|
 |
f778fe |
From 0049f2b67b084006244f73a9a94979ba524a3bdd Mon Sep 17 00:00:00 2001
|
|
|
f778fe |
From: Ondrej Mular <omular@redhat.com>
|
|
|
f778fe |
Date: Mon, 5 Jun 2017 10:14:16 +0200
|
|
|
f778fe |
Subject: [PATCH] squash bz1165821 pcs CLI/GUI should be capable of
|
|
|
f778fe |
|
|
|
f778fe |
ab3b909 change flag for hardened cluster to --encryption
|
|
|
f778fe |
|
|
|
f778fe |
setup cluster wo corosync encryption by default
|
|
|
f778fe |
---
|
|
|
f778fe |
pcs/cli/common/parse_args.py | 2 +-
|
|
|
f778fe |
pcs/cluster.py | 12 +++++++-----
|
|
|
f778fe |
pcs/pcs.8 | 4 ++--
|
|
|
f778fe |
pcs/test/test_cluster.py | 24 ++++++++++++++++++++++++
|
|
|
f778fe |
pcs/usage.py | 6 +++---
|
|
|
f778fe |
pcs/utils.py | 2 +-
|
|
|
f778fe |
pcsd/pcsd.rb | 2 +-
|
|
|
f778fe |
pcsd/remote.rb | 4 ++--
|
|
|
f778fe |
pcsd/views/manage.erb | 11 +++++++----
|
|
|
f778fe |
9 files changed, 48 insertions(+), 19 deletions(-)
|
|
|
f778fe |
|
|
|
f778fe |
diff --git a/pcs/cli/common/parse_args.py b/pcs/cli/common/parse_args.py
|
|
|
f778fe |
index 5b87fbc..d72a6d4 100644
|
|
|
f778fe |
--- a/pcs/cli/common/parse_args.py
|
|
|
f778fe |
+++ b/pcs/cli/common/parse_args.py
|
|
|
f778fe |
@@ -32,7 +32,7 @@ PCS_LONG_OPTIONS = [
|
|
|
f778fe |
"miss_count_const=", "fail_recv_const=",
|
|
|
f778fe |
"corosync_conf=", "cluster_conf=",
|
|
|
f778fe |
"booth-conf=", "booth-key=",
|
|
|
f778fe |
- "remote", "watchdog=", "device=", "no-hardened",
|
|
|
f778fe |
+ "remote", "watchdog=", "device=", "encryption=",
|
|
|
f778fe |
#in pcs status - do not display resorce status on inactive node
|
|
|
f778fe |
"hide-inactive",
|
|
|
f778fe |
# pcs resource (un)manage - enable or disable monitor operations
|
|
|
f778fe |
diff --git a/pcs/cluster.py b/pcs/cluster.py
|
|
|
f778fe |
index 0a9289b..d896b0c 100644
|
|
|
f778fe |
--- a/pcs/cluster.py
|
|
|
f778fe |
+++ b/pcs/cluster.py
|
|
|
f778fe |
@@ -303,6 +303,8 @@ def cluster_certkey(argv):
|
|
|
f778fe |
|
|
|
f778fe |
def cluster_setup(argv):
|
|
|
f778fe |
modifiers = utils.get_modificators()
|
|
|
f778fe |
+ if modifiers["encryption"] not in ["0", "1"]:
|
|
|
f778fe |
+ utils.err("Invalid value for option --encryption")
|
|
|
f778fe |
if len(argv) < 2:
|
|
|
f778fe |
usage.cluster(["setup"])
|
|
|
f778fe |
sys.exit(1)
|
|
|
f778fe |
@@ -386,7 +388,7 @@ def cluster_setup(argv):
|
|
|
f778fe |
options["transport_options"],
|
|
|
f778fe |
options["totem_options"],
|
|
|
f778fe |
options["quorum_options"],
|
|
|
f778fe |
- modifiers["hardened"]
|
|
|
f778fe |
+ modifiers["encryption"] == "1"
|
|
|
f778fe |
)
|
|
|
f778fe |
process_library_reports(messages)
|
|
|
f778fe |
|
|
|
f778fe |
@@ -458,7 +460,7 @@ def cluster_setup(argv):
|
|
|
f778fe |
file_definitions.update(
|
|
|
f778fe |
node_communication_format.pcmk_authkey_file(generate_key())
|
|
|
f778fe |
)
|
|
|
f778fe |
- if modifiers["hardened"]:
|
|
|
f778fe |
+ if modifiers["encryption"] == "1":
|
|
|
f778fe |
file_definitions.update(
|
|
|
f778fe |
node_communication_format.corosync_authkey_file(
|
|
|
f778fe |
generate_binary_key(random_bytes_count=128)
|
|
|
f778fe |
@@ -743,7 +745,7 @@ def cluster_setup_parse_options_cman(options, force=False):
