diff --git a/README.rst b/README.rst index 3128ebe..18c428a 100644 --- a/README.rst +++ b/README.rst @@ -30,10 +30,7 @@ Install ``keepalived`` from packages. ``keepalived.config`` ------------------ -Slowly adding configuration options per the documents, not everything is available - -To Do: - - LVS configuration section +Configuration options for ``keepalived``. ``keepalived.service`` ------------------- diff --git a/keepalived/defaults.yaml b/keepalived/defaults.yaml new file mode 100644 index 0000000..4e477bd --- /dev/null +++ b/keepalived/defaults.yaml @@ -0,0 +1,5 @@ +--- +# keepalived/defaults.yaml + +global_defs: + smtp_server: localhost diff --git a/keepalived/templates/keepalived.jinja b/keepalived/templates/keepalived.jinja index 57db711..67cecee 100644 --- a/keepalived/templates/keepalived.jinja +++ b/keepalived/templates/keepalived.jinja @@ -4,230 +4,60 @@ # # This file is managed by Salt. # Any changes will be overwritten. +{{ '\n' }} +{# +Macro Explanation: -#--------------------------------------------------------------------- -# Global settings -#--------------------------------------------------------------------- -global_defs { - notification_email { -{%- if 'notification_emails' in salt['pillar.get']('keepalived:global_defs') %} - {%- for email in salt['pillar.get']('keepalived:global_defs:notification_emails', []) %} - {{ email }} - {%- endfor %} -{%- endif %} - } - notification_email_from {{ salt['pillar.get']('keepalived:global_defs:notification_email_from', 'keepalived@'~salt['grains.get']('fqdn') ) }} - smtp_server {{ salt['pillar.get']('keepalived:global_defs:smtp_server', 'localhost') }} -{%- if 'smtp_connect_timeout' in salt['pillar.get']('keepalived:global_defs') %} - smtp_connect_timeout {{ salt['pillar.get']('keepalived:global_defs:smtp_connect_timeout') }} -{%- endif %} -} +This is a recursive macro that takes the type of entry and determines how +it is suppose to appear in the configuration file. Strings and numbers +are just written out. Lists and hashes are placed inside if couple of +parenthesis. It also takes into account the special groupings like +vrrp_instance and virtual_server. Any additional data from a list or a +hash is then processed by calling the macro again. -#--------------------------------------------------------------------- -# static network configuration -#--------------------------------------------------------------------- -# static ipaddresses -{%- if 'static_ipaddresses' in salt['pillar.get']('keepalived') %} -static_ipaddress { - {%- for address in salt['pillar.get']('keepalived:static_ipaddresses', {}).iteritems() %} - {{ address }} - {%- endfor %} -} -{%- endif %} +Forced carriage returns and use of jinja’s indent are only there to make +the final file more human readable. They serve no other function. +#} -# static routes -{%- if 'static_routes' in salt['pillar.get']('keepalived') %} -static_routes { - {%- for route in salt['pillar.get']('keepalived:static_routes', {}).iteritems() %} - {{ route}} - {%- endfor %} -} -{%- endif %} +{%- import_yaml 'keepalived/defaults.yaml' as keepalived_defaults -%} +{%- set keepalived_final_values = salt.pillar.get( + 'keepalived', + default=keepalived_defaults, + merge=True) -%} -#--------------------------------------------------------------------- -# vrrp configuration -#--------------------------------------------------------------------- - -# vrrp scripts -{%- for script in salt['pillar.get']('keepalived:vrrp_scripts', {}).iteritems() %} -vrrp_script {{ script[1].get('name', script[0]) }} { - script "{{ script[1].get('script') }}" - interval {{ script[1].get('interval', '1') }} - weight {{ script[1].get('weight', '2') }} - {%- if 'fall' in script[1] %} - fall {{ script[1].get('fall') }} - {%- endif %} - {%- if 'rise' in script[1] %} - rise {{ script[1].get('rise') }} - {%- endif %} -} -{%- endfor %} - -# vrrp sync groups -{%- if 'vrrp_sync_groups' in salt['pillar.get']('keepalived') %} - {%- for syncgroup in salt['pillar.get']('keepalived:vrrp_sync_groups', {}).iteritems() %} -vrrp_sync_group {{ syncgroup[1].get('name', syncgroup[0]) }} { - group { - {%- for member in syncgroup[1].members %} - {{ member }} - {%- endfor%} - } - {%- if 'notify_master' in syncgroup[1] %} - notify_master {{ syncgroup[1].get('notify_master') }} - {%- endif %} - {%- if 'notify_backup' in syncgroup[1] %} - notify_backup {{ syncgroup[1].get('notify_backup') }} - {%- endif %} - {%- if 'notify_fault' in syncgroup[1] %} - notify_master {{ syncgroup[1].get('notify_fault') }} - {%- endif %} - {%- if 'notify' in syncgroup[1] %} - notify {{ syncgroup[1].get('notify') }} - {%- endif %} - {%- if 'smtp_alert' in syncgroup[1] %} - {%- if True == syncgroup[1].get('smtp_alert') %} - smtp_alert - {%- endif %} - {%- endif %} -} - {%- endfor %} -{%- endif %} - -# vrrp instance -{%- for instance in salt['pillar.get']('keepalived:vrrp_instances', {}).iteritems() %} -vrrp_instance {{ instance[1].get('name', instance[0]) }} { - {%- if 'use_vmac' in instance[1] %} - {%- if True == instance[1].get('use_vmac') %} - use_vmac - {%- endif %} - {%- endif %} - {%- if 'vmac_xmit_base' in instance[1] %} - {%- if True == instance[1].get('vmac_xmit_base') %} - vmac_xmit_base - {%- endif %} - {%- endif %} - {%- if 'native_ipv6' in instance[1] %} - {%- if True == instance[1].get('native_ipv6') %} - native_ipv6 - {%- endif %} - {%- endif %} - state {{ instance[1].get('state', 'BACKUP') }} - {%- if 'interface' in instance[1] %} - interface {{ instance[1].get('interface') }} - {%- endif %} - {%- if 'track_interfaces' in instance[1] %} - track_interface { - {%- for track_interface in instance[1].track_interfaces %} - {{ track_interface }} - {%- endfor%} - } - {%- endif %} - {%- if 'track_scripts' in instance[1] %} - track_script { - {%- for track_script in instance[1].track_scripts %} - {{ track_script }} - {%- endfor%} - } - {%- endif %} - {%- if 'dont_track_primary' in instance[1] and instance[1].get('dont_track_primary') %} - dont_track_primary - {%- endif %} - {%- if 'mcast_src_ip' in instance[1] %} - mcast_src_ip {{ instance[1].get('mcast_src_ip') }} - {%- endif %} - {%- if 'unicast_src_ip' in instance[1] %} - unicast_src_ip {{ instance[1].get('unicast_src_ip') }} - {%- endif %} - {%- if 'unicast_peers' in instance[1] %} - unicast_peer { - {%- for unicast_peer in instance[1].unicast_peers %} - {{ unicast_peer }} - {%- endfor%} - } - {%- endif %} - {%- if 'lvs_sync_daemon_interface' in instance[1] %} - lvs_sync_daemon_interface {{ instance[1].get('lvs_sync_daemon_interface') }} - {%- endif %} - {%- if 'garp_master_delay' in instance[1] %} - garp_master_delay {{ instance[1].get('garp_master_delay') }} - {%- endif %} - {%- if 'garp_master_repeat' in instance[1] %} - garp_master_repeat {{ instance[1].get('garp_master_repeat') }} - {%- endif %} - {%- if 'garp_master_refresh' in instance[1] %} - garp_master_refresh {{ instance[1].get('garp_master_refresh') }} - {%- endif %} - {%- if 'garp_master_refresh_repeat' in