openstack
/
puppet-tripleo
Code Issues Proposed changes

Initial support for tls_priorities 

We add initial support for being able to specify tls priorities in
pacemaker. For bundles this will happen via an env variable because
pacemaker_remote is started normally as a process and there is no
sourcing of /etc/sysconfig/pacemaker.

Tested on both queens and stein. Via a deploy and a redeploy against
existing cloud. Observed that:
A) We got PCMK_tls_priorities inside /etc/sysconfig/pacemaker with the
value that was passed in THT
B) Containers had the following env variable set:
  "PCMK_tls_priorities=normal",

The '-e' addition is a noop in case the PCMK_tls_priorities is unset
so that we do not change the signature of the resources and hence do
not needlessly restart the HA resource.

Depends-On: I1971810f6a90f244ed5ced972a5fe7fde29dde86
Change-Id: I703b5a429f48063474aace85bc45d948f5c91435
(cherry picked from commit f1a593b642)
This commit is contained in:
Michele Baldessari 2019-07-10 22:25:07 +02:00
parent ed6c6b003c
commit dbae850692
10 changed files with 97 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
manifests/profile/base/pacemaker.pp
View File

@ -81,6 +81,11 @@
# (Optional) Boolean driving the Instance HA controlplane configuration # (Optional) Boolean driving the Instance HA controlplane configuration
# Defaults to false # Defaults to false
# #
# [*tls_priorities*]
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
#
class tripleo::profile::base::pacemaker ( class tripleo::profile::base::pacemaker (
$step = Integer(hiera('step')), $step = Integer(hiera('step')),
$pcs_tries = hiera('pcs_tries', 20), $pcs_tries = hiera('pcs_tries', 20),
@ -96,6 +101,7 @@ class tripleo::profile::base::pacemaker (
$cluster_recheck_interval = hiera('pacemaker_cluster_recheck_interval', undef), $cluster_recheck_interval = hiera('pacemaker_cluster_recheck_interval', undef),
$encryption = true, $encryption = true,
$enable_instanceha = hiera('tripleo::instanceha', false), $enable_instanceha = hiera('tripleo::instanceha', false),
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
) { ) {
if count($remote_short_node_names) != count($remote_node_ips) { if count($remote_short_node_names) != count($remote_node_ips) {
@ -161,6 +167,7 @@ class tripleo::profile::base::pacemaker (
cluster_setup_extras => $cluster_setup_extras, cluster_setup_extras => $cluster_setup_extras,
remote_authkey => $remote_authkey, remote_authkey => $remote_authkey,
cluster_members_addr => $pacemaker_node_ips_real, cluster_members_addr => $pacemaker_node_ips_real,
tls_priorities => $tls_priorities,
} }
if str2bool(hiera('docker_enabled', false)) { if str2bool(hiera('docker_enabled', false)) {
include ::systemd::systemctl::daemon_reload include ::systemd::systemctl::daemon_reload

6
manifests/profile/base/pacemaker_remote.pp
View File

@ -40,6 +40,10 @@
# (Optional) Whether or not to manage stonith devices for nodes # (Optional) Whether or not to manage stonith devices for nodes
# Defaults to hiera('enable_fencing', false) # Defaults to hiera('enable_fencing', false)
# #
# [*tls_priorities*]
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
#
# [*step*] # [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates # (Optional) The current step in deployment. See tripleo-heat-templates
# for more details. # for more details.
@ -51,6 +55,7 @@ class tripleo::profile::base::pacemaker_remote (
$pcs_user = 'hacluster', $pcs_user = 'hacluster',
$pcs_password = hiera('hacluster_pwd', undef), $pcs_password = hiera('hacluster_pwd', undef),
$enable_fencing = hiera('enable_fencing', false), $enable_fencing = hiera('enable_fencing', false),
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$step = Integer(hiera('step')), $step = Integer(hiera('step')),
) { ) {
if $pcs_password == undef { if $pcs_password == undef {
@ -61,6 +66,7 @@ class tripleo::profile::base::pacemaker_remote (
pcs_password => $pcs_password, pcs_password => $pcs_password,
remote_authkey => $remote_authkey, remote_authkey => $remote_authkey,
use_pcsd => true, use_pcsd => true,
tls_priorities => $tls_priorities,
} }
if str2bool(hiera('docker_enabled', false)) { if str2bool(hiera('docker_enabled', false)) {
include ::systemd::systemctl::daemon_reload include ::systemd::systemctl::daemon_reload

