diff --git a/.github/labeler.yml b/.github/labeler.yml index df903d6..5e5241b 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -4,6 +4,12 @@ # SPDX-License-Identifier: Apache-2.0 --- +keepalived: + - changed-files: + - any-glob-to-any-file: + - "roles/keepalived/**" + - "molecule/keepalived/**" + - ".github/workflows/keepalived.yml" ssh_keys: - changed-files: - any-glob-to-any-file: diff --git a/.github/workflows/keepalived.yml b/.github/workflows/keepalived.yml new file mode 100644 index 0000000..dbdd980 --- /dev/null +++ b/.github/workflows/keepalived.yml @@ -0,0 +1,59 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- +name: "hifis.keepalived" + +on: + pull_request: + paths: + - '.github/workflows/keepalived.yml' + - 'roles/keepalived/**' + - 'molecule/keepalived/**' + - 'Pipfile' + - 'Pipfile.lock' + push: + branches: + - "main" + tags: + - "v*.*.*" + paths: + - '.github/workflows/keepalived.yml' + - 'roles/keepalived/**' + - 'molecule/keepalived/**' + - 'Pipfile' + - 'Pipfile.lock' + schedule: + - cron: '0 0 * * *' + +jobs: + + test: + name: "Run Molecule tests." + runs-on: "ubuntu-24.04" + env: + PY_COLORS: 1 + ANSIBLE_FORCE_COLOR: 1 + strategy: + fail-fast: false + matrix: + image: + - "ghcr.io/hifis-net/ubuntu-systemd:22.04" + - "ghcr.io/hifis-net/ubuntu-systemd:20.04" + + steps: + - name: "Check out the codebase." + uses: "actions/checkout@v4" + with: + path: "ansible_collections/hifis/toolkit" + + - name: "Prepare the job environment." + uses: "./ansible_collections/hifis/toolkit/.github/workflows/prepare-action" + + - name: "Run Molecule tests." + run: "pipenv run molecule test -s keepalived" + env: + MOLECULE_IMAGE: "${{ matrix.image }}" + working-directory: "ansible_collections/hifis/toolkit" diff --git a/README.md b/README.md index 304ed79..a064255 100644 --- a/README.md +++ b/README.md @@ -18,17 +18,17 @@ This collection provides production-ready Ansible roles used for providing servi software engineers, but not exclusively. The following use cases are supported: * DevOps platform: - * [GitLab](https://github.com/hifis-net/ansible-role-gitlab) (coming soon!) - * [GitLab-Runner](https://github.com/hifis-net/ansible-role-gitlab-runner) (coming soon!) - * [Redis](https://github.com/hifis-net/ansible-role-redis) (coming soon!) + * [GitLab](https://github.com/hifis-net/ansible-role-gitlab) (*coming soon!*) + * [GitLab-Runner](https://github.com/hifis-net/ansible-role-gitlab-runner) (*coming soon!*) + * [Redis](https://github.com/hifis-net/ansible-role-redis) (*coming soon!*) * Help desk: * [**Zammad**](roles/zammad) * High Availability (HA) / Load Balancing: - * [HAProxy](https://github.com/hifis-net/ansible-role-haproxy) (coming soon!) - * [Keepalived](https://github.com/hifis-net/ansible-role-keepalived) (coming soon!) + * [HAProxy](https://github.com/hifis-net/ansible-role-haproxy) (*coming soon!*) + * [**Keepalived**](roles/keepalived) * OS-related: * [**unattended-upgrades**](roles/unattended_upgrades) - * [netplan](https://github.com/hifis-net/ansible-role-gitlab-netplan) (coming soon!) + * [netplan](https://github.com/hifis-net/ansible-role-gitlab-netplan) (*coming soon!*) * distribute authorized [**SSH keys**](role/ssh_keys) to users ## Minimum required Ansible-version diff --git a/molecule/keepalived/converge.yml b/molecule/keepalived/converge.yml new file mode 100644 index 0000000..1dacfae --- /dev/null +++ b/molecule/keepalived/converge.yml @@ -0,0 +1,20 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- + +- name: "Converge" + hosts: "all" + vars: + keepalived_unicast_peers: + - "172.17.0.3" + - "172.17.0.4" + keepalived_virtual_ip_address: "172.17.0.20" + tasks: + - name: "Include keepalived role" + ansible.builtin.include_role: + name: "hifis.toolkit.keepalived" + +... diff --git a/molecule/keepalived/molecule.yml b/molecule/keepalived/molecule.yml new file mode 100644 index 0000000..b824e75 --- /dev/null +++ b/molecule/keepalived/molecule.yml @@ -0,0 +1,48 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- + +dependency: + name: "galaxy" +driver: + name: "podman" +platforms: + - name: "instancekeepalived" + image: "${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:22.04}" + pre_build_image: true + privileged: true + systemd: "always" + tty: true + override_command: false +provisioner: + name: "ansible" + config_options: + defaults: + stdout_callback: "yaml" + playbooks: + prepare: "prepare.yml" + check: "converge.yml" + converge: "converge.yml" + verify: "verify.yml" +verifier: + name: "ansible" +scenario: + name: "keepalived" + test_sequence: + - "destroy" + - "dependency" + - "syntax" + - "create" + - "prepare" + - "check" + - "converge" + - "idempotence" + - "check" + - "side_effect" + - "verify" + - "destroy" + +... diff --git