instance[1] %} - garp_master_refresh_repeat {{ instance[1].get('garp_master_refresh_repeat') }} - {%- endif %} - {%- if 'virtual_router_id' in instance[1] %} - virtual_router_id {{ instance[1].get('virtual_router_id') }} - {%- endif %} - {%- if 'priority' in instance[1] %} - priority {{ instance[1].get('priority') }} - {%- endif %} - {%- if 'advert_int' in instance[1] %} - advert_int {{ instance[1].get('advert_int') }} - {%- endif %} - authentication { - auth_type {{ instance[1].get('authentication').get('auth_type') }} - auth_pass {{ instance[1].get('authentication').get('auth_pass') }} - } - {%- if 'virtual_ipaddresses' in instance[1] %} - virtual_ipaddress { - {%- for virtual_ipaddress in instance[1].virtual_ipaddresses %} - {{ virtual_ipaddress }} - {%- endfor%} - } - {%- endif %} - {%- if 'virtual_ipaddresses_excluded' in instance[1] %} - virtual_ipaddress_excluded { - {%- for virtual_ipaddress_excluded in instance[1].virtual_ipaddresses_excluded %} - {{ virtual_ipaddress_excluded }} - {%- endfor%} - } - {%- endif %} - {%- if 'virtual_routes' in instance[1] %} - virtual_routes { - {%- for virtual_route in instance[1].virtual_routes %} - {{ virtual_route }} - {%- endfor%} - {%- if 'blackhole_addresses' in instance[1] %} - {%- for blackhole_address in instance[1].blackhole_addresses %} - blackhole {{ blackhole_address }} - {%- endfor%} - {%- endif %} - } - {%- endif %} - {%- if 'nopreempt' in instance[1] and instance[1].get('nopreempt') %} - nopreempt - {%- endif %} - {%- if 'notify_master' in instance[1] %} - notify_master {{ instance[1].get('notify_master') }} - {%- endif %} - {%- if 'notify_backup' in instance[1] %} - notify_backup {{ instance[1].get('notify_backup') }} - {%- endif %} - {%- if 'notify_fault' in instance[1] %} - notify_fault {{ instance[1].get('notify_fault') }} - {%- endif %} - {%- if 'notify_stop' in instance[1] %} - notify_stop {{ instance[1].get('notify_stop') }} - {%- endif %} - {%- if 'notify' in instance[1] %} - notify {{ instance[1].get('notify') }} - {%- endif %} - {%- if 'smtp_alert' in instance[1] %} - {%- if True == instance[1].get('smtp_alert') %} - smtp_alert - {%- endif %} - {%- endif %} -} -{%- endfor %} - -#--------------------------------------------------------------------- -# lvs configuration -#--------------------------------------------------------------------- -#this section has not been completed +{%- set groupings = ['vrrp_script', 'vrrp_sync_group', 'vrrp_instance', + 'virtual_server_group', 'virtual_server', 'real_server'] -%} +{%- macro config_entries(data, indents, carryover='') -%} + {%- if data is string or data is number -%} + {{- data|string|indent(indents, True) }}{{ '\n' -}} + {%- elif data is none -%} + {{- '\n' -}} + {%- else -%} + {%- if indents != 0 and not carryover -%} + {{- " {\n" -}} + {%- endif -%} + {%- if data is mapping -%} + {%- for entry in data|dictsort -%} + {%- if entry[0] in groupings -%} + {{- config_entries(entry[1], indents, carryover=entry[0]) -}} + {%- else -%} + {%- if carryover -%} + {{- carryover|indent(indents, True) }}{{ ' ' }} + {%- endif -%} + {{- entry[0]|indent(indents, True) }} + {{- config_entries(entry[1], indents + 2) -}} + {%- endif -%} + {%- endfor -%} + {%- else -%} + {%- for entry in data -%} + {{- config_entries(entry, indents) -}} + {%- endfor -%} + {%- endif -%} + {%- if indents != 0 and not carryover -%} + {{- '}'|indent(indents - 2, True) }}{{ '\n' }} + {%- endif -%} + {%- endif -%} +{%- endmacro -%} +{{ config_entries(keepalived_final_values, 