heat_template_version: rocky description: > Pacemaker remote service configured with Puppet parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json PacemakerRemoteAuthkey: type: string description: The authkey for the pacemaker remote service. hidden: true PcsdPassword: type: string description: The password for the 'pcsd' user for pacemaker. hidden: true MonitoringSubscriptionPacemakerRemote: default: 'overcloud-pacemaker_remote' type: string EnableFencing: default: false description: Whether to enable fencing in Pacemaker or not. type: boolean FencingConfig: default: {} description: | Pacemaker fencing configuration. The JSON should have the following structure: { "devices": [ { "agent": "AGENT_NAME", "host_mac": "HOST_MAC_ADDRESS", "params": {"PARAM_NAME": "PARAM_VALUE"} } ] } For instance: { "devices": [ { "agent": "fence_xvm", "host_mac": "52:54:00:aa:bb:cc", "params": { "multicast_address": "225.0.0.12", "port": "baremetal_0", "manage_fw": true, "manage_key_file": true, "key_file": "/etc/fence_xvm.key", "key_file_password": "abcdef" } } ] } type: json PacemakerRemoteLoggingSource: type: json default: tag: system.pacemaker_remote file: /var/log/pacemaker.log startmsg.regex: ^[^ ]*\s*[^ ]* [^ ]* \[[^ ]*\] [^ ]* outputs: role_data: description: Role data for the Pacemaker remote role. value: service_name: pacemaker_remote firewall_rules: '130 pacemaker_remote tcp': proto: 'tcp' dport: - 3121 monitoring_subscription: {get_param: MonitoringSubscriptionPacemakerRemote} config_settings: tripleo::fencing::config: {get_param: FencingConfig} tripleo::fencing::deep_compare: true enable_fencing: {get_param: EnableFencing} tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey} tripleo::profile::base::pacemaker_remote::pcsd_bind_addr: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, PacemakerRemoteNetwork]} pacemaker::corosync::manage_fw: false hacluster_pwd: yaql: expression: $.data.passwords.where($ != '').first() data: passwords: - {get_param: PcsdPassword} - {get_param: [DefaultPasswords, pcsd_password]} service_config_settings: rsyslog: tripleo_logging_sources_pacemaker_remote: - {get_param: PacemakerRemoteLoggingSource} step_config: | include tripleo::profile::base::pacemaker_remote upgrade_tasks: - name: Create hiera data to upgrade pacemaker remote in a stepwise manner. when: - step|int == 1 block: - name: set pacemaker upgrade remote node facts in a single-node environment set_fact: pacemaker_remote_short_node_names_upgraded: "{{ pacemaker_remote_short_node_names }}" cacheable: no when: groups['pacemaker_remote'] | length <= 1 - name: set pacemaker remote upgrade node facts from the limit option set_fact: pacemaker_remote_short_node_names_upgraded: "{{ pacemaker_remote_short_node_names_upgraded|default([]) + [item.split('.')[0]] }}" cacheable: no when: - groups['pacemaker_remote'] | length > 1 - item.split('.')[0] in ansible_limit.split(':') loop: "{{ pacemaker_remote_short_node_names | default([]) }}" - debug: msg: "Prepare pacemaker remote upgrade for {{ pacemaker_remote_short_node_names_upgraded }}" - name: set pacemaker remote node ips fact from the names fact set_fact: # Generate matching IPs for the names, e.g. for these varaible values: # pacemaker_node_ips: [ "1", "2", "3" ] # pacemaker_short_node_names: [ "a", "b", "c" ] # pacemaker_short_node_names_override: [ "b" ] # it will set: # pacemaker_node_ips_override: [ "2" ] pacemaker_remote_node_ips_upgraded: "{{ dict(pacemaker_remote_short_node_names|zip(pacemaker_remote_node_ips)) | dict2items | selectattr('key', 'in', pacemaker_remote_short_node_names_upgraded) | map(attribute='value') | list }}" cacheable: no - name: add the pacemaker remote short name to hiera data for the upgrade. include_role: name: tripleo_upgrade_hiera tasks_from: set.yml vars: tripleo_upgrade_key: pacemaker_remote_short_node_names_override tripleo_upgrade_value: "{{pacemaker_remote_short_node_names_upgraded}}" - name: add the pacemaker remote ips to hiera data for the upgrade. include_role: name: tripleo_upgrade_hiera tasks_from: set.yml vars: tripleo_upgrade_key: pacemaker_remote_node_ips_override tripleo_upgrade_value: "{{pacemaker_remote_node_ips_upgraded}}" post_upgrade_tasks: - name: remove the extra hiera data needed for the upgrade. when: step|int == 1 include_role: name: tripleo_upgrade_hiera tasks_from: remove.yml vars: tripleo_upgrade_key: "{{item}}" loop: - pacemaker_remote_short_node_names_override - pacemaker_remote_node_ips_override