Merge branch 'keepalived' into 'newinfra'

Keepalived See merge request nounous/ansible!27
2020-08-07 17:43:32 +02:00 · 2020-08-07 17:43:32 +02:00 · 63b06fc02c
parent 3243737413 1c47cce83d
commit 63b06fc02c
14 changed files with 163 additions and 69 deletions
--- a/group_vars/keepalived.yml
+++ b/group_vars/keepalived.yml
@ -1,11 +1,16 @@
 ---
-keepalived:
+glob_keepalived:
-  dhcp:
+  mail_source: keepalived@crans.org
-    password: "plopisverysecure"
+  mail_destination: root@crans.org
-    id: 60
+  smtp_server: smtp.adm.crans.org
-    ipv6: no
+  pool:
-    zones:
+    dhcp:
-      - vlan: adh-nat
+      password: "plopisverysecure"
-        ipv4: 100.64.0.99/16
+      id: 60
-        brd: 100.64.255.255
+      ipv6: no
      notify: /usr/scripts/notify-dhcp
      zones:
        - vlan: adh-nat
          ipv4: 100.64.0.99/16
          brd: 100.64.255.255
--- a/host_vars/bakdaur.adm.crans.org.yml
+++ b/host_vars/bakdaur.adm.crans.org.yml
@ -3,8 +3,9 @@ interfaces:
  adm: eth0
  srv: eth1
-keepalived_instances:
+loc_keepalived:
-  - name: proxy
+  instances:
-    tag: VI_DAUR
+    - name: proxy
-    state: MASTER
+      tag: VI_DAUR
-    priority: 150
+      state: MASTER
      priority: 150
--- a/host_vars/eap.adm.crans.org.yml
+++ b/host_vars/eap.adm.crans.org.yml
@ -5,8 +5,9 @@ interfaces:
  bornes: eth1
  switches: eth2
-keepalived_instances:
+loc_keepalived:
-  - name: radius
+  instances:
-    tag: VI_RAD
+    - name: radius
-    state: BACKUP
+      tag: VI_RAD
-    priority: 100
+      state: BACKUP
      priority: 100
--- a/host_vars/frontdaur.adm.crans.org.yml
+++ b/host_vars/frontdaur.adm.crans.org.yml
@ -3,8 +3,9 @@ interfaces:
  adm: eth1
  srv: eth0
-keepalived_instances:
+loc_keepalived:
-  - name: proxy
+  instances:
-    tag: VI_DAUR
+    - name: proxy
-    state: BACKUP
+      tag: VI_DAUR
-    priority: 100
+      state: BACKUP
      priority: 100
--- a/host_vars/gulp.adm.crans.org.yml
+++ b/host_vars/gulp.adm.crans.org.yml
@ -7,8 +7,9 @@ interfaces:
  wifi_new: ens1f0.22
  zayo: ens1f0.26
-keepalived_instances:
+loc_keepalived:
-  - name: router
+  instances:
-    tag: VI_ROUT
+    - name: router
-    state: MASTER
+      tag: VI_ROUT
-    priority: 150
+      state: MASTER
      priority: 150
--- a/host_vars/odlyd.adm.crans.org.yml
+++ b/host_vars/odlyd.adm.crans.org.yml
@ -10,12 +10,13 @@ interfaces:
  srv: ens1f0.24
  zayo: ens1f0.26
-keepalived_instances:
+loc_keepalived:
-  - name: radius
+  instances:
-    tag: VI_RAD
+    - name: radius
-    state: BACKUP
+      tag: VI_RAD
-    priority: 50
+      state: BACKUP
-  - name: router
+      priority: 50
-    tag: VI_ROUT
+    - name: router
-    state: BACKUP
+      tag: VI_ROUT
-    priority: 100
+      state: BACKUP
      priority: 100
--- a/host_vars/radius.adm.crans.org.yml
+++ b/host_vars/radius.adm.crans.org.yml
@ -5,8 +5,9 @@ interfaces:
  bornes: eth1
  switches: eth2
-keepalived_instances:
+loc_keepalived:
-  - name: radius
+  instances:
-    tag: VI_RAD
+    - name: radius
-    state: MASTER
+      tag: VI_RAD
-    priority: 150
+      state: MASTER
      priority: 150
--- a/host_vars/routeur-daniel.adm.crans.org.yml
+++ b/host_vars/routeur-daniel.adm.crans.org.yml
@ -8,8 +8,9 @@ interfaces:
