Keepalived
parent
d7dc4398d5
commit
d9e1731ba1
|
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
|
||||
keepalived:
|
||||
radius:
|
||||
password: "{{ vault_keepalived_radius_password }}"
|
||||
id: 52
|
||||
ipv6: yes
|
||||
zones:
|
||||
- vlan: adm
|
||||
ipv4: 10.231.136.11/24
|
||||
brd: 10.231.136.255
|
||||
ipv6: 2a0c:700:0:2:ad:adff:fef0:f002/64
|
||||
- vlan: bornes
|
||||
ipv4: 10.231.148.11/24
|
||||
brd: 10.231.148.255
|
||||
ipv6: fd01:240:fe3d:3:ad:adff:fef0:f003/64
|
||||
- vlan: switches
|
||||
ipv4: 10.231.100.11/24
|
||||
brd: 10.231.100.255
|
||||
ipv6: fd01:240:fe3d:c804:ad:adff:fef0:f004/64
|
||||
router:
|
||||
password: "{{ vault_keepalived_router_password }}"
|
||||
id: 53
|
||||
ipv6: no
|
||||
zones:
|
||||
- vlan: adm
|
||||
ipv4: 10.231.136.254/24
|
||||
brd: 10.231.136.255
|
||||
- vlan: bornes
|
||||
ipv4: 10.231.148.254/24
|
||||
brd: 10.231.148.255
|
||||
- vlan: filpub
|
||||
ipv4: 185.230.78.254/24
|
||||
brd: 185.230.78.255
|
||||
- vlan: srv
|
||||
ipv4: 185.230.79.254/24
|
||||
brd: 185.230.79.255
|
||||
- vlan: filnewserveurs
|
||||
ipv4: 10.54.0.254/16
|
||||
brd: 10.54.255.255
|
||||
- vlan: wifinewserveurs
|
||||
ipv4: 10.53.0.254/16
|
||||
brd: 10.53.255.255
|
||||
- vlan: zayo
|
||||
ipv4: 158.255.113.73/31
|
||||
proxy:
|
||||
password: "{{ vault_keepalived_proxy_password }}"
|
||||
id: 51
|
||||
ipv6: yes
|
||||
zones:
|
||||
- vlan: srv
|
||||
ipv4: 185.230.79.194/32
|
||||
brd: 185.230.79.255
|
||||
ipv6: 2a0c:700:0:24:ba:ccff:feda:aa00/64
|
||||
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
interfaces:
|
||||
adm: eth0
|
||||
srv: eth1
|
||||
|
||||
keepalived_instances:
|
||||
- name: proxy
|
||||
tag: VI_DAUR
|
||||
state: MASTER
|
||||
priority: 150
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
|
||||
interfaces:
|
||||
adm: eth0
|
||||
bornes: eth1
|
||||
switches: eth2
|
||||
|
||||
keepalived_instances:
|
||||
- name: radius
|
||||
tag: VI_RAD
|
||||
state: BACKUP
|
||||
priority: 100
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
interfaces:
|
||||
adm: eth1
|
||||
srv: eth0
|
||||
|
||||
keepalived_instances:
|
||||
- name: proxy
|
||||
tag: VI_DAUR
|
||||
state: BACKUP
|
||||
priority: 100
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
interfaces:
|
||||
serveurs: eth0.1
|
||||
adm: eth0.2
|
||||
bornes: eth0.3
|
||||
switches: eth0.4
|
||||
zayo: ens1f0.26
|
||||
zrt: ens1f0.1132
|
||||
filpub: ens1f0.23
|
||||
srv: ens1f0.24
|
||||
filnewserveurs: ens1f0.21
|
||||
wifinewserveurs: ens1f0.22
|
||||
|
||||
keepalived_instances:
|
||||
- name: radius
|
||||
tag: VI_RAD
|
||||
state: BACKUP
|
||||
priority: 50
|
||||
- name: router
|
||||
tag: VI_ROUT
|
||||
state: BACKUP
|
||||
priority: 100
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
|
||||
interfaces:
|
||||
adm: eth0
|
||||
bornes: eth1
|
||||
switches: eth2
|
||||
|
||||
keepalived_instances:
