tripleo-heat-templates/deployment/pacemaker/pacemaker-remote-baremetal-puppet.yaml

heat_template_version: rocky

description: >
  Pacemaker remote service configured with Puppet  

parameters:
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  PacemakerRemoteAuthkey:
    type: string
    description: The authkey for the pacemaker remote service.
    hidden: true
  PcsdPassword:
    type: string
    description: The password for the 'pcsd' user for pacemaker.
    hidden: true
  MonitoringSubscriptionPacemakerRemote:
    default: 'overcloud-pacemaker_remote'
    type: string
  EnableFencing:
    default: false
    description: Whether to enable fencing in Pacemaker or not.
    type: boolean
  FencingConfig:
    default: {}
    description: |
      Pacemaker fencing configuration. The JSON should have
      the following structure:
        {
          "devices": [
            {
              "agent": "AGENT_NAME",
              "host_mac": "HOST_MAC_ADDRESS",
              "params": {"PARAM_NAME": "PARAM_VALUE"}
            }
          ]
        }
      For instance:
        {
          "devices": [
            {
              "agent": "fence_xvm",
              "host_mac": "52:54:00:aa:bb:cc",
              "params": {
                "multicast_address": "225.0.0.12",
                "port": "baremetal_0",
                "manage_fw": true,
                "manage_key_file": true,
                "key_file": "/etc/fence_xvm.key",
                "key_file_password": "abcdef"
              }
            }
          ]
        }      
    type: json
  PacemakerRemoteLoggingSource:
    type: json
    default:
      tag: system.pacemaker_remote
      file: /var/log/pacemaker.log
      startmsg.regex: ^[^ ]*\s*[^ ]* [^ ]* \[[^ ]*\] [^ ]*

outputs:
  role_data:
    description: Role data for the Pacemaker remote role.
    value:
      service_name: pacemaker_remote
      firewall_rules:
        '130 pacemaker_remote tcp':
          proto: 'tcp'
          dport:
            - 3121
      monitoring_subscription: {get_param: MonitoringSubscriptionPacemakerRemote}
      config_settings:
        tripleo::fencing::config: {get_param: FencingConfig}
        tripleo::fencing::deep_compare: true
        enable_fencing: {get_param: EnableFencing}
        tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey}
        tripleo::profile::base::pacemaker_remote::pcsd_bind_addr:
          str_replace:
            template:
              "%{hiera('$NETWORK')}"
            params:
              $NETWORK: {get_param: [ServiceNetMap, PacemakerRemoteNetwork]}
        pacemaker::corosync::manage_fw: false
        hacluster_pwd:
          yaql:
            expression: $.data.passwords.where($ != '').first()
            data:
              passwords:
                - {get_param: PcsdPassword}
                - {get_param: [DefaultPasswords, pcsd_password]}
      service_config_settings:
        rsyslog:
          tripleo_logging_sources_pacemaker_remote:
            - {get_param: PacemakerRemoteLoggingSource}
      step_config: |
        include tripleo::profile::base::pacemaker_remote        
      upgrade_tasks:
        - name: Create hiera data to upgrade pacemaker remote in a stepwise manner.
          when:
            - step|int == 1
          block:
            - name: set pacemaker upgrade remote node facts in a single-node environment
              set_fact:
                pacemaker_remote_short_node_names_upgraded: "{{ pacemaker_remote_short_node_names }}"
                cacheable: no
              when: groups['pacemaker_remote'] | length <= 1
            - name: set pacemaker remote upgrade node facts from the limit option
              set_fact:
                pacemaker_remote_short_node_names_upgraded: "{{ pacemaker_remote_short_node_names_upgraded|default([]) + [item.split('.')[0]] }}"
                cacheable: no
              when:
                - groups['pacemaker_remote'] | length > 1
                - item.split('.')[0] in ansible_limit.split(':')
              loop: "{{ pacemaker_remote_short_node_names | default([]) }}"
            - debug:
                msg: "Prepare pacemaker remote upgrade for {{ pacemaker_remote_short_node_names_upgraded }}"
            - name: set pacemaker remote node ips fact from the names fact
              set_fact:
                # Generate matching IPs for the names, e.g. for these varaible values:
                #     pacemaker_node_ips: [ "1", "2", "3" ]
                #     pacemaker_short_node_names: [ "a", "b", "c" ]
                #     pacemaker_short_node_names_override: [ "b" ]
                # it will set:
                #     pacemaker_node_ips_override: [ "2" ]
                pacemaker_remote_node_ips_upgraded: "{{
                  dict(pacemaker_remote_short_node_names|zip(pacemaker_remote_node_ips))
                  | dict2items
                  | selectattr('key', 'in', pacemaker_remote_short_node_names_upgraded)
                  | map(attribute='value')
                  | list }}"
                cacheable: no
            - name: add the pacemaker remote short name to hiera data for the upgrade.
              include_role:
                name: tripleo_upgrade_hiera
                tasks_from: set.yml
              vars:
                tripleo_upgrade_key: pacemaker_remote_short_node_names_override
                tripleo_upgrade_value: "{{pacemaker_remote_short_node_names_upgraded}}"
            - name: add the pacemaker remote ips to hiera data for the upgrade.
              include_role:
                name: tripleo_upgrade_hiera
                tasks_from: set.yml
              vars:
                tripleo_upgrade_key: pacemaker_remote_node_ips_override
                tripleo_upgrade_value: "{{pacemaker_remote_node_ips_upgraded}}"
      post_upgrade_tasks:
        - name: remove the extra hiera data needed for the upgrade.
          when: step|int == 1
          include_role:
            name: tripleo_upgrade_hiera
            tasks_from: remove.yml
          vars:
            tripleo_upgrade_key: "{{item}}"
          loop:
            - pacemaker_remote_short_node_names_override
            - pacemaker_remote_node_ips_override