diff --git a/README.md b/README.md index b319f73..32eb8ae 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,19 @@ Adresse IPv6 de failover. *Valeur par défaut: aucune* +### keepalived_peers + +Passer en unicast en utilisant cette liste d'IP. + +*Valeur par défaut: aucune* + +### keepalived_notify_script_enabled + +Booléen permettant d'activer le script de notification.
+Le script est déployé dans `/etc/keepalived/notify.sh`. + +*Valeur par défaut: `false`* + ### keepalived_track_scripts Liste de script dont le code retour doit être à zéro pour que le membre conserve ou puisse prendre l'IP de failover. diff --git a/defaults/main.yml b/defaults/main.yml index 1c1a385..b1aea24 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,6 +11,10 @@ keepalived_mail_from: "" keepalived_ipv4: "" keepalived_ipv6: "" +keepalived_peers: [] + +keepalived_notify_script_enabled: false + keepalived_track_scripts: [] # Exemple: # - name: check_haproxy_8080 diff --git a/meta/main.yml b/meta/main.yml index 5f58a50..a283291 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -14,3 +14,10 @@ galaxy_info: dependencies: - role: users + vars: + users_role_keepalived: + - name: keepalived_script + comment: "Dedicated user for keepalived script" + update_password: on_create + password_lock: true + shell: /bin/bash diff --git a/tasks/main.yml b/tasks/main.yml index d0a1d7a..ecd3baa 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasks file for keepalived -- name: Installer keepalived +- name: Installer le paquet ansible.builtin.apt: name: keepalived become: true @@ -15,3 +15,25 @@ dest: /etc/keepalived/keepalived.conf become: true notify: Redémarrer keepalived.service + +- name: Déployer les scripts + ansible.builtin.copy: + src: keepalived/notify.sh + dest: /etc/keepalived/ + owner: keepalived_script + group: keepalived_script + mode: u=rx,g=rx,o= + when: keepalived_notify_script_enabled + become: true + notify: Redémarrer keepalived.service + +- name: Déployer le fichier de configuration de sudoers + ansible.builtin.copy: + src: keepalived/sudoers + dest: /etc/sudoers.d/keepalived + owner: root + group: root + mode: u=rw,g=r,o=r + validate: /usr/sbin/visudo -cf %s + when: "'keepalived/sudoers' is file" + become: true diff --git a/templates/keepalived.j2 b/templates/keepalived.j2 index 4acb3bb..141cd82 100644 --- a/templates/keepalived.j2 +++ b/templates/keepalived.j2 @@ -13,6 +13,7 @@ global_defs { smtp_connect_timeout 30 {% endif %} + script_user keepalived_script enable_script_security max_auto_priority 50 } @@ -40,6 +41,17 @@ vrrp_instance VIP_{{ keepalived_uid }} { virtual_router_id {{ keepalived_uid }} advert_int 1 +{% if keepalived_peers | length > 0 %} + unicast_src_ip {{ ansible_facts[keepalived_interface]['ipv4']['address'] }} + unicast_peer { +{% for peer in keepalived_peers %} +{% if peer != ansible_facts[keepalived_interface]['ipv4']['address'] %} + {{ peer }} +{% endif %} +{% endfor %} + } +{% endif %} + {% if keepalived_ipv4 | length > 0 %} virtual_ipaddress { {{ keepalived_ipv4 }} dev {{ keepalived_interface }} scope global @@ -52,6 +64,10 @@ vrrp_instance VIP_{{ keepalived_uid }} { } {% endif %} +{% if keepalived_notify_script_enabled %} + notify /etc/keepalived/notify.sh +{% endif %} + {% if keepalived_track_scripts | length > 0 %} track_script { {% for script in keepalived_track_scripts %}