|
||||
- name: radius
|
||||
tag: VI_RAD
|
||||
state: MASTER
|
||||
priority: 150
|
||||
7
hosts
7
hosts
|
|
@ -4,6 +4,13 @@
|
|||
# > We name servers according to location, then type.
|
||||
# > Then we regroup everything in global geographic and type groups.
|
||||
|
||||
[router]
|
||||
odlyd.adm.crans.org
|
||||
eap.adm.crans.org
|
||||
radius.adm.crans.org
|
||||
frontdaur.adm.crans.org
|
||||
bakdaur.adm.crans.org
|
||||
|
||||
[test_vm]
|
||||
re2o-test.adm.crans.org
|
||||
|
||||
|
|
|
|||
114
re2o-api.yml
114
re2o-api.yml
|
|
@ -1,117 +1,5 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# Deploy keepalived on odlyd
|
||||
- hosts: odlyd.adm.crans.org
|
||||
vars:
|
||||
keepalived:
|
||||
radius: true
|
||||
radius_password: "{{ vault_keepalived_radius_password }}"
|
||||
radius_primary: false
|
||||
radius_secondary: false
|
||||
router: true
|
||||
router_password: "{{ vault_keepalived_router_password }}"
|
||||
router_primary: false
|
||||
if_serveurs: eth0.1
|
||||
if_adm: eth0.2
|
||||
if_bornes: eth0.3
|
||||
if_switches: eth0.4
|
||||
if_zayo: ens1f0.26
|
||||
if_zrt: ens1f0.1132
|
||||
if_filpub: ens1f0.23
|
||||
if_srv: ens1f0.24
|
||||
if_filnewserveurs: ens1f0.21
|
||||
if_wifinewserveurs: ens1f0.22
|
||||
radius_ipv4_adm: 10.231.136.11
|
||||
radius_broadcast_adm: 10.231.136.255
|
||||
radius_ipv4_bornes: 10.231.148.11
|
||||
radius_broadcast_bornes: 10.231.148.255
|
||||
radius_ipv4_switches: 10.231.100.11
|
||||
radius_broadcast_switches: 10.231.100.255
|
||||
radius_ipv6_adm: 2a0c:700:0:2:ad:adff:fef0:f002
|
||||
radius_ipv6_bornes: fd01:240:fe3d:3:ad:adff:fef0:f003
|
||||
radius_ipv6_switches: fd01:240:fe3d:c804:ad:adff:fef0:f004
|
||||
router_ipv4_serveurs: 138.231.136.254
|
||||
router_broadcast_serveurs: 138.231.136.255
|
||||
router_ipv4_adm: 10.231.136.254
|
||||
router_broadcast_adm: 10.231.136.255
|
||||
router_ipv4_bornes: 10.231.148.254
|
||||
router_broadcast_bornes: 10.231.148.255
|
||||
router_id_zayo: 158.255.113.73
|
||||
router_id_zrt: 138.231.132.47
|
||||
router_broadcast_zrt: 138.231.132.255
|
||||
router_ipv4_filpub: 185.230.78.254
|
||||
router_broadcast_filpub: 185.230.78.255
|
||||
router_ipv4_srv: 185.230.79.254
|
||||
router_broadcast_srv: 185.230.79.255
|
||||
router_ipv4_filnewserveurs: 10.54.0.254
|
||||
router_broadcast_filnewserveurs: 10.54.0.255
|
||||
router_ipv4_wifinewserveurs: 10.53.0.254
|
||||
router_broadcast_wifinewserveurs: 10.53.0.255
|
||||
roles:
|
||||
- keepalived
|
||||
|
||||
# Deploy keepalived on gulp
|
||||
- hosts: gulp.adm.crans.org
|
||||
vars:
|
||||
keepalived:
|
||||
router: true
|
||||
router_password: "{{ vault_keepalived_router_password }}"
|
||||
router_primary: true
|
||||
if_serveurs: eno1.1
|
||||
if_adm: eno1.2
|
||||
if_bornes: eno1.3
|
||||
if_zayo: ens1f0.26
|
||||
if_zrt: ens1f0.1132
|
||||
if_filpub: ens1f0.23
