Puppet module for Corosync & Pacemaker

-

The clusterlabs stack incorporates Corosync and Pacemaker in an Open-Source, High Availability stack for both small and large deployments.

It supports a lot of different HA setups and is very flexible.

This puppet module is suitable for the management of both the software stack (pacemaker and corosync) and the cluster resources (via puppet types and providers).

Note: This module is the successor of puppetlabs-corosync.

Documentation

Basic usage

To install and configure Corosync

class { 'corosync':
  authkey        => '/var/lib/puppet/ssl/certs/ca.pem',
  bind_address   => $::ipaddress,
  cluster_name   => 'mycluster',
  enable_secauth => true,
}

To enable Pacemaker

corosync::service { 'pacemaker':
  version => '0',
}

To configure advanced and (very) verbose logging settings

class { 'corosync':
  log_stderr        => false,
  log_function_name => true,
  syslog_priority   => 'debug',
  debug             => true,
}

To disable Corosync and Pacemaker services

class { 'corosync':
  enable_corosync_service  => false,
  enable_pacemaker_service => false,
}

Configure Corosync Secure Authentication

By default the built-in Puppet CA will be used to perform this authentication, however, generating a dedicated key is a better approach.

1. Generate a new key on a machine with Corosync installed and convert it to Base64.

   # Generate the key
   corosync-keygen -k /tmp/authkey
   

2. Convert the key file to a Base64 string so it can be used in your manifest.

   # Convert it to a Base64 string
   base64 -w 0 /tmp/authkey > /tmp/authkey_base64
   

3. Declare the corosync module using this string.

   class { 'corosync':
     enable_secauth => true,
     authkey_source => 'string',
     authkey        => 'MxjvpEztT3Mi+QagUO2cefhLDrP2BSFYKS3g1WXTUj2eCgGDPcSNf3uCKgzJKhoWTgJm2nYDHJv8KiFqMoW3ATuVr/9fLb/lgUVfoz0GnP10S7r77aqaIsERhJcGVQhcteHVlZl6zOo6VQz4ekH7VPmMlKJX0iQPuJTh9o6qhjg=',
   }
   

If the authkey is included directly in config, consider storing the value in hiera and encrypting it via hiera-eyaml.

PCSD Authorization

The pacemaker/corosync configuration system (pcs) includes a daemon (pcsd) which can be configured to perform distributed communication across the cluster. This is accomplished by establishing token-based authorization of each cluster node via the pcs auth command.

On systems which support it, management of PCS authorization can be configured and deployed via this module as shown in the following example:

class { 'corosync':
  manage_pcsd_service          => true,
  manage_pcsd_auth             => true,
  sensitive_hacluster_password => Sensitive('this-is-the-actual-password'),
  sensitive_hacluster_hash     => Sensitive('a-hash-of-the-passwd-for-the-user-resource'),
}

Note that as this must only be executed on one node and by default the 'first' node in the cluster list is used. There may be timing issues if the configuration has not yet been applied on the other nodes as a successful execution requires the password for hacluster to be appropriately set on each system.

Configure votequorum

To enable Corosync 2 votequorum and define a nodelist of nodes named n1, n2, n3 with auto generated node IDs

class { 'corosync':
  set_votequorum => true,
  quorum_members => [ 'n1', 'n2', 'n3' ],
}

To do the same but with custom node IDs instead

class { 'corosync':
  set_votequorum     => true,
  quorum_members     => [ 'n1', 'n2', 'n3' ],
  quorum_members_ids => [ 10, 11, 12 ],
}

Note: custom IDs may be required when adding or removing nodes to a cluster on a fly. Then each node shall have an unique and persistent ID.

To have multiple rings in the nodelist

class { 'corosync':
  set_votequorum     => true,
  quorum_members     => [
    ['172.31.110.1', '172.31.111.1'],
    ['172.31.110.2', '172.31.111.2'],
  ],
}

When quorum_members is an array of arrays, each sub array represents one host IP addresses.

Configure a Quorum Device (corosync-qdevice)

Recent versions of corosync include support for a network based quorum device that is external to the cluster. This provides tiebreaker functionality to clusters with even node counts allowing 2-node or higher clusters which can operate with exactly half of their nodes to function. There are two components to quorum device configuration:

• A node which is not a member of any Corosync cluster will host the corosync-qnet daemon. This node should be outside of the network containing the cluster nodes.
• Each member of the cluster will be authorized to communicate with the quorum node and have the corosync-qdevice service scheduled and operating.

This implementation depends entirely on PCSD authorization and will only execute with that enabled.

1. Configure the qdevice class on the quorum node. Note that the same quorum node can be used for multiple clusters. Additionally, this node cannot be a normal cluster member!

   # In this example, the node's name is quorum1.test.org
   class { 'corosync::qdevice':
     sensitive_hacluster_hash => Sensitive('hash-of-haclusters-password-on-the-qdevice-node')
   }
   

2. Configure and enable qdevice settings on the cluster members via the corosync main class.

   class { 'corosync':
     cluster_name                     => 'example',
     manage_pcsd_service              => true,
     manage_pcsd_auth                 => true,
     sensitive_hacluster_password     => Sensitive('this-is-the-actual-password'),
     sensitive_hacluster_hash         => Sensitive('a-hash-of-the-passwd-for-the-user-resource'),
     manage_quorum_device             => true,
     quorum_device_host               => 'quorum1.test.org',
     quorum_device_algorithm          => 'ffsplit',
     sensitive_quorum_device_password => Sensitive('Actual password for hacluster on quorum1.test.org'),
   }
   

For more information see the following:

• RedHat High Availability Add-On - 10.5 Quorum Devices
• corosync-qdevice Man Page

Configuring primitives

The resources that Corosync will manage can be referred to as a primitive. These are things like virtual IPs or services like drbd, nginx, and apache.

To assign a VIP to a network interface to be used by Nginx

cs_primitive { 'nginx_vip':
  primitive_class => 'ocf',
  primitive_type  => 'IPaddr2',
  provided_by     => 'heartbeat',
  parameters      => { 'ip' => '172.16.210.100', 'cidr_netmask' => '24' },
  operations      => { 'monitor' => { 'interval' => '10s' } },
}

Make Corosync manage and monitor the state of Nginx using a custom OCF agent

cs_primitive { 'nginx_service':
  primitive_class => 'ocf',
  primitive_type  => 'nginx_fixed',
  provided_by     => 'pacemaker',
  operations      => {
    'monitor'     => { 'interval' => '10s', 'timeout' => '30s' },
    'start'       => { 'interval' => '0', 'timeout' => '30s', 'on-fail' => 'restart' }
  },
  require         => Cs_primitive['nginx_vip'],
}

Make Corosync manage and monitor the state of Apache using a LSB agent

cs_primitive { 'apache_service':
  primitive_class => 'lsb',
  primitive_type  => 'apache2',
  provided_by     => 'heartbeat',
  operations      => {
    'monitor'     => { 'interval' => '10s', 'timeout' => '30s' },
    'start'       => { 'interval' => '0', 'timeout' => '30s', 'on-fail' => 'restart' }
  },
  require         => Cs_primitive['apache2_vip'],
}

Note: If you have multiple operations with the same names, you have to use an array. Example:

cs_primitive { 'pgsql_service':
  primitive_class => 'ocf',
  primitive_type  => 'pgsql',
  provided_by     => 'heartbeat',
  operations      => [
    { 'monitor'   => { 'interval' => '10s', 'timeout' => '30s' } },
    { 'monitor'   => { 'interval' => '5s', 'timeout' => '30s' 'role' => 'Master', } },
    { 'start'     => { 'interval' => '0', 'timeout' => '30s', 'on-fail' => 'restart' } }
  ],
}

If you do mot want Puppet to interfere with manually stopped resources (e.g not change the target-role metaparameter), you can use the unmanaged_metadata parameter:

cs_primitive { 'pgsql_service':
  primitive_class    => 'ocf',
  primitive_type     => 'pgsql',
  provided_by        => 'heartbeat',
  unmanaged_metadata => ['target-role'],
}

Configuring STONITH Resources

Special primitives can be configured to support STONITH (Shoot The Other Node In The Head) fencing. This is critical for clusters which include shared resources (shared disk typically) or are vulnerable to cluster splits. The STONITH resource is responsible for providing a mechanism to restart or simply halt a rouge resource, often via power fencing.

