927495fe3d
The new master branch should point now to queens instead of pike. So, HOT templates should specify that they might contain features for queens release [1] [1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#queens Change-Id: I7654d1c59db0c4508a9d7045f452612d22493004
121 lines
3.5 KiB
YAML
121 lines
3.5 KiB
YAML
heat_template_version: queens
|
|
|
|
description: >
|
|
Pacemaker remote service configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
PacemakerRemoteAuthkey:
|
|
type: string
|
|
description: The authkey for the pacemaker remote service.
|
|
hidden: true
|
|
default: ''
|
|
PcsdPassword:
|
|
type: string
|
|
description: The password for the 'pcsd' user for pacemaker.
|
|
hidden: true
|
|
default: ''
|
|
MonitoringSubscriptionPacemakerRemote:
|
|
default: 'overcloud-pacemaker_remote'
|
|
type: string
|
|
EnableFencing:
|
|
default: false
|
|
description: Whether to enable fencing in Pacemaker or not.
|
|
type: boolean
|
|
FencingConfig:
|
|
default: {}
|
|
description: |
|
|
Pacemaker fencing configuration. The JSON should have
|
|
the following structure:
|
|
{
|
|
"devices": [
|
|
{
|
|
"agent": "AGENT_NAME",
|
|
"host_mac": "HOST_MAC_ADDRESS",
|
|
"params": {"PARAM_NAME": "PARAM_VALUE"}
|
|
}
|
|
]
|
|
}
|
|
For instance:
|
|
{
|
|
"devices": [
|
|
{
|
|
"agent": "fence_xvm",
|
|
"host_mac": "52:54:00:aa:bb:cc",
|
|
"params": {
|
|
"multicast_address": "225.0.0.12",
|
|
"port": "baremetal_0",
|
|
"manage_fw": true,
|
|
"manage_key_file": true,
|
|
"key_file": "/etc/fence_xvm.key",
|
|
"key_file_password": "abcdef"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
type: json
|
|
PacemakerRemoteLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: system.pacemaker_remote
|
|
path: /var/log/pacemaker.log
|
|
format: >-
|
|
/^(?<time>[^ ]*\s*[^ ]* [^ ]*)
|
|
\[(?<pid>[^ ]*)\]
|
|
(?<host>[^ ]*)
|
|
(?<message>.*)$/
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Pacemaker remote role.
|
|
value:
|
|
service_name: pacemaker_remote
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionPacemakerRemote}
|
|
logging_groups:
|
|
- haclient
|
|
logging_source: {get_param: PacemakerRemoteLoggingSource}
|
|
config_settings:
|
|
tripleo.pacemaker_remote.firewall_rules:
|
|
'130 pacemaker_remote tcp':
|
|
proto: 'tcp'
|
|
dport:
|
|
- 3121
|
|
tripleo::fencing::config: {get_param: FencingConfig}
|
|
enable_fencing: {get_param: EnableFencing}
|
|
tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey}
|
|
pacemaker::corosync::manage_fw: false
|
|
hacluster_pwd:
|
|
yaql:
|
|
expression: $.data.passwords.where($ != '').first()
|
|
data:
|
|
passwords:
|
|
- {get_param: PcsdPassword}
|
|
- {get_param: [DefaultPasswords, pcsd_password]}
|
|
step_config: |
|
|
include ::tripleo::profile::base::pacemaker_remote
|