|
||||
if_srv: ens1f0.24
|
||||
if_filnewserveurs: ens1f0.21
|
||||
if_wifinewserveurs: ens1f0.22
|
||||
router_ipv4_serveurs: 138.231.136.254
|
||||
router_broadcast_serveurs: 138.231.136.255
|
||||
router_ipv4_adm: 10.231.136.254
|
||||
router_broadcast_adm: 10.231.136.255
|
||||
router_ipv4_bornes: 10.231.148.254
|
||||
router_broadcast_bornes: 10.231.148.255
|
||||
router_id_zayo: 158.255.113.73
|
||||
router_id_zrt: 138.231.132.47
|
||||
router_broadcast_zrt: 138.231.132.255
|
||||
router_ipv4_filpub: 185.230.78.254
|
||||
router_broadcast_filpub: 185.230.78.255
|
||||
router_ipv4_srv: 185.230.79.254
|
||||
router_broadcast_srv: 185.230.79.255
|
||||
router_ipv4_filnewserveurs: 10.54.0.254
|
||||
router_broadcast_filnewserveurs: 10.54.0.255
|
||||
router_ipv4_wifinewserveurs: 10.53.0.254
|
||||
router_broadcast_wifinewserveurs: 10.53.0.255
|
||||
roles:
|
||||
- keepalived
|
||||
|
||||
# Deploy keepalived on frontdaur
|
||||
- hosts: frontdaur.adm.crans.org
|
||||
vars:
|
||||
keepalived:
|
||||
proxy:
|
||||
primary: false
|
||||
password: "{{ vault_keepalived_proxy_password }}"
|
||||
ipv4: 185.230.79.194
|
||||
ipv6: 2a0c:700:0:24:ba:ccff:feda:aa00
|
||||
broadcast: 185.230.79.255
|
||||
if_adm: eth1
|
||||
if_srv: eth0
|
||||
roles:
|
||||
- keepalived
|
||||
|
||||
# Deploy keepalived on bakdaur
|
||||
- hosts: bakdaur.adm.crans.org
|
||||
vars:
|
||||
keepalived:
|
||||
proxy:
|
||||
primary: true
|
||||
password: "{{ vault_keepalived_proxy_password }}"
|
||||
ipv4: 185.230.79.194
|
||||
ipv6: 2a0c:700:0:24:ba:ccff:feda:aa00
|
||||
broadcast: 185.230.79.255
|
||||
if_adm: eth0
|
||||
if_srv: eth1
|
||||
- hosts: router
|
||||
roles:
|
||||
- keepalived
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
|
||||
- name: Reload keepalived.service
|
||||
service:
|
||||
name: keepalived.service
|
||||
state: reloaded
|
||||
|
|
@ -12,3 +12,4 @@
|
|||
src: keepalived/keepalived.conf.j2
|
||||
dest: /etc/keepalived/keepalived.conf
|
||||
mode: 0644
|
||||
notify: Reload keepalived.service
|
||||
|
|
|
|||
|
|
@ -8,153 +8,50 @@ global_defs {
|
|||
smtp_server smtp.adm.crans.org
|
||||
}
|
||||
|
||||
{% if keepalived.proxy is defined %}
|
||||
vrrp_instance VI_DAUR4 {
|
||||
# We don't own the IP address, which allows manual triggering of IP change when machine comes UP
|
||||
# see man keepalived.conf.
|
||||
{% if keepalived.proxy.primary %}
|
||||
state MASTER
|
||||
priority 150
|
||||
{% else %}
|
||||
state BACKUP
|
||||
priority 100
|
||||
{% endif %}
|
||||
|
||||
interface {{ keepalived.if_adm }}
|
||||
virtual_router_id 51
|
||||
advert_int 2
|
||||
authentication {
|
||||
auth_type PASS
|
||||
auth_pass {{ keepalived.proxy.password }}
|
||||
}
|
||||
|
||||
virtual_ipaddress {
|
||||
{{ keepalived.proxy.ipv4 }}/32 brd {{ keepalived.proxy.broadcast }} dev {{ keepalived.if_srv }} scope global
