crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[keepalived] https://www.youtube.com/watch?v=fNFzfwLM72c please dont die

certbot_on_virtu
_shirenn 2021-06-18 20:04:30 +02:00 committed by Yohann D'ANELLO
parent f4b4c51f30
commit 37ea941a8d
Signed by: _ynerant
GPG Key ID: 3A75C55819C8CF85
10 changed files with 65 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
group_vars/keepalived.yml
View File

@ -1,37 +1,25 @@
--- ---
glob_keepalived: glob_keepalived:
mail_source: keepalived@crans.org mail_source: keepalived@crans.org
mail_destination: root@crans.org mail_destination: shirenn@crans.org
smtp_server: smtp.adm.crans.org smtp_server: smtp.adm.crans.org
pool: pool:
all: VI_ALL:
password: "{{ vault.keepalived.password }}" password: "{{ vault.keepalived.password }}"
id: 60 id: 60
ipv6: yes ipv6: yes
notify: /usr/scripts/notify-dhcp notify: /var/local/services/keepalived/keepalived.py
zones: zones:
- vlan: zayo
ipv4: 158.255.113.73/31
brd: false
ipv6: 2001:1b48:2:103::bb:2/126
- vlan: srv - vlan: srv
ipv4: 185.230.79.62/26 ipv4: 185.230.79.61/26
ipv6: 2a0c:700:2::ff:fe00:9902/64 ipv6: 2a0c:700:2::ff:fe01:9902/64
- vlan: srv_nat - vlan: srv_nat
ipv4: 172.16.3.99/24 ipv4: 172.16.3.199/24
ipv6: 2a0c:700:3::ff:fe00:9903/64 ipv6: 2a0c:700:3::ff:fe01:9903/64
- vlan: accueil
ipv4: 172.16.14.99/24
- vlan: infra
ipv4: 172.16.32.99/22
ipv6: fd00::11:0:ff:fe00:9911/64
- vlan: adh - vlan: adh
ipv4: 185.230.78.99/24 ipv4: 185.230.78.199/24
ipv6: 2a0c:700:12::ff:fe00:9912/48 ipv6: 2a0c:700:12::ff:fe01:9912/48
- vlan: adh_nat
ipv4: 100.64.0.99/16 glob_service_keepalived:
ipv6: 2a0c:700:13::ff:fe00:9913/48 name: keepalived
- vlan: federez install_dir: /var/local/services/keepalived
ipv4: 100.65.0.99/16
ipv6: 2a0c:700:254::ff:fe00:99fe/64

16
host_vars/routeur-daniel.adm.crans.org/keepalived.yml 100644
View File

@ -0,0 +1,16 @@
---
loc_keepalived:
instances:
- name: VI_ALL
state: MASTER
priority: 150
loc_service_keepalived:
git:
remote: https://gitlab.adm.crans.org/nounous/keepalived.git
version: master
config:
services:
VI_ALL:
- isc-dhcp-server
- radvd

16
host_vars/routeur-jack.adm.crans.org/keepalived.yml 100644
View File

@ -0,0 +1,16 @@
---
loc_keepalived:
instances:
- name: VI_ALL
state: BACKUP
priority: 100
loc_service_keepalived:
git:
remote: https://gitlab.adm.crans.org/nounous/keepalived.git
version: master
config:
services:
VI_ALL:
- isc-dhcp-server
- radvd

8
plays/keepalived.yml 100644 → 100755
View File

@ -2,6 +2,12 @@
--- ---
- hosts: keepalived - hosts: keepalived
vars: vars:
keepalived: "{{ glob_keepalived | combine(loc_keepalived) }}" keepalived: "{{ glob_keepalived | default({}) | combine(loc_keepalived | default({})) }}"
roles: roles:
- keepalived - keepalived
- hosts: keepalived
vars:
service: "{{ glob_service_keepalived | default({}) | combine(loc_service_keepalived | default({})) }}"
roles:
- service

1
plays/routeurs.yml
View File

@ -6,3 +6,4 @@
- import_playbook: firewall.yml - import_playbook: firewall.yml
- import_playbook: dns-recursive.yml - import_playbook: dns-recursive.yml
- import_playbook: prefix-delegation.yml - import_playbook: prefix-delegation.yml
- import_playbook: keepalived.yml

1
roles/isc-dhcp-server/handlers/main.yml
View File

@ -7,6 +7,5 @@
systemd: systemd:
name: isc-dhcp-server name: isc-dhcp-server
state: restarted state: restarted
enabled: true
listen: 'restart isc-dhcp-server' listen: 'restart isc-dhcp-server'
when: not ansible_check_mode and ansible_facts.services['isc-dhcp-server']['state'] == 'running' when: not ansible_check_mode and ansible_facts.services['isc-dhcp-server']['state'] == 'running'

17
roles/keepalived/tasks/main.yml
View File

@ -14,15 +14,8 @@
mode: 0644 mode: 0644
notify: Reload keepalived.service notify: Reload keepalived.service
- name: Create scripts directory - name: Start and enable keepalived
file: service:
path: /usr/scripts name: keepalived
state: directory state: started
enabled: yes
- name: Deploy keepalived dhcp scripts
template:
src: bin/notify-dhcp
dest: /usr/scripts/notify-dhcp
mode: 0744
when: not ansible_check_mode
notify: Reload keepalived.service

24
roles/keepalived/templates/bin/notify-dhcp
View File

@ -1,24 +0,0 @@
#!/bin/bash
TYPE=$1
NAME=$2
STATE=$3
case $STATE in
"MASTER")
logger -s '[DHCP-NOTIFY] Entering state MASTER, starting isc-dhcp-server.service'
systemctl start isc-dhcp-server.service
exit 0;;
"BACKUP")
logger -s '[DHCP-NOTIFY] Entering state BACKUP, stopping isc-dhcp-server.service'
systemctl stop isc-dhcp-server.service
exit 0;;
"FAULT")
logger -s '[DHCP-NOTIFY] Entering state FAULT, stopping isc-dhcp-server.service'
systemctl stop isc-dhcp-server.service
exit 0;;
*)
logger -s '[DHCP-NOTIFY] Entering UNKNOWN state, doing nothing'
exit 1;;
esac

4
roles/keepalived/templates/keepalived/keepalived.conf.j2
View File

@ -7,7 +7,7 @@ global_defs {
} }
{% for instance in keepalived.instances %} {% for instance in keepalived.instances %}
vrrp_instance {{ instance.tag }}4 { vrrp_instance {{ instance.name }} {
state {{ instance.state }} state {{ instance.state }}
priority {{ instance.priority }} priority {{ instance.priority }}
smtp_alert smtp_alert
@ -36,7 +36,7 @@ vrrp_instance {{ instance.tag }}4 {
} }
{% if keepalived.pool[instance.name].ipv6 %} {% if keepalived.pool[instance.name].ipv6 %}
vrrp_instance {{ instance.tag }}6 { vrrp_instance {{ instance.name }}6 {
state {{ instance.state }} state {{ instance.state }}
priority {{ instance.priority }} priority {{ instance.priority }}
smtp_alert smtp_alert

5
roles/radvd/handlers/main.yml
View File

@ -1,5 +1,10 @@
--- ---
- name: check radvd status
service_facts:
listen: Restart radvd service
- name: Restart radvd service - name: Restart radvd service
service: service:
name: radvd name: radvd
state: restarted state: restarted
when: not ansible_check_mode and ansible_facts.services['bird']['state'] == 'running'