You've already forked role_keepalived
							
							Compare commits
	
		
			1 Commits
		
	
	
		
			0d4cd47771
			...
			main
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 00e8f234e4 | 
							
								
								
									
										165
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										165
									
								
								README.md
									
									
									
									
									
								
							| @@ -1,3 +1,164 @@ | ||||
| # role_modele | ||||
| # role_keepalived | ||||
|  | ||||
| Modèle | ||||
| Rôle de déploiement de keepalived. | ||||
|  | ||||
| ## Dépendance | ||||
|  | ||||
| Le rôle *users* est requis afin que l'utilisateur dédié exécutant les scripts définis via `keepalived_track_scripts` soit créé. | ||||
|  | ||||
| ## Variables | ||||
|  | ||||
| ### keepalived_uid | ||||
|  | ||||
| Identifiant unique permettant d'identifer les membres. | ||||
|  | ||||
| *<span style="text-decoration: underline">Valeur par défaut:</span> aucune* | ||||
|  | ||||
| ### keepalived_priority | ||||
|  | ||||
| Priorité de la machine pour prendre l'IP de failover.<br> | ||||
| Ce chiffre doit être différent sur chaque machine portant le même identifiant unique. | ||||
|  | ||||
| *<span style="text-decoration: underline">Valeur par défaut:</span> aucune* | ||||
|  | ||||
| ### keepalived_interface | ||||
|  | ||||
| Interface sur laquelle l'IP de failover sera montée. | ||||
|  | ||||
| *<span style="text-decoration: underline">Valeur par défaut:</span> aucune* | ||||
|  | ||||
| ### keepalived_mail_to | ||||
|  | ||||
| Adresse mail sur laquelle envoyer les alertes. | ||||
|  | ||||
| *<span style="text-decoration: underline">Valeur par défaut:</span> aucune* | ||||
|  | ||||
| ### keepalived_mail_from | ||||
|  | ||||
| Adresse mail source depuis laquelle partent les alertes.<br> | ||||
| Le serveur d'envoi (smtp) est défini par défaut sur localhost. | ||||
|  | ||||
| *<span style="text-decoration: underline">Valeur par défaut:</span> aucune* | ||||
|  | ||||
| ### keepalived_ipv4 | ||||
|  | ||||
| Adresse IPv4 de failover. | ||||
|  | ||||
| *<span style="text-decoration: underline">Valeur par défaut:</span> aucune* | ||||
|  | ||||
| ### keepalived_ipv6 | ||||
|  | ||||
| Adresse IPv6 de failover. | ||||
|  | ||||
| *<span style="text-decoration: underline">Valeur par défaut:</span> aucune* | ||||
|  | ||||
| ### keepalived_peers | ||||
|  | ||||
| Passer en unicast en utilisant cette liste d'IP. | ||||
|  | ||||
| *<span style="text-decoration: underline">Valeur par défaut:</span> aucune* | ||||
|  | ||||
| ### keepalived_notify_script_enabled | ||||
|  | ||||
| Booléen permettant d'activer le script de notification.<br> | ||||
| Le script est déployé dans `/etc/keepalived/notify.sh`. | ||||
|  | ||||
| *<span style="text-decoration: underline">Valeur par défaut:</span> `false`* | ||||
|  | ||||
| ### keepalived_track_scripts | ||||
|  | ||||
| Liste de script dont le code retour doit être à zéro pour que le membre conserve ou puisse prendre l'IP de failover. | ||||
|  | ||||
| *<span style="text-decoration: underline">Valeur par défaut:</span> aucune* | ||||
|  | ||||
| ### keepalived_track_processes | ||||
|  | ||||
| Liste de processus devant fonctionner pour que le membre conserve ou puisse prendre l'IP de failover. | ||||
|  | ||||
| *<span style="text-decoration: underline">Valeur par défaut:</span> aucune* | ||||
|  | ||||
| ## Exemples | ||||
|  | ||||
| Dans les exemples ci-dessous, j'utilise aussi le rôle *nftables* afin d'installer et configurer le pare-feu logiciel éponyme. | ||||
|  | ||||
| ### host_vars/infra-gw-2315a.nyx.ykn.local.yml | ||||
|  | ||||
| ```yaml | ||||
| --- | ||||
|  | ||||
| # BEGIN role_ifupdown | ||||
| ifupdown_interfaces: | ||||
|   - interface: eth0 | ||||
|     ipv4: | ||||
|       inet: static | ||||
|       address: 192.168.50.250 | ||||
|       mask: 24 | ||||
|       dns: 192.168.50.11 192.168.50.16 | ||||
|     ipv6: | ||||
|       inet: static | ||||
|       address: fd00:ff50::d250 | ||||
|       mask: 64 | ||||
|       dns: fd00:ff50::d011 fd00:ff50::d016 | ||||
|   - interface: eth1 | ||||
|     ipv4: | ||||
|       inet: static | ||||
|       address: 192.168.1.51 | ||||
|       mask: 24 | ||||
|       dns: 192.168.1.254 | ||||
|     ipv6: | ||||
|       inet: auto | ||||
| # END role_ifupdown | ||||
| ``` | ||||
|  | ||||
| ### group_vars/gw.yml | ||||
|  | ||||
| ```yaml | ||||
| --- | ||||
|  | ||||
| # BEGIN role_users | ||||
| users: | ||||
|   - name: keepalived_script | ||||
|     comment: "Dedicated user for keepalived script" | ||||
|     update_password: on_create | ||||
|     password_lock: true | ||||
|     shell: /bin/bash | ||||
| # END role_users | ||||
|  | ||||
| # BEGIN role_nftables | ||||
| nftables_rules: | ||||
|   - filename: keepalived | ||||
|     rules: | ||||
|       - ip saddr 192.168.50.250 accept | ||||
|       - ip saddr 192.168.50.251 accept | ||||
|       - ip saddr 192.168.50.252 accept | ||||
| # END role_nftables | ||||
|  | ||||
| # BEGIN role_keepalived | ||||
| keepalived_ipv4: 192.168.50.254/24 | ||||
| keepalived_ipv6: fd00:ff50::d254/64 | ||||
|  | ||||
| keepalived_uid: "{{ keepalived_ipv4 | split('.') | last | split('/') | first }}" | ||||
|  | ||||
| keepalived_track_scripts: | ||||
|   - name: check_nftables_service | ||||
|     interval: 5 | ||||
|     command: /usr/bin/systemctl is-active nftables.service | ||||
| # END role_keepalived | ||||
| ``` | ||||
|  | ||||
| ### playbook.yml | ||||
|  | ||||
| ```yaml | ||||
| --- | ||||
|  | ||||
| - name: Déployer les passerelles réseau | ||||
|   hosts: gateways | ||||
|   vars: | ||||
|     primary_interface: "{{ ifupdown_interfaces | first }}" | ||||
|     keepalived_priority: "{{ 255 - (primary_interface.ipv4.address | split('.') | last | int) }}" | ||||
|     keepalived_interface: "{{ primary_interface.interface }}" | ||||
|   roles: | ||||
|     - name: users | ||||
|     - name: nftables | ||||
|     - name: keepalived | ||||
| ``` | ||||
|   | ||||
							