The following example performs this configuration via the fence_vmware_soap STONITH agent.

cs_primitive { 'vmfence':
  primitive_class => 'stonith',
  primitive_type  => 'fence_vmware_soap',
  operations      => {
    'monitor'     => { 'interval' => '60s'},
  },
  parameters      => {
    'ipaddr'          => 'vcenter.example.org',
    'login'           => 'service-fence@vsphere.local'
    'passwd'          => 'some plaintext secret',
    'ssl'             => '1',
    'ssl_insecure'    => '1',
    'pcmk_host_map'   => 'host0.example.org:host0;host1.example.org:host1',
    'pcmk_delay_max'  => '10s',
  },
}

Note that currently this implementation only handles STONITH for RHEL/CentOS based clusters which utilize pcs.

Configuring locations

Locations determine on which nodes primitive resources run.

cs_location { 'nginx_service_location':
  primitive => 'nginx_service',
  node_name => 'hostname',
  score     => 'INFINITY'
}

To manage rule on a location. Example to force the location to not run on a container (VM).

cs_location { 'nginx_service_location':
  primitive => 'nginx_service',
  rules     => [
    { 'nginx-service-avoid-container-rule' => {
        'score'      => '-INFINITY',
        'expression' => [
          { 'attribute' => '#kind',
            'operation' => 'eq',
            'value'     => 'container'
          },
        ],
      },
    },
  ],
}

Example of a virtual ip location that checks ping connectivity for placement.

cs_location { 'vip-ping-connected':
  primitive => 'vip',
  rules     => [
    { 'vip-ping-exclude-rule' => {
        'score'      => '-INFINITY',
        'expression' => [
          { 'attribute' => 'pingd',
            'operation' => 'lt',
            'value'     => '100',
          },
        ],
      },
    },
    { 'vip-ping-prefer-rule' => {
        'score-attribute' => 'pingd',
        'expression'      => [
          { 'attribute' => 'pingd',
            'operation' => 'defined',
          }
        ],
      },
    },
  ],
}

Example of another possibility to use ping connectivity for placement.

cs_location { 'vip-ping-connected':
  primitive => 'vip',
  rules     => [
    { 'vip-ping-connected-rule' => {
        'score'      => '-INFINITY',
        'boolean-op' => 'or',
        'expression' => [
          { 'attribute' => 'pingd',
            'operation' => 'not_defined',
          },
          { 'attribute' => 'pingd',
            'operation' => 'lte',
            'value'     => '100',
          },
        ],
      },
    },
  ],
}

Configuring colocations

Colocations keep primitives together. Meaning if a vip moves to web02 from web01 because web01 just hit the dirt it will drag the nginx service with it.

cs_colocation { 'vip_with_service':
  primitives => [ 'nginx_vip', 'nginx_service' ],
}

pcs only Advanced colocations are also possible with colocation sets by using arrays instead of strings in the primitives array. Additionally, a hash can be added to the inner array with the specific options for that resource set.

cs_colocation { 'mysql_and_ptheartbeat':
  primitives => [
    ['mysql', {'role' => 'master'}],
    [ 'ptheartbeat' ],
  ],
}

cs_colocation { 'mysql_apache_munin_and_ptheartbeat':
  primitives => [
    ['mysql', 'apache', {'role' => 'master'}],
    [ 'munin', 'ptheartbeat' ],
  ],
}

Configuring migration or state order

Colocation defines that a set of primitives must live together on the same node but order definitions will define the order of which each primitive is started. If Nginx is configured to listen only on our vip we definitely want the vip to be migrated to a new node before nginx comes up or the migration will fail.

cs_order { 'vip_before_service':
  first   => 'nginx_vip',
  second  => 'nginx_service',
  require => Cs_colocation['vip_with_service'],
}

Configuring cloned resources/groups

Cloned resources should be active on multiple hosts at the same time. You can clone any existing resource provided the resource agent supports it.

cs_clone { 'nginx_service-clone' :
  ensure    => present,
  primitive => 'nginx_service',
  clone_max => 3,
  require   => Cs_primitive['nginx_service'],
}

You can also clone groups:

cs_clone { 'nginx_service-clone' :
  ensure    => present,
  group     => 'nginx_group',
  clone_max => 3,
  require   => Cs_primitive['nginx_service'],
}

Corosync Properties

A few global settings can be changed with the "cs_property" section.

Disable STONITH if required.

cs_property { 'stonith-enabled' :
  value   => 'false',
}

Change quorum policy

cs_property { 'no-quorum-policy' :
  value   => 'ignore',
}

You can use the replace parameter to create but not update some values:

cs_property { 'maintenance-mode':
  value   => 'true',
  replace => false,
}

Resource defaults

A few global settings can be changed with the "cs_rsc_defaults" section.

Don't move resources.

cs_rsc_defaults { 'resource-stickiness' :
  value => 'INFINITY',
}

Multiple rings

In unicast mode, you can have multiple rings by specifying unicast_address and bind_address as arrays:

class { 'corosync':
  enable_secauth    => true,
  authkey           => '/var/lib/puppet/ssl/certs/ca.pem',
  bind_address      => ['10.0.0.1', '10.0.1.1'],
  unicast_addresses => [
      [ '10.0.0.1',
        '10.0.1.1'
      ], [
        '10.0.0.2',
        '10.0.1.2'
      ],
  ],
}

The unicast_addresses is an array of arrays. One sub array matches one host IP addresses. In this example host2 has IP addresses 10.0.0.2 and 10.0.1.2.

Shadow CIB

Shadow CIB allows you to apply all the changes at the same time. For that, you need to use the cib parameter and the cs_commit and cs_shadow types.

Shadow CIB is the recommended way to manage large CIB with puppet, as it will apply all your changes at once, starting the cluster when everything is in place: primitives, constraints, properties.

If you set the cib parameter to one cs_* resource we recommend you to set that cib parameter to all the cs_* resources.

cs_shadow {
    'puppet':
}
cs_primitive { 'pgsql_service':
  primitive_class => 'ocf',
  primitive_type  => 'pgsql',
  provided_by     => 'heartbeat',
  cib             => 'puppet'
}
cs_commit {
    'puppet':
}

Notes

Upstream documentation

We suggest you at least go read the Clusters from Scratch document from Cluster Labs. It will help you out a lot when understanding how all the pieces fall together a point you in the right direction when Corosync/Pacemaker fails unexpectedly.

Roadmap

We do maintain a roadmap regarding next releases of this module.

Operating System support matrix

OS	release	Puppet 3.8.7	Puppet 4 (PC1)	Puppet 5.X
CentOS/RHEL	7	Not supported	Supported	Supported
Debian	9	Not supported	Supported	Supported
Ubuntu	16.04	Not supported	Supported	Supported

Contributors

See Github.

Special thanks to Puppet, Inc for initial development and Vox Pupuli to provide a platform that allows us to continue the development of this module.

Development

See the contributing guide for details. Additionally, some general guidelines on PR structure can be found here.

Copyright and License

Copyright © 2012-2014 Puppet Inc

Copyright © 2012-2018 Multiple contributors

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Reference

Table of Contents

Classes

• corosync: Configures the Pacemaker+Corosync stack to provide high-availability.
• corosync::params: Configures sane defaults based on the operating system.
• corosync::qdevice: Performs basic initial configuration of the qdevice daemon on a node.
• corosync::reprobe: Triggers re-probe for changes any of the native cs_* types.

Defined types

• corosync::service: Declare services within /etc/corosync/service.d/ (Corosync 1.x)

Resource types

• cs_clone: Type for manipulating corosync/pacemaker resource clone. More information on Corosync/Pacemaker colocation can be found here: * http://www.c
• cs_colocation: Type for manipulating corosync/pacemaker colocation. Colocation is the grouping together of a set of primitives so that they travel together
• cs_commit: Final commit statement which triggers the syncronous application of all primitive changes which reference this CIB. Do not generate more than
• cs_group: Type for manipulating Corosync/Pacemkaer group entries. Groups are a set or resources (primitives) that need to be grouped together. More in
• cs_location: Type for manipulating corosync/pacemaker resource location. More information on Corosync/Pacemaker colocation can be found here: * http://ww
• cs_order: Type for manipulating Corosync/Pacemkaer ordering entries. Order entries are another type of constraint that can be put on sets of primitive
• cs_primitive: Type for manipulating Corosync/Pacemaker primitives. Primitives are probably the most important building block when creating highly availabl
• cs_property: Type for manipulating corosync/pacemaker configuration properties. Besides the configuration file that is managed by the module the contains
• cs_rsc_defaults: Type for manipulating corosync/pacemaker global defaults for resource options. The type is pretty simple interface for setting key/value pair
• cs_shadow: cs_shadow resources represent a Corosync shadow CIB. Any corosync resources defined with 'cib' set to the title of a cs_shadow resource will

Data types

• Corosync::ArrayRing:
• Corosync::CryptoCipher: Defines the allowed cipher types for secure corosync communication
• Corosync::CryptoHash:
• Corosync::IpStringIp:
• Corosync::QuorumAlgorithm:
• Corosync::Syslogpriority:

Classes

corosync

This class will set up corosync for use by the Puppet Enterprise console to facilitate an active/standby configuration for high availability. It is assumed that this module has been initially ran on a Puppet master with the capabilities of signing certificates to do the initial key generation.

