Update pacemaker to e9a8f0d048c1bbc86a4bb1ee81417da3afe6673e

e9a8f0d048c1bbc86a4bb1ee81417da3afe6673e Merge pull request #69 from gildub/ipv6/resource_ipaddr2 1950b26946d12cb224bb82a39c9c77db0ea9feb7 Merge pull request #68 from gildub/ip6tables 01c6000db5040055372021ad5a3231840ccb8bba The colons in IPv6 addresses causing title issues 04fd6c145f719ec42e8660e476a03f97376164c2 Added FW rules for IPv6 e23cbb084bf48c414c189f45a3761c57ba8375d1 Merge pull request #63 from cwolferh/remote_authkey 1ccd9a0dafe9631c7dcc8c4402350dacd3f03e24 Merge pull request #62 from sepulworld/zmw/adding_master_slave_constraint_option_check 27a5ec99e1917356dd8496d46dbb7ad40a733974 adding support for master role constraints 023580239ac495fc20bd4a393a36051ab49ac9fa Ability to set authkey for pacemaker-remote. Change-Id: I890b71727966299cca8e22e7a213589d8414eeab
redhat-openstack · Jan 14, 2016 · 71a3fee · 71a3fee
1 parent 639fcba
commit 71a3fee
Show file tree

Hide file tree

Showing 9 changed files with 99 additions and 8 deletions.
diff --git a/Puppetfile b/Puppetfile
@@ -143,7 +143,7 @@ mod 'openstacklib',
   :git => 'https://github.com/openstack/puppet-openstacklib.git'
 
 mod 'pacemaker',
-  :commit => '733c1088ccfa24739929af7a8612ff0ade46bc6f',
+  :commit => 'e9a8f0d048c1bbc86a4bb1ee81417da3afe6673e',
   :git => 'https://github.com/redhat-openstack/puppet-pacemaker.git'
 
 mod 'puppet',

diff --git a/pacemaker/lib/puppet/provider/pcmk_constraint/default.rb b/pacemaker/lib/puppet/provider/pcmk_constraint/default.rb
@@ -7,7 +7,11 @@ def create
         when :location
             cmd = 'constraint location add ' + @resource[:name] + ' '  + @resource[:resource] + ' ' + @resource[:location] + ' ' + @resource[:score]
         when :colocation
-            cmd = 'constraint colocation add ' + @resource[:resource] + ' with ' + @resource[:location] + ' ' + @resource[:score]
+            if @resource[:master_slave]
+                cmd = 'constraint colocation add ' + @resource[:resource] + ' with master ' + @resource[:location] + ' ' + @resource[:score]
+            else 
+                cmd = 'constraint colocation add ' + @resource[:resource] + ' with ' + @resource[:location] + ' ' + @resource[:score]
+            end
         else
             fail(String(@resource[:constraint_type]) + ' is an invalid location type')
         end
@@ -37,7 +41,11 @@ def exists?
             when :location
                 return true if line.include? @resource[:name]
             when :colocation
-                return true if line.include? @resource[:resource] + ' with ' + @resource[:location]
+                if @resource[:master_slave]
+                  return true if line.include? @resource[:resource] + ' with ' + @resource[:location] and line.include? "with-rsc-role:Master" 
+                else
+                  return true if line.include? @resource[:resource] + ' with ' + @resource[:location] 
+                end
             end
         end
         # return false if constraint not found

diff --git a/pacemaker/lib/puppet/type/pcmk_constraint.rb b/pacemaker/lib/puppet/type/pcmk_constraint.rb
@@ -22,5 +22,10 @@
     newparam(:score) do
         desc "Score"
     end
+    newparam(:master_slave) do
+        desc "Enable master/slave support with multistage"
+        newvalues(:true)
+        newvalues(:false)
+    end
 
 end
diff --git a/pacemaker/manifests/constraint/colocation.pp b/pacemaker/manifests/constraint/colocation.pp
@@ -1,12 +1,14 @@
 define pacemaker::constraint::colocation ($source,
                                           $target,
                                           $score,
+                                          $master_slave=false,
                                           $ensure=present) {
     pcmk_constraint {"colo-$source-$target":
        constraint_type => colocation,
        resource        => $source,
        location        => $target,
        score           => $score,
+       master_slave    => $master_slave,
        ensure          => $ensure,
        require => Exec["wait-for-settle"],
    }

diff --git a/pacemaker/manifests/corosync.pp b/pacemaker/manifests/corosync.pp
@@ -20,10 +20,13 @@
 #   Number of tries for settle.
 # [*settle_try_sleep*]
 #   Time to sleep after each seetle try.
+# [*remote_authkey*]
+#   Value of /etc/pacemaker/authkey.  Useful for pacemaker_remote.
 # [*cluster_setup_extras*]
 #   Hash additional configuration when pcs cluster setup is run
 #   Example : {'--token' => '10000', '--ipv6' => '', '--join' => '100' }
 
