Merge pull request #10 from jebas/master

Update of the keepalived config generator.
This commit is contained in:
Forrest 2016-11-17 09:18:20 -08:00 committed by GitHub
commit 1034f09853
4 changed files with 175 additions and 257 deletions

View File

@ -30,10 +30,7 @@ Install ``keepalived`` from packages.
``keepalived.config`` ``keepalived.config``
------------------ ------------------
Slowly adding configuration options per the documents, not everything is available Configuration options for ``keepalived``.
To Do:
- LVS configuration section
``keepalived.service`` ``keepalived.service``
------------------- -------------------

5
keepalived/defaults.yaml Normal file
View File

@ -0,0 +1,5 @@
---
# keepalived/defaults.yaml
global_defs:
smtp_server: localhost

View File

@ -4,230 +4,60 @@
# #
# This file is managed by Salt. # This file is managed by Salt.
# Any changes will be overwritten. # Any changes will be overwritten.
{{ '\n' }}
{#
Macro Explanation:
#--------------------------------------------------------------------- This is a recursive macro that takes the type of entry and determines how
# Global settings it is suppose to appear in the configuration file. Strings and numbers
#--------------------------------------------------------------------- are just written out. Lists and hashes are placed inside if couple of
global_defs { parenthesis. It also takes into account the special groupings like
notification_email { vrrp_instance and virtual_server. Any additional data from a list or a
{%- if 'notification_emails' in salt['pillar.get']('keepalived:global_defs') %} hash is then processed by calling the macro again.
{%- for email in salt['pillar.get']('keepalived:global_defs:notification_emails', []) %}
{{ email }}
{%- endfor %}
{%- endif %}
}
notification_email_from {{ salt['pillar.get']('keepalived:global_defs:notification_email_from', 'keepalived@'~salt['grains.get']('fqdn') ) }}
smtp_server {{ salt['pillar.get']('keepalived:global_defs:smtp_server', 'localhost') }}
{%- if 'smtp_connect_timeout' in salt['pillar.get']('keepalived:global_defs') %}
smtp_connect_timeout {{ salt['pillar.get']('keepalived:global_defs:smtp_connect_timeout') }}
{%- endif %}
}
#--------------------------------------------------------------------- Forced carriage returns and use of jinjas indent are only there to make
# static network configuration the final file more human readable. They serve no other function.
#--------------------------------------------------------------------- #}
# static ipaddresses
{%- if 'static_ipaddresses' in salt['pillar.get']('keepalived') %}
static_ipaddress {
{%- for address in salt['pillar.get']('keepalived:static_ipaddresses', {}).iteritems() %}
{{ address }}
{%- endfor %}
}
{%- endif %}
# static routes {%- import_yaml 'keepalived/defaults.yaml' as keepalived_defaults -%}
{%- if 'static_routes' in salt['pillar.get']('keepalived') %} {%- set keepalived_final_values = salt.pillar.get(
static_routes { 'keepalived',
{%- for route in salt['pillar.get']('keepalived:static_routes', {}).iteritems() %} default=keepalived_defaults,
{{ route}} merge=True) -%}
{%- endfor %}
}
{%- endif %}
#--------------------------------------------------------------------- {%- set groupings = ['vrrp_script', 'vrrp_sync_group', 'vrrp_instance',
# vrrp configuration 'virtual_server_group', 'virtual_server', 'real_server'] -%}
#--------------------------------------------------------------------- {%- macro config_entries(data, indents, carryover='') -%}
{%- if data is string or data is number -%}
# vrrp scripts {{- data|string|indent(indents, True) }}{{ '\n' -}}
{%- for script in salt['pillar.get']('keepalived:vrrp_scripts', {}).iteritems() %} {%- elif data is none -%}
vrrp_script {{ script[1].get('name', script[0]) }} { {{- '\n' -}}
script "{{ script[1].get('script') }}" {%- else -%}
interval {{ script[1].get('interval', '1') }} {%- if indents != 0 and not carryover -%}
weight {{ script[1].get('weight', '2') }} {{- " {\n" -}}
{%- if 'fall' in script[1] %} {%- endif -%}
fall {{ script[1].get('fall') }} {%- if data is mapping -%}
{%- endif %} {%- for entry in data|dictsort -%}
{%- if 'rise' in script[1] %} {%- if entry[0] in groupings -%}
rise {{ script[1].get('rise') }} {{- config_entries(entry[1], indents, carryover=entry[0]) -}}
{%- endif %} {%- else -%}
} {%- if carryover -%}
{%- endfor %} {{- carryover|indent(indents, True) }}{{ ' ' }}
{%- endif -%}
# vrrp sync groups {{- entry[0]|indent(indents, True) }}
{%- if 'vrrp_sync_groups' in salt['pillar.get']('keepalived') %} {{- config_entries(entry[1], indents + 2) -}}
{%- for syncgroup in salt['pillar.get']('keepalived:vrrp_sync_groups', {}).iteritems() %} {%- endif -%}
vrrp_sync_group {{ syncgroup[1].get('name', syncgroup[0]) }} { {%- endfor -%}
group { {%- else -%}
{%- for member in syncgroup[1].members %} {%- for entry in data -%}
{{ member }} {{- config_entries(entry, indents) -}}
{%- endfor%} {%- endfor -%}
} {%- endif -%}
{%- if 'notify_master' in syncgroup[1] %} {%- if indents != 0 and not carryover -%}
