openstack
/
puppet-pacemaker
Code Issues Proposed changes

Merge "Fix up upgrade coordination around authkey"

This commit is contained in:
Zuul 2020-07-30 14:18:19 +00:00 committed by Gerrit Code Review
parent 115c346dc1 034102e9b9
commit 2d9751314c
3 changed files with 43 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
manifests/corosync.pp
View File

@ -92,6 +92,10 @@
# node via pcs if we detect a new node compared to the existing cluster) # node via pcs if we detect a new node compared to the existing cluster)
# Defaults to true # Defaults to true
# #
# [*force_authkey*]
# (optional) Forces the use of the autkey parameter even when we're using pcs 0.10
# Default to false
#
# === Dependencies # === Dependencies
# #
# None # None
@ -128,6 +132,7 @@ class pacemaker::corosync(
$cluster_start_try_sleep = '20', $cluster_start_try_sleep = '20',
$manage_fw = true, $manage_fw = true,
$remote_authkey = undef, $remote_authkey = undef,
$force_authkey = undef,
$settle_timeout = '3600', $settle_timeout = '3600',
$settle_tries = '360', $settle_tries = '360',
$settle_try_sleep = '10', $settle_try_sleep = '10',
@ -371,7 +376,8 @@ class pacemaker::corosync(
} }
# pcs 0.10/pcmk 2.0 take care of the authkey internally by themselves # pcs 0.10/pcmk 2.0 take care of the authkey internally by themselves
if $remote_authkey and !$::pacemaker::pcs_010 { # unless force_authkey is true in which case we forcefully use remote_authkey
if $remote_authkey and (!$::pacemaker::pcs_010 or $force_authkey) {
file { 'etc-pacemaker': file { 'etc-pacemaker':
ensure => directory, ensure => directory,
path => '/etc/pacemaker', path => '/etc/pacemaker',
@ -386,7 +392,16 @@ class pacemaker::corosync(
mode => '0640', mode => '0640',
content => $remote_authkey, content => $remote_authkey,
} }
File['etc-pacemaker-authkey'] -> Service['pcsd'] # On the bootstrap node we want to make sure that authkey is imposed
# after we create the cluster (because cluster create destroys it and regenerates a new one
# but before we start. On non bootstrap nodes we just let it before pcsd
if $setup_cluster {
Exec<| title == "Create Cluster ${cluster_name}" |> -> File<| title == 'etc-pacemaker-authkey' |>
File<| title == 'etc-pacemaker-authkey' |> -> Exec<| title == "Start Cluster ${cluster_name}" |>
} else {
File['etc-pacemaker-authkey'] -> Service['pcsd']
}
} }
exec {'wait-for-settle': exec {'wait-for-settle':

24
manifests/remote.pp
View File

@ -44,6 +44,10 @@
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set # (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to undef # Defaults to undef
# #
# [*force_authkey*]
# (optional) Forces the use of the autkey parameter even when we're using pcs 0.10
# Default to false
#
class pacemaker::remote ( class pacemaker::remote (
$remote_authkey, $remote_authkey,
$use_pcsd = false, $use_pcsd = false,
@ -52,6 +56,7 @@ class pacemaker::remote (
$manage_fw = true, $manage_fw = true,
$pcsd_debug = false, $pcsd_debug = false,
$pcsd_bind_addr = undef, $pcsd_bind_addr = undef,
$force_authkey = undef,
$tls_priorities = undef, $tls_priorities = undef,
) { ) {
include ::pacemaker::params include ::pacemaker::params
@ -133,9 +138,19 @@ class pacemaker::remote (
enable => true, enable => true,
require => Class['::pacemaker::install'], require => Class['::pacemaker::install'],
} }
} else { Service<| title == 'pcsd' |> -> Pcmk_constraint<||>
# This gets managed by pcsd directly when pcs is < 0.10 Service<| title == 'pcsd' |> -> Pcmk_resource<||>
Service<| title == 'pcsd' |> -> Pcmk_property<||>
Service<| title == 'pcsd' |> -> Pcmk_bundle<||>
Service<| title == 'pcsd' |> -> Pcmk_remote<||>
}
# We manage our own authkey in two cases
# 1) normally when use pcsd is set to false, aka we are using the old method pre 0.10
# to manage remotes
# 2) When we explicitly passe force_authkey
if !$use_pcsd or $force_authkey {
Package<| title == 'pacemaker-remote' |> -> File <| title == 'etc-pacemaker' |> Package<| title == 'pacemaker-remote' |> -> File <| title == 'etc-pacemaker' |>
File <| title == 'etc-pacemaker-authkey' |> -> Service<| title == 'pacemaker_remote' |>
file { 'etc-pacemaker': file { 'etc-pacemaker':
ensure => directory, ensure => directory,
path => '/etc/pacemaker', path => '/etc/pacemaker',
@ -154,5 +169,10 @@ class pacemaker::remote (
ensure => running, ensure => running,
enable => true, enable => true,
} }
Service<| title == 'pacemaker_remote' |> -> Pcmk_constraint<||>
Service<| title == 'pacemaker_remote' |> -> Pcmk_resource<||>
Service<| title == 'pacemaker_remote' |> -> Pcmk_property<||>
Service<| title == 'pacemaker_remote' |> -> Pcmk_bundle<||>
Service<| title == 'pacemaker_remote' |> -> Pcmk_remote<||>
} }
} }

5
manifests/resource/remote.pp
View File

@ -111,13 +111,16 @@ define pacemaker::resource::remote(
$try_sleep = 0, $try_sleep = 0,
$verify_on_create = false, $verify_on_create = false,
$force = false, $force = false,
$force_oldstyle = false,
$pcs_user = 'hacluster', $pcs_user = 'hacluster',
$pcs_password = undef, $pcs_password = undef,
$location_rule = undef, $location_rule = undef,
$deep_compare = hiera('pacemaker::resource::remote::deep_compare', false), $deep_compare = hiera('pacemaker::resource::remote::deep_compare', false),
$update_settle_secs = hiera('pacemaker::resource::remote::update_settle_secs', 600), $update_settle_secs = hiera('pacemaker::resource::remote::update_settle_secs', 600),
) { ) {
if $::pacemaker::params::pcs_010 { # If we use pcs 0.10 we use the new pcs node remote-add way of adding
# remotes *except* if force_oldstyle is set to true
if $::pacemaker::params::pcs_010 and !$force_oldstyle {
pcmk_remote { $name: pcmk_remote { $name:
ensure => $ensure, ensure => $ensure,
remote_address => $remote_address, remote_address => $remote_address,