summaryrefslogtreecommitdiffstats
path: root/manifests/profile/pacemaker
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/profile/pacemaker')
-rw-r--r--manifests/profile/pacemaker/ceph/rbdmirror.pp2
-rw-r--r--manifests/profile/pacemaker/cinder/backup.pp2
-rw-r--r--manifests/profile/pacemaker/cinder/backup_bundle.pp2
-rw-r--r--manifests/profile/pacemaker/cinder/volume.pp2
-rw-r--r--manifests/profile/pacemaker/cinder/volume_bundle.pp2
-rw-r--r--manifests/profile/pacemaker/clustercheck.pp2
-rw-r--r--manifests/profile/pacemaker/database/mysql.pp49
-rw-r--r--manifests/profile/pacemaker/database/mysql_bundle.pp2
-rw-r--r--manifests/profile/pacemaker/database/redis.pp2
-rw-r--r--manifests/profile/pacemaker/database/redis_bundle.pp2
-rw-r--r--manifests/profile/pacemaker/haproxy.pp2
-rw-r--r--manifests/profile/pacemaker/haproxy_bundle.pp2
-rw-r--r--manifests/profile/pacemaker/manila.pp2
-rw-r--r--manifests/profile/pacemaker/neutron/lbaas.pp2
-rw-r--r--manifests/profile/pacemaker/ovn_northd.pp2
-rw-r--r--manifests/profile/pacemaker/rabbitmq.pp2
-rw-r--r--manifests/profile/pacemaker/rabbitmq_bundle.pp2
17 files changed, 59 insertions, 22 deletions
diff --git a/manifests/profile/pacemaker/ceph/rbdmirror.pp b/manifests/profile/pacemaker/ceph/rbdmirror.pp
index 4066225..6b566a7 100644
--- a/manifests/profile/pacemaker/ceph/rbdmirror.pp
+++ b/manifests/profile/pacemaker/ceph/rbdmirror.pp
@@ -45,7 +45,7 @@ class tripleo::profile::pacemaker::ceph::rbdmirror (
$client_name = 'openstack',
$pcs_tries = hiera('pcs_tries', 20),
$stack_action = hiera('stack_action'),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
) {
Service <| tag == 'ceph-rbd-mirror' |> {
hasrestart => true,
diff --git a/manifests/profile/pacemaker/cinder/backup.pp b/manifests/profile/pacemaker/cinder/backup.pp
index ff0d8c9..933a735 100644
--- a/manifests/profile/pacemaker/cinder/backup.pp
+++ b/manifests/profile/pacemaker/cinder/backup.pp
@@ -33,7 +33,7 @@
#
class tripleo::profile::pacemaker::cinder::backup (
$bootstrap_node = hiera('cinder_backup_short_bootstrap_node_name'),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
$pcs_tries = hiera('pcs_tries', 20),
) {
diff --git a/manifests/profile/pacemaker/cinder/backup_bundle.pp b/manifests/profile/pacemaker/cinder/backup_bundle.pp
index cd06986..a5e1a9b 100644
--- a/manifests/profile/pacemaker/cinder/backup_bundle.pp
+++ b/manifests/profile/pacemaker/cinder/backup_bundle.pp
@@ -40,7 +40,7 @@ class tripleo::profile::pacemaker::cinder::backup_bundle (
$bootstrap_node = hiera('cinder_backup_short_bootstrap_node_name'),
$cinder_backup_docker_image = hiera('tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image', undef),
$pcs_tries = hiera('pcs_tries', 20),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
diff --git a/manifests/profile/pacemaker/cinder/volume.pp b/manifests/profile/pacemaker/cinder/volume.pp
index 0d6a598..e993426 100644
--- a/manifests/profile/pacemaker/cinder/volume.pp
+++ b/manifests/profile/pacemaker/cinder/volume.pp
@@ -33,7 +33,7 @@
#
class tripleo::profile::pacemaker::cinder::volume (
$bootstrap_node = hiera('cinder_volume_short_bootstrap_node_name'),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
$pcs_tries = hiera('pcs_tries', 20),
) {
