aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services/pacemaker.yaml
blob: f7a0edf8add800fe81dd91313ff8fea3e65278f2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
heat_template_version: ocata

description: >
  Pacemaker service configured with Puppet

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  MonitoringSubscriptionPacemaker:
    default: 'overcloud-pacemaker'
    type: string
  CorosyncIPv6:
    default: false
    description: Enable IPv6 in Corosync
    type: boolean
  EnableFencing:
    default: false
    description: Whether to enable fencing in Pacemaker or not.
    type: boolean
  PacemakerRemoteAuthkey:
    type: string
    description: The authkey for the pacemaker remote service.
    hidden: true
    default: ''
  PcsdPassword:
    type: string
    description: The password for the 'pcsd' user for pacemaker.
    hidden: true
    default: ''
  CorosyncSettleTries:
    type: number
    description: Number of tries for cluster settling. This has the
                 same default as the pacemaker puppet module. Override
                 to a smaller value when in need to replace a controller node.
    default: 360
  FencingConfig:
    default: {}
    description: |
      Pacemaker fencing configuration. The JSON should have
      the following structure:
        {
          "devices": [
            {
              "agent": "AGENT_NAME",
              "host_mac": "HOST_MAC_ADDRESS",
              "params": {"PARAM_NAME": "PARAM_VALUE"}
            }
          ]
        }
      For instance:
        {
          "devices": [
            {
              "agent": "fence_xvm",
              "host_mac": "52:54:00:aa:bb:cc",
              "params": {
                "multicast_address": "225.0.0.12",
                "port": "baremetal_0",
                "manage_fw": true,
                "manage_key_file": true,
                "key_file": "/etc/fence_xvm.key",
                "key_file_password": "abcdef"
              }
            }
          ]
        }
    type: json
  PacemakerLoggingSource:
    type: json
    default:
      tag: system.pacemaker
      path: /var/log/pacemaker.log,/var/log/cluster/corosync.log
      format: >-
        /^(?<time>[^ ]*\s*[^ ]* [^ ]*)
        \[(?<pid>[^ ]*)\]
        (?<host>[^ ]*)
        (?<message>.*)$/

  EnableLoadBalancer:
    default: true
    description: Whether to deploy a LoadBalancer on the Controller
    type: boolean

  PacemakerResources:
    type: comma_delimited_list
    description: List of resources managed by pacemaker
    default: ['rabbitmq', 'galera']

outputs:
  role_data:
    description: Role data for the Pacemaker role.
    value:
      service_name: pacemaker
      monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker}
      logging_groups:
        - haclient
      logging_source: {get_param: PacemakerLoggingSource}
      config_settings:
        pacemaker::corosync::cluster_name: 'tripleo_cluster'
        pacemaker::corosync::manage_fw: false
        pacemaker::resource_defaults::defaults:
          resource-stickiness: { value: INFINITY }
        corosync_token_timeout: 10000
        pacemaker::corosync::settle_tries: {get_param: CorosyncSettleTries}
        tripleo.pacemaker.firewall_rules:
          '130 pacemaker tcp':
            proto: 'tcp'
            dport:
              - 2224
              - 3121
              - 21064
          '131 pacemaker udp':
            proto: 'udp'
            dport: 5405
        corosync_ipv6: {get_param: CorosyncIPv6}
        tripleo::fencing::config: {get_param: FencingConfig}
        enable_fencing: {get_param: EnableFencing}
        hacluster_pwd:
          yaql:
            expression: $.data.passwords.where($ != '').first()
            data:
              passwords:
                - {get_param: PcsdPassword}
                - {get_param: [DefaultPasswords, pcsd_password]}
        tripleo::profile::base::pacemaker::remote_authkey: {get_param: PacemakerRemoteAuthkey}
      step_config: |
        include ::tripleo::profile::base::pacemaker
      upgrade_tasks:
        - name: Check pacemaker cluster running before upgrade
          tags: step0,validation
          pacemaker_cluster: state=online check_and_fail=true
          async: 30
          poll: 4
        - name: Stop pacemaker cluster
          tags: step2
          pacemaker_cluster: state=offline
        - name: Start pacemaker cluster
          tags: step4
          pacemaker_cluster: state=online
        - name: Check pacemaker resource
          tags: step4
          pacemaker_is_active:
            resource: "{{ item }}"
            max_wait: 500
          with_items: {get_param: PacemakerResources}
        - name: Check pacemaker haproxy resource
          tags: step4
          pacemaker_is_active:
            resource: haproxy
            max_wait: 500
          when: {get_param: EnableLoadBalancer}