a/molecule/keepalived/prepare.yml b/molecule/keepalived/prepare.yml new file mode 100644 index 0000000..c68c096 --- /dev/null +++ b/molecule/keepalived/prepare.yml @@ -0,0 +1,20 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- + +- name: "Prepare" + hosts: "all" + tasks: + - name: "Install dependencies" + ansible.builtin.apt: + name: + - "sudo" # for `become` privilege escalation + - "iproute2" # for gathering network facts + - "psmisc" # provides `killall` command + state: "present" + update_cache: true + +... diff --git a/molecule/keepalived/verify.yml b/molecule/keepalived/verify.yml new file mode 100644 index 0000000..0c1607c --- /dev/null +++ b/molecule/keepalived/verify.yml @@ -0,0 +1,22 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- + +- name: "Verify Keepalived" + hosts: "all" + tasks: + - name: "Populate service facts." + ansible.builtin.service_facts: + register: "services_state" + + - name: "Check that Keepalived is running on instance." + ansible.builtin.assert: + that: + - "services_state.ansible_facts.services['keepalived.service'].state is search('running')" + fail_msg: "Keepalived need to be running on instance." + success_msg: "Keepalived is running on instance." + +... diff --git a/requirements.yml b/requirements.yml index 4e5cf05..0f774a8 100644 --- a/requirements.yml +++ b/requirements.yml @@ -8,3 +8,4 @@ collections: - name: "ansible.posix" - name: "community.crypto" + - name: "community.general" diff --git a/roles/keepalived/CHANGELOG.md b/roles/keepalived/CHANGELOG.md new file mode 100644 index 0000000..145d868 --- /dev/null +++ b/roles/keepalived/CHANGELOG.md @@ -0,0 +1,230 @@ + + +# Changelog + +## [v1.2.0](https://github.com/hifis-net/ansible-role-keepalived/tree/v1.2.0) (2023-12-13) + +[Full Changelog](https://github.com/hifis-net/ansible-role-keepalived/compare/v1.1.1...v1.2.0) + +**Implemented enhancements:** + +- Switch to molecule-podman instead of molecule-docker [\#27](https://github.com/hifis-net/ansible-role-keepalived/issues/27) +- Add badges to README [\#6](https://github.com/hifis-net/ansible-role-keepalived/issues/6) + +**Fixed bugs:** + +- Specify which paths to lint with ansible-lint in the molecule lint stage [\#45](https://github.com/hifis-net/ansible-role-keepalived/issues/45) + +**Closed issues:** + +- Add GitHub Changelog generator config [\#77](https://github.com/hifis-net/ansible-role-keepalived/issues/77) +- Add CODEOWNERS file [\#75](https://github.com/hifis-net/ansible-role-keepalived/issues/75) +- Add CITATION.cff [\#74](https://github.com/hifis-net/ansible-role-keepalived/issues/74) +- Add support for Ubuntu 22.04 [\#26](https://github.com/hifis-net/ansible-role-keepalived/issues/26) + +**Merged pull requests:** + +- Bump ansible from 9.0.1 to 9.1.0 [\#82](https://github.com/hifis-net/ansible-role-keepalived/pull/82) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore: bump keepalived version from 2.2.7 to 2.2.8 [\#81](https://github.com/hifis-net/ansible-role-keepalived/pull/81) ([Normo](https://github.com/Normo)) +- Bump ansible from 8.5.0 to 9.0.1 [\#80](https://github.com/hifis-net/ansible-role-keepalived/pull/80) ([dependabot[bot]](https://github.com/apps/dependabot)) +- chore: add github changelog generator config [\#79](https://github.com/hifis-net/ansible-role-keepalived/pull/79) ([Normo](https://github.com/Normo)) +- Add CODEOWNERS file [\#78](https://github.com/hifis-net/ansible-role-keepalived/pull/78) ([Normo](https://github.com/Normo)) +- Add CITATION.cff [\#76](https://github.com/hifis-net/ansible-role-keepalived/pull/76) ([Normo](https://github.com/Normo)) +- ci: make ci workflow working again [\#73](https://github.com/hifis-net/ansible-role-keepalived/pull/73) ([Normo](https://github.com/Normo)) +- Bump ansible-lint from 6.8.4 to 6.8.6 [\#50](https://github.com/hifis-net/ansible-role-keepalived/pull/50) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.8.3 to 6.8.4 [\#48](https://github.com/hifis-net/ansible-role-keepalived/pull/48) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.8.2 to 6.8.3 [\#47](https://github.com/hifis-net/ansible-role-keepalived/pull/47) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 4.0.2 to 4.0.3 [\#46](https://github.com/hifis-net/ansible-role-keepalived/pull/46) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 4.0.1 to 4.0.2 [\#44](https://github.com/hifis-net/ansible-role-keepalived/pull/44) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.4.0 to 6.8.2 [\#43](https://github.com/hifis-net/ansible-role-keepalived/pull/43) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 6.2.0 to 6.5.0 [\#42](https://github.com/hifis-net/ansible-role-keepalived/pull/42) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule-podman from 2.0.2 to 2.0.3 [\#39](https://github.com/hifis-net/ansible-role-keepalived/pull/39) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump yamllint from 1.27.1 to 1.28.0 [\#34](https://github.com/hifis-net/ansible-role-keepalived/pull/34) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Add support for Ubuntu 22.04 [\#29](https://github.com/hifis-net/ansible-role-keepalived/pull/29) ([tobiashuste](https://github.com/tobiashuste)) +- Use molecule-podman instead of molecule-docker [\#28](https://github.com/hifis-net/ansible-role-keepalived/pull/28) ([tobiashuste](https://github.com/tobiashuste)) +- Bump ansible from 5.7.1 to 6.2.0 [\#25](https://github.com/hifis-net/ansible-role-keepalived/pull/25) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible-lint from 6.0.2 to 6.4.0 [\#24](https://github.com/hifis-net/ansible-role-keepalived/pull/24) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump molecule from 3.6.1 to 4.0.1 [\#23](https://github.com/hifis-net/ansible-role-keepalived/pull/23) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump yamllint from 1.26.3 to 1.27.1 [\#21](https://github.com/hifis-net/ansible-role-keepalived/pull/21) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump robertdebock/galaxy-action from 1.2.0 to 1.2.1 [\#15](https://github.com/hifis-net/ansible-role-keepalived/pull/15) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump reuse from 0.14.0 to 1.0.0 [\#14](https://github.com/hifis-net/ansible-role-keepalived/pull/14) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 5.6.0 to 5.7.1 [\#9](https://github.com/hifis-net/ansible-role-keepalived/pull/9) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Add badges to README [\#7](https://github.com/hifis-net/ansible-role-keepalived/pull/7) ([tobiashuste](https://github.com/tobiashuste)) +- Bump ansible-lint from 5.4.0 to 6.0.2 [\#5](https://github.com/hifis-net/ansible-role-keepalived/pull/5) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump ansible from 5.4.0 to 5.6.0 [\#3](https://github.com/hifis-net/ansible-role-keepalived/pull/3) ([dependabot[bot]](https://github.com/apps/dependabot)) +- Implement CI pipeline via GitHub Actions [\#1](https://github.com/hifis-net/ansible-role-keepalived/pull/1) ([tobiashuste](https://github.com/tobiashuste)) + +### Fixed + +- Fix failing CI pipeline + ([!57](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/57) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +### Changed + +- Install Keepalived 2.2.7 by default + ([!58](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/58) + by [christian.hueser.hzdr](https://gitlab.com/christian.hueser.hzdr)). + +## [1.1.1](https://gitlab.com/hifis/ansible/keepalived-role/-/releases/v1.1.1) - 2021-07-08 + +[List of commits](https://gitlab.com/hifis/ansible/keepalived-role/-/compare/v1.1.0...v1.1.1) + +### Fixed + +- Fix failing built of Keepalived from source with module make in initial dry-runs + ([!55](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/55) + by [christian.hueser.hzdr](https://gitlab.com/christian.hueser.hzdr)). + +## [1.1.0](https://gitlab.com/hifis/ansible/keepalived-role/-/releases/v1.1.0) - 2021-06-28 + +[List of commits](https://gitlab.com/hifis/ansible/keepalived-role/-/compare/v1.0.0...v1.1.0) + +### Added + +- Automate Ansible Galaxy role import + ([!50](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/50) + by [Normo](https://gitlab.com/Normo)). + +### Changed + +- Bump keepalived from 2.2.1 to 2.2.2 + ([!53](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/53) + by [Normo](https://gitlab.com/Normo)). +- Use FQDN for Ansible modules + ([!52](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/52) + by [Normo](https://gitlab.com/Normo)). +- Make a dry-run part of molecule default scenario + ([!49](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/49) + by [Normo](https://gitlab.com/Normo)). + +## [1.0.0](https://gitlab.com/hifis/ansible/keepalived-role/-/releases/v1.0.0) - 2021-01-26 + +[List of commits](https://gitlab.com/hifis/ansible/keepalived-role/-/compare/v0.5.0...v1.0.0) + +### Added + +- Add keepalived config verification task + ([!42](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/42) + by [Normo](https://gitlab.com/Normo)). + +### Changed + +- Resolve "Refactor file path variables" + ([!35](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/35) + by [Normo](https://gitlab.com/Normo)). +- Set keepalived 2.2.1 as default version + ([!37](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/37) + by [Normo](https://gitlab.com/Normo)). +- Remove keepalived user and group + ([!39](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/39) + by [Normo](https://gitlab.com/Normo)). +- Update role meta information + ([!38](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/38) + by [Normo](https://gitlab.com/Normo)). +- Rename default branch to 'main' + ([!41](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/41) + by [Normo](https://gitlab.com/Normo)). +- Update virtual env packages + ([!43](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/43) + by [Normo](https://gitlab.com/Normo)). +- Add variable to configure `max_auto_priority` + ([!44](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/44) + by [Normo](https://gitlab.com/Normo)). + +## [0.5.0](https://gitlab.com/hifis/ansible/keepalived-role/-/releases/v0.5.0) - 2021-01-21 + +[List of commits](https://gitlab.com/hifis/ansible/keepalived-role/-/compare/v0.4.0...v0.5.0) + +### Upgrade notes + +The keepalived executable has been moved from the build directory +`/usr/local/src/keepalived-x.y.z/sbin/keepalived` to +`/usr/local/sbin/keepalived`. Due to this fact, the build directory of the +previous version is not removed during an upgrade. This needs to be done +manually. + +### Changed + +- Put sysconfig file into config directory + ([!12](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/12) + by [christian.hueser.hzdr](https://gitlab.com/christian.hueser.hzdr)) +- Simplify systemd config reload + ([!30](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/30) + by [Normo](https://gitlab.com/Normo)). +- Use a temporary directory as build directory + ([!34](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/34) + by [Normo](https://gitlab.com/Normo)). + +### Fixed + +- Resolve "Upgrading Keepalived executable does not work as expected due to + wrong path variables" + ([!32](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/32) + by [christian.hueser.hzdr](https://gitlab.com/christian.hueser.hzdr)). + +## [0.4.0](https://gitlab.com/hifis/ansible/keepalived-role/-/releases/v0.4.0) - 2020-11-11 + +[List of commits](https://gitlab.com/hifis/ansible/keepalived-role/-/compare/v0.3.0...v0.4.0) + +### Added + +- Enable check-mode + ([!27](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/27) + by [Normo](https://gitlab.com/Normo)). + +## [0.3.0](https://gitlab.com/hifis/ansible/keepalived-role/-/releases/v0.3.0) - 2020-09-25 + +[List of commits](https://gitlab.com/hifis/ansible/keepalived-role/-/compare/v0.2.1...v0.3.0) + +### Changed + +- Enable keepalived process tracking + ([!19](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/19) + by [tobiashuste](https://gitlab.com/tobiashuste)). +- Make CI jobs interruptible to support auto-cancellation + ([!21](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/21) + by [tobiashuste](https://gitlab.com/tobiashuste)). +- Cache pipenv dependencies in .gitlab-ci.yml + ([!22](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/22) + by [tobiashuste](https://gitlab.com/tobiashuste)) + +### Fixed + +- Fix runtime directory not being available after reboot + ([!20](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/20) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.2.1](https://gitlab.com/hifis/ansible/keepalived-role/-/releases/v0.2.1) - 2020-08-20 + +[List of commits](https://gitlab.com/hifis/ansible/keepalived-role/-/compare/v0.2.0...v0.2.1) + +### Fixed + +- Fix mandatory variables check for `keepalived_virtual_ipaddress_configs` + ([!17](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/17) + by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.2.0](https://gitlab.com/hifis/ansible/keepalived-role/-/releases/v0.2.0) - 2020-08-18 + +[List of commits](https://gitlab.com/hifis/ansible/keepalived-role/-/compare/v0.1.0...v0.2.0) + +### Added + +- Optionally allow to specify multiple virtual IP addresses +([!16](https://gitlab.com/hifis/ansible/keepalived-role/-/merge_requests/16) +by [tobiashuste](https://gitlab.com/tobiashuste)). + +## [0.1.0](https://gitlab.com/hifis/ansible/keepalived-role/-/releases/v0.1.0) - 2020-08-14 + +### Added + +Initial release of the Ansible Keepalived Role. + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/roles/keepalived/README.md b/roles/keepalived/README.md new file mode 100644 index 0000000..178f677 --- /dev/null +++ b/roles/keepalived/README.md @@ -0,0 +1,339 @@ + + +# hifis.keepalived Role + +[![CI Status](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/keepalived.yml/badge.svg)](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/keepalived.yml) + +Ansible role to set up Keepalived in a high availability and scalability context. + +Currently [supported platforms](meta/main.yml) are: + +- Ubuntu 22.04 LTS +- Ubuntu 20.04 LTS + +## Requirements + +None. + +## Role Variables + +### Required variables which are not set by default + +#### Keepalived instance unicast peer IP addresses + +Set the unicast peer IP addresses of the Keepalived instance: + +```yaml +keepalived_unicast_peers: + - '192.168.33.15' + - '192.168.33.16' +``` + +#### Keepalived instance virtual IP address + +Set the virtual IP address of the Keepalived instance: + +```yaml +keepalived_virtual_ip_address: '192.168.33.100' +``` + +#### Optional: List of virtual IP address configs + +If you need to configure multiple virtual IP addresses you can define this +optional variable. This takes precedence over `keepalived_virtual_ip_address`. + +```yaml +keepalived_virtual_ipaddress_configs: + - "10.0.10.15 dev eth0" + - "10.0.11.15 dev eht1" +``` + +### All other Default Variables + +#### Keepalived version + +Variable to pin the Keepalived version to a certain value: + +```yaml +keepalived_version: '2.2.8' +``` + +#### List of dependencies of Keepalived + +List of Keepalived dependencies to be installed: + +```yaml +keepalived_dependencies: + - 'build-essential' + - 'curl' + - 'gcc' + - 'libssl-dev' + - 'libnl-3-dev' + - 'libnl-genl-3-dev' + - 'libsnmp-dev' +``` + +#### Keepalived executable path + +Path to the Keepalived executable: + +```yaml +keepalived_executable_path: '/usr/local/sbin/keepalived' +``` + +#### Keepalived Download URL + +URL from which Keepalived can be downloaded: + +```yaml +keepalived_download_url: 'https://www.keepalived.org/software/keepalived-{{ keepalived_version }}.tar.gz' +``` + +#### Keepalived configuration file template name + +Name of the template file for Keepalived configuration file + +```yaml +keepalived_conf_template: 'keepalived.conf.j2' +``` + +#### Keepalived configuration directory + +Directory which contains Keepalived configuration files: + +```yaml +keepalived_conf_dir: '/etc/keepalived' +``` + +#### Keepalived configuration file path + +Path to Keepalived configuration file: + +```yaml +keepalived_conf_file_path: '/etc/keepalived/keepalived.conf' +``` + +#### Keepalived sysconfig file path + +Path to Keepalived sysconfig file: + +```yaml +keepalived_sysconfig_file_path: "/etc/keepalived/keepalived.sysconfig" +``` + +#### Systemd service template file name + +Name of the template file for Systemd service: + +```yaml +keepalived_service_template: 'keepalived.service.j2' +``` + +#### Keepalived service file path + +Path to Keepalived service file: + +```yaml +keepalived_service_file_path: '/etc/systemd/system/keepalived.service' +``` + +#### Keepalived PID file path + +Path to the Keepalived PID file: + +```yaml +keepalived_pid_file_path: "/run/keepalived/keepalived.pid" +``` + +#### Configure notification email address + +Configure recipient of notification emails: + +```yaml +keepalived_notification_email: 'name@localhost' +``` + +#### Configure notification sender + +Configure sender of notification emails: + +```yaml +keepalived_notification_email_from: 'keepalived@localhost' +``` + +#### Configure SMTP Server + +Configure IP address or FQDN of SMTP server: + +```yaml +keepalived_smtp_server: '127.0.0.1' +``` + +#### Keepalived instance state MASTER or BACKUP + +Set the state of the Keepalived instance to MASTER or BACKUP: + +```yaml +keepalived_state: 'BACKUP' +``` + +#### Keepalived instance priority + +Set the priority of the Keepalived instance: + +```yaml +keepalived_priority: '99' +``` + +#### Keepalived maximum increased automatic priority + +Maximum priority to which Keepalived can automatically increase (must be in +range [0, 99] or -1 to disable): + +```yaml +keepalived_max_auto_priority: '99' +``` + +#### Keepalived instance router ID + +Set unique name of the Keepalived router: + +```yaml +keepalived_router_id: 'KEEPALIVED_2' +``` + +#### Keepalived instance weight + +Adjust the priority by this weight: + +```yaml +keepalived_weight: '0' +``` + +#### Keepalived instance unicast source IP address + +Set the unicast source IP address of the Keepalived instance: + +```yaml +keepalived_unicast_src_ip: '{{ ansible_default_ipv4.address }}' +``` + +#### Keepalived instance network interface + +Set network interface to which the floating IP address is associated: + +```yaml +keepalived_interface: "{{ ansible_default_ipv4.interface }}" +``` + +#### Keepalived instance virtual IP address and network interface + +Set the virtual IP address and network interface of the Keepalived instance: + +```yaml +keepalived_virtual_ipaddress_config: "{{ keepalived_virtual_ip_address }} dev {{ keepalived_interface }}" +``` + +#### Keepalived instance authentication password + +Set the authentication password of the Keepalived instance: + +```yaml +keepalived_auth_pass: 'changeme' +``` + +#### Enable script security + +Flag to enable script security to prevent script to run by root user +if any part of the path is writable by a non-root user: + +```yaml +keepalived_set_script_security_flag: true +``` + +#### User for executing Keepalived script + +Specify