From c20f87e83adf3cfe05b823832684d8292869607d Mon Sep 17 00:00:00 2001 From: Alexandre Le Gall Date: Tue, 10 Oct 2023 15:22:58 +0200 Subject: [PATCH] [EVO] Nettoyer le playbook --- defaults/main.yml | 7 ++++++- tasks/main.yml | 41 +++++++++++++++++++++------------------- templates/keepalived.j2 | 4 ++-- templates/notify.bash.j2 | 38 +++++++++++++++++++++++++++++++++++++ templates/sudoers.j2 | 5 +++++ 5 files changed, 73 insertions(+), 22 deletions(-) create mode 100644 templates/notify.bash.j2 create mode 100644 templates/sudoers.j2 diff --git a/defaults/main.yml b/defaults/main.yml index b1aea24..e2605c2 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -13,7 +13,12 @@ keepalived_ipv6: "" keepalived_peers: [] -keepalived_notify_script_enabled: false +keepalived_notify_enable: false +keepalived_notify_pre: {} +keepalived_notify_is_master: {} +keepalived_notify_is_backup: {} +keepalived_notify_is_fault: {} +keepalived_notify_by_default: {} keepalived_track_scripts: [] # Exemple: diff --git a/tasks/main.yml b/tasks/main.yml index ecd3baa..35ee70a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -8,32 +8,35 @@ - name: Déployer la configuration ansible.builtin.template: + src: keepalived.j2 + dest: /etc/keepalived/keepalived.conf owner: root group: root mode: u=rw,g=r,o=r - src: keepalived.j2 - dest: /etc/keepalived/keepalived.conf - become: true - notify: Redémarrer keepalived.service - -- name: Déployer les scripts - ansible.builtin.copy: - src: keepalived/notify.sh - dest: /etc/keepalived/ - owner: keepalived_script - group: keepalived_script - mode: u=rx,g=rx,o= - when: keepalived_notify_script_enabled become: true notify: Redémarrer keepalived.service - name: Déployer le fichier de configuration de sudoers - ansible.builtin.copy: - src: keepalived/sudoers - dest: /etc/sudoers.d/keepalived + ansible.builtin.template: + src: sudoers.j2 + dest: /etc/sudoers.d/keepalived_script owner: root - group: root - mode: u=rw,g=r,o=r + group: keepalived_script + mode: u=rwx,g=rx,o= validate: /usr/sbin/visudo -cf %s - when: "'keepalived/sudoers' is file" + when: + - keepalived_notify_enable + - keepalived_sudoers_cmd | length > 0 become: true + notify: Redémarrer keepalived.service + +- name: Déployer les scripts + ansible.builtin.template: + src: notify.bash.j2 + dest: /etc/keepalived/notify.bash + owner: root + group: keepalived_script + mode: u=rwx,g=rx,o= + when: keepalived_notify_enable + become: true + notify: Redémarrer keepalived.service diff --git a/templates/keepalived.j2 b/templates/keepalived.j2 index 3aab2be..6eb67ad 100644 --- a/templates/keepalived.j2 +++ b/templates/keepalived.j2 @@ -64,8 +64,8 @@ vrrp_instance VIP_{{ keepalived_uid }} { } {% endif %} -{% if keepalived_notify_script_enabled %} - notify /etc/keepalived/notify.sh +{% if keepalived_notify_enable %} + notify /etc/keepalived/notify.bash {% endif %} {% if keepalived_track_scripts | length > 0 %} diff --git a/templates/notify.bash.j2 b/templates/notify.bash.j2 new file mode 100644 index 0000000..1498782 --- /dev/null +++ b/templates/notify.bash.j2 @@ -0,0 +1,38 @@ +#!/bin/bash +# {{ ansible_managed }} + +TYPE=$1 +NAME=$2 +STATE=$3 + +{% if keepalived_notify_pre | length > 0 %} +{{ keepalived_notify_pre }} +{% endif %} + +# Use keepalived state +case $STATE in +{% if keepalived_notify_is_master | length > 0 %} + "MASTER") + {{ keepalived_notify_is_master | indent(4) }} + exit 0 + ;; +{% endif %} +{% if keepalived_notify_is_backup | length > 0 %} + "BACKUP") + {{ keepalived_notify_is_backup | indent(4) }} + exit 0 + ;; +{% endif %} +{% if keepalived_notify_is_fault | length > 0 %} + "FAULT") + {{ keepalived_notify_is_fault | indent(4) }} + exit 0 + ;; +{% endif %} +{% if keepalived_notify_by_default | length > 0 %} + *) + {{ keepalived_notify_by_default | indent(4) }} + exit 1 + ;; +{% endif %} +esac diff --git a/templates/sudoers.j2 b/templates/sudoers.j2 new file mode 100644 index 0000000..1fdca4a --- /dev/null +++ b/templates/sudoers.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +{% for cmd in keepalived_sudoers_cmd %} +keepalived_script ALL=(ALL) NOPASSWD:{{ cmd }} +{% endfor %}