Merge pull request #10 from jebas/master

Update of the keepalived config generator.
2016-11-17 09:18:20 -08:00 · 2016-11-17 09:18:20 -08:00 · 1034f09853
commit 1034f09853
parent e5a4176f48 ebdd62d5e8
4 changed files with 175 additions and 257 deletions
--- a/README.rst
+++ b/README.rst
@ -30,10 +30,7 @@ Install ``keepalived`` from packages.
 ``keepalived.config``
 ------------------

-Slowly adding configuration options per the documents, not everything is available
-
-To Do:
- - LVS configuration section
+Configuration options for ``keepalived``.

 ``keepalived.service``
 -------------------
--- a/keepalived/defaults.yaml
+++ b/keepalived/defaults.yaml
@ -0,0 +1,5 @@
+---
+# keepalived/defaults.yaml
+
+global_defs:
+  smtp_server: localhost
--- a/keepalived/templates/keepalived.jinja
+++ b/keepalived/templates/keepalived.jinja
@ -4,230 +4,60 @@
 #
 # This file is managed by Salt.
 # Any changes will be overwritten.
+{{ '\n' }}

+{#
+Macro Explanation:

-#---------------------------------------------------------------------
-# Global settings
-#---------------------------------------------------------------------
-global_defs {
-    notification_email {
-{%- if 'notification_emails' in salt['pillar.get']('keepalived:global_defs')  %}
-  {%- for email in salt['pillar.get']('keepalived:global_defs:notification_emails', []) %}
-        {{ email }}
-  {%- endfor %}
-{%- endif %}
-    }
-    notification_email_from {{ salt['pillar.get']('keepalived:global_defs:notification_email_from', 'keepalived@'~salt['grains.get']('fqdn') ) }}
-    smtp_server {{ salt['pillar.get']('keepalived:global_defs:smtp_server', 'localhost') }}
-{%- if 'smtp_connect_timeout' in salt['pillar.get']('keepalived:global_defs')  %}
-    smtp_connect_timeout {{ salt['pillar.get']('keepalived:global_defs:smtp_connect_timeout') }}
-{%- endif %}
-}
+This is a recursive macro that takes the type of entry and determines how 
+it is suppose to appear in the configuration file.  Strings and numbers 
+are just written out.  Lists and hashes are placed inside if couple of 
+parenthesis.  It also takes into account the special groupings like 
+vrrp_instance and virtual_server.  Any additional data from a list or a 
+hash is then processed by calling the macro again.

-#---------------------------------------------------------------------
-# static network configuration
-#---------------------------------------------------------------------
-# static ipaddresses
-{%- if 'static_ipaddresses' in salt['pillar.get']('keepalived') %}
-static_ipaddress {
-  {%- for address in salt['pillar.get']('keepalived:static_ipaddresses', {}).iteritems() %}
-    {{ address }}
-  {%- endfor %}
-}
-{%- endif %}
+Forced carriage returns and use of jinja’s indent are only there to make 
+the final file more human readable.  They serve no other function.  
+#}

-# static routes
-{%- if 'static_routes' in salt['pillar.get']('keepalived') %}
-static_routes {
-  {%- for route in salt['pillar.get']('keepalived:static_routes', {}).iteritems() %}
-    {{ route}}
-  {%- endfor %}
-}
-{%- endif %}
+{%- import_yaml 'keepalived/defaults.yaml' as keepalived_defaults -%}
+{%- set keepalived_final_values = salt.pillar.get(
+    'keepalived',
+    default=keepalived_defaults,
+    merge=True) -%}