11
manifests/profile/pacemaker/cinder/backup_bundle.pp
View File

@ -47,6 +47,9 @@
# (optional) Container backend to use when creating the bundle # (optional) Container backend to use when creating the bundle
# Defaults to 'docker' # Defaults to 'docker'
# #
# [*tls_priorities*]
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
# #
class tripleo::profile::pacemaker::cinder::backup_bundle ( class tripleo::profile::pacemaker::cinder::backup_bundle (
$bootstrap_node = hiera('cinder_backup_short_bootstrap_node_name'), $bootstrap_node = hiera('cinder_backup_short_bootstrap_node_name'),
@ -54,6 +57,7 @@ class tripleo::profile::pacemaker::cinder::backup_bundle (
$docker_volumes = [], $docker_volumes = [],
$docker_environment = ['KOLLA_CONFIG_STRATEGY=COPY_ALWAYS'], $docker_environment = ['KOLLA_CONFIG_STRATEGY=COPY_ALWAYS'],
$container_backend = 'docker', $container_backend = 'docker',
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$pcs_tries = hiera('pcs_tries', 20), $pcs_tries = hiera('pcs_tries', 20),
$step = Integer(hiera('step')), $step = Integer(hiera('step')),
) { ) {
@ -180,6 +184,11 @@ class tripleo::profile::pacemaker::cinder::backup_bundle (
$docker_env_arr = delete(any2array($docker_environment), '').flatten() $docker_env_arr = delete(any2array($docker_environment), '').flatten()
$docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ') $docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ')
if $tls_priorities != undef {
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
} else {
$tls_priorities_real = ''
}
pacemaker::resource::bundle { $::cinder::params::backup_service : pacemaker::resource::bundle { $::cinder::params::backup_service :
image => $cinder_backup_docker_image, image => $cinder_backup_docker_image,
@ -190,7 +199,7 @@ class tripleo::profile::pacemaker::cinder::backup_bundle (
expression => ['cinder-backup-role eq true'], expression => ['cinder-backup-role eq true'],
}, },
container_options => 'network=host', container_options => 'network=host',
options => "--ipc=host --privileged=true --user=root --log-driver=journald ${docker_env}", options => "--ipc=host --privileged=true --user=root --log-driver=journald ${docker_env}${tls_priorities_real}",
run_command => '/bin/bash /usr/local/bin/kolla_start', run_command => '/bin/bash /usr/local/bin/kolla_start',
storage_maps => $storage_maps, storage_maps => $storage_maps,
container_backend => $container_backend, container_backend => $container_backend,