								
								
									
										34
									
								
								defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										34
									
								
								defaults/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,34 @@ | ||||
| --- | ||||
| # defaults file for keepalived | ||||
|  | ||||
| keepalived_uid: "" | ||||
| keepalived_priority: "" | ||||
| keepalived_interface: "" | ||||
|  | ||||
| keepalived_mail_to: "" | ||||
| keepalived_mail_from: "" | ||||
|  | ||||
| keepalived_ipv4: "" | ||||
| keepalived_ipv6: "" | ||||
|  | ||||
| keepalived_peers: [] | ||||
|  | ||||
| keepalived_notify_enable: false | ||||
| keepalived_notify_pre: {} | ||||
| keepalived_notify_is_master: {} | ||||
| keepalived_notify_is_backup: {} | ||||
| keepalived_notify_is_fault: {} | ||||
| keepalived_notify_by_default: {} | ||||
|  | ||||
| keepalived_track_scripts: [] | ||||
| # Example: | ||||
| #  - name: check_haproxy_8080 | ||||
| #    command: /usr/bin/nc -zv 127.0.0.1 8080 | ||||
| #  - name: check_haproxy_8081 | ||||
| #    command: /usr/bin/nc -zv 127.0.0.1 8081 | ||||
|  | ||||
| keepalived_track_processes: [] | ||||
| # Example: | ||||
| #  - name: check_haproxy | ||||
| #    search: /usr/sbin/haproxy | ||||
| #    quorum: 2 | ||||
							
								
								
