├── .gitignore ├── 00-download.yml ├── 10-pacemaker-install.yml ├── 11-pacemaker-tools-enable.yml ├── 12-pacemaker-stonith-install.yml ├── 20-pacemaker-start.yml ├── 30-pacemaker-stop.yml ├── 80-test-link-disconnect.yml ├── 81-test-link-reconnect.yml ├── 98-pacemaker-tools-disable.yml ├── 99-pacemaker-uninstall.yml ├── Makefile ├── README.md ├── ansible.cfg.sample ├── dev ├── 01-backup-config.yml ├── 08-clean-backup-files.yml └── 09-restore-config.yml ├── inventories ├── hosts-sample-pm_logconv.yml ├── hosts-sample-udpu.yml └── hosts-sample.yml └── roles ├── common └── handlers │ └── main.yml ├── pacemaker-init-cib └── tasks │ └── main.yml ├── pacemaker-install ├── files │ └── .keep ├── tasks │ ├── config-centos.yml │ ├── config-rhel6.yml │ ├── config-rhel7.yml │ ├── corosync-config.yml │ ├── main.yml │ └── pacemaker-install.yml └── templates │ ├── corosync.conf-udpu.j2 │ └── corosync.conf.j2 ├── pacemaker-start-wait └── tasks │ └── main.yml ├── pacemaker-start └── tasks │ ├── main.yml │ ├── start-service-rhel6.yml │ └── start-service-rhel7.yml ├── pacemaker-stonith-install └── tasks │ └── main.yml ├── pacemaker-stop └── tasks │ ├── main.yml │ ├── stop-service-rhel6.yml │ └── stop-service-rhel7.yml ├── pacemaker-tools-disable └── tasks │ ├── main.yml │ ├── rsyslog-unconfig-rhel6.yml │ ├── rsyslog-unconfig-rhel7.yml │ ├── tools-disable-rhel6.yml │ └── tools-disable-rhel7.yml ├── pacemaker-tools-enable └── tasks │ ├── main.yml │ ├── rsyslog-config-rhel6.yml │ ├── rsyslog-config-rhel7.yml │ ├── tools-config.yml │ ├── tools-enable-rhel6.yml │ └── tools-enable-rhel7.yml ├── pacemaker-uninstall └── tasks │ ├── main.yml │ ├── pacemaker-uninstall.yml │ ├── unconfig-rhel7.yml │ └── yum-repo-erase-centos.yml ├── test-link-disconnect └── tasks │ ├── firewalld.yml │ ├── iptables.yml │ └── main.yml └── test-link-reconnect └── tasks ├── firewalld.yml ├── iptables.yml └── main.yml /.gitignore: -------------------------------------------------------------------------------- 1 | *.rpm 2 | *~ 3 | *.retry 4 | ansible.cfg 5 | -------------------------------------------------------------------------------- /00-download.yml: -------------------------------------------------------------------------------- 1 | - hosts: localhost 2 | 3 | tasks: 4 | - name: Download pacemaker-repo-1.1 5 | get_url: 6 | url="https://osdn.net/frs/redir.php?m=iij&f=%2Flinux-ha%2F{{item.rev}}%2F{{item.package}}" 7 | dest=./roles/pacemaker-install/files/ 8 | timeout=20 9 | with_items: 10 | - { rev: 71663, package: pacemaker-repo-1.1.21-1.1.el7.x86_64.rpm } 11 | - { rev: 71663, package: pacemaker-repo-debuginfo-1.1.21-1.1.el7.x86_64.rpm } 12 | - { rev: 71664, package: pacemaker-repo-1.1.21-1.1.el6.x86_64.rpm } 13 | - { rev: 71664, package: pacemaker-repo-debuginfo-1.1.21-1.1.el6.x86_64.rpm } 14 | -------------------------------------------------------------------------------- /10-pacemaker-install.yml: -------------------------------------------------------------------------------- 1 | - hosts: hacluster 2 | become: true 3 | max_fail_percentage: 0 4 | 5 | roles: 6 | - { role: pacemaker-install } 7 | -------------------------------------------------------------------------------- /11-pacemaker-tools-enable.yml: -------------------------------------------------------------------------------- 1 | - hosts: hacluster 2 | become: true 3 | max_fail_percentage: 0 4 | 5 | roles: 6 | - { role: common } # use common handlers 7 | - { role: pacemaker-tools-enable } 8 | -------------------------------------------------------------------------------- /12-pacemaker-stonith-install.yml: -------------------------------------------------------------------------------- 1 | - hosts: hacluster 2 | become: true 3 | max_fail_percentage: 0 4 | 5 | roles: 6 | - { role: pacemaker-stonith-install } 7 | -------------------------------------------------------------------------------- /20-pacemaker-start.yml: -------------------------------------------------------------------------------- 1 | - hosts: hacluster 2 | become: true 3 | max_fail_percentage: 0 4 | 5 | # Running with --tags=init-cib,all option will clear the entire CIB 6 | # configration before start. It does not prompt you. USE WITH CARE! 7 | 8 | roles: 9 | - role: pacemaker-init-cib 10 | tags: never,init-cib 11 | 12 | - role: pacemaker-start 13 | 14 | - role: pacemaker-start-wait 15 | tags: never,start-wait 16 | -------------------------------------------------------------------------------- /30-pacemaker-stop.yml: -------------------------------------------------------------------------------- 1 | - hosts: hacluster 2 | become: true 3 | max_fail_percentage: 0 4 | 5 | roles: 6 | - { role: pacemaker-stop } 7 | -------------------------------------------------------------------------------- /80-test-link-disconnect.yml: -------------------------------------------------------------------------------- 1 | - hosts: hacluster 2 | become: true 3 | max_fail_percentage: 0 4 | gather_facts: no 5 | 6 | roles: 7 | - role: test-link-disconnect 8 | -------------------------------------------------------------------------------- /81-test-link-reconnect.yml: -------------------------------------------------------------------------------- 1 | - hosts: hacluster 2 | become: true 3 | max_fail_percentage: 0 4 | gather_facts: no 5 | 6 | roles: 7 | - role: test-link-reconnect 8 | -------------------------------------------------------------------------------- /98-pacemaker-tools-disable.yml: -------------------------------------------------------------------------------- 1 | - hosts: hacluster 2 | become: true 3 | max_fail_percentage: 0 4 | 5 | roles: 6 | - { role: common } # use common handlers 7 | - { role: pacemaker-tools-disable } 8 | -------------------------------------------------------------------------------- /99-pacemaker-uninstall.yml: -------------------------------------------------------------------------------- 1 | - hosts: hacluster 2 | become: true 3 | max_fail_percentage: 0 4 | 5 | vars: 6 | REMOVE_CIB: false 7 | 8 | vars_prompt: 9 | - name: "uninstall_ok" 10 | prompt: |- 11 | Uninstall Pacemaker repository package. 12 | Your CIB configuration will be preserved by default. 13 | If you do want to remove the CIB configuration, add '-e REMOVE_CIB=true' option. 14 | continue ? 15 | private: no 16 | default: "y" 17 | 18 | roles: 19 | - { role: pacemaker-stop, when: uninstall_ok == "y" } 20 | - { role: pacemaker-uninstall, when: uninstall_ok == "y" } 21 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | preview: 2 | grip README.md 3 | 4 | clean: 5 | @rm -f *.retry 6 | @find . -name '*~' -exec rm {} \; 7 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | (Japanese) 2 | 3 | # Pacemaker リポジトリパッケージ用 Ansible Playbook 4 | 5 | このリポジトリは、Linux-HA Japan Pacemaker リポジトリパッケージを 6 | インストールする手順を Ansible で自動化した Playbook の例です。 