Merge pull request #10 from jebas/master
Update of the keepalived config generator.
This commit is contained in:
commit
1034f09853
@ -30,10 +30,7 @@ Install ``keepalived`` from packages.
|
|||||||
``keepalived.config``
|
``keepalived.config``
|
||||||
------------------
|
------------------
|
||||||
|
|
||||||
Slowly adding configuration options per the documents, not everything is available
|
Configuration options for ``keepalived``.
|
||||||
|
|
||||||
To Do:
|
|
||||||
- LVS configuration section
|
|
||||||
|
|
||||||
``keepalived.service``
|
``keepalived.service``
|
||||||
-------------------
|
-------------------
|
||||||
|
5
keepalived/defaults.yaml
Normal file
5
keepalived/defaults.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
# keepalived/defaults.yaml
|
||||||
|
|
||||||
|
global_defs:
|
||||||
|
smtp_server: localhost
|
@ -4,230 +4,60 @@
|
|||||||
#
|
#
|
||||||
# This file is managed by Salt.
|
# This file is managed by Salt.
|
||||||
# Any changes will be overwritten.
|
# Any changes will be overwritten.
|
||||||
|
{{ '\n' }}
|
||||||
|
|
||||||
|
{#
|
||||||
|
Macro Explanation:
|
||||||
|
|
||||||
#---------------------------------------------------------------------
|
This is a recursive macro that takes the type of entry and determines how
|
||||||
# Global settings
|
it is suppose to appear in the configuration file. Strings and numbers
|
||||||
#---------------------------------------------------------------------
|
are just written out. Lists and hashes are placed inside if couple of
|
||||||
global_defs {
|
parenthesis. It also takes into account the special groupings like
|
||||||
notification_email {
|
vrrp_instance and virtual_server. Any additional data from a list or a
|
||||||
{%- if 'notification_emails' in salt['pillar.get']('keepalived:global_defs') %}
|
hash is then processed by calling the macro again.
|
||||||
{%- for email in salt['pillar.get']('keepalived:global_defs:notification_emails', []) %}
|
|
||||||
{{ email }}
|
|
||||||
{%- endfor %}
|
|
||||||
{%- endif %}
|
|
||||||
}
|
|
||||||
notification_email_from {{ salt['pillar.get']('keepalived:global_defs:notification_email_from', 'keepalived@'~salt['grains.get']('fqdn') ) }}
|
|
||||||
smtp_server {{ salt['pillar.get']('keepalived:global_defs:smtp_server', 'localhost') }}
|
|
||||||
{%- if 'smtp_connect_timeout' in salt['pillar.get']('keepalived:global_defs') %}
|
|
||||||
smtp_connect_timeout {{ salt['pillar.get']('keepalived:global_defs:smtp_connect_timeout') }}
|
|
||||||
{%- endif %}
|
|
||||||
}
|
|
||||||
|
|
||||||
#---------------------------------------------------------------------
|
Forced carriage returns and use of jinja’s indent are only there to make
|
||||||
# static network configuration
|
the final file more human readable. They serve no other function.
