GitHub puppet-corosync
Sets up and manages Corosync.

Repo Checks ( 15 of 22 successfull )
Metadata Valid
No translation
passed
Correct Puppet Version Range
Supported Puppet version range is %{PUPPET_SUPPORT_RANGE}
passed
With Puppet Version Range
Puppet version range is present in requirements in metadata.json
passed
With Operatingsystem Support
No translation
passed
Operatingsystems
No translation
passed
Supports Only Current Redhat
No translation
passed
Supports Latest Redhat
No translation
failed
Supports Only Current Centos
No translation
passed
Supports Latest Centos
No translation
failed
Supports Only Current Debian
No translation
failed
Supports Latest Debian
No translation
passed
Supports Only Current Ubuntu
No translation
passed
Supports Latest Ubuntu
No translation
failed
Supports Only Current Sles
No translation
passed
Supports Latest Sles
No translation
failed
In Modulesync Repo
Is listed as a module managed using modulesync_config
passed
Synced
Has a .msync.yml file
passed
Latest Modulesync
Has been synchronized with the latest tagged version of modulesync_config
failed
Has Modulesync
Is present in voxpupuli/modulesync_config/managed_modules.yml
passed
Released
Is in modulesync_config and in forge releases.
passed
Valid Sync File
If a (optional) sync file is present, it must not contain a `.travis.yml` entry.
failed
Reference Dot Md
The repository has a REFERENCE.md. It needs to be generated / puppet-strings documentation is missing.
passed

Open Pull Requests

bug with ubuntu 20.04 (corosync v3) and secauth is enabled (crypto_cipher and crypto_hash are valid only for Knet transport)
merge-conflicts
enhancement
needs-work
tests-fail

Fixed a bug, for ubuntu 20.04 (corosync v3), with the secauth parameter enabled, we get a configuration error: "parsing error in the configuration: cryptocipher and cryptohash are valid only for Knet transport"

Affected Puppet, Ruby, OS and module versions/distributions


puppetserver: 5.3.7
puppet agent: 5.5.17
Distribution: Ubuntu 20.04 (focal)
this module: 7.0.0

How to reproduce (e.g Puppet code you use)

puppet
class { 'corosync':
cluster_name => 'name',
unicast_addresses => ['192.168.1.2', '192.168.1.3', '192.168.1.3'],
set_votequorum => true,
quorum_members => ['192.168.1.2', '192.168.1.3', '192.168.1.3'],
enable_secauth => true,
authkey => "/etc/puppetlabs/puppet/ssl/certs/ca.pem"
}

I am getting this error when starting the service:

Nov 26 14:36:38 lb18-1 systemd[1]: Starting Corosync Cluster Engine...
Nov 26 14:36:38 lb18-1 corosync[47175]: [MAIN ] Corosync Cluster Engine 3.0.3 starting up
Nov 26 14:36:38 lb18-1 corosync[47175]: [MAIN ] Corosync built-in features: dbus monitoring watchdog augeas systemd xmlconf vqsim nozzle snmp pie relro bi>
Nov 26 14:36:38 lb18-1 corosync[47175]: [MAIN ] parse error in config: crypto_cipher & crypto_hash are only valid for the Knet transport.
Nov 26 14:36:38 lb18-1 corosync[47175]: [MAIN ] Corosync Cluster Engine exiting with status 8 at main.c:1386.
Nov 26 14:36:38 lb18-1 systemd[1]: corosync.service: Main process exited, code=exited, status=8/n/a
Nov 26 14:36:38 lb18-1 systemd[1]: corosync.service: Failed with result 'exit-code'.

Error: parse error in config: crypto_cipher & crypto_hash are only valid for the Knet transport.