7 | 8 | ## 対象バージョン・手順 9 | 10 | 以下のページに記載されているバージョン・手順を Ansible Playbook にしたものです。 11 | 12 | * 対象バージョン: pacemaker-repo-1.1.21-1.1 13 | * 手順: [Pacemaker-1.1.21-1.1 リポジトリパッケージ](http://linux-ha.osdn.jp/wp/archives/4876) 14 | 15 | 以前のバージョンを利用する場合は、対応するブランチを checkout して使ってください。 16 | 17 | * pacemaker-repo-1.1.21-1.1: ブランチ [branch-1.1.21-1.1](https://github.com/kskmori/ansible-pacemaker/tree/branch-1.1.21-1.1) 18 | * pacemaker-repo-1.1.19-1.1: ブランチ [branch-1.1.19-1.1](https://github.com/kskmori/ansible-pacemaker/tree/branch-1.1.19-1.1) 19 | * pacemaker-repo-1.1.17-1.1: ブランチ [branch-1.1.17-1.1](https://github.com/kskmori/ansible-pacemaker/tree/branch-1.1.17-1.1) 20 | * pacemaker-repo-1.1.16-1.1: ブランチ [branch-1.1.16-1.1](https://github.com/kskmori/ansible-pacemaker/tree/branch-1.1.16-1.1) 21 | * pacemaker-repo-1.1.15-1.1: ブランチ [branch-1.1.15-1.1](https://github.com/kskmori/ansible-pacemaker/tree/branch-1.1.15-1.1) 22 | * pacemaker-repo-1.1.14-1.1: ブランチ [branch-1.1.14-1.1](https://github.com/kskmori/ansible-pacemaker/tree/branch-1.1.14-1.1) 23 | * pacemaker-repo-1.1.13-1.1: ブランチ [branch-1.1.13-1.1](https://github.com/kskmori/ansible-pacemaker/tree/branch-1.1.13-1.1) 24 | 25 | _※ 2017/04/14追記: 以前はタグと記載していましたが、タグではなくブランチを checkout してください。各バージョンごとに必要な修正や更新などをそれぞれのブランチごとに反映しています。_ 26 | 27 | ## 前提条件 28 | 29 | この playbook を使うには以下の設定をあらかじめ行っておいてください。 30 | 31 | * OSメディアもしくはリポジトリが参照できるように /etc/yum.repo.d を設定しておくこと(OS標準の依存パッケージを自動的にインストールするため) 32 | * OSおよびネットワークの設定は別途完了済みであること。 33 | * firewalld が利用できない環境(RHEL6等)では、corosync に必要な通信を許可しておくこと(iptables -F など)。 34 | * RHEL7 で firewalld を利用している環境では不要です。この playbook が必要な設定を行います。 35 | 36 | ## 設定 37 | 38 | 以下のファイルを環境に合わせて作成します。詳細はサンプルファイルの中身を参照してください。 39 | 40 | * hosts.yml 41 | * インベントリファイル。inventories/hosts-sample.yml を参考に、以下の項目を修正して作成してください。 42 | * Pacemakerをインストールするホスト名 43 | * ノード間通信に使用するネットワークアドレス、マルチキャストアドレス・ポート 44 | * ログ出力先 45 | 46 | _※ 1.1.21-1.1 以降、設定のサンプルを hosts.yml(YAML形式のインベントリファイル)に変更しました。複数環境の切り替えを容易にするためです。以前のバージョンの設定方法(ini形式のインベントリファイルおよびgroup_varsによる設定)でも問題ありません。_ 47 | 48 | * サンプルファイル一覧 49 | * hosts-sample.yml: 必要最低限の設定。マルチキャスト通信を使用 50 | * hosts-sample-udpu.yml: ユニキャスト通信を使用する場合の設定例 51 | * hosts-sample-pm_logconv.yml: 下記「Linux-HA Japan 追加パッケージ利用例」の章参照 52 | 53 | ## 実行例 54 | 55 | * (1) リポジトリパッケージのダウンロード 56 | * リポジトリパッケージをダウンロードします。インターネットに接続されてない環境では、別途ファイルをダウンロードして roles/pacemaker-install/files 配下に手動でコピーしても構いません。 57 | 58 | ``` 59 | $ ansible-playbook 00-download.yml 60 | ``` 61 | 62 | * (2) Pacemaker リポジトリパッケージのインストール 63 | * Pacemaker / Corosync のインストールと必要最低限の設定を行います。 64 | 65 | ``` 66 | $ ansible-playbook -u root -i hosts.yml 10-pacemaker-install.yml 67 | ``` 68 | 69 | * (3) Pacemaker の起動 70 | * Pacemaker クラスタを起動します。 71 | 72 | ``` 73 | $ ansible-playbook -u root -i hosts.yml 20-pacemaker-start.yml 74 | ``` 75 | 76 | * (4) Pacemaker の停止 77 | * Pacemaker クラスタを停止します。 78 | 79 | ``` 80 | $ ansible-playbook -u root -i hosts.yml 30-pacemaker-stop.yml 81 | ``` 82 | 83 | * (5) Pacemaker リポジトリパッケージのアンインストール 84 | * Pacemaker リポジトリパッケージを全てアンインストールします。確認のプロンプトが出ます。 85 | * デフォルトでは Pacemaker のCRMクラスタ設定(CIB設定)は削除しませんが、`-e REMOVE_CIB=true` オプションを付与することでCRMクラスタ設定も全て削除します。 86 | 87 | ``` 88 | $ ansible-playbook -u root -i hosts.yml 99-pacemaker-uninstall.yml 89 | ``` 90 | 91 | * CRMクラスタ設定も全て削除する場合 92 | 93 | ``` 94 | $ ansible-playbook -u root -i hosts.yml -e REMOVE_CIB=true 99-pacemaker-uninstall.yml 95 | ``` 96 | 97 | ## Linux-HA Japan 追加パッケージ利用例 98 | 99 | 本 playbook には、Linux-HA Japan リポジトリパッケージに含まれる pm_logconv-cs (Pacemakerログ解析支援ツール)を利用する場合の playbook も含まれています。 100 | 101 | これは下記の pm_logconv-cs のドキュメントに記載されている設定を playbook 化したものです。 102 | 詳細は pm_logconv-cs の README.md を参照してください。 103 | 104 | * Pacemakerログ解析支援ツール(pm_logconv-cs) 105 | * https://github.com/linux-ha-japan/pm_logconv-cs/blob/master/README.md 106 | 107 | ### 設定 108 | 109 | 設定のサンプルは inventories/hosts-sample-pm_logconv.yml を参照してください。 110 | 111 | ### 実行例 112 | 113 | * (1) Pacemaker リポジトリパッケージのインストール・pm_logconv-cs の有効化 114 | * Pacemaker / Corosync のインストールと必要最低限の設定を行います。 115 | * 続けて、pm_logconv-cs 利用に必要な /etc/rsyslog.conf 等の設定を行います。 116 | 117 | ``` 118 | $ ansible-playbook -u root -i hosts.yml 10-pacemaker-install.yml 119 | $ ansible-playbook -u root -i hosts.yml 11-pacemaker-tools-enable.yml 120 | ``` 121 | 122 | * (2) Pacemaker の起動 123 | * Pacemaker クラスタを起動します。 124 | * /var/log/pm_logconv.out にログが出力されることを確認します。 125 | 126 | ``` 127 | $ ansible-playbook -u root -i hosts.yml 20-pacemaker-start.yml 128 | ``` 129 | 130 | * (3) Pacemaker の停止 131 | * Pacemaker クラスタを停止します。 132 | 133 | ``` 134 | $ ansible-playbook -u root -i hosts.yml 30-pacemaker-stop.yml 135 | ``` 136 | 137 | * (4) pm_logconv-cs設定の無効化・Pacemaker リポジトリパッケージのアンインストール 138 | * pm_logconv-cs 有効化のために設定した /etc/rsyslog.conf 等を元に戻します(元に戻す必要がない場合は実行は必須ではありません)。 139 | 140 | ``` 141 | $ ansible-playbook -u root -i hosts.yml 98-pacemaker-tools-disable.yml 142 | $ ansible-playbook -u root -i hosts.yml 99-pacemaker-uninstall.yml 143 | ``` 144 | 145 | 146 | ## 動作試験用 playbook 147 | 148 | インターコネクトLAN(Corosync通信)切断の擬似故障を発生させる手順を playbook 化したものです。 149 | STONITH機能の動作試験を行う場合などに使用できます。 150 | 151 | インターコネクトLAN切断の擬似故障を発生させる場合、 Corosync の仕様上 ifdown は利用できません。iptables 等によって通信を双方向切断する必要があります。本 playbook では iptables により擬似故障を発生させています。 152 | 153 | * 参考情報 154 | * [CentOS 7 で Pacemaker を利用する場合の注意点](http://linux-ha.osdn.jp/wp/archives/4798) 3. Corosync の動作について 155 | 156 | ### 試験実行例 157 | 158 | * (1) インターコネクトLANの切断故障を擬似的に発生させる。 159 | * 擬似故障を発生させるノードを -l オプションで指定します。 160 | 161 | ``` 162 | $ ansible-playbook -u root -i hosts.yml -l centos73-2 80-test-link-disconnect.yml 163 | ``` 164 | 165 | * (2) (1)で発生させた擬似故障を元に戻す。 166 | 167 | ``` 168 | $ ansible-playbook -u root -i hosts.yml -l centos73-2 81-test-link-reconnect.yml 169 | ``` 170 | 171 | ## 補足 172 | 173 | * この playbook には Pacemaker を単体で起動するために必要最低限の手順のみが含まれています。実際のクラスタ環境構築を全て自動化するには、ネットワーク設定や監視対象のアプリケーションなども含め適宜手順を追加して利用してください。 174 | * playbook のファイル名の数字は単にファイル名のソート順のために付与したもので深い意味はありません。 