|
||||||
#---------------------------------------------------------------------
|
#}
|
||||||
# static ipaddresses
|
|
||||||
{%- if 'static_ipaddresses' in salt['pillar.get']('keepalived') %}
|
|
||||||
static_ipaddress {
|
|
||||||
{%- for address in salt['pillar.get']('keepalived:static_ipaddresses', {}).iteritems() %}
|
|
||||||
{{ address }}
|
|
||||||
{%- endfor %}
|
|
||||||
}
|
|
||||||
{%- endif %}
|
|
||||||
|
|
||||||
# static routes
|
{%- import_yaml 'keepalived/defaults.yaml' as keepalived_defaults -%}
|
||||||
{%- if 'static_routes' in salt['pillar.get']('keepalived') %}
|
{%- set keepalived_final_values = salt.pillar.get(
|
||||||
static_routes {
|
'keepalived',
|
||||||
{%- for route in salt['pillar.get']('keepalived:static_routes', {}).iteritems() %}
|
default=keepalived_defaults,
|
||||||
{{ route}}
|
merge=True) -%}
|
||||||
{%- endfor %}
|
|
||||||
}
|
|
||||||
{%- endif %}
|
|
||||||
|
|
||||||
#---------------------------------------------------------------------
|
{%- set groupings = ['vrrp_script', 'vrrp_sync_group', 'vrrp_instance',
|
||||||
# vrrp configuration
|
'virtual_server_group', 'virtual_server', 'real_server'] -%}
|
||||||
#---------------------------------------------------------------------
|
{%- macro config_entries(data, indents, carryover='') -%}
|
||||||
|
{%- if data is string or data is number -%}
|
||||||
# vrrp scripts
|
{{- data|string|indent(indents, True) }}{{ '\n' -}}
|
||||||
{%- for script in salt['pillar.get']('keepalived:vrrp_scripts', {}).iteritems() %}
|
{%- elif data is none -%}
|
||||||
vrrp_script {{ script[1].get('name', script[0]) }} {
|
{{- '\n' -}}
|
||||||
script "{{ script[1].get('script') }}"
|
{%- else -%}
|
||||||
interval {{ script[1].get('interval', '1') }}
|
{%- if indents != 0 and not carryover -%}
|
||||||
weight {{ script[1].get('weight', '2') }}
|
{{- " {\n" -}}
|
||||||
{%- if 'fall' in script[1] %}
|
{%- endif -%}
|
||||||
fall {{ script[1].get('fall') }}
|
{%- if data is mapping -%}
|
||||||
{%- endif %}
|
{%- for entry in data|dictsort -%}
|
||||||
{%- if 'rise' in script[1] %}
|
{%- if entry[0] in groupings -%}
|
||||||
rise {{ script[1].get('rise') }}
|
{{- config_entries(entry[1], indents, carryover=entry[0]) -}}
|
||||||
{%- endif %}
|
{%- else -%}
|
||||||
}
|
{%- if carryover -%}
|
||||||
{%- endfor %}
|
{{- carryover|indent(indents, True) }}{{ ' ' }}
|
||||||
|
{%- endif -%}
|
||||||
# vrrp sync groups
|
{{- entry[0]|indent(indents, True) }}
|
||||||
{%- if 'vrrp_sync_groups' in salt['pillar.get']('keepalived') %}
|
{{- config_entries(entry[1], indents + 2) -}}
|
||||||
{%- for syncgroup in salt['pillar.get']('keepalived:vrrp_sync_groups', {}).iteritems() %}
|
{%- endif -%}
|
||||||
vrrp_sync_group {{ syncgroup[1].get('name', syncgroup[0]) }} {
|
{%- endfor -%}
|
||||||
group {
|
{%- else -%}
|
||||||
{%- for member in syncgroup[1].members %}
|
{%- for entry in data -%}
|
||||||
{{ member }}
|
{{- config_entries(entry, indents) -}}
|
||||||
{%- endfor%}
|
{%- endfor -%}
|
||||||
}
|
{%- endif -%}
|
||||||
{%- if 'notify_master' in syncgroup[1] %}
|
{%- if indents != 0 and not carryover -%}
|
||||||
notify_master {{ syncgroup[1].get('notify_master') }}
|
{{- '}'|indent(indents - 2, True) }}{{ '\n' }}
|
||||||
{%- endif %}
|
{%- endif -%}
|
||||||
{%- if 'notify_backup' in syncgroup[1] %}
|
{%- endif -%}
|
||||||
notify_backup {{ syncgroup[1].get('notify_backup') }}
|
{%- endmacro -%}
|
||||||
{%- endif %}
|
|
||||||
{%- if 'notify_fault' in syncgroup[1] %}
|
|
||||||
notify_master {{ syncgroup[1].get('notify_fault') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'notify' in syncgroup[1] %}
|
|
||||||
notify {{ syncgroup[1].get('notify') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'smtp_alert' in syncgroup[1] %}
|
|
||||||
{%- if True == syncgroup[1].get('smtp_alert') %}
|
|
||||||
smtp_alert
|
|
||||||
{%- endif %}
|
|
||||||
{%- endif %}
|
|
||||||
}
|
|
||||||
{%- endfor %}
|
|
||||||
{%- endif %}
|
