diff --git a/re2o-api.yml b/re2o-api.yml new file mode 100644 index 00000000..0f78c18b --- /dev/null +++ b/re2o-api.yml @@ -0,0 +1,51 @@ +--- +# Deploy keepalived on odlyd +- hosts: odlyd.adm.crans.org + vars: + keepalived: + radius: true + radius_password: "{{ vault_keepalived_radius_password }}" + radius_primary: false + radius_secondary: false + router: true + router_password: "{{ vault_keepalived_router_password }}" + router_primary: false + proxy: false + if_serveurs: eth0.1 + if_adm: eth0.2 + if_bornes: eth0.3 + if_switches: eth0.4 + if_zayo: ens1f0.26 + if_zrt: ens1f0.1132 + if_filpub: ens1f0.23 + if_srv: ens1f0.24 + if_filnewserveurs: ens1f0.21 + if_wifinewserveurs: ens1f0.22 + radius_ipv4_adm: 10.231.136.11 + radius_broadcast_adm: 10.231.136.255 + radius_ipv4_bornes: 10.231.148.11 + radius_broadcast_bornes: 10.231.148.255 + radius_ipv4_switches: 10.231.100.11 + radius_broadcast_switches: 10.231.100.255 + radius_ipv6_adm: 2a0c:700:0:2:ad:adff:fef0:f002 + radius_ipv6_bornes: fd01:240:fe3d:3:ad:adff:fef0:f003 + radius_ipv6_switches: fd01:240:fe3d:c804:ad:adff:fef0:f004 + router_ipv4_serveurs: 138.231.136.254 + router_broadcast_serveurs: 138.231.136.255 + router_ipv4_adm: 10.231.136.254 + router_broadcast_adm: 10.231.136.255 + router_ipv4_bornes: 10.231.148.254 + router_broadcast_bornes: 10.231.148.255 + router_id_zayo: 158.255.113.73 + router_id_zrt: 138.231.132.47 + router_broadcast_zrt: 138.231.132.255 + router_ipv4_filpub: 185.230.78.254 + router_broadcast_filpub: 185.230.78.255 + router_ipv4_srv: 185.230.79.254 + router_broadcast_srv: 185.230.79.255 + router_ipv4_filnewserveurs: 10.54.0.254 + router_broadcast_filnewserveurs: 10.54.0.255 + router_ipv4_wifinewserveurs: 10.53.0.254 + router_broadcast_wifinewserveurs: 10.53.0.255 + roles: + - keepalived diff --git a/roles/keepalived/tasks/main.yml b/roles/keepalived/tasks/main.yml new file mode 100644 index 00000000..e0678e1e --- /dev/null +++ b/roles/keepalived/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: Install keepalived + apt: + update_cache: true + name: + - keepalived + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Deploy keepalived configuration + template: + src: keepalived/keepalived.conf.j2 + dest: /etc/keepalived/keepalived.conf + mode: 0644 diff --git a/roles/keepalived/templates/keepalived/keepalived.conf.j2 b/roles/keepalived/templates/keepalived/keepalived.conf.j2 new file mode 100644 index 00000000..fc2e1578 --- /dev/null +++ b/roles/keepalived/templates/keepalived/keepalived.conf.j2 @@ -0,0 +1,161 @@ +# {{ ansible_managed }} + +global_defs { + notification_email { + root@crans.org + } + notification_email_from keepalived@crans.org + smtp_server smtp.adm.crans.org +} + +{% if keepalived.proxy %} +vrrp_instance VI_DAUR4 { + # We don't own the IP address, which allows manual triggering of IP change when machine comes UP + # see man keepalived.conf. +{% if keepalived.proxy_primary %} + state MASTER + priority 150 +{% else %} + state BACKUP + priority 100 +{% endif %} + + interface eth1 + virtual_router_id 51 + advert_int 2 + authentication { + auth_type PASS + auth_pass {{ keepalived.proxy_password }} + } + + virtual_ipaddress { + {{ keepalived.proxy_ipv4 }}/32 brd 138.231.143.255 dev eth0 scope global + } +} +{% endif %} + +{% if keepalived.proxy %} +vrrp_instance VI_DAUR6 { + # We don't own the IP address, which allows manual triggering of IP change when machine comes UP + # see man keepalived.conf. +{% if keepalived.proxy_primary %} + state MASTER + priority 150 +{% else %} + state BACKUP + priority 100 +{% endif %} + + interface eth1 + virtual_router_id 51 + advert_int 2 + authentication { + auth_type PASS + auth_pass {{ keepalived.proxy_password }} + } + + virtual_ipaddress { + {{ keepalived.proxy_ipv6 }}/64 dev eth0 scope global + } +} +{% endif %} + +{% if keepalived.radius %} +vrrp_instance VI_RAD4 { + # We don't own the IP address, which allows manual triggering of IP change when machine comes UP + # see man keepalived.conf. +{% if keepalived.radius_primary %} + state MASTER + priority 150 +{% elif keepalived.radius_secondary %} + state BACKUP + priority 100 +{% else %} + state BACKUP + priority 50 +{% endif %} + interface {{ keepalived.if_adm }} + virtual_router_id 52 + advert_int 2 + authentication { + auth_type PASS + auth_pass {{ keepalived.radius_password }} + } + + virtual_ipaddress { + {{ keepalived.radius_ipv4_adm }}/24 brd {{ keepalived.radius_broadcast_adm }} dev {{ keepalived.if_adm }} scope global + {{ keepalived.radius_ipv4_bornes }}/24 brd {{ keepalived.radius_broadcast_bornes }} dev {{ keepalived.if_bornes }} scope global + {{ keepalived.radius_ipv4_switches }}/24 brd {{ keepalived.radius_broadcast_switches }} dev {{ keepalived.if_switches }} scope global + } +} +{% endif %} + +{% if keepalived.radius %} +vrrp_instance VI_RAD6 { + # We don't own the IP address, which allows manual triggering of IP change when machine comes UP + # see man keepalived.conf. +{% if keepalived.radius_primary %} + state MASTER + priority 150 +{% elif keepalived.radius_secondary %} + state BACKUP + priority 100 +{% else %} + state BACKUP + priority 50 +{% endif %} + interface {{ keepalived.if_adm }} + virtual_router_id 52 + advert_int 2 + authentication { + auth_type PASS + auth_pass {{ keepalived.radius_password }} + } + + virtual_ipaddress { + {{ keepalived.radius_ipv6_adm }}/64 dev {{ keepalived.if_adm }} scope global + {{ keepalived.radius_ipv6_bornes }}/64 dev {{ keepalived.if_bornes }} scope global + {{ keepalived.radius_ipv6_switches }}/64 dev {{ keepalived.if_switches }} scope global + } +} +{% endif %} + +{% if keepalived.router %} +vrrp_instance VI_ROUT { + # We don't own the IP address, which allows manual triggering of IP change when machine comes UP + # see man keepalived.conf. +{% if keepalived.router_primary %} + state MASTER + priority 150 +{% else %} + state BACKUP + priority 100 +{% endif %} + interface {{ keepalived.if_adm }} + + virtual_router_id 53 + advert_int 2 + authentication { + auth_type PASS + auth_pass {{ keepalived.router_password }} + } + + smtp_alert + + virtual_ipaddress { + {{ keepalived.router_ipv4_serveurs }}/21 brd {{ keepalived.router_broadcast_serveurs }} dev {{ keepalived.if_serveurs }} scope global + {{ keepalived.router_ipv4_adm }}/24 brd {{ keepalived.router_broadcast_adm }} dev {{ keepalived.if_adm }} scope global + {{ keepalived.router_ipv4_bornes }}/24 brd {{ keepalived.router_broadcast_bornes }} dev {{ keepalived.if_bornes }} scope global + {{ keepalived.router_id_zayo }}/31 dev {{ keepalived.if_zayo }} scope global + {{ keepalived.router_id_zrt }}/24 brd {{ keepalived.router_broadcast_zrt }} dev {{ keepalived.if_zrt }} scope global + {{ keepalived.router_ipv4_filpub }}/24 brd {{ keepalived.router_broadcast_filpub }} dev {{ keepalived.if_filpub }} scope global + {{ keepalived.router_ipv4_srv }}/24 brd {{ keepalived.router_broadcast_srv }} dev {{ keepalived.if_srv }} scope global + {{ keepalived.router_ipv4_filnewserveurs }}/16 brd {{ keepalived.router_broadcast_filnewserveurs }} dev {{ keepalived.if_filnewserveurs }} scope global + {{ keepalived.router_ipv4_wifinewserveurs }}/16 brd {{ keepalived.router_broadcast_wifinewserveurs }} dev {{ keepalived.if_wifinewserveurs }} scope global + } + + virtual_routes { + src {{ keepalived.router_ipv4_serveurs }} to 0.0.0.0/0 via 138.231.132.1 dev {{ keepalived.if_zrt }} + } +} +{% endif %}