-#---------------------------------------------------------------------
-# vrrp configuration
-#---------------------------------------------------------------------
-
-# vrrp scripts
-{%- for script in salt['pillar.get']('keepalived:vrrp_scripts', {}).iteritems() %}
-vrrp_script {{ script[1].get('name', script[0]) }} {
-    script "{{ script[1].get('script') }}"
-    interval {{ script[1].get('interval', '1') }}
-    weight {{ script[1].get('weight', '2') }}
-  {%- if 'fall' in script[1] %}
-    fall {{ script[1].get('fall') }}
-  {%- endif %}
-  {%- if 'rise' in script[1] %}
-    rise {{ script[1].get('rise') }}
-  {%- endif %}
-}
-{%- endfor %}
-
-# vrrp sync groups
-{%- if 'vrrp_sync_groups' in salt['pillar.get']('keepalived') %}
-  {%- for syncgroup in salt['pillar.get']('keepalived:vrrp_sync_groups', {}).iteritems() %}
-vrrp_sync_group {{ syncgroup[1].get('name', syncgroup[0]) }} {
-    group {
-    {%- for member in syncgroup[1].members %}
-        {{ member }}
-    {%- endfor%}
-    }
-    {%- if 'notify_master' in syncgroup[1] %}
-    notify_master {{ syncgroup[1].get('notify_master') }}
-    {%- endif %}
-    {%- if 'notify_backup' in syncgroup[1] %}
-    notify_backup {{ syncgroup[1].get('notify_backup') }}
-    {%- endif %}
-    {%- if 'notify_fault' in syncgroup[1] %}
-    notify_master {{ syncgroup[1].get('notify_fault') }}
-    {%- endif %}
-    {%- if 'notify' in syncgroup[1] %}
-    notify {{ syncgroup[1].get('notify') }}
-    {%- endif %}
-    {%- if 'smtp_alert' in syncgroup[1] %}
-      {%- if True == syncgroup[1].get('smtp_alert') %}
-    smtp_alert
-      {%- endif %}
-    {%- endif %}
-}
-  {%- endfor %}
-{%- endif %}
-
-# vrrp instance
-{%- for instance in salt['pillar.get']('keepalived:vrrp_instances', {}).iteritems() %}
-vrrp_instance {{ instance[1].get('name', instance[0]) }} {
-  {%- if 'use_vmac' in instance[1] %}
-    {%- if True == instance[1].get('use_vmac') %}
-    use_vmac
-    {%- endif %}
-  {%- endif %}
-  {%- if 'vmac_xmit_base' in instance[1] %}
-    {%- if True == instance[1].get('vmac_xmit_base') %}
-    vmac_xmit_base
-    {%- endif %}
-  {%- endif %}
-  {%- if 'native_ipv6' in instance[1] %}
-    {%- if True == instance[1].get('native_ipv6') %}
-    native_ipv6
-    {%- endif %}
-  {%- endif %}
-    state {{ instance[1].get('state', 'BACKUP') }}
-  {%- if 'interface' in instance[1] %}
-    interface {{ instance[1].get('interface') }}
-  {%- endif %}
-  {%- if 'track_interfaces' in instance[1] %}
-    track_interface {
-    {%- for track_interface in instance[1].track_interfaces %}
-        {{ track_interface }}
-    {%- endfor%}
-    }
-  {%- endif %}
-  {%- if 'track_scripts' in instance[1] %}
-    track_script {
-    {%- for track_script in instance[1].track_scripts %}
-        {{ track_script }}
-    {%- endfor%}
-    }
-  {%- endif %}
-  {%- if 'dont_track_primary' in instance[1] and instance[1].get('dont_track_primary') %}
-    dont_track_primary
-  {%- endif %}
-  {%- if 'mcast_src_ip' in instance[1] %}
-    mcast_src_ip {{ instance[1].get('mcast_src_ip') }}
-  {%- endif %}
-  {%- if 'unicast_src_ip' in instance[1] %}
-    unicast_src_ip {{ instance[1].get('unicast_src_ip') }}
-  {%- endif %}
-  {%- if 'unicast_peers' in instance[1] %}
-    unicast_peer {
-    {%- for unicast_peer in instance[1].unicast_peers %}
-        {{ unicast_peer }}
-    {%- endfor%}
-    }
-  {%- endif %}
-  {%- if 'lvs_sync_daemon_interface' in instance[1] %}
-    lvs_sync_daemon_interface {{ instance[1].get('lvs_sync_daemon_interface') }}
-  {%- endif %}
-  {%- if 'garp_master_delay' in instance[1] %}
-    garp_master_delay {{ instance[1].get('garp_master_delay') }}
-  {%- endif %}
-  {%- if 'garp_master_repeat' in instance[1] %}
-    garp_master_repeat {{ instance[1].get('garp_master_repeat') }}
-  {%- endif %}
-  {%- if 'garp_master_refresh' in instance[1] %}
