186 lines
5.9 KiB
YAML
186 lines
5.9 KiB
YAML
# -*- coding: utf-8 -*-
|
|
# vim: ft=yaml
|
|
---
|
|
#
|
|
# Example pillar configuration
|
|
#
|
|
# Boolean entries must be placed stored as strings, otherwise it will show
|
|
# up as 1 or 0 in the config file.
|
|
#
|
|
# Anything that needs to be in quotes in the configuration file needs to
|
|
# be escaped in the yaml file. Otherwise the quotes will not appear in
|
|
# the config file.
|
|
#
|
|
# When order is important, put the entries into a yaml array or list. This
|
|
# could be used to place vrrp_script before vrrp_instance entries.
|
|
|
|
# The following would generate the example file in RedHat based systems.
|
|
|
|
keepalived:
|
|
config:
|
|
global_defs:
|
|
notification_email:
|
|
- acassen@firewall.loc
|
|
- failover@firewall.loc
|
|
- sysadmin@firewall.loc
|
|
notification_email_from: Alexandre.Cassen@firewall.loc
|
|
smtp_server: 192.168.200.1
|
|
smtp_connect_timeout: 30
|
|
router_id: LVS_DEVEL
|
|
vrrp_sync_group:
|
|
EXAMPLE_GROUP:
|
|
group:
|
|
- VI_IPV4
|
|
- VI_IPV6
|
|
vrrp_instance:
|
|
VI_1:
|
|
state: MASTER
|
|
interface: eth0
|
|
virtual_router_id: 51
|
|
priority: 100
|
|
advert_int: 1
|
|
# switch type parameters must be defined as boolean: true / false
|
|
# 1 / 0 values will be treated as numbers
|
|
# nopreempt: true
|
|
# dont_track_primary: true
|
|
authentication:
|
|
auth_type: PASS
|
|
auth_pass: 1111
|
|
virtual_ipaddress:
|
|
- 192.168.200.16
|
|
- 192.168.200.17
|
|
- 192.168.200.18
|
|
virtual_server:
|
|
# Virtual and real servers include the port as part of the ID.
|
|
192.168.200.100 443:
|
|
delay_loop: 6
|
|
lb_algo: rr
|
|
lb_kind: NAT
|
|
nat_mask: 255.255.255.0
|
|
persistence_timeout: 50
|
|
protocol: TCP
|
|
real_server:
|
|
192.168.201.100 443:
|
|
weight: 1
|
|
SSL_GET:
|
|
# Must be a list because of multiple URL entries.
|
|
- url:
|
|
path: /
|
|
digest: ff20ad2481f97b1754ef3e12ecd3a9cc
|
|
- url:
|
|
path: /mrtg/
|
|
digest: 9b3a0c85a887a256d6939da88aabd8cd
|
|
- connect_timeout: 3
|
|
- nb_get_retry: 3
|
|
- delay_before_retry: 3
|
|
10.10.10.2 1358:
|
|
delay_loop: 6
|
|
lb_algo: rr
|
|
lb_kind: NAT
|
|
persistence_timeout: 50
|
|
protocol: TCP
|
|
sorry_server: 192.168.200.200 1358
|
|
real_server:
|
|
192.168.200.2 1358:
|
|
weight: 1
|
|
HTTP_GET:
|
|
# Must be a list because of multiple URL entries.
|
|
- url:
|
|
path: /testurl/test.jsp
|
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
|
- url:
|
|
path: /testurl2/test.jsp
|
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
|
- url:
|
|
path: /testurl3/test.jsp
|
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
|
- connect_timeout: 3
|
|
- nb_get_retry: 3
|
|
- delay_before_retry: 3
|
|
192.168.200.3 1358:
|
|
weight: 1
|
|
HTTP_GET:
|
|
- url:
|
|
path: /testurl/test.jsp
|
|
digest: 640205b7b0fc66c1ea91c463fac6334c
|
|
- url:
|
|
path: /testurl2/test.jsp
|
|
digest: 640205b7b0fc66c1ea91c463fac6334c
|
|
- connect_timeout: 3
|
|
- nb_get_retry: 3
|
|
- delay_before_retry: 3
|
|
10.10.10.3 1358:
|
|
delay_loop: 3
|
|
lb_algo: rr
|
|
lb_kind: NAT
|
|
nat_mask: 255.255.255.0
|
|
persistence_timeout: 50
|
|
protocol: TCP
|
|
real_server:
|
|
192.168.200.4 1358:
|
|
weight: 1
|
|
HTTP_GET:
|
|
- url:
|
|
path: /testurl/test.jsp
|
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
|
- url:
|
|
path: /testurl2/test.jsp
|
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
|
- url:
|
|
path: /testurl3/test.jsp
|
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
|
- connect_timeout: 3
|
|
- nb_get_retry: 3
|
|
- delay_before_retry: 3
|
|
192.168.200.5 1358:
|
|
weight: 1
|
|
HTTP_GET:
|
|
- url:
|
|
path: /testurl/test.jsp
|
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
|
- url:
|
|
path: /testurl2/test.jsp
|
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
|
- url:
|
|
path: /testurl3/test.jsp
|
|
digest: 640205b7b0fc66c1ea91c463fac6334d
|
|
- connect_timeout: 3
|
|
- nb_get_retry: 3
|
|
- delay_before_retry: 3
|
|
vrrp_script:
|
|
check_apache:
|
|
script: '"killall -0 apache"'
|
|
interval: 2
|
|
weight: 10
|
|
# put helper scripts on the minon
|
|
# defaut directory where scripts will be saved if full path not specified
|
|
scripts_dir: /etc/keepalived
|
|
scripts:
|
|
# item name, will be used as file name if full path not specified
|
|
check_sshd.sh:
|
|
# present - create script
|
|
# absent - remove file
|
|
ensure: present
|
|
# user and group for script file, default is root:root
|
|
# note: it's required to use existing user and group
|
|
user: root
|
|
group: root
|
|
# file mode, default is 755
|
|
mode: '755'
|
|
# full path for script, optional
|
|
# if not defined "scripts_dir + '/' + script" will be used as file name
|
|
dst_file: /etc/keepalived/check_sshd.sh
|
|
# 'contents' have more priority than 'template_file',
|
|
# if 'contents' present, 'template_file' won't be used,
|
|
# but one of them is mandatory
|
|
contents: |
|
|
#!/usr/bin/env bash
|
|
pidof sshd
|
|
# source template for script
|
|
template_file: check_sshd.sh
|
|
# template engine to use for rendering, default is jinja
|
|
template_engine: jinja
|
|
# dict with arbitrary data that will be passed to template as 'data' variable
|
|
context:
|
|
foo: bar
|