Releases: linux-system-roles/ha_cluster
Version 1.8.1
[1.8.1] - 2022-11-14
New Features
- none
Bug Fixes
- none
Other Changes
- long heading causes problems with md to adoc conversion
The long heading causes problems with md to adoc conversion. Shorten
the length by using abbreviations.
Version 1.8.0
[1.8.0] - 2022-11-01
New Features
-
Use the firewall role and the selinux role from the ha_cluster role
-
Introduce ha_cluster_manage_firewall to use the firewall role to
manage the high-availability service and the fence-virt port.
Default to false - means the firewall role is not used. -
Introduce ha_cluster_manage_selinux to use the selinux role to
manage the ports in the high-availability service.
Assign cluster_port_t to the high-availability service ports.
Default to false - means the selinux role is not used. -
Add the test check task tasks/check_firewall_selinux.yml for
verify the ports status.
Note: This pr changes the ha_cluster role's behavior slightly.
It used to configure firewall without any settings if the firewall
service is enabled. With this change made by this pr, unless
ha_cluster_manage_firewall is set to true, the firewall is not
configured.
-
Use the certificate role to create the cert and the key
-
Introduce a variable ha_cluster_pcsd_certificates to set the certificate_requests.
Note: Get mode of /var/lib/pcsd using the stat module and reset it
in the following file for fixing the issue "risky-file-permissions
File permissions unset or incorrect".
-
add support for configuring qnetd
-
add support for configuring qdevice
-
qdevice and qnetd documentation
Bug Fixes
- fix decoding variables from an Ansible vault
Workaround Ansible issue ansible/ansible#24425
Before fix, the role was failing with the following message:
object of type 'AnsibleVaultEncryptedUnicode' has no len()
-
add a test for vault-encrypted variables
-
adapt tests with vault-encrypted variables for CI
-
use a real temporary directory for test secrets
The tests were writing generated secrets to the directory tests/tmp
which is shared by all tests when running tests in parallel.
Instead, create a real temporary directory for these secrets for the
tests that use generated secrets.
-
fix checking hacluster password
-
update sbd config file template
-
fix installing qnetd and pcs packages
-
fix auth for qnetd host
Other Changes
-
fix linter issues
-
fix qnetd setup in tests
-
fix typos
[1.7.5] - 2022-09-19
Version 1.7.4
[1.7.4] - 2022-07-19
New Features
- none
Bug Fixes
- readme: describe limitations of udp transports (#56)
Other Changes
- make all tests work with gather_facts: false (#52)
Ensure tests work when using ANSIBLE_GATHERING=explicit
- make min_ansible_version a string in meta/main.yml (#53)
The Ansible developers say that min_ansible_version in meta/main.yml
must be a string value like "2.9", not a float value like 2.9.
- Add CHANGELOG.md (#54)
use ansible_play_hosts instead of ansible_play_hosts_all
s/ansible_play_hosts_all/ansible_play_hosts/ where applicable (#51)
The ha_cluster role is sometimes included within other roles.
In the scenario when a play is run against multiple hosts, and some of
them fail prior to including the ha_cluster role, the ha_cluster role
must continue only on the active hosts. Otherwise, the ha_cluster role
tries to operate on failed nodes and fails.
Move tasks that set up CI environment to role's tasks/ dir (#50)
Move tasks that set up CI environment to role's tasks/ dir (#50)
Move tests/tasks/cleanup_sbd.yml,setup_sbd.yml,setup_test.yml to tasks/
Add comments that this task must only be used in testing
Change include_tasks to include_role with tasks_from
Add comments explaining why test tasks reside in tasks/
additional fix password_hash salt length (#47)
additional fix password_hash salt length (#47)
To make sure the string is strictly truncated at the given length,
use python style syntax instead of "truncate".
[citest skip] bump tox-lsr version to 2.11.0; remove py37; add py310 (#48)
tox-lsr version 2.11.0 has support for collection-requirements.yml,
runqemu improvements, and support for python 3.10
python 3.7 is not used on any supported platform, so remove it
Signed-off-by: Rich Megginson [email protected]
# add support for configuring bundle resources
add support for configuring bundle resources
disable cluster uuid
test: fix corosync.conf assert for older pcs versions
test: update for new resource config output format
install resource-agents explicitly
previously, resource-agents package was installed implicitly as
a dependency
support gather_facts: false; support setup-snapshot.yml
Some users use gather_facts: false in their playbooks. This changes
the role to work in that case, by gathering only the facts it requires
to run.
CI testing can be sped up by creating a snapshot image pre-installed
with packages. tests/setup-snapshot.yml can be used by a CI system
to do this.
add support for advanced corosync configuration
add support for advanced corosync configuration
see README for new corosync options
Add support for SBD
Add support for SBD
- add support for configuring delay-start, timeout-action, watchdog
and watchdog-timeout - add possibility to configure different SBD devices for each node
- drop softdog module due to software watchdog being unsupported
- fix auto_tie_breaker configuration
- install SBD packages
- make the sbd configuring part of the role run properly even if run
on an existing cluster- properly enable or disable SBD service
- restart cluster if SBD configuration changed
- set stonith-watchdog-timeout cluster property
fix purging CIB
Cluster property 'stonith-watchdog-timeout' is now fully managed
by the role in tasks/sbd.yml file. Therefore, it should not be
removed when purging CIB.
fix roles in constraints tests
As a side-effect of resetting stonith-watchdog-timeout cluster property
when (de)configuring SBD, pcs may create an empty CIB file. To ensure
compatibility with all pacemaker versions, the CIB is set to comply with
the lowest schema version shipped with pacemaker 2.0.0. This schema
doesn't support new role names. Therefore, even with the most recent pcs
and pacemaker, legacy roles may be stored in CIB.