diff --git a/playbooks/keepalived.yml b/playbooks/keepalived.yml new file mode 100755 index 0000000..4267447 --- /dev/null +++ b/playbooks/keepalived.yml @@ -0,0 +1,25 @@ +#!/usr/bin/env ansible-playbook +--- +- hosts: + - isp-1.rtr.infra.auro.re + - isp-2.rtr.infra.auro.re + vars: + # keepalived__notify_master + # keepalived__notify_backup + # keepalived__notify_fault + keepalived__virtual_router_id: 80 + keepalived__interface: ens18 + keepalived__virtual_addresses: + client-0: + - 100.64.0.1/27 + client-1: + - 100.64.0.33/27 + client-2: + - 100.64.0.65/27 + client-3: + - 100.64.0.97/27 + client-4: + - 100.64.0.129/27 + roles: + - keepalived +... diff --git a/roles/keepalived/defaults/main.yml b/roles/keepalived/defaults/main.yml new file mode 100644 index 0000000..c222175 --- /dev/null +++ b/roles/keepalived/defaults/main.yml @@ -0,0 +1,3 @@ +--- +keepalived__virtual_addresses: {} +... diff --git a/roles/keepalived/handlers/main.yml b/roles/keepalived/handlers/main.yml new file mode 100644 index 0000000..df390cb --- /dev/null +++ b/roles/keepalived/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Reload keepalived + systemd: + name: keepalived.service + state: reloaded +... diff --git a/roles/keepalived/tasks/main.yml b/roles/keepalived/tasks/main.yml new file mode 100644 index 0000000..de1a44a --- /dev/null +++ b/roles/keepalived/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Install keepalived + apt: + name: keepalived + +- name: Configure keepalived + template: + src: keepalived.conf.j2 + dest: /etc/keepalived/keepalived.conf + owner: root + group: root + mode: u=rw,g=,o= + notify: + - Reload keepalived + +- name: Enable and start keepalived + systemd: + name: keepalived + enabled: true + state: started +... diff --git a/roles/keepalived/templates/keepalived.conf.j2 b/roles/keepalived/templates/keepalived.conf.j2 new file mode 100644 index 0000000..264c9bd --- /dev/null +++ b/roles/keepalived/templates/keepalived.conf.j2 @@ -0,0 +1,83 @@ +{{ ansible_managed | comment }} + +global_defs { + dynamic_interfaces + script_user root + enable_script_security + vrrp_version 3 +} + +{% +set ipv4_enabled = + keepalived__ipv4_enabled + | default(keepalived__virtual_addresses.values() + | flatten | ansible.utils.ipv4) +%} +{% +set ipv6_enabled = + keepalived__ipv6_enabled + | default(keepalived__virtual_addresses.values() + | flatten | ansible.utils.ipv6) +%} + +vrrp_sync_group group { + group { +{% if ipv4_enabled %} + instance_v4 +{% endif %} +{% if ipv6_enabled %} + instance_v6 +{% endif %} + } +{% if keepalived__notify_master is defined %} + notify_master {{ keepalived__notify_master | enquote('"') }} +{% endif %} +{% if keepalived__notify_backup is defined %} + notify_backup {{ keepalived__notify_backup | enquote('"') }} +{% endif %} +{% if keepalived__notify_fault is defined %} + notify_fault {{ keepalived__notify_fault | enquote('"') }} +{% endif %} +} + +{% if ipv4_enabled %} +vrrp_instance instance_v4 { + virtual_router_id {{ keepalived__virtual_router_id }} + interface {{ keepalived__interface }} + state BACKUP + priority 250 + nopreempt + advert_int 1 + accept + virtual_ipaddress { +{% for dev, addresses in keepalived__virtual_addresses.items() %} +{% for address in addresses %} +{% if address | ansible.utils.ipv4 %} + {{ address }} dev {{ dev }} +{% endif %} +{% endfor %} +{% endfor %} + } +} +{% endif %} + +{% if ipv6_enabled %} +vrrp_instance instance_v6 { + virtual_router_id {{ keepalived__virtual_router_id }} + interface {{ keepalived__interface }} + state BACKUP + priority 250 + nopreempt + advert_int 1 + accept + virtual_ipaddress { +{% for dev, addresses in keepalived__virtual_addresses.items() %} +{% for address in addresses %} +{% if address | ansible.utils.ipv6 %} + {{ address }} dev {{ dev }} +{% endif %} +{% endfor %} +{% endfor %} + } +} +{% endif %}