=== Authors

Cody Herriges cody@puppetlabs.com

=== Copyright

Copyright 2012, Puppet Labs, LLC.

Examples

Simple configuration without secauth

class { 'corosync':
  enable_secauth    => false,
  bind_address      => '192.168.2.10',
  multicast_address => '239.1.1.2',
}

Parameters

The following parameters are available in the corosync class.

enable_secauth

Data type: Boolean

Controls corosync's ability to authenticate and encrypt multicast messages.

Default value: $corosync::params::enable_secauth

authkey_source

Data type: Enum['file', 'string']

Allows to use either a file or a string as a authkey.

Default value: $corosync::params::authkey_source

authkey

Data type: Variant[Stdlib::Absolutepath,Stdlib::Base64]

Specifies the path to the CA which is used to sign Corosync's certificate if authkey_source is 'file' or a base64 encoded version of the actual authkey if 'string' is used instead.

Default value: $corosync::params::authkey

crypto_hash

Data type: Corosync::CryptoHash

Hashing algorithm used by corosync for intra-cluster communication. Valid values are none, md5, sha1, sha256, sha384, and sha512

Default value: 'sha1'

crypto_cipher

Data type: Corosync::CryptoCipher

Encryption cipher used by corosync for intra-cluster communication. Valid values are none, aes256, aes192, aes128, and 3des

Default value: 'aes256'

threads

Data type: Optional[Integer]

How many threads you are going to let corosync use to encode and decode multicast messages. If you turn off secauth then corosync will ignore threads.

Default value: undef

bind_address

Data type: Corosync::IpStringIp

The ip address we are going to bind the corosync daemon too. Can be specified as an array to have multiple rings.

Default value: $corosync::params::bind_address

port

Data type: Optional[Variant[Stdlib::Port, Array[Stdlib::Port]]]

The UDP port that corosync will use to do its multicast communication. Be aware that corosync used this defined port plus minus one. Can be specified as an array to have multiple rings.

Default value: $corosync::params::port

multicast_address

Data type: Optional[Corosync::IpStringIp]

An IP address that has been reserved for multicast traffic. This is the default way that Corosync accomplishes communication across the cluster. Use 'broadcast' to have broadcast instead Can be specified as an array to have multiple rings (multicast only).

Default value: undef

unicast_addresses

Data type: Optional[Array]

An array of IP addresses that make up the cluster's members. These are use if you are able to use multicast on your network and instead opt for the udpu transport. You need a relatively recent version of Corosync to make this possible. You can also have an array of arrays to have multiple rings. In that case, each subarray matches a host IP addresses.

Default value: undef

force_online

Data type: Boolean

Boolean parameter specifying whether to force nodes that have been put in standby back online.

Default value: $corosync::params::force_online

check_standby

Data type: Boolean

Boolean parameter specifying whether puppet should return an error log message if a node is in standby. Useful for monitoring node state.

Default value: $corosync::params::check_standby

log_timestamp

Data type: Boolean

Boolean parameter specifying whether a timestamp should be placed on all log messages.

Default value: $corosync::params::log_timestamp

log_file

Data type: Boolean

Boolean parameter specifying whether Corosync should produce debug output in a logfile.

Default value: $corosync::params::log_file

log_file_name

Data type: Optional[Stdlib::Absolutepath]

Absolute path to the logfile Corosync should use when $log_file (see above) is true.

Default value: undef

debug

Data type: Boolean

Boolean parameter specifying whether Corosync should produce debug output in its logs.

Default value: $corosync::params::debug

log_stderr

Data type: Boolean

Boolean parameter specifying whether Corosync should log errors to stderr.

Default value: $corosync::params::log_stderr

syslog_priority

Data type: Corosync::SyslogPriority

String parameter specifying the minimal log level for Corosync syslog messages. Allowed values: debug|info|notice|warning|err|emerg.

Default value: $corosync::params::syslog_priority

log_function_name

Data type: Boolean

Boolean parameter specifying whether Corosync should log called function names to.

Default value: $corosync::params::log_function_name

rrp_mode

Data type: Optional[Enum['none', 'active', 'passive']]

Mode of redundant ring. May be none, active, or passive.

Default value: undef

netmtu

Data type: Optional[Integer]

This specifies the network maximum transmit unit.

Default value: undef

ttl

Data type: Optional[Integer[0,255]]

Time To Live.

Default value: undef

vsftype

Data type: Optional[Enum['ykd', 'none']]

Virtual synchrony filter type.

Default value: undef

package_corosync

Data type: Boolean

Define if package corosync should be managed.

Default value: $corosync::params::package_corosync

package_crmsh

Data type: Boolean

Define if package crmsh should be managed. Default (Debian): true Default: false

Default value: $corosync::params::package_crmsh

package_pacemaker

Data type: Boolean

Define if package pacemaker should be managed.

Default value: $corosync::params::package_pacemaker

package_pcs

Data type: Boolean

Define if package pcs should be managed. Default (Red Hat based): true Default (otherwise): false

Default value: $corosync::params::package_pcs

package_fence_agents

Data type: Boolean

Define if package fence-agents should be managed. Default (Red Hat based): true Default (otherwise): false

Default value: $corosync::params::package_fence_agents

packageopts_corosync

Data type: Optional[Array[String[1]]]

Additional install-options for the corosync package resource. Default: undef

Default value: $corosync::params::package_install_options

packageopts_crmsh

Data type: Optional[Array[String[1]]]

Additional install-options for the crmsh package resource. Default: undef

Default value: $corosync::params::package_install_options

packageopts_pacemaker

Data type: Optional[Array[String[1]]]

Additional install-options for the pacemaker package resource. Default: undef

Default value: $corosync::params::package_install_options

packageopts_pcs

Data type: Optional[Array[String[1]]]

Additional install-options for the pcs package resource. Default: undef

Default value: $corosync::params::package_install_options

packageopts_fence_agents

Data type: Optional[Array[String[1]]]

Additional install-options for the pcs package resource. Default: undef

Default value: $corosync::params::package_install_options

version_corosync

Data type: String[1]

Define what version of the corosync package should be installed. Default: 'present'

Default value: $corosync::params::version_corosync

version_crmsh

Data type: String[1]

Define what version of the crmsh package should be installed. Default: 'present'

Default value: $corosync::params::version_crmsh

version_pacemaker

Data type: String[1]

Define what version of the pacemaker package should be installed. Default: 'present'

Default value: $corosync::params::version_pacemaker

version_pcs

Data type: String[1]

Define what version of the pcs package should be installed. Default: 'present'

Default value: $corosync::params::version_pcs

version_fence_agents

Data type: String[1]

Define what version of the fence-agents-all package should be installed. Default: 'present'

Default value: $corosync::params::version_fence_agents

set_votequorum

Data type: Boolean

Set to true if corosync_votequorum should be used as quorum provider. Default (Red Hat based): true Default (Ubuntu >= 14.04): true Default (otherwise): false

Default value: $corosync::params::set_votequorum

votequorum_expected_votes

Data type: Optional[Integer]

Overrides the automatic calculation of expected votes which is normally derived from the number of nodes.

Default value: undef

quorum_members

Data type: Array

Array of quorum member hostname. This is required if set_votequorum is set to true. You can also have an array of arrays to have multiple rings. In that case, each subarray matches a member IP addresses.

Default value: ['localhost']

quorum_members_ids

Data type: Optional[Array]

Array of quorum member IDs. Persistent IDs are required for the dynamic config of a corosync cluster and when_set_votequorum is set to true. Should be used only with the quorum_members parameter.

Default value: undef

quorum_members_names

Data type: Optional[Array]

Array of quorum member names. Persistent names are required when you define IP addresses in quorum_members.

Default value: undef

token

Data type: Optional[Integer]

Time (in ms) to wait for a token

Default value: undef

token_retransmits_before_loss_const

Data type: Optional[Integer]

How many token retransmits before forming a new configuration.

Default value: undef

compatibility

Data type: Optional[String]

Older versions of corosync allowed a config-file directive to indicate backward compatibility. This sets that.

Default value: undef

enable_corosync_service

Data type: Boolean

Whether the module should enable the corosync service.

