Vendor Galaxy Roles and Collections

ansible_collections/debops/debops/roles/keepalived/COPYRIGHT

@@ -0,0 +1,19 @@
+debops.keepalived - Manage keepalived service using Ansible
+
+Copyright (C) 2022 Maciej Delmanowski <drybjed@gmail.com>
+Copyright (C) 2022 DebOps <https://debops.org/>
+SPDX-License-Identifier: GPL-3.0-or-later
+
+This Ansible role is part of DebOps.
+
+DebOps is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License version 3, as
+published by the Free Software Foundation.
+
+DebOps is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with DebOps. If not, see https://www.gnu.org/licenses/.

ansible_collections/debops/debops/roles/keepalived/defaults/main.yml

@@ -0,0 +1,214 @@
+---
+# .. vim: foldmarker=[[[,]]]:foldmethod=marker
+
+# .. Copyright (C) 2022 Maciej Delmanowski <drybjed@gmail.com>
+# .. Copyright (C) 2022 DebOps <https://debops.org/>
+# .. SPDX-License-Identifier: GPL-3.0-or-later
+
+# .. _keepalived__ref_defaults:
+
+# debops.keepalived default variables
+# ===================================
+
+# .. contents:: Sections
+#    :local:
+#
+# .. include:: ../../../../includes/global.rst
+
+
+# APT packages [[[
+# ----------------
+
+# .. envvar:: keepalived__base_packages [[[
+#
+# List of base APT packages required for the :command:`keepalived` service.
+keepalived__base_packages: [ 'keepalived' ]
+
+                                                                   # ]]]
+# .. envvar:: keepalived__packages [[[
+#
+# List of additional APT packages which should be installed with the
+# :command:`keepalived` service.
+keepalived__packages: []
+                                                                   # ]]]
+                                                                   # ]]]
+# Ansible hostgroup configuration [[[
+# -----------------------------------
+
+# .. envvar:: keepalived__host_group [[[
+#
+# Name of the Ansible inventory host group which should be used by the role to
+# determine number of :command:`keepalived` nodes included in a given cluster.
+keepalived__host_group: 'debops_service_keepalived'
+
+                                                                   # ]]]
+# .. envvar:: keepalived__host_count [[[
+#
+# Number of :command:`keepalived` nodes in the current cluster -1 to keep it
+# synced with the group index which starts at 0. This number can be used in
+# :command:`keepalived` configuration options in calculations that use maximum
+# number of cluster nodes.
+keepalived__host_count: '{{ (groups[keepalived__host_group] | count - 1) }}'
+
+                                                                   # ]]]
+# .. envvar:: keepalived__host_index [[[
+#
+# Number of the current host in the :command:`keepalived` cluster starting from 0.
+# This number is based on the order of hosts specified in the
+# :envvar:`keepalived__host_group` Ansible inventory group and will change if
+# that group is modified. The index number can be used in the service
+# configuration for priority configuration options.
+keepalived__host_index: '{{ groups[keepalived__host_group].index(inventory_hostname) }}'
+                                                                   # ]]]
+                                                                   # ]]]
+# Firewall configuration [[[
+# --------------------------
+
+# .. envvar:: keepalived__allow [[[
+#
+# List of IP addresses or subnets that are allowed to sent VRRP packets to the
+# :command:`keepalived` service through the firewall, configured on all hosts
+# in the Ansible inventory. If the list is empty, service will not receive any
+# VRRP communication.
+keepalived__allow: []
+
+                                                                   # ]]]
+# .. envvar:: keepalived__group_allow [[[
+#
+# List of IP addresses or subnets that are allowed to sent VRRP packets to the
+# :command:`keepalived` service through the firewall, configured on hosts in
+# a specific Ansible inventory group. If the list is empty, service will not
+# receive any VRRP communication.
+keepalived__group_allow: []
+
+                                                                   # ]]]
+# .. envvar:: keepalived__host_allow [[[
+#
+# List of IP addresses or subnets that are allowed to sent VRRP packets to the
+# :command:`keepalived` service through the firewall, configured on specific
+# hosts in the Ansible inventory. If the list is empty, service will not
+# receive any VRRP communication.
+keepalived__host_allow: []
+                                                                   # ]]]
+                                                                   # ]]]
+# The :command:`keepalived` service configuration [[[
+# ---------------------------------------------------
+
+# These variables define the contents of the
+# :file:`/etc/keepalived/keepalived.conf` configuration file.
+# See :ref:`keepalived__ref_configuration` for more details.
+
+# .. envvar:: keepalived__default_configuration [[[
+#
+# List of :command:`keepalived` configuration entries defined by the role by
+# default.
+keepalived__default_configuration:
+
+  - name: 'global_defs'
+    raw: |
+      global_defs {
+          process_names
+          router_id {{ ansible_hostname }}
+      }
+    state: 'present'
+
+                                                                   # ]]]
+# .. envvar:: keepalived__configuration [[[
+#
+# List of :command:`keepalived` configuration entries which should be present
+# on all hosts in the Ansible inventory.
+keepalived__configuration: []
+
+                                                                   # ]]]
+# .. envvar:: keepalived__group_configuration [[[
+#
+# List of :command:`keepalived` configuration entries which should be present
+# on hosts in a specific Ansible inventory group.
+keepalived__group_configuration: []
+
+                                                                   # ]]]
+# .. envvar:: keepalived__host_configuration [[[
+#
+# List of :command:`keepalived` configuration entries which should be present
+# on specific hosts in the Ansible inventory.
+keepalived__host_configuration: []
+
+                                                                   # ]]]
+# .. envvar:: keepalived__combined_configuration [[[
+#
+# Variable which combines all :command:`keepalived` configuration entries and
+# is used in role tasks and templates.
+keepalived__combined_configuration: '{{ keepalived__default_configuration
+                                        + keepalived__configuration
+                                        + keepalived__group_configuration
+                                        + keepalived__host_configuration }}'
+                                                                   # ]]]
+                                                                   # ]]]
+# Custom scripts and auxiliary files [[[
+# --------------------------------------
+
+# These variables can be used to add custom files (scripts, private keys,
+# certificates) in the :file:`/etc/keepalived/` directory on the remote hosts.
+# See :ref:`keepalived__ref_scripts` for more details.
+
+# .. envvar:: keepalived__scripts [[[
+#
+# Custom scripts or files which should be configured on all hosts in the
+# Ansible inventory.
+keepalived__scripts: []
+
+                                                                   # ]]]
+# .. envvar:: keepalived__group_scripts [[[
+#
+# Custom scripts or files which should be configured on hosts in a specific
+# Ansible inventory group.
+keepalived__group_scripts: []
+
+                                                                   # ]]]
+# .. envvar:: keepalived__host_scripts [[[
+#
+# Custom scripts or files which should be configured on specific hosts in the
+# Ansible inventory.
+keepalived__host_scripts: []
+                                                                   # ]]]
+                                                                   # ]]]
+# Configuration for other Ansible roles [[[
+# -----------------------------------------
+
+# .. envvar:: keepalived__sysctl__dependent_parameters [[[
+#
+# Configuration for the :ref:`debops.sysctl` Ansible role.
+keepalived__sysctl__dependent_parameters:
+
+  - name: 'keepalived'
+    weight: '80'
+    options:
+
+      - name: 'net.ipv4.ip_nonlocal_bind'
+        comment: |
+          This parameter allows processes to bind to IPv4 addresses that are
+          not local to permit failover.
+        value: 1
+
+      - name: 'net.ipv6.ip_nonlocal_bind'
+        comment: |
+          This parameter allows processes to bind to IPv6 addresses that are
+          not local to permit failover.
+        value: 1
+
+                                                                   # ]]]
+# .. envvar:: keepalived__ferm__dependent_rules [[[
+#
+# Configuration for the :ref:`debops.ferm` Ansible role.
+keepalived__ferm__dependent_rules:
+
+  - name: 'accept_vrrp_keepalived'
+    type: 'accept'
+    protocol: 'vrrp'
+    saddr: '{{ keepalived__allow + keepalived__group_allow + keepalived__host_allow }}'
+    daddr: [ '224.0.0.18', 'ff02::12' ]
+    accept_any: False
+    weight: '50'
+    by_role: 'debops.keepalived'
+                                                                   # ]]]
+                                                                   # ]]]