175 | -------------------------------------------------------------------------------- /ansible.cfg.sample: -------------------------------------------------------------------------------- 1 | [defaults] 2 | # human-readable stdout/stderr results display 3 | # see. https://github.com/ansible/ansible/issues/27078 4 | #stdout_callback = debug 5 | stdout_callback = yaml 6 | # alternatively, set environment variable 7 | # export ANSIBLE_STDOUT_CALLBACK=yaml 8 | 9 | gathering = smart 10 | retry_files_enabled = False 11 | 12 | #inventory = ./inventories/hosts-sample.yml 13 | 14 | 15 | ## enable this option on Cygwin environment 16 | ## ref. https://everythingshouldbevirtual.com/automation/ansible-using-ansible-on-windows-via-cygwin/ 17 | #[ssh_connection] 18 | #ssh_args = -o ControlMaster=no 19 | -------------------------------------------------------------------------------- /dev/01-backup-config.yml: -------------------------------------------------------------------------------- 1 | - hosts: hacluster 2 | become: true 3 | max_fail_percentage: 0 4 | 5 | tasks: 6 | 7 | - name: backup config 8 | fetch: 9 | src: "{{ item }}" 10 | dest: "{{ playbook_dir }}/backup-config/" 11 | with_items: 12 | - /etc/sysconfig/pacemaker 13 | - /etc/rsyslog.conf 14 | - /etc/systemd/journald.conf 15 | - /etc/logrotate.d/syslog 16 | 17 | -------------------------------------------------------------------------------- /dev/08-clean-backup-files.yml: -------------------------------------------------------------------------------- 1 | - hosts: hacluster 2 | become: true 3 | max_fail_percentage: 0 4 | 5 | tasks: 6 | 7 | - name: remove backup files created by ansible playbook 8 | # 2100 year problem here! 9 | shell: "rm -f {{ item }}.20*~" 10 | args: 11 | removes: "{{ item }}.20*~" 12 | with_items: 13 | - /etc/sysconfig/pacemaker 14 | - /etc/rsyslog.conf 15 | - /etc/systemd/journald.conf 16 | - /etc/logrotate.d/syslog 17 | - /etc/systemd/system/pacemaker.service 18 | - /etc/systemd/system/corosync.service 19 | - /etc/init/pacemaker.combined.conf 20 | - /etc/yum.repos.d/CentOS-Base.repo 21 | - /etc/pm_logconv.conf 22 | - /etc/corosync/corosync.conf 23 | 24 | -------------------------------------------------------------------------------- /dev/09-restore-config.yml: -------------------------------------------------------------------------------- 1 | - hosts: hacluster 2 | become: true 3 | max_fail_percentage: 0 4 | 5 | tasks: 6 | 7 | - name: backup config 8 | copy: 9 | src: "{{ playbook_dir }}/backup-config/{{ inventory_hostname }}{{ item }}" 10 | dest: "{{ item }}" 11 | with_items: 12 | - /etc/sysconfig/pacemaker 13 | - /etc/rsyslog.conf 14 | - /etc/systemd/journald.conf 15 | - /etc/logrotate.d/syslog 16 | -------------------------------------------------------------------------------- /inventories/hosts-sample-pm_logconv.yml: -------------------------------------------------------------------------------- 1 | hacluster: 2 | hosts: 3 | # Pacemaker をインストールするホスト名を記述します。 4 | centos73-1: 5 | centos73-2: 6 | vars: 7 | # ノード間通信LAN(corosync.confのinterface)として設定するネットワークを記述します。 8 | INTERFACES: 9 | - { bindnetaddr: 192.168.101.0, mcastaddr: 239.255.1.1, mcastport: 5405 } 10 | - { bindnetaddr: 192.168.102.0, mcastaddr: 239.255.1.2, mcastport: 5405 } 11 | 12 | # pm_logconv を利用する場合は、local1 (もしくは他の未使用の local*)を設定します。 13 | SYSLOG_FACILITY: local1 14 | 15 | ### pm_logconv configuration (optional) 16 | # インストールと同時に /etc/pm_logconv.conf のリソース設定を行う場合、下記を設定します。 17 | #PM_LOGCONV_CONFIG: 18 | # "attribute_ping": "not_defined default_ping_set or default_ping_set lt 100" 19 | # "attribute_diskd_inner": "not_defined diskcheck_status_internal or diskcheck_status_internal eq ERROR" 20 | # "act_rsc": "vip-master, vip-rep" 21 | 22 | 23 | -------------------------------------------------------------------------------- /inventories/hosts-sample-udpu.yml: -------------------------------------------------------------------------------- 1 | hacluster: 2 | hosts: 3 | # Pacemaker をインストールするホスト名を記述します。 4 | centos73-1: 5 | centos73-2: 6 | vars: 7 | ## Corosync 通信にユニキャスト通信(udpu)を使用する場合の設定例 8 | # ユニキャスト通信を使用する場合 udpu を指定します。 9 | TRANSPORT: udpu 10 | 11 | # ノード間通信LAN(corosync.confのinterface)として設定するネットワークを記述します。 12 | # ユニキャスト通信(udpu)の場合、mcastaddr 設定は不要です。 13 | INTERFACES: 14 | - { bindnetaddr: 192.168.101.0, mcastport: 5405 } 15 | - { bindnetaddr: 192.168.102.0, mcastport: 5405 } 16 | 17 | # ユニキャスト通信(udpu)の場合、NODELIST 設定が必要です。 18 | # ユニキャストアドレスのリストをノード数分記述します。 19 | # 1ノード分の中にはINTERFACESと同じ数だけアドレスを記述します。 20 | NODELIST: 21 | - [ 192.168.101.27, 192.168.102.27 ] 22 | - [ 192.168.101.28, 192.168.102.28 ] 23 | 24 | # pm_logconv を利用する場合は、local1 (もしくは他の未使用の local*)を設定します。 25 | SYSLOG_FACILITY: daemon 26 | -------------------------------------------------------------------------------- /inventories/hosts-sample.yml: -------------------------------------------------------------------------------- 1 | hacluster: 2 | hosts: 3 | # Pacemaker をインストールするホスト名を記述します。 4 | centos73-1: 5 | centos73-2: 6 | vars: 7 | # ノード間通信LAN(corosync.confのinterface)として設定するネットワークを記述します。 8 | INTERFACES: 9 | - { bindnetaddr: 192.168.101.0, mcastaddr: 239.255.1.1, mcastport: 5405 } 10 | - { bindnetaddr: 192.168.102.0, mcastaddr: 239.255.1.2, mcastport: 5405 } 11 | 12 | # pm_logconv を利用する場合は、local1 (もしくは他の未使用の local*)を設定します。 13 | SYSLOG_FACILITY: daemon 14 | -------------------------------------------------------------------------------- /roles/common/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: restart rsyslog 2 | service: 3 | name=rsyslog 4 | state=restarted 5 | 6 | - name: restart journald 7 | service: 8 | name=systemd-journald 9 | state=restarted 10 | -------------------------------------------------------------------------------- /roles/pacemaker-init-cib/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: erase the CIB 2 | shell: rm -f /var/lib/pacemaker/cib/* /var/lib/pacemaker/pengine/* 3 | args: 4 | warn: false 5 | -------------------------------------------------------------------------------- /roles/pacemaker-install/files/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kskmori/ansible-pacemaker/894b0f7d4fe3a3a106aab6342b55d45a432f0fdc/roles/pacemaker-install/files/.keep -------------------------------------------------------------------------------- /roles/pacemaker-install/tasks/config-centos.yml: -------------------------------------------------------------------------------- 1 | - name: exclude Pacemaker packages in CentOS repository 2 | ini_file: 3 | dest: /etc/yum.repos.d/CentOS-Base.repo 4 | section: "{{ item }}" 5 | option: exclude 6 | value: pacemaker* corosync* resource-agents* crmsh* cluster-glue* libqb* fence-agents* pcs-* 7 | no_extra_spaces: yes 8 | backup: yes 9 | with_items: 10 | - 'base' 11 | - 'updates' 12 | 13 | - name: install NetworkManager-config-server for RHEL compatibility 14 | yum: 15 | name: NetworkManager-config-server 16 | state: present 17 | register: installed 18 | when: ansible_distribution_major_version == '7' 