summaryrefslogtreecommitdiffstats
path: root/puppet/services/pacemaker_remote.yaml
blob: 47ca61426a54c8fdf0b4980e50aa59bc5d9cc78a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
heat_template_version: pike

description: >
  Pacemaker remote service configured with Puppet

parameters:
  ServiceData:
    default: {}
    description: Dictionary packing service data
    type: json
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  RoleName:
    default: ''
    description: Role name on which the service is applied
    type: string
  RoleParameters:
    default: {}
    description: Parameters specific to the role
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  PacemakerRemoteAuthkey:
    type: string
    description: The authkey for the pacemaker remote service.
    hidden: true
    default: ''
  PcsdPassword:
    type: string
    description: The password for the 'pcsd' user for pacemaker.
    hidden: true
    default: ''
  MonitoringSubscriptionPacemakerRemote:
    default: 'overcloud-pacemaker_remote'
    type: string
  EnableFencing:
    default: false
    description: Whether to enable fencing in Pacemaker or not.
    type: boolean
  FencingConfig:
    default: {}
    description: |
      Pacemaker fencing configuration. The JSON should have
      the following structure:
        {
          "devices": [
            {
              "agent": "AGENT_NAME",
              "host_mac": "HOST_MAC_ADDRESS",
              "params": {"PARAM_NAME": "PARAM_VALUE"}
            }
          ]
        }
      For instance:
        {
          "devices": [
            {
              "agent": "fence_xvm",
              "host_mac": "52:54:00:aa:bb:cc",
              "params": {
                "multicast_address": "225.0.0.12",
                "port": "baremetal_0",
                "manage_fw": true,
                "manage_key_file": true,
                "key_file": "/etc/fence_xvm.key",
                "key_file_password": "abcdef"
              }
            }
          ]
        }
    type: json
  PacemakerRemoteLoggingSource:
    type: json
    default:
      tag: system.pacemaker_remote
      path: /var/log/pacemaker.log
      format: >-
        /^(?<time>[^ ]*\s*[^ ]* [^ ]*)
        \[(?<pid>[^ ]*)\]
        (?<host>[^ ]*)
        (?<message>.*)$/

outputs:
  role_data:
    description: Role data for the Pacemaker remote role.
    value:
      service_name: pacemaker_remote
      monitoring_subscription: {get_param: MonitoringSubscriptionPacemakerRemote}
      logging_groups:
        - haclient
      logging_source: {get_param: PacemakerRemoteLoggingSource}
      config_settings:
        tripleo.pacemaker_remote.firewall_rules:
          '130 pacemaker_remote tcp':
            proto: 'tcp'
            dport:
              - 3121
        tripleo::fencing::config: {get_param: FencingConfig}
        enable_fencing: {get_param: EnableFencing}
        tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey}
        pacemaker::corosync::manage_fw: false
        hacluster_pwd:
          yaql:
            expression: $.data.passwords.where($ != '').first()
            data:
              passwords:
                - {get_param: PcsdPassword}
                - {get_param: [DefaultPasswords, pcsd_password]}
      step_config: |
        include ::tripleo::profile::base::pacemaker_remote