#!/bin/sh
#
#
#	ntp
#	Description: Manages the ntp service as a stateful ntp OCF resource
#	Master	-> ntp runs as server
#	Slave	-> ntp runs as client
#
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of version 2 of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Further, this software is distributed without any warranty that it is
# free of the rightful claim of any third person regarding infringement
# or the like.  Any license provided herein, whether implied or
# otherwise, applies only to this software file.  Patent licenses, if
# any, provided herein do not apply to combinations of this program with
# other software, or any other product whatsoever.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA.
#
# Copyright (c) 2010 T-Systems GEI GmbH, Simon Jansen <simon.jansen@t-systems.com>
#                    All Rights Reserved.
#
#######################################################################
#
# OCF Parameters:
#	OCF_RESKEY_binfile		: Executable file
#	OCF_RESKEY_user			: NTP user
#	OCF_RESKEY_master_config	: Configuration file for master
#	OCF_RESKEY_slave_config		: Configuration file for slave
#	OCF_RESKEY_port			: UDP port ntp is listening on
#	OCF_RESKEY_pidfile		: Process id file
#	OCF_RESKEY_lockfile		: Lock file
#	OCF_RESKEY_further_params	: Further parameters
#	OCF_RESKEY_nmap_binfile		: Executable file of nmap
#
# Parameters with default values:	OCF_RESKEY_binfile,
#					OCF_RESKEY_user,
#					OCF_RESKEY_master_config,
#					OCF_RESKEY_slave_config,
#					OCF_RESKEY_port,
#					OCF_RESKEY_pidfile,
#					OCF_RESKEY_lockfile,
#					OCF_RESKEY_further_params,
#					OCF_RESKEY_nmap_binfile
#
#######################################################################
# Initialization:

: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/resource.d/heartbeat}
. ${OCF_FUNCTIONS_DIR}/.ocf-shellfuncs
CRM_MASTER="${HA_SBIN_DIR}/crm_master -l reboot"

#######################################################################


#----------------------------------------------------------------------
# Definitions and default values
#----------------------------------------------------------------------
# Define default values for parameters
OCF_RESKEY_binfile_default="/usr/sbin/ntpd"
OCF_RESKEY_user_default="ntp"
OCF_RESKEY_master_config_default="/etc/ntp_master.conf"
OCF_RESKEY_slave_config_default="/etc/ntp_slave.conf"
OCF_RESKEY_port_default="123"
OCF_RESKEY_pidfile_default="/var/run/ntpd.pid"
OCF_RESKEY_lockfile_default="/var/lock/ntpdate"
OCF_RESKEY_nmap_binfile_default="/usr/bin/nmap"

# Fill in defaults if no values are defined
: ${OCF_RESKEY_binfile=${OCF_RESKEY_binfile_default}}
: ${OCF_RESKEY_user=${OCF_RESKEY_user_default}}
: ${OCF_RESKEY_master_config=${OCF_RESKEY_master_config_default}}
: ${OCF_RESKEY_slave_config=${OCF_RESKEY_slave_config_default}}
: ${OCF_RESKEY_port=${OCF_RESKEY_port_default}}
: ${OCF_RESKEY_pidfile=${OCF_RESKEY_pidfile_default}}
: ${OCF_RESKEY_lockfile=${OCF_RESKEY_lockfile_default}}
: ${OCF_RESKEY_nmap_binfile=${OCF_RESKEY_nmap_binfile_default}}

#----------------------------------------------------------------------
# Functions
#----------------------------------------------------------------------
meta_data() {
cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="ntp">
<version>1.0</version>

<longdesc lang="en">
This is an OCF stateful resource agent to manage the ntp service in a high-availability setup.
In the master role the node starts the service with the master config and in the slave role
with the slave config.
The agent monitors the service in the master role via nmap by checking the status of the port ntp is listening on. 
So you have to install nmap to use this RA.
</longdesc>
<shortdesc lang="en">Manages a ntp instance as a master/slave resource</shortdesc>

<parameters>
<parameter name="binfile" unique="0" required="0">
<longdesc lang="en">
This parameter defines the executable file of the ntp service.
The default value is ${OCF_RESKEY_binfile_default}.
</longdesc>
<shortdesc lang="en">Executable file</shortdesc>
<content type="string" default="$OCF_RESKEY_binfile_default" />
</parameter>

