From d9e1731ba1f752231728082f5a664ed31f04bcd6 Mon Sep 17 00:00:00 2001
From: Benjamin Graillot <graillot@crans.org>
Date: Sat, 1 Aug 2020 18:58:44 +0200
Subject: [PATCH] Keepalived
---
group_vars/router.yml | 55 ++++++
host_vars/bakdaur.adm.crans.org.yml | 10 ++
host_vars/eap.adm.crans.org.yml | 12 ++
host_vars/frontdaur.adm.crans.org.yml | 10 ++
host_vars/odlyd.adm.crans.org.yml | 22 +++
host_vars/radius.adm.crans.org.yml | 12 ++
hosts | 7 +
re2o-api.yml | 114 +------------
roles/keepalived/handlers/main.yml | 6 +
roles/keepalived/tasks/main.yml | 1 +
.../templates/keepalived/keepalived.conf.j2 | 157 +++---------------
11 files changed, 163 insertions(+), 243 deletions(-)
create mode 100644 group_vars/router.yml
create mode 100644 host_vars/bakdaur.adm.crans.org.yml
create mode 100644 host_vars/eap.adm.crans.org.yml
create mode 100644 host_vars/frontdaur.adm.crans.org.yml
create mode 100644 host_vars/odlyd.adm.crans.org.yml
create mode 100644 host_vars/radius.adm.crans.org.yml
create mode 100644 roles/keepalived/handlers/main.yml
diff --git a/group_vars/router.yml b/group_vars/router.yml
new file mode 100644
index 00000000..dd3a4ac5
--- /dev/null
+++ b/group_vars/router.yml
@@ -0,0 +1,55 @@
+---
+
+keepalived:
+ radius:
+ password: "{{ vault_keepalived_radius_password }}"
+ id: 52
+ ipv6: yes
+ zones:
+ - vlan: adm
+ ipv4: 10.231.136.11/24
+ brd: 10.231.136.255
+ ipv6: 2a0c:700:0:2:ad:adff:fef0:f002/64
+ - vlan: bornes
+ ipv4: 10.231.148.11/24
+ brd: 10.231.148.255
+ ipv6: fd01:240:fe3d:3:ad:adff:fef0:f003/64
+ - vlan: switches
+ ipv4: 10.231.100.11/24
+ brd: 10.231.100.255
+ ipv6: fd01:240:fe3d:c804:ad:adff:fef0:f004/64
+ router:
+ password: "{{ vault_keepalived_router_password }}"
+ id: 53
+ ipv6: no
+ zones:
+ - vlan: adm
+ ipv4: 10.231.136.254/24
+ brd: 10.231.136.255
+ - vlan: bornes
+ ipv4: 10.231.148.254/24
+ brd: 10.231.148.255
+ - vlan: filpub
+ ipv4: 185.230.78.254/24
+ brd: 185.230.78.255
+ - vlan: srv
+ ipv4: 185.230.79.254/24
+ brd: 185.230.79.255
+ - vlan: filnewserveurs
+ ipv4: 10.54.0.254/16
+ brd: 10.54.255.255
+ - vlan: wifinewserveurs
+ ipv4: 10.53.0.254/16
+ brd: 10.53.255.255
+ - vlan: zayo
+ ipv4: 158.255.113.73/31
+ proxy:
+ password: "{{ vault_keepalived_proxy_password }}"
+ id: 51
+ ipv6: yes
+ zones:
+ - vlan: srv
+ ipv4: 185.230.79.194/32
+ brd: 185.230.79.255
+ ipv6: 2a0c:700:0:24:ba:ccff:feda:aa00/64
+
diff --git a/host_vars/bakdaur.adm.crans.org.yml b/host_vars/bakdaur.adm.crans.org.yml
new file mode 100644
index 00000000..b81d2233
--- /dev/null
+++ b/host_vars/bakdaur.adm.crans.org.yml
@@ -0,0 +1,10 @@
+---
+interfaces:
+ adm: eth0
+ srv: eth1
+
+keepalived_instances:
+ - name: proxy
+ tag: VI_DAUR
+ state: MASTER
+ priority: 150
diff --git a/host_vars/eap.adm.crans.org.yml b/host_vars/eap.adm.crans.org.yml
new file mode 100644
index 00000000..4e5e746f
--- /dev/null
+++ b/host_vars/eap.adm.crans.org.yml
@@ -0,0 +1,12 @@
+---
+
+interfaces:
+ adm: eth0
+ bornes: eth1
+ switches: eth2
+
+keepalived_instances:
+ - name: radius
+ tag: VI_RAD
+ state: BACKUP
+ priority: 100
diff --git a/host_vars/frontdaur.adm.crans.org.yml b/host_vars/frontdaur.adm.crans.org.yml