In the third version of corosync, the parameters cryptohash and cryptocipher cannot be used with the transport parameter:
```
crypto_hash
This specifies which HMAC authentication should be used to authenticate all messages. Valid values are none (no authentication), md5, sha1,
sha256, sha384 and sha512. Encrypted transmission is only supported for the knet transport.

The default is none.

cryptocipher
This specifies which cipher should be used to encrypt all messages. Valid values are none (no encryption), aes256, aes192 and aes128. En‐
abling crypto
cipher, requires also enabling of crypto_hash. Encrypted transmission is only supported for the knet transport.

The default is none.

secauth
This implies cryptocipher=aes256 and cryptohash=sha256, unless those options are explicitly set. Encrypted transmission is only supported
for the knet transport.
```

I fixed this, for version 3 corosync is now using knet_transport (Ubuntu >=19.10 and Debian >=10)

Open PR in GitHub
modulesync 5.3.0
modulesync

modulesync 5.1.0

Open PR in GitHub
fix parameter description

Pull Request (PR) description

This comment corrects the description for the newly introduced parameter param configvalidatecmd which was introduced with #508

This Pull Request (PR) fixes the following issues

Fixes a incorrect descrption of the parameter

Open PR in GitHub
add single-quotes to hacluster_password to properly deal with special…
bug
needs-feedback

… characters

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

<!--
This PR adds quotes around the hacluster password so that special characters work in the password.
-->

This Pull Request (PR) fixes the following issues

<!--
this PR does not fix an open issue.
-->

Open PR in GitHub
Turnoffcrypto

It is not possible to use transport: udpu and "cryptohash: none" or "cryptocipher: none" as it is not available as a parameter. I added it. UDPU doesnt support encryption and you are forced to use cryptohash or cryptocipher in corosync.conf (Version 3.x)

Open PR in GitHub
issue #485: remove score parameter from cs_order
merge-conflicts
tests-fail

I didn't spot an open PR on this, but there is open issue #485

It seems that the release of pacemaker 2.0.3 (in RHEL8) removes the option of supplying the superfluous score parameter.

Here is the documentation for pacemaker 2.0 which makes no mention of a score property:
https://clusterlabs.org/pacemaker/doc/en-US/Pacemaker/2.0/html/Pacemaker_Explained/s-resource-ordering.html

Pull Request (PR) description

Removes the score parameter from cs_order type as it is no longer valid and causes errors.

This Pull Request (PR) fixes the following issues

Fixes #485

Open PR in GitHub
Add support for corosync v3 on RedHat/CentOS 8
merge-conflicts
needs-rebase
tests-fail
enhancement

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

Update the command used to check config file for corosync v3+

This Pull Request (PR) fixes the following issues

RedHat/CentOS 8 support

Open PR in GitHub
Converge quorum member auth
enhancement

Pull Request (PR) description

The current code for authenticating to quorum members runs the auth command on every puppet run. This both updates the credentials on disk, and generates a puppet change event, which are btoh undesirable.

The proposed change checks to ensure all quorum members have an auth token in the credentials file, and updates auth for all members if any one member is missing. This results in a convergent state.

There is a caveat, in that what gets stored in the credentials file is not the original password, but an auth token. There does not seem to be a pcs command to check the tokens are still valid. So this code is only checking for presenence of auth tokens, not correctness. If the authentication token is later invalided, puppet will not correct this. It would be necessary to manually run the pcs host auth or pcs cluster auth commands to fix it.

This Pull Request (PR) fixes the following issues

Fixes #500

Open PR in GitHub
Add EL8 support and claim compatibility
enhancement

Pull Request (PR) description

Rework of #484 against latest master branch.

The version of corosync uses a cli parameter instead of an environment variable to point at the config file to be tested. Without this change, the env var is ignored and the config_validate_cmd command always checks the real config file location before installing the candidate file. On a new build, this will fail because the real config file does not yet exist. When being updated, the real config file is checked, instead of the candidate file, so an invalid change might be falsely reported as acceptable and lead to an outage.

This change overrides the config validate command on el8 to use the correct syntax.

It also lists el8 as a compatible OS in the module metadata, since the module is currently being used with this patch in production.

This Pull Request (PR) fixes the following issues

Fixes #526
Obsoletes #484

Open PR in GitHub