Default value: $corosync::params::enable_corosync_service

manage_corosync_service

Data type: Boolean

Whether the module should try to manage the corosync service. If set to false, the service will need to be specified in the catalog elsewhere.

Default value: $corosync::params::manage_corosync_service

enable_pacemaker_service

Data type: Boolean

Whether the module should enable the pacemaker service.

Default value: $corosync::params::enable_pacemaker_service

manage_pacemaker_service

Data type: Boolean

Whether the module should try to manage the pacemaker service. Default (Red Hat based >= 7): true Default (Ubuntu >= 14.04): true Default (otherwise): false

Default value: $corosync::params::manage_pacemaker_service

enable_pcsd_service

Data type: Boolean

Whether the module should enable the pcsd service.

Default value: $corosync::params::enable_pcsd_service

manage_pcsd_service

Data type: Boolean

Whether the module should try to manage the pcsd service in addition to the corosync service. pcsd service is the GUI and the remote configuration interface.

Default value: false

manage_pcsd_auth

Data type: Boolean

This only has an effect when $manage_pcsd_service is enabled. If set, an attempt will be made to authorize pcs on the cluster node determined by manage_pcsd_auth_node. Note that this determination can only be made when the entries in quorum_members match the trusted certnames of the nodes in the environment or the IP addresses of the primary adapters. $sensitive_hacluster_password is mandatory if this parameter is set.

Default value: false

manage_pcsd_auth_node

Data type: Enum['first','last']

When managing authorization for PCS this determines which node does the work. Note that only one node 'should' do the work and nodes are chosen by matching local facts to the contents of quorum_members. When manage_pcsd_auth is disabled this parameter has no effect.

Default value: 'first'

sensitive_hacluster_password

Data type: Optional[Sensitive[String]]

When PCS is configured on a RHEL system this directive is used to set the password for the hacluster user. If both $manage_pcsd_service and $manage_pcsd_auth are both set to true the cluster will use this credential to authorize all nodes.

Default value: undef

sensitive_hacluster_hash

Data type: Optional[Sensitive[String]]

This parameter expects a valid password hash of sensitive_hacluster_password. If provided, the hash provided the hash will be used to set the password for the hacluster user on each node.

Default value: undef

manage_quorum_device

Data type: Boolean

Enable or disable the addition of a quorum device external to the cluster. This device is used avoid cluster splits typically in conjunction with fencing by providing an external network vote. Additionally, this allows symmentric clusters to continue operation in the event that 50% of their nodes have failed.

Default value: false

quorum_device_host

Data type: Optional[Stdlib::Fqdn]

The fully qualified hostname of the quorum device. This parameter is mandatory when manage_quorum_device is true.

Default value: undef

quorum_device_algorithm

Data type: Optional[Corosync::QuorumAlgorithm]

There are currently two algorithms the quorum device can utilize to determine how its vote should be allocated; Fifty-fifty split and last-man-standing. See the corosync-qdevice man page for details.

Default value: 'ffsplit'

package_quorum_device

Data type: Optional[String]

The name of the package providing the quorum device functionality. This parameter is mandatory if manage_quorum_device is true.

Default value: $corosync::params::package_quorum_device

sensitive_quorum_device_password

Data type: Optional[Sensitive[String]]

The plain text password for the hacluster user on the quorum_device_host. This parameter is mandatory if manage_quorum_device is true.

Default value: undef

cluster_name

Data type: Optional[String[1]]

This specifies the name of cluster and it's used for automatic generating of multicast address.

Default value: undef

join

Data type: Optional[Integer]

This timeout specifies in milliseconds how long to wait for join messages in the membership protocol.

Default value: undef

consensus

Data type: Optional[Integer]

This timeout specifies in milliseconds how long to wait for consensus to be achieved before starting a new round of membership configuration. The minimum value for consensus must be 1.2 token. This value will be automatically calculated at 1.2 token if the user doesn't specify a consensus value.

Default value: undef

ip_version

Data type: Optional[String[1]]

This specifies version of IP to ask DNS resolver for. The value can be one of ipv4 (look only for an IPv4 address) , ipv6 (check only IPv6 address), ipv4-6 (look for all address families and use first IPv4 address found in the list if there is such address, otherwise use first IPv6 address) and ipv6-4 (look for all address families and use first IPv6 address found in the list if there is such address, otherwise use first IPv4 address).

Default (if unspecified) is ipv6-4 for knet and udpu transports and ipv4 for udp.

Default value: undef

clear_node_high_bit

Data type: Optional[Enum['yes', 'no']]

This configuration option is optional and is only relevant when no nodeid is specified. Some openais clients require a signed 32 bit nodeid that is greater than zero however by default openais uses all 32 bits of the IPv4 address space when generating a nodeid. Set this option to yes to force the high bit to be zero and therefor ensure the nodeid is a positive signed 32 bit integer. WARNING: The clusters behavior is undefined if this option is enabled on only a subset of the cluster (for example during a rolling upgrade).

Default value: undef

max_messages

Data type: Optional[Integer]

This constant specifies the maximum number of messages that may be sent by one processor on receipt of the token. The max_messages parameter is limited to 256000 / netmtu to prevent overflow of the kernel transmit buffers.

Default value: undef

test_corosync_config

Data type: Boolean

Whether we should test new configuration files with corosync -t. (requires corosync 2.3.4)

Default value: $corosync::params::test_corosync_config

corosync::params

Configures sane defaults based on the operating system.

corosync::qdevice

This class performs the configuration of the qdevice daemon on a target node. Note that this requires corosync 2.x and must never be deployed on a node which is actually part of a cluster. Additionally, you will need to open the correct firewall ports for both pcs, and the actual quorum device as shown in the included example.

• See also https://www.systutorials.com/docs/linux/man/8-corosync-qnetd/

Examples

Quorum node with default password & configuring the firewall

include firewalld

class { 'corosync::qdevice':
  sensitive_hacluster_hash => $sensitive_hacluster_hash,
}
contain 'corosync::qdevice'

# Open the corosync-qnetd port
firewalld::custom_service { 'corosync-qdevice-net':
  description => 'Corosync Quorum Net Device Port',
  port        => [
    {
      port     => '5403',
      protocol => 'tcp',
    },
  ],
}
firewalld_service { 'corosync-qdevice-net':
  ensure  => 'present',
  service => 'corosync-qdevice-net',
  zone    => 'public',
}

# Configure general PCS firewall rules
firewalld_service { 'high-availability':
  ensure  => 'present',
  service => 'high-availability',
  zone    => 'public',
}

Parameters

The following parameters are available in the corosync::qdevice class.

sensitive_hacluster_hash

Data type: Sensitive[String]

The password hash for the hacluster user on this quorum device node. This is currently a mandatory parameter because pcsd must be used to perform the quorum node configuration.

Default value: undef

package_pcs

Data type: String[1]

Name of the PCS package on this system.

Default value: 'pcs'

package_corosync_qnetd

Data type: String[1]

Name of the corosync qnetd package for this system.

Default value: 'corosync-qnetd'

corosync::reprobe

Include this class to reprobe the corosync cluster when there are changes in any of the native cs_* types. Useful for multi-node provisioning when the nodes are not always in a stable state after provisioning.

Copyright 2012 Puppet Labs, LLC.

Examples

Reprobe corosync after making cluster configuration changes

include corosync::reprobe

Defined types

corosync::service

Models a Corosync service. Corosync services are plugins that provide functionality for monitoring cluster resources. One of the most common of these plugins being Pacemaker. This is for corosync 1.x!

=== Authors

Cody Herriges cody@puppetlabs.com

=== Copyright

Copyright 2012 Puppet Labs, LLC.

Examples

Simple configuration of a service with version '0'.

corosync::service { 'pacemaker':
  version => '0',
}

Parameters

The following parameters are available in the corosync::service defined type.

name

Data type: String

The namevar in this type is the title you give it when you define a resource instance. It is used for a handful of purposes; defining the name of the config file and the name defined inside the file itself.

version

Data type: String[1]

Version of the protocol used by this service. This is currently unused.

Resource types

cs_clone

Type for manipulating corosync/pacemaker resource clone. More information on Corosync/Pacemaker colocation can be found here:

• http://www.clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/_ensuring_resources_run_on_the_same_host.html

Properties

The following properties are available in the cs_clone type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

primitive

The corosync resource primitive to be cloned.

group

The corosync resource group to be cloned.

clone_max

Valid values: %r{\d+}, absent

How many copies of the resource to start. Defaults to the number of nodes in the cluster.

Default value: absent

clone_node_max

Valid values: %r{\d+}, absent

How many copies of the resource can be started on a single node. Defaults to 1.

