Initial support for tls_priorities
We add initial support for being able to specify tls priorities in
pacemaker. For bundles this will happen via an env variable because
pacemaker_remote is started normally as a process and there is no
sourcing of /etc/sysconfig/pacemaker.
Tested on both queens and stein. Via a deploy and a redeploy against
existing cloud. Observed that:
A) We got PCMK_tls_priorities inside /etc/sysconfig/pacemaker with the
value that was passed in THT
B) Containers had the following env variable set:
"PCMK_tls_priorities=normal",
The '-e' addition is a noop in case the PCMK_tls_priorities is unset
so that we do not change the signature of the resources and hence do
not needlessly restart the HA resource.
Depends-On: I1971810f6a90f244ed5ced972a5fe7fde29dde86
Change-Id: I703b5a429f48063474aace85bc45d948f5c91435
(cherry picked from commit f1a593b642
)
This commit is contained in:
parent
ed6c6b003c
commit
dbae850692
|
@ -81,6 +81,11 @@
|
||||||
# (Optional) Boolean driving the Instance HA controlplane configuration
|
# (Optional) Boolean driving the Instance HA controlplane configuration
|
||||||
# Defaults to false
|
# Defaults to false
|
||||||
#
|
#
|
||||||
|
# [*tls_priorities*]
|
||||||
|
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
|
||||||
|
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
|
||||||
|
#
|
||||||
|
|
||||||
class tripleo::profile::base::pacemaker (
|
class tripleo::profile::base::pacemaker (
|
||||||
$step = Integer(hiera('step')),
|
$step = Integer(hiera('step')),
|
||||||
$pcs_tries = hiera('pcs_tries', 20),
|
$pcs_tries = hiera('pcs_tries', 20),
|
||||||
|
@ -96,6 +101,7 @@ class tripleo::profile::base::pacemaker (
|
||||||
$cluster_recheck_interval = hiera('pacemaker_cluster_recheck_interval', undef),
|
$cluster_recheck_interval = hiera('pacemaker_cluster_recheck_interval', undef),
|
||||||
$encryption = true,
|
$encryption = true,
|
||||||
$enable_instanceha = hiera('tripleo::instanceha', false),
|
$enable_instanceha = hiera('tripleo::instanceha', false),
|
||||||
|
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
|
||||||
) {
|
) {
|
||||||
|
|
||||||
if count($remote_short_node_names) != count($remote_node_ips) {
|
if count($remote_short_node_names) != count($remote_node_ips) {
|
||||||
|
@ -161,6 +167,7 @@ class tripleo::profile::base::pacemaker (
|
||||||
cluster_setup_extras => $cluster_setup_extras,
|
cluster_setup_extras => $cluster_setup_extras,
|
||||||
remote_authkey => $remote_authkey,
|
remote_authkey => $remote_authkey,
|
||||||
cluster_members_addr => $pacemaker_node_ips_real,
|
cluster_members_addr => $pacemaker_node_ips_real,
|
||||||
|
tls_priorities => $tls_priorities,
|
||||||
}
|
}
|
||||||
if str2bool(hiera('docker_enabled', false)) {
|
if str2bool(hiera('docker_enabled', false)) {
|
||||||
include ::systemd::systemctl::daemon_reload
|
include ::systemd::systemctl::daemon_reload
|
||||||
|
|
|
@ -40,6 +40,10 @@
|
||||||
# (Optional) Whether or not to manage stonith devices for nodes
|
# (Optional) Whether or not to manage stonith devices for nodes
|
||||||
# Defaults to hiera('enable_fencing', false)
|
# Defaults to hiera('enable_fencing', false)
|
||||||
#
|
#
|
||||||
|
# [*tls_priorities*]
|
||||||
|
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
|
||||||
|
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
|
||||||
|
#
|
||||||
# [*step*]
|
# [*step*]
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||||
# for more details.
|
# for more details.
|
||||||
|
@ -51,6 +55,7 @@ class tripleo::profile::base::pacemaker_remote (
|
||||||
$pcs_user = 'hacluster',
|
$pcs_user = 'hacluster',
|
