keepalived-formula/pillar.example
Hatifnatt 5fc37fa6fb feat(scripts): deploy helper scripts
Deploy arbitrary helper scripts to use them in configuration file
2020-11-30 18:10:54 +03:00

182 lines
5.8 KiB
YAML

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
#
# Example pillar configuration
#
# Boolean entries must be placed stored as strings, otherwise it will show
# up as 1 or 0 in the config file.
#
# Anything that needs to be in quotes in the configuration file needs to
# be escaped in the yaml file. Otherwise the quotes will not appear in
# the config file.
#
# When order is important, put the entries into a yaml array or list. This
# could be used to place vrrp_script before vrrp_instance entries.
# The following would generate the example file in RedHat based systems.
keepalived:
config:
global_defs:
notification_email:
- acassen@firewall.loc
- failover@firewall.loc
- sysadmin@firewall.loc
notification_email_from: Alexandre.Cassen@firewall.loc
smtp_server: 192.168.200.1
smtp_connect_timeout: 30
router_id: LVS_DEVEL
vrrp_sync_group:
EXAMPLE_GROUP:
group:
- VI_IPV4
- VI_IPV6
vrrp_instance:
VI_1:
state: MASTER
interface: eth0
virtual_router_id: 51
priority: 100
advert_int: 1
authentication:
auth_type: PASS
auth_pass: 1111
virtual_ipaddress:
- 192.168.200.16
- 192.168.200.17
- 192.168.200.18
virtual_server:
# Virtual and real servers include the port as part of the ID.
192.168.200.100 443:
delay_loop: 6
lb_algo: rr
lb_kind: NAT
nat_mask: 255.255.255.0
persistence_timeout: 50
protocol: TCP
real_server:
192.168.201.100 443:
weight: 1
SSL_GET:
# Must be a list because of multiple URL entries.
- url:
path: /
digest: ff20ad2481f97b1754ef3e12ecd3a9cc
- url:
path: /mrtg/
digest: 9b3a0c85a887a256d6939da88aabd8cd
- connect_timeout: 3
- nb_get_retry: 3
- delay_before_retry: 3
10.10.10.2 1358:
delay_loop: 6
lb_algo: rr
lb_kind: NAT
persistence_timeout: 50
protocol: TCP
sorry_server: 192.168.200.200 1358
real_server:
192.168.200.2 1358:
weight: 1
HTTP_GET:
# Must be a list because of multiple URL entries.
- url:
path: /testurl/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- url:
path: /testurl2/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- url:
path: /testurl3/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- connect_timeout: 3
- nb_get_retry: 3
- delay_before_retry: 3
192.168.200.3 1358:
weight: 1
HTTP_GET:
- url:
path: /testurl/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334c
- url:
path: /testurl2/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334c
- connect_timeout: 3
- nb_get_retry: 3
- delay_before_retry: 3
10.10.10.3 1358:
delay_loop: 3
lb_algo: rr
lb_kind: NAT
nat_mask: 255.255.255.0
persistence_timeout: 50
protocol: TCP
real_server:
192.168.200.4 1358:
weight: 1
HTTP_GET:
- url:
path: /testurl/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- url:
path: /testurl2/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- url:
path: /testurl3/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- connect_timeout: 3
- nb_get_retry: 3
- delay_before_retry: 3
192.168.200.5 1358:
weight: 1
HTTP_GET:
- url:
path: /testurl/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- url:
path: /testurl2/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- url:
path: /testurl3/test.jsp
digest: 640205b7b0fc66c1ea91c463fac6334d
- connect_timeout: 3
- nb_get_retry: 3
- delay_before_retry: 3
vrrp_script:
check_apache:
script: '"killall -0 apache"'
interval: 2
weight: 10
# put helper scripts on the minon
# defaut directory where scripts will be saved if full path not specified
scripts_dir: /etc/keepalived
scripts:
# item name, will be used as file name if full path not specified
check_sshd.sh:
# present - create script
# absent - remove file
ensure: present
# user and group for script file, default is root:root
# note: it's required to use existing user and group
user: root
group: root
# file mode, default is 755
mode: '755'
# full path for script, optional
# if not defined "scripts_dir + '/' + script" will be used as file name
dst_file: /etc/keepalived/check_sshd.sh
# 'contents' have more priority than 'template_file',
# if 'contents' present, 'template_file' won't be used,
# but one of them is mandatory
contents: |
#!/usr/bin/env bash
pidof sshd
# source template for script
template_file: check_sshd.sh
# template engine to use for rendering, default is jinja
template_engine: jinja
# dict with arbitrary data that will be passed to template as 'data' variable
context:
foo: bar