diff options
Diffstat (limited to 'manifests/profile/pacemaker')
-rw-r--r-- | manifests/profile/pacemaker/ceph/rbdmirror.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/cinder/backup.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/cinder/backup_bundle.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/cinder/volume.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/cinder/volume_bundle.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/clustercheck.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/database/mysql.pp | 49 | ||||
-rw-r--r-- | manifests/profile/pacemaker/database/mysql_bundle.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/database/redis.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/database/redis_bundle.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/haproxy.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/haproxy_bundle.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/manila.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/neutron/lbaas.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/ovn_northd.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/rabbitmq.pp | 2 | ||||
-rw-r--r-- | manifests/profile/pacemaker/rabbitmq_bundle.pp | 2 |
17 files changed, 59 insertions, 22 deletions
diff --git a/manifests/profile/pacemaker/ceph/rbdmirror.pp b/manifests/profile/pacemaker/ceph/rbdmirror.pp index 4066225..6b566a7 100644 --- a/manifests/profile/pacemaker/ceph/rbdmirror.pp +++ b/manifests/profile/pacemaker/ceph/rbdmirror.pp @@ -45,7 +45,7 @@ class tripleo::profile::pacemaker::ceph::rbdmirror ( $client_name = 'openstack', $pcs_tries = hiera('pcs_tries', 20), $stack_action = hiera('stack_action'), - $step = hiera('step'), + $step = Integer(hiera('step')), ) { Service <| tag == 'ceph-rbd-mirror' |> { hasrestart => true, diff --git a/manifests/profile/pacemaker/cinder/backup.pp b/manifests/profile/pacemaker/cinder/backup.pp index ff0d8c9..933a735 100644 --- a/manifests/profile/pacemaker/cinder/backup.pp +++ b/manifests/profile/pacemaker/cinder/backup.pp @@ -33,7 +33,7 @@ # class tripleo::profile::pacemaker::cinder::backup ( $bootstrap_node = hiera('cinder_backup_short_bootstrap_node_name'), - $step = hiera('step'), + $step = Integer(hiera('step')), $pcs_tries = hiera('pcs_tries', 20), ) { diff --git a/manifests/profile/pacemaker/cinder/backup_bundle.pp b/manifests/profile/pacemaker/cinder/backup_bundle.pp index cd06986..a5e1a9b 100644 --- a/manifests/profile/pacemaker/cinder/backup_bundle.pp +++ b/manifests/profile/pacemaker/cinder/backup_bundle.pp @@ -40,7 +40,7 @@ class tripleo::profile::pacemaker::cinder::backup_bundle ( $bootstrap_node = hiera('cinder_backup_short_bootstrap_node_name'), $cinder_backup_docker_image = hiera('tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image', undef), $pcs_tries = hiera('pcs_tries', 20), - $step = hiera('step'), + $step = Integer(hiera('step')), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true diff --git a/manifests/profile/pacemaker/cinder/volume.pp b/manifests/profile/pacemaker/cinder/volume.pp index 0d6a598..e993426 100644 --- a/manifests/profile/pacemaker/cinder/volume.pp +++ b/manifests/profile/pacemaker/cinder/volume.pp @@ -33,7 +33,7 @@ # class tripleo::profile::pacemaker::cinder::volume ( $bootstrap_node = hiera('cinder_volume_short_bootstrap_node_name'), - $step = hiera('step'), + $step = Integer(hiera('step')), $pcs_tries = hiera('pcs_tries', 20), ) { Service <| tag == 'cinder::volume' |> { diff --git a/manifests/profile/pacemaker/cinder/volume_bundle.pp b/manifests/profile/pacemaker/cinder/volume_bundle.pp index f0858c9..39199a5 100644 --- a/manifests/profile/pacemaker/cinder/volume_bundle.pp +++ b/manifests/profile/pacemaker/cinder/volume_bundle.pp @@ -40,7 +40,7 @@ class tripleo::profile::pacemaker::cinder::volume_bundle ( $bootstrap_node = hiera('cinder_volume_short_bootstrap_node_name'), $cinder_volume_docker_image = hiera('tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image', undef), $pcs_tries = hiera('pcs_tries', 20), - $step = hiera('step'), + $step = Integer(hiera('step')), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true diff --git a/manifests/profile/pacemaker/clustercheck.pp b/manifests/profile/pacemaker/clustercheck.pp index fad30da..958f4a2 100644 --- a/manifests/profile/pacemaker/clustercheck.pp +++ b/manifests/profile/pacemaker/clustercheck.pp @@ -32,7 +32,7 @@ # # class tripleo::profile::pacemaker::clustercheck ( - $step = hiera('step'), + $step = Integer(hiera('step')), $clustercheck_password = hiera('mysql::server::root_password'), $bind_address = hiera('mysql_bind_host'), ) { diff --git a/manifests/profile/pacemaker/database/mysql.pp b/manifests/profile/pacemaker/database/mysql.pp index d42d557..22adbe9 100644 --- a/manifests/profile/pacemaker/database/mysql.pp +++ b/manifests/profile/pacemaker/database/mysql.pp @@ -26,6 +26,27 @@ # (Optional) The address that the local mysql instance should bind to. # Defaults to $::hostname # +# [*ca_file*] +# (Optional) The path to the CA file that will be used for the TLS +# configuration. It's only used if internal TLS is enabled. +# Defaults to undef +# +# [*certificate_specs*] +# (Optional) The specifications to give to certmonger for the certificate +# it will create. Note that the certificate nickname must be 'mysql' in +# the case of this service. +# Example with hiera: +# tripleo::profile::base::database::mysql::certificate_specs: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "mysql/<overcloud controller fqdn>" +# Defaults to hiera('tripleo::profile::base::database::mysql::certificate_specs', {}). +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# # [*gmcast_listen_addr*] # (Optional) This variable defines the address on which the node listens to # connections from other nodes in the cluster. @@ -41,11 +62,14 @@ # Defaults to hiera('pcs_tries', 20) # class tripleo::profile::pacemaker::database::mysql ( - $bootstrap_node = hiera('mysql_short_bootstrap_node_name'), - $bind_address = $::hostname, - $gmcast_listen_addr = hiera('mysql_bind_host'), - $step = hiera('step'), - $pcs_tries = hiera('pcs_tries', 20), + $bootstrap_node = hiera('mysql_short_bootstrap_node_name'), + $bind_address = $::hostname, + $ca_file = undef, + $certificate_specs = hiera('tripleo::profile::base::database::mysql::certificate_specs', {}), + $enable_internal_tls = hiera('enable_internal_tls', false), + $gmcast_listen_addr = hiera('mysql_bind_host'), + $step = Integer(hiera('step')), + $pcs_tries = hiera('pcs_tries', 20), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true @@ -70,6 +94,19 @@ class tripleo::profile::pacemaker::database::mysql ( $processed_galera_name_pairs = $galera_name_pairs.map |$pair| { join($pair, ':') } $cluster_host_map = join($processed_galera_name_pairs, ';') + if $enable_internal_tls { + $tls_certfile = $certificate_specs['service_certificate'] + $tls_keyfile = $certificate_specs['service_key'] + if $ca_file { + $tls_ca_options = "socket.ssl_ca=${ca_file}" + } else { + $tls_ca_options = '' + } + $tls_options = "socket.ssl_key=${tls_keyfile};socket.ssl_cert=${tls_certfile};${tls_ca_options};" + } else { + $tls_options = '' + } + $mysqld_options = { 'mysqld' => { 'skip-name-resolve' => '1', @@ -98,7 +135,7 @@ class tripleo::profile::pacemaker::database::mysql ( 'wsrep_drupal_282555_workaround'=> '0', 'wsrep_causal_reads' => '0', 'wsrep_sst_method' => 'rsync', - 'wsrep_provider_options' => "gmcast.listen_addr=tcp://${gmcast_listen_addr}:4567;", + 'wsrep_provider_options' => "gmcast.listen_addr=tcp://${gmcast_listen_addr}:4567;${tls_options}", } } diff --git a/manifests/profile/pacemaker/database/mysql_bundle.pp b/manifests/profile/pacemaker/database/mysql_bundle.pp index a127a5c..56e9e28 100644 --- a/manifests/profile/pacemaker/database/mysql_bundle.pp +++ b/manifests/profile/pacemaker/database/mysql_bundle.pp @@ -56,7 +56,7 @@ class tripleo::profile::pacemaker::database::mysql_bundle ( $bind_address = $::hostname, $gmcast_listen_addr = hiera('mysql_bind_host'), $pcs_tries = hiera('pcs_tries', 20), - $step = hiera('step'), + $step = Integer(hiera('step')), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true diff --git a/manifests/profile/pacemaker/database/redis.pp b/manifests/profile/pacemaker/database/redis.pp index 4f5a861..bc91be7 100644 --- a/manifests/profile/pacemaker/database/redis.pp +++ b/manifests/profile/pacemaker/database/redis.pp @@ -46,7 +46,7 @@ class tripleo::profile::pacemaker::database::redis ( $bootstrap_node = hiera('redis_short_bootstrap_node_name'), $enable_load_balancer = hiera('enable_load_balancer', true), - $step = hiera('step'), + $step = Integer(hiera('step')), $redis_file_limit = undef, $pcs_tries = hiera('pcs_tries', 20), ) { diff --git a/manifests/profile/pacemaker/database/redis_bundle.pp b/manifests/profile/pacemaker/database/redis_bundle.pp index 8e30c2f..dd090d7 