Merge "Fix up upgrade coordination around authkey"
This commit is contained in:
Zuul
Gerrit Code Review
commit
2d9751314c
|
|
@ -92,6 +92,10 @@
|
|||
# node via pcs if we detect a new node compared to the existing cluster)
|
||||
# Defaults to true
|
||||
#
|
||||
# [*force_authkey*]
|
||||
# (optional) Forces the use of the autkey parameter even when we're using pcs 0.10
|
||||
# Default to false
|
||||
#
|
||||
# === Dependencies
|
||||
#
|
||||
# None
|
||||
|
|
@ -128,6 +132,7 @@ class pacemaker::corosync(
|
|||
$cluster_start_try_sleep = '20',
|
||||
$manage_fw = true,
|
||||
$remote_authkey = undef,
|
||||
$force_authkey = undef,
|
||||
$settle_timeout = '3600',
|
||||
$settle_tries = '360',
|
||||
$settle_try_sleep = '10',
|
||||
|
|
@ -371,7 +376,8 @@ class pacemaker::corosync(
|
|||
}
|
||||
|
||||
# pcs 0.10/pcmk 2.0 take care of the authkey internally by themselves
|
||||
if $remote_authkey and !$::pacemaker::pcs_010 {
|
||||
# unless force_authkey is true in which case we forcefully use remote_authkey
|
||||
if $remote_authkey and (!$::pacemaker::pcs_010 or $force_authkey) {
|
||||
file { 'etc-pacemaker':
|
||||
ensure => directory,
|
||||
path => '/etc/pacemaker',
|
||||
|
|
@ -386,7 +392,16 @@ class pacemaker::corosync(
|
|||
mode => '0640',
|
||||
content => $remote_authkey,
|
||||
}
|
||||
File['etc-pacemaker-authkey'] -> Service['pcsd']
|
||||
# On the bootstrap node we want to make sure that authkey is imposed
|
||||
# after we create the cluster (because cluster create destroys it and regenerates a new one
|
||||
# but before we start. On non bootstrap nodes we just let it before pcsd
|
||||
if $setup_cluster {
|
||||
Exec<| title == "Create Cluster ${cluster_name}" |> -> File<| title == 'etc-pacemaker-authkey' |>
|
||||
File<| title == 'etc-pacemaker-authkey' |> -> Exec<| title == "Start Cluster ${cluster_name}" |>
|
||||
} else {
|
||||
File['etc-pacemaker-authkey'] -> Service['pcsd']
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
exec {'wait-for-settle':
|
||||
|
|
|
|||
|
|
@ -44,6 +44,10 @@
|
|||
# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*force_authkey*]
|
||||
# (optional) Forces the use of the autkey parameter even when we're using pcs 0.10
|
||||
# Default to false
|
||||
#
|
||||
class pacemaker::remote (
|
||||
$remote_authkey,
|
||||
$use_pcsd = false,
|
||||
|
|
@ -52,6 +56,7 @@ class pacemaker::remote (
|
|||
$manage_fw = true,
|
||||
$pcsd_debug = false,
|
||||
$pcsd_bind_addr = undef,
|
||||
$force_authkey = undef,
|
||||
$tls_priorities = undef,
|
||||
) {
|
||||
include ::pacemaker::params
|
||||
|
|
@ -133,9 +138,19 @@ class pacemaker::remote (
|
|||
enable => true,
|
||||
require => Class['::pacemaker::install'],
|
||||
}
|
||||
} else {
|
||||
# This gets managed by pcsd directly when pcs is < 0.10
|
||||
Service<| title == 'pcsd' |> -> Pcmk_constraint<||>
|
||||
Service<| title == 'pcsd' |> -> Pcmk_resource<||>
|
||||
Service<| title == 'pcsd' |> -> Pcmk_property<||>
|
||||
Service<| title == 'pcsd' |> -> Pcmk_bundle<||>
|
||||
Service<| title == 'pcsd' |> -> Pcmk_remote<||>
|
||||
}
|
||||
# We manage our own authkey in two cases
|
||||
# 1) normally when use pcsd is set to false, aka we are using the old method pre 0.10
|
||||
# to manage remotes
|
||||
# 2) When we explicitly passe force_authkey
|
||||
if !$use_pcsd or $force_authkey {
|
||||
Package<| title == 'pacemaker-remote' |> -> File <| title == 'etc-pacemaker' |>
|
||||
File <| title == 'etc-pacemaker-authkey' |> -> Service<| title == 'pacemaker_remote' |>
|
||||
file { 'etc-pacemaker':
|
||||
ensure => directory,
|
||||
path => '/etc/pacemaker',
|
||||
|
|
@ -154,5 +169,10 @@ class pacemaker::remote (
|
|||
ensure => running,
|
||||
enable => true,
|
||||
}
|
||||
Service<| title == 'pacemaker_remote' |> -> Pcmk_constraint<||>
|
||||
Service<| title == 'pacemaker_remote' |> -> Pcmk_resource<||>
|
||||
Service<| title == 'pacemaker_remote' |> -> Pcmk_property<||>
|
||||
Service<| title == 'pacemaker_remote' |> -> Pcmk_bundle<||>
|
||||
Service<| title == 'pacemaker_remote' |> -> Pcmk_remote<||>
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -111,13 +111,16 @@ define pacemaker::resource::remote(
|
|||
$try_sleep = 0,
|
||||
$verify_on_create = false,
|
||||
$force = false,
|
||||
$force_oldstyle = false,
|
||||
$pcs_user = 'hacluster',
|
||||
$pcs_password = undef,
|
||||
$location_rule = undef,
|
||||
$deep_compare = hiera('pacemaker::resource::remote::deep_compare', false),
|
||||
$update_settle_secs = hiera('pacemaker::resource::remote::update_settle_secs', 600),
|
||||
) {
|
||||
if $::pacemaker::params::pcs_010 {
|
||||
# If we use pcs 0.10 we use the new pcs node remote-add way of adding
|
||||
# remotes *except* if force_oldstyle is set to true
|
||||
if $::pacemaker::params::pcs_010 and !$force_oldstyle {
|
||||
pcmk_remote { $name:
|
||||
ensure => $ensure,
|
||||
remote_address => $remote_address,
|
||||
|
|
|
|||
Loading…
Reference in New Issue