Default value: absent

notify_clones

Valid values: true, false, absent

When stopping or starting a copy of the clone, tell all the other copies beforehand and when the action was successful. Allowed values: true, false

Default value: absent

globally_unique

Valid values: true, false, absent

Does each copy of the clone perform a different function? Allowed values: true, false

Default value: absent

ordered

Valid values: true, false, absent

Should the copies be started in series (instead of in parallel). Allowed values: true, false

Default value: absent

interleave

Valid values: true, false, absent

Changes the behavior of ordering constraints (between clones/masters) so that instances can start/stop as soon as their peer instance has (rather than waiting for every instance of the other clone has). Allowed values: true, false

Default value: absent

Parameters

The following parameters are available in the cs_clone type.

name

namevar

Identifier of the clone entry. This value needs to be unique across the entire Corosync/Pacemaker configuration since it doesn't have the concept of name spaces per type.

cib

Corosync applies its configuration immediately. Using a CIB allows you to group multiple primitives and relationships to be applied at once. This can be necessary to insert complex configurations into Corosync correctly.

This paramater sets the CIB this colocation should be created in. A cs_shadow resource with a title of the same name as this value should also be added to your manifest.

cs_colocation

Type for manipulating corosync/pacemaker colocation. Colocation is the grouping together of a set of primitives so that they travel together when one of them fails. For instance, if a web server vhost is colocated with a specific ip address and the web server software crashes, the ip address with migrate to the new host with the vhost.

More information on Corosync/Pacemaker colocation can be found here:

• http://www.clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/_ensuring_resources_run_on_the_same_host.html

Properties

The following properties are available in the cs_colocation type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

primitives

At least two Pacemaker primitives to be located together. Order of primitives in colocation groups is important. In Pacemaker, a colocation of 2 primitives behaves different than a colocation between more than 2 primitives. Here the behavior is altered to be more consistent. Examples on how to define colocations here:

• 2 primitives: [A, B] will cause A to be located first, and B will be located with A. This is different than how crm configure colocation works, because there [A, B] would mean colocate A with B, thus B should be located first.
• multiple primitives: [A, B, C] will cause A to be located first, B next, and finally C. This is identical to how crm configure colocation works with multiple resources, it will add a colocated set. Property will raise an error if you do not provide an array containing at least two values. Values can be either the name of the primitive, or primitive:role. Notice, we can only interpret colocations of single sets, not multiple sets combined. In Pacemaker speak, this means we can support 'A B C' but not e.g. 'A B (C D) E'. Feel free to contribute a patch for this.

score

The priority of this colocation. Primitives can be a part of multiple colocation groups and so there is a way to control which primitives get priority when forcing the move of other primitives. This value can be an integer but is often defined as the string INFINITY.

Default value: INFINITY

Parameters

The following parameters are available in the cs_colocation type.

name

namevar

Identifier of the colocation entry. This value needs to be unique across the entire Corosync/Pacemaker configuration since it doesn't have the concept of name spaces per type.

cib

Corosync applies its configuration immediately. Using a CIB allows you to group multiple primitives and relationships to be applied at once. This can be necessary to insert complex configurations into Corosync correctly.

This paramater sets the CIB this colocation should be created in. A cs_shadow resource with a title of the same name as this value should also be added to your manifest.

cs_commit

Final commit statement which triggers the syncronous application of all primitive changes which reference this CIB. Do not generate more than one cs_commit referencing the same CIB for a given cluster!

Parameters

The following parameters are available in the cs_commit type.

cib

Name of the CIB to commit. This value defaults to the name of the cs_commit resource.

name

namevar

Name of the CIB to commit. See the cib parameter for more detail.

cs_group

Type for manipulating Corosync/Pacemkaer group entries. Groups are a set or resources (primitives) that need to be grouped together.

More information can be found at the following link:

• http://www.clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Pacemaker_Explained/ch-advanced-resources.html#group-resources

Properties

The following properties are available in the cs_group type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

primitives

An array of primitives to have in this group. Must be listed in the order that you wish them to start.

Parameters

The following parameters are available in the cs_group type.

name

namevar

Name identifier of this group entry. This value needs to be unique across the entire Corosync/Pacemaker configuration since it doesn't have the concept of name spaces per type.

cib

Corosync applies its configuration immediately. Using a CIB allows you to group multiple primitives and relationships to be applied at once. This can be necessary to insert complex configurations into Corosync correctly.

This paramater sets the CIB this order should be created in. A cs_shadow resource with a title of the same name as this value should also be added to your manifest.

cs_location

Type for manipulating corosync/pacemaker resource location. More information on Corosync/Pacemaker colocation can be found here:

• http://www.clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/_ensuring_resources_run_on_the_same_host.html

Properties

The following properties are available in the cs_location type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

primitive

The corosync resource primitive to have a location applied.

node_name

The corosync node_name where the resource should be located.

resource_discovery

Whether Pacemaker should perform resource discovery on this node for the specified resource. It matches the resource-discovery location property in pacemaker

score

The priority of this location. Primitives can be a part of multiple location groups and so there is a way to control which primitives get priority when forcing the move of other primitives. This value can be an integer but is often defined as the string INFINITY.

Default value: INFINITY

rules

The rules of this location. This is an array of hashes where each hash contains an array of one or more expressions.

Example:

cs_location { 'vip-ping-connected': primitive => 'vip', rules => [ 'vip-ping-exclude-rule' => { 'score' => '-INFINITY', 'expression' => [ { 'attribute' => 'pingd', 'operation' => 'lt', 'value' => '100', }, ], }, 'vip-ping-prefer-rule' => { 'score-attribute' => 'pingd', 'expression' => [ { 'attribute' => 'pingd', 'operation' => 'defined', }, ], }, ], }

Parameters

The following parameters are available in the cs_location type.

name

namevar

Identifier of the location entry. This value needs to be unique across the entire Corosync/Pacemaker configuration since it doesn't have the concept of name spaces per type.

cib

Corosync applies its configuration immediately. Using a CIB allows you to group multiple primitives and relationships to be applied at once. This can be necessary to insert complex configurations into Corosync correctly.

This paramater sets the CIB this colocation should be created in. A cs_shadow resource with a title of the same name as this value should also be added to your manifest.

cs_order

Type for manipulating Corosync/Pacemkaer ordering entries. Order entries are another type of constraint that can be put on sets of primitives but unlike colocation, order does matter. These designate the order at which you need specific primitives to come into a desired state before starting up a related primitive.

More information can be found at the following link:

• http://www.clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/_controlling_resource_start_stop_ordering.html

Properties

The following properties are available in the cs_order type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

first

First Corosync primitive. Just like colocation, our primitives for ording come in pairs but this time order matters so we need to define which primitive starts the desired state change chain.

second

Second Corosync primitive. Our second primitive will move to the desired state after the first primitive.

score

The priority of the this ordered grouping. Primitives can be a part of multiple order groups and so there is a way to control which primitives get priority when forcing the order of state changes on other primitives. This value can be an integer but is often defined as the string INFINITY.

Default value: INFINITY

kind

How to enforce the constraint.

Allowed values:

• Optional: Just a suggestion. Only applies if both resources are executing the specified actions. Any change in state by the first resource will have no effect on the then resource.
• Mandatory: Always. If first does not perform first-action, then will not be allowed to performed then-action. If first is restarted, then (if running) will be stopped beforehand and started afterward.
• Serialize: Ensure that no two stop/start actions occur concurrently for the resources. First and then can start in either order, but one must complete starting before the other can be started. A typical use case is when resource start-up puts a high load on the host.

Default value: Mandatory

symmetrical

Boolean specifying if the resources should stop in reverse order. Default value: true.

Default value: true

Parameters

The following parameters are available in the cs_order type.

name

namevar

Name identifier of this ordering entry. This value needs to be unique across the entire Corosync/Pacemaker configuration since it doesn't have the concept of name spaces per type.

cib

Corosync applies its configuration immediately. Using a CIB allows you to group multiple primitives and relationships to be applied at once. This can be necessary to insert complex configurations into Corosync correctly.

This paramater sets the CIB this order should be created in. A cs_shadow resource with a title of the same name as this value should also be added to your manifest.

cs_primitive

Type for manipulating Corosync/Pacemaker primitives. Primitives are probably the most important building block when creating highly available clusters using Corosync and Pacemaker. Each primitive defines an application, ip address, or similar to monitor and maintain. These managed primitives are maintained using what is called a resource agent. These resource agents have a concept of class, type, and subsystem that provides the functionality. Regretibly these pieces of vocabulary clash with those used in Puppet so to overcome the name clashing the property and parameter names have been qualified a bit for clarity.