11
manifests/profile/pacemaker/cinder/volume_bundle.pp
View File

@ -47,6 +47,9 @@
# (optional) Container backend to use when creating the bundle # (optional) Container backend to use when creating the bundle
# Defaults to 'docker' # Defaults to 'docker'
# #
# [*tls_priorities*]
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
# #
class tripleo::profile::pacemaker::cinder::volume_bundle ( class tripleo::profile::pacemaker::cinder::volume_bundle (
$bootstrap_node = hiera('cinder_volume_short_bootstrap_node_name'), $bootstrap_node = hiera('cinder_volume_short_bootstrap_node_name'),
@ -56,6 +59,7 @@ class tripleo::profile::pacemaker::cinder::volume_bundle (
$pcs_tries = hiera('pcs_tries', 20), $pcs_tries = hiera('pcs_tries', 20),
$step = Integer(hiera('step')), $step = Integer(hiera('step')),
$container_backend = 'docker', $container_backend = 'docker',
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
) { ) {
if $::hostname == downcase($bootstrap_node) { if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true $pacemaker_master = true
@ -181,6 +185,11 @@ class tripleo::profile::pacemaker::cinder::volume_bundle (
$docker_env_arr = delete(any2array($docker_environment), '').flatten() $docker_env_arr = delete(any2array($docker_environment), '').flatten()
$docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ') $docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ')
if $tls_priorities != undef {
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
} else {
$tls_priorities_real = ''
}
pacemaker::resource::bundle { $::cinder::params::volume_service: pacemaker::resource::bundle { $::cinder::params::volume_service:
image => $cinder_volume_docker_image, image => $cinder_volume_docker_image,
@ -191,7 +200,7 @@ class tripleo::profile::pacemaker::cinder::volume_bundle (
expression => ['cinder-volume-role eq true'], expression => ['cinder-volume-role eq true'],
}, },
container_options => 'network=host', container_options => 'network=host',
options => "--ipc=host --privileged=true --user=root --log-driver=journald ${docker_env}", options => "--ipc=host --privileged=true --user=root --log-driver=journald ${docker_env}${tls_priorities_real}",
run_command => '/bin/bash /usr/local/bin/kolla_start', run_command => '/bin/bash /usr/local/bin/kolla_start',
storage_maps => $storage_maps, storage_maps => $storage_maps,
container_backend => $container_backend, container_backend => $container_backend,

11
manifests/profile/pacemaker/database/mysql_bundle.pp
View File

@ -118,6 +118,9 @@
# (optional) Container backend to use when creating the bundle # (optional) Container backend to use when creating the bundle
# Defaults to 'docker' # Defaults to 'docker'
# #
# [*tls_priorities*]
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
# #
class tripleo::profile::pacemaker::database::mysql_bundle ( class tripleo::profile::pacemaker::database::mysql_bundle (
$mysql_docker_image = hiera('tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image', undef), $mysql_docker_image = hiera('tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image', undef),
@ -138,6 +141,7 @@ class tripleo::profile::pacemaker::database::mysql_bundle (
$ipv6 = str2bool(hiera('mysql_ipv6', false)), $ipv6 = str2bool(hiera('mysql_ipv6', false)),
$mysql_server_options = hiera('tripleo::profile::base::database::mysql::mysql_server_options', {}), $mysql_server_options = hiera('tripleo::profile::base::database::mysql::mysql_server_options', {}),
$container_backend = 'docker', $container_backend = 'docker',
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$pcs_tries = hiera('pcs_tries', 20), $pcs_tries = hiera('pcs_tries', 20),
$step = Integer(hiera('step')), $step = Integer(hiera('step')),
) { ) {
@ -402,6 +406,11 @@ MYSQL_HOST=localhost\n",
} else { } else {
$storage_maps_tls = {} $storage_maps_tls = {}
} }
if $tls_priorities != undef {
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
} else {
$tls_priorities_real = ''
}
pacemaker::resource::bundle { 'galera-bundle': pacemaker::resource::bundle { 'galera-bundle':
image => $mysql_docker_image, image => $mysql_docker_image,
@ -413,7 +422,7 @@ MYSQL_HOST=localhost\n",
expression => ['galera-role eq true'], expression => ['galera-role eq true'],
}, },
container_options => 'network=host', container_options => 'network=host',
options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', options => "--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
run_command => '/bin/bash /usr/local/bin/kolla_start', run_command => '/bin/bash /usr/local/bin/kolla_start',
network => "control-port=${control_port}", network => "control-port=${control_port}",
storage_maps => merge($storage_maps, $storage_maps_tls), storage_maps => merge($storage_maps, $storage_maps_tls),

