From ff08d173b67a993fb381a1476e3067fa49f5a22e Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotjagov Date: Mon, 6 May 2019 18:06:13 +0300 Subject: [PATCH 01/21] Add option to set node name as fqdn Some software, that relies on corosync, checks nodes status by their FQDN (with crmadmin -S). And ansible inventory_hostname may not match with hosts FQDN. In this case you may set pacemaker_corosync_fqdn: true and fqdn will be used in corosync config instead of inventory_hostname. --- README.md | 1 + defaults/main.yml | 1 + templates/corosync.conf.j2 | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 643e3f4..56fb970 100644 --- a/README.md +++ b/README.md @@ -7,4 +7,5 @@ Deploys corosync/pacemaker on Ubuntu 14.04 - `pacemaker_corosync_group`: Ansible group name for corosync cluster (default: false, *mandatory*) - `pacemaker_corosync_ring_interface`: Interface to use for ring0 communications (default: false, *mandatory*) +- `pacemaker_corosync_fqdn`: Whether use inventory_hostname or ansible_fqdn as node name for corosync (default: false) diff --git a/defaults/main.yml b/defaults/main.yml index 86d8e38..319646e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,2 +1,3 @@ +pacemaker_corosync_fqdn: false pacemaker_corosync_group: false pacemaker_corosync_ring_interface: false diff --git a/templates/corosync.conf.j2 b/templates/corosync.conf.j2 index 98ecfcf..3293f3b 100644 --- a/templates/corosync.conf.j2 +++ b/templates/corosync.conf.j2 @@ -30,7 +30,7 @@ nodelist { {% for node in groups[pacemaker_corosync_group]|sort %} node { ring0_addr: {{ hostvars[node]['ansible_' + pacemaker_corosync_ring_interface].ipv4.address }} - name: {{ node }} + name: {{ pacemaker_corosync_fqdn | bool | ternary(hostvars[node].ansible_fqdn, node) }} nodeid: {{ loop.index }} } {% endfor %} From a5bea0c63179bdf2ba1c55bf90245424cdf43152 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Fri, 3 Jul 2020 00:55:02 +0300 Subject: [PATCH 02/21] Add support for wider distro set This patch makes pacemaker/corosync more universal, and now it's possbile to use role against CentOS 7 and CentOS 8 --- README.md | 2 +- handlers/main.yml | 1 + tasks/pacemaker.yml | 54 ++++++++++++++++++++------------------ templates/corosync.conf.j2 | 2 +- 4 files changed, 31 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 56fb970..fc4034d 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ ansible-pacemaker-corosync role =============================== -Deploys corosync/pacemaker on Ubuntu 14.04 +Deploys corosync/pacemaker # Variables diff --git a/handlers/main.yml b/handlers/main.yml index 10a59be..7c3e314 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -2,6 +2,7 @@ service: name: "{{ item }}" state: restarted + enabled: yes with_items: - corosync - pacemaker diff --git a/tasks/pacemaker.yml b/tasks/pacemaker.yml index 9f229f2..2420ce8 100644 --- a/tasks/pacemaker.yml +++ b/tasks/pacemaker.yml @@ -1,12 +1,23 @@ +- name: Enable HighAvailability repository + command: yum-config-manager --enable HighAvailability + changed_when: false + when: + - ansible_os_family | lower == 'redhat' + - ansible_distribution_major_version is version('8', '=') + - name: Installs pacemaker & corosync - apt: pkg={{item}} state=present + package: + name: "{{ item }}" + state: present with_items: - corosync - pacemaker - name: Install haveged - apt: pkg=haveged state=present - when: haveged_enabled | default(true) + package: + name: haveged + state: present + when: haveged_enabled | default(True) | bool - name: Generates corosync key become: true @@ -19,21 +30,28 @@ notify: Restart corosync - name: Generate tmpdir for authkey - local_action: tempfile + local_action: + module: tempfile register: authkey_tempfile changed_when: False check_mode: no when: inventory_hostname != groups[pacemaker_corosync_group][0] - name: Fetch authkey for other nodes - fetch: src=/etc/corosync/authkey dest="{{ authkey_tempfile.path }}" flat=yes + fetch: + src: /etc/corosync/authkey + dest: "{{ authkey_tempfile.path }}" + flat: yes delegate_to: "{{ groups[pacemaker_corosync_group][0] }}" changed_when: False check_mode: no when: inventory_hostname != groups[pacemaker_corosync_group][0] - name: Copy authkey to other nodes - copy: src="{{ authkey_tempfile.path }}" dest=/etc/corosync/authkey mode=0400 + copy: + src: "{{ authkey_tempfile.path }}" + dest: /etc/corosync/authkey + mode: "0400" when: inventory_hostname != groups[pacemaker_corosync_group][0] notify: Restart corosync @@ -49,7 +67,7 @@ - name: Chowns authkeys file: path: /etc/corosync/authkey - mode: 0400 + mode: "0400" owner: root notify: Restart corosync @@ -57,7 +75,7 @@ template: src: corosync.conf.j2 dest: /etc/corosync/corosync.conf - mode: 0400 + mode: "0400" owner: root notify: Restart corosync @@ -65,7 +83,7 @@ template: src: corosync_logrotate.conf.j2 dest: /etc/logrotate.d/corosync - mode: 0644 + mode: "0644" owner: root - name: Creates services directory @@ -78,7 +96,7 @@ src: pcmk dest: /etc/corosync/service.d/pcmk owner: root - mode: 0400 + mode: "0400" notify: Restart corosync - name: Adds ferm filtering @@ -88,19 +106,3 @@ when: ferm_enabled | default(false) tags: ferm notify: Restart ferm - -- name: Enables corosync at boot - copy: - dest: /etc/default/corosync - content: "START=yes" - when: ansible_service_mgr != "systemd" - -- name: Enables corosync at boot - systemd: name=corosync.service state=started enabled=yes - when: ansible_service_mgr == "systemd" - -- name: Registers pacemaker service - service: - name: pacemaker - enabled: true - diff --git a/templates/corosync.conf.j2 b/templates/corosync.conf.j2 index 3293f3b..e212057 100644 --- a/templates/corosync.conf.j2 +++ b/templates/corosync.conf.j2 @@ -6,7 +6,7 @@ totem { {% endif %} interface { ringnumber: 0 - bindnetaddr: {{ hostvars[inventory_hostname]['ansible_' + pacemaker_corosync_ring_interface].ipv4.address }} + bindnetaddr: {{ hostvars[inventory_hostname]['ansible_' + pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address }} broadcast: yes mcastport: 5405 } From f1be7a65dad45db0d01298098f9e1839af3ae48a Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Tue, 4 Aug 2020 13:11:25 +0300 Subject: [PATCH 03/21] Add variables to control logging options Added 2 variables - pacemaker_corosync_use_logfile and pacemaker_corosync_use_syslog which you can enable/disable to controll where corosync log will be written to. --- defaults/main.yml | 2 ++ tasks/pacemaker.yml | 7 +++++++ templates/corosync.conf.j2 | 12 +++++++----- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 319646e..30238a7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,3 +1,5 @@ pacemaker_corosync_fqdn: false pacemaker_corosync_group: false pacemaker_corosync_ring_interface: false +pacemaker_corosync_use_syslog: true +pacemaker_corosync_use_logfile: false diff --git a/tasks/pacemaker.yml b/tasks/pacemaker.yml index 2420ce8..69943c8 100644 --- a/tasks/pacemaker.yml +++ b/tasks/pacemaker.yml @@ -79,12 +79,19 @@ owner: root notify: Restart corosync +- name: Creates log directory + file: + path: /var/log/corosync + state: directory + when: pacemaker_corosync_use_logfile | bool is true + - name: Adds logrotate config for corosync template: src: corosync_logrotate.conf.j2 dest: /etc/logrotate.d/corosync mode: "0644" owner: root + when: pacemaker_corosync_use_logfile | bool is true - name: Creates services directory file: diff --git a/templates/corosync.conf.j2 b/templates/corosync.conf.j2 index e212057..cf8514c 100644 --- a/templates/corosync.conf.j2 +++ b/templates/corosync.conf.j2 @@ -1,3 +1,4 @@ +{% set _pacemaker_corosync_bind_addr = hostvars[inventory_hostname]['ansible_' + pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address %} totem { version: 2 cluster_name: {{ pacemaker_corosync_group }} @@ -6,7 +7,7 @@ totem { {% endif %} interface { ringnumber: 0 - bindnetaddr: {{ hostvars[inventory_hostname]['ansible_' + pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address }} + bindnetaddr: {{ _pacemaker_corosync_bind_addr }} broadcast: yes mcastport: 5405 } @@ -29,7 +30,7 @@ quorum { nodelist { {% for node in groups[pacemaker_corosync_group]|sort %} node { - ring0_addr: {{ hostvars[node]['ansible_' + pacemaker_corosync_ring_interface].ipv4.address }} + ring0_addr: {{ _pacemaker_corosync_bind_addr }} name: {{ pacemaker_corosync_fqdn | bool | ternary(hostvars[node].ansible_fqdn, node) }} nodeid: {{ loop.index }} } @@ -38,9 +39,10 @@ nodelist { {% endif %} logging { - to_logfile: yes + to_logfile: {{ (pacemaker_corosync_use_logfile | bool) | ternary('yes', 'no') }} + {% if pacemaker_corosync_use_logfile | bool %} logfile: /var/log/corosync/corosync.log - to_syslog: yes + {% endif %} + to_syslog: {{ (pacemaker_corosync_use_syslog | bool) | ternary('yes', 'no') }} timestamp: on } - From 7ae17fbd39885e0b37383e6d192d25e54d8554c8 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Mon, 17 Aug 2020 15:19:23 +0300 Subject: [PATCH 04/21] Remove unnecessary test for pacemaker_corosync_use_logfile --- tasks/pacemaker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/pacemaker.yml b/tasks/pacemaker.yml index 69943c8..14e1374 100644 --- a/tasks/pacemaker.yml +++ b/tasks/pacemaker.yml @@ -83,7 +83,7 @@ file: path: /var/log/corosync state: directory - when: pacemaker_corosync_use_logfile | bool is true + when: pacemaker_corosync_use_logfile | bool - name: Adds logrotate config for corosync template: @@ -91,7 +91,7 @@ dest: /etc/logrotate.d/corosync mode: "0644" owner: root - when: pacemaker_corosync_use_logfile | bool is true + when: pacemaker_corosync_use_logfile | bool - name: Creates services directory file: From 078f1f8051fe014769ac60ef56eb9c0b457226e2 Mon Sep 17 00:00:00 2001 From: Michiel Piscaer Date: Thu, 20 Aug 2020 11:41:59 +0200 Subject: [PATCH 05/21] Update corosync.conf.j2 _pacemaker_corosync_bind_addr was only generating the ip address of the current node and so on all nodes you got the same ip address. --- templates/corosync.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/corosync.conf.j2 b/templates/corosync.conf.j2 index cf8514c..85a6aa7 100644 --- a/templates/corosync.conf.j2 +++ b/templates/corosync.conf.j2 @@ -30,7 +30,7 @@ quorum { nodelist { {% for node in groups[pacemaker_corosync_group]|sort %} node { - ring0_addr: {{ _pacemaker_corosync_bind_addr }} + ring0_addr: {{ hostvars[node]['ansible_' + pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address }} name: {{ pacemaker_corosync_fqdn | bool | ternary(hostvars[node].ansible_fqdn, node) }} nodeid: {{ loop.index }} } From 9442dd3914d8b9fc9f20b032d634fd4ca165c77a Mon Sep 17 00:00:00 2001 From: Michiel Piscaer Date: Thu, 20 Aug 2020 15:57:48 +0200 Subject: [PATCH 06/21] add pacemaker-remote --- README.md | 2 +- handlers/main.yml | 1 + tasks/pacemaker.yml | 17 ++++++++++++++++- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fc4034d..03ca93b 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,6 @@ Deploys corosync/pacemaker # Variables - `pacemaker_corosync_group`: Ansible group name for corosync cluster (default: false, *mandatory*) +- `pacemaker_remote_group`: Ansible group name for pacemaker-remote cluster (default: false) - `pacemaker_corosync_ring_interface`: Interface to use for ring0 communications (default: false, *mandatory*) - `pacemaker_corosync_fqdn`: Whether use inventory_hostname or ansible_fqdn as node name for corosync (default: false) - diff --git a/handlers/main.yml b/handlers/main.yml index 7c3e314..bdf43e0 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -6,3 +6,4 @@ with_items: - corosync - pacemaker + - pacemaker-remote diff --git a/tasks/pacemaker.yml b/tasks/pacemaker.yml index 14e1374..fdcce4c 100644 --- a/tasks/pacemaker.yml +++ b/tasks/pacemaker.yml @@ -5,13 +5,28 @@ - ansible_os_family | lower == 'redhat' - ansible_distribution_major_version is version('8', '=') -- name: Installs pacemaker & corosync +- name: Installs corosync package: name: "{{ item }}" state: present with_items: - corosync + +- name: Installs pacemaker + package: + name: "{{ item }}" + state: present + with_items: - pacemaker + when: "'pacemaker_corosync_group' in group_names" + +- name: Installs pacemaker-remote + package: + name: "{{ item }}" + state: present + with_items: + - pacemaker-remote + when: "'pacemaker_remote_group' in group_names" - name: Install haveged package: From 4a1d61386f4e35bc7f42f92045418eef1edf00d1 Mon Sep 17 00:00:00 2001 From: Michiel Piscaer Date: Thu, 20 Aug 2020 19:44:34 +0200 Subject: [PATCH 07/21] chnage the condition --- README.md | 2 +- tasks/pacemaker.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 03ca93b..f439ba5 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,6 @@ Deploys corosync/pacemaker # Variables - `pacemaker_corosync_group`: Ansible group name for corosync cluster (default: false, *mandatory*) -- `pacemaker_remote_group`: Ansible group name for pacemaker-remote cluster (default: false) +- `pacemaker_remote_group`: Ansible group name for pacemaker-remote cluster (default: false, *mandatory*) - `pacemaker_corosync_ring_interface`: Interface to use for ring0 communications (default: false, *mandatory*) - `pacemaker_corosync_fqdn`: Whether use inventory_hostname or ansible_fqdn as node name for corosync (default: false) diff --git a/tasks/pacemaker.yml b/tasks/pacemaker.yml index fdcce4c..a2106bc 100644 --- a/tasks/pacemaker.yml +++ b/tasks/pacemaker.yml @@ -18,7 +18,7 @@ state: present with_items: - pacemaker - when: "'pacemaker_corosync_group' in group_names" + when: "inventory_hostname in groups[pacemaker_corosync_group]" - name: Installs pacemaker-remote package: @@ -26,7 +26,7 @@ state: present with_items: - pacemaker-remote - when: "'pacemaker_remote_group' in group_names" + when: "inventory_hostname in groups[pacemaker_remote_group]" - name: Install haveged package: From fbb04179eaa1767bb843e78ff5e0cc25d5786018 Mon Sep 17 00:00:00 2001 From: Michiel Piscaer Date: Fri, 21 Aug 2020 11:33:31 +0200 Subject: [PATCH 08/21] integrating pacemaker-remote --- handlers/main.yml | 2 -- templates/corosync.conf.j2 | 20 +++++++++++++++----- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index bdf43e0..af28150 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -5,5 +5,3 @@ enabled: yes with_items: - corosync - - pacemaker - - pacemaker-remote diff --git a/templates/corosync.conf.j2 b/templates/corosync.conf.j2 index 85a6aa7..381b5cd 100644 --- a/templates/corosync.conf.j2 +++ b/templates/corosync.conf.j2 @@ -1,4 +1,9 @@ -{% set _pacemaker_corosync_bind_addr = hostvars[inventory_hostname]['ansible_' + pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address %} +{% if inventory_hostname in groups[pacemaker_corosync_group] %} +{% set _pacemaker_corosync_bind_addr = hostvars[inventory_hostname]['ansible_eth1' | replace('-', '_')].ipv4.address %} +{% else %} +{% set _pacemaker_corosync_bind_addr = hostvars[inventory_hostname]['ansible_' + pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address %} +{% endif %} + totem { version: 2 cluster_name: {{ pacemaker_corosync_group }} @@ -28,16 +33,21 @@ quorum { {% if pacemaker_enable_nodelist|default(true) %} nodelist { -{% for node in groups[pacemaker_corosync_group]|sort %} + +{% for node in groups[pacemaker_remote_group]|sort + groups[pacemaker_corosync_group]|sort %} +{% if node in groups[pacemaker_corosync_group] %} +{% set _tmp_pacemaker_corosync_ring_interface = 'eth1' %} +{% else %} +{% set _tmp_pacemaker_corosync_ring_interface = pacemaker_corosync_ring_interface %} +{% endif %} node { - ring0_addr: {{ hostvars[node]['ansible_' + pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address }} + ring0_addr: {{ hostvars[node]['ansible_' + _tmp_pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address }} name: {{ pacemaker_corosync_fqdn | bool | ternary(hostvars[node].ansible_fqdn, node) }} nodeid: {{ loop.index }} } {% endfor %} -} {% endif %} - +} logging { to_logfile: {{ (pacemaker_corosync_use_logfile | bool) | ternary('yes', 'no') }} {% if pacemaker_corosync_use_logfile | bool %} From 8b005d960b203f3e06dc3e9656d6884bf108e12d Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Mon, 11 Jan 2021 18:13:07 +0200 Subject: [PATCH 09/21] Update ha repository name for CentOS 8 Since CentOS 8.3 repository name has changed from HighAvailability to just ha. We need to reflect this as well --- tasks/pacemaker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/pacemaker.yml b/tasks/pacemaker.yml index 14e1374..0a8e256 100644 --- a/tasks/pacemaker.yml +++ b/tasks/pacemaker.yml @@ -1,5 +1,5 @@ - name: Enable HighAvailability repository - command: yum-config-manager --enable HighAvailability + command: yum-config-manager --enable ha changed_when: false when: - ansible_os_family | lower == 'redhat' From 294be33795e8a8726c3885c9117f86e9b40b9f18 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Wed, 13 Jan 2021 11:01:50 +0200 Subject: [PATCH 10/21] Make pacemaker remote optional We added extra checks that pacemaker-remote group is defined. Also this adds extra variable pacemaker_remote_ring_interface that is used to determine IP address on the pacemaker remote hosts --- README.md | 1 + defaults/main.yml | 2 ++ tasks/pacemaker.yml | 4 +++- templates/corosync.conf.j2 | 20 ++++++++++---------- 4 files changed, 16 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index f439ba5..9288404 100644 --- a/README.md +++ b/README.md @@ -8,4 +8,5 @@ Deploys corosync/pacemaker - `pacemaker_corosync_group`: Ansible group name for corosync cluster (default: false, *mandatory*) - `pacemaker_remote_group`: Ansible group name for pacemaker-remote cluster (default: false, *mandatory*) - `pacemaker_corosync_ring_interface`: Interface to use for ring0 communications (default: false, *mandatory*) +- `pacemaker_remote_ring_interface`: Interface to use for ring0 communications on remote hosts (default: pacemaker_corosync_ring_interface) - `pacemaker_corosync_fqdn`: Whether use inventory_hostname or ansible_fqdn as node name for corosync (default: false) diff --git a/defaults/main.yml b/defaults/main.yml index 30238a7..2747b2d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,7 @@ pacemaker_corosync_fqdn: false pacemaker_corosync_group: false +pacemaker_remote_group: false pacemaker_corosync_ring_interface: false +pacemaker_remote_ring_interface: "{{ pacemaker_corosync_ring_interface }}" pacemaker_corosync_use_syslog: true pacemaker_corosync_use_logfile: false diff --git a/tasks/pacemaker.yml b/tasks/pacemaker.yml index a75e5cd..4853ec1 100644 --- a/tasks/pacemaker.yml +++ b/tasks/pacemaker.yml @@ -26,7 +26,9 @@ state: present with_items: - pacemaker-remote - when: "inventory_hostname in groups[pacemaker_remote_group]" + when: + - pacemaker_remote_group is defined and pacemaker_remote_group in groups + - "inventory_hostname in groups[pacemaker_remote_group]" - name: Install haveged package: diff --git a/templates/corosync.conf.j2 b/templates/corosync.conf.j2 index 381b5cd..db9e6c7 100644 --- a/templates/corosync.conf.j2 +++ b/templates/corosync.conf.j2 @@ -1,8 +1,8 @@ -{% if inventory_hostname in groups[pacemaker_corosync_group] %} -{% set _pacemaker_corosync_bind_addr = hostvars[inventory_hostname]['ansible_eth1' | replace('-', '_')].ipv4.address %} -{% else %} -{% set _pacemaker_corosync_bind_addr = hostvars[inventory_hostname]['ansible_' + pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address %} -{% endif %} +{% if inventory_hostname in groups[pacemaker_corosync_group] %} +{% set _pacemaker_corosync_bind_addr = hostvars[inventory_hostname]['ansible_' + pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address %} +{% elif pacemaker_remote_group in groups and inventory_hostname in groups[pacemaker_remote_group] %} +{% set _pacemaker_corosync_bind_addr = hostvars[inventory_hostname]['ansible_' + pacemaker_remote_ring_interface | replace('-', '_')].ipv4.address %} +{% endif %} totem { version: 2 @@ -34,14 +34,14 @@ quorum { {% if pacemaker_enable_nodelist|default(true) %} nodelist { -{% for node in groups[pacemaker_remote_group]|sort + groups[pacemaker_corosync_group]|sort %} +{% for node in (groups[pacemaker_remote_group] | default([]) + groups[pacemaker_corosync_group]) | sort %} {% if node in groups[pacemaker_corosync_group] %} -{% set _tmp_pacemaker_corosync_ring_interface = 'eth1' %} -{% else %} -{% set _tmp_pacemaker_corosync_ring_interface = pacemaker_corosync_ring_interface %} +{% set _pacemaker_corosync_ring_interface = pacemaker_corosync_ring_interface %} +{% elif pacemaker_remote_group in groups and inventory_hostname in groups[pacemaker_remote_group] %} +{% set _pacemaker_corosync_ring_interface = pacemaker_remote_ring_interface %} {% endif %} node { - ring0_addr: {{ hostvars[node]['ansible_' + _tmp_pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address }} + ring0_addr: {{ hostvars[node]['ansible_' + _pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address }} name: {{ pacemaker_corosync_fqdn | bool | ternary(hostvars[node].ansible_fqdn, node) }} nodeid: {{ loop.index }} } From 7d6626001fd3944bf22c86e1ffa460857c1783c2 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Wed, 13 Jan 2021 11:52:31 +0200 Subject: [PATCH 11/21] Add CI tests --- .travis.yml | 14 +++++ .yamllint.yml | 10 ++++ README.md | 2 +- defaults/main.yml | 8 +++ meta/main.yml | 10 ++-- molecule/default/cleanup.yml | 10 ++++ molecule/default/converge.yml | 44 ++++++++++++++ molecule/default/molecule.yml | 48 ++++++++++++++++ molecule/default/prepare.yml | 12 ++++ .../tests/pacemaker_corosync_local.yml | 4 ++ requirements.txt | 4 ++ tasks/main.yml | 2 + tasks/pacemaker.yml | 57 +++++++++++++++---- templates/corosync.conf.j2 | 2 +- vars/main.yml | 3 + 15 files changed, 213 insertions(+), 17 deletions(-) create mode 100644 .travis.yml create mode 100644 .yamllint.yml create mode 100644 molecule/default/cleanup.yml create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/prepare.yml create mode 100644 molecule/default/tests/pacemaker_corosync_local.yml create mode 100644 requirements.txt create mode 100644 vars/main.