<parameter name="user" unique="0" required="0">
<longdesc lang="en">
This parameter defines the user of the ntp service.
The default value is ${OCF_RESKEY_user_default}.
</longdesc>
<shortdesc lang="en">Executable file</shortdesc>
<content type="string" default="$OCF_RESKEY_user_default" />
</parameter>

<parameter name="master_config" unique="0" required="0">
<longdesc lang="en">
This parameter defines the configuration file of the ntp service in the master role.
The default value is ${OCF_RESKEY_master_config_default}.
</longdesc>
<shortdesc lang="en">Master configuration file</shortdesc>
<content type="string" default="$OCF_RESKEY_master_config_default" />
</parameter>

<parameter name="slave_config" unique="0" required="0">
<longdesc lang="en">
This parameter defines the configuration file of the ntp service in the slave role.
The default value is ${OCF_RESKEY_slave_config_default}.
</longdesc>
<shortdesc lang="en">Slave configuration file</shortdesc>
<content type="string" default="$OCF_RESKEY_slave_config_default" />
</parameter>

<parameter name="port" unique="0" required="0">
<longdesc lang="en">
This parameter defines the UDP port ntp is listening on.
The port is defined in the configuration file. This value is only 
used to monitor the service via nmap.
The default value is ${OCF_RESKEY_port_default}.
</longdesc>
<shortdesc lang="en">UDP port ntp is listening on</shortdesc>
<content type="string" default="$OCF_RESKEY_port_default" />
</parameter>

<parameter name="pidfile" unique="0" required="0">
<longdesc lang="en">
This parameter defines the process id file of the ntp service.
The default value is ${OCF_RESKEY_pidfile_default}.
</longdesc>
<shortdesc lang="en">Process id file</shortdesc>
<content type="string" default="$OCF_RESKEY_pidfile_default" />
</parameter>

<parameter name="lockfile" unique="0" required="0">
<longdesc lang="en">
This parameter defines the lock file of the ntp service.
The default value is ${OCF_RESKEY_lockfile_default}.
</longdesc>
<shortdesc lang="en">Lock file</shortdesc>
<content type="string" default="$OCF_RESKEY_lockfile_default" />
</parameter>

<parameter name="further_params" unique="0" required="0">
<longdesc lang="en">
This parameter defines additional parameters that are passed to the ntp service
during the startup.
</longdesc>
<shortdesc lang="en">Further parameters</shortdesc>
<content type="string" default="" />
</parameter>

<parameter name="nmap_binfile" unique="0" required="0">
<longdesc lang="en">
This parameter defines the executable file of nmap.
The default value is ${OCF_RESKEY_nmap_binfile_default}.
</longdesc>
<shortdesc lang="en">Nmap executable file</shortdesc>
<content type="string" default="$OCF_RESKEY_nmap_binfile_default" />
</parameter>
</parameters>

<actions>
<action name="start"        timeout="120" />
<action name="stop"         timeout="120" />
<action name="monitor"      timeout="30" interval="10" depth="0" />
<action name="reload"       timeout="20" />
<action name="meta-data"    timeout="5" />
<action name="validate-all"   timeout="20" />
</actions>
</resource-agent>
END
}

#######################################################################

ntp_usage() {
cat <<END
usage: $0 {start|stop|promote|demote|monitor|validate-all|meta-data}

$0 manages a ntp instance as a master/slave resource.

The 'start' operation starts the ntp service.
The 'stop' operation stops the ntp service.
The 'promote' operation promotes the node to the master role.
The 'demote' operation demotes the node to the slave role.
The 'monitor' operation reports if the ntp service seems to be working.
The 'validate-all' operation reports whether the parameters are valid.
The 'meta-data' operation shows the meta data message of this resource agent.
END
}

ntp_lock() {
	if [ -x /usr/bin/lockfile-create ]; then
		lockfile-create ${OCF_RESKEY_lockfile}
		lockfile-touch ${OCF_RESKEY_lockfile} &
		LOCKTOUCHPID="$!"
	fi
}

