Merge "Support TLS priorities for pacemaker" into stable/stein
This commit is contained in:
Zuul
Gerrit Code Review
commit
5b10134014
|
|
@ -41,6 +41,10 @@ parameters:
|
||||||
default: false
|
default: false
|
||||||
description: Whether to enable fencing in Pacemaker or not.
|
description: Whether to enable fencing in Pacemaker or not.
|
||||||
type: boolean
|
type: boolean
|
||||||
|
PacemakerTLSPriorities:
|
||||||
|
type: string
|
||||||
|
description: Pacemaker TLS Priorities
|
||||||
|
default: ''
|
||||||
PacemakerRemoteAuthkey:
|
PacemakerRemoteAuthkey:
|
||||||
type: string
|
type: string
|
||||||
description: The authkey for the pacemaker remote service.
|
description: The authkey for the pacemaker remote service.
|
||||||
|
|
@ -102,6 +106,9 @@ parameters:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: true
|
default: true
|
||||||
|
|
||||||
|
conditions:
|
||||||
|
pcmk_tls_priorities_empty: {equals: [{get_param: PacemakerTLSPriorities}, '']}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the Pacemaker role.
|
description: Role data for the Pacemaker role.
|
||||||
|
|
@ -109,7 +116,8 @@ outputs:
|
||||||
service_name: pacemaker
|
service_name: pacemaker
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker}
|
monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker}
|
||||||
config_settings:
|
config_settings:
|
||||||
pacemaker::corosync::cluster_name: 'tripleo_cluster'
|
map_merge:
|
||||||
|
- pacemaker::corosync::cluster_name: 'tripleo_cluster'
|
||||||
pacemaker::corosync::manage_fw: false
|
pacemaker::corosync::manage_fw: false
|
||||||
pacemaker::resource_defaults::defaults:
|
pacemaker::resource_defaults::defaults:
|
||||||
resource-stickiness: { value: INFINITY }
|
resource-stickiness: { value: INFINITY }
|
||||||
|
|
@ -139,6 +147,11 @@ outputs:
|
||||||
- {get_param: PcsdPassword}
|
- {get_param: PcsdPassword}
|
||||||
- {get_param: [DefaultPasswords, pcsd_password]}
|
- {get_param: [DefaultPasswords, pcsd_password]}
|
||||||
tripleo::profile::base::pacemaker::remote_authkey: {get_param: PacemakerRemoteAuthkey}
|
tripleo::profile::base::pacemaker::remote_authkey: {get_param: PacemakerRemoteAuthkey}
|
||||||
|
-
|
||||||
|
if:
|
||||||
|
- pcmk_tls_priorities_empty
|
||||||
|
- {}
|
||||||
|
- tripleo::pacemaker::tls_priorities: {get_param: PacemakerTLSPriorities}
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
fluentd:
|
fluentd:
|
||||||
tripleo_fluentd_groups_pacemaker:
|
tripleo_fluentd_groups_pacemaker:
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Introduce a PacemakerTLSPriorities parameter (which will set the PCMK_tls_priorities
|
||||||
|
config option in /etc/sysconfig/pacemaker and the PCMK_tls_priorities variable
|
||||||
|
inside the bundle. This, when set, allows an operator to specify what kind of
|
||||||
|
GNUTLS ciphers are desired for the pacemaker control port.
|
||||||
Loading…
Reference in New Issue