diff --git a/group_vars/keepalived.yml b/group_vars/keepalived.yml
index e23f30b718dc836255e4f874b2fc8e6766c1e5ec..11fe3e00ea55a2c7e730cbd6bf120e764467f38c 100644
--- a/group_vars/keepalived.yml
+++ b/group_vars/keepalived.yml
@@ -1,11 +1,16 @@
---
-keepalived:
- dhcp:
- password: "plopisverysecure"
- id: 60
- ipv6: no
- zones:
- - vlan: adh-nat
- ipv4: 100.64.0.99/16
- brd: 100.64.255.255
+glob_keepalived:
+ mail_source: keepalived@crans.org
+ mail_destination: root@crans.org
+ smtp_server: smtp.adm.crans.org
+ pool:
+ dhcp:
+ password: "plopisverysecure"
+ id: 60
+ ipv6: no
+ notify: /usr/scripts/notify-dhcp
+ zones:
+ - vlan: adh-nat
+ ipv4: 100.64.0.99/16
+ brd: 100.64.255.255
diff --git a/host_vars/bakdaur.adm.crans.org.yml b/host_vars/bakdaur.adm.crans.org.yml
index b81d2233456766f60464fdf321ecbd28c5655180..358634070ac5fbd2cdf2fa2e8b0f34586200cecf 100644
--- a/host_vars/bakdaur.adm.crans.org.yml
+++ b/host_vars/bakdaur.adm.crans.org.yml
@@ -3,8 +3,9 @@ interfaces:
adm: eth0
srv: eth1
-keepalived_instances:
- - name: proxy
- tag: VI_DAUR
- state: MASTER
- priority: 150
+loc_keepalived:
+ instances:
+ - name: proxy
+ tag: VI_DAUR
+ state: MASTER
+ priority: 150
diff --git a/host_vars/eap.adm.crans.org.yml b/host_vars/eap.adm.crans.org.yml
index 4e5e746f31b826057381d8208bea5768a51605be..31f6cfa6a623920b1a6cc50b382b8780c78dc821 100644
--- a/host_vars/eap.adm.crans.org.yml
+++ b/host_vars/eap.adm.crans.org.yml
@@ -5,8 +5,9 @@ interfaces:
bornes: eth1
switches: eth2
-keepalived_instances:
- - name: radius
- tag: VI_RAD
- state: BACKUP
- priority: 100
+loc_keepalived:
+ instances:
+ - name: radius
+ tag: VI_RAD
+ state: BACKUP
+ priority: 100
diff --git a/host_vars/frontdaur.adm.crans.org.yml b/host_vars/frontdaur.adm.crans.org.yml
index e2fd550b48765832ad60ad53987aff140c77f435..69bfb5ea098bff534c355b7f5409ff2f90450de6 100644
--- a/host_vars/frontdaur.adm.crans.org.yml
+++ b/host_vars/frontdaur.adm.crans.org.yml
@@ -3,8 +3,9 @@ interfaces:
adm: eth1
srv: eth0
-keepalived_instances:
- - name: proxy
- tag: VI_DAUR
- state: BACKUP
- priority: 100
+loc_keepalived:
+ instances:
+ - name: proxy
+ tag: VI_DAUR
+ state: BACKUP
+ priority: 100
diff --git a/host_vars/gulp.adm.crans.org.yml b/host_vars/gulp.adm.crans.org.yml
index 1d244937f3bbe55172460e1401a0bd5535074594..6289c70124fe3b3cc88fc17b809365d43ffb461b 100644
--- a/host_vars/gulp.adm.crans.org.yml
+++ b/host_vars/gulp.adm.crans.org.yml
@@ -7,8 +7,9 @@ interfaces:
wifi_new: ens1f0.22
zayo: ens1f0.26
-keepalived_instances:
- - name: router
- tag: VI_ROUT
- state: MASTER
- priority: 150
+loc_keepalived:
+ instances:
+ - name: router
+ tag: VI_ROUT
+ state: MASTER
+ priority: 150
diff --git a/host_vars/odlyd.adm.crans.org.yml b/host_vars/odlyd.adm.crans.org.yml
index 2e0d7c1ebe677008865d8a0a1b1d410d14e542fd..988fb0ca906e86e11fd23bd406bd23615d191ca9 100644
--- a/host_vars/odlyd.adm.crans.org.yml
+++ b/host_vars/odlyd.adm.crans.org.yml
@@ -10,12 +10,13 @@ interfaces:
srv: ens1f0.24
zayo: ens1f0.26
-keepalived_instances:
- - name: radius
- tag: VI_RAD
- state: BACKUP
- priority: 50
- - name: router
- tag: VI_ROUT
- state: BACKUP
- priority: 100
+loc_keepalived:
+ instances:
+ - name: radius
+ tag: VI_RAD
+ state: BACKUP
+ priority: 50
+ - name: router
+ tag: VI_ROUT
