pcs 0.10: authenticate nodes before adding them to the cluster

With pcs 0.10 and RHEL/CentOS 8, every node that needs to be added into a running cluster muste be authenticated first in pcsd. So when replacing a cluster node or automatically scaling up the cluster, make sure that we run a "pcs host auth" command prior to any "pcs cluster node add". Change-Id: I88c1188b2202e0cf70b82db629c3dd748ad01bf3 Closes-Bug: #1839209
2019-08-06 22:02:52 +02:00 · 2019-08-06 22:02:52 +02:00 · 8b30131ef7
parent 519c28b163
commit 8b30131ef7
1 changed files with 10 additions and 0 deletions
--- a/manifests/corosync.pp
+++ b/manifests/corosync.pp
@ -249,6 +249,16 @@ class pacemaker::corosync(
    if count($nodes_added) > 0 {
      $nodes_added.each |$node_to_add| {
        $node_name = split($node_to_add, ' ')[0]
+        if $::pacemaker::pcs_010 {
+          exec {"Authenticating new cluster node: ${node_to_add}":
+            command   => "${::pacemaker::pcs_bin} host auth ${node_name} -u hacluster -p ${::pacemaker::hacluster_pwd}",
+            timeout   => $cluster_start_timeout,
+            tries     => $cluster_start_tries,
+            try_sleep => $cluster_start_try_sleep,
+            require   => [Service['pcsd'], User['hacluster']],
+            tag       => 'pacemaker-auth',
+          }
+        }
        exec {"Adding Cluster node: ${node_to_add} to Cluster ${cluster_name}":
          unless    => "${::pacemaker::pcs_bin} status 2>&1 | grep -e \"^Online:.* ${node_name} .*\"",
          command   => "${::pacemaker::pcs_bin} cluster node add ${node_to_add} ${node_add_start_part} --wait",