puppet-tripleo/manifests/profile/base/pacemaker/instance_ha.pp

158 lines
6.0 KiB
Puppet

# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::pacemaker::instance_ha
#
# Pacemaker profile for configuring instance HA on the control plane in tripleo
# Note that this class is included under the condition $pacemaker_master and $enable_instanceha
#
# === Parameters
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
# [*pcs_tries*]
# (Optional) The number of times pcs commands should be retried.
# Defaults to hiera('pcs_tries', 20)
#
# [*keystone_endpoint_url*]
# The keystone public endpoint url
# Defaults to hiera('keystone::endpoint::public_url')
#
# [*keystone_password*]
# The keystone admin password
# Defaults to hiera('keystone::admin_password')
#
# [*keystone_admin*]
# The keystone admin username
# Defaults to hiera('keystone::roles::admin::admin_tenant', 'admin')
#
# [*keystone_tenant*]
# The keystone tenant
# Defaults to hiera('keystone::roles::admin::admin_tenant', 'admin')
#
# [*keystone_domain*]
# The keystone domain
# Defaults to hiera('tripleo::clouddomain', 'localdomain')
#
# [*user_domain*]
# The keystone user domain for nova
# Defaults to hiera('nova::keystone::authtoken::user_domain_name', 'Default')
#
# [*project_domain*]
# The keystone project domain for nova
# Defaults to hiera('nova::keystone::authtoken::project_domain_name', 'Default')
#
# [*no_shared_storage*]
# Variable that defines the no_shared_storage for the nova evacuate resource
# Defaults to hiera('tripleo::instanceha::no_shared_storage', true)
#
# [*evacuate_delay*]
# (Optional) Integer, seconds to wait before starting the nova evacuate
# Defaults to hiera('tripleo::instanceha::evacuate_delay', 0)
#
# [*deep_compare_fencing*]
# (Optional) Boolean, should fence_compute be deep compared in order to
# update the existing fencing resource when puppet is being rerun
# Defaults to hiera('tripleo::fencing', true)
#
# [*deep_compare_ocf*]
# (Optional) Boolean, should the IHA ocf resource nova evacuate be deep
# compared in order to update the resource when puppet is being rerun
# Defaults to hiera('pacemaker::resource::ocf::deep_compare', true)
#
class tripleo::profile::base::pacemaker::instance_ha (
$step = Integer(hiera('step')),
$pcs_tries = hiera('pcs_tries', 20),
$keystone_endpoint_url = hiera('keystone::endpoint::public_url'),
$keystone_password = hiera('keystone::admin_password'),
$keystone_admin = hiera('keystone::roles::admin::admin_tenant', 'admin'),
$keystone_tenant = hiera('keystone::roles::admin::admin_tenant', 'admin'),
$keystone_domain = hiera('tripleo::clouddomain', 'localdomain'),
$user_domain = hiera('nova::keystone::authtoken::user_domain_name', 'Default'),
$project_domain = hiera('nova::keystone::authtoken::project_domain_name', 'Default'),
$no_shared_storage = hiera('tripleo::instanceha::no_shared_storage', true),
$evacuate_delay = hiera('tripleo::instanceha::evacuate_delay', 0),
$deep_compare_fencing = hiera('tripleo::fencing', true),
$deep_compare_ocf = hiera('pacemaker::resource::ocf::deep_compare', true),
) {
if $step >= 2 {
class { '::pacemaker::resource_defaults':
tries => $pcs_tries,
defaults => {
'fencing-default' => {
name => 'requires',
value => 'fencing',
},
},
}
}
# We need the guarantee that keystone is configured before creating the next resources
if $step >= 4 {
pacemaker::stonith::fence_compute { 'fence-nova':
auth_url => $keystone_endpoint_url,
login => $keystone_admin,
passwd => $keystone_password,
tenant_name => $keystone_admin,
project_domain => $project_domain,
user_domain => $user_domain,
domain => $keystone_domain,
record_only => 1,
meta_attr => 'provides=unfencing',
pcmk_host_list => '',
tries => $pcs_tries,
deep_compare => $deep_compare_fencing,
}
pacemaker::resource::ocf { 'compute-unfence-trigger':
ocf_agent_name => 'pacemaker:Dummy',
meta_params => 'requires=unfencing',
clone_params => true,
op_params => 'stop timeout=20 on-fail=block',
tries => $pcs_tries,
deep_compare => $deep_compare_ocf,
location_rule => {
resource_discovery => 'never',
score => '-INFINITY',
expression => ['compute-instanceha-role ne true'],
}
}
if $no_shared_storage {
$iha_no_shared_storage = 'no_shared_storage=true'
} else {
$iha_no_shared_storage = 'no_shared_storage=false'
}
if $evacuate_delay > 0 {
$evacuate_param = " evacuate_delay=${evacuate_delay}"
} else {
$evacuate_param = ''
}
pacemaker::resource::ocf { 'nova-evacuate':
ocf_agent_name => 'openstack:NovaEvacuate',
# lint:ignore:140chars
resource_params => "auth_url=${keystone_endpoint_url} username=${keystone_admin} password=${keystone_password} user_domain=${user_domain} project_domain=${project_domain} tenant_name=${keystone_tenant} ${iha_no_shared_storage}${evacuate_param}",
# lint:endignore
tries => $pcs_tries,
deep_compare => $deep_compare_ocf,
location_rule => {
resource_discovery => 'never',
score => '-INFINITY',
expression => ['compute-instanceha-role eq true'],
}
}
}
}