+ state: BACKUP
+ priority: 100
diff --git a/host_vars/radius.adm.crans.org.yml b/host_vars/radius.adm.crans.org.yml
index b4a3a4b05845cea3d5af28bd63d0b480c3fb3dbb..da534c10e5303ebe2cb7f9546dbe8c6283733d32 100644
--- a/host_vars/radius.adm.crans.org.yml
+++ b/host_vars/radius.adm.crans.org.yml
@@ -5,8 +5,9 @@ interfaces:
bornes: eth1
switches: eth2
-keepalived_instances:
- - name: radius
- tag: VI_RAD
- state: MASTER
- priority: 150
+loc_keepalived:
+ instances:
+ - name: radius
+ tag: VI_RAD
+ state: MASTER
+ priority: 150
diff --git a/host_vars/routeur-daniel.adm.crans.org.yml b/host_vars/routeur-daniel.adm.crans.org.yml
index 3b942bc767f0d45875ec9458794c425bc52bcdde..c3b93c47e9eb5bf9f19946d674621bf3eb4035ca 100644
--- a/host_vars/routeur-daniel.adm.crans.org.yml
+++ b/host_vars/routeur-daniel.adm.crans.org.yml
@@ -8,8 +8,9 @@ interfaces:
adh-nat: ens23
-keepalived_instances:
- - name: dhcp
- tag: VI_DHCP
- state: BACKUP
- priority: 100
+loc_keepalived:
+ instances:
+ - name: dhcp
+ tag: VI_DHCP
+ state: BACKUP
+ priority: 100
diff --git a/host_vars/routeur-sam.adm.crans.org.yml b/host_vars/routeur-sam.adm.crans.org.yml
index bec037319fe49c463b045a68a5dba1c1cb8fd37a..0c4bc74b97d753449532776c60ec921da28b9008 100644
--- a/host_vars/routeur-sam.adm.crans.org.yml
+++ b/host_vars/routeur-sam.adm.crans.org.yml
@@ -8,8 +8,9 @@ interfaces:
adh-nat: ens23
-keepalived_instances:
- - name: dhcp
- tag: VI_DHCP
- state: MASTER
- priority: 150
+loc_keepalived:
+ instances:
+ - name: dhcp
+ tag: VI_DHCP
+ state: MASTER
+ priority: 150
diff --git a/plays/keepalived.yml b/plays/keepalived.yml
index dc2e7419238f1c9006274aef29acc474875c6919..7b6a6634c62521a570d913b5c96eee13555dfb56 100755
--- a/plays/keepalived.yml
+++ b/plays/keepalived.yml
@@ -1,5 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts: keepalived
+ vars:
+ keepalived: "{{ glob_keepalived | combine(loc_keepalived) }}"
roles:
- keepalived
diff --git a/roles/keepalived/README.md b/roles/keepalived/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..884a783b117faed96012dfac29ed2aa9d4d3133e
--- /dev/null
+++ b/roles/keepalived/README.md
@@ -0,0 +1,38 @@
+# KEEPALIVED
+
+Ce rôle installe keepalived pour permettre la redondance de certain service
+entre plusieurs services.
+/!\ Ce rôle déploie un script pour relancer automatiquement le serveur dhcp /!\
+
+## VARS
+
+keepalived:
+ - mail_destination: a qui envoyé les mails en cas de switching
+ - mail_source: qui envoie les mails
+ - smtp_server: le serveur smtp par qui passer pour envoyer les mails
+ - pool: Une liste de différentes instances installable sur la machine. Les
+ instances sont des dictionnaires comprenant les champs suivant :
+ - name: le nom de l'instance
+ - password: le mot de passe que vont utilisé les marchines d'une même
+ instance pour se synchroniser
+ - id: l'indentifiant qu'elles vont utiliser pour discuter
+ - ipv6: s'il est necessaire de configurer une instance supplémentaire pour
+ de l'ipv6
+ - notify: le script a notifé en cas de switching (s'il n'est pas précisé
+ aucun script n'est utilisé)
+ - administration: le vlan d'administration sur lequel les machines d'une
+ même instances vont discuter
+ - zones: une liste de zone sur lequel vont parler les instances keepalived.