-    garp_master_refresh {{ instance[1].get('garp_master_refresh') }}
-  {%- endif %}
-  {%- if 'garp_master_refresh_repeat' in instance[1] %}
-    garp_master_refresh_repeat {{ instance[1].get('garp_master_refresh_repeat') }}
-  {%- endif %}
-  {%- if 'virtual_router_id' in instance[1] %}
-    virtual_router_id {{ instance[1].get('virtual_router_id') }}
-  {%- endif %}
-  {%- if 'priority' in instance[1] %}
-    priority {{ instance[1].get('priority') }}
-  {%- endif %}
-  {%- if 'advert_int' in instance[1] %}
-    advert_int {{ instance[1].get('advert_int') }}
-  {%- endif %}
-    authentication {
-        auth_type {{ instance[1].get('authentication').get('auth_type') }}
-        auth_pass {{ instance[1].get('authentication').get('auth_pass') }}
-    }
-  {%- if 'virtual_ipaddresses' in instance[1] %}
-    virtual_ipaddress {
-    {%- for virtual_ipaddress in instance[1].virtual_ipaddresses %}
-        {{ virtual_ipaddress }}
-    {%- endfor%}
-    }
-  {%- endif %}
-  {%- if 'virtual_ipaddresses_excluded' in instance[1] %}
-    virtual_ipaddress_excluded {
-    {%- for virtual_ipaddress_excluded in instance[1].virtual_ipaddresses_excluded %}
-        {{ virtual_ipaddress_excluded }}
-    {%- endfor%}
-    }
-  {%- endif %}
-  {%- if 'virtual_routes' in instance[1] %}
-    virtual_routes {
-    {%- for virtual_route in instance[1].virtual_routes %}
-        {{ virtual_route }}
-    {%- endfor%}
-    {%- if 'blackhole_addresses' in instance[1] %}
-      {%- for blackhole_address in instance[1].blackhole_addresses %}
-        blackhole {{ blackhole_address }}
-      {%- endfor%}
-    {%- endif %}
-    }
-  {%- endif %}
-  {%- if 'nopreempt' in instance[1] and instance[1].get('nopreempt') %}
-    nopreempt
-  {%- endif %}
-  {%- if 'notify_master' in instance[1] %}
-    notify_master {{ instance[1].get('notify_master') }}
-  {%- endif %}
-  {%- if 'notify_backup' in instance[1] %}
-    notify_backup {{ instance[1].get('notify_backup') }}
-  {%- endif %}
-  {%- if 'notify_fault' in instance[1] %}
-    notify_fault {{ instance[1].get('notify_fault') }}
-  {%- endif %}
-  {%- if 'notify_stop' in instance[1] %}
-    notify_stop {{ instance[1].get('notify_stop') }}
-  {%- endif %}
-  {%- if 'notify' in instance[1] %}
-    notify {{ instance[1].get('notify') }}
-  {%- endif %}
-  {%- if 'smtp_alert' in instance[1] %}
-    {%- if True == instance[1].get('smtp_alert') %}
-    smtp_alert
-    {%- endif %}
-  {%- endif %}
-}
-{%- endfor %}
-
-#---------------------------------------------------------------------
-# lvs configuration
-#---------------------------------------------------------------------
-#this section has not been completed
+{%- set groupings = ['vrrp_script', 'vrrp_sync_group', 'vrrp_instance', 
+    'virtual_server_group', 'virtual_server', 'real_server'] -%}
+{%- macro config_entries(data, indents, carryover='') -%}
+  {%- if data is string or data is number -%}
+    {{- data|string|indent(indents, True) }}{{ '\n' -}}
+  {%- elif data is none -%}
+    {{- '\n' -}}
+  {%- else -%}
+    {%- if indents != 0 and not carryover -%}
+      {{- " {\n" -}}
+    {%- endif -%}
+    {%- if data is mapping -%}
+      {%- for entry in data|dictsort -%}
+        {%- if entry[0] in groupings -%}
+          {{- config_entries(entry[1], indents, carryover=entry[0]) -}}
+        {%- else -%}
+          {%- if carryover -%}
+            {{- carryover|indent(indents, True) }}{{ '  ' }}
+          {%- endif -%}
+            {{- entry[0]|indent(indents, True) }}
+            {{- config_entries(entry[1], indents + 2) -}}
+        {%- endif -%}
+      {%- endfor -%}
+    {%- else -%}
+      {%- for entry in data -%}
+        {{- config_entries(entry, indents) -}}
+      {%- endfor -%}
+    {%- endif -%}
+    {%- if indents != 0 and not carryover -%}
+      {{- '}'|indent(indents - 2, True) }}{{ '\n' }}
+    {%- endif -%}
+  {%- endif -%}
+{%- endmacro -%}