||||||
$pcs_password = hiera('hacluster_pwd', undef),
|
$pcs_password = hiera('hacluster_pwd', undef),
|
||||||
$enable_fencing = hiera('enable_fencing', false),
|
$enable_fencing = hiera('enable_fencing', false),
|
||||||
|
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
|
||||||
$step = Integer(hiera('step')),
|
$step = Integer(hiera('step')),
|
||||||
) {
|
) {
|
||||||
if $pcs_password == undef {
|
if $pcs_password == undef {
|
||||||
|
@ -61,6 +66,7 @@ class tripleo::profile::base::pacemaker_remote (
|
||||||
pcs_password => $pcs_password,
|
pcs_password => $pcs_password,
|
||||||
remote_authkey => $remote_authkey,
|
remote_authkey => $remote_authkey,
|
||||||
use_pcsd => true,
|
use_pcsd => true,
|
||||||
|
tls_priorities => $tls_priorities,
|
||||||
}
|
}
|
||||||
if str2bool(hiera('docker_enabled', false)) {
|
if str2bool(hiera('docker_enabled', false)) {
|
||||||
include ::systemd::systemctl::daemon_reload
|
include ::systemd::systemctl::daemon_reload
|
||||||
|
|
|
@ -47,6 +47,9 @@
|
||||||
# (optional) Container backend to use when creating the bundle
|
# (optional) Container backend to use when creating the bundle
|
||||||
# Defaults to 'docker'
|
# Defaults to 'docker'
|
||||||
#
|
#
|
||||||
|
# [*tls_priorities*]
|
||||||
|
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
|
||||||
|
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
|
||||||
#
|
#
|
||||||
class tripleo::profile::pacemaker::cinder::backup_bundle (
|
class tripleo::profile::pacemaker::cinder::backup_bundle (
|
||||||
$bootstrap_node = hiera('cinder_backup_short_bootstrap_node_name'),
|
$bootstrap_node = hiera('cinder_backup_short_bootstrap_node_name'),
|
||||||
|
@ -54,6 +57,7 @@ class tripleo::profile::pacemaker::cinder::backup_bundle (
|
||||||
$docker_volumes = [],
|
$docker_volumes = [],
|
||||||
$docker_environment = ['KOLLA_CONFIG_STRATEGY=COPY_ALWAYS'],
|
$docker_environment = ['KOLLA_CONFIG_STRATEGY=COPY_ALWAYS'],
|
||||||
$container_backend = 'docker',
|
$container_backend = 'docker',
|
||||||
|
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
|
||||||
$pcs_tries = hiera('pcs_tries', 20),
|
$pcs_tries = hiera('pcs_tries', 20),
|
||||||
$step = Integer(hiera('step')),
|
$step = Integer(hiera('step')),
|
||||||
) {
|
) {
|
||||||
|
@ -180,6 +184,11 @@ class tripleo::profile::pacemaker::cinder::backup_bundle (
|
||||||
|
|
||||||
$docker_env_arr = delete(any2array($docker_environment), '').flatten()
|
$docker_env_arr = delete(any2array($docker_environment), '').flatten()
|
||||||
$docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ')
|
$docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ')
|
||||||
|
if $tls_priorities != undef {
|
||||||
|
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
|
||||||
|
} else {
|
||||||
|
$tls_priorities_real = ''
|
||||||
|
}
|
||||||
|
|
||||||
pacemaker::resource::bundle { $::cinder::params::backup_service :
|
pacemaker::resource::bundle { $::cinder::params::backup_service :
|
||||||
image => $cinder_backup_docker_image,
|
image => $cinder_backup_docker_image,
|
||||||
|
@ -190,7 +199,7 @@ class tripleo::profile::pacemaker::cinder::backup_bundle (
|
||||||
expression => ['cinder-backup-role eq true'],
|
expression => ['cinder-backup-role eq true'],
|
||||||
},
|
},
|
||||||
container_options => 'network=host',
|
container_options => 'network=host',
|
||||||
options => "--ipc=host --privileged=true --user=root --log-driver=journald ${docker_env}",
|
options => "--ipc=host --privileged=true --user=root --log-driver=journald ${docker_env}${tls_priorities_real}",
|
||||||
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
||||||
