heat_template_version: wallaby description: > Pacemaker remote service configured with Puppet parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults. type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json PacemakerRemoteAuthkey: type: string description: The authkey for the pacemaker remote service. hidden: true PcsdPassword: type: string description: The password for the 'pcsd' user for pacemaker. hidden: true MonitoringSubscriptionPacemakerRemote: default: 'overcloud-pacemaker_remote' type: string EnableFencing: default: false description: Whether to enable fencing in Pacemaker or not. type: boolean FencingConfig: default: {} description: | Pacemaker fencing configuration. The JSON should have the following structure: { "devices": [ { "agent": "AGENT_NAME", "host_mac": "HOST_MAC_ADDRESS", "params": {"PARAM_NAME": "PARAM_VALUE"} } ] } For instance: { "devices": [ { "agent": "fence_xvm", "host_mac": "52:54:00:aa:bb:cc", "params": { "multicast_address": "225.0.0.12", "port": "baremetal_0", "manage_fw": true, "manage_key_file": true, "key_file": "/etc/fence_xvm.key", "key_file_password": "abcdef" } } ] } type: json PacemakerRemoteLoggingSource: type: json default: tag: system.pacemaker_remote file: /var/log/host/pacemaker.log startmsg.regex: "^[a-zA-Z]{3} [0-9]{2} [:0-9]{8}" outputs: role_data: description: Role data for the Pacemaker remote role. value: service_name: pacemaker_remote firewall_rules: '130 pacemaker_remote tcp': proto: 'tcp' dport: - 2224 - 3121 monitoring_subscription: {get_param: MonitoringSubscriptionPacemakerRemote} config_settings: tripleo::fencing::config: {get_param: FencingConfig} tripleo::fencing::deep_compare: true enable_fencing: {get_param: EnableFencing} tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey} tripleo::profile::base::pacemaker_remote::pcsd_bind_addr: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, PacemakerRemoteNetwork]} pacemaker::corosync::manage_fw: false hacluster_pwd: {get_param: PcsdPassword} service_config_settings: rsyslog: tripleo_logging_sources_pacemaker_remote: - {get_param: PacemakerRemoteLoggingSource} step_config: | include tripleo::profile::base::pacemaker_remote host_prep_tasks: - name: Remove existing entries from logind conf ansible.builtin.lineinfile: path: /etc/systemd/logind.conf regexp: '^\s*#?\s*HandlePowerKey\s*=.*' state: absent - name: Make sure systemd-logind ignores power off ansible.builtin.lineinfile: path: /etc/systemd/logind.conf regexp: '^#?HandlePowerKey' line: HandlePowerKey=ignore - name: Restart systemd-logind ansible.builtin.service: name: systemd-logind state: restarted