.err(resource_error) if not utils.is_score(score): utils.err("invalid score '%s', use integer or INFINITY or -INFINITY" % score) # Verify current constraint doesn't already exist # If it does we replace it with the new constraint (dom,constraintsElement) = getCurrentConstraints() elementsToRemove = [] # If the id matches, or the rsc & node match, then we replace/remove for rsc_loc in constraintsElement.getElementsByTagName('rsc_location'): if (constraint_id == rsc_loc.getAttribute("id")) or \ (rsc_loc.getAttribute("rsc") == resource_name and \ rsc_loc.getAttribute("node") == node and not rm): elementsToRemove.append(rsc_loc) for etr in elementsToRemove: constraintsElement.removeChild(etr) if (rm == True and len(elementsToRemove) == 0): utils.err("resource location id: " + constraint_id + " not found.") if (not rm): element = dom.createElement("rsc_location") element.setAttribute("id",constraint_id) element.setAttribute("rsc",resource_name) element.setAttribute("node",node) element.setAttribute("score",score) for option in options: element.setAttribute(option[0], option[1]) constraintsElement.appendChild(element) utils.replace_cib_configuration(dom)
def testValidateXmlId(self): self.assertEquals((True, ""), utils.validate_xml_id("dummy")) self.assertEquals((True, ""), utils.validate_xml_id("DUMMY")) self.assertEquals((True, ""), utils.validate_xml_id("dUmMy")) self.assertEquals((True, ""), utils.validate_xml_id("dummy0")) self.assertEquals((True, ""), utils.validate_xml_id("dum0my")) self.assertEquals((True, ""), utils.validate_xml_id("dummy-")) self.assertEquals((True, ""), utils.validate_xml_id("dum-my")) self.assertEquals((True, ""), utils.validate_xml_id("dummy.")) self.assertEquals((True, ""), utils.validate_xml_id("dum.my")) self.assertEquals((True, ""), utils.validate_xml_id("_dummy")) self.assertEquals((True, ""), utils.validate_xml_id("dummy_")) self.assertEquals((True, ""), utils.validate_xml_id("dum_my")) self.assertEquals( (False, "test id cannot be empty"), utils.validate_xml_id("", "test id") ) msg = "invalid test id '%s', '%s' is not a valid first character for a test id" self.assertEquals( (False, msg % ("0", "0")), utils.validate_xml_id("0", "test id") ) self.assertEquals( (False, msg % ("-", "-")), utils.validate_xml_id("-", "test id") ) self.assertEquals( (False, msg % (".", ".")), utils.validate_xml_id(".", "test id") ) self.assertEquals( (False, msg % (":", ":")), utils.validate_xml_id(":", "test id") ) self.assertEquals( (False, msg % ("0dummy", "0")), utils.validate_xml_id("0dummy", "test id") ) self.assertEquals( (False, msg % ("-dummy", "-")), utils.validate_xml_id("-dummy", "test id") ) self.assertEquals( (False, msg % (".dummy", ".")), utils.validate_xml_id(".dummy", "test id") ) self.assertEquals( (False, msg % (":dummy", ":")), utils.validate_xml_id(":dummy", "test id") ) msg = "invalid test id '%s', '%s' is not a valid character for a test id" self.assertEquals( (False, msg % ("dum:my", ":")), utils.validate_xml_id("dum:my", "test id") ) self.assertEquals( (False, msg % ("dummy:", ":")), utils.validate_xml_id("dummy:", "test id") ) self.assertEquals( (False, msg % ("dum?my", "?")), utils.validate_xml_id("dum?my", "test id") ) self.assertEquals( (False, msg % ("dummy?", "?")), utils.validate_xml_id("dummy?", "test id") )
def location_add(argv, rm=False): if len(argv) < 4 and (rm == False or len(argv) < 1): usage.constraint() sys.exit(1) constraint_id = argv.pop(0) # If we're removing, we only care about the id if (rm == True): resource_name = "" node = "" score = "" else: id_valid, id_error = utils.validate_xml_id(constraint_id, 'constraint id') if not id_valid: utils.err(id_error) resource_name = argv.pop(0) node = argv.pop(0) score = argv.pop(0) options = [] # For now we only allow setting resource-discovery if len(argv) > 0: for arg in argv: if '=' in arg: options.append(arg.split('=', 1)) else: print("Error: bad option '%s'" % arg) usage.constraint(["location add"]) sys.exit(1) if options[-1][ 0] != "resource-discovery" and "--force" not in utils.pcs_options: utils.err("bad option '%s', use --force to override" % options[-1][0]) resource_valid, resource_error, correct_id \ = utils.validate_constraint_resource( utils.get_cib_dom(), resource_name ) if "--autocorrect" in utils.pcs_options and correct_id: resource_name = correct_id elif not resource_valid: utils.err(resource_error) if not utils.is_score(score): utils.err( "invalid score '%s', use integer or INFINITY or -INFINITY" % score) # Verify current constraint doesn't already exist # If it does we replace it with the new constraint (dom, constraintsElement) = getCurrentConstraints() elementsToRemove = [] # If the id matches, or the rsc & node match, then we replace/remove for rsc_loc in constraintsElement.getElementsByTagName('rsc_location'): if (constraint_id == rsc_loc.getAttribute("id")) or \ (rsc_loc.getAttribute("rsc") == resource_name and \ rsc_loc.getAttribute("node") == node and not rm): elementsToRemove.append(rsc_loc) for etr in elementsToRemove: constraintsElement.removeChild(etr) if (rm == True and len(elementsToRemove) == 0): utils.err("resource location id: " + constraint_id + " not found.") if (not rm): element = dom.createElement("rsc_location") element.setAttribute("id", constraint_id) element.setAttribute("rsc", resource_name) element.setAttribute("node", node) element.setAttribute("score", score) for option in options: element.setAttribute(option[0], option[1]) constraintsElement.appendChild(element) utils.replace_cib_configuration(dom)