ntp_unlock() {
	if [ -x /usr/bin/lockfile-create ] ; then
		kill $LOCKTOUCHPID
		lockfile-remove ${OCF_RESKEY_lockfile}
	fi
}

ntp_start() {
	local rc
	
	# Start ntp as slave 
	ntp_start_slave
	rc=$?
	if [ $rc = $OCF_SUCCESS ]; then
		$CRM_MASTER -v 10
	fi

	return $rc
}

ntp_start_slave() {
	ntp_monitor
        if [ $? = $OCF_SUCCESS ]; then
                ocf_log info "NTP is already running as slave."
                return $OCF_SUCCESS
        fi
	
	ntp_running_undefined
        if [ $? = 0 ]; then
                ocf_log info "NTP is running in an undefined state. Stopping NTP."
                ntp_stop_service
        fi

	local rc
	local status
	local first_try=true

	rc=$OCF_ERR_GENERIC
	
	# Start ntp as slave 
	if [ -r /etc/default/ntp ]; then
		. /etc/default/ntp
	fi
	if [ -e /var/lib/ntp/ntp.conf.dhcp ]; then
		NTPD_OPTS="$NTPD_OPTS -c /var/lib/ntp/ntp.conf.dhcp"
	fi
	UGID=$(getent passwd ${OCF_RESKEY_user} | cut -f 3,4 -d:) || true
	if test "$(uname -s)" = "Linux"; then
		NTPD_OPTS="$NTPD_OPTS -u $UGID"
	fi
	if [ -z "$UGID" ]; then
		ocf_log error "User \"${OCF_RESKEY_user}\" does not exist"
		return OCF_ERR_GENERIC
	fi
	ntp_lock
	start-stop-daemon --start --quiet --oknodo --pidfile ${OCF_RESKEY_pidfile} --startas ${OCF_RESKEY_binfile} -- -p ${OCF_RESKEY_pidfile} \
	-c ${OCF_RESKEY_slave_config} ${NTPD_OPTS} ${OCF_RESKEY_further_params}
	ntp_unlock
	sleep 1

	# Keep trying to bring up ntp service;
	# wait for the CRM to time us out if this fails
	while :; do
		ntp_monitor
		status=$?
		case "$status" in
		$OCF_SUCCESS)
			if [ -r ${OCF_RESKEY_pidfile} ]; then
				ocf_log info "NTP successfully started as slave."
				return $OCF_SUCCESS
			fi
			;;
		$OCF_NOT_RUNNING)
			rc=$OCF_NOT_RUNNING
			;;
		$OCF_RUNNING_MASTER)
			ocf_log warn "NTP already started as primary, demoting."
			ntp_demote
		esac
		$first_try || sleep 1
		first_try=false
	done

	return $rc
}

ntp_start_master() {
	ntp_monitor
        if [ $? = $OCF_RUNNING_MASTER ]; then
                ocf_log info "NTP is already running as master."
                return $OCF_SUCCESS
        fi

	local rc
	local status
	local first_try=true

	rc=$OCF_ERR_GENERIC
	
	# Start ntp as master 
	if [ -r /etc/default/ntp ]; then
		. /etc/default/ntp
	fi
	if [ -e /var/lib/ntp/ntp.conf.dhcp ]; then
		NTPD_OPTS="$NTPD_OPTS -c /var/lib/ntp/ntp.conf.dhcp"
	fi
	UGID=$(getent passwd ${OCF_RESKEY_user} | cut -f 3,4 -d:) || true
	if test "$(uname -s)" = "Linux"; then
		NTPD_OPTS="$NTPD_OPTS -u $UGID"
	fi
	if [ -z "$UGID" ]; then
		ocf_log error "User \"${OCF_RESKEY_user}\" does not exist"
		return $OCF_ERR_GENERIC
	fi
	if [ ! -f ${OCF_RESKEY_master_config} ]; then
                ocf_log err "NTP master config file $OCF_RESKEY_master_config does not exist."
                return $OCF_ERR_CONFIGURED
        fi
	ntp_lock
	start-stop-daemon --start --quiet --oknodo --pidfile ${OCF_RESKEY_pidfile} --startas ${OCF_RESKEY_binfile} -- -p ${OCF_RESKEY_pidfile} \
	-c ${OCF_RESKEY_master_config} ${NTPD_OPTS} ${OCF_RESKEY_further_params}
	ntp_unlock
	