More information on primitive definitions can be found at the following link:

• http://www.clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Clusters_from_Scratch/_adding_a_resource.html

Properties

The following properties are available in the cs_primitive type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

parameters

A hash of params for the primitive. Parameters in a primitive are used by the underlying resource agent, each class using them slightly differently. In ocf scripts they are exported and pulled into the script as variables to be used. Since the list of these parameters are completely arbitrary and validity not enforced we simply defer defining a model and just accept a hash.

Default value: Hash.new

operations

A hash of operations for the primitive. Operations defined in a primitive are little more predictable as they are commonly things like monitor or start and their values are in seconds. Since each resource agent can define its own set of operations we are going to defer again and just accept a hash. There maybe room to model this one but it would require a review of all resource agents to see if each operation is valid.

Default value: Hash.new

utilization

A hash of utilization attributes for the primitive. If nodes are also configured with available resources, and Pacemaker's placement stratgey is set appropriately, then Pacemaker can place primitives on nodes only where resources are available.

See the Pacemaker documentation:

http://clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Pacemaker_Explained/ch11.html

Default value: Hash.new

metadata

A hash of metadata for the primitive. A primitive can have a set of metadata that doesn't affect the underlying Corosync type/provider but affect that concept of a resource. This metadata is similar to Puppet's resources resource and some meta-parameters, they change resource behavior but have no affect of the data that is synced or manipulated.

Default value: Hash.new

ms_metadata

A hash of metadata for the master/slave primitive state.

Default value: Hash.new

promotable

Valid values: true, false

Designates if the primitive is capable of being managed in a master/slave state. This will create a new ms resource in your Corosync config and add this primitive to it. Concequently Corosync will be helpful and update all your colocation and order resources too but Puppet won't. Currenlty we unmunge configuraiton entries that start with ms_ so that you don't have to account for name change in all our manifests.

Default value: false

Parameters

The following parameters are available in the cs_primitive type.

name

namevar

Name identifier of primitive. This value needs to be unique across the entire Corosync/Pacemaker configuration since it doesn't have the concept of name spaces per type.

primitive_class

Corosync class of the primitive. Examples of classes are lsb or ocf. Lsb funtions a lot like the init provider in Puppet for services, an init script is ran periodically on each host to identify status, or to start and stop a particular application. Ocf of the other hand is a script with meta-data and stucture that is specific to Corosync and Pacemaker.

primitive_type

Corosync primitive type. Type generally matches to the specific 'thing' your managing, i.e. ip address or vhost. Though, they can be completely arbitarily named and manage any number of underlying applications or resources.

provided_by

Corosync primitive provider. All resource agents used in a primitve have something that provides them to the system, be it the Pacemaker or redhat plugins...they're not always obvious though so currently you're left to understand Corosync enough to figure it out. Usually, if it isn't obvious it is because there is only one provider for the resource agent.

To find the list of providers for a resource agent run the following from the command line has Corosync installed:

• crm configure ra providers <ra> <class>

cib

Corosync applies its configuration immediately. Using a CIB allows you to group multiple primitives and relationships to be applied at once. This can be necessary to insert complex configurations into Corosync correctly.

This paramater sets the CIB this primitive should be created in. A cs_shadow resource with a title of the same name as this value should also be added to your manifest.

unmanaged_metadata

Metadata options that should not be managed by Puppet. Examples: ['target-role', 'is-managed']

Default value: Array.new

cs_property

Type for manipulating corosync/pacemaker configuration properties. Besides the configuration file that is managed by the module the contains all these related Corosync types and providers, there is a set of cluster properties that can be set and saved inside the CIB (A CIB being a set of configuration that is synced across the cluster, it can be exported as XML for processing and backup). The type is pretty simple interface for setting key/value pairs or removing them completely. Removing them will result in them taking on their default value.

More information on cluster properties can be found here:

• http://www.clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Pacemaker_Explained/_cluster_options.html

P.S Looked at generating a type dynamically from the cluster's property meta-data that would result in a single type with puppet type properties of every cluster property...may still do so in a later iteration.

Properties

The following properties are available in the cs_property type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

value

Value of the property. It is expected that this will be a single value but we aren't validating string vs. integer vs. boolean because cluster properties can range the gambit.

Parameters

The following parameters are available in the cs_property type.

name

namevar

Name identifier of this property. Simply the name of the cluster property. Happily most of these are unique.

cib

Corosync applies its configuration immediately. Using a CIB allows you to group multiple primitives and relationships to be applied at once. This can be necessary to insert complex configurations into Corosync correctly.

This paramater sets the CIB this parameter should be created in. A cs_shadow resource with a title of the same name as this value should also be added to your manifest.

replace

Valid values: true, false, yes, no

Whether to replace a property that already exists on the cluster whose value doesn't match what the value attribute specifies. Setting this to false allows cs_property resources to initialize properties without overwriting future changes. Defaults to true.

Default value: true

cs_rsc_defaults

Type for manipulating corosync/pacemaker global defaults for resource options. The type is pretty simple interface for setting key/value pairs or removing them completely. Removing them will result in them taking on their default value.

More information on resource defaults can be found here:

• http://clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Pacemaker_Explained/s-resource-defaults.html
• http://clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Pacemaker_Explained/s-resource-options.html

Properties

The following properties are available in the cs_rsc_defaults type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

value

Value of the property. It is expected that this will be a single value but we aren't validating string vs. integer vs. boolean because resource options can range the gambit.

Parameters

The following parameters are available in the cs_rsc_defaults type.

name

namevar

Name identifier of this property. Simply the name of the resource option. Happily most of these are unique.

cib

Corosync applies its configuration immediately. Using a CIB allows you to group multiple primitives and relationships to be applied at once. This can be necessary to insert complex configurations into Corosync correctly.

This paramater sets the CIB this rsc_defaults should be created in. A cs_shadow resource with a title of the same name as this value should also be added to your manifest.

cs_shadow

cs_shadow resources represent a Corosync shadow CIB. Any corosync resources defined with 'cib' set to the title of a cs_shadow resource will not become active until all other resources with the same cib value have also been applied.

Properties

The following properties are available in the cs_shadow type.

epoch

Implementation detail. DO NOT SET DIRECTLY.

Default value: latest

Parameters

The following parameters are available in the cs_shadow type.

cib

namevar

Name of the CIB to begin tracking changes against.

autocommit

Valid values: true, false, yes, no

Whether to generate a cs_commit or not. Can be used to create shadow CIB without committing them.

Default value: true

Data types

Corosync::ArrayRing

The Corosync::ArrayRing data type.

Alias of Variant[Array[Stdlib::IP::Address], Array[ Array[Stdlib::IP::Address] ]]

Corosync::CryptoCipher

Defines the allowed cipher types for secure corosync communication

Alias of Enum['aes256', 'aes192', 'aes128', '3des']

Corosync::CryptoHash

The Corosync::CryptoHash data type.

Alias of Enum['md5', 'sha1', 'sha256', 'sha384', 'sha512']

Corosync::IpStringIp

The Corosync::IpStringIp data type.

Alias of Variant[Stdlib::IP::Address, Array[ Stdlib::IP::Address ]]

Corosync::QuorumAlgorithm

The Corosync::QuorumAlgorithm data type.

Alias of Enum['ffsplit', 'lms']

Corosync::Syslogpriority

The Corosync::Syslogpriority data type.

