[ClusterLabs Developers] [crmsh] configuration management modules api crmsh#90

Adam Spiers aspiers at suse.com
Wed May 4 04:59:26 EDT 2016

Enno Gröper <groepeen at cms.hu-berlin.de> wrote:
> Hi,
> I'm currently deploying some clusters using Ansible configuration
> management tool.
> Unfortunately I didn't find anything "nice" to configure a pacemaker
> cluster using Ansible.
> There are some hacks involving, to my knowledge, a reload of the
> whole cib on every change, but this would mean to restart all
> resources, even if I'm changing only a small part of the pacemaker
> config (if I understand that correctly).
> And there exists a rudimentary python module ansible-pacemaker [1]
> (and some improvements to it spread in forks), which works fine for
> simple cases, but doesn't support some basic features (like usual
> location rules).
> It uses crm commands to query the cluster and make changes to
> individual resources and uses its own parsers to read the config and
> to compare new and old directives / detect changes (see below).
> In my opinion such a module (doesn't matter whether it's for
> Ansible, Chef, puppet or whatever) needs to achieve the following:
> * detect if a defined setting/resource is already there and
> configured identically (no change necessary)
> * on changes: change cluster config with minimal impact to
> other/unrelated resources
> To achieve the first goal I thought about simply using the parser of
> crmsh instead of writing separate ones. The questions then is how to
> detect changes. It seems like crmsh.xmlutil.xml_equals would be a
> good fit, since the crmsh parser returns xml.
> The open question is how to make the changes.
> We could simply run "crm configure" or "crm configure delete", but
> that way we have unwanted side effects.
> In my example I have two ips in a resource group and a location rule
> for that group, that prefers a specific node.
> Due to a bug in ansible-pacemaker both ips get changed everytime
> (don't know why yet). Because changes are made in a delete & insert
> cycle this results in the resource group getting removed everytime,
> till the group resource itself gets updated (reinserted) through
> ansible-pacemaker.
> Because of that the location constraint gets removed (by crm) and
> reinserted (by the ansible-module) on every run of the ansible
> playbook.
> Do you have an idea how to improve that? Is there some api
> configuration management modules could use?
> I thought about using CibFactory and _replace_cib or _patch_cib
> directly or looking at how "crm configure edit" applies the changes
> done in the editor.
> How to apply the changes with minimal impact?
> [1] https://github.com/yosshy/ansible-pacemaker

I solved this exact problem for Chef back in 2013.  If you are OK with
using Ruby to develop an Ansible module then you could certainly reuse
my code, which is actively maintained by SUSE.  Currently it all lives
within a Chef cookbook:


but I really should split out the core code (found under the
libraries/ subdirectory) into a 'pacemaker' gem.  Please review this
presentation for more details:


and if you think you could reuse the code, let me know and I'll try to
split off the gem sooner rather than later.

More information about the Developers mailing list