Service <| tag == 'cinder::volume' |> {
diff --git a/manifests/profile/pacemaker/cinder/volume_bundle.pp b/manifests/profile/pacemaker/cinder/volume_bundle.pp
index f0858c9..39199a5 100644
--- a/manifests/profile/pacemaker/cinder/volume_bundle.pp
+++ b/manifests/profile/pacemaker/cinder/volume_bundle.pp
@@ -40,7 +40,7 @@ class tripleo::profile::pacemaker::cinder::volume_bundle (
$bootstrap_node = hiera('cinder_volume_short_bootstrap_node_name'),
$cinder_volume_docker_image = hiera('tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image', undef),
$pcs_tries = hiera('pcs_tries', 20),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
diff --git a/manifests/profile/pacemaker/clustercheck.pp b/manifests/profile/pacemaker/clustercheck.pp
index fad30da..958f4a2 100644
--- a/manifests/profile/pacemaker/clustercheck.pp
+++ b/manifests/profile/pacemaker/clustercheck.pp
@@ -32,7 +32,7 @@
#
#
class tripleo::profile::pacemaker::clustercheck (
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
$clustercheck_password = hiera('mysql::server::root_password'),
$bind_address = hiera('mysql_bind_host'),
) {
diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp
index d42d557..22adbe9 100644
--- a/manifests/profile/pacemaker/database/mysql.pp
+++ b/manifests/profile/pacemaker/database/mysql.pp
@@ -26,6 +26,27 @@
# (Optional) The address that the local mysql instance should bind to.
# Defaults to $::hostname
#
+# [*ca_file*]
+# (Optional) The path to the CA file that will be used for the TLS
+# configuration. It's only used if internal TLS is enabled.
+# Defaults to undef
+#
+# [*certificate_specs*]
+# (Optional) The specifications to give to certmonger for the certificate
+# it will create. Note that the certificate nickname must be 'mysql' in
+# the case of this service.
+# Example with hiera:
+# tripleo::profile::base::database::mysql::certificate_specs:
+# hostname: <overcloud controller fqdn>
+# service_certificate: <service certificate path>
+# service_key: <service key path>
+# principal: "mysql/<overcloud controller fqdn>"
+# Defaults to hiera('tripleo::profile::base::database::mysql::certificate_specs', {}).
+#
+# [*enable_internal_tls*]
+# (Optional) Whether TLS in the internal network is enabled or not.
+# Defaults to hiera('enable_internal_tls', false)
+#
# [*gmcast_listen_addr*]
# (Optional) This variable defines the address on which the node listens to
# connections from other nodes in the cluster.
@@ -41,11 +62,14 @@
# Defaults to hiera('pcs_tries', 20)
#
class tripleo::profile::pacemaker::database::mysql (
- $bootstrap_node = hiera('mysql_short_bootstrap_node_name'),
- $bind_address = $::hostname,
- $gmcast_listen_addr = hiera('mysql_bind_host'),
- $step = hiera('step'),
- $pcs_tries = hiera('pcs_tries', 20),
+ $bootstrap_node = hiera('mysql_short_bootstrap_node_name'),
+ $bind_address = $::hostname,
+ $ca_file = undef,
+ $certificate_specs = hiera('tripleo::profile::base::database::mysql::certificate_specs', {}),
+ $enable_internal_tls = hiera('enable_internal_tls', false),
+ $gmcast_listen_addr = hiera('mysql_bind_host'),
+ $step = Integer(hiera('step')),
+ $pcs_tries = hiera('pcs_tries', 20),
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