notify_master {{ syncgroup[1].get('notify_master') }} {{- '}'|indent(indents - 2, True) }}{{ '\n' }}
{%- endif %} {%- endif -%}
{%- if 'notify_backup' in syncgroup[1] %} {%- endif -%}
notify_backup {{ syncgroup[1].get('notify_backup') }} {%- endmacro -%}
{%- endif %}
{%- if 'notify_fault' in syncgroup[1] %}
notify_master {{ syncgroup[1].get('notify_fault') }}
{%- endif %}
{%- if 'notify' in syncgroup[1] %}
notify {{ syncgroup[1].get('notify') }}
{%- endif %}
{%- if 'smtp_alert' in syncgroup[1] %}
{%- if True == syncgroup[1].get('smtp_alert') %}
smtp_alert
{%- endif %}
{%- endif %}
}
{%- endfor %}
{%- endif %}
# vrrp instance
{%- for instance in salt['pillar.get']('keepalived:vrrp_instances', {}).iteritems() %}
vrrp_instance {{ instance[1].get('name', instance[0]) }} {
{%- if 'use_vmac' in instance[1] %}
{%- if True == instance[1].get('use_vmac') %}
use_vmac
{%- endif %}
{%- endif %}
{%- if 'vmac_xmit_base' in instance[1] %}
{%- if True == instance[1].get('vmac_xmit_base') %}
vmac_xmit_base
{%- endif %}
{%- endif %}
{%- if 'native_ipv6' in instance[1] %}
{%- if True == instance[1].get('native_ipv6') %}
native_ipv6
{%- endif %}
{%- endif %}
state {{ instance[1].get('state', 'BACKUP') }}
{%- if 'interface' in instance[1] %}
interface {{ instance[1].get('interface') }}
{%- endif %}
{%- if 'track_interfaces' in instance[1] %}
track_interface {
{%- for track_interface in instance[1].track_interfaces %}
{{ track_interface }}
{%- endfor%}
}
{%- endif %}
{%- if 'track_scripts' in instance[1] %}
track_script {
{%- for track_script in instance[1].track_scripts %}
{{ track_script }}
{%- endfor%}
}
{%- endif %}
{%- if 'dont_track_primary' in instance[1] and instance[1].get('dont_track_primary') %}
dont_track_primary
{%- endif %}
{%- if 'mcast_src_ip' in instance[1] %}
mcast_src_ip {{ instance[1].get('mcast_src_ip') }}
{%- endif %}
{%- if 'unicast_src_ip' in instance[1] %}
unicast_src_ip {{ instance[1].get('unicast_src_ip') }}
{%- endif %}
{%- if 'unicast_peers' in instance[1] %}
unicast_peer {
{%- for unicast_peer in instance[1].unicast_peers %}
{{ unicast_peer }}
{%- endfor%}
}
{%- endif %}
{%- if 'lvs_sync_daemon_interface' in instance[1] %}
lvs_sync_daemon_interface {{ instance[1].get('lvs_sync_daemon_interface') }}
{%- endif %}
{%- if 'garp_master_delay' in instance[1] %}
garp_master_delay {{ instance[1].get('garp_master_delay') }}
{%- endif %}
{%- if 'garp_master_repeat' in instance[1] %}
garp_master_repeat {{ instance[1].get('garp_master_repeat') }}
{%- endif %}
{%- if 'garp_master_refresh' in instance[1] %}
garp_master_refresh {{ instance[1].get('garp_master_refresh') }}
{%- endif %}
{%- if 'garp_master_refresh_repeat' in instance[1] %}
garp_master_refresh_repeat {{ instance[1].get('garp_master_refresh_repeat') }}
{%- endif %}
{%- if 'virtual_router_id' in instance[1] %}
virtual_router_id {{ instance[1].get('virtual_router_id') }}
{%- endif %}
{%- if 'priority' in instance[1] %}
priority {{ instance[1].get('priority') }}
{%- endif %}
{%- if 'advert_int' in instance[1] %}
advert_int {{ instance[1].get('advert_int') }}
{%- endif %}
authentication {
auth_type {{ instance[1].get('authentication').get('auth_type') }}
auth_pass {{ instance[1].get('authentication').get('auth_pass') }}
}
{%- if 'virtual_ipaddresses' in instance[1] %}
virtual_ipaddress {
{%- for virtual_ipaddress in instance[1].virtual_ipaddresses %}
{{ virtual_ipaddress }}
{%- endfor%}
}
{%- endif %}
{%- if 'virtual_ipaddresses_excluded' in instance[1] %}
virtual_ipaddress_excluded {
{%- for virtual_ipaddress_excluded in instance[1].virtual_ipaddresses_excluded %}
{{ virtual_ipaddress_excluded }}
{%- endfor%}
}
{%- endif %}
{%- if 'virtual_routes' in instance[1] %}
virtual_routes {
{%- for virtual_route in instance[1].virtual_routes %}
{{ virtual_route }}
{%- endfor%}
{%- if 'blackhole_addresses' in instance[1] %}
{%- for blackhole_address in instance[1].blackhole_addresses %}
blackhole {{ blackhole_address }}
{%- endfor%}
{%- endif %}
}
{%- endif %}
{%- if 'nopreempt' in instance[1] and instance[1].get('nopreempt') %}
nopreempt
{%- endif %}
{%- if 'notify_master' in instance[1] %}
notify_master {{ instance[1].get('notify_master') }}
{%- endif %}
{%- if 'notify_backup' in instance[1] %}
notify_backup {{ instance[1].get('notify_backup') }}
{%- endif %}
{%- if 'notify_fault' in instance[1] %}
notify_fault {{ instance[1].get('notify_fault') }}
{%- endif %}
{%- if 'notify_stop' in instance[1] %}
notify_stop {{ instance[1].get('notify_stop') }}
{%- endif %}
{%- if 'notify' in instance[1] %}
notify {{ instance[1].get('notify') }}
{%- endif %}
{%- if 'smtp_alert' in instance[1] %}
{%- if True == instance[1].get('smtp_alert') %}
smtp_alert
{%- endif %}
{%- endif %}
}
{%- endfor %}
#---------------------------------------------------------------------
# lvs configuration
#---------------------------------------------------------------------
#this section has not been completed
{{ config_entries(keepalived_final_values, 0) }}