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..0f8129b --- /dev/null +++ b/.travis.yml @@ -0,0 +1,14 @@ +--- +os: linux +dist: bionic +language: python +services: + - docker + +install: + - pip install -r requirements.txt + +script: + - molecule --version + - ansible --version + - molecule test -s default diff --git a/.yamllint.yml b/.yamllint.yml new file mode 100644 index 0000000..b9b8fee --- /dev/null +++ b/.yamllint.yml @@ -0,0 +1,10 @@ +--- +rules: + truthy: + allowed-values: + - 'True' + - 'true' + - 'yes' + - 'False' + - 'false' + - 'no' diff --git a/README.md b/README.md index 9288404..b02ed2d 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ ansible-pacemaker-corosync role =============================== -Deploys corosync/pacemaker +Deploys corosync/pacemaker [![Build Status](https://travis-ci.org/noonedeadpunk/ansible-pacemaker-corosync.svg?branch=master)](https://travis-ci.org/noonedeadpunk/ansible-pacemaker-corosync) # Variables diff --git a/defaults/main.yml b/defaults/main.yml index 2747b2d..c52c311 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,3 +1,5 @@ +--- + pacemaker_corosync_fqdn: false pacemaker_corosync_group: false pacemaker_remote_group: false @@ -5,3 +7,9 @@ pacemaker_corosync_ring_interface: false pacemaker_remote_ring_interface: "{{ pacemaker_corosync_ring_interface }}" pacemaker_corosync_use_syslog: true pacemaker_corosync_use_logfile: false + + +# Centos EPEL repository options (for haveged) +pacemaker_corosync_haveged_enabled: True +pacemaker_corosync_centos_epel_mirror: "{{ centos_epel_mirror | default('http://download.fedoraproject.org/pub/epel') }}" +pacemaker_corosync_centos_epel_key: "{{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-' ~ ansible_distribution_major_version) }}" diff --git a/meta/main.yml b/meta/main.yml index 31b8182..a8d3281 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -9,8 +9,8 @@ galaxy_info: license: MIT min_ansible_version: 1.6 platforms: - - name: Ubuntu - versions: - - all - categories: - - system + - name: Ubuntu + versions: + - all + galaxy_tags: + - system diff --git a/molecule/default/cleanup.yml b/molecule/default/cleanup.yml new file mode 100644 index 0000000..37ec6ba --- /dev/null +++ b/molecule/default/cleanup.yml @@ -0,0 +1,10 @@ +--- +- name: Prepare molecule instance + hosts: all[0] + gather_facts: no + tasks: + - name: Create a network with custom IPAM config + delegate_to: localhost + community.general.docker_network: + name: pacemaker-network + state: absent diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..8b45cd2 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,44 @@ +--- +- name: Converge + hosts: all + tasks: + - name: Apt update and install rsync, ping, iproute + apt: + update_cache: yes + name: + - rsync + - inetutils-ping + - iproute2 + state: present + when: ansible_os_family == "Debian" + + - name: Yum install iproute to fix undefined ansible_default_ipv4.address + yum: + name: iproute + state: present + when: + - ansible_distribution == "CentOS" + - ansible_distribution_major_version == "7" + + - name: Add a container to a network, leaving existing containers connected + delegate_to: localhost + community.general.docker_network: + name: pacemaker-network + connected: + - "{{ inventory_hostname }}" + appends: yes + + - name: Re-collect network facts required after installation iproute + setup: + gather_subset: network + + - name: Show ansible_interfaces + debug: + var: ansible_interfaces + + - name: Include keepalived vars + include_vars: "tests/pacemaker_corosync_local.yml" + + - name: "Include ansible-pacemaker-corosync" + include_role: + name: "ansible-pacemaker-corosync" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..084d274 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,48 @@ +--- +lint: | + set -e + yamllint . + ansible-lint -vv --exclude=.tox -x 204,208,106 +dependency: + name: galaxy +driver: + name: docker +verifier: + name: ansible +provisioner: + name: ansible + options: + v: True + log: True +platforms: + - name: pacemaker-centos7 + image: diodonfrost/ansible-centos:7 + groups: + - corosync + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: pacemaker-centos8 + image: diodonfrost/ansible-centos:8 + groups: + - corosync + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: pacemaker-bionic + image: travisci/ubuntu-systemd:18.04 + groups: + - corosync + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: pacemaker-focal + image: travisci/ubuntu-systemd:20.04 + privileged: true + groups: + - corosync + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml new file mode 100644 index 0000000..382580f --- /dev/null +++ b/molecule/default/prepare.yml @@ -0,0 +1,12 @@ +--- +- name: Prepare molecule instance + hosts: all[0] + tasks: + - name: Create a network with custom IPAM config + delegate_to: localhost + community.general.docker_network: + name: pacemaker-network + ipam_config: + - subnet: 192.168.33.0/24 + gateway: 192.168.33.254 + iprange: 192.168.33.0/26 diff --git a/molecule/default/tests/pacemaker_corosync_local.yml b/molecule/default/tests/pacemaker_corosync_local.yml new file mode 100644 index 0000000..1e142b1 --- /dev/null +++ b/molecule/default/tests/pacemaker_corosync_local.yml @@ -0,0 +1,4 @@ +--- + +pacemaker_corosync_group: corosync +pacemaker_corosync_ring_interface: eth1 diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..c253c0e --- /dev/null +++ b/requirements.txt @@ -0,0 +1,4 @@ +ansible==2.10.5 +docker==4.4.1 +molecule[docker]==3.2.2 +ansible-lint==4.3.7 \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 31e2e8a..c5a928a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,2 +1,4 @@ +--- + - include: check_vars.yml tags=pacemaker,check - include: pacemaker.yml tags=pacemaker diff --git a/tasks/pacemaker.yml b/tasks/pacemaker.yml index 4853ec1..e80f91d 100644 --- a/tasks/pacemaker.yml +++ b/tasks/pacemaker.yml @@ -1,6 +1,10 @@ +--- + - name: Enable HighAvailability repository - command: yum-config-manager --enable ha + command: dnf config-manager --enable ha changed_when: false + args: + warn: false when: - ansible_os_family | lower == 'redhat' - ansible_distribution_major_version is version('8', '=') @@ -27,14 +31,47 @@ with_items: - pacemaker-remote when: - - pacemaker_remote_group is defined and pacemaker_remote_group in groups + - _pacemaker_remote_group_exists - "inventory_hostname in groups[pacemaker_remote_group]" +- name: Install EPEL repo for CentOS + block: + - name: Download EPEL gpg keys + get_url: + url: "{{ pacemaker_corosync_centos_epel_key }}" + dest: /etc/pki/rpm-gpg + register: _get_yum_keys + until: _get_yum_keys is success + retries: 5 + delay: 2 + + - name: Install EPEL gpg keys + rpm_key: + key: "/etc/pki/rpm-gpg/{{ pacemaker_corosync_centos_epel_key.split('/')[-1] }}" + state: present + + - name: Install the EPEL repository + yum_repository: + name: epel-haveged + baseurl: "{{ pacemaker_corosync_centos_epel_mirror ~ '/' ~ ansible_distribution_major_version ~ (ansible_distribution_major_version is version('8', '>=')) | ternary('/Everything/', '/') ~ ansible_architecture }}" + description: 'Extra Packages for Enterprise Linux {{ ansible_distribution_major_version }} - $basearch' + gpgcheck: yes + enabled: yes + state: present + includepkgs: "haveged" + register: install_epel_repo + until: install_epel_repo is success + retries: 5 + delay: 2 + when: + - pacemaker_corosync_haveged_enabled | bool + - ansible_os_family | lower == 'redhat' + - name: Install haveged package: name: haveged state: present - when: haveged_enabled | default(True) | bool + when: pacemaker_corosync_haveged_enabled | bool - name: Generates corosync key become: true @@ -43,15 +80,15 @@ args: creates: /etc/corosync/authkey when: inventory_hostname == groups[pacemaker_corosync_group][0] - register: __corosync_authkey_created notify: Restart corosync -- name: Generate tmpdir for authkey - local_action: - module: tempfile +- name: Generate tmpfile for authkey + tempfile: + state: file register: authkey_tempfile changed_when: False check_mode: no + delegate_to: localhost when: inventory_hostname != groups[pacemaker_corosync_group][0] - name: Fetch authkey for other nodes @@ -73,12 +110,12 @@ notify: Restart corosync - name: Clean up tmpdir - local_action: - module: file + file: path: "{{ authkey_tempfile.path }}" state: "absent" changed_when: False check_mode: no + delegate_to: localhost when: inventory_hostname != groups[pacemaker_corosync_group][0] - name: Chowns authkeys @@ -125,7 +162,7 @@ - name: Adds ferm filtering template: - src: "../templates/ferm.j2" + src: "ferm.j2" dest: /etc/ferm/filter-input.d/60_corosync.conf when: ferm_enabled | default(false) tags: ferm diff --git a/templates/corosync.conf.j2 b/templates/corosync.conf.j2 index db9e6c7..6d95427 100644 --- a/templates/corosync.conf.j2 +++ b/templates/corosync.conf.j2 @@ -34,7 +34,7 @@ quorum { {% if pacemaker_enable_nodelist|default(true) %} nodelist { -{% for node in (groups[pacemaker_remote_group] | default([]) + groups[pacemaker_corosync_group]) | sort %} +{% for node in (_pacemaker_remote_group_exists | ternary(groups[pacemaker_remote_group], []) + groups[pacemaker_corosync_group]) | sort %} {% if node in groups[pacemaker_corosync_group] %} {% set _pacemaker_corosync_ring_interface = pacemaker_corosync_ring_interface %} {% elif pacemaker_remote_group in groups and inventory_hostname in groups[pacemaker_remote_group] %} diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..93acd5e --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,3 @@ +--- + +_pacemaker_remote_group_exists: "{{ (pacemaker_remote_group is defined and pacemaker_remote_group in groups) }}" \ No newline at end of file From 7b64a5feb5dfae6110e2d3a57013968b0187f95e Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Wed, 13 Jan 2021 16:07:42 +0200 Subject: [PATCH 12/21] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b02ed2d..0c812df 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ -ansible-pacemaker-corosync role +ansible-pacemaker-corosync role [![Build Status](https://travis-ci.org/noonedeadpunk/ansible-pacemaker-corosync.svg?branch=master)](https://travis-ci.org/noonedeadpunk/ansible-pacemaker-corosync) =============================== -Deploys corosync/pacemaker [![Build Status](https://travis-ci.org/noonedeadpunk/ansible-pacemaker-corosync.svg?branch=master)](https://travis-ci.org/noonedeadpunk/ansible-pacemaker-corosync) +Deploys corosync/pacemaker # Variables From 70d3c59efea4c3080fa66aeef75eadd0a032a83e Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Wed, 13 Jan 2021 16:42:55 +0200 Subject: [PATCH 13/21] Reflect repo rename --- README.md | 4 ++-- examples/play.yml | 7 +++++++ meta/main.yml | 14 ++++++++++---- molecule/default/converge.yml | 4 ++-- molecule/default/molecule.yml | 2 +- 5 files changed, 22 insertions(+), 9 deletions(-) create mode 100644 examples/play.yml diff --git a/README.md b/README.md index 0c812df..ae57787 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ -ansible-pacemaker-corosync role [![Build Status](https://travis-ci.org/noonedeadpunk/ansible-pacemaker-corosync.svg?branch=master)](https://travis-ci.org/noonedeadpunk/ansible-pacemaker-corosync) +ansible-role-pacemaker_corosync [![Build Status](https://travis-ci.org/noonedeadpunk/ansible-role-pacemaker_corosync.svg?branch=master)](https://travis-ci.org/noonedeadpunk/ansible-role-pacemaker_corosync) =============================== -Deploys corosync/pacemaker +Deploys corosync/pacemaker # Variables diff --git a/examples/play.yml b/examples/play.yml new file mode 100644 index 0000000..64636f6 --- /dev/null +++ b/examples/play.yml @@ -0,0 +1,7 @@ +--- + +- name: Install pacemaker-corosync + hosts: "{{ pacemaker_corosync_group }}" + become: true + roles: + - pacemaker_corosync diff --git a/meta/main.yml b/meta/main.yml index a8d3281..cf28bd2 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -3,14 +3,20 @@ dependencies: [] galaxy_info: - author: Michel Blanc + author: Dmitriy Rabotyagov company: ACME Corp - description: ansible-pacemaker-corosync role + role_name: pacemaker_corosync + description: Deploys pacemaker and corosync stack. license: MIT - min_ansible_version: 1.6 + min_ansible_version: 2.6 platforms: - name: Ubuntu versions: - - all + - bionic + - focal + - name: EL + versions: + - 7 + - 8 galaxy_tags: - system diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 8b45cd2..4414306 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -39,6 +39,6 @@ - name: Include keepalived vars include_vars: "tests/pacemaker_corosync_local.yml" - - name: "Include ansible-pacemaker-corosync" + - name: "Include ansible-role-pacemaker-corosync" include_role: - name: "ansible-pacemaker-corosync" + name: "ansible-role-pacemaker_corosync" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 084d274..31c52ca 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -2,7 +2,7 @@ lint: | set -e yamllint . - ansible-lint -vv --exclude=.tox -x 