storage_maps => $storage_maps,
|
storage_maps => $storage_maps,
|
||||||
container_backend => $container_backend,
|
container_backend => $container_backend,
|
||||||
|
|
|
@ -47,6 +47,9 @@
|
||||||
# (optional) Container backend to use when creating the bundle
|
# (optional) Container backend to use when creating the bundle
|
||||||
# Defaults to 'docker'
|
# Defaults to 'docker'
|
||||||
#
|
#
|
||||||
|
# [*tls_priorities*]
|
||||||
|
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
|
||||||
|
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
|
||||||
#
|
#
|
||||||
class tripleo::profile::pacemaker::cinder::volume_bundle (
|
class tripleo::profile::pacemaker::cinder::volume_bundle (
|
||||||
$bootstrap_node = hiera('cinder_volume_short_bootstrap_node_name'),
|
$bootstrap_node = hiera('cinder_volume_short_bootstrap_node_name'),
|
||||||
|
@ -56,6 +59,7 @@ class tripleo::profile::pacemaker::cinder::volume_bundle (
|
||||||
$pcs_tries = hiera('pcs_tries', 20),
|
$pcs_tries = hiera('pcs_tries', 20),
|
||||||
$step = Integer(hiera('step')),
|
$step = Integer(hiera('step')),
|
||||||
$container_backend = 'docker',
|
$container_backend = 'docker',
|
||||||
|
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
|
||||||
) {
|
) {
|
||||||
if $::hostname == downcase($bootstrap_node) {
|
if $::hostname == downcase($bootstrap_node) {
|
||||||
$pacemaker_master = true
|
$pacemaker_master = true
|
||||||
|
@ -181,6 +185,11 @@ class tripleo::profile::pacemaker::cinder::volume_bundle (
|
||||||
|
|
||||||
$docker_env_arr = delete(any2array($docker_environment), '').flatten()
|
$docker_env_arr = delete(any2array($docker_environment), '').flatten()
|
||||||
$docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ')
|
$docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ')
|
||||||
|
if $tls_priorities != undef {
|
||||||
|
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
|
||||||
|
} else {
|
||||||
|
$tls_priorities_real = ''
|
||||||
|
}
|
||||||
|
|
||||||
pacemaker::resource::bundle { $::cinder::params::volume_service:
|
pacemaker::resource::bundle { $::cinder::params::volume_service:
|
||||||
image => $cinder_volume_docker_image,
|
image => $cinder_volume_docker_image,
|
||||||
|
@ -191,7 +200,7 @@ class tripleo::profile::pacemaker::cinder::volume_bundle (
|
||||||
expression => ['cinder-volume-role eq true'],
|
expression => ['cinder-volume-role eq true'],
|
||||||
},
|
},
|
||||||
container_options => 'network=host',
|
container_options => 'network=host',
|
||||||
options => "--ipc=host --privileged=true --user=root --log-driver=journald ${docker_env}",
|
options => "--ipc=host --privileged=true --user=root --log-driver=journald ${docker_env}${tls_priorities_real}",
|
||||||
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
||||||
storage_maps => $storage_maps,
|
storage_maps => $storage_maps,
|
||||||
container_backend => $container_backend,
|
container_backend => $container_backend,
|
||||||
|
|
|
@ -118,6 +118,9 @@
|
||||||
# (optional) Container backend to use when creating the bundle
|
# (optional) Container backend to use when creating the bundle
|
||||||
# Defaults to 'docker'
|
# Defaults to 'docker'
|
||||||
#
|
#
|
||||||
|
# [*tls_priorities*]
|
||||||
|
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
|
||||||
|
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
|
||||||
#
|
#
|
||||||
class tripleo::profile::pacemaker::database::mysql_bundle (
|
class tripleo::profile::pacemaker::database::mysql_bundle (
|
||||||
$mysql_docker_image = hiera('tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image', undef),
|
