starlingx/stx-puppet
Code Issues Proposed changes

DRBD: Add hmac/secret param support

Browse Source 
DRBD has its own authentication mechanism between drbd nodes.
To enable DRBD peer authentication, we need to specify the
following two parameters.
- cram-hmac    : The HMAC algorithm to enable peer authentication
- shared-secret: The shared secret used in peer authentication
in drdb resource configuration to enable DRBD peer authentication.

This change adds the following 3 new parameters;
- hmac  : Represents cram-hmac
- secret: Represents shared-secret
- secure: Enable peer authentication (if this is false,
          cram-hmac is "sha1" and no shared-secret will be
          present in drbd resource configuration files)

Test Plan:
PASS: Confirm hmac and secret has proper values in drbd resource
      config when hmac and secret parameters are configured
PASS: Confirm drdb resource config has hmac default value and
      no secret when hmac and secret parameters are not configured.
PASS: SX fresh install finishes successfully. Confirm drdb resource
      config has proper hmac and secret values.
PASS: SX upgrade finishes successfully. Confirm drdb resource
      config does not have new hmac value nor secret.
PASS: DX fresh install finishes successfully. Confirm drdb resource
      config has proper hmac and secret values.
PASS: DX upgrade finishes successfully. Confirm drdb resource
      config does not have new hmac value nor secret.

Story: 2011139
Task: 50253

Depends-On: https://review.opendev.org/c/starlingx/config/+/921018

Signed-off-by: Luiz Felipe Kina <LuizFelipe.EiskeKIna@windriver.com>
Change-Id: Ib8c94c9d285cfe7ea6b550cb934554601ab30cff
This commit is contained in:
Takamasa Takenaka 2023-12-13 15:47:34 -03:00 committed by Luiz Felipe Kina
parent 8b42bee913
commit 7c66b96637
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
puppet-manifests/src/modules/platform/manifests/drbd.pp
View File

@ -8,6 +8,9 @@ class platform::drbd::params (
$initial_setup = false,
$fs_type = 'ext4',
$cpumask = false,
$hmac = undef,
$secret = undef,
$secure = false,
) {
include ::platform::params
$host1 = $::platform::params::controller_0_hostname
@ -65,7 +68,10 @@ define platform::drbd::filesystem (
} else {
$ip2 = $ip2_override
}
if $::platform::drbd::params::secure == true {
$drbd_hmac = $::platform::drbd::params::hmac
$drbd_secret = $::platform::drbd::params::secret
}
if ($ensure == 'absent') {
exec { "umount drbd device ${device}":
command => "umount ${device}",
@ -137,6 +143,8 @@ define platform::drbd::filesystem (
rtt_ms => $::platform::drbd::params::rtt_ms,
cpumask => $::platform::drbd::params::cpumask,
resync_after => $resync_after,
hmac => $drbd_hmac,
secret => $drbd_secret,
}
}
}