Configure fencing devices

Adds a class to configure fence devices and a helper function which
helps to select the devices for configuration on appropriate nodes.

Depends on patches outside OpenStack's Gerrit:
https://github.com/redhat-openstack/puppet-pacemaker/pull/50
https://github.com/redhat-openstack/puppet-pacemaker/pull/52

Change-Id: I819fc8c126ec47cd207c59b3dcf92ff699649c5a

diff --git a/lib/puppet/parser/functions/local_fence_devices.rb b/lib/puppet/parser/functions/local_fence_devices.rb
new file mode 100644 (file)
index 0000000..1ebce67
--- /dev/null
+++ b/lib/puppet/parser/functions/local_fence_devices.rb
@@ -0,0 +1,34 @@
+module Puppet::Parser::Functions
+  newfunction(:local_fence_devices, :arity =>2, :type => :rvalue,
+              :doc => ("Given an array of fence device configs, limit them" +
+                       "to fence devices whose MAC address is present on" +
+                       "some of the local NICs, and prepare a hash which can be" +
+                       "passed to create_resources function")) do |args|
+    agent = args[0]
+    devices = args[1]
+    unless agent.is_a?(String) && agent.length > 0
+      raise Puppet::ParseError, "local_fence_devices: Argument 'agent' must be a non-empty string. The value given was: #{agent_type}"
+    end
+    unless devices.is_a?(Array)
+      raise Puppet::ParseError, "local_fence_devices: Argument 'devices' must be an array. The value given was: #{devices}"
+    end
+
+    # filter by agent type
+    agent_type_devices = devices.select { |device| device['agent'] == agent }
+
+    # filter by local mac address
+    local_devices = agent_type_devices.select do |device|
+      function_has_interface_with(['macaddress', device['host_mac']])
+    end
+
+    # construct a hash for create_resources
+    return local_devices.each_with_object({}) do |device, hash|
+      # disallow collisions
+      if hash[device['host_mac']]
+         raise Puppet::ParseError, "local_fence_devices: Only single fence device per agent per host is allowed. Collision on #{device['host_mac']} for #{agent}"
+      end
+
+      hash[device['host_mac']] = device['params'] || {}
+    end
+  end
+end

diff --git a/manifests/fencing.pp b/manifests/fencing.pp
new file mode 100644 (file)
index 0000000..55280a9
--- /dev/null
+++ b/manifests/fencing.pp
@@ -0,0 +1,62 @@
+# == Class: tripleo::fencing
+#
+# Configure Pacemaker fencing devices for TripleO.
+#
+# === Parameters:
+#
+# [*config*]
+#  JSON config of fencing devices, using the following structure:
+#    {
+#      "devices": [
+#        {
+#          "agent": "AGENT_NAME",
+#          "host_mac": "HOST_MAC_ADDRESS",
+#          "params": {"PARAM_NAME": "PARAM_VALUE"}
+#        }
+#      ]
+#    }
+#  For instance:
+#    {
+#      "devices": [
+#        {
+#          "agent": "fence_xvm",
+#          "host_mac": "52:54:00:aa:bb:cc",
+#          "params": {
+#            "multicast_address": "225.0.0.12",
+#            "port": "baremetal_0",
+#            "manage_fw": true,
+#            "manage_key_file": true,
+#            "key_file": "/etc/fence_xvm.key",
+#            "key_file_password": "abcdef"
+#          }
+#        }
+#      ]
+#    }
+#  Defaults to {}
+#
+# [*tries*]
+#  Number of attempts when creating fence devices and constraints.
+#  Defaults to 10
+#
+# [*try_sleep*]
+#  Delay (in seconds) between attempts when creating fence devices
+#  and constraints.
+#  Defaults to 3
+class tripleo::fencing(
+  $config = {},
+  $tries = 10,
+  $try_sleep = 3,
+) {
+  $common_params = {
+    'tries' => $tries,
+    'try_sleep' => $try_sleep,
+  }
+
+  $all_devices = $config['devices']
+
+  $xvm_devices = local_fence_devices('fence_xvm', $all_devices)
+  create_resources('pacemaker::stonith::fence_xvm', $xvm_devices, $common_params)
+
+  $ipmilan_devices = local_fence_devices('fence_ipmilan', $all_devices)
+  create_resources('pacemaker::stonith::fence_ipmilan', $ipmilan_devices, $common_params)
+}