diff options
author | Michele Baldessari <michele@acksyn.org> | 2017-05-06 17:40:24 +0200 |
---|---|---|
committer | Michele Baldessari <michele@acksyn.org> | 2017-05-07 12:38:13 +0200 |
commit | b6d02fd5001153b53b3061d63d2cb686b0646f18 (patch) | |
tree | b68ef58e878d0ec5bd9180483fb223201bd4ef69 /manifests/firewall.pp | |
parent | 926ec0151bf0bee2854cbe1d25f278ee6362eef6 (diff) |
Use verify_on_create when creating pacemaker remote resources
We currently create remote resources without waiting for their creation.
This leads to the following potential race (spotted by Marian Mkrcmari):
- On Step1 pacemaker bootstrap node creates the resource but the remote
resource is not yet created
- Step1 completes and Step2 starts
- On Step2 the remote node sets a property (or calls pcs cib) but the
remote is not yet set up so 'pcs cluster cib' will fail there with:
(err): Could not evaluate: backup_cib: Running: /usr/sbin/pcs cluster
cib /var/lib/pacemaker/cib/puppet-cib-backup20170506-15994-1swnk1i failed
with code: 1 ->
Note that when verify_on_create is set to true we are not using the cib
dump/push mechanism. That is fine because we create the remotes on
step1 and the dump/push mechanism is only needed starting from step2
when multiple nodes set cluster properties at the same time.
Tested by Marian Mkrcmari successfully as well.
Closes-Bug: #1689028
Change-Id: I764526b3f3c06591d477cc92779d83a19802368e
Depends-On: I1db31dcc92b8695ab0522bba91df729b37f34e0f
Diffstat (limited to 'manifests/firewall.pp')
0 files changed, 0 insertions, 0 deletions