Make keepalived role more configurable (issue #683) (#684)

vitabaks · Jul 1, 2024 · e4b4812 · e4b4812
1 parent 254c068
commit e4b4812
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 23 deletions.
diff --git a/roles/keepalived/defaults/main.yml b/roles/keepalived/defaults/main.yml
@@ -0,0 +1,15 @@
+---
+
+keepalived_instances:
+  - name: VI_1
+    state: BACKUP
+    interface: "{{ vip_interface }}"
+    virtual_router_id: "{{ keepalived_virtual_router_id | default(123) }}"
+    priority: 100
+    advert_int: 2
+    check_status_command: /usr/libexec/keepalived/haproxy_check.sh
+    authentication:
+      auth_type: PASS
+      auth_pass: "1ce24b6e"
+    virtual_ipaddresses:
+      - "{{ cluster_vip }}"
diff --git a/roles/keepalived/handlers/main.yml b/roles/keepalived/handlers/main.yml
@@ -27,7 +27,7 @@
           ansible_ssh_port | default(22)
         )
       }}
-  ignore_errors: true  # show the error and continue the playbook execution
+  ignore_errors: true  # noqa ignore-errors # show the error and continue the playbook execution
   listen: "restart keepalived"
 
 ...
diff --git a/roles/keepalived/tasks/main.yml b/roles/keepalived/tasks/main.yml
@@ -28,6 +28,7 @@
     state: directory
     owner: root
     group: root
+    mode: "0750"
   tags: keepalived_conf, keepalived
 
 - name: Create vrrp_script "/usr/libexec/keepalived/haproxy_check.sh"
@@ -46,6 +47,9 @@
   ansible.builtin.template:
     src: templates/keepalived.conf.j2
     dest: /etc/keepalived/keepalived.conf
+    owner: root
+    group: root
+    mode: "0644"
   notify: "restart keepalived"
   when: add_balancer is not defined or not add_balancer|bool
   tags: keepalived_conf, keepalived
@@ -88,13 +92,13 @@
   when: add_balancer is defined and add_balancer|bool
   tags: keepalived_conf, keepalived
 
-- name: selinux | change the keepalived_t domain to permissive
+- name: Selinux | Change the keepalived_t domain to permissive
   community.general.selinux_permissive:
     name: keepalived_t
     permissive: true
   when: ansible_selinux.status is defined and
         ansible_selinux.status == 'enabled'
-  ignore_errors: true
+  ignore_errors: true  # noqa ignore-errors
   tags: keepalived, keepalived_selinux
 
 ...
diff --git a/roles/keepalived/templates/keepalived.conf.j2 b/roles/keepalived/templates/keepalived.conf.j2
@@ -3,27 +3,35 @@ global_defs {
    enable_script_security
    script_user root
 }
-
-vrrp_script haproxy_check {
-   script "/usr/libexec/keepalived/haproxy_check.sh"
+
+{% for instance in keepalived_instances %}
+{% if instance.check_status_command is defined %}
+vrrp_script chk_command_{{ instance.virtual_router_id }} {
+   script "{{ instance.check_status_command }}"
    interval 2
    weight 2
 }
-
-vrrp_instance VI_1 {
-   interface {{ vip_interface }}
-   virtual_router_id {{ keepalived_virtual_router_id | default(123) }}
-   priority  100
-   advert_int 2
-   state  BACKUP
-   virtual_ipaddress {
-       {{ cluster_vip  }}
-   }
-   track_script {
-       haproxy_check
-   }
-   authentication {
-      auth_type PASS
-      auth_pass 1ce24b6e
-   }
+{% endif %}
+
+vrrp_instance {{ instance.name }} {
+  interface {{ instance.interface }}
+  virtual_router_id {{ instance.virtual_router_id }}
+  priority {{ instance.priority }}
+  advert_int {{ instance.advert_int }}
+  state {{ instance.state }}
+  virtual_ipaddress {
+    {% for ip in instance.virtual_ipaddresses %}
+    {{ ip }}
+    {% endfor %}
+  }
+  {% if instance.check_status_command is defined %}
+  track_script {
+    chk_command_{{ instance.virtual_router_id }}
+  }
+  {% endif %}
+  authentication {
+    auth_type {{ instance.authentication.auth_type }}
+    auth_pass {{ instance.authentication.auth_pass }}
+  }
 }
+{% endfor %}