openstack
/
puppet-tripleo
Code Issues Proposed changes

Merge "Allow the IHA OCF and fencing resource to be moved to the nova service user"

This commit is contained in:
Zuul 2019-10-15 16:37:36 +00:00 committed by Gerrit Code Review
parent 11c9839df8 066a360ee5
commit a98b9c0212
1 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
manifests/profile/base/pacemaker/instance_ha.pp
View File

@ -40,6 +40,10 @@
# The keystone admin username
# Defaults to hiera('keystone::roles::admin::admin_tenant', 'admin')
#
# [*keystone_tenant*]
# The keystone tenant
# Defaults to hiera('keystone::roles::admin::admin_tenant', 'admin')
#
# [*keystone_domain*]
# The keystone domain
# Defaults to hiera('tripleo::clouddomain', 'localdomain')
@ -64,18 +68,31 @@
# (Optional) Integer, seconds to wait before starting the nova evacuate
# Defaults to hiera('tripleo::instanceha::evacuate_delay', 0)
#
# [*deep_compare_fencing*]
# (Optional) Boolean, should fence_compute be deep compared in order to
# update the existing fencing resource when puppet is being rerun
# Defaults to hiera('tripleo::fencing', true)
#
# [*deep_compare_ocf*]
# (Optional) Boolean, should the IHA ocf resource nova evacuate be deep
# compared in order to update the resource when puppet is being rerun
# Defaults to hiera('pacemaker::resource::ocf::deep_compare', true)
#
class tripleo::profile::base::pacemaker::instance_ha (
$step = Integer(hiera('step')),
$pcs_tries = hiera('pcs_tries', 20),
$keystone_endpoint_url = hiera('keystone::endpoint::public_url'),
$keystone_password = hiera('keystone::admin_password'),
$keystone_admin = hiera('keystone::roles::admin::admin_tenant', 'admin'),
$keystone_tenant = hiera('keystone::roles::admin::admin_tenant', 'admin'),
$keystone_domain = hiera('tripleo::clouddomain', 'localdomain'),
$user_domain = hiera('nova::keystone::authtoken::user_domain_name', 'Default'),
$project_domain = hiera('nova::keystone::authtoken::project_domain_name', 'Default'),
$region_name = hiera('nova::keystone::authtoken::region_name', 'regionOne'),
$no_shared_storage = hiera('tripleo::instanceha::no_shared_storage', true),
$evacuate_delay = hiera('tripleo::instanceha::evacuate_delay', 0),
$deep_compare_fencing = hiera('tripleo::fencing', true),
$deep_compare_ocf = hiera('pacemaker::resource::ocf::deep_compare', true),
) {
if $step >= 2 {
class { '::pacemaker::resource_defaults':
@ -103,6 +120,7 @@ class tripleo::profile::base::pacemaker::instance_ha (
meta_attr => 'provides=unfencing',
pcmk_host_list => '',
tries => $pcs_tries,
deep_compare => $deep_compare_fencing,
}
pacemaker::resource::ocf { 'compute-unfence-trigger':
@ -111,6 +129,7 @@ class tripleo::profile::base::pacemaker::instance_ha (
clone_params => true,
op_params => 'stop timeout=20 on-fail=block',
tries => $pcs_tries,
deep_compare => $deep_compare_ocf,
location_rule => {
resource_discovery => 'never',
score => '-INFINITY',
@ -130,9 +149,10 @@ class tripleo::profile::base::pacemaker::instance_ha (
pacemaker::resource::ocf { 'nova-evacuate':
ocf_agent_name => 'openstack:NovaEvacuate',
# lint:ignore:140chars
resource_params => "auth_url=${keystone_endpoint_url} username=${keystone_admin} password=${keystone_password} user_domain=${user_domain} project_domain=${project_domain} tenant_name=${keystone_admin} region_name=${region_name} ${iha_no_shared_storage}${evacuate_param}",
resource_params => "auth_url=${keystone_endpoint_url} username=${keystone_admin} password=${keystone_password} user_domain=${user_domain} project_domain=${project_domain} tenant_name=${keystone_tenant} region_name=${region_name} ${iha_no_shared_storage}${evacuate_param}",
# lint:endignore
tries => $pcs_tries,
deep_compare => $deep_compare_ocf,
location_rule => {
resource_discovery => 'never',
score => '-INFINITY',