View File

@ -2,40 +2,126 @@
# Example pillar configuration # Example pillar configuration
# #
# The following would generate the example file in RedHat based systems.
keepalived: keepalived:
global_defs: global_defs:
notification_emails: notification_email:
- alerts@example.com - acassen@firewall.loc
smtp_server: 'mymail.example.com' - failover@firewall.loc
- sysadmin@firewall.loc
notification_email_from: Alexandre.Cassen@firewall.loc
smtp_server: 192.168.200.1
smtp_connect_timeout: 30 smtp_connect_timeout: 30
router_id: LVS_DEVEL
vrrp_scripts:
chk_haproxy:
script: "killall -0 haproxy"
interval: 2
vrrp_instances: vrrp_instances:
testhaproxy: VI_1:
interface: eth0
priority: 10
virtual_router_id: 01
smtp_alert: True
authentication:
auth_type: PASS
auth_pass: topsecret
virtual_ipaddresses:
- "10.20.30.40"
- "10.20.30.41"
- "10.20.30.42"
track_scripts:
- chk_haproxy
#
# Example Addition Pillar for Master
#
keepalived:
vrrp_instances:
testhaproxy:
state: MASTER state: MASTER
priority: 101 interface: eth0
virtual_router_id: 51
priority: 100
advert_int: 1
authentication:
auth_type: PASS
auth_pass: 1111
virtual_ipaddress:
- 192.168.200.16
- 192.168.200.17
- 192.168.200.18
virtual_server:
# Virtual and real servers include the port as part of the ID.
192.168.200.100 443:
delay_loop: 6
lb_algo: rr
lb_kind: NAT
nat_mask: 255.255.255.0
persistence_timeout: 50
protocol: TCP
real_server:
192.168.201.100 443:
weight: 1
SSL_GET:
# Must be a list because of multiple URL entries.
- url:
path: /
digest: ff20ad2481f97b1754ef3e12ecd3a9cc
- url:
path: /mrtg/
digest: 9b3a0c85a887a256d6939da88aabd8cd
- connect_timeout: 3
- nb_get_retry: 3
- delay_before_retry: 3
10.10.10.2 1358:
delay_loop: 6
lb_algo: rr
lb_kind: NAT
persistence_timeout: 50
protocol: TCP
sorry_server: 192.168.200.200 1358
real_server:
192.168.200.2 1358:
weight: 1
HTTP_GET:
# Must be a list because of multiple URL entries.
- url:
path: /testurl/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- url:
path: /testurl2/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- url:
path: /testurl3/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- connect_timeout: 3
- nb_get_retry: 3
- delay_before_retry: 3
192.168.200.3 1358:
weight: 1
HTTP_GET:
- url:
path: /testurl/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334c
- url:
path: /testurl2/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334c
- connect_timeout: 3
- nb_get_retry: 3
- delay_before_retry: 3
10.10.10.3 1358:
delay_loop: 3
lb_algo: rr
lb_kind: NAT
nat_mask: 255.255.255.0
persistence_timeout: 50
protocol: TCP
real_server:
192.168.200.4 1358:
weight: 1
HTTP_GET:
- url:
path: /testurl/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- url:
path: /testurl2/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- url:
path: /testurl3/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- connect_timeout: 3
- nb_get_retry: 3
- delay_before_retry: 3
192.168.200.5 1358:
weight: 1
HTTP_GET:
- url:
path: /testurl/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- url:
path: /testurl2/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- url:
path: /testurl3/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- connect_timeout: 3
- nb_get_retry: 3
- delay_before_retry: 3