|
||||||
|
|
||||||
# vrrp instance
|
|
||||||
{%- for instance in salt['pillar.get']('keepalived:vrrp_instances', {}).iteritems() %}
|
|
||||||
vrrp_instance {{ instance[1].get('name', instance[0]) }} {
|
|
||||||
{%- if 'use_vmac' in instance[1] %}
|
|
||||||
{%- if True == instance[1].get('use_vmac') %}
|
|
||||||
use_vmac
|
|
||||||
{%- endif %}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'vmac_xmit_base' in instance[1] %}
|
|
||||||
{%- if True == instance[1].get('vmac_xmit_base') %}
|
|
||||||
vmac_xmit_base
|
|
||||||
{%- endif %}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'native_ipv6' in instance[1] %}
|
|
||||||
{%- if True == instance[1].get('native_ipv6') %}
|
|
||||||
native_ipv6
|
|
||||||
{%- endif %}
|
|
||||||
{%- endif %}
|
|
||||||
state {{ instance[1].get('state', 'BACKUP') }}
|
|
||||||
{%- if 'interface' in instance[1] %}
|
|
||||||
interface {{ instance[1].get('interface') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'track_interfaces' in instance[1] %}
|
|
||||||
track_interface {
|
|
||||||
{%- for track_interface in instance[1].track_interfaces %}
|
|
||||||
{{ track_interface }}
|
|
||||||
{%- endfor%}
|
|
||||||
}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'track_scripts' in instance[1] %}
|
|
||||||
track_script {
|
|
||||||
{%- for track_script in instance[1].track_scripts %}
|
|
||||||
{{ track_script }}
|
|
||||||
{%- endfor%}
|
|
||||||
}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'dont_track_primary' in instance[1] and instance[1].get('dont_track_primary') %}
|
|
||||||
dont_track_primary
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'mcast_src_ip' in instance[1] %}
|
|
||||||
mcast_src_ip {{ instance[1].get('mcast_src_ip') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'unicast_src_ip' in instance[1] %}
|
|
||||||
unicast_src_ip {{ instance[1].get('unicast_src_ip') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'unicast_peers' in instance[1] %}
|
|
||||||
unicast_peer {
|
|
||||||
{%- for unicast_peer in instance[1].unicast_peers %}
|
|
||||||
{{ unicast_peer }}
|
|
||||||
{%- endfor%}
|
|
||||||
}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'lvs_sync_daemon_interface' in instance[1] %}
|
|
||||||
lvs_sync_daemon_interface {{ instance[1].get('lvs_sync_daemon_interface') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'garp_master_delay' in instance[1] %}
|
|
||||||
garp_master_delay {{ instance[1].get('garp_master_delay') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'garp_master_repeat' in instance[1] %}
|
|
||||||
garp_master_repeat {{ instance[1].get('garp_master_repeat') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'garp_master_refresh' in instance[1] %}
|
|
||||||
garp_master_refresh {{ instance[1].get('garp_master_refresh') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'garp_master_refresh_repeat' in instance[1] %}
|
|
||||||
garp_master_refresh_repeat {{ instance[1].get('garp_master_refresh_repeat') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'virtual_router_id' in instance[1] %}
|
|
||||||
virtual_router_id {{ instance[1].get('virtual_router_id') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'priority' in instance[1] %}
|
|
||||||
priority {{ instance[1].get('priority') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'advert_int' in instance[1] %}
|
|
||||||
advert_int {{ instance[1].get('advert_int') }}
|
|
||||||
{%- endif %}
|
|
||||||
authentication {
|
|
||||||
auth_type {{ instance[1].get('authentication').get('auth_type') }}
|
|
||||||
auth_pass {{ instance[1].get('authentication').get('auth_pass') }}
|
|
||||||
}
|
|
||||||
{%- if 'virtual_ipaddresses' in instance[1] %}
|
|
||||||
virtual_ipaddress {
|
|
||||||
{%- for virtual_ipaddress in instance[1].virtual_ipaddresses %}
|
|
||||||
{{ virtual_ipaddress }}
|
|
||||||
{%- endfor%}
|
|
||||||
}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'virtual_ipaddresses_excluded' in instance[1] %}
