[keepalived] Added role to install keepalived

re2o-api.yml

@@ -0,0 +1,51 @@
+---
+# Deploy keepalived on odlyd
+- hosts: odlyd.adm.crans.org
+  vars:
+    keepalived:
+      radius: true
+      radius_password: "{{ vault_keepalived_radius_password }}"
+      radius_primary: false
+      radius_secondary: false
+      router: true
+      router_password: "{{ vault_keepalived_router_password }}"
+      router_primary: false
+      proxy: false
+      if_serveurs: eth0.1
+      if_adm: eth0.2
+      if_bornes: eth0.3
+      if_switches: eth0.4
+      if_zayo: ens1f0.26
+      if_zrt: ens1f0.1132
+      if_filpub: ens1f0.23
+      if_srv: ens1f0.24
+      if_filnewserveurs: ens1f0.21
+      if_wifinewserveurs: ens1f0.22
+      radius_ipv4_adm: 10.231.136.11
+      radius_broadcast_adm: 10.231.136.255
+      radius_ipv4_bornes: 10.231.148.11
+      radius_broadcast_bornes: 10.231.148.255
+      radius_ipv4_switches: 10.231.100.11
+      radius_broadcast_switches: 10.231.100.255
+      radius_ipv6_adm: 2a0c:700:0:2:ad:adff:fef0:f002
+      radius_ipv6_bornes: fd01:240:fe3d:3:ad:adff:fef0:f003
+      radius_ipv6_switches: fd01:240:fe3d:c804:ad:adff:fef0:f004
+      router_ipv4_serveurs: 138.231.136.254
+      router_broadcast_serveurs: 138.231.136.255
+      router_ipv4_adm: 10.231.136.254
+      router_broadcast_adm: 10.231.136.255
+      router_ipv4_bornes: 10.231.148.254
+      router_broadcast_bornes: 10.231.148.255
+      router_id_zayo: 158.255.113.73
+      router_id_zrt: 138.231.132.47
+      router_broadcast_zrt: 138.231.132.255 
+      router_ipv4_filpub: 185.230.78.254
+      router_broadcast_filpub: 185.230.78.255
+      router_ipv4_srv: 185.230.79.254
+      router_broadcast_srv: 185.230.79.255
+      router_ipv4_filnewserveurs: 10.54.0.254
+      router_broadcast_filnewserveurs: 10.54.0.255
+      router_ipv4_wifinewserveurs: 10.53.0.254
+      router_broadcast_wifinewserveurs: 10.53.0.255
+  roles:
+    - keepalived

roles/keepalived/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- name: Install keepalived
+  apt:
+    update_cache: true
+    name:
+      - keepalived
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Deploy keepalived configuration
+  template:
+    src: keepalived/keepalived.conf.j2
+    dest: /etc/keepalived/keepalived.conf
+    mode: 0644