									
										8
									
								
								handlers/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								handlers/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| --- | ||||
| # handlers file for keepalived | ||||
|  | ||||
| - name: Restart keepalived.service | ||||
|   become: true | ||||
|   ansible.builtin.systemd: | ||||
|     state: restarted | ||||
|     name: keepalived.service | ||||
| @@ -1,7 +1,7 @@ | ||||
| galaxy_info: | ||||
|   namespace: ykn | ||||
|   author: pulsar89.5 | ||||
|   description: Rôle modèle | ||||
|   description: Deploy keepalived | ||||
|  | ||||
|   license: GPL-3.0-or-later | ||||
|  | ||||
| @@ -12,4 +12,5 @@ galaxy_info: | ||||
|       versions: | ||||
|         - all | ||||
|  | ||||
| dependencies: [] | ||||
| dependencies: | ||||
|   - role: users | ||||
|   | ||||
							
								
								
									
										37
									
								
								tasks/configuration.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										37
									
								
								tasks/configuration.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,37 @@ | ||||
| --- | ||||
| # tasks file for keepalived | ||||
|  | ||||
| - name: Deploy configuration | ||||
|   ansible.builtin.template: | ||||
|     src: keepalived.j2 | ||||
|     dest: /etc/keepalived/keepalived.conf | ||||
|     owner: root | ||||
|     group: root | ||||
|     mode: u=rw,g=r,o=r | ||||
|   become: true | ||||
|   notify: Restart keepalived.service | ||||
|  | ||||
| - name: Deploy sudoers configuration | ||||
|   ansible.builtin.template: | ||||
|     src: sudoers.j2 | ||||
|     dest: /etc/sudoers.d/keepalived_script | ||||
|     owner: root | ||||
|     group: keepalived_script | ||||
|     mode: u=rwx,g=rx,o= | ||||
|     validate: /usr/sbin/visudo -cf %s | ||||
|   when: | ||||
|     - keepalived_notify_enable | ||||
|     - keepalived_sudoers_cmd | length > 0 | ||||
|   become: true | ||||
|   notify: Restart keepalived.service | ||||
|  | ||||
| - name: Deploy notify script | ||||
|   ansible.builtin.template: | ||||
|     src: notify.bash.j2 | ||||
|     dest: /etc/keepalived/notify.bash | ||||
|     owner: root | ||||
|     group: keepalived_script | ||||
|     mode: u=rwx,g=rx,o= | ||||
|   when: keepalived_notify_enable | ||||
|   become: true | ||||
|   notify: Restart keepalived.service | ||||
							
								
								
									
										7
									
								
								tasks/installation.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								tasks/installation.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| --- | ||||
| # tasks file for keepalived | ||||
|  | ||||
| - name: Install keepalived | ||||
|   ansible.builtin.apt: | ||||
|     name: keepalived | ||||
|   become: true | ||||
							
								
								
									
										10
									
								
								tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								tasks/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | ||||
| --- | ||||
| # tasks file for keepalived | ||||
|  | ||||
| - name: Import installation tasks | ||||
|   ansible.builtin.import_tasks: | ||||
|     file: installation.yml | ||||
|  | ||||
| - name: Import configuration tasks | ||||
|   ansible.builtin.import_tasks: | ||||
|     file: configuration.yml | ||||
							
								
								
									
										86
									
								
								templates/keepalived.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										86
									
