3056f25bd1
Configure bind address for pcsd so that it listens on a specific network instead of all available networks. Closes-Bug: #1856626 Depends-on: https://review.opendev.org/#/c/697942 Depends-on: https://review.opendev.org/#/c/697943 Change-Id: Icc78fb96b28cd7a036d958ba78b2075e7c241207
123 lines
3.7 KiB
YAML
123 lines
3.7 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Pacemaker remote service configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
PacemakerRemoteAuthkey:
|
|
type: string
|
|
description: The authkey for the pacemaker remote service.
|
|
hidden: true
|
|
PcsdPassword:
|
|
type: string
|
|
description: The password for the 'pcsd' user for pacemaker.
|
|
hidden: true
|
|
MonitoringSubscriptionPacemakerRemote:
|
|
default: 'overcloud-pacemaker_remote'
|
|
type: string
|
|
EnableFencing:
|
|
default: false
|
|
description: Whether to enable fencing in Pacemaker or not.
|
|
type: boolean
|
|
FencingConfig:
|
|
default: {}
|
|
description: |
|
|
Pacemaker fencing configuration. The JSON should have
|
|
the following structure:
|
|
{
|
|
"devices": [
|
|
{
|
|
"agent": "AGENT_NAME",
|
|
"host_mac": "HOST_MAC_ADDRESS",
|
|
"params": {"PARAM_NAME": "PARAM_VALUE"}
|
|
}
|
|
]
|
|
}
|
|
For instance:
|
|
{
|
|
"devices": [
|
|
{
|
|
"agent": "fence_xvm",
|
|
"host_mac": "52:54:00:aa:bb:cc",
|
|
"params": {
|
|
"multicast_address": "225.0.0.12",
|
|
"port": "baremetal_0",
|
|
"manage_fw": true,
|
|
"manage_key_file": true,
|
|
"key_file": "/etc/fence_xvm.key",
|
|
"key_file_password": "abcdef"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
type: json
|
|
PacemakerRemoteLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: system.pacemaker_remote
|
|
file: /var/log/pacemaker.log
|
|
startmsg.regex: ^[^ ]*\s*[^ ]* [^ ]* \[[^ ]*\] [^ ]*
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Pacemaker remote role.
|
|
value:
|
|
service_name: pacemaker_remote
|
|
firewall_rules:
|
|
'130 pacemaker_remote tcp':
|
|
proto: 'tcp'
|
|
dport:
|
|
- 3121
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionPacemakerRemote}
|
|
config_settings:
|
|
tripleo::fencing::config: {get_param: FencingConfig}
|
|
tripleo::fencing::deep_compare: true
|
|
enable_fencing: {get_param: EnableFencing}
|
|
tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey}
|
|
tripleo::profile::base::pacemaker_remote::pcsd_bind_addr:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, PacemakerRemoteNetwork]}
|
|
pacemaker::corosync::manage_fw: false
|
|
hacluster_pwd:
|
|
yaql:
|
|
expression: $.data.passwords.where($ != '').first()
|
|
data:
|
|
passwords:
|
|
- {get_param: PcsdPassword}
|
|
- {get_param: [DefaultPasswords, pcsd_password]}
|
|
service_config_settings:
|
|
rsyslog:
|
|
tripleo_logging_sources_pacemaker_remote:
|
|
- {get_param: PacemakerRemoteLoggingSource}
|
|
step_config: |
|
|
include ::tripleo::profile::base::pacemaker_remote
|