summaryrefslogtreecommitdiffstats
path: root/manifests/profile/base
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-08-05 07:33:55 +0000
committerGerrit Code Review <review@openstack.org>2017-08-05 07:33:55 +0000
commit193a40edfb249f8857b0de2b3b268522fa318f6d (patch)
tree7eff2e2ac07d76b0314161c6ff2c807e2d7eb4b4 /manifests/profile/base
parentea9927769886449d28d171e8db937316df0e2b1c (diff)
parentc5dc8512354d51d62067d14e35a913e42531db10 (diff)
Merge "Enable encryption of pacemaker traffic by default"
Diffstat (limited to 'manifests/profile/base')
-rw-r--r--manifests/profile/base/pacemaker.pp20
1 files changed, 18 insertions, 2 deletions
diff --git a/manifests/profile/base/pacemaker.pp b/manifests/profile/base/pacemaker.pp
index d468110..de7e069 100644
--- a/manifests/profile/base/pacemaker.pp
+++ b/manifests/profile/base/pacemaker.pp
@@ -63,6 +63,10 @@
# be set to 60s.
# Defaults to hiera('pacemaker_cluster_recheck_interval', undef)
#
+# [*encryption*]
+# (Optional) Whether or not to enable encryption of the pacemaker traffic
+# Defaults to true
+#
class tripleo::profile::base::pacemaker (
$step = Integer(hiera('step')),
$pcs_tries = hiera('pcs_tries', 20),
@@ -74,6 +78,7 @@ class tripleo::profile::base::pacemaker (
$remote_tries = hiera('pacemaker_remote_tries', 5),
$remote_try_sleep = hiera('pacemaker_remote_try_sleep', 60),
$cluster_recheck_interval = hiera('pacemaker_cluster_recheck_interval', undef),
+ $encryption = true,
) {
if count($remote_short_node_names) != count($remote_node_ips) {
@@ -98,9 +103,20 @@ class tripleo::profile::base::pacemaker (
$pacemaker_cluster_members = downcase(regsubst($pacemaker_short_node_names, ',', ' ', 'G'))
$corosync_ipv6 = str2bool(hiera('corosync_ipv6', false))
if $corosync_ipv6 {
- $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000), '--ipv6' => '' }
+ $cluster_setup_extras_pre = {
+ '--token' => hiera('corosync_token_timeout', 1000),
+ '--ipv6' => ''
+ }
+ } else {
+ $cluster_setup_extras_pre = {
+ '--token' => hiera('corosync_token_timeout', 1000)
+ }
+ }
+
+ if $encryption {
+ $cluster_setup_extras = merge($cluster_setup_extras_pre, {'--encryption' => '1'})
} else {
- $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000) }
+ $cluster_setup_extras = $cluster_setup_extras_pre
}
class { '::pacemaker':
hacluster_pwd => hiera('hacluster_pwd'),