Alias of Enum['debug', 'info', 'notice', 'warning', 'err', 'alert', 'emerg', 'crit']

Changelog

All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.

v8.2.0 (2021-06-15)

Full Changelog

Implemented enhancements:

• puppetlabs/stdlib: Allow 7.x #514 (bastelfreak)

v8.1.0 (2021-06-14)

Full Changelog

Implemented enhancements:

• expose the config_validate_cmd #509 (AndreasPfaffeneder)

Fixed bugs:

• Dependency problem when enabling secauth and disabling service management #452
• Only notify, subscribe, require corosync service if it shall be managed. #505 (timdeluxe)

Closed issues:

• test_corosync_config fails for pacemaker 3.x #508
• Information on udpu seems not totally clear and doc is missing any mention of Knet #506

Merged pull requests:

• Make statement on udpu a bit more correct. Add information about knet #507 (AndreasPfaffeneder)

v8.0.0 (2021-03-05)

Full Changelog

Breaking changes:

• Drop Puppet 5 support; require Puppet 6.1.0 #501 (bastelfreak)
• Remove Debian jessie #497 (towo)

Implemented enhancements:

• Enable Puppet 7 support #502 (bastelfreak)
• Add SLES 12/15 Support #462 (towo)
• Add possibility to define watchdog_device resource #454 (dlucredativ)

Fixed bugs:

• Match user creation in qdevice to the one in init, solves #494 #495 (joernott)

Closed issues:

• Make hacluster/user group creation optional on qdevice #494
• cs_order fails with pcs provider because of score parameter #485
• Constantly failing beaker tests #455

v7.0.0 (2020-09-04)

Full Changelog

Breaking changes:

• Drop unsupported code 1.x support #486 (ekohl)
• [ci skip] Drop Puppet 4, allow Puppet 6 #466 (bastelfreak)
• Update the support matrix #438 (btravouillon)

Implemented enhancements:

• add parameter ip_version #482 (antondollmaier)
• allow auth_node to be declared whith short name #478 (aop-dw)
• Feat: Add pcs STONITH Resource Support #475 (pdemonaco)
• Puppet Strings Reference & Corosync Crypto #460 (pdemonaco)
• Corosync-qdevice and PCSD Auth #458 (pdemonaco)
• Add support for multiple values in port parameter #440 (lowar)

Fixed bugs:

• fix: missing / in path #477 (aop-dw)
• fix: cs_primitive pcs resource update for Master/Slave primitive correction #476 (pdemonaco)
• Don't fail when set_votequorum=true and cluster_name is set #473 (antaflos)
• Do not explicitly request current environment #442 (towo)
• Multicast parameter fixes #439 (towo)

Closed issues:

• Allow puppet uri for authkey #480
• Catalog compilation should not fail when set_votequorum=true and cluster_name is set (but quorum_members and multicast_address are not) #472
• Provider pcs for cs_primitive generates a syntax error when updating a Master/Slave Resource #459
• Add crypt_hash and crypt_cipher as secauth = deprecated #453
• Provider crm for cs_location type does not set feature resource_discovery #447
• Could not autoload puppet/provider/cs_property/pcs: #403
• Replace PuppetX::Voxpupuli::Corosync::Provider::Pcs by self.class #376

Merged pull requests:

• modulesync 3.0.0 & puppet-lint autofix & rubocop autofix #489 (bastelfreak)
• Fix authkey type: allow same type as file source #481 (Elbandi)
• Update stdlib dependency #474 (jake2184)
• Fix indentation #471 (usev6)
• drop EOL Ubuntu 14.04 #467 (bastelfreak)
• Use newer stdlib types; require stdlib 4.25.0 instead of 4.13.1 #461 (alexjfisher)
• Use debian9 beaker test with Type=simple corosync override #456 (dlucredativ)
• Fix for Issue 447 #450 (timdeluxe)
• modulesync 1.9.6; allow puppetlabs/stdlib 5.x #444 (bastelfreak)
• Rely on beaker-hostgenerator for docker nodesets #441 (ekohl)
• Replace PuppetX::Voxpupuli::Corosync::Provider:: by self.class #431 (btravouillon)

v6.0.1 (2018-03-28)

Full Changelog

Fixed bugs:

• Cannot avoid the bindnetaddr to be set into /etc/corosync/corosync.conf file #421
• fix output of clear_node_high_bit variable in config #433 (oveaurs)
• member section is deprecated in favor of nodelist #430 (btravouillon)

Closed issues:

• Warning in generated corosync.conf #422

Merged pull requests:

• bump puppet to latest supported version 4.10.0 #436 (bastelfreak)
• Use docker_sets in travis.yml #435 (ekohl)

v6.0.0 (2017-12-09)

Full Changelog

Breaking changes:

• Move away from the UNSET pattern #322
• [RFC] Removing enable_secauth_real #420 (kBite)
• Breaking: Use puppet4 data types #419 (kBite)

Implemented enhancements:

• Support Debian 9 #404
• support Debian 9 (#404) #416 (wyardley)

Fixed bugs:

• added class param clear_node_high_bit. This is used in templates/coro… #402 (oveaurs)

Merged pull requests:

• Fix variable type to allow authkey to be a string #427 (cedef)
• Added manage corosync feature #424 (Nekototori)

v5.1.0 (2017-10-27)

Full Changelog

Implemented enhancements:

• Define the names of the quorum members #407 (btravouillon)
• Add tunables to enable the services #406 (btravouillon)

Fixed bugs:

• CentOS 7 issues w/ pcs / CIB shadow #409
• openhpid dependency issue #408
• Change usage of CIB shadow for pcs #410 (btravouillon)

Closed issues:

• Parameter 'log_file_name' is not processed #400

Merged pull requests:

• Simplify acceptance, allow hack for Debian 8 to return 1 or 100 #413 (wyardley)
• update badges and add tags to metadata #412 (wyardley)
• Configure debian 8 systems for acceptance tests #411 (btravouillon)
• Bump min version_requirement for Puppet + dep #393 (juniorsysadmin)

test-tag (2017-04-09)

Full Changelog

Implemented enhancements:

• Add pcs provider for cs_rsc_defaults type #399 (spacedog)

Closed issues:

• Cannot apply a cs_location to a group of resources #396
• cs_group expecting more than 1 member #375
• Vox Pupuli First Elections #355

Merged pull requests:

• cs_location should require cs_group #397 (roidelapluie)
• Support timestamp and logfile config options #389 (antaflos)
• Add CII badge #387 (roidelapluie)
• rubocop: fix RSpec/ImplicitExpect #386 (alexjfisher)
• Support configuring netmtu #384 (trondiz)
• Update crm.rb #383 (VuokkoVuorinnen)
• Release 5.0.0 #373 (roidelapluie)

v5.0.0 (2016-09-16)

• Allow multiple rings in nodelist (#262, #291, #336, #358)
• Add support for cs_location rules (#132, #310, #356)
• Allow 1-element arrays for primitives in cs_group (#152, #368)
• Add support for clone of groups (#176, #371)
• New class parameter: vsftype (#345)
• Add the nodelist to corosync.conf even if we set the expected votes count (#347)
• Add autorequirement between cs_location and cs_primitives/cs_clone (#359)
• Add autorequirement between cs_clone and cs_primitive (#357, #365)
• Lots of fixes regarding cs_clone (#367, #149, #370)
• Add "Managed By Puppet" header to corosync.conf (#360)
• Improve tests (#335, #337, #331, #328, #364, #369, #370)
• Modulesync (#330)

Backward incompatible changes

• Support for Puppet < 3.8.0 is removed (#334)
• Logging to file is enabled by default. (#345)
• Corosync.conf got a major cleanup. Most of the parameters are now implicit so we get pacemaker defaults. List of affected parameters: compatibility, consensus, join, max_messages, rrp_mode, threads, token, token_retransmits_before_loss_const, vsftype. Those parameters can now be specified as class parameters. (#345)
• Removed legacy configuration sections: amf, aisexec, logging.logger_subsys (#345)
• Fix two_nodes behaviour with expected_votes = 2 introduced in 3.0.0 (#246)
• Cs_clone: clones are now stopped before being removed (crm provider) (#367)
• Cs_clone now uses the resource name as clone id (pcs provider) (#149, #367)
• Cs_clone purges parameters that are not explicitly set (#370)

Deprecation notes

We have plans to rename this module and deprecated old Puppet releases and Puppet distributions. Please refer to our roadmap for further details.

Naming of this module

The issue #32 concerning the naming of this module will be closed in the next major release of this module. In v6.0.0, this module could be rebranded to a better name, as well as the types and resources.

2016-09-02 - Release 4.0.1

Summary

• Fix enable_secauth => false (#341)

2016-08-30 - Release 4.0.0

Summary

• Validate corosync configuration before overwriting (available in EL7, Ubuntu 16.04, and Debian Jessie) (#294)
• multicast_address and unicast_addresses are no longer mandatory if clustername is set (#318)
• Modulesync updates

Backward incompatible changes

• Support for Puppet <= 3.6.0 is removed (#319)

Deprecation notes

We have plans to rename this module and deprecated old Puppet releases and Puppet distributions. Please refer to our roadmap for further details.

Naming of this module

The issue #32 concerning the naming of this module will be closed in two major releases of this module. In v6.0.0, this module could be rebranded to a better name.