|
|
||||||
virtual_ipaddress_excluded {
|
|
||||||
{%- for virtual_ipaddress_excluded in instance[1].virtual_ipaddresses_excluded %}
|
|
||||||
{{ virtual_ipaddress_excluded }}
|
|
||||||
{%- endfor%}
|
|
||||||
}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'virtual_routes' in instance[1] %}
|
|
||||||
virtual_routes {
|
|
||||||
{%- for virtual_route in instance[1].virtual_routes %}
|
|
||||||
{{ virtual_route }}
|
|
||||||
{%- endfor%}
|
|
||||||
{%- if 'blackhole_addresses' in instance[1] %}
|
|
||||||
{%- for blackhole_address in instance[1].blackhole_addresses %}
|
|
||||||
blackhole {{ blackhole_address }}
|
|
||||||
{%- endfor%}
|
|
||||||
{%- endif %}
|
|
||||||
}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'nopreempt' in instance[1] and instance[1].get('nopreempt') %}
|
|
||||||
nopreempt
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'notify_master' in instance[1] %}
|
|
||||||
notify_master {{ instance[1].get('notify_master') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'notify_backup' in instance[1] %}
|
|
||||||
notify_backup {{ instance[1].get('notify_backup') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'notify_fault' in instance[1] %}
|
|
||||||
notify_fault {{ instance[1].get('notify_fault') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'notify_stop' in instance[1] %}
|
|
||||||
notify_stop {{ instance[1].get('notify_stop') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'notify' in instance[1] %}
|
|
||||||
notify {{ instance[1].get('notify') }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- if 'smtp_alert' in instance[1] %}
|
|
||||||
{%- if True == instance[1].get('smtp_alert') %}
|
|
||||||
smtp_alert
|
|
||||||
{%- endif %}
|
|
||||||
{%- endif %}
|
|
||||||
}
|
|
||||||
{%- endfor %}
|
|
||||||
|
|
||||||
#---------------------------------------------------------------------
|
|
||||||
# lvs configuration
|
|
||||||
#---------------------------------------------------------------------
|
|
||||||
#this section has not been completed
|
|
||||||
|
|
||||||
|
{{ config_entries(keepalived_final_values, 0) }}
|
||||||
|
150
pillar.example
150
pillar.example
@ -2,40 +2,126 @@
|
|||||||
# Example pillar configuration
|
# Example pillar configuration
|
||||||
#
|
#
|
||||||
|
|
||||||
|
# The following would generate the example file in RedHat based systems.
|
||||||
|
|
||||||
keepalived:
|
keepalived:
|
||||||
global_defs:
|
global_defs:
|
||||||
notification_emails:
|
notification_email:
|
||||||
- alerts@example.com
|
- acassen@firewall.loc
|
||||||
smtp_server: 'mymail.example.com'
|
- failover@firewall.loc
|
||||||
|
- sysadmin@firewall.loc
|
||||||
|
notification_email_from: Alexandre.Cassen@firewall.loc
|
||||||
|
smtp_server: 192.168.200.1
|
||||||
smtp_connect_timeout: 30
|
smtp_connect_timeout: 30
|
||||||
|
router_id: LVS_DEVEL
|
||||||
vrrp_scripts:
|
|
||||||
chk_haproxy:
|
|
||||||
script: "killall -0 haproxy"
|
|
||||||
interval: 2
|
|
||||||
|
|
||||||
vrrp_instances:
|
vrrp_instances:
|
||||||
testhaproxy:
|
VI_1:
|
||||||
interface: eth0
|
|
||||||
priority: 10
|
|
||||||
virtual_router_id: 01
|
|
||||||
smtp_alert: True
|
|
||||||
authentication:
|
|
||||||
auth_type: PASS
|
|
||||||
auth_pass: topsecret
|
|
||||||
virtual_ipaddresses:
|
|
||||||
- "10.20.30.40"
|
|
||||||
- "10.20.30.41"
|
|
||||||
- "10.20.30.42"
|
|
||||||
track_scripts:
|
|
||||||
- chk_haproxy
|
|
||||||
|
|
||||||
#
|
|
||||||
# Example Addition Pillar for Master
|
|
||||||
#
|
|
||||||
|
|
||||||
keepalived:
|
|
||||||
vrrp_instances:
|
|
||||||
testhaproxy:
|
|
||||||
state: MASTER
|
state: MASTER
|
||||||
priority: 101
|
interface: eth0
|
||||||
|
virtual_router_id: 51
|
||||||
|
priority: 100
|
||||||
|
advert_int: 1
|
||||||
|
authentication:
|
||||||
|
auth_type: PASS
|
||||||
|
auth_pass: 1111
|
||||||
|
virtual_ipaddress:
|
||||||
|
- 192.168.200.16
|
||||||
|
- 192.168.200.17
|
||||||
|
- 192.168.200.18
|
||||||
|
virtual_server:
