heat_template_version: ocata

description: >
  Pacemaker service configured with Puppet

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  MonitoringSubscriptionPacemaker:
    default: 'overcloud-pacemaker'
    type: string
  CorosyncIPv6:
    default: false
    description: Enable IPv6 in Corosync
    type: boolean
  EnableFencing:
    default: false
    description: Whether to enable fencing in Pacemaker or not.
    type: boolean
  PacemakerRemoteAuthkey:
    type: string
    description: The authkey for the pacemaker remote service.
    hidden: true
    default: ''
  PcsdPassword:
    type: string
    description: The password for the 'pcsd' user for pacemaker.
    hidden: true
    default: ''
  CorosyncSettleTries:
    type: number
    description: Number of tries for cluster settling. This has the
                 same default as the pacemaker puppet module. Override
                 to a smaller value when in need to replace a controller node.
    default: 360
  FencingConfig:
    default: {}
    description: |
      Pacemaker fencing configuration. The JSON should have
      the following structure:
        {
          "devices": [
            {
              "agent": "AGENT_NAME",
              "host_mac": "HOST_MAC_ADDRESS",
              "params": {"PARAM_NAME": "PARAM_VALUE"}
            }
          ]
        }
      For instance:
        {
          "devices": [
            {
              "agent": "fence_xvm",
              "host_mac": "52:54:00:aa:bb:cc",
              "params": {
                "multicast_address": "225.0.0.12",
                "port": "baremetal_0",
                "manage_fw": true,
                "manage_key_file": true,
                "key_file": "/etc/fence_xvm.key",
                "key_file_password": "abcdef"
              }
            }
          ]
        }
    type: json
  PacemakerLoggingSource:
    type: json
    default:
      tag: system.pacemaker
      path: /var/log/pacemaker.log,/var/log/cluster/corosync.log
      format: >-
        /^(?<time>[^ ]*\s*[^ ]* [^ ]*)
        \[(?<pid>[^ ]*)\]
        (?<host>[^ ]*)
        (?<message>.*)$/

  EnableLoadBalancer:
    default: true
    description: Whether to deploy a LoadBalancer on the Controller
    type: boolean

  PacemakerResources:
    type: comma_delimited_list
    description: List of resources managed by pacemaker
    default: ['rabbitmq', 'galera']

outputs:
  role_data:
    description: Role data for the Pacemaker role.
    value:
      service_name: pacemaker
      monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker}
      logging_groups:
        - haclient
      logging_source: {get_param: PacemakerLoggingSource}
      config_settings:
        pacemaker::corosync::cluster_name: 'tripleo_cluster'
        pacemaker::corosync::manage_fw: false
        pacemaker::resource_defaults::defaults:
          resource-stickiness: { value: INFINITY }
        corosync_token_timeout: 10000
        pacemaker::corosync::settle_tries: {get_param: CorosyncSettleTries}
        tripleo.pacemaker.firewall_rules:
          '130 pacemaker tcp':
            proto: 'tcp'
            dport:
              - 2224
              - 3121
              - 21064
          '131 pacemaker udp':
            proto: 'udp'
            dport: 5405
        corosync_ipv6: {get_param: CorosyncIPv6}
        tripleo::fencing::config: {get_param: FencingConfig}
        enable_fencing: {get_param: EnableFencing}
        hacluster_pwd:
          yaql:
            expression: $.data.passwords.where($ != '').first()
            data:
              passwords:
                - {get_param: PcsdPassword}
                - {get_param: [DefaultPasswords, pcsd_password]}
        tripleo::profile::base::pacemaker::remote_authkey: {get_param: PacemakerRemoteAuthkey}
      step_config: |
        include ::tripleo::profile::base::pacemaker
      upgrade_tasks:
        - name: Check pacemaker cluster running before upgrade
          tags: step0,validation
          pacemaker_cluster: state=online check_and_fail=true
          async: 30
          poll: 4
        - name: Stop pacemaker cluster
          tags: step2
          pacemaker_cluster: state=offline
        - name: Start pacemaker cluster
          tags: step4
          pacemaker_cluster: state=online
        - name: Check pacemaker resource
          tags: step4
          pacemaker_is_active:
            resource: "{{ item }}"
            max_wait: 500
          with_items: {get_param: PacemakerResources}
        - name: Check pacemaker haproxy resource
          tags: step4
          pacemaker_is_active:
            resource: haproxy
            max_wait: 500
          when: {get_param: EnableLoadBalancer}