|
|
|
f778fe |
|
|
|
f778fe |
def cluster_setup_create_corosync_conf(
|
|
|
f778fe |
cluster_name, node_list, transport_options, totem_options, quorum_options,
|
|
|
f778fe |
- is_hardened
|
|
|
f778fe |
+ encrypted
|
|
|
f778fe |
):
|
|
|
f778fe |
messages = []
|
|
|
f778fe |
|
|
|
f778fe |
@@ -758,9 +760,9 @@ def cluster_setup_create_corosync_conf(
|
|
|
f778fe |
corosync_conf.add_section(logging_section)
|
|
|
f778fe |
|
|
|
f778fe |
totem_section.add_attribute("version", "2")
|
|
|
f778fe |
- totem_section.add_attribute("cluster_name", cluster_name)
|
|
|
f778fe |
- if not is_hardened:
|
|
|
f778fe |
+ if not encrypted:
|
|
|
f778fe |
totem_section.add_attribute("secauth", "off")
|
|
|
f778fe |
+ totem_section.add_attribute("cluster_name", cluster_name)
|
|
|
f778fe |
|
|
|
f778fe |
transport_options_names = (
|
|
|
f778fe |
"transport",
|
|
|
f778fe |
diff --git a/pcs/pcs.8 b/pcs/pcs.8
|
|
|
f778fe |
index aee8b3a..446e7b3 100644
|
|
|
f778fe |
--- a/pcs/pcs.8
|
|
|
f778fe |
+++ b/pcs/pcs.8
|
|
|
f778fe |
@@ -205,7 +205,7 @@ Add specified utilization options to specified resource. If resource is not spec
|
|
|
f778fe |
auth [node] [...] [\fB\-u\fR username] [\fB\-p\fR password] [\fB\-\-force\fR] [\fB\-\-local\fR]
|
|
|
f778fe |
Authenticate pcs to pcsd on nodes specified, or on all nodes configured in the local cluster if no nodes are specified (authorization tokens are stored in ~/.pcs/tokens or /var/lib/pcsd/tokens for root). By default all nodes are also authenticated to each other, using \fB\-\-local\fR only authenticates the local node (and does not authenticate the remote nodes with each other). Using \fB\-\-force\fR forces re\-authentication to occur.
|
|
|
f778fe |
.TP
|
|
|
f778fe |
-setup [\fB\-\-start\fR [\fB\-\-wait\fR[=<n>]]] [\fB\-\-local\fR] [\fB\-\-enable\fR] \fB\-\-name\fR <cluster name> <node1[,node1\-altaddr]> [<node2[,node2\-altaddr]>] [...] [\fB\-\-transport\fR udpu|udp] [\fB\-\-rrpmode\fR active|passive] [\fB\-\-addr0\fR <addr/net> [[[\fB\-\-mcast0\fR <address>] [\fB\-\-mcastport0\fR <port>] [\fB\-\-ttl0\fR <ttl>]] | [\fB\-\-broadcast0\fR]] [\fB\-\-addr1\fR <addr/net> [[[\fB\-\-mcast1\fR <address>] [\fB\-\-mcastport1\fR <port>] [\fB\-\-ttl1\fR <ttl>]] | [\fB\-\-broadcast1\fR]]]] [\fB\-\-wait_for_all\fR=<0|1>] [\fB\-\-auto_tie_breaker\fR=<0|1>] [\fB\-\-last_man_standing\fR=<0|1> [\fB\-\-last_man_standing_window\fR=<time in ms>]] [\fB\-\-ipv6\fR] [\fB\-\-token\fR <timeout>] [\fB\-\-token_coefficient\fR <timeout>] [\fB\-\-join\fR <timeout>] [\fB\-\-consensus\fR <timeout>] [\fB\-\-miss_count_const\fR <count>] [\fB\-\-fail_recv_const\fR <failures>] [\fB\-\-no\-hardened\fR]
|
|
|
f778fe |
+setup [\fB\-\-start\fR [\fB\-\-wait\fR[=<n>]]] [\fB\-\-local\fR] [\fB\-\-enable\fR] \fB\-\-name\fR <cluster name> <node1[,node1\-altaddr]> [<node2[,node2\-altaddr]>] [...] [\fB\-\-transport\fR udpu|udp] [\fB\-\-rrpmode\fR active|passive] [\fB\-\-addr0\fR <addr/net> [[[\fB\-\-mcast0\fR <address>] [\fB\-\-mcastport0\fR <port>] [\fB\-\-ttl0\fR <ttl>]] | [\fB\-\-broadcast0\fR]] [\fB\-\-addr1\fR <addr/net> [[[\fB\-\-mcast1\fR <address>] [\fB\-\-mcastport1\fR <port>] [\fB\-\-ttl1\fR <ttl>]] | [\fB\-\-broadcast1\fR]]]] [\fB\-\-wait_for_all\fR=<0|1>] [\fB\-\-auto_tie_breaker\fR=<0|1>] [\fB\-\-last_man_standing\fR=<0|1> [\fB\-\-last_man_standing_window\fR=<time in ms>]] [\fB\-\-ipv6\fR] [\fB\-\-token\fR <timeout>] [\fB\-\-token_coefficient\fR <timeout>] [\fB\-\-join\fR <timeout>] [\fB\-\-consensus\fR <timeout>] [\fB\-\-miss_count_const\fR <count>] [\fB\-\-fail_recv_const\fR <failures>] [\fB\-\-encryption\fR 0|1]