new file mode 100644
index 00000000..e2fd550b
--- /dev/null
+++ b/host_vars/frontdaur.adm.crans.org.yml
@@ -0,0 +1,10 @@
+---
+interfaces:
+ adm: eth1
+ srv: eth0
+
+keepalived_instances:
+ - name: proxy
+ tag: VI_DAUR
+ state: BACKUP
+ priority: 100
diff --git a/host_vars/odlyd.adm.crans.org.yml b/host_vars/odlyd.adm.crans.org.yml
new file mode 100644
index 00000000..df7b8574
--- /dev/null
+++ b/host_vars/odlyd.adm.crans.org.yml
@@ -0,0 +1,22 @@
+---
+interfaces:
+ serveurs: eth0.1
+ adm: eth0.2
+ bornes: eth0.3
+ switches: eth0.4
+ zayo: ens1f0.26
+ zrt: ens1f0.1132
+ filpub: ens1f0.23
+ srv: ens1f0.24
+ filnewserveurs: ens1f0.21
+ wifinewserveurs: ens1f0.22
+
+keepalived_instances:
+ - name: radius
+ tag: VI_RAD
+ state: BACKUP
+ priority: 50
+ - name: router
+ tag: VI_ROUT
+ state: BACKUP
+ priority: 100
diff --git a/host_vars/radius.adm.crans.org.yml b/host_vars/radius.adm.crans.org.yml
new file mode 100644
index 00000000..b4a3a4b0
--- /dev/null
+++ b/host_vars/radius.adm.crans.org.yml
@@ -0,0 +1,12 @@
+---
+
+interfaces:
+ adm: eth0
+ bornes: eth1
+ switches: eth2
+
+keepalived_instances:
+ - name: radius
+ tag: VI_RAD
+ state: MASTER
+ priority: 150
diff --git a/hosts b/hosts
index eb380879..5bf049cf 100644
--- a/hosts
+++ b/hosts
@@ -4,6 +4,13 @@
# > We name servers according to location, then type.
# > Then we regroup everything in global geographic and type groups.
+[router]
+odlyd.adm.crans.org
+eap.adm.crans.org
+radius.adm.crans.org
+frontdaur.adm.crans.org
+bakdaur.adm.crans.org
+
[test_vm]
re2o-test.adm.crans.org
diff --git a/re2o-api.yml b/re2o-api.yml
index 0ce54882..36d94ea3 100755
--- a/re2o-api.yml
+++ b/re2o-api.yml
@@ -1,117 +1,5 @@
#!/usr/bin/env ansible-playbook
---
-# Deploy keepalived on odlyd
-- hosts: odlyd.adm.crans.org
- vars:
- keepalived:
- radius: true
- radius_password: "{{ vault_keepalived_radius_password }}"
- radius_primary: false
- radius_secondary: false
- router: true
- router_password: "{{ vault_keepalived_router_password }}"
- router_primary: false
- if_serveurs: eth0.1
- if_adm: eth0.2
- if_bornes: eth0.3
- if_switches: eth0.4
- if_zayo: ens1f0.26
- if_zrt: ens1f0.1132
- if_filpub: ens1f0.23
- if_srv: ens1f0.24
- if_filnewserveurs: ens1f0.21
- if_wifinewserveurs: ens1f0.22
- radius_ipv4_adm: 10.231.136.11
- radius_broadcast_adm: 10.231.136.255
- radius_ipv4_bornes: 10.231.148.11
- radius_broadcast_bornes: 10.231.148.255
- radius_ipv4_switches: 10.231.100.11
- radius_broadcast_switches: 10.231.100.255
- radius_ipv6_adm: 2a0c:700:0:2:ad:adff:fef0:f002
- radius_ipv6_bornes: fd01:240:fe3d:3:ad:adff:fef0:f003
- radius_ipv6_switches: fd01:240:fe3d:c804:ad:adff:fef0:f004
- router_ipv4_serveurs: 138.231.136.254
- router_broadcast_serveurs: 138.231.136.255
- router_ipv4_adm: 10.231.136.254
- router_broadcast_adm: 10.231.136.255
- router_ipv4_bornes: 10.231.148.254
- router_broadcast_bornes: 10.231.148.255
- router_id_zayo: 158.255.113.73
- router_id_zrt: 138.231.132.47
- router_broadcast_zrt: 138.231.132.255
- router_ipv4_filpub: 185.230.78.254
- router_broadcast_filpub: 185.230.78.255
- router_ipv4_srv: 185.230.79.254
