From 7c66b96637ebae0278cd3be6031ec6a23a339c03 Mon Sep 17 00:00:00 2001
From: Takamasa Takenaka <takamasa.takenaka@windriver.com>
Date: Wed, 13 Dec 2023 15:47:34 -0300
Subject: [PATCH] DRBD: Add hmac/secret param support

DRBD has its own authentication mechanism between drbd nodes.
To enable DRBD peer authentication, we need to specify the
following two parameters.
- cram-hmac    : The HMAC algorithm to enable peer authentication
- shared-secret: The shared secret used in peer authentication
in drdb resource configuration to enable DRBD peer authentication.

This change adds the following 3 new parameters;
- hmac  : Represents cram-hmac
- secret: Represents shared-secret
- secure: Enable peer authentication (if this is false,
          cram-hmac is "sha1" and no shared-secret will be
          present in drbd resource configuration files)

Test Plan:
PASS: Confirm hmac and secret has proper values in drbd resource
      config when hmac and secret parameters are configured
PASS: Confirm drdb resource config has hmac default value and
      no secret when hmac and secret parameters are not configured.
PASS: SX fresh install finishes successfully. Confirm drdb resource
      config has proper hmac and secret values.
PASS: SX upgrade finishes successfully. Confirm drdb resource
      config does not have new hmac value nor secret.
PASS: DX fresh install finishes successfully. Confirm drdb resource
      config has proper hmac and secret values.
PASS: DX upgrade finishes successfully. Confirm drdb resource
      config does not have new hmac value nor secret.

Story: 2011139
Task: 50253

Depends-On: https://review.opendev.org/c/starlingx/config/+/921018

Signed-off-by: Luiz Felipe Kina <LuizFelipe.EiskeKIna@windriver.com>
Change-Id: Ib8c94c9d285cfe7ea6b550cb934554601ab30cff
---
 .../src/modules/platform/manifests/drbd.pp             | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/puppet-manifests/src/modules/platform/manifests/drbd.pp b/puppet-manifests/src/modules/platform/manifests/drbd.pp
index c5669686a..3ad337294 100644
--- a/puppet-manifests/src/modules/platform/manifests/drbd.pp
+++ b/puppet-manifests/src/modules/platform/manifests/drbd.pp
@@ -8,6 +8,9 @@ class platform::drbd::params (
   $initial_setup = false,
   $fs_type       = 'ext4',
   $cpumask = false,
+  $hmac = undef,
+  $secret = undef,
+  $secure = false,
 ) {
   include ::platform::params
   $host1 = $::platform::params::controller_0_hostname
@@ -65,7 +68,10 @@ define platform::drbd::filesystem (
   } else {
     $ip2 = $ip2_override
   }
-
+  if $::platform::drbd::params::secure == true {
+    $drbd_hmac = $::platform::drbd::params::hmac
+    $drbd_secret = $::platform::drbd::params::secret
+  }
   if ($ensure == 'absent') {
     exec { "umount drbd device ${device}":
       command => "umount ${device}",
@@ -137,6 +143,8 @@ define platform::drbd::filesystem (
       rtt_ms        => $::platform::drbd::params::rtt_ms,
       cpumask       => $::platform::drbd::params::cpumask,
       resync_after  => $resync_after,
+      hmac          => $drbd_hmac,
+      secret        => $drbd_secret,
     }
   }
 }