Initial import

6 files changed, 88 insertions, 0 deletions

diff --git a/roles/keepalived/.gitignore b/roles/keepalived/.gitignore
new file mode 100644
index 0000000..aa16e10
--- /dev/null
+++ b/roles/keepalived/.gitignore
@@ -0,0 +1,2 @@
+.DS_Store/*
+.vagrant/*
diff --git a/roles/keepalived/README b/roles/keepalived/README
new file mode 100644
index 0000000..956dbcb
--- /dev/null
+++ b/roles/keepalived/README
@@ -0,0 +1,13 @@
+Dependencies:
+ - Run on OpenShift master nodes
+
+Parameters:
+ - keepalived_vips: List of Virtual IPs
+ - keepalived_iface: Network interface
+ 
+Facts:
+
+Actions:
+ - Sets up and configures keepalived daemon
+ - Configures sysctl and firewall
+
diff --git a/roles/keepalived/defaults/main.yml b/roles/keepalived/defaults/main.yml
new file mode 100644
index 0000000..a7087b0
--- /dev/null
+++ b/roles/keepalived/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+keepalived_vips: "{{ ands_ipfailover_vips | default([]) }}"
+keepalived_iface: "{{ ands_ipfailover_interface | default('eth0') }}"
+
+keepalived_master_prio: 80
+keepalived_backup_prio: 20
+keepalived_check_interval: 5
+
+keepalived_password: "{{ ands_secrets.keepalived }}"
+
+keepalived_node_id: "{{ play_hosts.index(inventory_hostname) }}"
+keepalived_num_nodes: "{{ play_hosts | length }}"
diff --git a/roles/keepalived/handlers/main.yml b/roles/keepalived/handlers/main.yml
new file mode 100644
index 0000000..2ac9fe3
--- /dev/null
+++ b/roles/keepalived/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart keepalived
+  service: name=keepalived state=restarted
diff --git a/roles/keepalived/tasks/main.yml b/roles/keepalived/tasks/main.yml
new file mode 100644
index 0000000..771faa7
--- /dev/null
+++ b/roles/keepalived/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: Install keepalived 
+  yum: name=keepalived state=present
+  notify: restart keepalived
+
+- name: Configure net.ipv4.ip_nonlocal_bind with sysctl
+  sysctl: name="net.ipv4.ip_nonlocal_bind"  value=1 state=present sysctl_set=yes
+
+- name: Ensure firewalld is running
+  service: name=firewalld state=started enabled=yes
+
+- name: Configure firewalld
+  firewalld: rich_rule="rule protocol value=vrrp accept" state="enabled" permanent="true" immediate="true"
+
+- name: Install configuration
+  template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf owner=root group=root mode=0600
+  tags: keepalived
+  notify: restart keepalived
+
+- name: Start keepalived
+  service: name=keepalived state=running
+  tags: keepalived
diff --git a/roles/keepalived/templates/keepalived.conf.j2 b/roles/keepalived/templates/keepalived.conf.j2
new file mode 100644
index 0000000..8d9a580
--- /dev/null
+++ b/roles/keepalived/templates/keepalived.conf.j2
@@ -0,0 +1,36 @@
+global_defs {
+}
+
+vrrp_script track {
+    script "[ -f /etc/keepalived/track.sh ] || exit 0 && /etc/keepalived/track.sh"
+    interval {{ keepalived_check_interval }}
+}
+
+{% for vips in keepalived_vips  %}
+{% set id = (  vips | ipaddr('address') | regex_replace('^.*\.', '') ) %}
+
+vrrp_instance VI_{{ loop.index }} {
+
+    virtual_router_id {{ id }}
+
+    state {{ (( ( loop.index - 1) % (keepalived_num_nodes | int) ) == (keepalived_node_id | int) ) | ternary('MASTER', 'BACKUP') }}
+    state {{ (( ( loop.index - 1) % (keepalived_num_nodes | int) ) == (keepalived_node_id | int) ) | ternary(keepalived_master_prio, keepalived_backup_prio) }}
+
+    interface {{ keepalived_iface }}
+
+    virtual_ipaddress {
+        {{ vips }} dev {{ keepalived_iface }} 
+    }
+    
+    advert_int 1
+
+    authentication {
+        auth_type PASS
+        auth_pass {{ keepalived_password }}
+    }
+
+    track_script {
+        track
+    }
+}
+{% endfor %}