- router_broadcast_srv: 185.230.79.255
- router_ipv4_filnewserveurs: 10.54.0.254
- router_broadcast_filnewserveurs: 10.54.0.255
- router_ipv4_wifinewserveurs: 10.53.0.254
- router_broadcast_wifinewserveurs: 10.53.0.255
- roles:
- - keepalived
-
-# Deploy keepalived on gulp
-- hosts: gulp.adm.crans.org
- vars:
- keepalived:
- router: true
- router_password: "{{ vault_keepalived_router_password }}"
- router_primary: true
- if_serveurs: eno1.1
- if_adm: eno1.2
- if_bornes: eno1.3
- if_zayo: ens1f0.26
- if_zrt: ens1f0.1132
- if_filpub: ens1f0.23
- if_srv: ens1f0.24
- if_filnewserveurs: ens1f0.21
- if_wifinewserveurs: ens1f0.22
- router_ipv4_serveurs: 138.231.136.254
- router_broadcast_serveurs: 138.231.136.255
- router_ipv4_adm: 10.231.136.254
- router_broadcast_adm: 10.231.136.255
- router_ipv4_bornes: 10.231.148.254
- router_broadcast_bornes: 10.231.148.255
- router_id_zayo: 158.255.113.73
- router_id_zrt: 138.231.132.47
- router_broadcast_zrt: 138.231.132.255
- router_ipv4_filpub: 185.230.78.254
- router_broadcast_filpub: 185.230.78.255
- router_ipv4_srv: 185.230.79.254
- router_broadcast_srv: 185.230.79.255
- router_ipv4_filnewserveurs: 10.54.0.254
- router_broadcast_filnewserveurs: 10.54.0.255
- router_ipv4_wifinewserveurs: 10.53.0.254
- router_broadcast_wifinewserveurs: 10.53.0.255
- roles:
- - keepalived
-
-# Deploy keepalived on frontdaur
-- hosts: frontdaur.adm.crans.org
- vars:
- keepalived:
- proxy:
- primary: false
- password: "{{ vault_keepalived_proxy_password }}"
- ipv4: 185.230.79.194
- ipv6: 2a0c:700:0:24:ba:ccff:feda:aa00
- broadcast: 185.230.79.255
- if_adm: eth1
- if_srv: eth0
- roles:
- - keepalived
-
-# Deploy keepalived on bakdaur
-- hosts: bakdaur.adm.crans.org
- vars:
- keepalived:
- proxy:
- primary: true
- password: "{{ vault_keepalived_proxy_password }}"
- ipv4: 185.230.79.194
- ipv6: 2a0c:700:0:24:ba:ccff:feda:aa00
- broadcast: 185.230.79.255
- if_adm: eth0
- if_srv: eth1
+- hosts: router
roles:
- keepalived
diff --git a/roles/keepalived/handlers/main.yml b/roles/keepalived/handlers/main.yml
new file mode 100644
index 00000000..cab78c6b
--- /dev/null
+++ b/roles/keepalived/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Reload keepalived.service
+ service:
+ name: keepalived.service
+ state: reloaded
diff --git a/roles/keepalived/tasks/main.yml b/roles/keepalived/tasks/main.yml
index 7efe258f..3eaa83ac 100644
--- a/roles/keepalived/tasks/main.yml
+++ b/roles/keepalived/tasks/main.yml
@@ -12,3 +12,4 @@
src: keepalived/keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
mode: 0644
+ notify: Reload keepalived.service
diff --git a/roles/keepalived/templates/keepalived/keepalived.conf.j2 b/roles/keepalived/templates/keepalived/keepalived.conf.j2
index 7b3e83ee..f0530d8f 100644
--- a/roles/keepalived/templates/keepalived/keepalived.conf.j2
+++ b/roles/keepalived/templates/keepalived/keepalived.conf.j2
@@ -8,153 +8,50 @@ global_defs {
smtp_server smtp.adm.crans.org
}
-{% if keepalived.proxy is defined %}
-vrrp_instance VI_DAUR4 {
- # We don't own the IP address, which allows manual triggering of IP change when machine comes UP
- # see man keepalived.conf.
