WIP: add vrrp addresses via Ansible
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Jérémy Lecour 2022-06-17 10:54:26 +02:00 committed by Jérémy Lecour
parent a38a174b83
commit a1995f0e74
4 changed files with 81 additions and 5 deletions

13
vrrpd/defaults/main.yml Normal file
View file

@ -0,0 +1,13 @@
---
vrrp_addresses: []
# - {
# interface: Null # the interface name to run on
# delay: 10 # the advertisement interval (in sec) (default: 1)
# id: Null # the id of the virtual server [1-255]
# priority: Null # the priority of this host in the virtual server (default: 100)
# authentication: Null # authentification type: auth=(none|pw/hexkey|ah/hexkey) hexkey=0x[0-9a-fA-F]+
# label: Null # use this name is syslog messages (helps when several vrid are running)
# ip: Null # the ip address(es) (and optionnaly subnet mask) of the virtual server
# state: Null # 'started' or 'stopped'
# }

20
vrrpd/tasks/ip.yml Normal file
View file

@ -0,0 +1,20 @@
---
- name: set unit name
set_fact:
vrrp_systemd_unit_name: "vrrp-{{ vrrp_address.id }}.service"
- name: add systemd unit
template:
src: vrrp.service.j2
dest: "/etc/systemd/system/vrrp-{{ vrrp_systemd_unit_name }}"
force: yes
register: vrrp_systemd_unit
- name: enable and start systemd unit
systemd:
name: "{{ vrrp_systemd_unit_name }}"
daemon_reload: yes
enabled: yes
state: "{{ vrrp_address.state }}"
when: vrrp_systemd_unit is changed

View file

@ -14,7 +14,36 @@
tags:
- vrrpd
- name: Adjust sysctl config
- name: Adjust sysctl config (except rp_filter)
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
sysctl_file: /etc/sysctl.d/vrrpd.conf
sysctl_set: yes
state: present
loop:
- { name: 'net.ipv4.conf.all.arp_ignore', value: 1 }
- { name: 'net.ipv4.conf.all.arp_announce', value: 2 }
- { name: 'net.ipv4.ip_nonlocal_bind', value: 1 }
tags:
- vrrpd
- name: look if rp_filter is managed by minifirewall
command: grep "SYSCTL_RP_FILTER=" /etc/default/minifirewall
failed_when: False
changed_when: False
check_mode: no
register: grep_sysctl_rp_filter_minifirewall
- name: Configure SYSCTL_RP_FILTER in minifirewall
lineinfile:
dest: "/etc/default/minifirewall"
line: "SYSCTL_RP_FILTER='0'"
regexp: "SYSCTL_RP_FILTER=('|\").*('|\")"
create: no
when: grep_sysctl_rp_filter_minifirewall.rc == 0
- name: Adjust sysctl config (only rp_filter)
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
@ -23,10 +52,13 @@
state: present
loop:
- { name: 'net.ipv4.conf.default.rp_filter', value: 0 }
- { name: 'net.ipv4.conf.eth0.rp_filter', value: 0 }
- { name: 'net.ipv4.conf.all.rp_filter', value: 0 }
- { name: 'net.ipv4.conf.all.arp_ignore', value: 1 }
- { name: 'net.ipv4.conf.all.arp_announce', value: 2 }
- { name: 'net.ipv4.ip_nonlocal_bind', value: 1 }
when: grep_sysctl_rp_filter_minifirewall.rc != 0
tags:
- vrrpd
- name: Create VRRP address
include: ip.yml
loop: "{{ vrrp_addresses }}"
loop_control:
loop_var: "vrrp_address"

View file

@ -0,0 +1,11 @@
[Unit]
Description=VRRP Daemon for IP {{ vrrp_address.ip }} on {{ vrrp_address.interface }}
After=network.target
[Service]
ExecStart=/usr/sbin/vrrpd -i {{ vrrp_address.interface | mandatory }} -x -D -d {{ vrrp_address.delay | mandatory }} -v {{ vrrp_address.id | mandatory }} -p {{ vrrp_address.priority | mandatory }} -a {{ vrrp_address.authentication | mandatory }} -l {{ vrrp_address.label | mandatory }} {{ vrrp_address.ip | mandatory }}
Type=forking
[Install]
WantedBy=default.target