  adh-nat: ens23
-keepalived_instances:
+loc_keepalived:
-  - name: dhcp
+  instances:
-    tag: VI_DHCP
+    - name: dhcp
-    state: BACKUP
+      tag: VI_DHCP
-    priority: 100
+      state: BACKUP
      priority: 100
--- a/host_vars/routeur-sam.adm.crans.org.yml
+++ b/host_vars/routeur-sam.adm.crans.org.yml
@ -8,8 +8,9 @@ interfaces:
  adh-nat: ens23
-keepalived_instances:
+loc_keepalived:
-  - name: dhcp
+  instances:
-    tag: VI_DHCP
+    - name: dhcp
-    state: MASTER
+      tag: VI_DHCP
-    priority: 150
+      state: MASTER
      priority: 150
--- a/plays/keepalived.yml
+++ b/plays/keepalived.yml
@ -1,5 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts: keepalived
  vars:
    keepalived: "{{ glob_keepalived | combine(loc_keepalived) }}"
  roles:
    - keepalived
--- a/roles/keepalived/README.md
+++ b/roles/keepalived/README.md
@ -0,0 +1,38 @@
 # KEEPALIVED
 Ce rôle installe keepalived pour permettre la redondance de certain service
 entre plusieurs services.
 /!\ Ce rôle déploie un script pour relancer automatiquement le serveur dhcp /!\
 ## VARS
 keepalived:
  - mail_destination: a qui envoyé les mails en cas de switching
  - mail_source: qui envoie les mails
  - smtp_server: le serveur smtp par qui passer pour envoyer les mails
  - pool: Une liste de différentes instances installable sur la machine. Les
    instances sont des dictionnaires comprenant les champs suivant :
    - name: le nom de l'instance
    - password: le mot de passe que vont utilisé les marchines d'une même
      instance pour se synchroniser
    - id: l'indentifiant qu'elles vont utiliser pour discuter
    - ipv6: s'il est necessaire de configurer une instance supplémentaire pour
      de l'ipv6
    - notify: le script a notifé en cas de switching (s'il n'est pas précisé
      aucun script n'est utilisé)
    - administration: le vlan d'administration sur lequel les machines d'une
      même instances vont discuter
    - zones: une liste de zone sur lequel vont parler les instances keepalived.
      Chaque zone est un disctionnaire comprenant les champs suivants:
      - vlan: le vlan sur lequel est installé la zone
      - ipv4: l'ipv4 au format CIDR partagé par les machines
      - brd: s'il faut préciser ou non l'interface de broadcast
      - ipv6: une ipv6 (elle peut ne pas être précisé, si elle est présente mais
        que l'instance ne précise pas ipv6, elle sera ignoré)
  - instances: Une liste d'instance a déployer sur la machine. Les instances
    sont des dictionnaires comprenant les champs suivants:
    - name: le nom de linstance a deployer
    - tag: le petit nom à lui donner
    - state: l'état (entre BACKUP et MASTER)
    - priority: la priorité (pour un MASTER on met par défaut 150 puis on reduit
      de 50 par 50)
--- a/roles/keepalived/tasks/main.yml
+++ b/roles/keepalived/tasks/main.yml
@ -13,3 +13,16 @@
    dest: /etc/keepalived/keepalived.conf
    mode: 0644
  notify: Reload keepalived.service
 - name: Create scripts directory
  file:
    path: /usr/scripts
    state: directory
 - name: Deploy keepalived dhcp scripts
  template:
    src: bin/notify-dhcp
    dest: /usr/scripts/notify-dhcp
    mode: 0744
  when: not ansible_check_mode
  notify: Reload keepalived.service
