keepalived: add minimal support for keepalived

2022-08-27 11:15:18 +02:00 · 2022-08-27 11:15:18 +02:00 · c6ac61aa53
commit c6ac61aa53
parent 7daa55ef98
5 changed files with 138 additions and 0 deletions
--- a/playbooks/keepalived.yml
+++ b/playbooks/keepalived.yml
@ -0,0 +1,25 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts:
+    - isp-1.rtr.infra.auro.re
+    - isp-2.rtr.infra.auro.re
+  vars:
+    # keepalived__notify_master
+    # keepalived__notify_backup
+    # keepalived__notify_fault
+    keepalived__virtual_router_id: 80
+    keepalived__interface: ens18
+    keepalived__virtual_addresses:
+      client-0:
+        - 100.64.0.1/27
+      client-1:
+        - 100.64.0.33/27
+      client-2:
+        - 100.64.0.65/27
+      client-3:
+        - 100.64.0.97/27
+      client-4:
+        - 100.64.0.129/27
+  roles:
+    - keepalived
+...
--- a/roles/keepalived/defaults/main.yml
+++ b/roles/keepalived/defaults/main.yml
@ -0,0 +1,3 @@
+---
+keepalived__virtual_addresses: {}
+...
--- a/roles/keepalived/handlers/main.yml
+++ b/roles/keepalived/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: Reload keepalived
+  systemd:
+    name: keepalived.service
+    state: reloaded
+...
--- a/roles/keepalived/tasks/main.yml
+++ b/roles/keepalived/tasks/main.yml
@ -0,0 +1,21 @@
+---
+- name: Install keepalived
+  apt:
+    name: keepalived
+
+- name: Configure keepalived
+  template:
+    src: keepalived.conf.j2
+    dest: /etc/keepalived/keepalived.conf
+    owner: root
+    group: root
+    mode: u=rw,g=,o=
+  notify:
+    - Reload keepalived
+
+- name: Enable and start keepalived
+  systemd:
+    name: keepalived
+    enabled: true
+    state: started
+...
--- a/roles/keepalived/templates/keepalived.conf.j2
+++ b/roles/keepalived/templates/keepalived.conf.j2
@ -0,0 +1,83 @@
+{{ ansible_managed | comment }}
+
+global_defs {
+    dynamic_interfaces
+    script_user root
+    enable_script_security
+    vrrp_version 3
+}
+
+{%
+set ipv4_enabled =
+    keepalived__ipv4_enabled
+    | default(keepalived__virtual_addresses.values()
+              | flatten | ansible.utils.ipv4)
+%}
+{%
+set ipv6_enabled =
+    keepalived__ipv6_enabled
+    | default(keepalived__virtual_addresses.values()
+              | flatten | ansible.utils.ipv6)
+%}
+
+vrrp_sync_group group {
+    group {
+{% if ipv4_enabled %}
+        instance_v4
+{% endif %}
+{% if ipv6_enabled %}
+        instance_v6
+{% endif %}
+    }
+{% if keepalived__notify_master is defined %}
+    notify_master {{ keepalived__notify_master | enquote('"') }}
+{% endif %}
+{% if keepalived__notify_backup is defined %}
+    notify_backup {{ keepalived__notify_backup | enquote('"') }}
+{% endif %}
+{% if keepalived__notify_fault is defined %}
+    notify_fault {{ keepalived__notify_fault | enquote('"') }}
+{% endif %}
+}
+
+{% if ipv4_enabled %}
+vrrp_instance instance_v4 {
+    virtual_router_id {{ keepalived__virtual_router_id }}
+    interface {{ keepalived__interface }}
+    state BACKUP
+    priority 250
+    nopreempt
+    advert_int 1
+    accept
+    virtual_ipaddress {
+{% for dev, addresses in keepalived__virtual_addresses.items() %}
+{% for address in addresses %}
+{% if address | ansible.utils.ipv4 %}
+        {{ address }} dev {{ dev }}
+{% endif %}
+{% endfor %}
+{% endfor %}
+    }
+}
+{% endif %}
+
+{% if ipv6_enabled %}
+vrrp_instance instance_v6 {
+    virtual_router_id {{ keepalived__virtual_router_id }}
+    interface {{ keepalived__interface }}
+    state BACKUP
+    priority 250
+    nopreempt
+    advert_int 1
+    accept
+    virtual_ipaddress {
+{% for dev, addresses in keepalived__virtual_addresses.items() %}
+{% for address in addresses %}
+{% if address | ansible.utils.ipv6 %}
+        {{ address }} dev {{ dev }}
+{% endif %}
+{% endfor %}
+{% endfor %}
+    }
+}
+{% endif %}