11
manifests/profile/pacemaker/database/redis_bundle.pp
View File

@ -95,6 +95,9 @@
# (optional) Container backend to use when creating the bundle # (optional) Container backend to use when creating the bundle
# Defaults to 'docker' # Defaults to 'docker'
# #
# [*tls_priorities*]
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
# #
class tripleo::profile::pacemaker::database::redis_bundle ( class tripleo::profile::pacemaker::database::redis_bundle (
$certificate_specs = hiera('redis_certificate_specs', {}), $certificate_specs = hiera('redis_certificate_specs', {}),
@ -112,6 +115,7 @@ class tripleo::profile::pacemaker::database::redis_bundle (
$tls_proxy_bind_ip = undef, $tls_proxy_bind_ip = undef,
$tls_proxy_fqdn = undef, $tls_proxy_fqdn = undef,
$tls_proxy_port = 6379, $tls_proxy_port = 6379,
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
) { ) {
if $::hostname == downcase($bootstrap_node) { if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true $pacemaker_master = true
@ -313,6 +317,11 @@ slave-announce-port ${local_tuple[0][2]}
} else { } else {
$storage_maps_tls = {} $storage_maps_tls = {}
} }
if $tls_priorities != undef {
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
} else {
$tls_priorities_real = ''
}
pacemaker::resource::bundle { 'redis-bundle': pacemaker::resource::bundle { 'redis-bundle':
image => $redis_docker_image, image => $redis_docker_image,
@ -324,7 +333,7 @@ slave-announce-port ${local_tuple[0][2]}
expression => ['redis-role eq true'], expression => ['redis-role eq true'],
}, },
container_options => 'network=host', container_options => 'network=host',
options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', options => "--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
run_command => '/bin/bash /usr/local/bin/kolla_start', run_command => '/bin/bash /usr/local/bin/kolla_start',
network => "control-port=${redis_docker_control_port}", network => "control-port=${redis_docker_control_port}",
storage_maps => merge($storage_maps, $storage_maps_tls), storage_maps => merge($storage_maps, $storage_maps_tls),

13
manifests/profile/pacemaker/haproxy_bundle.pp
View File

@ -71,6 +71,10 @@
# (optional) Container backend to use when creating the bundle # (optional) Container backend to use when creating the bundle
# Defaults to 'docker' # Defaults to 'docker'
# #
# [*tls_priorities*]
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
#
# [*step*] # [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates # (Optional) The current step in deployment. See tripleo-heat-templates
# for more details. # for more details.
@ -93,6 +97,7 @@ class tripleo::profile::pacemaker::haproxy_bundle (
$meta_params = '', $meta_params = '',
$op_params = '', $op_params = '',
$container_backend = 'docker', $container_backend = 'docker',
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$step = Integer(hiera('step')), $step = Integer(hiera('step')),
$pcs_tries = hiera('pcs_tries', 20), $pcs_tries = hiera('pcs_tries', 20),
) { ) {
@ -239,12 +244,18 @@ class tripleo::profile::pacemaker::haproxy_bundle (
$storage_maps_internal_tls = {} $storage_maps_internal_tls = {}
} }
if $tls_priorities != undef {
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
} else {
$tls_priorities_real = ''
}
pacemaker::resource::bundle { 'haproxy-bundle': pacemaker::resource::bundle { 'haproxy-bundle':
image => $haproxy_docker_image, image => $haproxy_docker_image,
replicas => $haproxy_nodes_count, replicas => $haproxy_nodes_count,
location_rule => $haproxy_location_rule, location_rule => $haproxy_location_rule,
container_options => 'network=host', container_options => 'network=host',
options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', options => "--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
run_command => '/bin/bash /usr/local/bin/kolla_start', run_command => '/bin/bash /usr/local/bin/kolla_start',
storage_maps => merge($storage_maps, $cert_storage_maps, $storage_maps_internal_tls), storage_maps => merge($storage_maps, $cert_storage_maps, $storage_maps_internal_tls),
container_backend => $container_backend, container_backend => $container_backend,

