diff --git a/README.md b/README.md
index b319f73..32eb8ae 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,19 @@ Adresse IPv6 de failover.
*Valeur par défaut: aucune*
+### keepalived_peers
+
+Passer en unicast en utilisant cette liste d'IP.
+
+*Valeur par défaut: aucune*
+
+### keepalived_notify_script_enabled
+
+Booléen permettant d'activer le script de notification.
+Le script est déployé dans `/etc/keepalived/notify.sh`.
+
+*Valeur par défaut: `false`*
+
### keepalived_track_scripts
Liste de script dont le code retour doit être à zéro pour que le membre conserve ou puisse prendre l'IP de failover.
diff --git a/defaults/main.yml b/defaults/main.yml
index 1c1a385..b1aea24 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -11,6 +11,10 @@ keepalived_mail_from: ""
keepalived_ipv4: ""
keepalived_ipv6: ""
+keepalived_peers: []
+
+keepalived_notify_script_enabled: false
+
keepalived_track_scripts: []
# Exemple:
# - name: check_haproxy_8080
diff --git a/meta/main.yml b/meta/main.yml
index 5f58a50..a283291 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -14,3 +14,10 @@ galaxy_info:
dependencies:
- role: users
+ vars:
+ users_role_keepalived:
+ - name: keepalived_script
+ comment: "Dedicated user for keepalived script"
+ update_password: on_create
+ password_lock: true
+ shell: /bin/bash
diff --git a/tasks/main.yml b/tasks/main.yml
index d0a1d7a..ecd3baa 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,7 +1,7 @@
---
# tasks file for keepalived
-- name: Installer keepalived
+- name: Installer le paquet
ansible.builtin.apt:
name: keepalived
become: true
@@ -15,3 +15,25 @@
dest: /etc/keepalived/keepalived.conf
become: true
notify: Redémarrer keepalived.service
+
+- name: Déployer les scripts
+ ansible.builtin.copy:
+ src: keepalived/notify.sh
+ dest: /etc/keepalived/
+ owner: keepalived_script
+ group: keepalived_script
+ mode: u=rx,g=rx,o=
+ when: keepalived_notify_script_enabled
+ become: true
+ notify: Redémarrer keepalived.service
+
+- name: Déployer le fichier de configuration de sudoers
+ ansible.builtin.copy:
+ src: keepalived/sudoers
+ dest: /etc/sudoers.d/keepalived
+ owner: root
+ group: root
+ mode: u=rw,g=r,o=r
+ validate: /usr/sbin/visudo -cf %s
+ when: "'keepalived/sudoers' is file"
+ become: true
diff --git a/templates/keepalived.j2 b/templates/keepalived.j2
index 4acb3bb..141cd82 100644
--- a/templates/keepalived.j2
+++ b/templates/keepalived.j2
@@ -13,6 +13,7 @@ global_defs {
smtp_connect_timeout 30
{% endif %}
+ script_user keepalived_script
enable_script_security
max_auto_priority 50
}
@@ -40,6 +41,17 @@ vrrp_instance VIP_{{ keepalived_uid }} {
virtual_router_id {{ keepalived_uid }}
advert_int 1
+{% if keepalived_peers | length > 0 %}
+ unicast_src_ip {{ ansible_facts[keepalived_interface]['ipv4']['address'] }}
+ unicast_peer {
+{% for peer in keepalived_peers %}
+{% if peer != ansible_facts[keepalived_interface]['ipv4']['address'] %}
+ {{ peer }}
+{% endif %}
+{% endfor %}
+ }
+{% endif %}
+
{% if keepalived_ipv4 | length > 0 %}
virtual_ipaddress {
{{ keepalived_ipv4 }} dev {{ keepalived_interface }} scope global
@@ -52,6 +64,10 @@ vrrp_instance VIP_{{ keepalived_uid }} {
}
{% endif %}
+{% if keepalived_notify_script_enabled %}
+ notify /etc/keepalived/notify.sh
+{% endif %}
+
{% if keepalived_track_scripts | length > 0 %}
track_script {
{% for script in keepalived_track_scripts %}