Skip to content

Commit

Permalink
Include the distinctions for pcs cluster auth in 0.10.0
Browse files Browse the repository at this point in the history
Include @mark8x57's changes from #513 along with version gating to still
maintain support for pcs 0.9 (although one would have to check if any
pcs 0.9 is still in use by supported distributions).

Co-authored-by: Mark Habenicht <[email protected]>
  • Loading branch information
towo and Mark Habenicht committed Dec 22, 2021
1 parent b838f9d commit 1624df5
Show file tree
Hide file tree
Showing 3 changed files with 374 additions and 273 deletions.
28 changes: 19 additions & 9 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -596,12 +596,18 @@
# addresses
$node_string = join($quorum_members, ' ')

# Define the pcs host command, this changed with 0.10.0 as per #513
$pcs_auth_command = versioncmp($version_pcs, '0.10.0') ? {
'-1' => 'pcs cluster auth',
default => 'pcs host auth',
}

# Attempt to authorize all members. The command will return successfully
# if they were already authenticated so it's safe to run every time this
# is applied.
# TODO - make it run only once
exec { 'pcs_cluster_auth':
command => "pcs cluster auth ${node_string} ${auth_credential_string}",
exec { 'Authorize members':
command => "${pcs_auth_command} ${node_string} ${auth_credential_string}",
path => $exec_path,
require => [
Service['pcsd'],
Expand All @@ -624,14 +630,18 @@
}

if $manage_quorum_device and $manage_pcsd_auth and $is_auth_node and $set_votequorum {
$pcs_cluster_setup_namearg = versioncmp($version_pcs, '0.10.0') ? {
'-1' => '--name',
default => '',
}
# If the cluster hasn't been configured yet, temporarily configure it so
# the pcs_cluster_auth_qdevice command doesn't fail. This should generate
# the Authorize qdevice command doesn't fail. This should generate
# a temporary corosync.conf which will then be overwritten
exec { 'pcs_cluster_temporary':
command => "pcs cluster setup --force --name ${cluster_name} ${node_string}",
command => "pcs cluster setup --force ${pcs_cluster_setup_namearg} ${cluster_name} ${node_string}",
path => $exec_path,
onlyif => 'test ! -f /etc/corosync/corosync.conf',
require => Exec['pcs_cluster_auth'],
require => Exec['Authorize members'],
}
# We need to do this so the temporary cluster doesn't delete our authkey
if $enable_secauth {
Expand All @@ -644,13 +654,13 @@
$qdevice_token_check = "${token_prefix} ${quorum_device_host} ${token_suffix}"

$quorum_device_password = $sensitive_quorum_device_password.unwrap
exec { 'pcs_cluster_auth_qdevice':
command => "pcs cluster auth ${quorum_device_host} -u hacluster -p ${quorum_device_password}",
exec { 'Authorize qdevice':
command => "${pcs_auth_command} ${quorum_device_host} -u hacluster -p ${quorum_device_password}",
path => $exec_path,
onlyif => $qdevice_token_check,
require => [
Package[$package_quorum_device],
Exec['pcs_cluster_auth'],
Exec['Authorize members'],
Exec['pcs_cluster_temporary'],
],
}
Expand All @@ -666,7 +676,7 @@
onlyif => [
'test 0 -ne $(pcs quorum config | grep "host:" >/dev/null 2>&1; echo $?)',
],
require => Exec['pcs_cluster_auth_qdevice'],
require => Exec['Authorize qdevice'],
before => File['/etc/corosync/corosync.conf'],
notify => Service['corosync-qdevice'],
}
Expand Down
Loading

0 comments on commit 1624df5

Please sign in to comment.