19 | 20 | - name: restart NetworkManager if changed 21 | systemd: 22 | name: NetworkManager 23 | state: restarted 24 | when: ansible_distribution_major_version == '7' and installed.changed 25 | -------------------------------------------------------------------------------- /roles/pacemaker-install/tasks/config-rhel6.yml: -------------------------------------------------------------------------------- 1 | # "export" prefix is required on RHEL6 (non-systemd) platform 2 | - name: config /etc/sysconfig/pacemaker 3 | lineinfile: 4 | dest="/etc/sysconfig/pacemaker" 5 | regexp="{{ item.regexp }}" 6 | line="{{ item.line }}" 7 | state=present 8 | backup=yes 9 | with_items: 10 | - { regexp: "PCMK_fail_fast=", line: "export PCMK_fail_fast=yes" } 11 | 12 | ## This was necessary on 1.1.12-1.1 or before 13 | ## No longer needed on 1.1.13-1.1 or later because already presented 14 | #- name: config pacemaker.combined.conf (obsolete) 15 | # lineinfile: 16 | # dest='/etc/init/pacemaker.combined.conf' 17 | # insertbefore="^kill timeout" 18 | # line="stop on runlevel [0123456]" 19 | # state=present 20 | 21 | - name: config pacemaker.combined.conf 22 | lineinfile: 23 | dest='/etc/init/pacemaker.combined.conf' 24 | regexp="{{ item.regexp }}" 25 | line="{{ item.line }}" 26 | state=present 27 | backup=yes 28 | with_items: 29 | - { regexp: 'pidof corosync \|\| false', line: ' pidof corosync || false' } 30 | 31 | - name: config corosync.conf 32 | lineinfile: 33 | dest='/etc/init/corosync.conf' 34 | regexp="{{ item.regexp }}" 35 | line="{{ item.line }}" 36 | state=present 37 | backup=yes 38 | with_items: 39 | - { regexp: 'modprobe softdog', line: ' [ -c /dev/watchdog ] || modprobe softdog' } 40 | -------------------------------------------------------------------------------- /roles/pacemaker-install/tasks/config-rhel7.yml: -------------------------------------------------------------------------------- 1 | - name: config /etc/sysconfig/pacemaker 2 | lineinfile: 3 | dest="/etc/sysconfig/pacemaker" 4 | regexp="{{ item.regexp }}" 5 | line="{{ item.line }}" 6 | state=present 7 | backup=yes 8 | with_items: 9 | - { regexp: "PCMK_fail_fast=", line: "PCMK_fail_fast=yes" } 10 | 11 | - name: copy corosync.service to customize 12 | shell: creates=/etc/systemd/system/corosync.service cp -p /usr/lib/systemd/system/corosync.service /etc/systemd/system 13 | 14 | - name: configure corosync.service 15 | lineinfile: 16 | dest="/etc/systemd/system/corosync.service" 17 | regexp="{{ item.regexp }}" 18 | line="{{ item.line }}" 19 | state=present 20 | backup=yes 21 | with_items: 22 | - { regexp: "Restart=", line: "Restart=on-failure" } 23 | - { regexp: "RestartSec=", line: "RestartSec=70" } 24 | - { regexp: "ExecStartPre=", line: "ExecStartPre=/sbin/modprobe softdog" } 25 | 26 | - name: copy pacemaker.service to customize 27 | shell: creates=/etc/systemd/system/pacemaker.service cp -p /usr/lib/systemd/system/pacemaker.service /etc/systemd/system 28 | 29 | - name: configure pacemaker.service 30 | lineinfile: 31 | dest="/etc/systemd/system/pacemaker.service" 32 | regexp="{{ item.regexp }}" 33 | line="{{ item.line }}" 34 | state=present 35 | backup=yes 36 | with_items: 37 | - { regexp: "killall -TERM corosync", line: "ExecStopPost=/bin/sh -c 'pidof crmd || killall -TERM corosync'" } 38 | 39 | ### allow communitation ports if firewalld is in use 40 | - name: check if firewalld is enabled 41 | command: firewall-cmd --state 42 | changed_when: false 43 | failed_when: false 44 | register: firewalld_state 45 | 46 | - name: allow Pacemaker/Corosync communication through firewalld (permanent) 47 | command: firewall-cmd --permanent --add-service=high-availability 48 | register: result 49 | changed_when: '"ALREADY_ENABLED" not in result.stderr' 50 | when: firewalld_state.rc == 0 51 | 52 | - name: allow Pacemaker/Corosync communication through firewalld (runtime) 53 | command: firewall-cmd --add-service=high-availability 54 | register: result 55 | changed_when: '"ALREADY_ENABLED" not in result.stderr' 56 | when: firewalld_state.rc == 0 57 | -------------------------------------------------------------------------------- /roles/pacemaker-install/tasks/corosync-config.yml: -------------------------------------------------------------------------------- 1 | - name: create corosync.conf for multicast 2 | template: 3 | src="corosync.conf.j2" 4 | dest="/etc/corosync/corosync.conf" 5 | when: TRANSPORT is not defined or TRANSPORT != "udpu" 6 | 7 | - name: create corosync.conf for unicast 8 | template: 9 | src="corosync.conf-udpu.j2" 10 | dest="/etc/corosync/corosync.conf" 11 | when: TRANSPORT is defined and TRANSPORT == "udpu" 12 | 13 | - name: generate authkey on the first host 14 | shell: /usr/sbin/corosync-keygen -l 15 | args: 16 | creates: /etc/corosync/authkey 17 | when: inventory_hostname == ansible_play_hosts[0] 18 | 19 | ## synchronize module requires rsync and ssh keys exchange 20 | #- name: distribute authkey to other nodes 21 | # synchronize: 22 | # src: /etc/corosync/authkey 23 | # dest: /etc/corosync/authkey 24 | # delegate_to: "{{ ansible_play_hosts[0] }}" 25 | 26 | ## alternative way to synchronize authkey to avoid dependency on rsync 27 | - name: fetch authkey to local temporally 28 | fetch: 29 | src: /etc/corosync/authkey 30 | dest: "{{ role_path }}/files/authkey" 31 | fail_on_missing: yes 32 | flat: yes 33 | when: inventory_hostname == ansible_play_hosts[0] 34 | changed_when: false 35 | 36 | - name: distribute authkey to all nodes 37 | copy: 38 | src="{{ role_path }}/files/authkey" 39 | dest=/etc/corosync/authkey 40 | 41 | - name: remove copied authkey in local 42 | become: false 43 | local_action: file name="{{ role_path }}/files/authkey" state=absent 44 | run_once: true 45 | changed_when: false 46 | -------------------------------------------------------------------------------- /roles/pacemaker-install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: config-centos.yml 3 | when: ansible_distribution == 'CentOS' 4 | 5 | - include: pacemaker-install.yml 6 | - include: corosync-config.yml 7 | 8 | - include: config-rhel6.yml 9 | when: ansible_distribution_major_version == '6' 10 | - include: config-rhel7.yml 11 | when: ansible_distribution_major_version == '7' 12 | -------------------------------------------------------------------------------- /roles/pacemaker-install/tasks/pacemaker-install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Copy Pacemaker repository package to nodes 3 | copy: 4 | src: "pacemaker-repo-1.1.21-1.1.el{{ ansible_distribution_major_version }}.x86_64.rpm" 5 | dest: "/tmp/" 6 | register: rc_copy 7 | 8 | - name: install the repository package 9 | yum: 10 | name: "{{ rc_copy.dest }}" 11 | state: present 12 | update_cache: yes 13 | 14 | - name: cleanup yum cache 15 | command: yum clean all warn=no 16 | changed_when: False 17 | 18 | - name: install Pacemaker packages 19 | yum: 20 | name=pacemaker-all 21 | state=latest 22 | 23 | # This should not be necessary because it's the default status, but 24 | # make sure it for just in case user had changed the systemd status on RHEL7. 