[wolsen,r=james-page] Explicitly configure IPC access for corosync/pacemaker

2015-09-04 13:17:00 +01:00 · 2015-09-04 13:17:00 +01:00 · ea2829647c
commit ea2829647c
parent a092a356ba 0c6e668598
2 changed files with 10 additions and 1 deletions
--- a/hooks/utils.py
+++ b/hooks/utils.py
@ -64,10 +64,12 @@ TEMPLATES_DIR = 'templates'
 COROSYNC_CONF = '/etc/corosync/corosync.conf'
 COROSYNC_DEFAULT = '/etc/default/corosync'
 COROSYNC_AUTHKEY = '/etc/corosync/authkey'
+COROSYNC_HACLUSTER_ACL = '/etc/corosync/uidgid.d/hacluster'
 COROSYNC_CONF_FILES = [
    COROSYNC_DEFAULT,
    COROSYNC_AUTHKEY,
-    COROSYNC_CONF
+    COROSYNC_CONF,
+    COROSYNC_HACLUSTER_ACL,
 ]
 SUPPORTED_TRANSPORTS = ['udp', 'udpu', 'multicast', 'unicast']

@ -250,6 +252,9 @@ def emit_base_conf():
               content=render_template('corosync',
                                       corosync_default_context))

+    write_file(path=COROSYNC_HACLUSTER_ACL,
+               content=render_template('hacluster.acl', {}))
+
    corosync_key = config('corosync_key')
    if corosync_key:
        write_file(path=COROSYNC_AUTHKEY,
--- a/templates/hacluster.acl
+++ b/templates/hacluster.acl
@ -0,0 +1,4 @@
+uidgid {
+ uid: hacluster
+ gid: haclient
+}