0) }} diff --git a/pillar.example b/pillar.example index 2044fd6..99b8db7 100644 --- a/pillar.example +++ b/pillar.example @@ -2,40 +2,126 @@ # Example pillar configuration # +# The following would generate the example file in RedHat based systems. + keepalived: global_defs: - notification_emails: - - alerts@example.com - smtp_server: 'mymail.example.com' + notification_email: + - acassen@firewall.loc + - failover@firewall.loc + - sysadmin@firewall.loc + notification_email_from: Alexandre.Cassen@firewall.loc + smtp_server: 192.168.200.1 smtp_connect_timeout: 30 - - vrrp_scripts: - chk_haproxy: - script: "killall -0 haproxy" - interval: 2 - + router_id: LVS_DEVEL vrrp_instances: - testhaproxy: - interface: eth0 - priority: 10 - virtual_router_id: 01 - smtp_alert: True - authentication: - auth_type: PASS - auth_pass: topsecret - virtual_ipaddresses: - - "10.20.30.40" - - "10.20.30.41" - - "10.20.30.42" - track_scripts: - - chk_haproxy - -# -# Example Addition Pillar for Master -# - -keepalived: - vrrp_instances: - testhaproxy: + VI_1: state: MASTER - priority: 101 + interface: eth0 + virtual_router_id: 51 + priority: 100 + advert_int: 1 + authentication: + auth_type: PASS + auth_pass: 1111 + virtual_ipaddress: + - 192.168.200.16 + - 192.168.200.17 + - 192.168.200.18 + virtual_server: + # Virtual and real servers include the port as part of the ID. + 192.168.200.100 443: + delay_loop: 6 + lb_algo: rr + lb_kind: NAT + nat_mask: 255.255.255.0 + persistence_timeout: 50 + protocol: TCP + real_server: + 192.168.201.100 443: + weight: 1 + SSL_GET: + # Must be a list because of multiple URL entries. + - url: + path: / + digest: ff20ad2481f97b1754ef3e12ecd3a9cc + - url: + path: /mrtg/ + digest: 9b3a0c85a887a256d6939da88aabd8cd + - connect_timeout: 3 + - nb_get_retry: 3 + - delay_before_retry: 3 + 10.10.10.2 1358: + delay_loop: 6 + lb_algo: rr + lb_kind: NAT + persistence_timeout: 50 + protocol: TCP + sorry_server: 192.168.200.200 1358 + real_server: + 192.168.200.2 1358: + weight: 1 + HTTP_GET: + # Must be a list because of multiple URL entries. + - url: + path: /testurl/test.jsp + digest: 640205b7b0fc66c1ea91c463fac6334d + - url: + path: /testurl2/test.jsp + digest: 640205b7b0fc66c1ea91c463fac6334d + - url: + path: /testurl3/test.jsp + digest: 640205b7b0fc66c1ea91c463fac6334d + - connect_timeout: 3 + - nb_get_retry: 3 + - delay_before_retry: 3 + 192.168.200.3 1358: + weight: 1 + HTTP_GET: + - url: + path: /testurl/test.jsp + digest: 640205b7b0fc66c1ea91c463fac6334c + - url: + path: /testurl2/test.jsp + digest: 640205b7b0fc66c1ea91c463fac6334c + - connect_timeout: 3 + - nb_get_retry: 3 + - delay_before_retry: 3 + 10.10.10.3 1358: + delay_loop: 3 + lb_algo: rr + lb_kind: NAT + nat_mask: 255.255.255.0 + persistence_timeout: 50 + protocol: TCP + real_server: + 192.168.200.4 1358: + weight: 1 + HTTP_GET: + - url: + path: /testurl/test.jsp + digest: 640205b7b0fc66c1ea91c463fac6334d + - url: + path: /testurl2/test.jsp + digest: 640205b7b0fc66c1ea91c463fac6334d + - url: + path: /testurl3/test.jsp + digest: 640205b7b0fc66c1ea91c463fac6334d + - connect_timeout: 3 + - nb_get_retry: 3 + - delay_before_retry: 3 + 192.168.200.5 1358: + weight: 1 + HTTP_GET: + - url: + path: /testurl/test.jsp + digest: 640205b7b0fc66c1ea91c463fac6334d + - url: + path: /testurl2/test.jsp + digest: 640205b7b0fc66c1ea91c463fac6334d + - url: + path: /testurl3/test.jsp + digest: 640205b7b0fc66c1ea91c463fac6334d + - connect_timeout: 3 + - nb_get_retry: 3 + - delay_before_retry: 3