Merge "Fix up upgrade coordination around authkey"
This commit is contained in:
commit
2d9751314c
|
@ -92,6 +92,10 @@
|
||||||
# node via pcs if we detect a new node compared to the existing cluster)
|
# node via pcs if we detect a new node compared to the existing cluster)
|
||||||
# Defaults to true
|
# Defaults to true
|
||||||
#
|
#
|
||||||
|
# [*force_authkey*]
|
||||||
|
# (optional) Forces the use of the autkey parameter even when we're using pcs 0.10
|
||||||
|
# Default to false
|
||||||
|
#
|
||||||
# === Dependencies
|
# === Dependencies
|
||||||
#
|
#
|
||||||
# None
|
# None
|
||||||
|
@ -128,6 +132,7 @@ class pacemaker::corosync(
|
||||||
$cluster_start_try_sleep = '20',
|
$cluster_start_try_sleep = '20',
|
||||||
$manage_fw = true,
|
$manage_fw = true,
|
||||||
$remote_authkey = undef,
|
$remote_authkey = undef,
|
||||||
|
$force_authkey = undef,
|
||||||
$settle_timeout = '3600',
|
$settle_timeout = '3600',
|
||||||
$settle_tries = '360',
|
$settle_tries = '360',
|
||||||
$settle_try_sleep = '10',
|
$settle_try_sleep = '10',
|
||||||
|
@ -371,7 +376,8 @@ class pacemaker::corosync(
|
||||||
}
|
}
|
||||||
|
|
||||||
# pcs 0.10/pcmk 2.0 take care of the authkey internally by themselves
|
# pcs 0.10/pcmk 2.0 take care of the authkey internally by themselves
|
||||||
if $remote_authkey and !$::pacemaker::pcs_010 {
|
# unless force_authkey is true in which case we forcefully use remote_authkey
|
||||||
|
if $remote_authkey and (!$::pacemaker::pcs_010 or $force_authkey) {
|
||||||
file { 'etc-pacemaker':
|
file { 'etc-pacemaker':
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
path => '/etc/pacemaker',
|
path => '/etc/pacemaker',
|
||||||
|
@ -386,7 +392,16 @@ class pacemaker::corosync(
|
||||||
mode => '0640',
|
mode => '0640',
|
||||||
content => $remote_authkey,
|
content => $remote_authkey,
|
||||||
}
|
}
|
||||||
File['etc-pacemaker-authkey'] -> Service['pcsd']
|
# On the bootstrap node we want to make sure that authkey is imposed
|
||||||
|
# after we create the cluster (because cluster create destroys it and regenerates a new one
|
||||||
|
# but before we start. On non bootstrap nodes we just let it before pcsd
|
||||||
|
if $setup_cluster {
|
||||||
|
Exec<| title == "Create Cluster ${cluster_name}" |> -> File<| title == 'etc-pacemaker-authkey' |>
|
||||||
|
File<| title == 'etc-pacemaker-authkey' |> -> Exec<| title == "Start Cluster ${cluster_name}" |>
|
||||||
|
} else {
|
||||||
|
File['etc-pacemaker-authkey'] -> Service['pcsd']
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
exec {'wait-for-settle':
|
exec {'wait-for-settle':
|
||||||
|
|
|
@ -44,6 +44,10 @@
|
||||||
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
|
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
|
||||||
# Defaults to undef
|
# Defaults to undef
|
||||||
#
|
#
|
||||||
|
# [*force_authkey*]
|
||||||
|
# (optional) Forces the use of the autkey parameter even when we're using pcs 0.10
|
||||||
|
# Default to false
|
||||||
|
#
|
||||||
class pacemaker::remote (
|
class pacemaker::remote (
|
||||||
$remote_authkey,
|
$remote_authkey,
|
||||||
$use_pcsd = false,
|
$use_pcsd = false,
|
||||||
|
@ -52,6 +56,7 @@ class pacemaker::remote (
|
||||||
$manage_fw = true,
|
$manage_fw = true,
|
||||||
$pcsd_debug = false,
|
$pcsd_debug = false,
|
||||||
$pcsd_bind_addr = undef,
|
