Add pcmk_host_list stonith-fence_compute-fence-nova

With this change we explicitely tell the stonith-fence_compute-fence-nova
resource which pacemaker nodes it is allowed to fence.

This is a good idea in general as it makes things more explicit and
we do not rely on other pcmk mechanisms (stonith querying the list
of nodes returned by the fence agent) to determine which nodes it
is allowed to fence.

Tested with this change and the stonith resource is correctly set:
[root@controller-0 ~]# pcs stonith config stonith-fence_compute-fence-nova
 Resource: stonith-fence_compute-fence-nova (class=stonith type=fence_compute)
  Attributes: auth_url=https://overcloud.redhat.local:13000 domain=redhat.local login=admin passwd=foo pcmk_host_list=compute-0,compute-1 project_domain=Default record_only=1 region_name=regionOne tenant_name=admin user_domain=Default
  Meta Attrs: provides=unfencing
  Operations: monitor interval=60s (stonith-fence_compute-fence-nova-monitor-interval-60s)
....

Change-Id: Ia9c328a51d7f5dab933b096dd7a0792f2df2210e
(cherry picked from commit 781d197a34)
(cherry picked from commit ebd5679d11)
This commit is contained in:
Michele Baldessari 2019-05-31 18:34:54 +02:00
parent 3bcfb9deef
commit 68a4838056

View File

@ -107,6 +107,9 @@ class tripleo::profile::base::pacemaker::instance_ha (
}
# We need the guarantee that keystone is configured before creating the next resources
if $step >= 4 {
# This passes the explicit host list of compute nodes that the fence_compute stonith device
# is in charge of
$compute_list = downcase(join(any2array(hiera('compute_instanceha_short_node_names', '')), ','))
pacemaker::stonith::fence_compute { 'fence-nova':
auth_url => $keystone_endpoint_url,
login => $keystone_admin,
@ -118,7 +121,7 @@ class tripleo::profile::base::pacemaker::instance_ha (
region_name => $region_name,
record_only => 1,
meta_attr => 'provides=unfencing',
pcmk_host_list => '',
pcmk_host_list => $compute_list,
tries => $pcs_tries,
deep_compare => $deep_compare_fencing,
}