2016-08-18 - Release 3.0.0

Summary

• Fixed a bug with two_nodes option and three-node clusters (#316)
• Improved corosync readiness detection (#314)
• Modulesync updates
• Introduce a public roadmap

Backward incompatible changes

• Providers now wait up to 60 seconds to get a non null CIB. On new clusters, it means that you wait 60 seconds for nothing, but when adding a node to the cluster, it means that we join the cluster before operating it with this puppet module. If you are using Cs_shadow and all your resources depend on that one, then instead of a non-null (non 0.0) epoch, we wait for a non 0.* epoch, because the Cs_shadow and Cs_commit couple will update the epoch anyway. (#314)

Deprecation notes

Deprecating old Puppet releases:

• We will remove support for Puppet <= 3.6.0 in the next major release of this module (v4.0.0).
• We will remove support for Puppet <= 3.8.0 in two major releases of this module (v5.0.0).
• We will remove support for Puppet <= 4.6.0 in three major releases of this module (v6.0.0).

Puppet 3 support

The 5.0.0 release will be a LTS and will be supported until VoxPupuli stops Puppet 3 support (voxpupuli/plumbing#21). It will be the latest release to support Puppet 3. After its release, only bugfixes and security fixes will be applied. We will not introduce backward incompatible changes in this LTS release.

That LTS release will be available under the "puppet3" branch of this module.

Please consider moving straight to Puppet 4.

Naming of this module

The issue #32 concerning the naming of this module will be closed in three major releases of this module. In v6.0.0, this module could be rebranded to a better name.

2016-06-28 - Release 2.0.1

Summary

• Support Ubuntu 16.04 (#288)
• Fix travis release (#302)

2016-06-28 - Release 2.0.0

Summary

• Replace Cs_primitive[manage_target_role] parameter by Cs_primitive[unmanaged_metadata] parameter (#275)
• Support Debian 8. Requires jessie-backports apt repository (not included in this module) (#282)
• Set Puppet requirement version to >= 3.0.0 < 5.0.0 (#286)
• Add a cib parameter to cs_rsc_default (#296)

Backward incompatible changes

• Cs_primitive[manage_target_role] parameter (introduced in 1.1.0, deprecated in 1.2.0) has ben replaced by the more powerful Cs_primitive[unmanaged_metadata] parameter (#275). To update, you need to replace manage_target_role => false by unmanaged_metadata => ['targes-role']
• The class parameter corosync::packages has been removed (was deprecated in 0.8.0) (#282)

Deprecation notes

We will remove support for Puppet <= 3.6.0 in two major releases of this module (4.0.0).

2016-06-16 - Release 1.2.1

Summary

• Workaround upstream Puppet bug regarding PuppetX ruby namespace (#278 #284 SERVER-973)

2016-06-14 - Release 1.2.0

Summary

• Deprecate Cs_primitive[manage_target_role] in favour of Cs_primitive[unmanaged_metadata]

2016-06-16 - Release 1.1.1

Summary

• Workaround upstream Puppet bug regarding PuppetX ruby namespace (#278 #284 SERVER-973)

2016-06-13 - Release 1.1.0

Summary

• Move helpers functions to PuppetX ruby namespace (#259)
• Cs_commit used with cs_shadow are now idempotent (#263)
• Cs_primitive: Fix metadata removal when the metadata parameter is empty (#264)
• Cs_primitive: Add a manage_target_role parameter (#265)
• Inner changes to the crm providers to better manage the crm commands (#217 #268 #269 #270 #271 #272 #273)
• Adoption of Vox Pupuli code of conduct (coc) for further contributions (#267)

2016-05-24 - Release 1.0.2

Summary

• Puppet 4.5.0 support (#258)
• Modulesync update

2016-05-23 - Release 1.0.1

Summary

• Minor fix to the release scripts

2016-05-23 - Release 1.0.0

Summary

• Ubuntu 14.04 support (#178)
• pcs provider: improved support for cs_shadow, cs_commit(#197 #196 #209)
• cs_property now takes an optional replace parameter that do not update previously created parameters. Useful to let users change the settings at runtime without stopping puppet (e.g for maintenance mode) (#203)
• cs_location now supports a resource_discovery parameter that matches pacemaker resource-discovery location property
• cs_property will now wait for the cluster to be ready (#170)
• Log the crm and pcs commands output (crmsh: #177, pcs: #219)
• cs_property will only take care of cib-bootstrap-options cluster property set (crm: #174 pcs: #224)
• crm provider: Fix cs_colocation for resources with a role (#175)
• cs_commit now autorequires cs_groups (#183)
• support for more corosync configuration parameters (#184 #192 #194)
• pcs provider: speed enhancements (#187)
• pcs provider: cs_order: implement the kind and symmetrical parameters (#188 and #131
• pcs provider: cs_colocation: Add support for colocation sets (#190)
• add support for the pcsd service (#130)
• crm provider: Preserve resource order in cs_group (#133)
• corosync: support for multiple rings in unicast mode (#251)
• Bugfixes, improved tests, improved documentation

Backward incompatible changes

• cs_commit resources now only commit when refreshed (see README) (#209)
• pcs provider: cs_location: the order of the primitives is now the chronological order: ['with-rsc', 'rsc']. This aligns pcs with the crmsh provider (#212)
• pcs_provider: cs_colocation: the order of the primitives is now respected. Previously they were sorted by chronological order (#153).
• cs_primitive operations parameter with a role now need to define the role as a property, and if multiple operations have the same role you have to use an array (#236)
• cs_order: the resources_type parameter has been removed (#246)

2015-10-14 - Release 0.8.0

Summary

• manage package and version for pcs
• Use Puppet::Type.newtype instead of Puppet.newtype
• Fix deprecation warning for SUIDManager.
• Fix acceptance tests for RHEL6 and Ubuntu 14.04
• Implement ensure => $version for pacemaker and corosync package
• Made pacemaker and corosync version configurable
  • Added variables to manage pacemaker or corosync package.
  • Added variables to manage pacemaker and corosync version.
  • Moved package parameters to init.pp. Required to accomodate the logic that allows new style $package_{corosync,pacemaker} parameters, and the old-style $packages to co-exist in a safe manner.
  • Added deprecation warning for $packages parameter and fail() for mixed use of $packages and $package_{corosync,pacemaker}.
  • Added spec tests for new package parameters.
• Added failure spec test for mixed use of $packages and $package_*.
• Made token_retransmits_before_loss_const a parameter to allow hearbeat tuning
• Move beaker to system-tests group
• Add spec for cs_colocation
• Add basic beaker-rspec testing
• Colocation is allowed on at least 2 primitives
• Bugfix, crmsh cs_location provider
• param mcastport is still used when using broadcast mode
• Fixed ordering of self.ready? tests
• Added caching on self.ready
• Ensure node IDs for votequorum are not "0"
• Add votequorum setting to corosync.conf
• Add cs_clone provider and type (complete)
• Implement rsc_defaults
• make token value configurable

2014-12-2 - Release 0.7.0

Summary

This release refactors the main class to use corosync::params for defaults and no longer checks global variables for the parameters. It also includes strict variable support, a few other features, and a bugfix for EL platforms.

Backwards Incompatible Changes

Class corosync no longer uses global varaibles $::port, $::threads, $::port, $::bind_address, $::unicast_addresses, $::multicast_address, or $::enable_secauth. These should be passed as parameters to the corosync class instead.

Features

• Strict variable support
• Add support for spaces in cs_primitive parameters
• Add support for multiple operations with the same name
• Add some parameter validation

Bugfixes

• Removed enable corosync exec for EL platforms

2014-07-15 - Release 0.6.0

Summary

This release adds support for the PCS provider. It also updates metadata.json so the module can be uninstalled and upgraded via the puppet module command.

Features

• Add support for PCS provider

2014-06-24 - Release 0.5.0

Summary

This module has undergone two years of development, and pretty much every aspect of it has changed in some regard. I've tried to capture the key changes below, but you should rely on the README to see how things work now.

Features

• Added a new resource type cs_location.
• Make primitive utilization attributes managable.
• Added symmetrical parameter on cs_order (for ordering).
• Allow ordering of cs_groups.
• Allow to specify rrpmode and ttl.
• Allow to specifiy several rings.
• Permit broadcast.
• Allow more than two primitives per cs_colocation.
• Allow the authkey to be provided as a string.
• Add tests.
• Rework significant amounts of the provider code.

Bugfixes

• Delete an existing cib to start fresh
• Only change /etc/defaults for corosync startup on Debian platforms
• Fix templates for Puppet 3.2+.
• Don't complain if cs_primitive doesn't have a utilization parameter.
• Consider <instance_attributes/> within primitive operations.
• Changed osfamily check to include other operating systems.
• Updated node to node_name in cs_location function as 'node' is a reserved name, this replacement allows cs_location to work correctly.

2012-10-14 - Release 0.1.0

• Added robustness for general corosync management (read the merges)
• Added cs_group type
• Added some testing
• Generally tried to get on top of this thing.

* This Changelog was automatically generated by github_changelog_generator