25 | # On RHEL6, it would be always disabled by restoring pacemaker.combined.conf . 26 | - name: make sure Pacemaker services are disabled in systemd 27 | service: name="{{ item }}" enabled=no 28 | with_items: 29 | - pacemaker 30 | - corosync 31 | when: ansible_distribution_major_version == '7' 32 | -------------------------------------------------------------------------------- /roles/pacemaker-install/templates/corosync.conf-udpu.j2: -------------------------------------------------------------------------------- 1 | totem { 2 | version: 2 3 | token: 1000 4 | rrp_mode: active 5 | transport: udpu 6 | {% for ring in INTERFACES %} 7 | interface { 8 | ringnumber: {{ loop.index0 }} 9 | bindnetaddr: {{ ring['bindnetaddr'] }} 10 | mcastport: {{ ring['mcastport'] }} 11 | } 12 | {% endfor %} 13 | } 14 | nodelist { 15 | {% for node in NODELIST %} 16 | node { 17 | {% for addr in node %} 18 | ring{{ loop.index0 }}_addr: {{ addr }} 19 | {% endfor %} 20 | nodeid: {{ loop.index }} 21 | } 22 | {% endfor %} 23 | } 24 | logging { 25 | syslog_facility: {{ SYSLOG_FACILITY }} 26 | debug: off 27 | } 28 | quorum { 29 | provider: corosync_votequorum 30 | expected_votes: {{ groups['hacluster'] | length }} 31 | } 32 | 33 | -------------------------------------------------------------------------------- /roles/pacemaker-install/templates/corosync.conf.j2: -------------------------------------------------------------------------------- 1 | totem { 2 | version: 2 3 | token: 1000 4 | rrp_mode: active 5 | {% for ring in INTERFACES %} 6 | interface { 7 | ringnumber: {{ loop.index0 }} 8 | bindnetaddr: {{ ring['bindnetaddr'] }} 9 | mcastaddr: {{ ring['mcastaddr'] }} 10 | mcastport: {{ ring['mcastport'] }} 11 | } 12 | {% endfor %} 13 | } 14 | logging { 15 | syslog_facility: {{ SYSLOG_FACILITY }} 16 | debug: off 17 | } 18 | quorum { 19 | provider: corosync_votequorum 20 | expected_votes: {{ groups['hacluster'] | length }} 21 | } 22 | 23 | -------------------------------------------------------------------------------- /roles/pacemaker-start-wait/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: wait for Pacemaker startup completion 2 | shell: crmadmin -qS {{ inventory_hostname }} 3 | register: result 4 | retries: 20 5 | delay: 5 6 | changed_when: false 7 | until: result.rc == 0 and (result.stderr == "S_IDLE" or result.stderr == "S_NOT_DC") 8 | -------------------------------------------------------------------------------- /roles/pacemaker-start/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: start-service-rhel6.yml 3 | when: ansible_distribution_major_version == '6' 4 | - include: start-service-rhel7.yml 5 | when: ansible_distribution_major_version == '7' 6 | -------------------------------------------------------------------------------- /roles/pacemaker-start/tasks/start-service-rhel6.yml: -------------------------------------------------------------------------------- 1 | - name: start Pacemaker service (RHEL6) 2 | service: 3 | name="pacemaker.combined" 4 | state=started 5 | 6 | -------------------------------------------------------------------------------- /roles/pacemaker-start/tasks/start-service-rhel7.yml: -------------------------------------------------------------------------------- 1 | - name: start Pacemaker service (RHEL7) 2 | service: 3 | name="pacemaker" 4 | state=started 5 | -------------------------------------------------------------------------------- /roles/pacemaker-stonith-install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: install dependent packages for STONITH plugins 2 | yum: 3 | name="{{ item }}" 4 | update_cache=yes 5 | state=present 6 | with_items: 7 | - ipmitool 8 | - libvirt-client 9 | 10 | # currently this playbook does not do this automatically. (can be improved) 11 | - name: notes for SSH key exchange 12 | debug: 13 | msg: "NOTE: Make sure that you can SSH to the libvirt host without passwords to use external/libvirt plugin" 14 | -------------------------------------------------------------------------------- /roles/pacemaker-stop/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: stop-service-rhel6.yml 3 | when: ansible_distribution_major_version == '6' 4 | - include: stop-service-rhel7.yml 5 | when: ansible_distribution_major_version == '7' 6 | -------------------------------------------------------------------------------- /roles/pacemaker-stop/tasks/stop-service-rhel6.yml: -------------------------------------------------------------------------------- 1 | - name: check if Pacemaker service is presented (RHEL6) 2 | stat: 3 | path=/etc/init/pacemaker.combined.conf 4 | register: pacemaker_service_file 5 | 6 | - name: stop Pacemaker service if exists (RHEL6) 7 | service: 8 | name="pacemaker.combined" 9 | state=stopped 10 | when: pacemaker_service_file.stat.exists == True 11 | 12 | -------------------------------------------------------------------------------- /roles/pacemaker-stop/tasks/stop-service-rhel7.yml: -------------------------------------------------------------------------------- 1 | - name: check if Pacemaker service is presented (RHEL7) 2 | stat: 3 | path=/etc/systemd/system/pacemaker.service 4 | register: pacemaker_service_file 5 | 6 | - name: stop Pacemaker service if exists (RHEL7) 7 | service: 8 | name="pacemaker" 9 | state=stopped 10 | when: pacemaker_service_file.stat.exists == True 11 | -------------------------------------------------------------------------------- /roles/pacemaker-tools-disable/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - include: rsyslog-unconfig-rhel6.yml 2 | when: ansible_distribution_major_version == '6' 3 | - include: rsyslog-unconfig-rhel7.yml 4 | when: ansible_distribution_major_version == '7' 5 | 6 | - include: tools-disable-rhel6.yml 7 | when: ansible_distribution_major_version == '6' 8 | - include: tools-disable-rhel7.yml 9 | when: ansible_distribution_major_version == '7' 10 | -------------------------------------------------------------------------------- /roles/pacemaker-tools-disable/tasks/rsyslog-unconfig-rhel6.yml: -------------------------------------------------------------------------------- 