From 954528bd4d21178dc1d8f1a05abbe45ebb66bd78 Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Fri, 21 Apr 2023 14:28:05 +0200 Subject: [PATCH 1/3] [EVO] Ajouter la gestion de l'unicast --- README.md | 6 ++++++ defaults/main.yml | 2 ++ templates/keepalived.j2 | 10 ++++++++++ 3 files changed, 18 insertions(+) diff --git a/README.md b/README.md index b319f73..c2eea88 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,12 @@ Adresse IPv6 de failover. *Valeur par défaut: aucune* +### keepalived_peers + +Passer en unicast en utilisant cette liste d'IP. + +*Valeur par défaut: aucune* + ### keepalived_track_scripts Liste de script dont le code retour doit être à zéro pour que le membre conserve ou puisse prendre l'IP de failover. diff --git a/defaults/main.yml b/defaults/main.yml index 1c1a385..6b2b021 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,6 +11,8 @@ keepalived_mail_from: "" keepalived_ipv4: "" keepalived_ipv6: "" +keepalived_peers: [] + keepalived_track_scripts: [] # Exemple: # - name: check_haproxy_8080 diff --git a/templates/keepalived.j2 b/templates/keepalived.j2 index 4acb3bb..75f98e1 100644 --- a/templates/keepalived.j2 +++ b/templates/keepalived.j2 @@ -40,6 +40,16 @@ vrrp_instance VIP_{{ keepalived_uid }} { virtual_router_id {{ keepalived_uid }} advert_int 1 +{% if keepalived_peers | length > 0 %} + unicast_peer { +{% for peer in keepalived_peers %} +{% if peer != ansible_facts[keepalived_interface]['ipv4']['address'] %} + {{ peer }} +{% endif %} +{% endfor %} + } +{% endif %} + {% if keepalived_ipv4 | length > 0 %} virtual_ipaddress { {{ keepalived_ipv4 }} dev {{ keepalived_interface }} scope global -- 2.39.5 From 0efc0c68874c9b6e8e0f253e026b5a482abc53a0 Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Fri, 21 Apr 2023 16:32:34 +0200 Subject: [PATCH 2/3] [EVO] Ajouter les scripts de notifications --- README.md | 7 +++++++ defaults/main.yml | 2 ++ meta/main.yml | 7 +++++++ tasks/main.yml | 23 ++++++++++++++++++++++- templates/keepalived.j2 | 4 ++++ 5 files changed, 42 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c2eea88..32eb8ae 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,13 @@ Passer en unicast en utilisant cette liste d'IP. *Valeur par défaut: aucune* +### keepalived_notify_script_enabled + +Booléen permettant d'activer le script de notification.
+Le script est déployé dans `/etc/keepalived/notify.sh`. + +*Valeur par défaut: `false`* + ### keepalived_track_scripts Liste de script dont le code retour doit être à zéro pour que le membre conserve ou puisse prendre l'IP de failover. diff --git a/defaults/main.yml b/defaults/main.yml index 6b2b021..b1aea24 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -13,6 +13,8 @@ keepalived_ipv6: "" keepalived_peers: [] +keepalived_notify_script_enabled: false + keepalived_track_scripts: [] # Exemple: # - name: check_haproxy_8080 diff --git a/meta/main.yml b/meta/main.yml index 5f58a50..a2647e9 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -14,3 +14,10 @@ galaxy_info: dependencies: - role: users + vars: + users: + - name: keepalived_script + comment: "Dedicated user for keepalived script" + update_password: on_create + password_lock: true + shell: /bin/bash diff --git a/tasks/main.yml b/tasks/main.yml index d0a1d7a..3dceada 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,7 @@ --- # tasks file for keepalived -- name: Installer keepalived +- name: Installer le paquet ansible.builtin.apt: name: keepalived become: true @@ -15,3 +15,24 @@ dest: /etc/keepalived/keepalived.conf become: true notify: Redémarrer keepalived.service + +- name: Déployer les scripts + ansible.builtin.copy: + src: keepalived/notify.sh + dest: /etc/keepalived/ + owner: keepalived_script + group: keepalived_script + mode: u=rx,g=rx,o= + when: keepalived_notify_script_enabled + become: true + notify: Redémarrer keepalived.service + +- name: Déployer le fichier de configuration de sudoers + ansible.builtin.copy: + src: keepalived/sudoers + dest: /etc/sudoers.d/keepalived + owner: root + group: root + mode: u=rw,g=r,o=r + validate: /usr/sbin/visudo -cf %s + become: true diff --git a/templates/keepalived.j2 b/templates/keepalived.j2 index 75f98e1..a14f075 100644 --- a/templates/keepalived.j2 +++ b/templates/keepalived.j2 @@ -62,6 +62,10 @@ vrrp_instance VIP_{{ keepalived_uid }} { } {% endif %} +{% if keepalived_notify_script_enabled %} + notify /etc/keepalived/notify.sh +{% endif %} + {% if keepalived_track_scripts | length > 0 %} track_script { {% for script in keepalived_track_scripts %} -- 2.39.5 From 54e2b70bd60c3096958714add50f63e6efed0ad4 Mon Sep 17 00:00:00 2001 From: Alexandre Le Gall Date: Tue, 26 Sep 2023 16:40:09 +0200 Subject: [PATCH 3/3] [EVO] Ajouter la source de l'unicast --- meta/main.yml | 2 +- tasks/main.yml | 1 + templates/keepalived.j2 | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/main.yml b/meta/main.yml index a2647e9..a283291 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -15,7 +15,7 @@ galaxy_info: dependencies: - role: users vars: - users: + users_role_keepalived: - name: keepalived_script comment: "Dedicated user for keepalived script" update_password: on_create diff --git a/tasks/main.yml b/tasks/main.yml index 3dceada..ecd3baa 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -35,4 +35,5 @@ group: root mode: u=rw,g=r,o=r validate: /usr/sbin/visudo -cf %s + when: "'keepalived/sudoers' is file" become: true diff --git a/templates/keepalived.j2 b/templates/keepalived.j2 index a14f075..141cd82 100644 --- a/templates/keepalived.j2 +++ b/templates/keepalived.j2 @@ -13,6 +13,7 @@ global_defs { smtp_connect_timeout 30 {% endif %} + script_user keepalived_script enable_script_security max_auto_priority 50 } @@ -41,6 +42,7 @@ vrrp_instance VIP_{{ keepalived_uid }} { advert_int 1 {% if keepalived_peers | length > 0 %} + unicast_src_ip {{ ansible_facts[keepalived_interface]['ipv4']['address'] }} unicast_peer { {% for peer in keepalived_peers %} {% if peer != ansible_facts[keepalived_interface]['ipv4']['address'] %} -- 2.39.5