$mysql_docker_image = hiera('tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image', undef),
|
||||||
|
@ -138,6 +141,7 @@ class tripleo::profile::pacemaker::database::mysql_bundle (
|
||||||
$ipv6 = str2bool(hiera('mysql_ipv6', false)),
|
$ipv6 = str2bool(hiera('mysql_ipv6', false)),
|
||||||
$mysql_server_options = hiera('tripleo::profile::base::database::mysql::mysql_server_options', {}),
|
$mysql_server_options = hiera('tripleo::profile::base::database::mysql::mysql_server_options', {}),
|
||||||
$container_backend = 'docker',
|
$container_backend = 'docker',
|
||||||
|
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
|
||||||
$pcs_tries = hiera('pcs_tries', 20),
|
$pcs_tries = hiera('pcs_tries', 20),
|
||||||
$step = Integer(hiera('step')),
|
$step = Integer(hiera('step')),
|
||||||
) {
|
) {
|
||||||
|
@ -402,6 +406,11 @@ MYSQL_HOST=localhost\n",
|
||||||
} else {
|
} else {
|
||||||
$storage_maps_tls = {}
|
$storage_maps_tls = {}
|
||||||
}
|
}
|
||||||
|
if $tls_priorities != undef {
|
||||||
|
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
|
||||||
|
} else {
|
||||||
|
$tls_priorities_real = ''
|
||||||
|
}
|
||||||
|
|
||||||
pacemaker::resource::bundle { 'galera-bundle':
|
pacemaker::resource::bundle { 'galera-bundle':
|
||||||
image => $mysql_docker_image,
|
image => $mysql_docker_image,
|
||||||
|
@ -413,7 +422,7 @@ MYSQL_HOST=localhost\n",
|
||||||
expression => ['galera-role eq true'],
|
expression => ['galera-role eq true'],
|
||||||
},
|
},
|
||||||
container_options => 'network=host',
|
container_options => 'network=host',
|
||||||
options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS',
|
options => "--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
|
||||||
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
||||||
network => "control-port=${control_port}",
|
network => "control-port=${control_port}",
|
||||||
storage_maps => merge($storage_maps, $storage_maps_tls),
|
storage_maps => merge($storage_maps, $storage_maps_tls),
|
||||||
|
|
|
@ -95,6 +95,9 @@
|
||||||
# (optional) Container backend to use when creating the bundle
|
# (optional) Container backend to use when creating the bundle
|
||||||
# Defaults to 'docker'
|
# Defaults to 'docker'
|
||||||
#
|
#
|
||||||
|
# [*tls_priorities*]
|
||||||
|
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
|
||||||
|
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
|
||||||
#
|
#
|
||||||
class tripleo::profile::pacemaker::database::redis_bundle (
|
class tripleo::profile::pacemaker::database::redis_bundle (
|
||||||
$certificate_specs = hiera('redis_certificate_specs', {}),
|
$certificate_specs = hiera('redis_certificate_specs', {}),
|
||||||
|
@ -112,6 +115,7 @@ class tripleo::profile::pacemaker::database::redis_bundle (
|
||||||
$tls_proxy_bind_ip = undef,
|
$tls_proxy_bind_ip = undef,
|
||||||
$tls_proxy_fqdn = undef,
|
$tls_proxy_fqdn = undef,
|
||||||
$tls_proxy_port = 6379,
|
$tls_proxy_port = 6379,
|
||||||
|
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
|
||||||
) {
|
) {
|
||||||
if $::hostname == downcase($bootstrap_node) {
|
if $::hostname == downcase($bootstrap_node) {
|
||||||
$pacemaker_master = true
|
$pacemaker_master = true
|
||||||
|
@ -313,6 +317,11 @@ slave-announce-port ${local_tuple[0][2]}
|
||||||
} else {
|
} else {
|
||||||
$storage_maps_tls = {}
|
$storage_maps_tls = {}
|
||||||
}
|
}
|
||||||
|
if $tls_priorities != undef {
|
||||||
|
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
|
||||||
|
} else {
|
||||||
|
$tls_priorities_real = ''
|
||||||
|
}
|
||||||
|
|
||||||
pacemaker::resource::bundle { 'redis-bundle':
|
pacemaker::resource::bundle { 'redis-bundle':
