Fix corosync 3.x startup failure on SLE 16.0 (#464)

mpagot · web-flow · commit d5529aee4905 · 2026-04-23T09:08:49.000+02:00
Fix corosync by omitting invalid config options.
Corosync 3.x (shipped in SLE 16.0) rejects crypto_cipher, crypto_hash,
and secauth when transport is udpu, causing corosync to exit with code 8
and pacemaker to fail on its dependency.
These options are safe to omit because they were never functional with
udpu transport — corosync 2.x silently accepted them but only supported
encryption on multicast (UDP) transport. Cluster traffic was never
encrypted with udpu, so removing these options changes no runtime
behavior. Similarly, rrp_mode (removed in corosync 3.x) had no effect
with a single interface.
The version conditional preserves the existing config for corosync 2.x
(SLE 12 SP5, SLE 15 SP4/SP5) and only omits the options on 3.x+.
diff --git a/ansible/playbooks/templates/aws_corosync.conf.j2 b/ansible/playbooks/templates/aws_corosync.conf.j2
@@ -3,10 +3,14 @@ totem {
         token: 30000
         consensus: 36000
         token_retransmits_before_loss_const: 6
+{% if ansible_facts.packages['corosync'][0].version is version('3.0.0', '<') %}
         crypto_cipher: {{ crypto_cipher }}
         crypto_hash: {{ crypto_hash }}
+{% endif %}
         clear_node_high_bit: yes
+{% if ansible_facts.packages['corosync'][0].version is version('3.0.0', '<') %}
         rrp_mode: passive
+{% endif %}
 
         interface {
                 ringnumber: 0
diff --git a/ansible/playbooks/templates/corosync.conf.j2 b/ansible/playbooks/templates/corosync.conf.j2
@@ -3,10 +3,14 @@ totem {
         token: 30000
         consensus: 36000
         token_retransmits_before_loss_const: 6
+{% if ansible_facts.packages['corosync'][0].version is version('3.0.0', '<') %}
         crypto_cipher: {{ crypto_cipher }}
         crypto_hash: {{ crypto_hash }}
+{% endif %}
         clear_node_high_bit: yes
+{% if ansible_facts.packages['corosync'][0].version is version('3.0.0', '<') %}
         rrp_mode: passive
+{% endif %}
 
         interface {
                 ringnumber: 0
diff --git a/ansible/playbooks/templates/gcp_corosync.conf.j2 b/ansible/playbooks/templates/gcp_corosync.conf.j2
@@ -1,8 +1,10 @@
 totem {
         version: 2
+{% if ansible_facts.packages['corosync'][0].version is version('3.0.0', '<') %}
         secauth: off
         crypto_hash: sha1
         crypto_cipher: aes256
+{% endif %}
         cluster_name: hacluster
         clear_node_high_bit: yes
         token: 20000