|
||||
}
|
||||
}
|
||||
|
||||
vrrp_instance VI_DAUR6 {
|
||||
# We don't own the IP address, which allows manual triggering of IP change when machine comes UP
|
||||
# see man keepalived.conf.
|
||||
{% if keepalived.proxy.primary %}
|
||||
state MASTER
|
||||
priority 150
|
||||
{% else %}
|
||||
state BACKUP
|
||||
priority 100
|
||||
{% endif %}
|
||||
|
||||
interface {{ keepalived.if_adm }}
|
||||
virtual_router_id 51
|
||||
advert_int 2
|
||||
authentication {
|
||||
auth_type PASS
|
||||
auth_pass {{ keepalived.proxy.password }}
|
||||
}
|
||||
|
||||
virtual_ipaddress {
|
||||
{{ keepalived.proxy.ipv6 }}/64 dev {{ keepalived.if_srv }} scope global
|
||||
}
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if keepalived.radius is defined %}
|
||||
vrrp_instance VI_RAD4 {
|
||||
# We don't own the IP address, which allows manual triggering of IP change when machine comes UP
|
||||
# see man keepalived.conf.
|
||||
{% if keepalived.radius_primary %}
|
||||
state MASTER
|
||||
priority 150
|
||||
{% elif keepalived.radius_secondary %}
|
||||
state BACKUP
|
||||
priority 100
|
||||
{% else %}
|
||||
state BACKUP
|
||||
priority 50
|
||||
{% endif %}
|
||||
interface {{ keepalived.if_adm }}
|
||||
virtual_router_id 52
|
||||
advert_int 2
|
||||
authentication {
|
||||
auth_type PASS
|
||||
auth_pass {{ keepalived.radius_password }}
|
||||
}
|
||||
|
||||
virtual_ipaddress {
|
||||
{{ keepalived.radius_ipv4_adm }}/24 brd {{ keepalived.radius_broadcast_adm }} dev {{ keepalived.if_adm }} scope global
|
||||
{{ keepalived.radius_ipv4_bornes }}/24 brd {{ keepalived.radius_broadcast_bornes }} dev {{ keepalived.if_bornes }} scope global
|
||||
{{ keepalived.radius_ipv4_switches }}/24 brd {{ keepalived.radius_broadcast_switches }} dev {{ keepalived.if_switches }} scope global
|
||||
}
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if keepalived.radius is defined %}
|
||||
vrrp_instance VI_RAD6 {
|
||||
# We don't own the IP address, which allows manual triggering of IP change when machine comes UP
|
||||
# see man keepalived.conf.
|
||||
{% if keepalived.radius_primary %}
|
||||
state MASTER
|
||||
priority 150
|
||||
{% elif keepalived.radius_secondary %}
|
||||
state BACKUP
|
||||
priority 100
|
||||
{% else %}
|
||||
state BACKUP
|
||||
priority 50
|
||||
{% endif %}
|
||||
interface {{ keepalived.if_adm }}
|
||||
virtual_router_id 52
|
||||
advert_int 2
|
||||
authentication {
|
||||
auth_type PASS
|
||||
auth_pass {{ keepalived.radius_password }}
|
||||
}
|
||||
|
||||
virtual_ipaddress {
|
||||
{{ keepalived.radius_ipv6_adm }}/64 dev {{ keepalived.if_adm }} scope global
|
||||
{{ keepalived.radius_ipv6_bornes }}/64 dev {{ keepalived.if_bornes }} scope global
|
||||
{{ keepalived.radius_ipv6_switches }}/64 dev {{ keepalived.if_switches }} scope global
|
||||
}
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if keepalived.router is defined %}
