diff --git a/meta/main.yml b/meta/main.yml index a2647e9..a283291 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -15,7 +15,7 @@ galaxy_info: dependencies: - role: users vars: - users: + users_role_keepalived: - name: keepalived_script comment: "Dedicated user for keepalived script" update_password: on_create diff --git a/tasks/main.yml b/tasks/main.yml index 3dceada..ecd3baa 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -35,4 +35,5 @@ group: root mode: u=rw,g=r,o=r validate: /usr/sbin/visudo -cf %s + when: "'keepalived/sudoers' is file" become: true diff --git a/templates/keepalived.j2 b/templates/keepalived.j2 index a14f075..141cd82 100644 --- a/templates/keepalived.j2 +++ b/templates/keepalived.j2 @@ -13,6 +13,7 @@ global_defs { smtp_connect_timeout 30 {% endif %} + script_user keepalived_script enable_script_security max_auto_priority 50 } @@ -41,6 +42,7 @@ vrrp_instance VIP_{{ keepalived_uid }} { advert_int 1 {% if keepalived_peers | length > 0 %} + unicast_src_ip {{ ansible_facts[keepalived_interface]['ipv4']['address'] }} unicast_peer { {% for peer in keepalived_peers %} {% if peer != ansible_facts[keepalived_interface]['ipv4']['address'] %}