1 | - name: restore /etc/sysconfig/pacemaker to default 2 | lineinfile: 3 | dest="/etc/sysconfig/pacemaker" 4 | regexp="{{ item.regexp }}" 5 | line="{{ item.line }}" 6 | state=present 7 | backup=yes 8 | with_items: 9 | - { regexp: "PCMK_logfile=", line: "# PCMK_logfile=/var/log/pacemaker.log" } 10 | - { regexp: "PCMK_logfacility=", line: "# PCMK_logfacility=none|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7" } 11 | - { regexp: "PCMK_logpriority=", line: "# PCMK_logpriority=emerg|alert|crit|error|warning|notice|info|debug" } 12 | 13 | - name: restore /etc/rsyslog.conf for /var/log/messages 14 | lineinfile: 15 | dest="/etc/rsyslog.conf" 16 | regexp="{{ item.regexp }}" 17 | line="{{ item.line }}" 18 | state=present 19 | backup=yes 20 | with_items: 21 | - { regexp: '/var/log/messages$', line: '*.info;mail.none;authpriv.none;cron.none /var/log/messages' } 22 | notify: restart rsyslog 23 | 24 | - name: restore /etc/rsyslog.conf for additional configurations 25 | lineinfile: 26 | dest="/etc/rsyslog.conf" 27 | regexp="{{ item }}" 28 | state=absent 29 | backup=yes 30 | with_items: 31 | - '/var/log/ha-log;RSYSLOG_TraditionalFileFormat$' 32 | - '\$SystemLogRateLimitInterval ' 33 | notify: restart rsyslog 34 | 35 | - name: restore /etc/logrotate.d/syslog 36 | lineinfile: 37 | dest='/etc/logrotate.d/syslog' 38 | line="{{ item }}" 39 | state=absent 40 | backup=yes 41 | with_items: 42 | - '/var/log/ha-log' 43 | - ' missingok' # presented in RHEL7 by default 44 | notify: restart rsyslog 45 | -------------------------------------------------------------------------------- /roles/pacemaker-tools-disable/tasks/rsyslog-unconfig-rhel7.yml: -------------------------------------------------------------------------------- 1 | - name: restore /etc/sysconfig/pacemaker to default 2 | lineinfile: 3 | dest="/etc/sysconfig/pacemaker" 4 | regexp="{{ item.regexp }}" 5 | line="{{ item.line }}" 6 | state=present 7 | backup=yes 8 | with_items: 9 | - { regexp: "PCMK_logfile=", line: "# PCMK_logfile=/var/log/pacemaker.log" } 10 | - { regexp: "PCMK_logfacility=", line: "# PCMK_logfacility=none|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7" } 11 | - { regexp: "PCMK_logpriority=", line: "# PCMK_logpriority=emerg|alert|crit|error|warning|notice|info|debug" } 12 | 13 | - name: restore /etc/rsyslog.conf for /var/log/messages 14 | lineinfile: 15 | dest="/etc/rsyslog.conf" 16 | regexp="{{ item.regexp }}" 17 | line="{{ item.line }}" 18 | state=present 19 | backup=yes 20 | with_items: 21 | - { regexp: '/var/log/messages$', line: '*.info;mail.none;authpriv.none;cron.none /var/log/messages' } 22 | notify: restart rsyslog 23 | 24 | - name: restore /etc/rsyslog.conf for additional configurations 25 | lineinfile: 26 | dest="/etc/rsyslog.conf" 27 | regexp="{{ item }}" 28 | state=absent 29 | backup=yes 30 | with_items: 31 | - '/var/log/ha-log;RSYSLOG_TraditionalFileFormat$' 32 | - '\$SystemLogRateLimitInterval ' 33 | - '\$imjournalRatelimitInterval ' 34 | notify: restart rsyslog 35 | 36 | - name: restore /etc/systemd/journald.conf for ratelimit 37 | lineinfile: 38 | dest="/etc/systemd/journald.conf" 39 | regexp="{{ item.regexp }}" 40 | line="{{ item.line }}" 41 | insertafter='[Journal]' 42 | state=present 43 | backup=yes 44 | with_items: 45 | - { regexp: 'RateLimitInterval', line: '#RateLimitInterval=30s' } 46 | notify: restart journald 47 | 48 | - name: restore /etc/logrotate.d/syslog 49 | lineinfile: 50 | dest='/etc/logrotate.d/syslog' 51 | line="{{ item }}" 52 | state=absent 53 | backup=yes 54 | with_items: 55 | - '/var/log/ha-log' 56 | # - ' missingok' # presented in RHEL7 by default 57 | notify: restart rsyslog 58 | -------------------------------------------------------------------------------- /roles/pacemaker-tools-disable/tasks/tools-disable-rhel6.yml: -------------------------------------------------------------------------------- 1 | - name: disable services for Pacemaker additional tools (RHEL6) 2 | service: 3 | name="{{ item }}" 4 | state=stopped 5 | enabled=no 6 | with_items: 7 | - ifcheckd 8 | - pm_logconv_init 9 | 10 | -------------------------------------------------------------------------------- /roles/pacemaker-tools-disable/tasks/tools-disable-rhel7.yml: -------------------------------------------------------------------------------- 1 | - name: disable services for Pacemaker additional tools (RHEL7) 2 | service: 3 | name="{{ item }}" 4 | state=stopped 5 | enabled=no 6 | with_items: 7 | - ifcheckd 8 | - pm_logconv 9 | -------------------------------------------------------------------------------- /roles/pacemaker-tools-enable/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - include: tools-config.yml 2 | 3 | - include: rsyslog-config-rhel6.yml 4 | when: ansible_distribution_major_version == '6' 5 | - include: rsyslog-config-rhel7.yml 6 | when: ansible_distribution_major_version == '7' 7 | 8 | - include: tools-enable-rhel6.yml 9 | when: ansible_distribution_major_version == '6' 10 | - include: tools-enable-rhel7.yml 11 | when: ansible_distribution_major_version == '7' 12 | 13 | -------------------------------------------------------------------------------- /roles/pacemaker-tools-enable/tasks/rsyslog-config-rhel6.yml: -------------------------------------------------------------------------------- 1 | - name: config /etc/sysconfig/pacemaker to sepalate cluster logs 2 | lineinfile: 3 | dest="/etc/sysconfig/pacemaker" 4 | regexp="{{ item.regexp }}" 5 | line="{{ item.line }}" 6 | state=present 7 | backup=yes 8 | with_items: 9 | - { regexp: "PCMK_logfile=", line: "export PCMK_logfile=none" } 10 | - { regexp: "PCMK_logfacility=", line: "export PCMK_logfacility={{ SYSLOG_FACILITY }}" } 11 | - { regexp: "PCMK_logpriority=", line: "export PCMK_logpriority=info" } 12 | 13 | - name: config /etc/rsyslog.conf; exclude cluster logs from /var/log/message 14 | lineinfile: 15 | dest="/etc/rsyslog.conf" 16 | regexp="{{ item.regexp }}" 17 | line="{{ item.line }}" 18 | state=present 19 | backup=yes 20 | with_items: 21 | - { regexp: '/var/log/messages$', line: '*.info;mail.none;authpriv.none;cron.none;{{ SYSLOG_FACILITY }}.none /var/log/messages' } 22 | notify: restart rsyslog 23 | 24 | - name: config /etc/rsyslog.conf; sepalate cluster logs 25 | lineinfile: 26 | dest="/etc/rsyslog.conf" 27 | regexp="{{ item.regexp }}" 28 | line="{{ item.line }}" 29 | insertafter='^local7' 30 | state=present 31 | backup=yes 32 | with_items: 33 | - { regexp: "^{{ SYSLOG_FACILITY }}.info ", line: '{{ SYSLOG_FACILITY }}.info /var/log/ha-log;RSYSLOG_TraditionalFileFormat' } 34 | notify: restart rsyslog 35 | 36 | - name: config /etc/rsyslog.conf; disable ratelimit 37 | lineinfile: 38 | dest="/etc/rsyslog.conf" 39 | regexp="{{ item.regexp }}" 40 | line="{{ item.line }}" 41 | insertafter="GLOBAL DIRECTIVES" 42 | state=present 43 | backup=yes 44 | with_items: 45 | - { regexp: '\$SystemLogRateLimitInterval ', line: '$SystemLogRateLimitInterval 0' } 46 | notify: restart rsyslog 47 | 48 | - name: config /etc/logrotate.d/syslog 49 | lineinfile: 50 | dest='/etc/logrotate.d/syslog' 51 | line="{{ item.line }}" 52 | insertafter="{{ item.after }}" 53 | state=present 54 | backup=yes 55 | with_items: 56 | - { line: '/var/log/ha-log', after: '/var/log/spooler' } 57 | - { line: ' missingok', after: '{' } # presented in RHEL7 by default 58 | notify: restart rsyslog 59 | -------------------------------------------------------------------------------- /roles/pacemaker-tools-enable/tasks/rsyslog-config-rhel7.yml: -------------------------------------------------------------------------------- 1 | - name: config /etc/sysconfig/pacemaker to sepalate cluster logs 2 | lineinfile: 3 | dest="/etc/sysconfig/pacemaker" 4 | regexp="{{ item.regexp }}" 5 | line="{{ item.line }}" 6 | state=present 7 | backup=yes 8 | with_items: 9 | - { regexp: "PCMK_logfile=", line: "PCMK_logfile=none" } 10 | - { regexp: "PCMK_logfacility=", line: "PCMK_logfacility={{ SYSLOG_FACILITY }}" } 11 | - { regexp: "PCMK_logpriority=", line: "PCMK_logpriority=info" } 12 | 13 | - name: config /etc/rsyslog.conf; exclude cluster logs from /var/log/message 14 | lineinfile: 15 | dest="/etc/rsyslog.conf" 16 | regexp="{{ item.regexp }}" 17 | line="{{ item.line }}" 18 | state=present 19 | backup=yes 20 | with_items: 21 | - { regexp: '/var/log/messages$', line: '*.info;mail.none;authpriv.none;cron.none;{{ SYSLOG_FACILITY }}.none /var/log/messages' } 22 | notify: restart rsyslog 23 | 24 | - name: config /etc/rsyslog.conf; sepalate cluster logs 25 | lineinfile: 26 | dest="/etc/rsyslog.conf" 27 | regexp="{{ item.regexp }}" 28 | line="{{ item.line }}" 29 | insertafter='^local7' 30 | state=present 31 | backup=yes 32 | with_items: 33 | - { regexp: "^{{ SYSLOG_FACILITY }}.info ", line: '{{ SYSLOG_FACILITY }}.info /var/log/ha-log;RSYSLOG_TraditionalFileFormat' } 34 | notify: restart rsyslog 35 | 36 | - name: config /etc/rsyslog.conf; disable ratelimit 37 | lineinfile: 38 | dest="/etc/rsyslog.conf" 39 | regexp="{{ item.regexp }}" 40 | line="{{ item.line }}" 41 | insertafter="GLOBAL DIRECTIVES" 42 | state=present 43 | backup=yes 44 | with_items: 45 | - { regexp: '\$SystemLogRateLimitInterval ', line: '$SystemLogRateLimitInterval 0' } 46 | - { regexp: '\$imjournalRatelimitInterval ', line: '$imjournalRatelimitInterval 0' } 47 | notify: restart rsyslog 48 | 49 | - name: config /etc/systemd/journald.conf; disable ratelimit 50 | lineinfile: 51 | dest="/etc/systemd/journald.conf" 52 | regexp="{{ item.regexp }}" 53 | line="{{ item.line }}" 54 | insertafter='[Journal]' 55 | state=present 56 | backup=yes 57 | with_items: 58 | - { regexp: 'RateLimitInterval', line: 'RateLimitInterval=0s' } 59 | notify: restart journald 60 | 61 | - name: config /etc/logrotate.d/syslog 62 | lineinfile: 63 | dest='/etc/logrotate.d/syslog' 64 | line="{{ item.line }}" 65 | insertafter="{{ item.after }}" 66 | state=present 67 | backup=yes 68 | with_items: 69 | - { line: '/var/log/ha-log', after: '/var/log/spooler' } 70 | # - { line: ' missingok', after: '{' } # presented in RHEL7 by default 71 | notify: restart rsyslog 72 | -------------------------------------------------------------------------------- /roles/pacemaker-tools-enable/tasks/tools-config.yml: -------------------------------------------------------------------------------- 1 | - name: create /etc/pm_logconv.conf 2 | shell: cp /etc/pm_logconv.conf.sample /etc/pm_logconv.conf 3 | args: 4 | creates: /etc/pm_logconv.conf 5 | 6 | - name: configure /etc/pm_logconv.conf 7 | ini_file: 8 | dest: '/etc/pm_logconv.conf' 9 | section: 'Settings' 10 | option: "{{ item.key }}" 11 | value: "{{ item.value }}" 12 | backup: yes 13 | with_dict: "{{ PM_LOGCONV_CONFIG }}" 14 | when: PM_LOGCONV_CONFIG is defined 15 | 16 | -------------------------------------------------------------------------------- /roles/pacemaker-tools-enable/tasks/tools-enable-rhel6.yml: -------------------------------------------------------------------------------- 1 | - name: enable services for Pacemaker additional tools (RHEL6) 2 | service: 3 | name="{{ item }}" 4 | state=started 5 | enabled=yes 6 | with_items: 7 | - ifcheckd 8 | - pm_logconv_init 9 | 10 | -------------------------------------------------------------------------------- /roles/pacemaker-tools-enable/tasks/tools-enable-rhel7.yml: -------------------------------------------------------------------------------- 1 | - name: enable services for Pacemaker additional tools (RHEL7) 2 | service: 3 | name="{{ item }}" 4 | state=started 5 | enabled=yes 6 | with_items: 7 | - ifcheckd 8 | - pm_logconv 9 | -------------------------------------------------------------------------------- /roles/pacemaker-uninstall/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - include: pacemaker-uninstall.yml 2 | 3 | ## Nothing to unconfig for RHEL6 right now 4 | #- include: unconfig-rhel6.yml 5 | # when: ansible_distribution_major_version == '6' 6 | - include: unconfig-rhel7.yml 7 | when: ansible_distribution_major_version == '7' 8 | 9 | - include: yum-repo-erase-centos.yml 10 | when: ansible_distribution == 'CentOS' 11 | -------------------------------------------------------------------------------- /roles/pacemaker-uninstall/tasks/pacemaker-uninstall.yml: -------------------------------------------------------------------------------- 1 | - name: uninstall Pacemaker core packages 2 | yum: 3 | state: absent 4 | name: 5 | - pacemaker 6 | - corosync 7 | - libqb 8 | - cluster-glue 9 | - cluster-glue-libs 10 | - resource-agents 11 | - pm_crmgen 12 | - pm_logconv-cs 13 | - pm_diskd 14 | - pm_extras 15 | - crmsh 16 | - pssh 17 | - pacemaker-repo 18 | 19 | - name: uninstall the Pacemaker repository package and others 20 | yum: 21 | state: absent 22 | name: 23 | - ldirectord 24 | - pm_ctl 25 | - pcs 26 | - fence-agents 27 | - pacemaker-repo 28 | 29 | 30 | - name: remove config files 31 | file: name="{{ item }}" state=absent 32 | with_items: 33 | - /etc/corosync/corosync.conf 34 | - /etc/corosync/authkey 35 | - /etc/sysconfig/pacemaker 36 | - /etc/pm_logconv.conf 37 | - /etc/logrotate.d/pacemaker 38 | - /etc/systemd/system/pacemaker.service 39 | - /etc/systemd/system/corosync.service 40 | - /etc/init/pacemaker.combined.conf 41 | 42 | - name: remove CIB config if requested 43 | file: path=/var/lib/pacemaker state=absent 44 | when: REMOVE_CIB | bool 45 | -------------------------------------------------------------------------------- /roles/pacemaker-uninstall/tasks/unconfig-rhel7.yml: -------------------------------------------------------------------------------- 1 | ### remove firewalld configuration 2 | - name: check if firewalld is enabled 3 | command: firewall-cmd --state 4 | changed_when: false 5 | failed_when: false 6 | register: firewalld_state 7 | 8 | - name: remove firewalld configuration for Pacemaker/Corosync (permanent) 9 | command: firewall-cmd --permanent --remove-service=high-availability 10 | register: result 11 | changed_when: '"NOT_ENABLED" not in result.stderr' 12 | when: firewalld_state.rc == 0 13 | 14 | - name: remove firewalld configuration for Pacemaker/Corosync (runtime) 15 | command: firewall-cmd --remove-service=high-availability 16 | register: result 17 | changed_when: '"NOT_ENABLED" not in result.stderr' 18 | when: firewalld_state.rc == 0 19 | -------------------------------------------------------------------------------- /roles/pacemaker-uninstall/tasks/yum-repo-erase-centos.yml: -------------------------------------------------------------------------------- 1 | - name: restore CentOS repository 2 | lineinfile: 3 | dest="/etc/yum.repos.d/CentOS-Base.repo" 4 | regexp='^exclude=pacemaker' 5 | state=absent -------------------------------------------------------------------------------- /roles/test-link-disconnect/tasks/firewalld.yml: -------------------------------------------------------------------------------- 1 | ## # firewall-cmd --direct --add-rule ipv4 filter OUTPUT 2 -p udp --dport={{ mcastport }} -j DROP 2 | ## # firewall-cmd --add-rich-rule='rule family="ipv4" port port="{{ mcastport }}" protocol="udp" drop' 3 | - name: disconnect Corosync communication (via firewalld) 4 | shell: | 5 | firewall-cmd --direct --add-rule ipv4 filter OUTPUT 2 -p udp --dport={{ INTERFACES[0].mcastport }} -j DROP 6 | firewall-cmd --add-rich-rule='rule family="ipv4" port port="{{ INTERFACES[0].mcastport }}" protocol="udp" drop' 7 | register: result 8 | changed_when: '"ALREADY_ENABLED" not in result.stderr' 9 | 10 | # assumes same mcastport are used for all interfaces 11 | # we should do something like this to get the ports list: 12 | # 13 | # map() is available Python 2.7 or later - we still try to support RHEL6 yet... 14 | #- debug: 15 | # msg: "{{ INTERFACES|map(attribute='mcastport')|unique }}" 16 | 17 | -------------------------------------------------------------------------------- /roles/test-link-disconnect/tasks/iptables.yml: -------------------------------------------------------------------------------- 1 | - name: obtain NIC names 2 | shell: >- 3 | ip -o route get {{ item.bindnetaddr }} | sed -e "s/^.*\sdev\s\(\S*\)\s.*$/\1/" 4 | register: ip_result 5 | changed_when: false 6 | with_items: "{{ INTERFACES }}" 7 | 8 | # equivalent to {{ ip_result.results|map('stdout')|list }} 9 | # map() is available in Python 2.7 or later, but we still try to support RHEL6 yet. 10 | - name: map NIC names list 11 | set_fact: 12 | nics: "{{ nics|default([]) + [ item.stdout ] }}" 13 | changed_when: false 14 | with_items: "{{ ip_result.results }}" 15 | loop_control: 16 | label: "{{ item.stdout }}" # to suppress too verbose logs 17 | 18 | #- debug: 19 | # var: nics 20 | 21 | ## # iptables -I INPUT -i {{ NIC }} -j DROP ; iptables -I OUTPUT -o {{ NIC }} -j DROP 22 | - name: disconnect Corosync communication (via iptables) 23 | shell: >- 24 | iptables -I INPUT -i {{ item }} -j DROP ; iptables -I OUTPUT -o {{ item }} -j DROP 25 | register: result 26 | with_items: "{{ nics }}" 27 | 28 | #- debug: 29 | # var: result 30 | -------------------------------------------------------------------------------- /roles/test-link-disconnect/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - include: iptables.yml 2 | tags: iptables, untagged 3 | 4 | - include: firewalld.yml 5 | tags: firewalld, never 6 | -------------------------------------------------------------------------------- /roles/test-link-reconnect/tasks/firewalld.yml: -------------------------------------------------------------------------------- 1 | ## # firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 2 -p udp --dport={{ mcastport }} -j DROP 2 | ## # firewall-cmd --remove-rich-rule='rule family="ipv4" port port="{{ mcastport }}" protocol="udp" drop' 3 | - name: reconnect Corosync communication (via firewalld) 4 | shell: | 5 | firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 2 -p udp --dport={{ INTERFACES[0].mcastport }} -j DROP 6 | firewall-cmd --remove-rich-rule='rule family="ipv4" port port="{{ INTERFACES[0].mcastport }}" protocol="udp" drop' 7 | register: result 8 | changed_when: '"NOT_ENABLED" not in result.stderr' 9 | 10 | -------------------------------------------------------------------------------- /roles/test-link-reconnect/tasks/iptables.yml: -------------------------------------------------------------------------------- 1 | - name: obtain NIC names 2 | shell: >- 3 | ip -o route get {{ item.bindnetaddr }} | sed -e "s/^.*\sdev\s\(\S*\)\s.*$/\1/" 4 | register: ip_result 5 | changed_when: false 6 | with_items: "{{ INTERFACES }}" 7 | 8 | # equivalent to {{ ip_result.results|map('stdout')|list }} 9 | # map() is available in Python 2.7 or later, but we still try to support RHEL6 yet. 10 | - name: map NIC names list 11 | set_fact: 12 | nics: "{{ nics|default([]) + [ item.stdout ] }}" 13 | changed_when: false 14 | with_items: "{{ ip_result.results }}" 15 | loop_control: 16 | label: "{{ item.stdout }}" # to suppress too verbose logs 17 | 18 | #- debug: 19 | # var: nics 20 | 21 | ## # iptables -D INPUT -i {{ NIC }} -j DROP ; iptables -D OUTPUT -o {{ NIC }} -j DROP 22 | - name: reconnect Corosync communication (via iptables) 23 | shell: >- 24 | iptables -D INPUT -i {{ item }} -j DROP ; iptables -D OUTPUT -o {{ item }} -j DROP 25 | register: result 26 | changed_when: result.rc == 0 27 | failed_when: result.rc != 0 and "Bad rule" not in result.stderr 28 | with_items: "{{ nics }}" 29 | 30 | #- debug: 31 | # var: result 32 | -------------------------------------------------------------------------------- /roles/test-link-reconnect/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - include: iptables.yml 2 | tags: iptables, untagged 3 | 4 | - include: firewalld.yml 5 | tags: firewalld, never 6 | --------------------------------------------------------------------------------