WIP: add vrrp addresses via Ansible
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
a38a174b83
commit
a1995f0e74
13
vrrpd/defaults/main.yml
Normal file
13
vrrpd/defaults/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
vrrp_addresses: []
|
||||||
|
# - {
|
||||||
|
# interface: Null # the interface name to run on
|
||||||
|
# delay: 10 # the advertisement interval (in sec) (default: 1)
|
||||||
|
# id: Null # the id of the virtual server [1-255]
|
||||||
|
# priority: Null # the priority of this host in the virtual server (default: 100)
|
||||||
|
# authentication: Null # authentification type: auth=(none|pw/hexkey|ah/hexkey) hexkey=0x[0-9a-fA-F]+
|
||||||
|
# label: Null # use this name is syslog messages (helps when several vrid are running)
|
||||||
|
# ip: Null # the ip address(es) (and optionnaly subnet mask) of the virtual server
|
||||||
|
# state: Null # 'started' or 'stopped'
|
||||||
|
# }
|
20
vrrpd/tasks/ip.yml
Normal file
20
vrrpd/tasks/ip.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: set unit name
|
||||||
|
set_fact:
|
||||||
|
vrrp_systemd_unit_name: "vrrp-{{ vrrp_address.id }}.service"
|
||||||
|
|
||||||
|
- name: add systemd unit
|
||||||
|
template:
|
||||||
|
src: vrrp.service.j2
|
||||||
|
dest: "/etc/systemd/system/vrrp-{{ vrrp_systemd_unit_name }}"
|
||||||
|
force: yes
|
||||||
|
register: vrrp_systemd_unit
|
||||||
|
|
||||||
|
- name: enable and start systemd unit
|
||||||
|
systemd:
|
||||||
|
name: "{{ vrrp_systemd_unit_name }}"
|
||||||
|
daemon_reload: yes
|
||||||
|
enabled: yes
|
||||||
|
state: "{{ vrrp_address.state }}"
|
||||||
|
when: vrrp_systemd_unit is changed
|
|
@ -14,7 +14,36 @@
|
||||||
tags:
|
tags:
|
||||||
- vrrpd
|
- vrrpd
|
||||||
|
|
||||||
- name: Adjust sysctl config
|
- name: Adjust sysctl config (except rp_filter)
|
||||||
|
sysctl:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
|
sysctl_file: /etc/sysctl.d/vrrpd.conf
|
||||||
|
sysctl_set: yes
|
||||||
|
state: present
|
||||||
|
loop:
|
||||||
|
- { name: 'net.ipv4.conf.all.arp_ignore', value: 1 }
|
||||||
|
- { name: 'net.ipv4.conf.all.arp_announce', value: 2 }
|
||||||
|
- { name: 'net.ipv4.ip_nonlocal_bind', value: 1 }
|
||||||
|
tags:
|
||||||
|
- vrrpd
|
||||||
|
|
||||||
|
- name: look if rp_filter is managed by minifirewall
|
||||||
|
command: grep "SYSCTL_RP_FILTER=" /etc/default/minifirewall
|
||||||
|
failed_when: False
|
||||||
|
changed_when: False
|
||||||
|
check_mode: no
|
||||||
|
register: grep_sysctl_rp_filter_minifirewall
|
||||||
|
|
||||||
|
- name: Configure SYSCTL_RP_FILTER in minifirewall
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/default/minifirewall"
|
||||||
|
line: "SYSCTL_RP_FILTER='0'"
|
||||||
|
regexp: "SYSCTL_RP_FILTER=('|\").*('|\")"
|
||||||
|
create: no
|
||||||
|
when: grep_sysctl_rp_filter_minifirewall.rc == 0
|
||||||
|
|
||||||
|
- name: Adjust sysctl config (only rp_filter)
|
||||||
sysctl:
|
sysctl:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
value: "{{ item.value }}"
|
value: "{{ item.value }}"
|
||||||
|
@ -23,10 +52,13 @@
|
||||||
state: present
|
state: present
|
||||||
loop:
|
loop:
|
||||||
- { name: 'net.ipv4.conf.default.rp_filter', value: 0 }
|
- { name: 'net.ipv4.conf.default.rp_filter', value: 0 }
|
||||||
- { name: 'net.ipv4.conf.eth0.rp_filter', value: 0 }
|
|
||||||
- { name: 'net.ipv4.conf.all.rp_filter', value: 0 }
|
- { name: 'net.ipv4.conf.all.rp_filter', value: 0 }
|
||||||
- { name: 'net.ipv4.conf.all.arp_ignore', value: 1 }
|
when: grep_sysctl_rp_filter_minifirewall.rc != 0
|
||||||
- { name: 'net.ipv4.conf.all.arp_announce', value: 2 }
|
|
||||||
- { name: 'net.ipv4.ip_nonlocal_bind', value: 1 }
|
|
||||||
tags:
|
tags:
|
||||||
- vrrpd
|
- vrrpd
|
||||||
|
|
||||||
|
- name: Create VRRP address
|
||||||
|
include: ip.yml
|
||||||
|
loop: "{{ vrrp_addresses }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: "vrrp_address"
|
11
vrrpd/templates/vrrp.service.j2
Normal file
11
vrrpd/templates/vrrp.service.j2
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
[Unit]
|
||||||
|
Description=VRRP Daemon for IP {{ vrrp_address.ip }} on {{ vrrp_address.interface }}
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/sbin/vrrpd -i {{ vrrp_address.interface | mandatory }} -x -D -d {{ vrrp_address.delay | mandatory }} -v {{ vrrp_address.id | mandatory }} -p {{ vrrp_address.priority | mandatory }} -a {{ vrrp_address.authentication | mandatory }} -l {{ vrrp_address.label | mandatory }} {{ vrrp_address.ip | mandatory }}
|
||||||
|
|
||||||
|
Type=forking
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
Loading…
Reference in a new issue