Include the distinctions for pcs cluster auth in 0.10.0

towo · Mark Habenicht · towo · commit c7cdcac1fcae · 2021-12-22T14:07:45.000+01:00
Include @mark8x57's changes from #513 along with version gating to still maintain support for pcs 0.9 (although one would have to check if any pcs 0.9 is still in use by supported distributions). Co-authored-by: Mark Habenicht <habenicht@eventit.ag>
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -596,12 +596,18 @@
       # addresses
       $node_string = join($quorum_members, ' ')
 
+      # Define the pcs host command, this changed with 0.10.0 as per #513
+      $pcs_auth_command = versioncmp($version_pcs, '0.10.0') ? {
+        '-1'    => 'pcs cluster auth',
+        default => 'pcs host auth',
+      }
+
       # Attempt to authorize all members. The command will return successfully
       # if they were already authenticated so it's safe to run every time this
       # is applied.
       # TODO - make it run only once
-      exec { 'pcs_cluster_auth':
-        command => "pcs cluster auth ${node_string} ${auth_credential_string}",
+      exec { 'Authorize members':
+        command => "${pcs_auth_command} ${node_string} ${auth_credential_string}",
         path    => $exec_path,
         require => [
           Service['pcsd'],
@@ -624,14 +630,18 @@
     }
 
     if $manage_quorum_device and $manage_pcsd_auth and $is_auth_node and $set_votequorum {
+      $pcs_cluster_setup_namearg = versioncmp($version_pcs, '0.10.0') ? {
+        '-1'    => '--name',
+        default => '',
+      }
       # If the cluster hasn't been configured yet, temporarily configure it so
-      # the pcs_cluster_auth_qdevice command doesn't fail. This should generate
+      # the Authorize qdevice command doesn't fail. This should generate
       # a temporary corosync.conf which will then be overwritten
       exec { 'pcs_cluster_temporary':
-        command => "pcs cluster setup --force --name ${cluster_name} ${node_string}",
+        command => "pcs cluster setup --force ${pcs_cluster_setup_namearg} ${cluster_name} ${node_string}",
         path    => $exec_path,
         onlyif  => 'test ! -f /etc/corosync/corosync.conf',
-        require => Exec['pcs_cluster_auth'],
+        require => Exec['Authorize members'],
       }
       # We need to do this so the temporary cluster doesn't delete our authkey
       if $enable_secauth {
@@ -644,13 +654,13 @@
       $qdevice_token_check = "${token_prefix} ${quorum_device_host} ${token_suffix}"
 
       $quorum_device_password = $sensitive_quorum_device_password.unwrap
-      exec { 'pcs_cluster_auth_qdevice':
-        command => "pcs cluster auth ${quorum_device_host} -u hacluster -p ${quorum_device_password}",
+      exec { 'Authorize qdevice':
+        command => "${pcs_auth_command} ${quorum_device_host} -u hacluster -p ${quorum_device_password}",
         path    => $exec_path,
         onlyif  => $qdevice_token_check,
         require => [
           Package[$package_quorum_device],
-          Exec['pcs_cluster_auth'],
+          Exec['Authorize members'],
           Exec['pcs_cluster_temporary'],
         ],
       }
@@ -666,7 +676,7 @@
         onlyif  => [
           'test 0 -ne $(pcs quorum config | grep "host:" >/dev/null 2>&1; echo $?)',
         ],
-        require => Exec['pcs_cluster_auth_qdevice'],
+        require => Exec['Authorize qdevice'],
         before  => File['/etc/corosync/corosync.conf'],
         notify  => Service['corosync-qdevice'],
       }
diff --git a/spec/classes/corosync_spec.rb b/spec/classes/corosync_spec.rb
@@ -6,6 +6,25 @@
       multicast_address: '239.1.1.2' }
   end
 
+  auth_command = if fact('default_provider') == 'pcs'
+                   if Gem::Version.new(fact('pcs_version')) < Gem::Version.new('0.10.0')
+                     'pcs cluster auth'
+                   else
+                     'pcs host auth'
+                   end
+                 else
+                   'pcs cluster auth'
+                 end
+  cluster_name_arg = if fact('default_provider') == 'pcs'
+                       if Gem::Version.new(fact('pcs_version')) < Gem::Version.new('0.10.0')
+                         '--name'
+                       else
+                         ''
+                       end
+                     else
+                       '--name'
+                     end
+
   shared_examples_for 'corosync' do
     it { is_expected.to compile.with_all_deps }
 
@@ -746,7 +765,7 @@
             let(:node) { 'node2.test.org' }
 
             it 'does not perform the auth' do
-              is_expected.not_to contain_exec('pcs_cluster_auth')
+              is_expected.not_to contain_exec('Authorize members')
             end
           end
 