|
||||
vrrp_instance VI_ROUT {
|
||||
# We don't own the IP address, which allows manual triggering of IP change when machine comes UP
|
||||
# see man keepalived.conf.
|
||||
{% if keepalived.router_primary %}
|
||||
state MASTER
|
||||
priority 150
|
||||
{% else %}
|
||||
state BACKUP
|
||||
priority 100
|
||||
{% endif %}
|
||||
interface {{ keepalived.if_adm }}
|
||||
|
||||
virtual_router_id 53
|
||||
advert_int 2
|
||||
authentication {
|
||||
auth_type PASS
|
||||
auth_pass {{ keepalived.router_password }}
|
||||
}
|
||||
|
||||
{% for instance in keepalived_instances %}
|
||||
vrrp_instance {{ instance.tag }}4 {
|
||||
state {{ instance.state }}
|
||||
priority {{ instance.priority }}
|
||||
smtp_alert
|
||||
|
||||
virtual_ipaddress {
|
||||
# {{ keepalived.router_ipv4_serveurs }}/21 brd {{ keepalived.router_broadcast_serveurs }} dev {{ keepalived.if_serveurs }} scope global
|
||||
{{ keepalived.router_ipv4_adm }}/24 brd {{ keepalived.router_broadcast_adm }} dev {{ keepalived.if_adm }} scope global
|
||||
{{ keepalived.router_ipv4_bornes }}/24 brd {{ keepalived.router_broadcast_bornes }} dev {{ keepalived.if_bornes }} scope global
|
||||
{{ keepalived.router_id_zayo }}/31 dev {{ keepalived.if_zayo }} scope global
|
||||
# {{ keepalived.router_id_zrt }}/24 brd {{ keepalived.router_broadcast_zrt }} dev {{ keepalived.if_zrt }} scope global
|
||||
{{ keepalived.router_ipv4_filpub }}/24 brd {{ keepalived.router_broadcast_filpub }} dev {{ keepalived.if_filpub }} scope global
|
||||
{{ keepalived.router_ipv4_srv }}/24 brd {{ keepalived.router_broadcast_srv }} dev {{ keepalived.if_srv }} scope global
|
||||
{{ keepalived.router_ipv4_filnewserveurs }}/16 brd {{ keepalived.router_broadcast_filnewserveurs }} dev {{ keepalived.if_filnewserveurs }} scope global
|
||||
{{ keepalived.router_ipv4_wifinewserveurs }}/16 brd {{ keepalived.router_broadcast_wifinewserveurs }} dev {{ keepalived.if_wifinewserveurs }} scope global
|
||||
interface {{ interfaces.adm }}
|
||||
virtual_router_id {{ keepalived[instance.name].id }}
|
||||
advert_int 2
|
||||
authentication {
|
||||
auth_type PASS
|
||||
auth_pass {{ keepalived[instance.name].password }}
|
||||
}
|
||||
|
||||
virtual_routes {
|
||||
# src {{ keepalived.router_ipv4_serveurs }} to 0.0.0.0/0 via 138.231.132.1 dev {{ keepalived.if_zrt }}
|
||||
src {{ keepalived.router_ipv4_srv }} to 0.0.0.0/0 via 158.255.113.73 dev {{ keepalived.if_zayo }}
|
||||
virtual_ipaddress {
|
||||
{% for zone in keepalived[instance.name].zones %}
|
||||
{% if zone.brd is defined %}
|
||||
{{ zone.ipv4 }} brd {{ zone.brd }} dev {{ interfaces[zone.vlan] }} scope global
|
||||
{% else %}
|
||||
{{ zone.ipv4 }} dev {{ interfaces[zone.vlan] }} scope global
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
}
|
||||
}
|
||||
|
||||
{% if keepalived[instance.name].ipv6 %}
|
||||
vrrp_instance {{ instance.tag }}6 {
|
||||
state {{ instance.state }}
|
||||
priority {{ instance.priority }}
|
||||
smtp_alert
|
||||
|
||||
interface {{ interfaces.adm }}
|
||||
virtual_router_id {{ keepalived[instance.name].id }}
|
||||
advert_int 2
|
||||
authentication {
|
||||
auth_type PASS
|
||||
auth_pass {{ keepalived[instance.name].password }}
|
||||
}
|
||||
|
||||
virtual_ipaddress {
|
||||
{% for zone in keepalived[instance.name].zones %}
|
||||
{{ zone.ipv6 }} dev {{ interfaces[zone.vlan] }} scope global
|
||||
{% endfor %}
|
||||
}
|
||||
}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
|
|
|||
Loading…
Reference in New Issue