11
manifests/profile/pacemaker/manila/share_bundle.pp
View File

@ -51,6 +51,9 @@
# (optional) Container backend to use when creating the bundle # (optional) Container backend to use when creating the bundle
# Defaults to 'docker' # Defaults to 'docker'
# #
# [*tls_priorities*]
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
# #
class tripleo::profile::pacemaker::manila::share_bundle ( class tripleo::profile::pacemaker::manila::share_bundle (
$bootstrap_node = hiera('manila_share_short_bootstrap_node_name'), $bootstrap_node = hiera('manila_share_short_bootstrap_node_name'),
@ -59,6 +62,7 @@ class tripleo::profile::pacemaker::manila::share_bundle (
$docker_environment = ['KOLLA_CONFIG_STRATEGY=COPY_ALWAYS'], $docker_environment = ['KOLLA_CONFIG_STRATEGY=COPY_ALWAYS'],
$ceph_nfs_enabled = hiera('ceph_nfs_enabled', false), $ceph_nfs_enabled = hiera('ceph_nfs_enabled', false),
$container_backend = 'docker', $container_backend = 'docker',
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$pcs_tries = hiera('pcs_tries', 20), $pcs_tries = hiera('pcs_tries', 20),
$step = Integer(hiera('step')), $step = Integer(hiera('step')),
) { ) {
@ -200,6 +204,11 @@ class tripleo::profile::pacemaker::manila::share_bundle (
$docker_env_arr = delete(any2array($docker_environment), '').flatten() $docker_env_arr = delete(any2array($docker_environment), '').flatten()
$docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ') $docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ')
if $tls_priorities != undef {
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
} else {
$tls_priorities_real = ''
}
pacemaker::resource::bundle { $::manila::params::share_service: pacemaker::resource::bundle { $::manila::params::share_service:
image => $manila_share_docker_image, image => $manila_share_docker_image,
replicas => 1, replicas => 1,
@ -209,7 +218,7 @@ class tripleo::profile::pacemaker::manila::share_bundle (
expression => ['manila-share-role eq true'], expression => ['manila-share-role eq true'],
}, },
container_options => 'network=host', container_options => 'network=host',
options => "--ipc=host --privileged=true --user=root --log-driver=journald ${docker_env}", options => "--ipc=host --privileged=true --user=root --log-driver=journald ${docker_env}${tls_priorities_real}",
run_command => '/bin/bash /usr/local/bin/kolla_start', run_command => '/bin/bash /usr/local/bin/kolla_start',
storage_maps => $storage_maps, storage_maps => $storage_maps,
container_backend => $container_backend, container_backend => $container_backend,

