heat_template_version: rocky description: > Pacemaker remote service configured with Puppet parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json PacemakerRemoteAuthkey: type: string description: The authkey for the pacemaker remote service. hidden: true PcsdPassword: type: string description: The password for the 'pcsd' user for pacemaker. hidden: true MonitoringSubscriptionPacemakerRemote: default: 'overcloud-pacemaker_remote' type: string EnableFencing: default: false description: Whether to enable fencing in Pacemaker or not. type: boolean FencingConfig: default: {} description: | Pacemaker fencing configuration. The JSON should have the following structure: { "devices": [ { "agent": "AGENT_NAME", "host_mac": "HOST_MAC_ADDRESS", "params": {"PARAM_NAME": "PARAM_VALUE"} } ] } For instance: { "devices": [ { "agent": "fence_xvm", "host_mac": "52:54:00:aa:bb:cc", "params": { "multicast_address": "225.0.0.12", "port": "baremetal_0", "manage_fw": true, "manage_key_file": true, "key_file": "/etc/fence_xvm.key", "key_file_password": "abcdef" } } ] } type: json PacemakerRemoteLoggingSource: type: json default: tag: system.pacemaker_remote file: /var/log/pacemaker.log startmsg.regex: ^[^ ]*\s*[^ ]* [^ ]* \[[^ ]*\] [^ ]* outputs: role_data: description: Role data for the Pacemaker remote role. value: service_name: pacemaker_remote monitoring_subscription: {get_param: MonitoringSubscriptionPacemakerRemote} config_settings: tripleo::pacemaker_remote::firewall_rules: '130 pacemaker_remote tcp': proto: 'tcp' dport: - 3121 tripleo::fencing::config: {get_param: FencingConfig} enable_fencing: {get_param: EnableFencing} tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey} pacemaker::corosync::manage_fw: false hacluster_pwd: yaql: expression: $.data.passwords.where($ != '').first() data: passwords: - {get_param: PcsdPassword} - {get_param: [DefaultPasswords, pcsd_password]} service_config_settings: rsyslog: tripleo_logging_sources_pacemaker_remote: - {get_param: PacemakerRemoteLoggingSource} step_config: | include ::tripleo::profile::base::pacemaker_remote