diff --git a/library/roles/keepalived/tasks/main.yml b/library/roles/keepalived/tasks/main.yml index b011fe69..da47b165 100644 --- a/library/roles/keepalived/tasks/main.yml +++ b/library/roles/keepalived/tasks/main.yml @@ -10,6 +10,12 @@ - name: Install the user that the keepalived scripts will run under user: name={{ keepalived_script_username }} home={{ keepalived_script_user_home }} createhome=no shell=/usr/sbin/nologin system=yes + tags: keepalived + when: + - keepalived_install | bool + - ansible_distribution_file_variety == "Debian" + +- block: - name: Create the keepalive script user directory file: dest={{ keepalived_script_user_home }} state=directory owner={{ keepalived_script_username }} group={{ keepalived_script_username }} mode=0750 @@ -33,7 +39,7 @@ sysctl_set: yes sysctl_file: /etc/sysctl.d/90-keepalived value: 1 - when: keepalived_non_local_bind + when: keepalived_non_local_bind | bool - name: Disable the kernel net.ipv4.ip_nonlocal_bind sysctl if not needed sysctl: @@ -43,18 +49,18 @@ sysctl_set: yes sysctl_file: /etc/sysctl.d/90-keepalived value: 1 - when: not keepalived_non_local_bind + when: not keepalived_non_local_bind | bool - name: Ensure that keepalived is started and enabled service: name=keepalived state=started enabled=yes - when: keepalived_enabled + when: keepalived_enabled | bool - name: Ensure that keepalived is stopped and disabled service: name=keepalived state=stopped enabled=no - when: not keepalived_enabled + when: not keepalived_enabled | bool - tags: keepalived - when: keepalived_install + tags: [ 'keepalived', 'keepalived_conf' ] + when: keepalived_install | bool - block: - name: Install the keepalived NRPE nagios check @@ -67,8 +73,8 @@ tags: keepalived when: - - keepalived_install - - keepalived_nagios_check + - keepalived_install | bool + - keepalived_nagios_check | bool - block: - name: Remove the keepalived package if we do not want it @@ -86,5 +92,5 @@ file: dest={{ nrpe_include_dir }}/keepalived-nrpe.cfg state=absent tags: keepalived - when: not keepalived_install + when: not keepalived_install | bool diff --git a/library/roles/keepalived/templates/keepalived.conf.j2 b/library/roles/keepalived/templates/keepalived.conf.j2 index 4e8f85e1..1a1dcb1a 100644 --- a/library/roles/keepalived/templates/keepalived.conf.j2 +++ b/library/roles/keepalived/templates/keepalived.conf.j2 @@ -1,10 +1,13 @@ global_defs { - {% if keepalived_enable_script_security %} +{% if keepalived_enable_script_security %} enable_script_security +{% if ansible_distribution_file_variety == "Debian" and ansible_distribution_major_version == '18' %} + script_user root +{% else %} script_user {{ keepalived_script_username }} - - {% endif %} +{% endif %} +{% endif %} } {% for script in keepalived_scripts %} @@ -22,9 +25,13 @@ vrrp_script {{ script.name }} { vrrp_instance {{ instance.name }} { interface {{ instance.interface }} {% if instance.state is defined %} + {% if instance.nopreempt is defined and instance.nopreempt %} + state BACKUP + {% else %} state {{ instance.state }} + {% endif %} {% endif %} virtual_router_id {{ instance.vrouter_id }} priority {{ instance.priority }} diff --git a/library/roles/keepalived/templates/keepalived_check_service_status.sh.j2 b/library/roles/keepalived/templates/keepalived_check_service_status.sh.j2 index 5f8bba67..1955f423 100644 --- a/library/roles/keepalived/templates/keepalived_check_service_status.sh.j2 +++ b/library/roles/keepalived/templates/keepalived_check_service_status.sh.j2 @@ -1,4 +1,18 @@ -!#/bin/bash +#!/bin/bash +{% if ansible_distribution_file_variety == "Debian" and ansible_distribution_major_version == '18' %} +am_i_master=$( grep MASTER /var/lib/keepalived/keepalive.state ) +keepalive_master=$? + +if [ $keepalive_master -eq 0 ] ; then +{% for instance in keepalived_instances %} +{% for addr in instance.v_addr %} + float_ip=$( ip addr show | grep {{ addr }} ) + retval=$? + [ $retval -eq 1 ] && /bin/systemctl restart keepalived +{% endfor %} +{% endfor %} +fi +{% endif %} {{ keepalived_script1_check }}