12
manifests/profile/pacemaker/ovn_dbs_bundle.pp
View File

@ -56,6 +56,10 @@
# (optional) Container backend to use when creating the bundle # (optional) Container backend to use when creating the bundle
# Defaults to 'docker' # Defaults to 'docker'
# #
# [*tls_priorities*]
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
#
class tripleo::profile::pacemaker::ovn_dbs_bundle ( class tripleo::profile::pacemaker::ovn_dbs_bundle (
$ovn_dbs_docker_image = hiera('tripleo::profile::pacemaker::ovn_dbs_bundle::ovn_dbs_docker_image', undef), $ovn_dbs_docker_image = hiera('tripleo::profile::pacemaker::ovn_dbs_bundle::ovn_dbs_docker_image', undef),
@ -67,6 +71,7 @@ class tripleo::profile::pacemaker::ovn_dbs_bundle (
$nb_db_port = 6641, $nb_db_port = 6641,
$sb_db_port = 6642, $sb_db_port = 6642,
$container_backend = 'docker', $container_backend = 'docker',
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
) { ) {
if $::hostname == downcase($bootstrap_node) { if $::hostname == downcase($bootstrap_node) {
@ -99,6 +104,11 @@ class tripleo::profile::pacemaker::ovn_dbs_bundle (
score => 0, score => 0,
expression => ['ovn-dbs-role eq true'], expression => ['ovn-dbs-role eq true'],
} }
if $tls_priorities != undef {
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
} else {
$tls_priorities_real = ''
}
pacemaker::resource::bundle { 'ovn-dbs-bundle': pacemaker::resource::bundle { 'ovn-dbs-bundle':
image => $ovn_dbs_docker_image, image => $ovn_dbs_docker_image,
@ -106,7 +116,7 @@ class tripleo::profile::pacemaker::ovn_dbs_bundle (
masters => 1, masters => 1,
location_rule => $ovn_dbs_location_rule, location_rule => $ovn_dbs_location_rule,
container_options => 'network=host', container_options => 'network=host',
options => '--log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', options => "--log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
run_command => '/bin/bash /usr/local/bin/kolla_start', run_command => '/bin/bash /usr/local/bin/kolla_start',
network => "control-port=${ovn_dbs_control_port}", network => "control-port=${ovn_dbs_control_port}",
storage_maps => { storage_maps => {

12
manifests/profile/pacemaker/rabbitmq_bundle.pp
View File

@ -83,6 +83,10 @@
# (optional) Container backend to use when creating the bundle # (optional) Container backend to use when creating the bundle
# Defaults to 'docker' # Defaults to 'docker'
# #
# [*tls_priorities*]
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
#
class tripleo::profile::pacemaker::rabbitmq_bundle ( class tripleo::profile::pacemaker::rabbitmq_bundle (
$rabbitmq_docker_image = hiera('tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image', undef), $rabbitmq_docker_image = hiera('tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image', undef),
$rabbitmq_docker_control_port = hiera('tripleo::profile::pacemaker::rabbitmq_bundle::control_port', '3122'), $rabbitmq_docker_control_port = hiera('tripleo::profile::pacemaker::rabbitmq_bundle::control_port', '3122'),
@ -101,6 +105,7 @@ class tripleo::profile::pacemaker::rabbitmq_bundle (
$pcs_tries = hiera('pcs_tries', 20), $pcs_tries = hiera('pcs_tries', 20),
$step = Integer(hiera('step')), $step = Integer(hiera('step')),
$container_backend = 'docker', $container_backend = 'docker',
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
) { ) {
# is this an additional nova cell? # is this an additional nova cell?
if hiera('nova_is_additional_cell', undef) { if hiera('nova_is_additional_cell', undef) {
@ -248,6 +253,11 @@ class tripleo::profile::pacemaker::rabbitmq_bundle (
} else { } else {
$storage_maps_tls = {} $storage_maps_tls = {}
} }
if $tls_priorities != undef {
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
} else {
$tls_priorities_real = ''
}
pacemaker::resource::bundle { 'rabbitmq-bundle': pacemaker::resource::bundle { 'rabbitmq-bundle':
image => $rabbitmq_docker_image, image => $rabbitmq_docker_image,
@ -259,7 +269,7 @@ class tripleo::profile::pacemaker::rabbitmq_bundle (
}, },
container_options => 'network=host', container_options => 'network=host',
# lint:ignore:140chars # lint:ignore:140chars
options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS -e LANG=en_US.UTF-8 -e LC_ALL=en_US.UTF-8', options => "--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS -e LANG=en_US.UTF-8 -e LC_ALL=en_US.UTF-8${tls_priorities_real}",
# lint:endignore # lint:endignore
run_command => '/bin/bash /usr/local/bin/kolla_start', run_command => '/bin/bash /usr/local/bin/kolla_start',
network => "control-port=${rabbitmq_docker_control_port}", network => "control-port=${rabbitmq_docker_control_port}",