Releases: linux-system-roles/ha_cluster
additional fix password_hash salt length (#47)
additional fix password_hash salt length (#47)
To make sure the string is strictly truncated at the given length,
use python style syntax instead of "truncate".
[citest skip] bump tox-lsr version to 2.11.0; remove py37; add py310 (#48)
tox-lsr version 2.11.0 has support for collection-requirements.yml,
runqemu improvements, and support for python 3.10
python 3.7 is not used on any supported platform, so remove it
Signed-off-by: Rich Megginson rmeggins@redhat.com
# add support for configuring bundle resources
add support for configuring bundle resources
disable cluster uuid
test: fix corosync.conf assert for older pcs versions
test: update for new resource config output format
install resource-agents explicitly
previously, resource-agents package was installed implicitly as
a dependency
support gather_facts: false; support setup-snapshot.yml
Some users use gather_facts: false in their playbooks. This changes
the role to work in that case, by gathering only the facts it requires
to run.
CI testing can be sped up by creating a snapshot image pre-installed
with packages. tests/setup-snapshot.yml can be used by a CI system
to do this.
add support for advanced corosync configuration
add support for advanced corosync configuration
see README for new corosync options
Add support for SBD
Add support for SBD
- add support for configuring delay-start, timeout-action, watchdog
and watchdog-timeout - add possibility to configure different SBD devices for each node
- drop softdog module due to software watchdog being unsupported
- fix auto_tie_breaker configuration
- install SBD packages
- make the sbd configuring part of the role run properly even if run
on an existing cluster- properly enable or disable SBD service
- restart cluster if SBD configuration changed
- set stonith-watchdog-timeout cluster property
fix purging CIB
Cluster property 'stonith-watchdog-timeout' is now fully managed
by the role in tasks/sbd.yml file. Therefore, it should not be
removed when purging CIB.
fix roles in constraints tests
As a side-effect of resetting stonith-watchdog-timeout cluster property
when (de)configuring SBD, pcs may create an empty CIB file. To ensure
compatibility with all pacemaker versions, the CIB is set to comply with
the lowest schema version shipped with pacemaker 2.0.0. This schema
doesn't support new role names. Therefore, even with the most recent pcs
and pacemaker, legacy roles may be stored in CIB.
fix default pcsd permissions
fix default pcsd permissions
Previously, permissions were set for 'hacluster' group.
Correct name of the group is 'haclient'.
Add support for resource constraints - remove recursive symlink in tests/roles
update tox-lsr version to 2.8.0 (#32)
update tox-lsr version to 2.8.0
New version adds check for proper commenting of the ansible_managed var
Signed-off-by: Sergei Petrosian spetrosi@redhat.com
add constraint configuration
add doubledash to pcs commands
fixes for various pcs versions
tests verbosity has been increased so that it is easier to see
differences between expected and real output
fix loop_var
move score from constraint to constraint options
translate new role values to old ones in constraints
remove unused 'pcs-0.10' suffix
add Fedora tmp files to .gitignore
minor fixes
add documentation and examples
replace if-else with ternary to simplify code
add 'changed_when: no' to command tasks in tests
replace eq with match to support jinja 2.7
work around installing openssl in tests
change recursive role symlink to individual role dir symlinks
Signed-off-by: Rich Megginson rmeggins@redhat.com
bump tox-lsr version to 2.8.3 (#35)
Signed-off-by: Rich Megginson rmeggins@redhat.com
test with ansible 2.12; fix linter issues
fix ansible-lint issues
support python 39, ansible-core 2.12, ansible-plugin-scan
update tox-lsr version to 2.7.1
update the tox-lsr version used in github actions tox CI
to 2.7.1
The only difference between this an 2.7.0 is that Ansible 2.12
is now GA.
Signed-off-by: Rich Megginson rmeggins@redhat.com
Suppor ansible-core; fix password_hash salt length
use tox-lsr version 2.5.1
This version removes support for molecule until we can figure out
what to do about molecule. This should make all of the tox tests
pass (except for python 2.6).
Signed-off-by: Rich Megginson rmeggins@redhat.com
fix password_hash salt length
Ansible 2.11 has strict checking for password_hash salt length.
If the given salt length is not equal to, or greater than, the
salt length for the hash algorithm (depending on the algorithm, the
salt length must be equal, or less than), Ansible will emit an
error like "invalid salt size". To fix this, use the truncate
filter to ensure the salt length is not too long.
Use the openssl command-line interface instead of the openssl module
in the test helper task tests/tasks/fixture_psks.yml.
This is to avoid using the non ansible-core module.
use apt-get install -y
Signed-off-by: Rich Megginson rmeggins@redhat.com
replace rhsm_repository with subscription-manager cli
The rhsm_repository module is not supported by ansible-core, so
use the subscription-manager cli instead.
use firewall-cmd instead of firewalld module
drop support for ansible 2.8
Drop support for Ansible 2.8 by bumping the Ansible version to 2.9
min_ansible_version is now 2.9
Bug 1989197 - drop support for Ansible 2.8
https://bugzilla.redhat.com/show_bug.cgi?id=1989197
add pacemaker cluster properties configuration
add pacemaker cluster properties configuration
Add support for ha_cluster_cluster_properties which is used
to set cluster-wide configuration.
See the README for details and examples.
do not fail if openssl is not installed
OpenSSL is used in the role and automated tests to generate random
preshared keys. Previously, OpenSSL was a dependency of pcs. That is no
longer the case since pcs-0.10.8-2.
In the role, keys are no longer generated on the controller, so the role
does not install OpenSSL there. Instead, preshared keys are now
generated on target nodes and the role newly ensures OpenSSL is installed on
target nodes.
In tests, OpenSSL is needed on the controller to test cases when
preshared keys are distributed from the controller. Tests ensure OpenSSL
is installed on the controller.