								
								templates/keepalived.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,86 @@ | ||||
| # {{ ansible_managed }} | ||||
|  | ||||
| global_defs { | ||||
| {% if keepalived_mail_to | length > 0 %} | ||||
|   notification_email { | ||||
|     {{ keepalived_mail_to }} | ||||
|   } | ||||
| {% endif %} | ||||
|  | ||||
| {% if keepalived_mail_from | length > 0 %} | ||||
|   notification_email_from {{ keepalived_mail_from }} | ||||
|     smtp_server 127.0.0.1 | ||||
|     smtp_connect_timeout 30 | ||||
| {% endif %} | ||||
|  | ||||
|   script_user keepalived_script | ||||
|   enable_script_security | ||||
|   max_auto_priority 50 | ||||
| } | ||||
|  | ||||
| {% for script in keepalived_track_scripts %} | ||||
| vrrp_script {{ script.name }} { | ||||
|   script "{{ script.command }}" | ||||
|   interval {{ script.interval }} | ||||
| } | ||||
| {% endfor %} | ||||
|  | ||||
| {% for process in keepalived_track_processes %} | ||||
| vrrp_track_process {{ process.name }} { | ||||
|   process "{{ process.search }}" | ||||
|   quorum {{ process.quorum }} | ||||
| } | ||||
| {% endfor %} | ||||
|  | ||||
| vrrp_instance VIP_{{ keepalived_uid }} { | ||||
|   state BACKUP | ||||
|   priority {{ keepalived_priority }} | ||||
|   nopreempt | ||||
|  | ||||
|   interface {{ keepalived_interface }} | ||||
|   virtual_router_id {{ keepalived_uid }} | ||||
|   advert_int 1 | ||||
|  | ||||
| {% if keepalived_peers | length > 0 %} | ||||
|   unicast_src_ip {{ ansible_facts[keepalived_interface]['ipv4']['address'] }} | ||||
|   unicast_peer { | ||||
| {% for peer in keepalived_peers %} | ||||
| {% if peer != ansible_facts[keepalived_interface]['ipv4']['address'] %} | ||||
|     {{ peer }} | ||||
| {% endif %} | ||||
| {% endfor %} | ||||
|   } | ||||
| {% endif %} | ||||
|  | ||||
| {% if keepalived_ipv4 | length > 0 %} | ||||
|   virtual_ipaddress { | ||||
|     {{ keepalived_ipv4 }} dev {{ keepalived_interface }} scope global | ||||
|   } | ||||
| {% endif %} | ||||
|  | ||||
| {% if keepalived_ipv6 | length > 0 %} | ||||
|   virtual_ipaddress_excluded { | ||||
|     {{ keepalived_ipv6 }} dev {{ keepalived_interface }} scope global | ||||
|   } | ||||
| {% endif %} | ||||
|  | ||||
| {% if keepalived_notify_enable %} | ||||
|   notify /etc/keepalived/notify.bash | ||||
| {% endif %} | ||||
|  | ||||
| {% if keepalived_track_scripts | length > 0 %} | ||||
|   track_script { | ||||
| {% for script in keepalived_track_scripts %} | ||||
|     {{ script.name }} | ||||
| {% endfor%} | ||||
|   } | ||||
| {% endif %} | ||||
|  | ||||
| {% if keepalived_track_processes | length > 0 %} | ||||
|   track_process { | ||||
| {% for process in keepalived_track_processes %} | ||||
|     {{ process.name }} | ||||
| {% endfor %} | ||||
|   } | ||||
| {% endif %} | ||||
| } | ||||
							
								
								
									
										38
									
								
								templates/notify.bash.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										38
									
								
								templates/notify.bash.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,38 @@ | ||||
| #!/bin/bash | ||||
| # {{ ansible_managed }} | ||||
|  | ||||
| TYPE=$1 | ||||
| NAME=$2 | ||||
| STATE=$3 | ||||
|  | ||||
| {% if keepalived_notify_pre | length > 0 %} | ||||
| {{ keepalived_notify_pre }} | ||||
| {% endif %} | ||||
|  | ||||
| # Use keepalived state | ||||
| case $STATE in | ||||
| {% if keepalived_notify_is_master | length > 0 %} | ||||
|   "MASTER") | ||||
|     {{ keepalived_notify_is_master | indent(4) }} | ||||
|     exit 0 | ||||
|   ;; | ||||
| {% endif %} | ||||
| {% if keepalived_notify_is_backup | length > 0 %} | ||||
|   "BACKUP") | ||||
|     {{ keepalived_notify_is_backup | indent(4) }} | ||||
|     exit 0 | ||||
|   ;; | ||||
| {% endif %} | ||||
| {% if keepalived_notify_is_fault | length > 0 %} | ||||
|   "FAULT") | ||||
|     {{ keepalived_notify_is_fault | indent(4) }} | ||||
|     exit 0 | ||||
|   ;; | ||||
| {% endif %} | ||||
| {% if keepalived_notify_by_default | length > 0 %} | ||||
|   *) | ||||
|     {{ keepalived_notify_by_default | indent(4) }} | ||||
|     exit 1 | ||||
|   ;; | ||||
| {% endif %} | ||||
| esac | ||||
							
								
								
									
										5
									
								
								templates/sudoers.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								templates/sudoers.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | ||||
| # {{ ansible_managed }} | ||||
|  | ||||
| {% for cmd in keepalived_sudoers_cmd %} | ||||
| keepalived_script ALL=(ALL) NOPASSWD:{{ cmd }} | ||||
| {% endfor %} | ||||
							
								
								
									
										9
									
								
								vars/main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								vars/main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | ||||
| --- | ||||
| # vars file for keepalived | ||||
|  | ||||
| users: | ||||
|   - name: keepalived_script | ||||
|     comment: "Dedicated user for keepalived script" | ||||
|     update_password: on_create | ||||
|     password_lock: true | ||||
|     shell: /bin/bash | ||||
		Reference in New Issue
	
	Block a user