	# Keep trying to bring up ntp service;
	# wait for the CRM to time us out if this fails
	while :; do
		ntp_monitor
		status=$?
		case "$status" in
		$OCF_NOT_RUNNING)
			rc=$OCF_NOT_RUNNING
			;;
		$OCF_RUNNING_MASTER)
			if [ -r ${OCF_RESKEY_pidfile} ]; then
				ocf_log info "NTP successfully started as master."
				return $OCF_SUCCESS
			fi
		esac
		$first_try || sleep 1
		first_try=false
	done

	return $rc
}

ntp_demote() {
	local status
	local first_try=true
	local retVal
	
	ocf_log info "Trying to demote NTP..."
	
	# Try to demote NTP
	ntp_monitor
	status=$?
	ocf_log info "Demote NTP status: $status"
	case "$status" in
	$OCF_SUCCESS)
		ocf_log info "NTP successfully demoted."
		$CRM_MASTER -v 5
		return $OCF_SUCCESS
		;;
	$OCF_RUNNING_MASTER)
		ocf_log info "Demote: Stop NTP"
		ntp_stop_service
		retVal=$?
		if [ $retVal = $OCF_SUCCESS ]; then
			ntp_start_slave
			rc=$?
			if [ $rc = $OCF_SUCCESS ]; then
				ocf_log info "NTP successfully demoted."
		                $CRM_MASTER -v 5
			else
				ocf_log error "NTP demote action failed. Returncode of start action: $rc."
			fi
			return $rc
		else
			ocf_log error "Could not demote NTP because the stop action failed."
			return $OCF_ERR_GENERIC
		fi
	esac

	return $OCF_ERR_GENERIC
}

ntp_promote() {
	local retVal
	local status
	local first_try=true

	ocf_log info "Trying to promote NTP..."

	# Try to promote NTP
	ntp_monitor
	status=$?
	ocf_log info "Promote NTP status: $status"
	case "$status" in
	$OCF_SUCCESS)
		ntp_stop_service
		retVal=$?
		if [ $retVal = $OCF_SUCCESS ]; then
			# Start ntp as master
			ntp_start_master
			rc=$?
			if [ $rc = $OCF_SUCCESS ]; then
				$CRM_MASTER -v 100
				ocf_log info "NTP successfully promoted."
			else
				ocf_log error "NTP promote action failed. Returncode of start action: $rc."
			fi
			return $rc
		else
			ocf_log error "Could not promote NTP because the stop action failed."
			return $OCF_ERR_GENERIC
		fi
		;;
	$OCF_RUNNING_MASTER)
		ocf_log info "NTP successfully promoted."
		$CRM_MASTER -v 100
		return $OCF_SUCCESS
	esac

	return $rc
}

ntp_stop() {
	$CRM_MASTER -D
	# Stop service
	ntp_stop_service
	return $?
}

ntp_stop_service() {
	# Test if service is stopped already
        ntp_running_undefined
        rc=$?
        ntp_monitor
        if [ $? = $OCF_NOT_RUNNING  ]; then
                if [ $rc != 0 ]; then
                        ocf_log info "NTP service ist not running."
                        return $OCF_SUCCESS
                fi
        fi

	# Stop service
	start-stop-daemon --stop --quiet --oknodo --pidfile ${OCF_RESKEY_pidfile}
	rm -f ${OCF_RESKEY_pidfile}
	ocf_log info "NTP service stopped."
	return $OCF_SUCCESS
}

