# -*- coding: utf-8 -*-
# vim: ft=yaml
---
#
# Example pillar configuration
#
# Boolean entries must be placed stored as strings, otherwise it will show
# up as 1 or 0 in the config file.
#
# Anything that needs to be in quotes in the configuration file needs to
# be escaped in the yaml file.  Otherwise the quotes will not appear in
# the config file.
#
# When order is important, put the entries into a yaml array or list.  This
# could be used to place vrrp_script before vrrp_instance entries.

# The following would generate the example file in RedHat based systems.

keepalived:
  config:
    global_defs:
      notification_email:
        - acassen@firewall.loc
        - failover@firewall.loc
        - sysadmin@firewall.loc
      notification_email_from: Alexandre.Cassen@firewall.loc
      smtp_server: 192.168.200.1
      smtp_connect_timeout: 30
      router_id: LVS_DEVEL
    vrrp_sync_group:
      EXAMPLE_GROUP:
        group:
          - VI_IPV4
          - VI_IPV6
    vrrp_instance:
      VI_1:
        state: MASTER
        interface: eth0
        virtual_router_id: 51
        priority: 100
        advert_int: 1
        # switch type parameters must be defined as boolean: true / false
        # 1 / 0 values will be treated as numbers
        # nopreempt: true
        # dont_track_primary: true
        authentication:
          auth_type: PASS
          auth_pass: 1111
        virtual_ipaddress:
          - 192.168.200.16
          - 192.168.200.17
          - 192.168.200.18
    virtual_server:
      # Virtual and real servers include the port as part of the ID.
      192.168.200.100 443:
        delay_loop: 6
        lb_algo: rr
        lb_kind: NAT
        nat_mask: 255.255.255.0
        persistence_timeout: 50
        protocol: TCP
        real_server:
          192.168.201.100 443:
            weight: 1
            SSL_GET:
              # Must be a list because of multiple URL entries.
              - url:
                  path: /
                  digest: ff20ad2481f97b1754ef3e12ecd3a9cc
              - url:
                  path: /mrtg/
                  digest: 9b3a0c85a887a256d6939da88aabd8cd
              - connect_timeout: 3
              - nb_get_retry: 3
              - delay_before_retry: 3
      10.10.10.2 1358:
        delay_loop: 6
        lb_algo: rr
        lb_kind: NAT
        persistence_timeout: 50
        protocol: TCP
        sorry_server: 192.168.200.200 1358
        real_server:
          192.168.200.2 1358:
            weight: 1
            HTTP_GET:
              # Must be a list because of multiple URL entries.
              - url:
                  path: /testurl/test.jsp
                  digest: 640205b7b0fc66c1ea91c463fac6334d
              - url:
                  path: /testurl2/test.jsp
                  digest: 640205b7b0fc66c1ea91c463fac6334d
              - url:
                  path: /testurl3/test.jsp
                  digest: 640205b7b0fc66c1ea91c463fac6334d
              - connect_timeout: 3
              - nb_get_retry: 3
              - delay_before_retry: 3
          192.168.200.3 1358:
            weight: 1
            HTTP_GET:
              - url:
                  path: /testurl/test.jsp
                  digest: 640205b7b0fc66c1ea91c463fac6334c
              - url:
                  path: /testurl2/test.jsp
                  digest: 640205b7b0fc66c1ea91c463fac6334c
              - connect_timeout: 3
              - nb_get_retry: 3
              - delay_before_retry: 3
      10.10.10.3 1358:
        delay_loop: 3
        lb_algo: rr
        lb_kind: NAT
        nat_mask: 255.255.255.0
        persistence_timeout: 50
        protocol: TCP
        real_server:
          192.168.200.4 1358:
            weight: 1
            HTTP_GET:
              - url:
                  path: /testurl/test.jsp
                  digest: 640205b7b0fc66c1ea91c463fac6334d
              - url:
                  path: /testurl2/test.jsp
                  digest: 640205b7b0fc66c1ea91c463fac6334d
              - url:
                  path: /testurl3/test.jsp
                  digest: 640205b7b0fc66c1ea91c463fac6334d
              - connect_timeout: 3
              - nb_get_retry: 3
              - delay_before_retry: 3
          192.168.200.5 1358:
            weight: 1
            HTTP_GET:
              - url:
                  path: /testurl/test.jsp
                  digest: 640205b7b0fc66c1ea91c463fac6334d
              - url:
                  path: /testurl2/test.jsp
                  digest: 640205b7b0fc66c1ea91c463fac6334d
              - url:
                  path: /testurl3/test.jsp
                  digest: 640205b7b0fc66c1ea91c463fac6334d
              - connect_timeout: 3
              - nb_get_retry: 3
              - delay_before_retry: 3
    vrrp_script:
      check_apache:
        script: '"killall -0 apache"'
        interval: 2
        weight: 10
  # put helper scripts on the minon
  # defaut directory where scripts will be saved if full path not specified
  scripts_dir: /etc/keepalived
  scripts:
    # item name, will be used as file name if full path not specified
    check_sshd.sh:
      # present - create script
      # absent - remove file
      ensure: present
      # user and group for script file, default is root:root
      # note: it's required to use existing user and group
      user: root
      group: root
      # file mode, default is 755
      mode: '755'
      # full path for script, optional
      # if not defined "scripts_dir + '/' + script" will be used as file name
      dst_file: /etc/keepalived/check_sshd.sh
      # 'contents' have more priority than 'template_file',
      # if 'contents' present, 'template_file' won't be used,
      # but one of them is mandatory
      contents: |
          #!/usr/bin/env bash
          pidof sshd
      # source template for script
      template_file: check_sshd.sh
      # template engine to use for rendering, default is jinja
      template_engine: jinja
      # dict with arbitrary data that will be passed to template as 'data' variable
      context:
        foo: bar