{"heat_template_version": "wallaby", "description": "Pacemaker remote service configured with Puppet\n", "parameters": {"ServiceData": {"default": {}, "description": "Dictionary packing service data", "type": "json"}, "ServiceNetMap": {"default": {}, "description": "Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults.", "type": "json"}, "RoleName": {"default": "", "description": "Role name on which the service is applied", "type": "string"}, "RoleParameters": {"default": {}, "description": "Parameters specific to the role", "type": "json"}, "EndpointMap": {"default": {}, "description": "Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.", "type": "json"}, "PacemakerRemoteAuthkey": {"type": "string", "description": "The authkey for the pacemaker remote service.", "hidden": true}, "PcsdPassword": {"type": "string", "description": "The password for the 'pcsd' user for pacemaker.", "hidden": true}, "MonitoringSubscriptionPacemakerRemote": {"default": "overcloud-pacemaker_remote", "type": "string"}, "EnableFencing": {"default": false, "description": "Whether to enable fencing in Pacemaker or not.", "type": "boolean"}, "FencingConfig": {"default": {}, "description": "Pacemaker fencing configuration. The JSON should have\nthe following structure:\n  {\n    \"devices\": [\n      {\n        \"agent\": \"AGENT_NAME\",\n        \"host_mac\": \"HOST_MAC_ADDRESS\",\n        \"params\": {\"PARAM_NAME\": \"PARAM_VALUE\"}\n      }\n    ]\n  }\nFor instance:\n  {\n    \"devices\": [\n      {\n        \"agent\": \"fence_xvm\",\n        \"host_mac\": \"52:54:00:aa:bb:cc\",\n        \"params\": {\n          \"multicast_address\": \"225.0.0.12\",\n          \"port\": \"baremetal_0\",\n          \"manage_fw\": true,\n          \"manage_key_file\": true,\n          \"key_file\": \"/etc/fence_xvm.key\",\n          \"key_file_password\": \"abcdef\"\n        }\n      }\n    ]\n  }\n", "type": "json"}, "PacemakerRemoteLoggingSource": {"type": "json", "default": {"tag": "system.pacemaker_remote", "file": "/var/log/host/pacemaker.log", "startmsg.regex": "^[a-zA-Z]{3} [0-9]{2} [:0-9]{8}"}}}, "outputs": {"role_data": {"description": "Role data for the Pacemaker remote role.", "value": {"service_name": "pacemaker_remote", "firewall_rules": {"130 pacemaker_remote tcp": {"proto": "tcp", "dport": [2224, 3121]}}, "monitoring_subscription": {"get_param": "MonitoringSubscriptionPacemakerRemote"}, "config_settings": {"tripleo::fencing::config": {"get_param": "FencingConfig"}, "tripleo::fencing::deep_compare": true, "enable_fencing": {"get_param": "EnableFencing"}, "tripleo::profile::base::pacemaker_remote::remote_authkey": {"get_param": "PacemakerRemoteAuthkey"}, "tripleo::profile::base::pacemaker_remote::pcsd_bind_addr": {"str_replace": {"template": "%{hiera('$NETWORK')}", "params": {"$NETWORK": {"get_param": ["ServiceNetMap", "PacemakerRemoteNetwork"]}}}}, "pacemaker::corosync::manage_fw": false, "hacluster_pwd": {"get_param": "PcsdPassword"}}, "service_config_settings": {"rsyslog": {"tripleo_logging_sources_pacemaker_remote": [{"get_param": "PacemakerRemoteLoggingSource"}]}}, "step_config": "include tripleo::profile::base::pacemaker_remote\n", "host_prep_tasks": [{"name": "Remove existing entries from logind conf", "ansible.builtin.lineinfile": {"path": "/etc/systemd/logind.conf", "regexp": "^\\s*#?\\s*HandlePowerKey\\s*=.*", "state": "absent"}}, {"name": "Make sure systemd-logind ignores power off", "ansible.builtin.lineinfile": {"path": "/etc/systemd/logind.conf", "regexp": "^#?HandlePowerKey", "line": "HandlePowerKey=ignore"}}, {"name": "Restart systemd-logind", "ansible.builtin.service": {"name": "systemd-logind", "state": "restarted"}}]}}}}