ntp_monitor() {
	ocf_log info "Mon"
	# Check if ntp is running
	# Check if process id file exists
	if [ ! -r ${OCF_RESKEY_pidfile} ]; then
		return $OCF_NOT_RUNNING
	fi
	# Check if process id in pidfile matches with output of ps
	pid=`cat ${OCF_RESKEY_pidfile}`
	if ps -p $pid > /dev/null 2>&1; then
		# Determine state with the output of ps
		PS_OUTPUT=`ps aux | grep $pid`
		# Check if ntp is running with master config
		if [ `expr match "$PS_OUTPUT" ".*$OCF_RESKEY_master_config.*"` != "0" ]; then
			# Check if ntp is listening on port
			NMAP_OUTPUT=`${OCF_RESKEY_nmap_binfile} -sU -p ${OCF_RESKEY_port} 127.0.0.1 | grep $OCF_RESKEY_port`
			if [ `expr match "$NMAP_OUTPUT" ".*open.*"` != "0" ]; then
				return $OCF_RUNNING_MASTER
			else
				ocf_log err "NTP seems to be running, but doesn't listen on UDP port ${OCF_RESKEY_port}."
				return $OCF_ERR_GENERIC
			fi
		elif [ `expr match "$PS_OUTPUT" ".*$OCF_RESKEY_slave_config.*"` != "0" ]; then
			ocf_log info "NTP $PS_OUTPUT"
			# ntp is running as slave
			return $OCF_SUCCESS
		fi
	else
		ocf_log err "NTP service is not running but the process id file exists."
		return $OCF_ERR_GENERIC
	fi
	ocf_log info "NTP $PS_OUTPUT"
	return $OCF_NOT_RUNNING
}

ntp_running_undefined() {
        # Check if NTP is running
        # Check if process id file exists
        if [ ! -r ${OCF_RESKEY_pidfile} ]; then
                return 1
        fi
        if read pid < ${OCF_RESKEY_pidfile} && ps -p $pid > /dev/null 2>&1; then
                # Determine state with the output of ps
                PS_OUTPUT=`ps aux | grep $pid`
                # Check if NTP is running with master config
                if [ `expr match "$PS_OUTPUT" ".*$OCF_RESKEY_master_config.*"` != "0" ]; then
                        # NTP is running as master
                        return 1
                elif [ `expr match "$PS_OUTPUT" ".*$OCF_RESKEY_slave_config.*"` != "0" ]; then
                        # NTP is running as slave
                        return 1
                else
                        # NTP is running in an undefined state
                        return 0
                fi
        else
                return 0
        fi

}

ntp_validate() {
	# Test if ntp executable file exists and is executable
	if [ ! -x ${OCF_RESKEY_binfile} ]; then
		ocf_log err "NTP binary $OCF_RESKEY_binfile does not exist or is not executable."
		return $OCF_ERR_INSTALLED
	fi
	
	# Test if configs exist
	if [ ! -f ${OCF_RESKEY_slave_config} ]; then
		ocf_log err "NTP slave config file $OCF_RESKEY_slave_config does not exist."
		return $OCF_ERR_CONFIGURED
	fi
	
	# Test if directory for pid file exists
	PID_DIR=`dirname ${OCF_RESKEY_pidfile}`
	if [ ! -d ${PID_DIR} ]; then
		ocf_log err "The directory to store the pid file does not exist."
		return $OCF_ERR_CONFIGURED
	fi
	
	# Test if portnumber is valid
	if ! ocf_is_decimal "$OCF_RESKEY_port" || [ $OCF_RESKEY_port -le 0 ]; then
		ocf_log err "Portnumber is invalid."
		return $OCF_ERR_CONFIGURED
	fi
	
	# Test if nmap executable file exists and is executable
	if [ ! -x ${OCF_RESKEY_nmap_binfile} ]; then
		ocf_log err "nmap binary $OCF_RESKEY_nmap_binfile does not exist or is not executable."
		return $OCF_ERR_INSTALLED
	fi
	
	return $OCF_SUCCESS
}

#----------------------------------------------------------------------
# Main script
#----------------------------------------------------------------------
case $__OCF_ACTION in
meta-data)
	meta_data
	exit $OCF_SUCCESS
	;;
usage|help)
	ntp_usage 
	exit $OCF_SUCCESS
esac

#ntp_validate
case $__OCF_ACTION in
start)
	ntp_start
	;;
promote)
	ntp_promote
	;;
demote)
	ntp_demote
	;;
stop)
	ntp_stop
	;;
monitor)
	ntp_monitor
	;;
validate-all)
	ntp_validate
	;;
*)
	ntp_usage 
	exit $OCF_ERR_UNIMPLEMENTED;;
esac
rc=$?
ocf_log debug "${OCF_RESOURCE_INSTANCE} $__OCF_ACTION : $rc"
exit $rc