-{% if keepalived.proxy.primary %}
- state MASTER
- priority 150
-{% else %}
- state BACKUP
- priority 100
-{% endif %}
-
- interface {{ keepalived.if_adm }}
- virtual_router_id 51
- advert_int 2
- authentication {
- auth_type PASS
- auth_pass {{ keepalived.proxy.password }}
- }
-
- virtual_ipaddress {
- {{ keepalived.proxy.ipv4 }}/32 brd {{ keepalived.proxy.broadcast }} dev {{ keepalived.if_srv }} scope global
- }
-}
-
-vrrp_instance VI_DAUR6 {
- # We don't own the IP address, which allows manual triggering of IP change when machine comes UP
- # see man keepalived.conf.
-{% if keepalived.proxy.primary %}
- state MASTER
- priority 150
-{% else %}
- state BACKUP
- priority 100
-{% endif %}
-
- interface {{ keepalived.if_adm }}
- virtual_router_id 51
- advert_int 2
- authentication {
- auth_type PASS
- auth_pass {{ keepalived.proxy.password }}
- }
-
- virtual_ipaddress {
- {{ keepalived.proxy.ipv6 }}/64 dev {{ keepalived.if_srv }} scope global
- }
-}
-{% endif %}
-
-{% if keepalived.radius is defined %}
-vrrp_instance VI_RAD4 {
- # We don't own the IP address, which allows manual triggering of IP change when machine comes UP
- # see man keepalived.conf.
-{% if keepalived.radius_primary %}
- state MASTER
- priority 150
-{% elif keepalived.radius_secondary %}
- state BACKUP
- priority 100
-{% else %}
- state BACKUP
- priority 50
-{% endif %}
- interface {{ keepalived.if_adm }}
- virtual_router_id 52
- advert_int 2
- authentication {
- auth_type PASS
- auth_pass {{ keepalived.radius_password }}
- }
-
- virtual_ipaddress {
- {{ keepalived.radius_ipv4_adm }}/24 brd {{ keepalived.radius_broadcast_adm }} dev {{ keepalived.if_adm }} scope global
- {{ keepalived.radius_ipv4_bornes }}/24 brd {{ keepalived.radius_broadcast_bornes }} dev {{ keepalived.if_bornes }} scope global
- {{ keepalived.radius_ipv4_switches }}/24 brd {{ keepalived.radius_broadcast_switches }} dev {{ keepalived.if_switches }} scope global
- }
-}
-{% endif %}
+{% for instance in keepalived_instances %}
+vrrp_instance {{ instance.tag }}4 {
+ state {{ instance.state }}
+ priority {{ instance.priority }}
+ smtp_alert
-{% if keepalived.radius is defined %}
-vrrp_instance VI_RAD6 {
- # We don't own the IP address, which allows manual triggering of IP change when machine comes UP
- # see man keepalived.conf.
