2024-05-06 22:48:13 +00:00
6 changed files with 74 additions and 22 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -13,7 +13,12 @@ keepalived_ipv6: ""

 keepalived_peers: []

-keepalived_notify_script_enabled: false
+keepalived_notify_enable: false
+keepalived_notify_pre: {}
+keepalived_notify_is_master: {}
+keepalived_notify_is_backup: {}
+keepalived_notify_is_fault: {}
+keepalived_notify_by_default: {}

 keepalived_track_scripts: []
 # Exemple:
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -13,6 +13,7 @@ galaxy_info:
        - all

 dependencies:
+  - role: nftables
  - role: users
    vars:
      users_role_keepalived:
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,32 +8,35 @@

 - name: Déployer la configuration
  ansible.builtin.template:
+    src: keepalived.j2
+    dest: /etc/keepalived/keepalived.conf
    owner: root
    group: root
    mode: u=rw,g=r,o=r
-    src: keepalived.j2
-    dest: /etc/keepalived/keepalived.conf
-  become: true
-  notify: Redémarrer keepalived.service
-
- name: Déployer les scripts
-  ansible.builtin.copy:
-    src: keepalived/notify.sh
-    dest: /etc/keepalived/
-    owner: keepalived_script
-    group: keepalived_script
-    mode: u=rx,g=rx,o=
-  when: keepalived_notify_script_enabled
  become: true
  notify: Redémarrer keepalived.service

 - name: Déployer le fichier de configuration de sudoers
-  ansible.builtin.copy:
-    src: keepalived/sudoers
-    dest: /etc/sudoers.d/keepalived
+  ansible.builtin.template:
+    src: sudoers.j2
+    dest: /etc/sudoers.d/keepalived_script
    owner: root
-    group: root
-    mode: u=rw,g=r,o=r
+    group: keepalived_script
+    mode: u=rwx,g=rx,o=
    validate: /usr/sbin/visudo -cf %s
-  when: "'keepalived/sudoers' is file"
+  when:
+    - keepalived_notify_enable
+    - keepalived_sudoers_cmd | length > 0
  become: true
+  notify: Redémarrer keepalived.service
+
+- name: Déployer les scripts
+  ansible.builtin.template:
+    src: notify.bash.j2
+    dest: /etc/keepalived/notify.bash
+    owner: root
+    group: keepalived_script
+    mode: u=rwx,g=rx,o=
+  when: keepalived_notify_enable
+  become: true
+  notify: Redémarrer keepalived.service
--- a/templates/keepalived.j2
+++ b/templates/keepalived.j2
@@ -64,8 +64,8 @@ vrrp_instance VIP_{{ keepalived_uid }} {
  }
 {% endif %}

-{% if keepalived_notify_script_enabled %}
-  notify /etc/keepalived/notify.sh
+{% if keepalived_notify_enable %}
+  notify /etc/keepalived/notify.bash
 {% endif %}

 {% if keepalived_track_scripts | length > 0 %}
--- a/templates/notify.bash.j2
+++ b/templates/notify.bash.j2
@@ -0,0 +1,38 @@
+#!/bin/bash
+# {{ ansible_managed }}
+
+TYPE=$1
+NAME=$2
+STATE=$3
+
+{% if keepalived_notify_pre | length > 0 %}
+{{ keepalived_notify_pre }}
+{% endif %}
+
+# Use keepalived state
+case $STATE in
+{% if keepalived_notify_is_master | length > 0 %}
+  "MASTER")
+    {{ keepalived_notify_is_master | indent(4) }}
+    exit 0
+  ;;
+{% endif %}
+{% if keepalived_notify_is_backup | length > 0 %}
+  "BACKUP")
+    {{ keepalived_notify_is_backup | indent(4) }}
+    exit 0
+  ;;
+{% endif %}
+{% if keepalived_notify_is_fault | length > 0 %}
+  "FAULT")
+    {{ keepalived_notify_is_fault | indent(4) }}
+    exit 0
+  ;;
+{% endif %}
+{% if keepalived_notify_by_default | length > 0 %}
+  *)
+    {{ keepalived_notify_by_default | indent(4) }}
+    exit 1
+  ;;
+{% endif %}
+esac
--- a/templates/sudoers.j2
+++ b/templates/sudoers.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for cmd in keepalived_sudoers_cmd %}
+keepalived_script ALL=(ALL) NOPASSWD:{{ cmd }}
+{% endfor %}