|
|
|
f778fe |
Configure corosync and sync configuration out to listed nodes. \fB\-\-local\fR will only perform changes on the local node, \fB\-\-start\fR will also start the cluster on the specified nodes, \fB\-\-wait\fR will wait up to 'n' seconds for the nodes to start, \fB\-\-enable\fR will enable corosync and pacemaker on node startup, \fB\-\-transport\fR allows specification of corosync transport (default: udpu; udp for CMAN clusters), \fB\-\-rrpmode\fR allows you to set the RRP mode of the system. Currently only 'passive' is supported or tested (using 'active' is not recommended). The \fB\-\-wait_for_all\fR, \fB\-\-auto_tie_breaker\fR, \fB\-\-last_man_standing\fR, \fB\-\-last_man_standing_window\fR options are all documented in corosync's votequorum(5) man page. These options are not supported on CMAN clusters.
|
|
|
f778fe |
|
|
|
f778fe |
\fB\-\-ipv6\fR will configure corosync to use ipv6 (instead of ipv4). This option is not supported on CMAN clusters.
|
|
|
f778fe |
@@ -222,7 +222,7 @@ Configure corosync and sync configuration out to listed nodes. \fB\-\-local\fR w
|
|
|
f778fe |
|
|
|
f778fe |
\fB\-\-fail_recv_const\fR <failures> specifies how many rotations of the token without receiving any messages when messages should be received may occur before a new configuration is formed (default 2500 failures)
|
|
|
f778fe |
|
|
|
f778fe |
-If \fB\-\-no\-hardened\fR is specified, the cluster will be set up in way that all corosync communication will be encrypted.
|
|
|
f778fe |
+\fB\-\-encryption\fR 0|1 disables (0) or enables (1) corosync communication encryption (default 0)
|
|
|
f778fe |
|
|
|
f778fe |
|
|
|
f778fe |
Configuring Redundant Ring Protocol (RRP)
|
|
|
f778fe |
diff --git a/pcs/test/test_cluster.py b/pcs/test/test_cluster.py
|
|
|
f778fe |
index 2b7fd5a..5c7a4a1 100644
|
|
|
f778fe |
--- a/pcs/test/test_cluster.py
|
|
|
f778fe |
+++ b/pcs/test/test_cluster.py
|
|
|
f778fe |
@@ -232,6 +232,7 @@ Warning: Unable to resolve hostname: nonexistant-address.invalid
|
|
|
f778fe |
corosync_conf = """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -290,6 +291,7 @@ Error: {0} already exists, use --force to overwrite
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -436,6 +438,7 @@ Error: {0} already exists, use --force to overwrite
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -476,6 +479,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -520,6 +524,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -560,6 +565,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -605,6 +611,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -646,6 +653,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -687,6 +695,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -727,6 +736,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -772,6 +782,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -817,6 +828,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -866,6 +878,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udp