-{% if keepalived.radius_primary %}
- state MASTER
- priority 150
-{% elif keepalived.radius_secondary %}
- state BACKUP
- priority 100
-{% else %}
- state BACKUP
- priority 50
-{% endif %}
- interface {{ keepalived.if_adm }}
- virtual_router_id 52
+ interface {{ interfaces.adm }}
+ virtual_router_id {{ keepalived[instance.name].id }}
advert_int 2
authentication {
auth_type PASS
- auth_pass {{ keepalived.radius_password }}
+ auth_pass {{ keepalived[instance.name].password }}
}
virtual_ipaddress {
- {{ keepalived.radius_ipv6_adm }}/64 dev {{ keepalived.if_adm }} scope global
- {{ keepalived.radius_ipv6_bornes }}/64 dev {{ keepalived.if_bornes }} scope global
- {{ keepalived.radius_ipv6_switches }}/64 dev {{ keepalived.if_switches }} scope global
+{% for zone in keepalived[instance.name].zones %}
+ {% if zone.brd is defined %}
+ {{ zone.ipv4 }} brd {{ zone.brd }} dev {{ interfaces[zone.vlan] }} scope global
+ {% else %}
+ {{ zone.ipv4 }} dev {{ interfaces[zone.vlan] }} scope global
+ {% endif %}
+{% endfor %}
}
}
-{% endif %}
-{% if keepalived.router is defined %}
-vrrp_instance VI_ROUT {
- # We don't own the IP address, which allows manual triggering of IP change when machine comes UP
- # see man keepalived.conf.
-{% if keepalived.router_primary %}
- state MASTER
- priority 150
-{% else %}
- state BACKUP
- priority 100
-{% endif %}
- interface {{ keepalived.if_adm }}
+{% if keepalived[instance.name].ipv6 %}
+vrrp_instance {{ instance.tag }}6 {
+ state {{ instance.state }}
+ priority {{ instance.priority }}
+ smtp_alert
- virtual_router_id 53
+ interface {{ interfaces.adm }}
+ virtual_router_id {{ keepalived[instance.name].id }}
advert_int 2
authentication {
auth_type PASS
- auth_pass {{ keepalived.router_password }}
+ auth_pass {{ keepalived[instance.name].password }}
}
- smtp_alert
-
virtual_ipaddress {
- # {{ keepalived.router_ipv4_serveurs }}/21 brd {{ keepalived.router_broadcast_serveurs }} dev {{ keepalived.if_serveurs }} scope global
- {{ keepalived.router_ipv4_adm }}/24 brd {{ keepalived.router_broadcast_adm }} dev {{ keepalived.if_adm }} scope global
- {{ keepalived.router_ipv4_bornes }}/24 brd {{ keepalived.router_broadcast_bornes }} dev {{ keepalived.if_bornes }} scope global
- {{ keepalived.router_id_zayo }}/31 dev {{ keepalived.if_zayo }} scope global
- # {{ keepalived.router_id_zrt }}/24 brd {{ keepalived.router_broadcast_zrt }} dev {{ keepalived.if_zrt }} scope global
- {{ keepalived.router_ipv4_filpub }}/24 brd {{ keepalived.router_broadcast_filpub }} dev {{ keepalived.if_filpub }} scope global
- {{ keepalived.router_ipv4_srv }}/24 brd {{ keepalived.router_broadcast_srv }} dev {{ keepalived.if_srv }} scope global
- {{ keepalived.router_ipv4_filnewserveurs }}/16 brd {{ keepalived.router_broadcast_filnewserveurs }} dev {{ keepalived.if_filnewserveurs }} scope global
- {{ keepalived.router_ipv4_wifinewserveurs }}/16 brd {{ keepalived.router_broadcast_wifinewserveurs }} dev {{ keepalived.if_wifinewserveurs }} scope global
- }
-
- virtual_routes {
- # src {{ keepalived.router_ipv4_serveurs }} to 0.0.0.0/0 via 138.231.132.1 dev {{ keepalived.if_zrt }}
- src {{ keepalived.router_ipv4_srv }} to 0.0.0.0/0 via 158.255.113.73 dev {{ keepalived.if_zayo }}
+{% for zone in keepalived[instance.name].zones %}
+ {{ zone.ipv6 }} dev {{ interfaces[zone.vlan] }} scope global
+{% endfor %}
}
}
{% endif %}
+{% endfor %}
--
GitLab