204,208,106 + ansible-lint -vv --exclude=.tox -x 204,208 dependency: name: galaxy driver: From 46503a2b813b771f39a12a1096349d4373db0332 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Wed, 15 Jun 2022 14:07:17 +0200 Subject: [PATCH 14/21] Add testing using GitHub Actions --- .cache/roles/noonedeadpunk.pacemaker_corosync | 1 + .github/workflows/main.yml | 52 ++++++++++++++ .travis.yml | 14 ---- .yamllint.yml | 4 ++ README.md | 3 +- meta/main.yml | 1 + molecule/default/converge.yml | 69 +++++++++---------- molecule/default/molecule.yml | 34 ++------- tasks/pacemaker.yml | 3 + test-requirements.txt | 7 ++ test-requirements.yml | 5 ++ vars/main.yml | 2 +- 12 files changed, 114 insertions(+), 81 deletions(-) create mode 120000 .cache/roles/noonedeadpunk.pacemaker_corosync create mode 100644 .github/workflows/main.yml delete mode 100644 .travis.yml create mode 100644 test-requirements.txt create mode 100644 test-requirements.yml diff --git a/.cache/roles/noonedeadpunk.pacemaker_corosync b/.cache/roles/noonedeadpunk.pacemaker_corosync new file mode 120000 index 0000000..c25bddb --- /dev/null +++ b/.cache/roles/noonedeadpunk.pacemaker_corosync @@ -0,0 +1 @@ +../.. \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..91133cf --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,52 @@ +name: Molecule + +on: + push: + branches: + - master + pull_request: + branches: + - master + +jobs: + molecule: + runs-on: ubuntu-latest + strategy: + max-parallel: 4 + fail-fast: false + matrix: + scenario: + - centos-systemd:stream8 + - centos-systemd:stream9 + - debian-systemd:11 + - ubuntu-systemd:20.04 + - ubuntu-systemd:22.04 + python-version: + - 3.8 + ansible-version: + - 2.12.6 + + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + path: "${{ github.repository }}" + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v3 + with: + python-version: ${{ matrix.python-version }} + - name: Install dependencies + run: | + python3 -m pip install --upgrade pip + python3 -m pip install -r ${{ github.repository }}/test-requirements.txt + - name: Install ansible + run: | + python3 -m pip install ansible-core==${{ matrix.ansible-version }} + - name: Install ansible collections + run: | + ansible-galaxy install -r ${{ github.repository }}/test-requirements.yml + - name: Test with molecule + run: | + cd ${{ github.repository }} + export docker_image_tag="${{ matrix.scenario }}" + python3 -m molecule test diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 0f8129b..0000000 --- a/.travis.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -os: linux -dist: bionic -language: python -services: - - docker - -install: - - pip install -r requirements.txt - -script: - - molecule --version - - ansible --version - - molecule test -s default diff --git a/.yamllint.yml b/.yamllint.yml index b9b8fee..45a219b 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -1,5 +1,6 @@ --- rules: + line-length: disable truthy: allowed-values: - 'True' @@ -8,3 +9,6 @@ rules: - 'False' - 'false' - 'no' + +ignore: | + .github/ diff --git a/README.md b/README.md index ae57787..c0c48e4 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ -ansible-role-pacemaker_corosync [![Build Status](https://travis-ci.org/noonedeadpunk/ansible-role-pacemaker_corosync.svg?branch=master)](https://travis-ci.org/noonedeadpunk/ansible-role-pacemaker_corosync) +ansible-role-pacemaker_corosync [![Build Status](https://github.com/noonedeadpunk/ansible-pacemaker-corosync/actions/workflows/main.yml/badge.svg?branch=master)] + =============================== Deploys corosync/pacemaker diff --git a/meta/main.yml b/meta/main.yml index cf28bd2..86463e1 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -5,6 +5,7 @@ dependencies: [] galaxy_info: author: Dmitriy Rabotyagov company: ACME Corp + namespace: noonedeadpunk role_name: pacemaker_corosync description: Deploys pacemaker and corosync stack. license: MIT diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 4414306..fd4eb76 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,44 +1,41 @@ --- - name: Converge hosts: all - tasks: - - name: Apt update and install rsync, ping, iproute - apt: - update_cache: yes - name: - - rsync - - inetutils-ping - - iproute2 - state: present - when: ansible_os_family == "Debian" + vars_files: + - "tests/pacemaker_corosync_local.yml" + pre_tasks: + - name: Apt update and install rsync, ping, iproute + apt: + update_cache: yes + name: + - rsync + - inetutils-ping + - iproute2 + state: present + when: ansible_os_family == "Debian" - - name: Yum install iproute to fix undefined ansible_default_ipv4.address - yum: - name: iproute - state: present - when: - - ansible_distribution == "CentOS" - - ansible_distribution_major_version == "7" + - name: Yum install iproute to fix undefined ansible_default_ipv4.address + yum: + name: iproute + state: present + when: + - ansible_distribution == "CentOS" - - name: Add a container to a network, leaving existing containers connected - delegate_to: localhost - community.general.docker_network: - name: pacemaker-network - connected: - - "{{ inventory_hostname }}" - appends: yes + - name: Add a container to a network, leaving existing containers connected + delegate_to: localhost + community.general.docker_network: + name: pacemaker-network + connected: + - "{{ inventory_hostname }}" + appends: yes - - name: Re-collect network facts required after installation iproute - setup: - gather_subset: network + - name: Re-collect network facts required after installation iproute + setup: + gather_subset: network - - name: Show ansible_interfaces - debug: - var: ansible_interfaces + - name: Show ansible_interfaces + debug: + var: ansible_interfaces - - name: Include keepalived vars - include_vars: "tests/pacemaker_corosync_local.yml" - - - name: "Include ansible-role-pacemaker-corosync" - include_role: - name: "ansible-role-pacemaker_corosync" + roles: + - role: "{{ playbook_dir | dirname | dirname | basename }}" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 31c52ca..f173959 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -2,7 +2,7 @@ lint: | set -e yamllint . - ansible-lint -vv --exclude=.tox -x 204,208 + ansible-lint -vv --exclude=.tox --exclude=molecule/default/converge.yml -x 204,208 dependency: name: galaxy driver: @@ -15,34 +15,10 @@ provisioner: v: True log: True platforms: - - name: pacemaker-centos7 - image: diodonfrost/ansible-centos:7 + - name: pacemaker + image: "${docker_user:-quay.io/gotmax23}/${docker_image_tag:-ubuntu-systemd:focal}" + command: "" + pre_build_image: true groups: - corosync privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: pacemaker-centos8 - image: diodonfrost/ansible-centos:8 - groups: - - corosync - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: pacemaker-bionic - image: travisci/ubuntu-systemd:18.04 - groups: - - corosync - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - - name: pacemaker-focal - image: travisci/ubuntu-systemd:20.04 - privileged: true - groups: - - corosync - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro diff --git a/tasks/pacemaker.yml b/tasks/pacemaker.yml index e80f91d..8d806fe 100644 --- a/tasks/pacemaker.yml +++ b/tasks/pacemaker.yml @@ -137,6 +137,7 @@ file: path: /var/log/corosync state: directory + mode: "0775" when: pacemaker_corosync_use_logfile | bool - name: Adds logrotate config for corosync @@ -151,6 +152,7 @@ file: path: /etc/corosync/service.d/ state: directory + mode: "0755" - name: Adds pacemaker service copy: @@ -164,6 +166,7 @@ template: src: "ferm.j2" dest: /etc/ferm/filter-input.d/60_corosync.conf + mode: "0640" when: ferm_enabled | default(false) tags: ferm notify: Restart ferm diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100644 index 0000000..4b8f706 --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1,7 @@ +bashate>=0.2 # Apache-2.0 +flake8<2.6.0,>=2.5.4 # MIT +docker==5.0.3 +molecule==3.6.1 +molecule-docker==1.1.0 +ansible-lint==5.0.10 +rich>=9.5.1,<11.0.0 diff --git a/test-requirements.yml b/test-requirements.yml new file mode 100644 index 0000000..f3ad811 --- /dev/null +++ b/test-requirements.yml @@ -0,0 +1,5 @@ +--- +collections: + - community.general + - community.docker + - ansible.netcommon diff --git a/vars/main.yml b/vars/main.yml index 93acd5e..dbc45f0 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,3 +1,3 @@ --- -_pacemaker_remote_group_exists: "{{ (pacemaker_remote_group is defined and pacemaker_remote_group in groups) }}" \ No newline at end of file +_pacemaker_remote_group_exists: "{{ (pacemaker_remote_group is defined and pacemaker_remote_group in groups) }}" From 90b5fb43fc49b7dbc2e35d236597cfd7ddd174da Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Wed, 15 Jun 2022 14:25:52 +0100 Subject: [PATCH 15/21] Add compatibility with centos-9 --- tasks/pacemaker.yml | 11 +++++++++-- vars/main.yml | 4 ++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/tasks/pacemaker.yml b/tasks/pacemaker.yml index 8d806fe..75bc9a9 100644 --- a/tasks/pacemaker.yml +++ b/tasks/pacemaker.yml @@ -1,13 +1,20 @@ --- +- name: Ensure config-manager is present for dnf + package: + name: dnf-plugins-core + state: present + when: + - ansible_os_family | lower == 'redhat' + - ansible_distribution_major_version is version('8', '>=') + - name: Enable HighAvailability repository - command: dnf config-manager --enable ha + command: "dnf config-manager --enable {{ _centos_ha_repo_name[ansible_facts['distribution_major_version']] }}" changed_when: false args: warn: false when: - ansible_os_family | lower == 'redhat' - - ansible_distribution_major_version is version('8', '=') - name: Installs corosync package: diff --git a/vars/main.yml b/vars/main.yml index dbc45f0..1fc549d 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,3 +1,7 @@ --- _pacemaker_remote_group_exists: "{{ (pacemaker_remote_group is defined and pacemaker_remote_group in groups) }}" + +_centos_ha_repo_name: + '8': ha + '9': highavailability From 855e21f42cac99dced3417395a0d2f37120830c0 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Mon, 10 Apr 2023 18:44:57 +0200 Subject: [PATCH 16/21] Remove usage of fact variables Instead of using fact variables we're accessing ansible_facts dictionary This is useful for cases when role is used with disabled ANSIBLE_INJECT_FACT_VARS, which improves ansible performance. --- defaults/main.yml | 2 +- tasks/pacemaker.yml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index c52c311..fb4be33 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -12,4 +12,4 @@ pacemaker_corosync_use_logfile: false # Centos EPEL repository options (for haveged) pacemaker_corosync_haveged_enabled: True pacemaker_corosync_centos_epel_mirror: "{{ centos_epel_mirror | default('http://download.fedoraproject.org/pub/epel') }}" -pacemaker_corosync_centos_epel_key: "{{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-' ~ ansible_distribution_major_version) }}" +pacemaker_corosync_centos_epel_key: "{{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-' ~ ansible_facts['distribution_major_version']) }}" diff --git a/tasks/pacemaker.yml b/tasks/pacemaker.yml index 75bc9a9..be5fb85 100644 --- a/tasks/pacemaker.yml +++ b/tasks/pacemaker.yml @@ -5,8 +5,8 @@ name: dnf-plugins-core state: present when: - - ansible_os_family | lower == 'redhat' - - ansible_distribution_major_version is version('8', '>=') + - ansible_facts['os_family'] | lower == 'redhat' + - ansible_facts['distribution_major_version'] is version('8', '>=') - name: Enable HighAvailability repository command: "dnf config-manager --enable {{ _centos_ha_repo_name[ansible_facts['distribution_major_version']] }}" @@ -14,7 +14,7 @@ args: warn: false when: - - ansible_os_family | lower == 'redhat' + - ansible_facts['os_family'] | lower == 'redhat' - name: Installs corosync package: @@ -60,8 +60,8 @@ - name: Install the EPEL repository yum_repository: name: epel-haveged - baseurl: "{{ pacemaker_corosync_centos_epel_mirror ~ '/' ~ ansible_distribution_major_version ~ (ansible_distribution_major_version is version('8', '>=')) | ternary('/Everything/', '/') ~ ansible_architecture }}" - description: 'Extra Packages for Enterprise Linux {{ ansible_distribution_major_version }} - $basearch' + baseurl: "{{ pacemaker_corosync_centos_epel_mirror ~ '/' ~ ansible_facts['distribution_major_version'] ~ (ansible_facts['distribution_major_version'] is version('8', '>=')) | ternary('/Everything/', '/') ~ ansible_facts['architecture'] }}" + description: "Extra Packages for Enterprise Linux {{ ansible_facts['distribution_major_version'] }} - $basearch" gpgcheck: yes enabled: yes state: present @@ -72,7 +72,7 @@ delay: 2 when: - pacemaker_corosync_haveged_enabled | bool - - ansible_os_family | lower == 'redhat' + - ansible_facts['os_family'] | lower == 'redhat' - name: Install haveged package: From 0d0313b53f1d257e094cbb2a35fadb436673757a Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Mon, 10 Apr 2023 19:05:40 +0200 Subject: [PATCH 17/21] Remove CentOS 8 Stream testing At the moment there's an issue with systemd in CentOS 8 image that prevents ansible to run properly against it. --- .github/workflows/main.