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -1266,6 +1279,7 @@ Warning: Using udpu transport on a CMAN cluster, cluster restart is required aft
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
ip_version: ipv6
|
|
|
f778fe |
@@ -1373,6 +1387,7 @@ Warning: --ipv6 ignored as it is not supported on CMAN clusters
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udp
|
|
|
f778fe |
rrp_mode: passive
|
|
|
f778fe |
@@ -1431,6 +1446,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udp
|
|
|
f778fe |
rrp_mode: passive
|
|
|
f778fe |
@@ -1489,6 +1505,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udp
|
|
|
f778fe |
rrp_mode: passive
|
|
|
f778fe |
@@ -1547,6 +1564,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udp
|
|
|
f778fe |
rrp_mode: passive
|
|
|
f778fe |
@@ -1614,6 +1632,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udp
|
|
|
f778fe |
rrp_mode: active
|
|
|
f778fe |
@@ -1679,6 +1698,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udp
|
|
|
f778fe |
rrp_mode: active
|
|
|
f778fe |
@@ -1754,6 +1774,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
rrp_mode: passive
|
|
|
f778fe |
@@ -1842,6 +1863,7 @@ logging {
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: test99
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
}
|
|
|
f778fe |
@@ -2426,6 +2448,7 @@ Warning: --last_man_standing_window ignored as it is not supported on CMAN clust
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: test99
|
|
|
f778fe |
transport: udpu
|
|
|
f778fe |
token: 20000
|
|
|
f778fe |
@@ -2669,6 +2692,7 @@ Warning: --token_coefficient ignored as it is not supported on CMAN clusters
|
|
|
f778fe |
ac(data, """\
|
|
|
f778fe |
totem {
|
|
|
f778fe |
version: 2
|
|
|
f778fe |
+ secauth: off
|
|
|
f778fe |
cluster_name: cname
|
|
|
f778fe |
transport: unknown
|
|
|
f778fe |
}
|
|
|
f778fe |
diff --git a/pcs/usage.py b/pcs/usage.py
|
|
|
f778fe |
index c1ab00f..d2262a6 100644
|
|
|
f778fe |
--- a/pcs/usage.py
|
|
|
f778fe |
+++ b/pcs/usage.py
|
|
|
f778fe |
@@ -576,7 +576,7 @@ Commands:
|
|
|
f778fe |
[--ipv6] [--token <timeout>] [--token_coefficient <timeout>]
|
|
|
f778fe |
[--join <timeout>] [--consensus <timeout>]
|
|
|
f778fe |
[--miss_count_const <count>] [--fail_recv_const <failures>]
|
|
|
f778fe |
- [--no-hardened]
|
|
|
f778fe |
+ [--encryption 0|1]
|
|
|
f778fe |
Configure corosync and sync configuration out to listed nodes.
|
|
|
f778fe |
--local will only perform changes on the local node,
|
|
|
f778fe |
--start will also start the cluster on the specified nodes,
|
|
|
f778fe |
@@ -612,8 +612,8 @@ Commands:
|
|
|
f778fe |
without receiving any messages when messages should be received
|
|
|
f778fe |
may occur before a new configuration is formed
|
|
|
f778fe |
(default 2500 failures)
|
|
|
f778fe |
- If --no-hardened is specified, the cluster will be set up in way that all
|
|
|
f778fe |
- corosync communication will be encrypted.
