From a6bbd67e1cbdf2fdce8c8af4971b1b3544f49529 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 9 Dec 2019 14:04:10 +0100 Subject: [PATCH] keepalived: fix the default service check and the destination of the status file. --- library/roles/keepalived/defaults/main.yml | 10 ++++-- library/roles/keepalived/tasks/main.yml | 34 ++++++++++++------- .../keepalived_check_service_status.sh.j2 | 5 +++ .../templates/keepalived_notify.sh.j2 | 10 +++--- 4 files changed, 39 insertions(+), 20 deletions(-) create mode 100644 library/roles/keepalived/templates/keepalived_check_service_status.sh.j2 diff --git a/library/roles/keepalived/defaults/main.yml b/library/roles/keepalived/defaults/main.yml index 7a24eff..e0a286d 100644 --- a/library/roles/keepalived/defaults/main.yml +++ b/library/roles/keepalived/defaults/main.yml @@ -17,20 +17,26 @@ keepalived_unicast_peer_ip: - 127.0.0.2 keepalived_mcast_addr: 224.0.0.0/8 keepalived_floating_ip1: 127.0.0.1 -keepalived_script1_name: chk_haproxy +keepalived_script1_name: keepalived_check_service_status +# We set haproxy as the default because most of our keepalived use is haproxy related +keepalived_service_to_check: 'haproxy' +keepalived_script1_check: '/bin/pidof {{ keepalived_service_to_check }}' keepalived_inst_priority: 100 keepalived_vrouter_id: 51 keepalived_non_local_bind: True keepalived_enable_script_security: True keepalived_script_username: keepalived_script +keepalived_script_user_home: '/var/lib/keepalived' keepalived_nagios_check: False keepalived_notify_script: /usr/local/bin/keepalived_notify +keepalived_check_script: '/usr/local/bin/{{ keepalived_script1_name }}' +# The service must install its own script if it is too complex to be managed by the provided one keepalived_scripts: - name: '{{ keepalived_script1_name }}' - script: 'killall -0 haproxy' + script: '{{ keepalived_check_script }}' # In seconds interval: 2 # Priority increment diff --git a/library/roles/keepalived/tasks/main.yml b/library/roles/keepalived/tasks/main.yml index b76a6fa..b011fe6 100644 --- a/library/roles/keepalived/tasks/main.yml +++ b/library/roles/keepalived/tasks/main.yml @@ -8,12 +8,19 @@ apt: name={{ keepalived_pkgs }} state={{ keepalived_pkg_state }} cache_valid_time=1800 - name: Install the user that the keepalived scripts will run under - user: name={{ keepalived_script_username }} home=/var/lib/keepalived createhome=no shell=/usr/sbin/nologin system=yes + user: name={{ keepalived_script_username }} home={{ keepalived_script_user_home }} createhome=no shell=/usr/sbin/nologin system=yes + + - name: Create the keepalive script user directory + file: dest={{ keepalived_script_user_home }} state=directory owner={{ keepalived_script_username }} group={{ keepalived_script_username }} mode=0750 - name: Install the keepalived configuration template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf owner=root group=root mode=0600 notify: restart keepalived + - name: Install the keepalived default check script + template: src=keepalived_check_service_status.sh.j2 dest=/usr/local/bin/keepalived_check_service_status owner=root group=root mode=0755 + notify: restart keepalived + - name: Install the keepalived notify scripts template: src=keepalived_notify.sh.j2 dest={{ item.notify }} owner=root group={{ keepalived_script_username }} mode=0754 with_items: '{{ keepalived_instances }}' @@ -38,16 +45,6 @@ value: 1 when: not keepalived_non_local_bind - - name: Install the keepalived NRPE nagios check - copy: src=check_keepalived_state dest={{ nagios_plugins_dir }}/check_keepalived_state owner=root group=root mode=0555 - with_items: '{{ keepalived_instances }}' - when: keepalived_nagios_check - - - name: Install the keepalived NRPE command configuration - template: src=keepalived-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/keepalived-nrpe.cfg owner=root group=root mode=0444 - notify: Reload NRPE server - when: keepalived_nagios_check - - name: Ensure that keepalived is started and enabled service: name=keepalived state=started enabled=yes when: keepalived_enabled @@ -59,6 +56,20 @@ tags: keepalived when: keepalived_install +- block: + - name: Install the keepalived NRPE nagios check + copy: src=check_keepalived_state dest={{ nagios_plugins_dir }}/check_keepalived_state owner=root group=root mode=0555 + with_items: '{{ keepalived_instances }}' + + - name: Install the keepalived NRPE command configuration + template: src=keepalived-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/keepalived-nrpe.cfg owner=root group=root mode=0444 + notify: Reload NRPE server + + tags: keepalived + when: + - keepalived_install + - keepalived_nagios_check + - block: - name: Remove the keepalived package if we do not want it apt: name={{ keepalived_pkgs }} state=absent @@ -73,7 +84,6 @@ - name: Remove the keepalived NRPE command configuration file: dest={{ nrpe_include_dir }}/keepalived-nrpe.cfg state=absent - notify: Reload NRPE server tags: keepalived when: not keepalived_install diff --git a/library/roles/keepalived/templates/keepalived_check_service_status.sh.j2 b/library/roles/keepalived/templates/keepalived_check_service_status.sh.j2 new file mode 100644 index 0000000..5f8bba6 --- /dev/null +++ b/library/roles/keepalived/templates/keepalived_check_service_status.sh.j2 @@ -0,0 +1,5 @@ +!#/bin/bash + +{{ keepalived_script1_check }} + +exit $? diff --git a/library/roles/keepalived/templates/keepalived_notify.sh.j2 b/library/roles/keepalived/templates/keepalived_notify.sh.j2 index a3e4b75..6654c17 100644 --- a/library/roles/keepalived/templates/keepalived_notify.sh.j2 +++ b/library/roles/keepalived/templates/keepalived_notify.sh.j2 @@ -1,8 +1,9 @@ #!/bin/bash # -# echo $1 $2 is in $3 state > /var/run/keepalive.state +# echo $1 $2 is in $3 state > /var/lib/keepalived/keepalive.state # -export PATH="/sbin:/usr/sbin:/bin:/usr/bin:$PATH" +umask 022 +export PATH="/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:$PATH" TYPE=$1 NAME=$2 STATE=$3 @@ -12,10 +13,7 @@ RETVAL=0 {{ keepalived_notify_extra_params }} {% endif %} - -{% if keepalived_nagios_check %} -echo "$TYPE $NAME is in $STATE state" > /var/run/keepalive.state -{% endif %} +echo "$TYPE $NAME is in $STATE state" > {{ keepalived_script_user_home }}/keepalive.state exit $RETVAL