# -*- coding: utf-8 -*- # vim: ft=yaml --- # # Example pillar configuration # # Boolean entries must be placed stored as strings, otherwise it will show # up as 1 or 0 in the config file. # # Anything that needs to be in quotes in the configuration file needs to # be escaped in the yaml file. Otherwise the quotes will not appear in # the config file. # # When order is important, put the entries into a yaml array or list. This # could be used to place vrrp_script before vrrp_instance entries. # The following would generate the example file in RedHat based systems. keepalived: config: global_defs: notification_email: - acassen@firewall.loc - failover@firewall.loc - sysadmin@firewall.loc notification_email_from: Alexandre.Cassen@firewall.loc smtp_server: 192.168.200.1 smtp_connect_timeout: 30 router_id: LVS_DEVEL vrrp_sync_group: EXAMPLE_GROUP: group: - VI_IPV4 - VI_IPV6 vrrp_instance: VI_1: state: MASTER interface: eth0 virtual_router_id: 51 priority: 100 advert_int: 1 authentication: auth_type: PASS auth_pass: 1111 virtual_ipaddress: - 192.168.200.16 - 192.168.200.17 - 192.168.200.18 virtual_server: # Virtual and real servers include the port as part of the ID. 192.168.200.100 443: delay_loop: 6 lb_algo: rr lb_kind: NAT nat_mask: 255.255.255.0 persistence_timeout: 50 protocol: TCP real_server: 192.168.201.100 443: weight: 1 SSL_GET: # Must be a list because of multiple URL entries. - url: path: / digest: ff20ad2481f97b1754ef3e12ecd3a9cc - url: path: /mrtg/ digest: 9b3a0c85a887a256d6939da88aabd8cd - connect_timeout: 3 - nb_get_retry: 3 - delay_before_retry: 3 10.10.10.2 1358: delay_loop: 6 lb_algo: rr lb_kind: NAT persistence_timeout: 50 protocol: TCP sorry_server: 192.168.200.200 1358 real_server: 192.168.200.2 1358: weight: 1 HTTP_GET: # Must be a list because of multiple URL entries. - url: path: /testurl/test.jsp digest: 640205b7b0fc66c1ea91c463fac6334d - url: path: /testurl2/test.jsp digest: 640205b7b0fc66c1ea91c463fac6334d - url: path: /testurl3/test.jsp digest: 640205b7b0fc66c1ea91c463fac6334d - connect_timeout: 3 - nb_get_retry: 3 - delay_before_retry: 3 192.168.200.3 1358: weight: 1 HTTP_GET: - url: path: /testurl/test.jsp digest: 640205b7b0fc66c1ea91c463fac6334c - url: path: /testurl2/test.jsp digest: 640205b7b0fc66c1ea91c463fac6334c - connect_timeout: 3 - nb_get_retry: 3 - delay_before_retry: 3 10.10.10.3 1358: delay_loop: 3 lb_algo: rr lb_kind: NAT nat_mask: 255.255.255.0 persistence_timeout: 50 protocol: TCP real_server: 192.168.200.4 1358: weight: 1 HTTP_GET: - url: path: /testurl/test.jsp digest: 640205b7b0fc66c1ea91c463fac6334d - url: path: /testurl2/test.jsp digest: 640205b7b0fc66c1ea91c463fac6334d - url: path: /testurl3/test.jsp digest: 640205b7b0fc66c1ea91c463fac6334d - connect_timeout: 3 - nb_get_retry: 3 - delay_before_retry: 3 192.168.200.5 1358: weight: 1 HTTP_GET: - url: path: /testurl/test.jsp digest: 640205b7b0fc66c1ea91c463fac6334d - url: path: /testurl2/test.jsp digest: 640205b7b0fc66c1ea91c463fac6334d - url: path: /testurl3/test.jsp digest: 640205b7b0fc66c1ea91c463fac6334d - connect_timeout: 3 - nb_get_retry: 3 - delay_before_retry: 3 vrrp_script: check_apache: script: '"killall -0 apache"' interval: 2 weight: 10 # put helper scripts on the minon # defaut directory where scripts will be saved if full path not specified scripts_dir: /etc/keepalived scripts: # item name, will be used as file name if full path not specified check_sshd.sh: # present - create script # absent - remove file ensure: present # user and group for script file, default is root:root # note: it's required to use existing user and group user: root group: root # file mode, default is 755 mode: '755' # full path for script, optional # if not defined "scripts_dir + '/' + script" will be used as file name dst_file: /etc/keepalived/check_sshd.sh # 'contents' have more priority than 'template_file', # if 'contents' present, 'template_file' won't be used, # but one of them is mandatory contents: | #!/usr/bin/env bash pidof sshd # source template for script template_file: check_sshd.sh # template engine to use for rendering, default is jinja template_engine: jinja # dict with arbitrary data that will be passed to template as 'data' variable context: foo: bar