nemesis/hubris: import keepalived configuration
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Add shared configuration to cluster.denc.web-proxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
parent
974014937f
commit
863244ad86
@ -2,13 +2,70 @@
|
|||||||
{%- set trustcrt = '/usr/share/pki/trust/anchors/syscid-ca.crt' -%}
|
{%- set trustcrt = '/usr/share/pki/trust/anchors/syscid-ca.crt' -%}
|
||||||
{%- set stapler = 'http://gaia.syscid.com:8900/' -%}
|
{%- set stapler = 'http://gaia.syscid.com:8900/' -%}
|
||||||
{%- set resolver = '192.168.0.115' -%}
|
{%- set resolver = '192.168.0.115' -%}
|
||||||
|
{%- set mailer = '192.168.0.120' -%}
|
||||||
|
{%- set ha4 = '81.16.19.62' -%}
|
||||||
|
{%- set ha6 = '2a03:4000:20:21f::' -%}
|
||||||
|
|
||||||
|
keepalived:
|
||||||
|
config:
|
||||||
|
global_defs:
|
||||||
|
notification_email:
|
||||||
|
- system@lysergic.dev
|
||||||
|
notification_email_from: failover@{{ grains['host'] }}.lysergic.dev
|
||||||
|
smtp_server: {{ mailer }}
|
||||||
|
smtp_connect_timeout: 30
|
||||||
|
router_id: SSO_FO
|
||||||
|
vrrp_script:
|
||||||
|
check_nginx_port:
|
||||||
|
script: '"/usr/bin/curl -kfsSm2 https://[::1]:443"'
|
||||||
|
weight: 5
|
||||||
|
interval: 3
|
||||||
|
timeout: 3
|
||||||
|
check_nginx_process:
|
||||||
|
{#- this is not a good check but better than nothing #}
|
||||||
|
script: '"/usr/bin/pgrep nginx"'
|
||||||
|
weight: 4
|
||||||
|
interval: 2
|
||||||
|
timeout: 10
|
||||||
|
check_useless_process:
|
||||||
|
{#- this is only used for debugging #}
|
||||||
|
script: '"/usr/bin/pgrep useless.sh"'
|
||||||
|
weight: 4
|
||||||
|
interval: 2
|
||||||
|
timeout: 3
|
||||||
|
vrrp_instance:
|
||||||
|
DENCWC:
|
||||||
|
state: MASTER
|
||||||
|
interface: eth1
|
||||||
|
priority: 100
|
||||||
|
virtual_router_id: 100
|
||||||
|
advert_int: 5
|
||||||
|
smtp_alert: true
|
||||||
|
notify_master: '"/usr/local/bin/failover --all"'
|
||||||
|
promote_secondaries: true
|
||||||
|
mcast_src_ip: 192.168.0.50
|
||||||
|
authentication:
|
||||||
|
auth_type: PASS
|
||||||
|
auth_pass: ${'secret_keepalived:vrrp_instance:DENCWC'}
|
||||||
|
virtual_ipaddress:
|
||||||
|
- {{ ha4 }}/32 dev eth0 label failover
|
||||||
|
virtual_ipaddress_excluded:
|
||||||
|
- {{ ha6 }}/64 dev eth0
|
||||||
|
{%- for i in [1, 2, 3] %}
|
||||||
|
- {{ ha6 }}{{ i }}/64 dev eth0
|
||||||
|
{%- endfor %}
|
||||||
|
track_script:
|
||||||
|
{#- - check_nginx_port # to-do: this is currently bugged, check script locks up #}
|
||||||
|
- check_nginx_process
|
||||||
|
track_interface:
|
||||||
|
- eth0
|
||||||
|
|
||||||
nginx:
|
nginx:
|
||||||
snippets:
|
snippets:
|
||||||
listen_ha:
|
listen_ha:
|
||||||
- listen:
|
- listen:
|
||||||
- 81.16.19.62:443 ssl http2
|
- {{ ha4 }}:443 ssl http2
|
||||||
- '[2a03:4000:20:21f::]:443 ssl http2'
|
- '[{{ ha6 }}]:443 ssl http2'
|
||||||
proxy:
|
proxy:
|
||||||
- proxy_set_header:
|
- proxy_set_header:
|
||||||
- Host $host
|
- Host $host
|
||||||
@ -75,8 +132,8 @@ nginx:
|
|||||||
config:
|
config:
|
||||||
- server:
|
- server:
|
||||||
- listen:
|
- listen:
|
||||||
- 81.16.19.62:80 default_server
|
- {{ ha4 }}:80 default_server
|
||||||
- '[2a03:4000:20:21f::]:80 default_server'
|
- '[{{ ha6 }}]:80 default_server'
|
||||||
- include: snippets/robots
|
- include: snippets/robots
|
||||||
- location /:
|
- location /:
|
||||||
- return: 301 https://$host$request_uri
|
- return: 301 https://$host$request_uri
|
||||||
|
Loading…
Reference in New Issue
Block a user