roles/keepalived/templates/keepalived/keepalived.conf.j2

@@ -0,0 +1,161 @@
+# {{ ansible_managed }}
+
+global_defs {
+  notification_email {
+    root@crans.org
+  }
+  notification_email_from keepalived@crans.org
+  smtp_server smtp.adm.crans.org
+}
+
+{% if keepalived.proxy %}
+vrrp_instance VI_DAUR4 {
+  # We don't own the IP address, which allows manual triggering of IP change when machine comes UP
+  # see man keepalived.conf.
+{% if keepalived.proxy_primary %}
+  state MASTER
+  priority 150
+{% else %}
+  state BACKUP
+  priority 100
+{% endif %}
+
+  interface eth1
+  virtual_router_id 51
+  advert_int 2
+  authentication {
+    auth_type PASS
+    auth_pass {{ keepalived.proxy_password }}
+  }
+
+  virtual_ipaddress {
+        {{ keepalived.proxy_ipv4 }}/32 brd 138.231.143.255 dev eth0 scope global
+  }
+}
+{% endif %}
+
+{% if keepalived.proxy %}
+vrrp_instance VI_DAUR6 {
+  # We don't own the IP address, which allows manual triggering of IP change when machine comes UP
+  # see man keepalived.conf.
+{% if keepalived.proxy_primary %}
+  state MASTER
+  priority 150
+{% else %}
+  state BACKUP
+  priority 100
+{% endif %}
+
+  interface eth1
+  virtual_router_id 51
+  advert_int 2
+  authentication {
+    auth_type PASS
+    auth_pass {{ keepalived.proxy_password }}
+  }
+
+  virtual_ipaddress {
+        {{ keepalived.proxy_ipv6 }}/64 dev eth0 scope global
+  }
+}
+{% endif %}
+
+{% if keepalived.radius %}
+vrrp_instance VI_RAD4 {
+  # We don't own the IP address, which allows manual triggering of IP change when machine comes UP
+  # see man keepalived.conf.
+{% if keepalived.radius_primary %}
+  state MASTER
+  priority 150
+{% elif keepalived.radius_secondary %}
+  state BACKUP
+  priority 100
+{% else %}
+  state BACKUP
+  priority 50
+{% endif %}
+  interface {{ keepalived.if_adm }}
+  virtual_router_id 52
+  advert_int 2
+  authentication {
+    auth_type PASS
+    auth_pass {{ keepalived.radius_password }}
+  }
+
+  virtual_ipaddress {
+        {{ keepalived.radius_ipv4_adm }}/24 brd {{ keepalived.radius_broadcast_adm }} dev {{ keepalived.if_adm }} scope global
+        {{ keepalived.radius_ipv4_bornes }}/24 brd {{ keepalived.radius_broadcast_bornes }} dev {{ keepalived.if_bornes }} scope global
+        {{ keepalived.radius_ipv4_switches }}/24 brd {{ keepalived.radius_broadcast_switches }} dev {{ keepalived.if_switches }} scope global
+  }
+}
+{% endif %}
+
+{% if keepalived.radius %}
+vrrp_instance VI_RAD6 {
+  # We don't own the IP address, which allows manual triggering of IP change when machine comes UP
+  # see man keepalived.conf.
+{% if keepalived.radius_primary %}
+  state MASTER
+  priority 150
+{% elif keepalived.radius_secondary %}
+  state BACKUP
+  priority 100
+{% else %}
+  state BACKUP
+  priority 50
+{% endif %}
+  interface {{ keepalived.if_adm }}
+  virtual_router_id 52
+  advert_int 2
+  authentication {
+    auth_type PASS
+    auth_pass {{ keepalived.radius_password }}
+  }
+
+  virtual_ipaddress {
+        {{ keepalived.radius_ipv6_adm }}/64 dev {{ keepalived.if_adm }} scope global
+        {{ keepalived.radius_ipv6_bornes }}/64 dev {{ keepalived.if_bornes }} scope global
+        {{ keepalived.radius_ipv6_switches }}/64 dev {{ keepalived.if_switches }} scope global
+  }
+}
+{% endif %}
+
+{% if keepalived.router %}
+vrrp_instance VI_ROUT {
+  # We don't own the IP address, which allows manual triggering of IP change when machine comes UP
+  # see man keepalived.conf.
+{% if keepalived.router_primary %}
+  state MASTER
+  priority 150
+{% else %}
+  state BACKUP
+  priority 100
+{% endif %}
+  interface {{ keepalived.if_adm }}
+
+  virtual_router_id 53
+  advert_int 2
+  authentication {
+    auth_type PASS
+    auth_pass {{ keepalived.router_password }}
+  }
+
+  smtp_alert
+
+  virtual_ipaddress {
+        {{ keepalived.router_ipv4_serveurs }}/21 brd {{ keepalived.router_broadcast_serveurs }} dev {{ keepalived.if_serveurs }} scope global
+        {{ keepalived.router_ipv4_adm }}/24 brd {{ keepalived.router_broadcast_adm }} dev {{ keepalived.if_adm }} scope global
+        {{ keepalived.router_ipv4_bornes }}/24 brd {{ keepalived.router_broadcast_bornes }} dev {{ keepalived.if_bornes }} scope global
+        {{ keepalived.router_id_zayo }}/31 dev {{ keepalived.if_zayo }} scope global
+        {{ keepalived.router_id_zrt }}/24 brd {{ keepalived.router_broadcast_zrt }} dev {{ keepalived.if_zrt }} scope global
+        {{ keepalived.router_ipv4_filpub }}/24 brd {{ keepalived.router_broadcast_filpub }} dev {{ keepalived.if_filpub }} scope global
+        {{ keepalived.router_ipv4_srv }}/24 brd {{ keepalived.router_broadcast_srv }} dev {{ keepalived.if_srv }} scope global
+        {{ keepalived.router_ipv4_filnewserveurs }}/16 brd {{ keepalived.router_broadcast_filnewserveurs }} dev {{ keepalived.if_filnewserveurs }} scope global
+        {{ keepalived.router_ipv4_wifinewserveurs }}/16 brd {{ keepalived.router_broadcast_wifinewserveurs }} dev {{ keepalived.if_wifinewserveurs }} scope global
+   }
+
+  virtual_routes {
+        src {{ keepalived.router_ipv4_serveurs }} to 0.0.0.0/0 via 138.231.132.1 dev {{ keepalived.if_zrt }}
+  }
+}
+{% endif %}