@@ -70,6 +94,19 @@ class tripleo::profile::pacemaker::database::mysql (
$processed_galera_name_pairs = $galera_name_pairs.map |$pair| { join($pair, ':') }
$cluster_host_map = join($processed_galera_name_pairs, ';')
+ if $enable_internal_tls {
+ $tls_certfile = $certificate_specs['service_certificate']
+ $tls_keyfile = $certificate_specs['service_key']
+ if $ca_file {
+ $tls_ca_options = "socket.ssl_ca=${ca_file}"
+ } else {
+ $tls_ca_options = ''
+ }
+ $tls_options = "socket.ssl_key=${tls_keyfile};socket.ssl_cert=${tls_certfile};${tls_ca_options};"
+ } else {
+ $tls_options = ''
+ }
+
$mysqld_options = {
'mysqld' => {
'skip-name-resolve' => '1',
@@ -98,7 +135,7 @@ class tripleo::profile::pacemaker::database::mysql (
'wsrep_drupal_282555_workaround'=> '0',
'wsrep_causal_reads' => '0',
'wsrep_sst_method' => 'rsync',
- 'wsrep_provider_options' => "gmcast.listen_addr=tcp://${gmcast_listen_addr}:4567;",
+ 'wsrep_provider_options' => "gmcast.listen_addr=tcp://${gmcast_listen_addr}:4567;${tls_options}",
}
}
diff --git a/manifests/profile/pacemaker/database/mysql_bundle.pp b/manifests/profile/pacemaker/database/mysql_bundle.pp
index a127a5c..56e9e28 100644
--- a/manifests/profile/pacemaker/database/mysql_bundle.pp
+++ b/manifests/profile/pacemaker/database/mysql_bundle.pp
@@ -56,7 +56,7 @@ class tripleo::profile::pacemaker::database::mysql_bundle (
$bind_address = $::hostname,
$gmcast_listen_addr = hiera('mysql_bind_host'),
$pcs_tries = hiera('pcs_tries', 20),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
diff --git a/manifests/profile/pacemaker/database/redis.pp b/manifests/profile/pacemaker/database/redis.pp
index 4f5a861..bc91be7 100644
--- a/manifests/profile/pacemaker/database/redis.pp
+++ b/manifests/profile/pacemaker/database/redis.pp
@@ -46,7 +46,7 @@
class tripleo::profile::pacemaker::database::redis (
$bootstrap_node = hiera('redis_short_bootstrap_node_name'),
$enable_load_balancer = hiera('enable_load_balancer', true),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
$redis_file_limit = undef,
$pcs_tries = hiera('pcs_tries', 20),
) {
diff --git a/manifests/profile/pacemaker/database/redis_bundle.pp b/manifests/profile/pacemaker/database/redis_bundle.pp
index 8e30c2f..dd090d7 100644
--- a/manifests/profile/pacemaker/database/redis_bundle.pp
+++ b/manifests/profile/pacemaker/database/redis_bundle.pp
@@ -45,7 +45,7 @@ class tripleo::profile::pacemaker::database::redis_bundle (
$redis_docker_image = hiera('tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image', undef),
$redis_docker_control_port = hiera('tripleo::profile::pacemaker::database::redis_bundle::control_port', '3124'),
$pcs_tries = hiera('pcs_tries', 20),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
diff --git a/manifests/profile/pacemaker/haproxy.pp b/manifests/profile/pacemaker/haproxy.pp
index f006f78..7331071 100644
--- a/manifests/profile/pacemaker/haproxy.pp
+++ b/manifests/profile/pacemaker/haproxy.pp
@@ -38,7 +38,7 @@
class tripleo::profile::pacemaker::haproxy (
$bootstrap_node = hiera('haproxy_short_bootstrap_node_name'),
$enable_load_balancer = hiera('enable_load_balancer', true),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
$pcs_tries = hiera('pcs_tries', 20),
) {
include ::tripleo::profile::base::haproxy
