diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-08-05 07:33:55 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-08-05 07:33:55 +0000 |
commit | 193a40edfb249f8857b0de2b3b268522fa318f6d (patch) | |
tree | 7eff2e2ac07d76b0314161c6ff2c807e2d7eb4b4 /manifests/profile/base/pacemaker.pp | |
parent | ea9927769886449d28d171e8db937316df0e2b1c (diff) | |
parent | c5dc8512354d51d62067d14e35a913e42531db10 (diff) |
Merge "Enable encryption of pacemaker traffic by default"
Diffstat (limited to 'manifests/profile/base/pacemaker.pp')
-rw-r--r-- | manifests/profile/base/pacemaker.pp | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/manifests/profile/base/pacemaker.pp b/manifests/profile/base/pacemaker.pp index d468110..de7e069 100644 --- a/manifests/profile/base/pacemaker.pp +++ b/manifests/profile/base/pacemaker.pp @@ -63,6 +63,10 @@ # be set to 60s. # Defaults to hiera('pacemaker_cluster_recheck_interval', undef) # +# [*encryption*] +# (Optional) Whether or not to enable encryption of the pacemaker traffic +# Defaults to true +# class tripleo::profile::base::pacemaker ( $step = Integer(hiera('step')), $pcs_tries = hiera('pcs_tries', 20), @@ -74,6 +78,7 @@ class tripleo::profile::base::pacemaker ( $remote_tries = hiera('pacemaker_remote_tries', 5), $remote_try_sleep = hiera('pacemaker_remote_try_sleep', 60), $cluster_recheck_interval = hiera('pacemaker_cluster_recheck_interval', undef), + $encryption = true, ) { if count($remote_short_node_names) != count($remote_node_ips) { @@ -98,9 +103,20 @@ class tripleo::profile::base::pacemaker ( $pacemaker_cluster_members = downcase(regsubst($pacemaker_short_node_names, ',', ' ', 'G')) $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false)) if $corosync_ipv6 { - $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000), '--ipv6' => '' } + $cluster_setup_extras_pre = { + '--token' => hiera('corosync_token_timeout', 1000), + '--ipv6' => '' + } + } else { + $cluster_setup_extras_pre = { + '--token' => hiera('corosync_token_timeout', 1000) + } + } + + if $encryption { + $cluster_setup_extras = merge($cluster_setup_extras_pre, {'--encryption' => '1'}) } else { - $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000) } + $cluster_setup_extras = $cluster_setup_extras_pre } class { '::pacemaker': hacluster_pwd => hiera('hacluster_pwd'), |