|
||||||
image => $redis_docker_image,
|
image => $redis_docker_image,
|
||||||
|
@ -324,7 +333,7 @@ slave-announce-port ${local_tuple[0][2]}
|
||||||
expression => ['redis-role eq true'],
|
expression => ['redis-role eq true'],
|
||||||
},
|
},
|
||||||
container_options => 'network=host',
|
container_options => 'network=host',
|
||||||
options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS',
|
options => "--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
|
||||||
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
||||||
network => "control-port=${redis_docker_control_port}",
|
network => "control-port=${redis_docker_control_port}",
|
||||||
storage_maps => merge($storage_maps, $storage_maps_tls),
|
storage_maps => merge($storage_maps, $storage_maps_tls),
|
||||||
|
|
|
@ -71,6 +71,10 @@
|
||||||
# (optional) Container backend to use when creating the bundle
|
# (optional) Container backend to use when creating the bundle
|
||||||
# Defaults to 'docker'
|
# Defaults to 'docker'
|
||||||
#
|
#
|
||||||
|
# [*tls_priorities*]
|
||||||
|
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
|
||||||
|
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
|
||||||
|
#
|
||||||
# [*step*]
|
# [*step*]
|
||||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||||
# for more details.
|
# for more details.
|
||||||
|
@ -93,6 +97,7 @@ class tripleo::profile::pacemaker::haproxy_bundle (
|
||||||
$meta_params = '',
|
$meta_params = '',
|
||||||
$op_params = '',
|
$op_params = '',
|
||||||
$container_backend = 'docker',
|
$container_backend = 'docker',
|
||||||
|
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
|
||||||
$step = Integer(hiera('step')),
|
$step = Integer(hiera('step')),
|
||||||
$pcs_tries = hiera('pcs_tries', 20),
|
$pcs_tries = hiera('pcs_tries', 20),
|
||||||
) {
|
) {
|
||||||
|
@ -239,12 +244,18 @@ class tripleo::profile::pacemaker::haproxy_bundle (
|
||||||
$storage_maps_internal_tls = {}
|
$storage_maps_internal_tls = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $tls_priorities != undef {
|
||||||
|
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
|
||||||
|
} else {
|
||||||
|
$tls_priorities_real = ''
|
||||||
|
}
|
||||||
|
|
||||||
pacemaker::resource::bundle { 'haproxy-bundle':
|
pacemaker::resource::bundle { 'haproxy-bundle':
|
||||||
image => $haproxy_docker_image,
|
image => $haproxy_docker_image,
|
||||||
replicas => $haproxy_nodes_count,
|
replicas => $haproxy_nodes_count,
|
||||||
location_rule => $haproxy_location_rule,
|
location_rule => $haproxy_location_rule,
|
||||||
container_options => 'network=host',
|
container_options => 'network=host',
|
||||||
options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS',
|
options => "--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
|
||||||
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
||||||
storage_maps => merge($storage_maps, $cert_storage_maps, $storage_maps_internal_tls),
|
storage_maps => merge($storage_maps, $cert_storage_maps, $storage_maps_internal_tls),
|
||||||
container_backend => $container_backend,
|
container_backend => $container_backend,
|
||||||
|
|
|
@ -51,6 +51,9 @@
|
||||||
# (optional) Container backend to use when creating the bundle
|
# (optional) Container backend to use when creating the bundle
|
||||||
# Defaults to 'docker'
|
# Defaults to 'docker'
|
||||||
#
|
#
|
||||||
|
# [*tls_priorities*]
|
||||||
|
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
|
||||||
|
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
|
||||||
#
|
#
|
||||||
class tripleo::profile::pacemaker::manila::share_bundle (
|
class tripleo::profile::pacemaker::manila::share_bundle (
|
||||||
$bootstrap_node = hiera('manila_share_short_bootstrap_node_name'),
|
$bootstrap_node = hiera('manila_share_short_bootstrap_node_name'),
|
||||||
|