$pcsd_bind_addr = undef,
|
||||||
|
$force_authkey = undef,
|
||||||
$tls_priorities = undef,
|
$tls_priorities = undef,
|
||||||
) {
|
) {
|
||||||
include ::pacemaker::params
|
include ::pacemaker::params
|
||||||
|
@ -133,9 +138,19 @@ class pacemaker::remote (
|
||||||
enable => true,
|
enable => true,
|
||||||
require => Class['::pacemaker::install'],
|
require => Class['::pacemaker::install'],
|
||||||
}
|
}
|
||||||
} else {
|
Service<| title == 'pcsd' |> -> Pcmk_constraint<||>
|
||||||
# This gets managed by pcsd directly when pcs is < 0.10
|
Service<| title == 'pcsd' |> -> Pcmk_resource<||>
|
||||||
|
Service<| title == 'pcsd' |> -> Pcmk_property<||>
|
||||||
|
Service<| title == 'pcsd' |> -> Pcmk_bundle<||>
|
||||||
|
Service<| title == 'pcsd' |> -> Pcmk_remote<||>
|
||||||
|
}
|
||||||
|
# We manage our own authkey in two cases
|
||||||
|
# 1) normally when use pcsd is set to false, aka we are using the old method pre 0.10
|
||||||
|
# to manage remotes
|
||||||
|
# 2) When we explicitly passe force_authkey
|
||||||
|
if !$use_pcsd or $force_authkey {
|
||||||
Package<| title == 'pacemaker-remote' |> -> File <| title == 'etc-pacemaker' |>
|
Package<| title == 'pacemaker-remote' |> -> File <| title == 'etc-pacemaker' |>
|
||||||
|
File <| title == 'etc-pacemaker-authkey' |> -> Service<| title == 'pacemaker_remote' |>
|
||||||
file { 'etc-pacemaker':
|
file { 'etc-pacemaker':
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
path => '/etc/pacemaker',
|
path => '/etc/pacemaker',
|
||||||
|
@ -154,5 +169,10 @@ class pacemaker::remote (
|
||||||
ensure => running,
|
ensure => running,
|
||||||
enable => true,
|
enable => true,
|
||||||
}
|
}
|
||||||
|
Service<| title == 'pacemaker_remote' |> -> Pcmk_constraint<||>
|
||||||
|
Service<| title == 'pacemaker_remote' |> -> Pcmk_resource<||>
|
||||||
|
Service<| title == 'pacemaker_remote' |> -> Pcmk_property<||>
|
||||||
|
Service<| title == 'pacemaker_remote' |> -> Pcmk_bundle<||>
|
||||||
|
Service<| title == 'pacemaker_remote' |> -> Pcmk_remote<||>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -111,13 +111,16 @@ define pacemaker::resource::remote(
|
||||||
$try_sleep = 0,
|
$try_sleep = 0,
|
||||||
$verify_on_create = false,
|
$verify_on_create = false,
|
||||||
$force = false,
|
$force = false,
|
||||||
|
$force_oldstyle = false,
|
||||||
$pcs_user = 'hacluster',
|
$pcs_user = 'hacluster',
|
||||||
$pcs_password = undef,
|
$pcs_password = undef,
|
||||||
$location_rule = undef,
|
$location_rule = undef,
|
||||||
$deep_compare = hiera('pacemaker::resource::remote::deep_compare', false),
|
$deep_compare = hiera('pacemaker::resource::remote::deep_compare', false),
|
||||||
$update_settle_secs = hiera('pacemaker::resource::remote::update_settle_secs', 600),
|
$update_settle_secs = hiera('pacemaker::resource::remote::update_settle_secs', 600),
|
||||||
) {
|
) {
|
||||||
if $::pacemaker::params::pcs_010 {
|
# If we use pcs 0.10 we use the new pcs node remote-add way of adding
|
||||||
|
# remotes *except* if force_oldstyle is set to true
|
||||||
|
if $::pacemaker::params::pcs_010 and !$force_oldstyle {
|
||||||
pcmk_remote { $name:
|
pcmk_remote { $name:
|
||||||
ensure => $ensure,
|
ensure => $ensure,
|
||||||
remote_address => $remote_address,
|
remote_address => $remote_address,
|
||||||
|
|
Loading…
Reference in New Issue