|
|
|
f778fe |
+ --encryption 0|1 disables (0) or enables (1) corosync communication
|
|
|
f778fe |
+ encryption (default 0)
|
|
|
f778fe |
|
|
|
f778fe |
Configuring Redundant Ring Protocol (RRP)
|
|
|
f778fe |
|
|
|
f778fe |
diff --git a/pcs/utils.py b/pcs/utils.py
|
|
|
f778fe |
index eec832f..d6aabf4 100644
|
|
|
f778fe |
--- a/pcs/utils.py
|
|
|
f778fe |
+++ b/pcs/utils.py
|
|
|
f778fe |
@@ -2879,10 +2879,10 @@ def get_modificators():
|
|
|
f778fe |
"device": pcs_options.get("--device", []),
|
|
|
f778fe |
"disabled": "--disabled" in pcs_options,
|
|
|
f778fe |
"enable": "--enable" in pcs_options,
|
|
|
f778fe |
+ "encryption": pcs_options.get("--encryption", "0"),
|
|
|
f778fe |
"force": "--force" in pcs_options,
|
|
|
f778fe |
"full": "--full" in pcs_options,
|
|
|
f778fe |
"group": pcs_options.get("--group", None),
|
|
|
f778fe |
- "hardened": "--no-hardened" not in pcs_options,
|
|
|
f778fe |
"monitor": "--monitor" in pcs_options,
|
|
|
f778fe |
"name": pcs_options.get("--name", None),
|
|
|
f778fe |
"no-default-ops": "--no-default-ops" in pcs_options,
|
|
|
f778fe |
diff --git a/pcsd/pcsd.rb b/pcsd/pcsd.rb
|
|
|
f778fe |
index 4d1964d..1026a36 100644
|
|
|
f778fe |
--- a/pcsd/pcsd.rb
|
|
|
f778fe |
+++ b/pcsd/pcsd.rb
|
|
|
f778fe |
@@ -569,7 +569,7 @@ already been added to pcsd. You may not add two clusters with the same name int
|
|
|
f778fe |
:clustername => @cluster_name,
|
|
|
f778fe |
:nodes => @nodes_rrp.join(';'),
|
|
|
f778fe |
:options => options.to_json,
|
|
|
f778fe |
- :no_hardened => params[:no_hardened],
|
|
|
f778fe |
+ :encryption => params[:encryption],
|
|
|
f778fe |
},
|
|
|
f778fe |
true,
|
|
|
f778fe |
nil,
|
|
|
f778fe |
diff --git a/pcsd/remote.rb b/pcsd/remote.rb
|
|
|
f778fe |
index e37abb7..af74790 100644
|
|
|
f778fe |
--- a/pcsd/remote.rb
|
|
|
f778fe |
+++ b/pcsd/remote.rb
|
|
|
f778fe |
@@ -964,8 +964,8 @@ def setup_cluster(params, request, auth_user)
|
|
|
f778fe |
end
|
|
|
f778fe |
nodes_options = nodes + options
|
|
|
f778fe |
nodes_options += options_udp if transport_udp
|
|
|
f778fe |
- if params[:no_hardened] == "1"
|
|
|
f778fe |
- nodes_options << "--no-hardened"
|
|
|
f778fe |
+ if ['0', '1'].include?(params[:encryption])
|
|
|
f778fe |
+ nodes_options << "--encryption=#{params[:encryption]}"
|
|
|
f778fe |
end
|
|
|
f778fe |
stdout, stderr, retval = run_cmd(
|
|
|
f778fe |
auth_user, PCS, "cluster", "setup", "--enable", "--start", "--async",
|
|
|
f778fe |
diff --git a/pcsd/views/manage.erb b/pcsd/views/manage.erb
|
|
|
f778fe |
index a055449..2b12aaa 100644
|
|
|
f778fe |
--- a/pcsd/views/manage.erb
|
|
|
f778fe |
+++ b/pcsd/views/manage.erb
|
|
|
f778fe |
@@ -222,7 +222,7 @@
|
|
|
f778fe |
|
|
|
f778fe |
<% transport_desc = "\
|
|
|
f778fe |
Enables either udpu (unicast) or udp (multicast) cluster communication (default: udpu)"%>
|
|
|
f778fe |
- <% hardened_desc = "\
|
|
|
f778fe |
+ <% encryption_desc = "\
|
|
|
f778fe |
Create cluster with encrypted corosync communication. This option may not work \
|
|
|
f778fe |
with pcs version lower than 0.9.159." %>
|
|
|
f778fe |
<% wait_for_all_desc = "\
|
|
|
f778fe |
@@ -348,10 +348,13 @@ Specify ring 1 address for each node if you want to use RRP." %>
|
|
|
f778fe |
</select>
|
|
|
f778fe |
|
|
|
f778fe |
|
|
|
f778fe |
- Hardened:
|
|
|
f778fe |
+ Encryption:
|
|
|
f778fe |
|
|
|
f778fe |
- <label><input type="radio" name="no_hardened" value="0" checked="checked">Yes</label>
|
|
|
f778fe |
- <label><input type="radio" name="no_hardened" value="1">No</label>
|
|
|
f778fe |
+ <select name="encryption">
|
|
|
f778fe |
+ <option selected="selected">(Default)</option>
|
|
|
f778fe |
+ <option value="1">On</option>
|
|
|
f778fe |
+ <option value="0">Off</option>
|
|
|
f778fe |
+ </select>
|
|
|
f778fe |
|
|
|
f778fe |
|
|
|
f778fe |
Wait for All:<input type=checkbox name="config-wait_for_all">
|
|
|
f778fe |
--
|
|
|
f778fe |
1.8.3.1
|
|
|
f778fe |
|