diff --git a/manifests/profile/pacemaker/haproxy_bundle.pp b/manifests/profile/pacemaker/haproxy_bundle.pp
index 292c9dd..9c1bdf3 100644
--- a/manifests/profile/pacemaker/haproxy_bundle.pp
+++ b/manifests/profile/pacemaker/haproxy_bundle.pp
@@ -43,7 +43,7 @@ class tripleo::profile::pacemaker::haproxy_bundle (
$haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef),
$bootstrap_node = hiera('haproxy_short_bootstrap_node_name'),
$enable_load_balancer = hiera('enable_load_balancer', true),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
$pcs_tries = hiera('pcs_tries', 20),
) {
include ::tripleo::profile::base::haproxy
diff --git a/manifests/profile/pacemaker/manila.pp b/manifests/profile/pacemaker/manila.pp
index 7bcf8d6..c22a033 100644
--- a/manifests/profile/pacemaker/manila.pp
+++ b/manifests/profile/pacemaker/manila.pp
@@ -55,7 +55,7 @@ class tripleo::profile::pacemaker::manila (
$backend_cephfs_enabled = hiera('manila_backend_cephfs_enabled', false),
$ceph_mds_enabled = hiera('ceph_mds_enabled', false),
$bootstrap_node = hiera('manila_share_short_bootstrap_node_name'),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
$pcs_tries = hiera('pcs_tries', 20),
) {
if $::hostname == downcase($bootstrap_node) {
diff --git a/manifests/profile/pacemaker/neutron/lbaas.pp b/manifests/profile/pacemaker/neutron/lbaas.pp
index 96712d4..9e86dfe 100644
--- a/manifests/profile/pacemaker/neutron/lbaas.pp
+++ b/manifests/profile/pacemaker/neutron/lbaas.pp
@@ -28,7 +28,7 @@
# Defaults to hiera('bootstrap_nodeid')
#
class tripleo::profile::pacemaker::neutron::lbaas (
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
$pacemaker_master = hiera('bootstrap_nodeid'),
) {
diff --git a/manifests/profile/pacemaker/ovn_northd.pp b/manifests/profile/pacemaker/ovn_northd.pp
index 57bbc35..212c345 100644
--- a/manifests/profile/pacemaker/ovn_northd.pp
+++ b/manifests/profile/pacemaker/ovn_northd.pp
@@ -47,7 +47,7 @@
class tripleo::profile::pacemaker::ovn_northd (
$pacemaker_master = hiera('ovn_dbs_short_bootstrap_node_name'),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
$pcs_tries = hiera('pcs_tries', 20),
$ovn_dbs_vip = hiera('ovn_dbs_vip'),
$nb_db_port = 6641,
diff --git a/manifests/profile/pacemaker/rabbitmq.pp b/manifests/profile/pacemaker/rabbitmq.pp
index bf6a38d..3d87598 100644
--- a/manifests/profile/pacemaker/rabbitmq.pp
+++ b/manifests/profile/pacemaker/rabbitmq.pp
@@ -51,7 +51,7 @@ class tripleo::profile::pacemaker::rabbitmq (
$user_ha_queues = hiera('rabbitmq::nr_ha_queues', 0),
$rabbit_nodes = hiera('rabbitmq_node_names'),
$pcs_tries = hiera('pcs_tries', 20),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true
diff --git a/manifests/profile/pacemaker/rabbitmq_bundle.pp b/manifests/profile/pacemaker/rabbitmq_bundle.pp
index f6c5044..0a6295c 100644
--- a/manifests/profile/pacemaker/rabbitmq_bundle.pp
+++ b/manifests/profile/pacemaker/rabbitmq_bundle.pp
@@ -61,7 +61,7 @@ class tripleo::profile::pacemaker::rabbitmq_bundle (
$user_ha_queues = hiera('rabbitmq::nr_ha_queues', 0),
$rabbit_nodes = hiera('rabbitmq_node_names'),
$pcs_tries = hiera('pcs_tries', 20),
- $step = hiera('step'),
+ $step = Integer(hiera('step')),
) {
if $::hostname == downcase($bootstrap_node) {
$pacemaker_master = true