|
||||||
|
# Virtual and real servers include the port as part of the ID.
|
||||||
|
192.168.200.100 443:
|
||||||
|
delay_loop: 6
|
||||||
|
lb_algo: rr
|
||||||
|
lb_kind: NAT
|
||||||
|
nat_mask: 255.255.255.0
|
||||||
|
persistence_timeout: 50
|
||||||
|
protocol: TCP
|
||||||
|
real_server:
|
||||||
|
192.168.201.100 443:
|
||||||
|
weight: 1
|
||||||
|
SSL_GET:
|
||||||
|
# Must be a list because of multiple URL entries.
|
||||||
|
- url:
|
||||||
|
path: /
|
||||||
|
digest: ff20ad2481f97b1754ef3e12ecd3a9cc
|
||||||
|
- url:
|
||||||
|
path: /mrtg/
|
||||||
|
digest: 9b3a0c85a887a256d6939da88aabd8cd
|
||||||
|
- connect_timeout: 3
|
||||||
|
- nb_get_retry: 3
|
||||||
|
- delay_before_retry: 3
|
||||||
|
10.10.10.2 1358:
|
||||||
|
delay_loop: 6
|
||||||
|
lb_algo: rr
|
||||||
|
lb_kind: NAT
|
||||||
|
persistence_timeout: 50
|
||||||
|
protocol: TCP
|
||||||
|
sorry_server: 192.168.200.200 1358
|
||||||
|
real_server:
|
||||||
|
192.168.200.2 1358:
|
||||||
|
weight: 1
|
||||||
|
HTTP_GET:
|
||||||
|
# Must be a list because of multiple URL entries.
|
||||||
|
- url:
|
||||||
|
path: /testurl/test.jsp
|
||||||
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
||||||
|
- url:
|
||||||
|
path: /testurl2/test.jsp
|
||||||
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
||||||
|
- url:
|
||||||
|
path: /testurl3/test.jsp
|
||||||
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
||||||
|
- connect_timeout: 3
|
||||||
|
- nb_get_retry: 3
|
||||||
|
- delay_before_retry: 3
|
||||||
|
192.168.200.3 1358:
|
||||||
|
weight: 1
|
||||||
|
HTTP_GET:
|
||||||
|
- url:
|
||||||
|
path: /testurl/test.jsp
|
||||||
|
digest: 640205b7b0fc66c1ea91c463fac6334c
|
||||||
|
- url:
|
||||||
|
path: /testurl2/test.jsp
|
||||||
|
digest: 640205b7b0fc66c1ea91c463fac6334c
|
||||||
|
- connect_timeout: 3
|
||||||
|
- nb_get_retry: 3
|
||||||
|
- delay_before_retry: 3
|
||||||
|
10.10.10.3 1358:
|
||||||
|
delay_loop: 3
|
||||||
|
lb_algo: rr
|
||||||
|
lb_kind: NAT
|
||||||
|
nat_mask: 255.255.255.0
|
||||||
|
persistence_timeout: 50
|
||||||
|
protocol: TCP
|
||||||
|
real_server:
|
||||||
|
192.168.200.4 1358:
|
||||||
|
weight: 1
|
||||||
|
HTTP_GET:
|
||||||
|
- url:
|
||||||
|
path: /testurl/test.jsp
|
||||||
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
||||||
|
- url:
|
||||||
|
path: /testurl2/test.jsp
|
||||||
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
||||||
|
- url:
|
||||||
|
path: /testurl3/test.jsp
|
||||||
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
||||||
|
- connect_timeout: 3
|
||||||
|
- nb_get_retry: 3
|
||||||
|
- delay_before_retry: 3
|
||||||
|
192.168.200.5 1358:
|
||||||
|
weight: 1
|
||||||
|
HTTP_GET:
|
||||||
|
- url:
|
||||||
|
path: /testurl/test.jsp
|
||||||
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
||||||
|
- url:
|
||||||
|
path: /testurl2/test.jsp
|
||||||
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
||||||
|
- url:
|
||||||
|
path: /testurl3/test.jsp
|
||||||
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
||||||
|
- connect_timeout: 3
|
||||||
|
- nb_get_retry: 3
|
||||||
|
- delay_before_retry: 3
|
||||||
|
Loading…
Reference in New Issue
Block a user