Puppet Class: corosync::qdevice

Defined in:
manifests/qdevice.pp

Summary

Performs basic initial configuration of the qdevice daemon on a node.

Overview

This class performs the configuration of the qdevice daemon on a target node. Note that this requires corosync 2.x and must never be deployed on a node which is actually part of a cluster. Additionally, you will need to open the correct firewall ports for both pcs, and the actual quorum device as shown in the included example.

Examples:

Quorum node with default password & configuring the firewall

include firewalld

class { 'corosync::qdevice':
  sensitive_hacluster_hash => $sensitive_hacluster_hash,
}
contain 'corosync::qdevice'

# Open the corosync-qnetd port
firewalld::custom_service { 'corosync-qdevice-net':
  description => 'Corosync Quorum Net Device Port',
  port        => [
    {
      port     => '5403',
      protocol => 'tcp',
    },
  ],
}
firewalld_service { 'corosync-qdevice-net':
  ensure  => 'present',
  service => 'corosync-qdevice-net',
  zone    => 'public',
}

# Configure general PCS firewall rules
firewalld_service { 'high-availability':
  ensure  => 'present',
  service => 'high-availability',
  zone    => 'public',
}

Parameters:

  • sensitive_hacluster_hash (Optional[Sensitive[String]]) (defaults to: undef)

    The password hash for the hacluster user on this quorum device node. If omitted, you must create the hacluster user and haclient group yourself. This user is required because pcsd must be used to perform the quorum node configuration.

  • package_pcs (String[1]) (defaults to: 'pcs')

    Name of the PCS package on this system.

  • package_corosync_qnetd (String[1]) (defaults to: 'corosync-qnetd')

    Name of the corosync qnetd package for this system.

See Also:



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
# File 'manifests/qdevice.pp', line 53

class corosync::qdevice (
  String[1] $package_pcs                                = 'pcs',
  String[1] $package_corosync_qnetd                     = 'corosync-qnetd',
  Optional[Sensitive[String]] $sensitive_hacluster_hash = undef,
) {
  $cluster_group = 'haclient'
  $cluster_user = 'hacluster'

  # Install the required packages
  [$package_pcs, $package_corosync_qnetd].each |$package| {
    package { $package:
      ensure => present,
    }
  }

  if $sensitive_hacluster_hash {
    # Cluster control group
    group { $cluster_group:
      ensure  => 'present',
      require => Package[$package_pcs, $package_corosync_qnetd],
    }

    # Cluster admin credentials
    user { $cluster_user:
      ensure   => 'present',
      password => $sensitive_hacluster_hash.unwrap,
      gid      => $cluster_group,
    }
  }

  # Enable the PCS service
  service { 'pcsd':
    ensure  => 'running',
    enable  => true,
    require => [
      Package[$package_pcs],
      Package[$package_corosync_qnetd],
    ],
  }

  $exec_path = '/sbin:/bin:/usr/sbin:/usr/bin'

  # Configure the quorum device
  exec { 'pcs qdevice setup model net --enable --start':
    path    => $exec_path,
    onlyif  => [
      'test ! -f /etc/corosync/qnetd/nssdb/qnetd-cacert.crt',
    ],
    require => Service['pcsd'],
  }

  # Ensure the net device is running
  exec { 'pcs qdevice start net':
    path    => $exec_path,
    onlyif  => [
      'test -f /etc/corosync/qnetd/nssdb/qnetd-cacert.crt',
      'test 0 -ne $(pcs qdevice status net >/dev/null 2>&1; echo $?)',
    ],
    require => [
      Package['pcs'],
      Package['corosync-qnetd'],
    ],
  }
}