--- a/roles/keepalived/templates/bin/notify-dhcp
+++ b/roles/keepalived/templates/bin/notify-dhcp
@ -0,0 +1,24 @@
 #!/bin/bash
 TYPE=$1
 NAME=$2
 STATE=$3
 case $STATE in
 	"MASTER")
 		logger -s '[DHCP-NOTIFY] Entering state MASTER, starting isc-dhcp-server.service'
 		systemctl start isc-dhcp-server.service
 		exit 0;;
 	"BACKUP")
 		logger -s '[DHCP-NOTIFY] Entering state BACKUP, stopping isc-dhcp-server.service'
 		systemctl stop isc-dhcp-server.service
 		exit 0;;
 	"FAULT")
 		logger -s '[DHCP-NOTIFY] Entering state FAULT, stopping isc-dhcp-server.service'
 		systemctl stop isc-dhcp-server.service
 		exit 0;;
 	*)
 		logger -s '[DHCP-NOTIFY] Entering UNKNOWN state, doing nothing'
 		exit 1;;
 esac
--- a/roles/keepalived/templates/keepalived/keepalived.conf.j2
+++ b/roles/keepalived/templates/keepalived/keepalived.conf.j2
@ -1,31 +1,33 @@
 {{ ansible_header | comment }}
 global_defs {
-  notification_email {
+  notification_email { {{ keepalived.mail_destination }} }
-    root@crans.org
+  notification_email_from {{ keepalived.mail_source }}
-  }
+  smtp_server {{ keepalived.smtp_server }}
  notification_email_from keepalived@crans.org
  smtp_server smtp.adm.crans.org
 }
-{% for instance in keepalived_instances %}
+{% for instance in keepalived.instances %}
 vrrp_instance {{ instance.tag }}4 {
  state {{ instance.state }}
  priority {{ instance.priority }}
  smtp_alert
  interface {{ interfaces.adm }}
-  virtual_router_id {{ keepalived[instance.name].id }}
+  virtual_router_id {{ keepalived.pool[instance.name].id }}
  advert_int 2
  authentication {
    auth_type PASS
-    auth_pass {{ keepalived[instance.name].password }}
+    auth_pass {{ keepalived.pool[instance.name].password }}
  }
 {% if keepalived.pool[instance.name].notify is defined %}
  notify {{ keepalived.pool[instance.name].notify }}
 {% endif %}
  virtual_ipaddress {
-{% for zone in keepalived[instance.name].zones %}
+{% for zone in keepalived.pool[instance.name].zones %}
-  {% if zone.brd is defined %}
+  {% if zone.brd  %}
-      {{ zone.ipv4 }} brd {{ zone.brd }} dev {{ interfaces[zone.vlan] }} scope global
+      {{ zone.ipv4 }} brd {{ zone.ipv4 | ipaddr('broadcast') }} dev {{ interfaces[zone.vlan] }} scope global
  {% else %}
      {{ zone.ipv4 }} dev {{ interfaces[zone.vlan] }} scope global
  {% endif %}
@ -33,23 +35,25 @@ vrrp_instance {{ instance.tag }}4 {
  }
 }
-{% if keepalived[instance.name].ipv6 %}
+{% if keepalived.pool[instance.name].ipv6 %}
 vrrp_instance {{ instance.tag }}6 {
  state {{ instance.state }}
  priority {{ instance.priority }}
  smtp_alert
-  interface {{ interfaces.adm }}
+  interface {{ keepalived.pool[instance.name].administration }}
-  virtual_router_id {{ keepalived[instance.name].id }}
+  virtual_router_id {{ keepalived.pool[instance.name].id }}
  advert_int 2
  authentication {
    auth_type PASS
-    auth_pass {{ keepalived[instance.name].password }}
+    auth_pass {{ keepalived.pool[instance.name].password }}
  }
  virtual_ipaddress {
-{% for zone in keepalived[instance.name].zones %}
+{% for zone in keepalived.pool[instance.name].zones %}
 {% if zone.ipv6 is defined %}
      {{ zone.ipv6 }} dev {{ interfaces[zone.vlan] }} scope global
 {% endif %}
 {% endfor %}
  }
 }