@ -59,6 +62,7 @@ class tripleo::profile::pacemaker::manila::share_bundle (
|
||||||
$docker_environment = ['KOLLA_CONFIG_STRATEGY=COPY_ALWAYS'],
|
$docker_environment = ['KOLLA_CONFIG_STRATEGY=COPY_ALWAYS'],
|
||||||
$ceph_nfs_enabled = hiera('ceph_nfs_enabled', false),
|
$ceph_nfs_enabled = hiera('ceph_nfs_enabled', false),
|
||||||
$container_backend = 'docker',
|
$container_backend = 'docker',
|
||||||
|
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
|
||||||
$pcs_tries = hiera('pcs_tries', 20),
|
$pcs_tries = hiera('pcs_tries', 20),
|
||||||
$step = Integer(hiera('step')),
|
$step = Integer(hiera('step')),
|
||||||
) {
|
) {
|
||||||
|
@ -200,6 +204,11 @@ class tripleo::profile::pacemaker::manila::share_bundle (
|
||||||
$docker_env_arr = delete(any2array($docker_environment), '').flatten()
|
$docker_env_arr = delete(any2array($docker_environment), '').flatten()
|
||||||
$docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ')
|
$docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ')
|
||||||
|
|
||||||
|
if $tls_priorities != undef {
|
||||||
|
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
|
||||||
|
} else {
|
||||||
|
$tls_priorities_real = ''
|
||||||
|
}
|
||||||
pacemaker::resource::bundle { $::manila::params::share_service:
|
pacemaker::resource::bundle { $::manila::params::share_service:
|
||||||
image => $manila_share_docker_image,
|
image => $manila_share_docker_image,
|
||||||
replicas => 1,
|
replicas => 1,
|
||||||
|
@ -209,7 +218,7 @@ class tripleo::profile::pacemaker::manila::share_bundle (
|
||||||
expression => ['manila-share-role eq true'],
|
expression => ['manila-share-role eq true'],
|
||||||
},
|
},
|
||||||
container_options => 'network=host',
|
container_options => 'network=host',
|
||||||
options => "--ipc=host --privileged=true --user=root --log-driver=journald ${docker_env}",
|
options => "--ipc=host --privileged=true --user=root --log-driver=journald ${docker_env}${tls_priorities_real}",
|
||||||
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
||||||
storage_maps => $storage_maps,
|
storage_maps => $storage_maps,
|
||||||
container_backend => $container_backend,
|
container_backend => $container_backend,
|
||||||
|
|
|
@ -56,6 +56,10 @@
|
||||||
# (optional) Container backend to use when creating the bundle
|
# (optional) Container backend to use when creating the bundle
|
||||||
# Defaults to 'docker'
|
# Defaults to 'docker'
|
||||||
#
|
#
|
||||||
|
# [*tls_priorities*]
|
||||||
|
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
|
||||||
|
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
|
||||||
|
#
|
||||||
|
|
||||||
class tripleo::profile::pacemaker::ovn_dbs_bundle (
|
class tripleo::profile::pacemaker::ovn_dbs_bundle (
|
||||||
$ovn_dbs_docker_image = hiera('tripleo::profile::pacemaker::ovn_dbs_bundle::ovn_dbs_docker_image', undef),
|
$ovn_dbs_docker_image = hiera('tripleo::profile::pacemaker::ovn_dbs_bundle::ovn_dbs_docker_image', undef),
|
||||||
|
@ -67,6 +71,7 @@ class tripleo::profile::pacemaker::ovn_dbs_bundle (
|
||||||
$nb_db_port = 6641,
|
$nb_db_port = 6641,
|
||||||
$sb_db_port = 6642,
|
$sb_db_port = 6642,
|
||||||
$container_backend = 'docker',
|
$container_backend = 'docker',
|
||||||
|
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
|
||||||
) {
|
) {
|
||||||
|
|
||||||
if $::hostname == downcase($bootstrap_node) {
|
if $::hostname == downcase($bootstrap_node) {
|
||||||
|
@ -99,6 +104,11 @@ class tripleo::profile::pacemaker::ovn_dbs_bundle (
|
||||||
score => 0,
|
score => 0,
|
||||||
expression => ['ovn-dbs-role eq true'],
|
expression => ['ovn-dbs-role eq true'],
|
||||||
}
|
}
|
||||||
|
if $tls_priorities != undef {
|
||||||
|
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
|
||||||
|
} else {
|
||||||
|
$tls_priorities_real = ''
|
||||||
|
}
|
||||||
|
|