username to run Keepalived script under: + +```yaml +keepalived_script_user: 'haproxy' +``` + +#### Group for executing Keepalived script + +Specify groupname to run Keepalived script under: + +```yaml +keepalived_script_group: 'haproxy' +``` + +#### Flag to activate process tracking + +Activate process tracking in keepalived config: + +```yaml +keepalived_enable_process_tracking: true +``` + +#### Define which process shall be tracked + +```yaml +keepalived_track_process: 'haproxy' +``` + +#### Flag to activate a script to be executed + +Activate script that is executed by Keepalived: + +```yaml +keepalived_activate_script: false +``` + +#### Name of the script to be executed + +Specify the script name to be executed by Keepalived: + +```yaml +keepalived_script_name: 'chk_haproxy_process' +``` + +#### Command of the script to be executed + +Specify the command to be executed by Keepalived: + +```yaml +keepalived_script_command: '/usr/bin/killall -0 haproxy' +``` + +## Dependencies + +None. + +Note: This role is intended for use with, but not limited to, the +[hifis.haproxy](https://gitlab.com/hifis/ansible/haproxy-role) role. + +## Example Playbook + +```yaml +- hosts: loadbalancers + roles: + - role: hifis.toolkit.keepalived + vars: + keepalived_virtual_ip_address: '192.168.33.100' + keepalived_unicast_peers: + - '192.168.33.15' + - '192.168.33.16' +``` + +## License + +[Apache-2.0](LICENSES/Apache-2.0.txt) + +## Author Information + +This role was created by [HIFIS Software Services](https://www.hifis.net) diff --git a/roles/keepalived/defaults/main.yml b/roles/keepalived/defaults/main.yml new file mode 100644 index 0000000..7fb0575 --- /dev/null +++ b/roles/keepalived/defaults/main.yml @@ -0,0 +1,86 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- + +# Keepalived version +keepalived_version: "2.2.8" +# URL from which Keepalived can be downloaded +keepalived_download_url: "https://www.keepalived.org/software/keepalived-{{ keepalived_version }}.tar.gz" +# List of dependencies of Keepalived +keepalived_dependencies: + - "build-essential" + - "curl" + - "gcc" + - "libssl-dev" + - "libnl-3-dev" + - "libnl-genl-3-dev" + - "libsnmp-dev" + +# Path to Keepalived executable +keepalived_executable_path: "/usr/local/sbin/keepalived" + +# Name of the template file for Keepalived configuration file +keepalived_conf_template: "keepalived.conf.j2" + +# Folder for configuration files +keepalived_conf_dir: "/etc/keepalived" + +# Path to Keepalived configuration file +keepalived_conf_file_path: "{{ keepalived_conf_dir }}/keepalived.conf" + +# Path to Keepalived sysconfig file +keepalived_sysconfig_file_path: "{{ keepalived_conf_dir }}/keepalived.sysconfig" + +# Name of the template file for Systemd service +keepalived_service_template: "keepalived.service.j2" + +# Path to Keepalived service file +keepalived_service_file_path: "/etc/systemd/system/keepalived.service" + +# Directory for Keepalived PID file +keepalived_pid_file_path: "/run/keepalived/keepalived.pid" + + +# Configure notification email address +keepalived_notification_email: "name@localhost" +# Configure notification sender +keepalived_notification_email_from: "keepalived@localhost" +# Configure SMTP Server +keepalived_smtp_server: "127.0.0.1" +# Keepalived instance authentication password +keepalived_auth_pass: "changeme" +# Keepalived instance virtual router ID +keepalived_virtual_router_id: "51" +# Keepalived instance priority +keepalived_priority: "{{ '100' if keepalived_state == 'MASTER' else '99' }}" +# Keepalived instance state MASTER or BACKUP +keepalived_state: "MASTER" +# Keepalived instance network interface +keepalived_interface: "{{ ansible_default_ipv4.interface }}" +# Keepalived instance virtual IP address and network interface +keepalived_virtual_ipaddress_config: "{{ keepalived_virtual_ip_address }} dev {{ keepalived_interface }}" +# Keepalived instance unicast source IP address +keepalived_unicast_src_ip: "{{ ansible_default_ipv4.address }}" + +# Enable process tracking +keepalived_enable_process_tracking: true +# Define which process shall be tracked +keepalived_track_process: "haproxy" + +# Flag to activate a script to be executed +keepalived_activate_script: false +# User for executing Keepalived script +keepalived_script_user: "haproxy" +# Group for executing Keepalived script +keepalived_script_group: "haproxy" +# Name of the script to be executed +keepalived_script_name: "chk_haproxy_process" +# Command of the script to be executed +keepalived_script_command: "/usr/bin/killall -0 haproxy" +# Enable script security +keepalived_set_script_security_flag: true + +... diff --git a/roles/keepalived/handlers/main.yml b/roles/keepalived/handlers/main.yml new file mode 100644 index 0000000..dd446d4 --- /dev/null +++ b/roles/keepalived/handlers/main.yml @@ -0,0 +1,24 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- + +- name: "Restart Keepalived" + become: true + ansible.builtin.service: + name: "keepalived" + state: "restarted" + daemon_reload: true + when: "not initial_dry_run" + +- name: "Reload Keepalived" + become: true + ansible.builtin.service: + name: "keepalived" + state: "reloaded" + daemon_reload: true + when: "not initial_dry_run" + +... diff --git a/roles/keepalived/meta/main.yml b/roles/keepalived/meta/main.yml new file mode 100644 index 0000000..cce39f1 --- /dev/null +++ b/roles/keepalived/meta/main.yml @@ -0,0 +1,33 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- + +galaxy_info: + role_name: "keepalived" + namespace: "hifis" + author: "HIFIS Software Team" + description: "A role to set up Keepalived in a high availability and scalability context." + company: "Helmholtz Association" + + issue_tracker_url: "https://github.com/hifis-net/ansible-collection-toolkit/issues" + + license: "Apache-2.0" + min_ansible_version: "2.14" + + platforms: + - name: "Ubuntu" + versions: + - "focal" + - "jammy" + + galaxy_tags: + - "keepalived" + - "vrrp" + - "networking" + +dependencies: [] + +... diff --git a/roles/keepalived/tasks/main.yml b/roles/keepalived/tasks/main.yml new file mode 100644 index 0000000..e702c25 --- /dev/null +++ b/roles/keepalived/tasks/main.yml @@ -0,0 +1,166 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +--- + +- name: "Check that all mandatory variables are defined." + ansible.builtin.assert: + that: + - "keepalived_unicast_peers is defined" + - "keepalived_virtual_ip_address is defined or keepalived_virtual_ipaddress_configs is defined" + fail_msg: "Some mandatory variables are not set." + success_msg: "All mandatory variables are set." + +- name: "Install dependencies for Keepalived." + become: true + ansible.builtin.package: + name: "{{ keepalived_dependencies }}" + state: "present" + update_cache: true + +- name: "Create Keepalived Configuration Directory." + become: true + ansible.builtin.file: + path: "{{ keepalived_conf_dir }}" + state: "directory" + owner: "root" + group: "root" + mode: "0755" + +- name: "Check whether Keepalived binary is installed." + ansible.builtin.stat: + path: "{{ keepalived_executable_path }}" + register: "keepalived_installed" + +- name: "Determine if this is an initial dry-run" + ansible.builtin.set_fact: + initial_dry_run: "{{ ansible_check_mode and not keepalived_installed.stat.exists }}" + +- name: "Get Keepalived version." + ansible.builtin.command: + cmd: "{{ keepalived_executable_path }} --version" + register: "keepalived_version_installed" + when: "keepalived_installed.stat.exists" + changed_when: false + check_mode: false + +- name: "Put value of installed version into an Ansible fact." + ansible.builtin.set_fact: + installed_keepalived_version: "{{ keepalived_version_installed.stderr | regex_search('^Keepalived v(\\d+\\.\\d+\\.\\d+)', '\\1') | first }}" + when: "keepalived_installed.stat.exists" + +- name: "Output version strings of installed and to be installed Keepalived." + ansible.builtin.debug: + msg: "Installed version: {{ installed_keepalived_version }}, version to be installed: {{ keepalived_version }}." + when: "installed_keepalived_version is defined" + +- name: "Check if both version strings are equal." + ansible.builtin.set_fact: + is_keepalived_version_equal: "{{ installed_keepalived_version is version(keepalived_version, operator='==', strict=True) }}" + when: "keepalived_installed.stat.exists" + +- name: "Continue with installing Keepalived if Keepalived is not already installed or versions are not equal." + when: "not keepalived_installed.stat.exists or not is_keepalived_version_equal" + block: + + - name: "Create temporary Keepalived build directory." + become: true + ansible.builtin.tempfile: + state: "directory" + prefix: "keepalived-{{ keepalived_version }}_" + register: "tempdir" + check_mode: false + + - name: "Store temporary build directory path" + ansible.builtin.set_fact: + keepalived_build_dir: "{{ tempdir.path }}" + + - name: "Download and extract keepalived archive." + become: true + ansible.builtin.unarchive: + src: "{{ keepalived_download_url }}" + dest: "{{ keepalived_build_dir }}" + remote_src: true + extra_opts: + - "--strip-components=1" + owner: "root" + group: "root" + mode: "0755" + + - name: "Configure Keepalived to be build." + become: true + ansible.builtin.command: "./configure" + args: + chdir: "{{ keepalived_build_dir }}" + changed_when: true + + - name: "Build Keepalived from source." + become: true + community.general.make: + chdir: "{{ keepalived_build_dir }}" + when: "not initial_dry_run" + + - name: "Install Keepalived binaries." + become: true + community.general.make: + chdir: "{{ keepalived_build_dir }}" + target: "install" + notify: "Restart Keepalived" + when: "not initial_dry_run" + + - name: "Copy Keepalived sysconfig file" + become: true + ansible.builtin.copy: + src: "{{ keepalived_build_dir }}/keepalived/etc/sysconfig/keepalived" + dest: "{{ keepalived_sysconfig_file_path }}" + owner: "root" + group: "root" + mode: "0644" + remote_src: true + when: "not ansible_check_mode" + always: + - name: "Remove temporary build directory" + become: true + ansible.builtin.file: + path: "{{ keepalived_build_dir }}" + state: "absent" + check_mode: false + +- name: "Create Configuration File." + become: true + ansible.builtin.template: + src: "{{ keepalived_conf_template }}" + dest: "{{ keepalived_conf_file_path }}" + owner: "root" + group: "root" + mode: "0644" + notify: "Reload Keepalived" + +- name: "Verify Keepalived configuration." + become: true + ansible.builtin.command: + cmd: "{{ keepalived_executable_path | quote }} --config-test {{ keepalived_conf_file_path | quote }}" + register: "config_check" + changed_when: "config_check.rc != 0" + +- name: "Create Keepalived Service Unit File." + ansible.builtin.template: + src: "{{ keepalived_service_template }}" + dest: "{{ keepalived_service_file_path }}" + owner: "root" + group: "root" + mode: "0644" + notify: "Restart Keepalived" + +- name: "Start Keepalived Systemd Service." + become: true + ansible.builtin.service: + name: "keepalived" + state: "started" + enabled: true + daemon_reload: true + when: "not initial_dry_run" + +... diff --git a/roles/keepalived/templates/keepalived.conf.j2 b/roles/keepalived/templates/keepalived.conf.j2 new file mode 100644 index 0000000..fe03484 --- /dev/null +++ b/roles/keepalived/templates/keepalived.conf.j2 @@ -0,0 +1,91 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +global_defs { +{% if keepalived_activate_script %} + script_user {{ keepalived_script_user }} {{ keepalived_script_group }} +{% endif %} +{% if keepalived_set_script_security_flag %} + enable_script_security +{% endif %} + notification_email { + {{ keepalived_notification_email }} + } + notification_email_from {{ keepalived_notification_email_from }} + smtp_server {{ keepalived_smtp_server }} + smtp_connect_timeout 30 +{% if keepalived_router_id is defined %} + router_id {{ keepalived_router_id }} +{% endif %} +{% if keepalived_max_auto_priority is defined %} + max_auto_priority {{ keepalived_max_auto_priority }} +{% endif %} +} + +{% if keepalived_enable_process_tracking %} +vrrp_track_process {{ keepalived_track_process }} { + process {{ keepalived_track_process }} +{% if keepalived_weight is defined %} + weight {{ keepalived_weight }} +{% endif %} + quorum 1 + delay 2 +} +{% endif %} + +{% if keepalived_activate_script %} +vrrp_script {{ keepalived_script_name }} { + script "{{ keepalived_script_command }}" + interval 2 +{% if keepalived_weight is defined %} + weight {{ keepalived_weight }} +{% endif %} +} +{% endif %} + +vrrp_instance VI_1 { + + interface {{ keepalived_interface }} + state {{ keepalived_state }} + priority {{ keepalived_priority }} + + virtual_router_id {{ keepalived_virtual_router_id }} + unicast_src_ip {{ keepalived_unicast_src_ip }} + unicast_peer { +{% for keepalived_unicast_peer in keepalived_unicast_peers %} + {{ keepalived_unicast_peer }} +{% endfor %} + } + + virtual_ipaddress { +{% if keepalived_virtual_ipaddress_configs is defined %} +{% for config in keepalived_virtual_ipaddress_configs %} + {{ config }} +{% endfor %} +{% else %} + {{ keepalived_virtual_ipaddress_config }} +{% endif %} + } + + authentication { + auth_type PASS + auth_pass {{ keepalived_auth_pass }} + } + +{% if keepalived_enable_process_tracking %} + track_process { + {{ keepalived_track_process }} + } +{% endif %} + +{% if keepalived_activate_script %} + track_script { + {{ keepalived_script_name }} + } +{% endif %} + + smtp_alert + +} diff --git a/roles/keepalived/templates/keepalived.service.j2 b/roles/keepalived/templates/keepalived.service.j2 new file mode 100644 index 0000000..da90407 --- /dev/null +++ b/roles/keepalived/templates/keepalived.service.j2 @@ -0,0 +1,21 @@ +# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ) +# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR) +# +# SPDX-License-Identifier: Apache-2.0 + +[Unit] +Description=LVS and VRRP High Availability Monitor +After=network-online.target syslog.target +Wants=network-online.target + +[Service] +Type=forking +RuntimeDirectory=keepalived +PIDFile={{ keepalived_pid_file_path }} +KillMode=process +EnvironmentFile=-{{ keepalived_sysconfig_file_path }} +ExecStart={{ keepalived_executable_path }} -p {{ keepalived_pid_file_path }} $KEEPALIVED_OPTIONS +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target