Playbook #4
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml
Execution
Date 14 Dec 2025 10:21:40 +0000
Duration 00:43:55.98
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.13.5
Summary
13 Hosts
2438 Tasks
2413 Results
107 Plays
511 Files
0 Records
check:False tags:all

File: /etc/ansible/roles/pacemaker_corosync/tasks/pacemaker.yml

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
---

- name: Ensure all pre-requisites are installed
  package:
    name: gnupg2
    state: present

- name: Ensure config-manager is present for dnf
  package:
    name: dnf-plugins-core
    state: present
  when:
    - ansible_facts['os_family'] | lower == 'redhat'
    - ansible_facts['distribution_major_version'] is version('8', '>=')

- name: Enable HighAvailability repository
  command: "dnf config-manager --enable {{ _centos_ha_repo_name[ansible_facts['distribution_major_version']] }}"
  changed_when: false
  when:
    - ansible_facts['os_family'] | lower == 'redhat'

- name: Installs corosync
  package:
    name: "{{ item }}"
    state: present
  with_items:
    - corosync

- name: Installs pacemaker
  package:
    name: "{{ item }}"
    state: present
  with_items:
    - pacemaker
  when: "inventory_hostname in groups[pacemaker_corosync_group]"

- name: Installs pacemaker-remote
  package:
    name: "{{ item }}"
    state: present
  with_items:
    - pacemaker-remote
  when:
    - _pacemaker_remote_group_exists
    - "inventory_hostname in groups[pacemaker_remote_group]"

- name: Install EPEL repo for CentOS
  block:
    - name: Download EPEL gpg keys
      get_url:
        url: "{{ pacemaker_corosync_centos_epel_key }}"
        dest: /etc/pki/rpm-gpg
      register: _get_yum_keys
      until: _get_yum_keys is success
      retries: 5
      delay: 2

    - name: Install EPEL gpg keys
      rpm_key:
        key: "/etc/pki/rpm-gpg/{{ pacemaker_corosync_centos_epel_key.split('/')[-1] }}"
        state: present

    - name: Install the EPEL repository
      yum_repository:
        name: epel-haveged
        baseurl: "{{ pacemaker_corosync_centos_epel_mirror ~ '/' ~ ansible_facts['distribution_major_version'] ~ (ansible_facts['distribution_major_version'] is version('8', '>=')) | ternary('/Everything/', '/') ~ ansible_facts['architecture'] }}"
        description: "Extra Packages for Enterprise Linux {{ ansible_facts['distribution_major_version'] }} - $basearch"
        gpgcheck: yes
        enabled: yes
        state: present
        includepkgs: "haveged"
      register: install_epel_repo
      until: install_epel_repo is success
      retries: 5
      delay: 2
  when:
    - pacemaker_corosync_haveged_enabled | bool
    - ansible_facts['os_family'] | lower == 'redhat'

- name: Install haveged
  package:
    name: haveged
    state: present
  when: pacemaker_corosync_haveged_enabled | bool

- name: Generates corosync key
  command: corosync-keygen
  args:
    creates: /etc/corosync/authkey
  when: inventory_hostname == groups[pacemaker_corosync_group][0]
  notify: Restart corosync

- name: Generate tmpfile for authkey
  tempfile:
    state: file
  register: authkey_tempfile
  changed_when: False
  check_mode: no
  delegate_to: localhost
  when: inventory_hostname != groups[pacemaker_corosync_group][0]

- name: Fetch authkey for other nodes
  fetch:
    src: /etc/corosync/authkey
    dest: "{{ authkey_tempfile.path }}"
    flat: yes
  delegate_to: "{{ groups[pacemaker_corosync_group][0] }}"
  changed_when: False
  check_mode: no
  when: inventory_hostname != groups[pacemaker_corosync_group][0]

- name: Copy authkey to other nodes
  copy:
    src: "{{ authkey_tempfile.path }}"
    dest: /etc/corosync/authkey
    mode: "0400"
  when: inventory_hostname != groups[pacemaker_corosync_group][0]
  notify: Restart corosync

- name: Clean up tmpdir
  file:
    path: "{{ authkey_tempfile.path }}"
    state: "absent"
  changed_when: False
  check_mode: no
  delegate_to: localhost
  when: inventory_hostname != groups[pacemaker_corosync_group][0]

- name: Chowns authkeys
  file:
    path: /etc/corosync/authkey
    mode: "0400"
    owner: root
  notify: Restart corosync

- name: Creates corosync config
  template:
    src: corosync.conf.j2
    dest: /etc/corosync/corosync.conf
    mode: "0400"
    owner: root
  notify: Restart corosync

- name: Creates log directory
  file:
    path: /var/log/corosync
    state: directory
    mode: "0775"
  when: pacemaker_corosync_use_logfile | bool

- name: Adds logrotate config for corosync
  template:
    src: corosync_logrotate.conf.j2
    dest: /etc/logrotate.d/corosync
    mode: "0644"
    owner: root
  when: pacemaker_corosync_use_logfile | bool

- name: Creates services directory
  file:
    path: /etc/corosync/service.d/
    state: directory
    mode: "0755"

- name: Adds pacemaker service
  copy:
    src: pcmk
    dest: /etc/corosync/service.d/pcmk
    owner: root
    mode: "0400"
  notify: Restart corosync

- name: Adds ferm filtering
  template:
    src: "ferm.j2"
    dest: /etc/ferm/filter-input.d/60_corosync.conf
    mode: "0640"
  when: ferm_enabled | default(false)
  tags: ferm
  notify: Restart ferm