Make HA container bundle work on remote nodes

Right now when we deploy an HA bundle on a pacemaker remote node, the deploy will fail due to the fact that the bundle includes tripleo::profile::base::pacemaker which makes a call to hiera('hacluster_pwd') which will fail on pcmk remote nodes. While we could noop the profile on pcmk nodes, it's much simpler to just make sure this hiera key exists on pcmk remote nodes. Also make sure that pacemaker::corosync::manage_fw is set to false on remote nodes, otherwise the mere inclusion of the pacemaker profile will cause iptables-save to run in a container and thus failing. Change-Id: I09b3e54a470cc2d600a701d23463962501c5c9d6
2017-08-08 21:27:48 +02:00 · 2017-08-08 21:27:48 +02:00 · 96795a94da
parent 5bf7d6582b
commit 96795a94da
1 changed files with 13 additions and 0 deletions
--- a/puppet/services/pacemaker_remote.yaml
+++ b/puppet/services/pacemaker_remote.yaml
@ -35,6 +35,11 @@ parameters:
    description: The authkey for the pacemaker remote service.
    hidden: true
    default: ''
+  PcsdPassword:
+    type: string
+    description: The password for the 'pcsd' user for pacemaker.
+    hidden: true
+    default: ''
  MonitoringSubscriptionPacemakerRemote:
    default: 'overcloud-pacemaker_remote'
    type: string
@ -103,5 +108,13 @@ outputs:
        tripleo::fencing::config: {get_param: FencingConfig}
        enable_fencing: {get_param: EnableFencing}
        tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey}
+        pacemaker::corosync::manage_fw: false
+        hacluster_pwd:
+          yaql:
+            expression: $.data.passwords.where($ != '').first()
+            data:
+              passwords:
+                - {get_param: PcsdPassword}
+                - {get_param: [DefaultPasswords, pcsd_password]}
      step_config: |
        include ::tripleo::profile::base::pacemaker_remote