||||||
pacemaker::resource::bundle { 'ovn-dbs-bundle':
|
pacemaker::resource::bundle { 'ovn-dbs-bundle':
|
||||||
image => $ovn_dbs_docker_image,
|
image => $ovn_dbs_docker_image,
|
||||||
|
@ -106,7 +116,7 @@ class tripleo::profile::pacemaker::ovn_dbs_bundle (
|
||||||
masters => 1,
|
masters => 1,
|
||||||
location_rule => $ovn_dbs_location_rule,
|
location_rule => $ovn_dbs_location_rule,
|
||||||
container_options => 'network=host',
|
container_options => 'network=host',
|
||||||
options => '--log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS',
|
options => "--log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}",
|
||||||
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
||||||
network => "control-port=${ovn_dbs_control_port}",
|
network => "control-port=${ovn_dbs_control_port}",
|
||||||
storage_maps => {
|
storage_maps => {
|
||||||
|
|
|
@ -83,6 +83,10 @@
|
||||||
# (optional) Container backend to use when creating the bundle
|
# (optional) Container backend to use when creating the bundle
|
||||||
# Defaults to 'docker'
|
# Defaults to 'docker'
|
||||||
#
|
#
|
||||||
|
# [*tls_priorities*]
|
||||||
|
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
|
||||||
|
# Defaults to hiera('tripleo::pacemaker::tls_priorities', undef)
|
||||||
|
#
|
||||||
class tripleo::profile::pacemaker::rabbitmq_bundle (
|
class tripleo::profile::pacemaker::rabbitmq_bundle (
|
||||||
$rabbitmq_docker_image = hiera('tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image', undef),
|
$rabbitmq_docker_image = hiera('tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image', undef),
|
||||||
$rabbitmq_docker_control_port = hiera('tripleo::profile::pacemaker::rabbitmq_bundle::control_port', '3122'),
|
$rabbitmq_docker_control_port = hiera('tripleo::profile::pacemaker::rabbitmq_bundle::control_port', '3122'),
|
||||||
|
@ -101,6 +105,7 @@ class tripleo::profile::pacemaker::rabbitmq_bundle (
|
||||||
$pcs_tries = hiera('pcs_tries', 20),
|
$pcs_tries = hiera('pcs_tries', 20),
|
||||||
$step = Integer(hiera('step')),
|
$step = Integer(hiera('step')),
|
||||||
$container_backend = 'docker',
|
$container_backend = 'docker',
|
||||||
|
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
|
||||||
) {
|
) {
|
||||||
# is this an additional nova cell?
|
# is this an additional nova cell?
|
||||||
if hiera('nova_is_additional_cell', undef) {
|
if hiera('nova_is_additional_cell', undef) {
|
||||||
|
@ -248,6 +253,11 @@ class tripleo::profile::pacemaker::rabbitmq_bundle (
|
||||||
} else {
|
} else {
|
||||||
$storage_maps_tls = {}
|
$storage_maps_tls = {}
|
||||||
}
|
}
|
||||||
|
if $tls_priorities != undef {
|
||||||
|
$tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}"
|
||||||
|
} else {
|
||||||
|
$tls_priorities_real = ''
|
||||||
|
}
|
||||||
|
|
||||||
pacemaker::resource::bundle { 'rabbitmq-bundle':
|
pacemaker::resource::bundle { 'rabbitmq-bundle':
|
||||||
image => $rabbitmq_docker_image,
|
image => $rabbitmq_docker_image,
|
||||||
|
@ -259,7 +269,7 @@ class tripleo::profile::pacemaker::rabbitmq_bundle (
|
||||||
},
|
},
|
||||||
container_options => 'network=host',
|
container_options => 'network=host',
|
||||||
# lint:ignore:140chars
|
# lint:ignore:140chars
|
||||||
options => '--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS -e LANG=en_US.UTF-8 -e LC_ALL=en_US.UTF-8',
|
options => "--user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS -e LANG=en_US.UTF-8 -e LC_ALL=en_US.UTF-8${tls_priorities_real}",
|
||||||
# lint:endignore
|
# lint:endignore
|
||||||
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
run_command => '/bin/bash /usr/local/bin/kolla_start',
|
||||||
network => "control-port=${rabbitmq_docker_control_port}",
|
network => "control-port=${rabbitmq_docker_control_port}",
|
||||||
|
|
Loading…
Reference in New Issue