+ Chaque zone est un disctionnaire comprenant les champs suivants:
+ - vlan: le vlan sur lequel est installé la zone
+ - ipv4: l'ipv4 au format CIDR partagé par les machines
+ - brd: s'il faut préciser ou non l'interface de broadcast
+ - ipv6: une ipv6 (elle peut ne pas être précisé, si elle est présente mais
+ que l'instance ne précise pas ipv6, elle sera ignoré)
+ - instances: Une liste d'instance a déployer sur la machine. Les instances
+ sont des dictionnaires comprenant les champs suivants:
+ - name: le nom de linstance a deployer
+ - tag: le petit nom à lui donner
+ - state: l'état (entre BACKUP et MASTER)
+ - priority: la priorité (pour un MASTER on met par défaut 150 puis on reduit
+ de 50 par 50)
diff --git a/roles/keepalived/tasks/main.yml b/roles/keepalived/tasks/main.yml
index 3eaa83acabef78b7745bda1b4fca2f5d6758a8e6..14fc00bd453629dbbf19b7fc8199a5bd93a2c92d 100644
--- a/roles/keepalived/tasks/main.yml
+++ b/roles/keepalived/tasks/main.yml
@@ -13,3 +13,16 @@
dest: /etc/keepalived/keepalived.conf
mode: 0644
notify: Reload keepalived.service
+
+- name: Create scripts directory
+ file:
+ path: /usr/scripts
+ state: directory
+
+- name: Deploy keepalived dhcp scripts
+ template:
+ src: bin/notify-dhcp
+ dest: /usr/scripts/notify-dhcp
+ mode: 0744
+ when: not ansible_check_mode
+ notify: Reload keepalived.service
diff --git a/roles/keepalived/templates/bin/notify-dhcp b/roles/keepalived/templates/bin/notify-dhcp
new file mode 100755
index 0000000000000000000000000000000000000000..a62ad14c109b8e4ffcc3ec32073fd15c7abd0079
--- /dev/null
+++ b/roles/keepalived/templates/bin/notify-dhcp
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+TYPE=$1
+NAME=$2
+STATE=$3
+
+case $STATE in
+ "MASTER")
+ logger -s '[DHCP-NOTIFY] Entering state MASTER, starting isc-dhcp-server.service'
+ systemctl start isc-dhcp-server.service
+ exit 0;;
+ "BACKUP")
+ logger -s '[DHCP-NOTIFY] Entering state BACKUP, stopping isc-dhcp-server.service'
+ systemctl stop isc-dhcp-server.service
+ exit 0;;
+ "FAULT")
+ logger -s '[DHCP-NOTIFY] Entering state FAULT, stopping isc-dhcp-server.service'
+ systemctl stop isc-dhcp-server.service
+ exit 0;;
+ *)
+ logger -s '[DHCP-NOTIFY] Entering UNKNOWN state, doing nothing'
+ exit 1;;
+esac
+
diff --git a/roles/keepalived/templates/keepalived/keepalived.conf.j2 b/roles/keepalived/templates/keepalived/keepalived.conf.j2
index f0530d8fcec43cd081854315995123e566622b6c..97c93c53b4bbe12540680a06e9bc3422f14e512a 100644
--- a/roles/keepalived/templates/keepalived/keepalived.conf.j2
+++ b/roles/keepalived/templates/keepalived/keepalived.conf.j2
@@ -1,31 +1,33 @@
{{ ansible_header | comment }}
global_defs {
- notification_email {
- root@crans.org
- }
- notification_email_from keepalived@crans.org
- smtp_server smtp.adm.crans.org
+ notification_email { {{ keepalived.mail_destination }} }
+ notification_email_from {{ keepalived.mail_source }}
+ smtp_server {{ keepalived.smtp_server }}
}
-{% for instance in keepalived_instances %}
+{% for instance in keepalived.instances %}
vrrp_instance {{ instance.tag }}4 {
state {{ instance.state }}
priority {{ instance.priority }}
smtp_alert
interface {{ interfaces.adm }}
- virtual_router_id {{ keepalived[instance.name].id }}
+ virtual_router_id {{ keepalived.pool[instance.name].id }}
advert_int 2
authentication {
auth_type PASS
- auth_pass {{ keepalived[instance.name].password }}
+ auth_pass {{ keepalived.pool[instance.name].password }}
}
+{% if keepalived.pool[instance.name].notify is defined %}
+ notify {{ keepalived.pool[instance.name].notify }}
+{% endif %}
+
virtual_ipaddress {
-{% for zone in keepalived[instance.name].zones %}
- {% if zone.brd is defined %}
- {{ zone.ipv4 }} brd {{ zone.brd }} dev {{ interfaces[zone.vlan] }} scope global
+{% for zone in keepalived.pool[instance.name].zones %}
+ {% if zone.brd %}
+ {{ zone.ipv4 }} brd {{ zone.ipv4 | ipaddr('broadcast') }} dev {{ interfaces[zone.vlan] }} scope global
{% else %}
{{ zone.ipv4 }} dev {{ interfaces[zone.vlan] }} scope global
{% endif %}
@@ -33,23 +35,25 @@ vrrp_instance {{ instance.tag }}4 {
}
}
-{% if keepalived[instance.name].ipv6 %}
+{% if keepalived.pool[instance.name].ipv6 %}
vrrp_instance {{ instance.tag }}6 {
state {{ instance.state }}
priority {{ instance.priority }}
smtp_alert
- interface {{ interfaces.adm }}
- virtual_router_id {{ keepalived[instance.name].id }}
+ interface {{ keepalived.pool[instance.name].administration }}
+ virtual_router_id {{ keepalived.pool[instance.name].id }}
advert_int 2
authentication {
auth_type PASS
- auth_pass {{ keepalived[instance.name].password }}
+ auth_pass {{ keepalived.pool[instance.name].password }}
}
virtual_ipaddress {
-{% for zone in keepalived[instance.name].zones %}
+{% for zone in keepalived.pool[instance.name].zones %}
+{% if zone.ipv6 is defined %}
{{ zone.ipv6 }} dev {{ interfaces[zone.vlan] }} scope global
+{% endif %}
{% endfor %}
}
}