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 91133cf..4c84c31 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -16,11 +16,14 @@ jobs: fail-fast: false matrix: scenario: - - centos-systemd:stream8 - - centos-systemd:stream9 - - debian-systemd:11 - - ubuntu-systemd:20.04 - - ubuntu-systemd:22.04 + - tag: centos-systemd:stream9 + user: quay.io/gotmax23 + - tag: debian-systemd:11 + user: quay.io/gotmax23 + - tag: ubuntu-systemd:20.04 + user: quay.io/gotmax23 + - tag: ubuntu-systemd:22.04 + user: quay.io/gotmax23 python-version: - 3.8 ansible-version: @@ -48,5 +51,6 @@ jobs: - name: Test with molecule run: | cd ${{ github.repository }} - export docker_image_tag="${{ matrix.scenario }}" + export docker_image_tag="${{ matrix.scenario.tag }}" + export docker_user="${{ matrix.scenario.user }}" python3 -m molecule test From a0be973cc09cb59e5ab014bee5c3daa06e9fae81 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Tue, 11 Apr 2023 10:39:45 +0200 Subject: [PATCH 18/21] Test molecule with disabled inject_facts_as_vars Since we aim to support disabled inject_facts_as_vars we should test that with molecule. --- molecule/default/converge.yml | 6 +++--- molecule/default/molecule.yml | 3 +++ templates/corosync.conf.j2 | 8 ++++---- templates/ferm.j2 | 4 ++-- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index fd4eb76..2262dc1 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -12,14 +12,14 @@ - inetutils-ping - iproute2 state: present - when: ansible_os_family == "Debian" + when: ansible_facts['os_family'] == "Debian" - name: Yum install iproute to fix undefined ansible_default_ipv4.address yum: name: iproute state: present when: - - ansible_distribution == "CentOS" + - ansible_facts['distribution'] == "CentOS" - name: Add a container to a network, leaving existing containers connected delegate_to: localhost @@ -35,7 +35,7 @@ - name: Show ansible_interfaces debug: - var: ansible_interfaces + var: ansible_facts['interfaces'] roles: - role: "{{ playbook_dir | dirname | dirname | basename }}" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index f173959..c25014b 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -14,6 +14,9 @@ provisioner: options: v: True log: True + config_options: + defaults: + inject_facts_as_vars: false platforms: - name: pacemaker image: "${docker_user:-quay.io/gotmax23}/${docker_image_tag:-ubuntu-systemd:focal}" diff --git a/templates/corosync.conf.j2 b/templates/corosync.conf.j2 index 6d95427..7ab2a59 100644 --- a/templates/corosync.conf.j2 +++ b/templates/corosync.conf.j2 @@ -1,7 +1,7 @@ {% if inventory_hostname in groups[pacemaker_corosync_group] %} -{% set _pacemaker_corosync_bind_addr = hostvars[inventory_hostname]['ansible_' + pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address %} +{% set _pacemaker_corosync_bind_addr = ansible_facts[pacemaker_corosync_ring_interface | replace('-', '_')]['ipv4']['address'] %} {% elif pacemaker_remote_group in groups and inventory_hostname in groups[pacemaker_remote_group] %} -{% set _pacemaker_corosync_bind_addr = hostvars[inventory_hostname]['ansible_' + pacemaker_remote_ring_interface | replace('-', '_')].ipv4.address %} +{% set _pacemaker_corosync_bind_addr = ansible_facts[pacemaker_remote_ring_interface | replace('-', '_')]['ipv4']['address'] %} {% endif %} totem { @@ -41,8 +41,8 @@ nodelist { {% set _pacemaker_corosync_ring_interface = pacemaker_remote_ring_interface %} {% endif %} node { - ring0_addr: {{ hostvars[node]['ansible_' + _pacemaker_corosync_ring_interface | replace('-', '_')].ipv4.address }} - name: {{ pacemaker_corosync_fqdn | bool | ternary(hostvars[node].ansible_fqdn, node) }} + ring0_addr: {{ hostvars[node]['ansible_facts'][_pacemaker_corosync_ring_interface | replace('-', '_')]['ipv4']['address'] }} + name: {{ pacemaker_corosync_fqdn | bool | ternary(hostvars[node]['ansible_facts']['fqdn'], node) }} nodeid: {{ loop.index }} } {% endfor %} diff --git a/templates/ferm.j2 b/templates/ferm.j2 index d38112d..8c8ed4d 100644 --- a/templates/ferm.j2 +++ b/templates/ferm.j2 @@ -1,10 +1,10 @@ {% set cluster_members = [] -%} {%- for node in groups[pacemaker_corosync_group] %} - {%- set _ = cluster_members.append(hostvars[node]['ansible_' + pacemaker_corosync_ring_interface].ipv4.address) -%} + {%- set _ = cluster_members.append(ansible_facts[pacemaker_corosync_ring_interface]['ipv4']['address']) -%} {% endfor -%} # Allow access to cluster members protocol udp dport (5404 5405 5406) { - @def $ITEMS = ( @ipfilter( ( {{ cluster_members | unique | join(" ") }} ) ) + @def $ITEMS = ( @ipfilter( ( {{ cluster_members | unique | join(" ") }} ) ) ); saddr $ITEMS ACCEPT; } From 8218da4e0b0ea14aceae091782c83c588cc8139e Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Fri, 20 Oct 2023 14:25:11 +0200 Subject: [PATCH 19/21] Drop `warn` from command args warn argument is not valid for the command module and causes newer ansible to hard fail on it. --- tasks/pacemaker.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/tasks/pacemaker.yml b/tasks/pacemaker.yml index be5fb85..7890d8c 100644 --- a/tasks/pacemaker.yml +++ b/tasks/pacemaker.yml @@ -11,8 +11,6 @@ - name: Enable HighAvailability repository command: "dnf config-manager --enable {{ _centos_ha_repo_name[ansible_facts['distribution_major_version']] }}" changed_when: false - args: - warn: false when: - ansible_facts['os_family'] | lower == 'redhat' From c47c5daeeffaa7da5e5a1d40e78ec8059000e873 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Fri, 14 Jun 2024 10:47:05 +0200 Subject: [PATCH 20/21] Update testing stack for the role This ensures role is executable with latest Ansible version. --- .github/workflows/main.yml | 7 ++++--- tasks/main.yml | 12 ++++++++++-- test-requirements.txt | 11 ++++++----- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4c84c31..0e0df1f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -18,16 +18,17 @@ jobs: scenario: - tag: centos-systemd:stream9 user: quay.io/gotmax23 - - tag: debian-systemd:11 + - tag: debian-systemd:12 user: quay.io/gotmax23 - tag: ubuntu-systemd:20.04 user: quay.io/gotmax23 - tag: ubuntu-systemd:22.04 user: quay.io/gotmax23 python-version: - - 3.8 + - "3.10" ansible-version: - - 2.12.6 + - 2.12.10 + - 2.17.0 steps: - name: Checkout diff --git a/tasks/main.yml b/tasks/main.yml index c5a928a..ae8b141 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,12 @@ --- -- include: check_vars.yml tags=pacemaker,check -- include: pacemaker.yml tags=pacemaker +- name: Importing variables check + import_tasks: check_vars.yml + tags: + - pacemaker + - check + +- name: Importing pacemaker tasks + import_tasks: pacemaker.yml + tags: + - pacemaker diff --git a/test-requirements.txt b/test-requirements.txt index 4b8f706..41cc93c 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,7 +1,8 @@ bashate>=0.2 # Apache-2.0 flake8<2.6.0,>=2.5.4 # MIT -docker==5.0.3 -molecule==3.6.1 -molecule-docker==1.1.0 -ansible-lint==5.0.10 -rich>=9.5.1,<11.0.0 +docker<=7.0.0 +molecule==5.1.0 +molecule-plugins==23.5.0 +ansible-lint==6.19.0 +rich>=9.5.1,<13.5.0 +requests<=2.31.0 From f05132b5334dfec0414bb82c4e6f015cf64907b5 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Fri, 14 Jun 2024 12:00:49 +0200 Subject: [PATCH 21/21] Delete .cache folder from the repo --- .cache/roles/noonedeadpunk.pacemaker_corosync | 1 - .gitignore | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) delete mode 120000 .cache/roles/noonedeadpunk.pacemaker_corosync diff --git a/.cache/roles/noonedeadpunk.pacemaker_corosync b/.cache/roles/noonedeadpunk.pacemaker_corosync deleted file mode 120000 index c25bddb..0000000 --- a/.cache/roles/noonedeadpunk.pacemaker_corosync +++ /dev/null @@ -1 +0,0 @@ -../.. \ No newline at end of file diff --git a/.gitignore b/.gitignore index 6fc3bc5..7778366 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ .vagrant vagrant - +.cache