diff --git a/Puppetfile b/Puppetfile index 06975df0b..d22cba535 100644 --- a/Puppetfile +++ b/Puppetfile @@ -143,7 +143,7 @@ mod 'openstacklib', :git => 'https://github.com/openstack/puppet-openstacklib.git' mod 'pacemaker', - :commit => '733c1088ccfa24739929af7a8612ff0ade46bc6f', + :commit => 'e9a8f0d048c1bbc86a4bb1ee81417da3afe6673e', :git => 'https://github.com/redhat-openstack/puppet-pacemaker.git' mod 'puppet', diff --git a/pacemaker/lib/puppet/provider/pcmk_constraint/default.rb b/pacemaker/lib/puppet/provider/pcmk_constraint/default.rb index 83902b720..1c7c426c9 100644 --- a/pacemaker/lib/puppet/provider/pcmk_constraint/default.rb +++ b/pacemaker/lib/puppet/provider/pcmk_constraint/default.rb @@ -7,7 +7,11 @@ def create when :location cmd = 'constraint location add ' + @resource[:name] + ' ' + @resource[:resource] + ' ' + @resource[:location] + ' ' + @resource[:score] when :colocation - cmd = 'constraint colocation add ' + @resource[:resource] + ' with ' + @resource[:location] + ' ' + @resource[:score] + if @resource[:master_slave] + cmd = 'constraint colocation add ' + @resource[:resource] + ' with master ' + @resource[:location] + ' ' + @resource[:score] + else + cmd = 'constraint colocation add ' + @resource[:resource] + ' with ' + @resource[:location] + ' ' + @resource[:score] + end else fail(String(@resource[:constraint_type]) + ' is an invalid location type') end @@ -37,7 +41,11 @@ def exists? when :location return true if line.include? @resource[:name] when :colocation - return true if line.include? @resource[:resource] + ' with ' + @resource[:location] + if @resource[:master_slave] + return true if line.include? @resource[:resource] + ' with ' + @resource[:location] and line.include? "with-rsc-role:Master" + else + return true if line.include? @resource[:resource] + ' with ' + @resource[:location] + end end end # return false if constraint not found diff --git a/pacemaker/lib/puppet/type/pcmk_constraint.rb b/pacemaker/lib/puppet/type/pcmk_constraint.rb index 96250d83d..d109e4424 100644 --- a/pacemaker/lib/puppet/type/pcmk_constraint.rb +++ b/pacemaker/lib/puppet/type/pcmk_constraint.rb @@ -22,5 +22,10 @@ newparam(:score) do desc "Score" end + newparam(:master_slave) do + desc "Enable master/slave support with multistage" + newvalues(:true) + newvalues(:false) + end end diff --git a/pacemaker/manifests/constraint/colocation.pp b/pacemaker/manifests/constraint/colocation.pp index c679c00e8..eedbbae68 100644 --- a/pacemaker/manifests/constraint/colocation.pp +++ b/pacemaker/manifests/constraint/colocation.pp @@ -1,12 +1,14 @@ define pacemaker::constraint::colocation ($source, $target, $score, + $master_slave=false, $ensure=present) { pcmk_constraint {"colo-$source-$target": constraint_type => colocation, resource => $source, location => $target, score => $score, + master_slave => $master_slave, ensure => $ensure, require => Exec["wait-for-settle"], } diff --git a/pacemaker/manifests/corosync.pp b/pacemaker/manifests/corosync.pp index d60fa6514..50fad1cd1 100644 --- a/pacemaker/manifests/corosync.pp +++ b/pacemaker/manifests/corosync.pp @@ -20,10 +20,13 @@ # Number of tries for settle. # [*settle_try_sleep*] # Time to sleep after each seetle try. +# [*remote_authkey*] +# Value of /etc/pacemaker/authkey. Useful for pacemaker_remote. # [*cluster_setup_extras*] # Hash additional configuration when pcs cluster setup is run # Example : {'--token' => '10000', '--ipv6' => '', '--join' => '100' } + class pacemaker::corosync( $cluster_members, $cluster_members_rrp = undef, @@ -33,6 +36,7 @@ $settle_timeout = '3600', $settle_tries = '360', $settle_try_sleep = '10', + $remote_authkey = undef, $cluster_setup_extras = {}, ) inherits pacemaker { include ::pacemaker::params @@ -43,6 +47,12 @@ dport => ['5404', '5405'], action => 'accept', } + firewall { '001 corosync mcast ipv6': + proto => 'udp', + dport => ['5404', '5405'], + action => 'accept', + provider => 'ip6tables', + } } if $pcsd_mode { @@ -52,6 +62,12 @@ dport => ['2224'], action => 'accept', } + firewall { '001 pcsd ipv6': + proto => 'tcp', + dport => ['2224'], + action => 'accept', + provider => 'ip6tables', + } } Service['pcsd'] -> # we have more fragile when-to-start pacemaker conditions with pcsd @@ -105,6 +121,29 @@ Exec["wait-for-settle"] } + if $remote_authkey { + file { 'etc-pacemaker': + ensure => directory, + path => '/etc/pacemaker', + owner => 'hacluster', + group => 'haclient', + mode => '0750', + } -> + file { 'etc-pacemaker-authkey': + path => '/etc/pacemaker/authkey', + owner => 'hacluster', + group => 'haclient', + mode => '0640', + content => $remote_authkey, + } + if $setup_cluster { + File['etc-pacemaker-authkey'] -> Exec["Create Cluster $cluster_name"] + } + if $pcsd_mode { + File['etc-pacemaker-authkey'] -> Service['pcsd'] + } + } + exec {"wait-for-settle": timeout => $settle_timeout, tries => $settle_tries, diff --git a/pacemaker/manifests/params.pp b/pacemaker/manifests/params.pp index 4a212799b..d2698ab92 100644 --- a/pacemaker/manifests/params.pp +++ b/pacemaker/manifests/params.pp @@ -9,7 +9,7 @@ $pcsd_mode = false $services_manager = 'lsb' } else { - $package_list = ["pacemaker","pcs","fence-agents-all"] + $package_list = ["pacemaker","pcs","fence-agents-all","pacemaker-libs"] $pcsd_mode = true $services_manager = 'systemd' } diff --git a/pacemaker/manifests/resource/ip.pp b/pacemaker/manifests/resource/ip.pp index 09ec0344c..09a0f7ed5 100644 --- a/pacemaker/manifests/resource/ip.pp +++ b/pacemaker/manifests/resource/ip.pp @@ -44,7 +44,10 @@ default => " nic=${nic}" } - pcmk_resource { "ip-${ip_address}": + # pcs dislikes colons from IPv6 addresses. Replacing them with dots. + $resource_name = regsubst($ip_address, '(:)', '.', 'G') + + pcmk_resource { "ip-${resource_name}": ensure => $ensure, resource_type => 'IPaddr2', resource_params => "ip=${ip_address}${cidr_option}${nic_option}", diff --git a/pacemaker/manifests/stonith/fence_xvm.pp b/pacemaker/manifests/stonith/fence_xvm.pp index cba974c7b..e67b108b2 100644 --- a/pacemaker/manifests/stonith/fence_xvm.pp +++ b/pacemaker/manifests/stonith/fence_xvm.pp @@ -103,15 +103,32 @@ proto => 'igmp', action => 'accept', } + firewall { "003 fence_xvm ipv6": + proto => 'igmp', + action => 'accept', + provider => 'ip6tables', + } firewall { "004 fence_xvm": proto => 'udp', - dport => '1229', + dport => '1229', action => 'accept', } + firewall { "004 fence_xvm ipv6": + proto => 'udp', + dport => '1229', + action => 'accept', + provider => 'ip6tables', + } firewall { "005 fence_xvm": proto => 'tcp', - dport => '1229', + dport => '1229', + action => 'accept', + } + firewall { "005 fence_xvm ipv6": + proto => 'tcp', + dport => '1229', action => 'accept', + provider => 'ip6tables', } } diff --git a/pacemaker/manifests/stonith/xvm.pp b/pacemaker/manifests/stonith/xvm.pp index 5aff60ab6..21aa0cfd0 100644 --- a/pacemaker/manifests/stonith/xvm.pp +++ b/pacemaker/manifests/stonith/xvm.pp @@ -36,15 +36,32 @@ proto => 'igmp', action => 'accept', } + firewall { "003 fence_xvm ipv6": + proto => 'igmp', + action => 'accept', + provider => 'ip6tables', + } firewall { "004 fence_xvm": proto => 'udp', - dport => '1229', + dport => '1229', + action => 'accept', + } + firewall { "004 fence_xvm ipv6": + proto => 'udp', + dport => '1229', action => 'accept', + provider => 'ip6tables', } firewall { "005 fence_xvm": + proto => 'tcp', + dport => '1229', + action => 'accept', + } + firewall { "005 fence_xvm ipv6": proto => 'tcp', dport => '1229', action => 'accept', + provider => 'ip6tables', } }