@@ -768,15 +787,33 @@
             end
 
             it 'authorizes all nodes' do
-              is_expected.to contain_exec('pcs_cluster_auth').with(
-                command: 'pcs cluster auth node1.test.org node2.test.org node3.test.org -u hacluster -p some-secret-sauce',
+              is_expected.to contain_exec('Authorize members').with(
+                command: "#{auth_command} node1.test.org node2.test.org node3.test.org -u hacluster -p some-secret-sauce",
                 path: '/sbin:/bin:/usr/sbin:/usr/bin',
                 require: [
                   'Service[pcsd]',
                   'User[hacluster]'
                 ]
               )
             end
+            context 'with pcs 0.10.0' do
+              let(:params) do
+                super().merge(
+                  'version_pcs' => '0.10.0'
+                )
+              end
+
+              it 'authorizes all nodes' do
+                is_expected.to contain_exec('Authorize members').with(
+                  command: 'pcs host auth node1.test.org node2.test.org node3.test.org -u hacluster -p some-secret-sauce',
+                  path: '/sbin:/bin:/usr/sbin:/usr/bin',
+                  require: [
+                    'Service[pcsd]',
+                    'User[hacluster]'
+                  ]
+                )
+              end
+            end
           end
 
           context 'using an ip baseid node list' do
@@ -800,7 +837,7 @@
             let(:facts) { override_facts(super(), networking: { ip: '192.168.0.10' }) }
 
             it 'match ip and auth nodes by member names' do
-              is_expected.to contain_exec('pcs_cluster_auth').with(
+              is_expected.to contain_exec('Authorize members').with(
                 command: 'pcs cluster auth 192.168.0.10 192.168.0.12 192.168.0.13 -u hacluster -p some-secret-sauce',
                 path: '/sbin:/bin:/usr/sbin:/usr/bin',
                 require: [
@@ -827,7 +864,7 @@
               end
 
               it 'still detects that this is the auth-node' do
-                is_expected.to contain_exec('pcs_cluster_auth')
+                is_expected.to contain_exec('Authorize members')
               end
             end
           end
@@ -909,7 +946,7 @@
             end
 
             it 'does not attempt to authorize or configure the quorum node' do
-              is_expected.not_to contain_exec('pcs_cluster_auth_qdevice')
+              is_expected.not_to contain_exec('Authorize qdevice')
               is_expected.not_to contain_exec('pcs_cluster_add_qdevice')
             end
           end
@@ -950,7 +987,7 @@
             end
 
             it 'does not authorize or add the quorum device' do
-              is_expected.not_to contain_exec('pcs_cluster_auth_qdevice')
+              is_expected.not_to contain_exec('Authorize qdevice')
               is_expected.not_to contain_exec('pcs_cluster_add_qdevice')
             end
           end
@@ -973,34 +1010,34 @@
 
             it 'configures a temporary cluster if corosync.conf is missing' do
               is_expected.to contain_exec('pcs_cluster_temporary').with(
-                command: 'pcs cluster setup --force --name cluster_test node1.test.org node2.test.org node3.test.org',
+                command: "pcs cluster setup --force #{cluster_name_arg} cluster_test node1.test.org node2.test.org node3.test.org",
                 path: '/sbin:/bin:/usr/sbin:/usr/bin',
                 onlyif: 'test ! -f /etc/corosync/corosync.conf',
-                require: 'Exec[pcs_cluster_auth]'
+                require: "Exec['Authorize members']"
               )
             end
 
             it 'authorizes and adds the quorum device' do
-              is_expected.to contain_exec('pcs_cluster_auth_qdevice').with(
-                command: 'pcs cluster auth quorum1.test.org -u hacluster -p quorum-secret-password',
+              is_expected.to contain_exec('Authorize qdevice').with(
+                command: "#{auth_command} quorum1.test.org -u hacluster -p quorum-secret-password",
                 path: '/sbin:/bin:/usr/sbin:/usr/bin',
                 onlyif: 'test 0 -ne $(grep quorum1.test.org /var/lib/pcsd/tokens >/dev/null 2>&1; echo $?)',
                 require: [
                   'Package[corosync-qdevice]',
-                  'Exec[pcs_cluster_auth]',
+                  "Exec['Authorize members']",
                   'Exec[pcs_cluster_temporary]'
                 ]
               )
+
               is_expected.to contain_exec('pcs_cluster_add_qdevice').with(
                 command: 'pcs quorum device add model net host=quorum1.test.org algorithm=ffsplit',
                 path: '/sbin:/bin:/usr/sbin:/usr/bin',
                 onlyif: [
                   'test 0 -ne $(pcs quorum config | grep "host:" >/dev/null 2>&1; echo $?)'
                 ],
-                require: 'Exec[pcs_cluster_auth_qdevice]'
+                require: "Exec['Authorize qdevice']"
               )
             end
-
             it 'contains the quorum configuration' do
               is_expected.to contain_file('/etc/corosync/corosync.conf').with_content(
                 %r!quorum {