100644 --- a/manifests/profile/pacemaker/database/redis_bundle.pp +++ b/manifests/profile/pacemaker/database/redis_bundle.pp @@ -45,7 +45,7 @@ class tripleo::profile::pacemaker::database::redis_bundle ( $redis_docker_image = hiera('tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image', undef), $redis_docker_control_port = hiera('tripleo::profile::pacemaker::database::redis_bundle::control_port', '3124'), $pcs_tries = hiera('pcs_tries', 20), - $step = hiera('step'), + $step = Integer(hiera('step')), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true diff --git a/manifests/profile/pacemaker/haproxy.pp b/manifests/profile/pacemaker/haproxy.pp index f006f78..7331071 100644 --- a/manifests/profile/pacemaker/haproxy.pp +++ b/manifests/profile/pacemaker/haproxy.pp @@ -38,7 +38,7 @@ class tripleo::profile::pacemaker::haproxy ( $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'), $enable_load_balancer = hiera('enable_load_balancer', true), - $step = hiera('step'), + $step = Integer(hiera('step')), $pcs_tries = hiera('pcs_tries', 20), ) { include ::tripleo::profile::base::haproxy diff --git a/manifests/profile/pacemaker/haproxy_bundle.pp b/manifests/profile/pacemaker/haproxy_bundle.pp index 292c9dd..9c1bdf3 100644 --- a/manifests/profile/pacemaker/haproxy_bundle.pp +++ b/manifests/profile/pacemaker/haproxy_bundle.pp @@ -43,7 +43,7 @@ class tripleo::profile::pacemaker::haproxy_bundle ( $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef), $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'), $enable_load_balancer = hiera('enable_load_balancer', true), - $step = hiera('step'), + $step = Integer(hiera('step')), $pcs_tries = hiera('pcs_tries', 20), ) { include ::tripleo::profile::base::haproxy diff --git a/manifests/profile/pacemaker/manila.pp b/manifests/profile/pacemaker/manila.pp index 7bcf8d6..c22a033 100644 --- a/manifests/profile/pacemaker/manila.pp +++ b/manifests/profile/pacemaker/manila.pp @@ -55,7 +55,7 @@ class tripleo::profile::pacemaker::manila ( $backend_cephfs_enabled = hiera('manila_backend_cephfs_enabled', false), $ceph_mds_enabled = hiera('ceph_mds_enabled', false), $bootstrap_node = hiera('manila_share_short_bootstrap_node_name'), - $step = hiera('step'), + $step = Integer(hiera('step')), $pcs_tries = hiera('pcs_tries', 20), ) { if $::hostname == downcase($bootstrap_node) { diff --git a/manifests/profile/pacemaker/neutron/lbaas.pp b/manifests/profile/pacemaker/neutron/lbaas.pp index 96712d4..9e86dfe 100644 --- a/manifests/profile/pacemaker/neutron/lbaas.pp +++ b/manifests/profile/pacemaker/neutron/lbaas.pp @@ -28,7 +28,7 @@ # Defaults to hiera('bootstrap_nodeid') # class tripleo::profile::pacemaker::neutron::lbaas ( - $step = hiera('step'), + $step = Integer(hiera('step')), $pacemaker_master = hiera('bootstrap_nodeid'), ) { diff --git a/manifests/profile/pacemaker/ovn_northd.pp b/manifests/profile/pacemaker/ovn_northd.pp index 57bbc35..212c345 100644 --- a/manifests/profile/pacemaker/ovn_northd.pp +++ b/manifests/profile/pacemaker/ovn_northd.pp @@ -47,7 +47,7 @@ class tripleo::profile::pacemaker::ovn_northd ( $pacemaker_master = hiera('ovn_dbs_short_bootstrap_node_name'), - $step = hiera('step'), + $step = Integer(hiera('step')), $pcs_tries = hiera('pcs_tries', 20), $ovn_dbs_vip = hiera('ovn_dbs_vip'), $nb_db_port = 6641, diff --git a/manifests/profile/pacemaker/rabbitmq.pp b/manifests/profile/pacemaker/rabbitmq.pp index bf6a38d..3d87598 100644 --- a/manifests/profile/pacemaker/rabbitmq.pp +++ b/manifests/profile/pacemaker/rabbitmq.pp @@ -51,7 +51,7 @@ class tripleo::profile::pacemaker::rabbitmq ( $user_ha_queues = hiera('rabbitmq::nr_ha_queues', 0), $rabbit_nodes = hiera('rabbitmq_node_names'), $pcs_tries = hiera('pcs_tries', 20), - $step = hiera('step'), + $step = Integer(hiera('step')), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true diff --git a/manifests/profile/pacemaker/rabbitmq_bundle.pp b/manifests/profile/pacemaker/rabbitmq_bundle.pp index f6c5044..0a6295c 100644 --- a/manifests/profile/pacemaker/rabbitmq_bundle.pp +++ b/manifests/profile/pacemaker/rabbitmq_bundle.pp @@ -61,7 +61,7 @@ class tripleo::profile::pacemaker::rabbitmq_bundle ( $user_ha_queues = hiera('rabbitmq::nr_ha_queues', 0), $rabbit_nodes = hiera('rabbitmq_node_names'), $pcs_tries = hiera('pcs_tries', 20), - $step = hiera('step'), + $step = Integer(hiera('step')), ) { if $::hostname == downcase($bootstrap_node) { $pacemaker_master = true |