From 01d3e07ec6c5240633633cb56d1bc915190f40a5 Mon Sep 17 00:00:00 2001 From: Brandon Perkins Date: Fri, 24 Apr 2020 18:19:19 -0400 Subject: [PATCH 1/4] Replace aws command line with OCF_RESKEY_awscli property. --- heartbeat/aws-vpc-move-ip | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/heartbeat/aws-vpc-move-ip b/heartbeat/aws-vpc-move-ip index 26ca6007d..af697adbe 100755 --- a/heartbeat/aws-vpc-move-ip +++ b/heartbeat/aws-vpc-move-ip @@ -159,14 +159,14 @@ END execute_cmd_as_role(){ cmd=$1 role=$2 - output="$(aws sts assume-role --role-arn $role --role-session-name AWSCLI-RouteTableUpdate --profile $OCF_RESKEY_profile --output=text)" + output="$($OCF_RESKEY_awscli sts assume-role --role-arn $role --role-session-name AWSCLI-RouteTableUpdate --profile $OCF_RESKEY_profile --output=text)" export AWS_ACCESS_KEY_ID="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $5}')" export AWS_SECRET_ACCESS_KEY="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $7}')" export AWS_SESSION_TOKEN="$(echo $output | awk -F" " '$4=="CREDENTIALS" {print $8}')" #Execute command ocf_log debug "Assumed Role ${role}" - ocf_log debug "$(aws sts get-caller-identity)" + ocf_log debug "$($OCF_RESKEY_awscli sts get-caller-identity)" ocf_log debug "executing command: $cmd" response="$($cmd)" unset output AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN @@ -181,7 +181,7 @@ ec2ip_set_address_param_compat(){ } ec2ip_validate() { - for cmd in aws ip curl; do + for cmd in $OCF_RESKEY_awscli ip curl; do check_binary "$cmd" done From 20466ba91c21a489303774ac9a1f5f5fd7b86f12 Mon Sep 17 00:00:00 2001 From: Brandon Perkins Date: Fri, 24 Apr 2020 18:20:17 -0400 Subject: [PATCH 2/4] - Replace aws command line with OCF_RESKEY_awscli property. - Add OCF_RESKEY_awscli and OCF_RESKEY_profile default variables. - Add awscli (Path to AWS CLI tools) parameter. - Remove required attribute on profile parameter. - Replace --profile $OCF_RESKEY_profile with AWS_PROFILE_OPT. --- heartbeat/aws-vpc-route53.in | 71 ++++++++++++++++++++++-------------- 1 file changed, 43 insertions(+), 28 deletions(-) diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in index ca6556951..3042b345b 100644 --- a/heartbeat/aws-vpc-route53.in +++ b/heartbeat/aws-vpc-route53.in @@ -43,11 +43,16 @@ : ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/lib/heartbeat} . ${OCF_FUNCTIONS_DIR}/ocf-shellfuncs +# Defaults +OCF_RESKEY_awscli_default="/usr/bin/aws" +OCF_RESKEY_profile_default="default" OCF_RESKEY_hostedzoneid_default="" OCF_RESKEY_fullname_default="" OCF_RESKEY_ip_default="local" OCF_RESKEY_ttl_default=10 +: ${OCF_RESKEY_awscli=${OCF_RESKEY_awscli_default}} +: ${OCF_RESKEY_profile=${OCF_RESKEY_profile_default}} : ${OCF_RESKEY_hostedzoneid:=${OCF_RESKEY_hostedzoneid_default}} : ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}} : ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}} @@ -103,7 +108,35 @@ primitive res_route53 ocf:heartbeat:aws-vpc-route53 \ meta target-role=Started Update Route53 VPC record for AWS EC2 + + + +Path to command line tools for AWS + +Path to AWS CLI tools + + + + + +The name of the AWS CLI profile of the root account. This +profile will have to use the "text" format for CLI output. +The file /root/.aws/config should have an entry which looks +like: + + [profile cluster] + region = us-east-1 + output = text + +"cluster" is the name which has to be used in the cluster +configuration. The region has to be the current one. The +output has to be "text". + +AWS Profile Name + + + Hosted zone ID of Route 53. This is the table of @@ -112,6 +145,7 @@ the Route 53 record. AWS hosted zone ID + The full name of the service which will host the IP address. @@ -121,6 +155,7 @@ Note: The trailing dot is important to Route53! Full service name + IP (local (default), public or secondary private IP address (e.g. 10.0.0.1). @@ -130,6 +165,7 @@ A secondary private IP can be setup with the awsvip agent. Type of IP or secondary private IP address (local, public or e.g. 10.0.0.1) + Time to live for Route53 ARECORD @@ -137,25 +173,8 @@ Time to live for Route53 ARECORD ARECORD TTL - - -The name of the AWS CLI profile of the root account. This -profile will have to use the "text" format for CLI output. -The file /root/.aws/config should have an entry which looks -like: - - [profile cluster] - region = us-east-1 - output = text - -"cluster" is the name which has to be used in the cluster -configuration. The region has to be the current one. The -output has to be "text". - -AWS Profile Name - - + @@ -198,17 +217,13 @@ r53_validate() { [[ -z "$OCF_RESKEY_ttl" ]] && ocf_log error "TTL not set $OCF_RESKEY_ttl!" && exit $OCF_ERR_CONFIGURED ocf_log debug "Testing aws command" - aws --version 2>&1 + $OCF_RESKEY_awscli --version 2>&1 if [ "$?" -gt 0 ]; then ocf_log error "Error while executing aws command as user root! Please check if AWS CLI tools (Python flavor) are properly installed and configured." && exit $OCF_ERR_INSTALLED fi ocf_log debug "ok" - if [ -n "$OCF_RESKEY_profile" ]; then - AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10" - else - AWS_PROFILE_OPT="--profile default --cli-connect-timeout 10" - fi + AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10" return $OCF_SUCCESS } @@ -261,7 +276,7 @@ r53_monitor() { # if [ "$__OCF_ACTION" = "start" ] || ocf_is_probe ; then # - cmd="aws $AWS_PROFILE_OPT route53 list-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --query ResourceRecordSets[?Name=='$OCF_RESKEY_fullname']" + cmd="$OCF_RESKEY_awscli $AWS_PROFILE_OPT route53 list-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --query ResourceRecordSets[?Name=='$OCF_RESKEY_fullname']" ocf_log info "Route53 Agent Starting or probing - executing monitoring API call: $cmd" CLIRES="$($cmd 2>&1)" rc=$? @@ -293,7 +308,7 @@ r53_monitor() { # if [[ ! $ARECORD =~ $IPREGEX ]] || [ $rc -ne 0 ]; then ocf_log info "Fallback to Route53 API query due to DNS resolution failure" - cmd="aws $AWS_PROFILE_OPT route53 list-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --query ResourceRecordSets[?Name=='$OCF_RESKEY_fullname']" + cmd="$OCF_RESKEY_awscli $AWS_PROFILE_OPT route53 list-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --query ResourceRecordSets[?Name=='$OCF_RESKEY_fullname']" ocf_log debug "executing monitoring API call: $cmd" CLIRES="$($cmd 2>&1)" rc=$? @@ -372,7 +387,7 @@ _update_record() { ] } EOF - cmd="aws --profile $OCF_RESKEY_profile route53 change-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --change-batch file://$ROUTE53RECORD " + cmd="$OCF_RESKEY_awscli $AWS_PROFILE_OPT route53 change-resource-record-sets --hosted-zone-id $OCF_RESKEY_hostedzoneid --change-batch file://$ROUTE53RECORD " ocf_log debug "Executing command: $cmd" CLIRES="$($cmd 2>&1)" rc=$? @@ -392,7 +407,7 @@ _update_record() { MYSECONDS=20 while [ "$STATUS" = 'PENDING' ]; do sleep $MYSECONDS - STATUS="$(aws --profile $OCF_RESKEY_profile route53 get-change --id $CHANGEID | grep CHANGEINFO | awk -F'\t' '{ print $4 }' |cut -d'"' -f 2 )" + STATUS="$($OCF_RESKEY_awscli $AWS_PROFILE_OPT route53 get-change --id $CHANGEID | grep CHANGEINFO | awk -F'\t' '{ print $4 }' |cut -d'"' -f 2 )" ocf_log debug "Waited for $MYSECONDS seconds and checked execution of Route 53 update status: $STATUS " done } From 113bee3ae17a8d610edc0e3879b56e96efbe8b31 Mon Sep 17 00:00:00 2001 From: Brandon Perkins Date: Mon, 27 Apr 2020 11:08:27 -0400 Subject: [PATCH 3/4] Move AWS_PROFILE_OPT before the start/stop/etc and after the usage/meta-data case statements. --- heartbeat/aws-vpc-route53.in | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in index 3042b345b..ee4f8afcb 100644 --- a/heartbeat/aws-vpc-route53.in +++ b/heartbeat/aws-vpc-route53.in @@ -223,8 +223,6 @@ r53_validate() { fi ocf_log debug "ok" - AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10" - return $OCF_SUCCESS } @@ -423,6 +421,11 @@ case $__OCF_ACTION in metadata exit $OCF_SUCCESS ;; +esac + +AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10" + +case $__OCF_ACTION in start) r53_validate || exit $? r53_start From 8f46c90a73731be0c8f99adcd718f7cfc2d52002 Mon Sep 17 00:00:00 2001 From: Brandon Perkins Date: Mon, 27 Apr 2020 11:54:22 -0400 Subject: [PATCH 4/4] Move AWS_PROFILE_OPT before functions and after initialization. --- heartbeat/aws-vpc-route53.in | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/heartbeat/aws-vpc-route53.in b/heartbeat/aws-vpc-route53.in index ee4f8afcb..b06b93726 100644 --- a/heartbeat/aws-vpc-route53.in +++ b/heartbeat/aws-vpc-route53.in @@ -37,6 +37,7 @@ # # Mar. 15, 2017, vers 1.0.2 + ####################################################################### # Initialization: @@ -57,9 +58,13 @@ OCF_RESKEY_ttl_default=10 : ${OCF_RESKEY_fullname:=${OCF_RESKEY_fullname_default}} : ${OCF_RESKEY_ip:=${OCF_RESKEY_ip_default}} : ${OCF_RESKEY_ttl:=${OCF_RESKEY_ttl_default}} +####################################################################### + +AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10" ####################################################################### + usage() { cat <<-EOT usage: $0 {start|stop|status|monitor|validate-all|meta-data} @@ -421,11 +426,6 @@ case $__OCF_ACTION in metadata exit $OCF_SUCCESS ;; -esac - -AWS_PROFILE_OPT="--profile $OCF_RESKEY_profile --cli-connect-timeout 10" - -case $__OCF_ACTION in start) r53_validate || exit $? r53_start