Use pcs 0.9 style authkey/remotes when doing an upgrade

We leverage the _override keys for pacemaker and pacemaker_remote services in order to decide if we should use the old way of managing remotes (managed authkey and pcs 0.9 way of doing remotes). The pacemaker_remote override keys are introduced via https://review.opendev.org/741610 Related-Bug: #1888398 Change-Id: Iad23663d6c98e4fd3a507980638870e0ad0cee45 (cherry picked from commit 5cb4565c016d4de48958f7cb9cffce5b685290eb) (cherry picked from commit 16bb6f5d7f24e4686c78e54bb5072efc2603086a)
2020-07-15 14:59:48 +02:00 · 2020-07-15 14:59:48 +02:00 · 7d21ae36fa
commit 7d21ae36fa
parent d833f86083
2 changed files with 20 additions and 0 deletions
--- a/manifests/profile/base/pacemaker.pp
+++ b/manifests/profile/base/pacemaker.pp
@ -121,6 +121,14 @@ class tripleo::profile::base::pacemaker (
  if $pcs_password == undef {
    fail('The $pcs_password param is undefined, did you forget to include ::tripleo::profile::base::pacemaker in your role?')
  }
+  # During FFU when override keys are set we need to use the old authkey style
+  # This should be kept until FFU from CentOS 7->8 is being supported
+  if count(hiera('pacemaker_node_ips_override', [])) > 0 {
+    $force_old_style_remotes_real = true
+  } else {
+    $force_old_style_remotes_real = false
+  }
+

  Pcmk_resource <| |> {
    tries     => 10,
@ -188,6 +196,7 @@ class tripleo::profile::base::pacemaker (
      setup_cluster        => $pacemaker_master,
      cluster_setup_extras => $cluster_setup_extras,
      remote_authkey       => $remote_authkey,
+      force_authkey        => $force_old_style_remotes_real,
      cluster_members_addr => $pacemaker_node_ips_real,
      pcsd_bind_addr       => $pcsd_bind_addr,
      tls_priorities       => $tls_priorities,
@ -245,6 +254,9 @@ class tripleo::profile::base::pacemaker (
          try_sleep          => $remote_try_sleep,
          pcs_user           => $pcs_user,
          pcs_password       => $pcs_password,
+          # When we force the use of old style remotes we must also use --force
+          force              => $force_old_style_remotes_real,
+          force_oldstyle     => $force_old_style_remotes_real,
          before             => Exec["exec-wait-for-${remote_short_node}"],
          notify             => Exec["exec-wait-for-${remote_short_node}"],
        }
--- a/manifests/profile/base/pacemaker_remote.pp
+++ b/manifests/profile/base/pacemaker_remote.pp
@ -69,12 +69,20 @@ class tripleo::profile::base::pacemaker_remote (

  include ::pacemaker::params

+  # During FFU when override keys are set we need to use the old authkey style
+  # This should be kept until FFU from CentOS 7->8 is being supported
+  if count(hiera('pacemaker_remote_node_ips_override', [])) > 0 {
+    $force_authkey = true
+  } else {
+    $force_authkey = false
+  }
  class { '::pacemaker::remote':
    pcs_user       => $pcs_user,
    pcs_password   => $pcs_password,
    remote_authkey => $remote_authkey,
    use_pcsd       => $pacemaker::params::pcs_010,
    pcsd_bind_addr => $pcsd_bind_addr,
+    force_authkey  => $force_authkey,
    tls_priorities => $tls_priorities,
  }
  if str2bool(hiera('docker_enabled', false)) {