+
 class pacemaker::corosync(
   $cluster_members,
   $cluster_members_rrp  = undef,
@@ -33,6 +36,7 @@
   $settle_timeout       = '3600',
   $settle_tries         = '360',
   $settle_try_sleep     = '10',
+  $remote_authkey       = undef,
   $cluster_setup_extras = {},
 ) inherits pacemaker {
   include ::pacemaker::params
@@ -43,6 +47,12 @@
       dport  => ['5404', '5405'],
       action => 'accept',
     }
+    firewall { '001 corosync mcast ipv6':
+      proto    => 'udp',
+      dport    => ['5404', '5405'],
+      action   => 'accept',
+      provider => 'ip6tables',
+    }
   }
 
   if $pcsd_mode {
@@ -52,6 +62,12 @@
         dport  => ['2224'],
         action => 'accept',
       }
+      firewall { '001 pcsd ipv6':
+        proto    => 'tcp',
+        dport    => ['2224'],
+        action   => 'accept',
+        provider => 'ip6tables',
+      }
     }
     Service['pcsd'] ->
     # we have more fragile when-to-start pacemaker conditions with pcsd
@@ -105,6 +121,29 @@
       Exec["wait-for-settle"]
   }
 
+  if $remote_authkey {
+    file { 'etc-pacemaker':
+      ensure => directory,
+      path    => '/etc/pacemaker',
+      owner   => 'hacluster',
+      group   => 'haclient',
+      mode    => '0750',
+    } ->
+    file { 'etc-pacemaker-authkey':
+      path    => '/etc/pacemaker/authkey',
+      owner   => 'hacluster',
+      group   => 'haclient',
+      mode    => '0640',
+      content => $remote_authkey,
+    }
+    if $setup_cluster {
+      File['etc-pacemaker-authkey'] -> Exec["Create Cluster $cluster_name"]
+    }
+    if $pcsd_mode {
+      File['etc-pacemaker-authkey'] -> Service['pcsd']
+    }
+  }
+
   exec {"wait-for-settle":
     timeout   => $settle_timeout,
     tries     => $settle_tries,

diff --git a/pacemaker/manifests/params.pp b/pacemaker/manifests/params.pp
@@ -9,7 +9,7 @@
         $pcsd_mode = false
         $services_manager = 'lsb'
       } else {
-        $package_list = ["pacemaker","pcs","fence-agents-all"]
+        $package_list = ["pacemaker","pcs","fence-agents-all","pacemaker-libs"]
         $pcsd_mode = true
         $services_manager = 'systemd'
       }

diff --git a/pacemaker/manifests/resource/ip.pp b/pacemaker/manifests/resource/ip.pp
@@ -44,7 +44,10 @@
       default => " nic=${nic}"
   }
 
-  pcmk_resource { "ip-${ip_address}":
+  # pcs dislikes colons from IPv6 addresses. Replacing them with dots.
+  $resource_name = regsubst($ip_address, '(:)', '.', 'G')
+
+  pcmk_resource { "ip-${resource_name}":
     ensure             => $ensure,
     resource_type      => 'IPaddr2',
     resource_params    => "ip=${ip_address}${cidr_option}${nic_option}",

diff --git a/pacemaker/manifests/stonith/fence_xvm.pp b/pacemaker/manifests/stonith/fence_xvm.pp
@@ -103,15 +103,32 @@
         proto    => 'igmp',
         action   => 'accept',
       }
+      firewall { "003 fence_xvm ipv6":
+        proto    => 'igmp',
+        action   => 'accept',
+        provider => 'ip6tables',
+      }
       firewall { "004 fence_xvm":
         proto    => 'udp',
-        dport     => '1229',
+        dport    => '1229',
         action   => 'accept',
       }
+      firewall { "004 fence_xvm ipv6":
+        proto    => 'udp',
+        dport    => '1229',
+        action   => 'accept',
+        provider => 'ip6tables',
+      }
       firewall { "005 fence_xvm":
         proto    => 'tcp',
-        dport     => '1229',
+        dport    => '1229',
+        action   => 'accept',
+      }
+      firewall { "005 fence_xvm ipv6":
+        proto    => 'tcp',
+        dport    => '1229',
         action   => 'accept',
+        provider => 'ip6tables',
       }
     }
 

diff --git a/pacemaker/manifests/stonith/xvm.pp b/pacemaker/manifests/stonith/xvm.pp
@@ -36,15 +36,32 @@
         proto    => 'igmp',
         action   => 'accept',
       }
+      firewall { "003 fence_xvm ipv6":
+        proto    => 'igmp',
+        action   => 'accept',
+        provider => 'ip6tables',
+      }
       firewall { "004 fence_xvm":
         proto    => 'udp',
-        dport     => '1229',
+        dport    => '1229',
+        action   => 'accept',
+      }
+      firewall { "004 fence_xvm ipv6":
+        proto    => 'udp',
+        dport    => '1229',
         action   => 'accept',
+        provider => 'ip6tables',
       }
       firewall { "005 fence_xvm":
+        proto    => 'tcp',
+        dport    => '1229',
+        action   => 'accept',
+      }
+      firewall { "005 fence_xvm ipv6":
         proto    => 'tcp',
         dport     => '1229',
         action   => 'accept',
+        provider => 'ip6tables',
       }
     }