Merge "Support TLS priorities for pacemaker" into stable/stein
This commit is contained in:
commit
5b10134014
|
@ -41,6 +41,10 @@ parameters:
|
||||||
default: false
|
default: false
|
||||||
description: Whether to enable fencing in Pacemaker or not.
|
description: Whether to enable fencing in Pacemaker or not.
|
||||||
type: boolean
|
type: boolean
|
||||||
|
PacemakerTLSPriorities:
|
||||||
|
type: string
|
||||||
|
description: Pacemaker TLS Priorities
|
||||||
|
default: ''
|
||||||
PacemakerRemoteAuthkey:
|
PacemakerRemoteAuthkey:
|
||||||
type: string
|
type: string
|
||||||
description: The authkey for the pacemaker remote service.
|
description: The authkey for the pacemaker remote service.
|
||||||
|
@ -102,6 +106,9 @@ parameters:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: true
|
default: true
|
||||||
|
|
||||||
|
conditions:
|
||||||
|
pcmk_tls_priorities_empty: {equals: [{get_param: PacemakerTLSPriorities}, '']}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the Pacemaker role.
|
description: Role data for the Pacemaker role.
|
||||||
|
@ -109,36 +116,42 @@ outputs:
|
||||||
service_name: pacemaker
|
service_name: pacemaker
|
||||||
monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker}
|
monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker}
|
||||||
config_settings:
|
config_settings:
|
||||||
pacemaker::corosync::cluster_name: 'tripleo_cluster'
|
map_merge:
|
||||||
pacemaker::corosync::manage_fw: false
|
- pacemaker::corosync::cluster_name: 'tripleo_cluster'
|
||||||
pacemaker::resource_defaults::defaults:
|
pacemaker::corosync::manage_fw: false
|
||||||
resource-stickiness: { value: INFINITY }
|
pacemaker::resource_defaults::defaults:
|
||||||
corosync_token_timeout: 10000
|
resource-stickiness: { value: INFINITY }
|
||||||
pacemaker::corosync::settle_tries: {get_param: CorosyncSettleTries}
|
corosync_token_timeout: 10000
|
||||||
pacemaker::resource::bundle::deep_compare: true
|
pacemaker::corosync::settle_tries: {get_param: CorosyncSettleTries}
|
||||||
pacemaker::resource::ip::deep_compare: true
|
pacemaker::resource::bundle::deep_compare: true
|
||||||
pacemaker::resource::ocf::deep_compare: true
|
pacemaker::resource::ip::deep_compare: true
|
||||||
tripleo::pacemaker::firewall_rules:
|
pacemaker::resource::ocf::deep_compare: true
|
||||||
'130 pacemaker tcp':
|
tripleo::pacemaker::firewall_rules:
|
||||||
proto: 'tcp'
|
'130 pacemaker tcp':
|
||||||
dport:
|
proto: 'tcp'
|
||||||
- 2224
|
dport:
|
||||||
- 3121
|
- 2224
|
||||||
- 21064
|
- 3121
|
||||||
'131 pacemaker udp':
|
- 21064
|
||||||
proto: 'udp'
|
'131 pacemaker udp':
|
||||||
dport: 5405
|
proto: 'udp'
|
||||||
corosync_ipv6: {get_param: CorosyncIPv6}
|
dport: 5405
|
||||||
tripleo::fencing::config: {get_param: FencingConfig}
|
corosync_ipv6: {get_param: CorosyncIPv6}
|
||||||
enable_fencing: {get_param: EnableFencing}
|
tripleo::fencing::config: {get_param: FencingConfig}
|
||||||
hacluster_pwd:
|
enable_fencing: {get_param: EnableFencing}
|
||||||
yaql:
|
hacluster_pwd:
|
||||||
expression: $.data.passwords.where($ != '').first()
|
yaql:
|
||||||
data:
|
expression: $.data.passwords.where($ != '').first()
|
||||||
passwords:
|
data:
|
||||||
- {get_param: PcsdPassword}
|
passwords:
|
||||||
- {get_param: [DefaultPasswords, pcsd_password]}
|
- {get_param: PcsdPassword}
|
||||||
tripleo::profile::base::pacemaker::remote_authkey: {get_param: PacemakerRemoteAuthkey}
|
- {get_param: [DefaultPasswords, pcsd_password]}
|
||||||
|
tripleo::profile::base::pacemaker::remote_authkey: {get_param: PacemakerRemoteAuthkey}
|
||||||
|
-
|
||||||
|
if:
|
||||||
|
- pcmk_tls_priorities_empty
|
||||||
|
- {}
|
||||||
|
- tripleo::pacemaker::tls_priorities: {get_param: PacemakerTLSPriorities}
|
||||||
service_config_settings:
|
service_config_settings:
|
||||||
fluentd:
|
fluentd:
|
||||||
tripleo_fluentd_groups_pacemaker:
|
tripleo_fluentd_groups_pacemaker:
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Introduce a PacemakerTLSPriorities parameter (which will set the PCMK_tls_priorities
|
||||||
|
config option in /etc/sysconfig/pacemaker and the PCMK_tls_priorities variable
|
||||||
|
inside the bundle. This, when set, allows an operator to specify what kind of
|
||||||
|
GNUTLS ciphers are desired for the pacemaker control port.
|
Loading…
Reference in New Issue