+{{ config_entries(keepalived_final_values, 0) }}
--- a/pillar.example
+++ b/pillar.example
@ -2,40 +2,126 @@
 # Example pillar configuration
 #

+# The following would generate the example file in RedHat based systems.
+
 keepalived:
  global_defs:
-    notification_emails:
-      - alerts@example.com
-    smtp_server: 'mymail.example.com'
+    notification_email:
+      - acassen@firewall.loc
+      - failover@firewall.loc
+      - sysadmin@firewall.loc
+    notification_email_from: Alexandre.Cassen@firewall.loc
+    smtp_server: 192.168.200.1
    smtp_connect_timeout: 30
-  
-  vrrp_scripts:
-    chk_haproxy:
-      script: "killall -0 haproxy"
-      interval: 2
-  
+    router_id: LVS_DEVEL
  vrrp_instances:
-    testhaproxy:
-      interface: eth0
-      priority: 10
-      virtual_router_id: 01
-      smtp_alert: True
-      authentication:
-        auth_type: PASS
-        auth_pass: topsecret
-      virtual_ipaddresses:
-        - "10.20.30.40"
-        - "10.20.30.41"
-        - "10.20.30.42"
-      track_scripts:
-        - chk_haproxy
-
-#
-# Example Addition Pillar for Master
-#
-
-keepalived:
-  vrrp_instances:
-    testhaproxy:
+    VI_1:
      state: MASTER
-      priority: 101
+      interface: eth0
+      virtual_router_id: 51
+      priority: 100
+      advert_int: 1
+      authentication: 
+        auth_type: PASS
+        auth_pass: 1111
+      virtual_ipaddress:
+        - 192.168.200.16
+        - 192.168.200.17
+        - 192.168.200.18
+  virtual_server:
+    # Virtual and real servers include the port as part of the ID.
+    192.168.200.100 443:
+      delay_loop: 6
+      lb_algo: rr
+      lb_kind: NAT
+      nat_mask: 255.255.255.0
+      persistence_timeout: 50
+      protocol: TCP
+      real_server:
+        192.168.201.100 443:
+          weight: 1
+          SSL_GET:
+            # Must be a list because of multiple URL entries.
+            - url:
+                path: /
+                digest: ff20ad2481f97b1754ef3e12ecd3a9cc
+            - url:
+                path: /mrtg/
+                digest: 9b3a0c85a887a256d6939da88aabd8cd
+            - connect_timeout: 3
+            - nb_get_retry: 3
+            - delay_before_retry: 3
+    10.10.10.2 1358:
+      delay_loop: 6
+      lb_algo: rr
+      lb_kind: NAT
+      persistence_timeout: 50
+      protocol: TCP
+      sorry_server: 192.168.200.200 1358
+      real_server:
+        192.168.200.2 1358:
+          weight: 1
+          HTTP_GET:
+            # Must be a list because of multiple URL entries.
+            - url: 
+                path: /testurl/test.jsp
+                digest: 640205b7b0fc66c1ea91c463fac6334d
+            - url:
+                path: /testurl2/test.jsp
+                digest: 640205b7b0fc66c1ea91c463fac6334d
+            - url:
+                path: /testurl3/test.jsp
+                digest: 640205b7b0fc66c1ea91c463fac6334d
+            - connect_timeout: 3
+            - nb_get_retry: 3
+            - delay_before_retry: 3
+        192.168.200.3 1358:
+          weight: 1
+          HTTP_GET: 
+            - url:
+                path: /testurl/test.jsp
+                digest: 640205b7b0fc66c1ea91c463fac6334c
+            - url:
+                path: /testurl2/test.jsp
+                digest: 640205b7b0fc66c1ea91c463fac6334c
+            - connect_timeout: 3
+            - nb_get_retry: 3
+            - delay_before_retry: 3
+    10.10.10.3 1358:
+      delay_loop: 3
+      lb_algo: rr
+      lb_kind: NAT
+      nat_mask: 255.255.255.0
+      persistence_timeout: 50
+      protocol: TCP
+      real_server: 
+        192.168.200.4 1358:
+          weight: 1
+          HTTP_GET:
+            - url:
+                path: /testurl/test.jsp
+                digest: 640205b7b0fc66c1ea91c463fac6334d
+            - url:
+                path: /testurl2/test.jsp
+                digest: 640205b7b0fc66c1ea91c463fac6334d
+            - url: 
+                path: /testurl3/test.jsp
+                digest: 640205b7b0fc66c1ea91c463fac6334d
+            - connect_timeout: 3
+            - nb_get_retry: 3
+            - delay_before_retry: 3
+        192.168.200.5 1358: 
+          weight: 1
+          HTTP_GET: 
+            - url:
+                path: /testurl/test.jsp
+                digest: 640205b7b0fc66c1ea91c463fac6334d
+            - url:
+                path: /testurl2/test.jsp
+                digest: 640205b7b0fc66c1ea91c463fac6334d
+            - url:
+                path: /testurl3/test.jsp
+                digest: 640205b7b0fc66c1ea91c463fac6334d
+            - connect_timeout: 3
+            - nb_get_retry: 3
+            - delay_before_retry: 3