ansible_collections/debops/debops/roles/keepalived/meta/main.yml

@@ -0,0 +1,29 @@
+---
+# Copyright (C) 2022 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2022 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Ensure that custom Ansible plugins and modules included in the main DebOps
+# collection are available to roles in other collections.
+collections: [ 'debops.debops' ]
+
+dependencies: []
+
+galaxy_info:
+
+  author: 'Maciej Delmanowski'
+  description: 'Manage keepalived service'
+  company: 'DebOps'
+  license: 'GPL-3.0-or-later'
+  min_ansible_version: '2.9.0'
+  platforms:
+    - name: Ubuntu
+      versions:
+        - all
+    - name: Debian
+      versions:
+        - all
+  galaxy_tags:
+    - keepalived
+    - clustering
+    - failover

ansible_collections/debops/debops/roles/keepalived/tasks/main.yml

@@ -0,0 +1,66 @@
+---
+# Copyright (C) 2022 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2022 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- name: Import DebOps global handlers
+  ansible.builtin.import_role:
+    name: 'global_handlers'
+
+- name: Import DebOps secret role
+  ansible.builtin.import_role:
+    name: 'secret'
+
+- name: Install required packages
+  ansible.builtin.package:
+    name: '{{ q("flattened", (keepalived__base_packages
+                              + keepalived__packages)) }}'
+    state: 'present'
+  register: keepalived__register_packages
+  until: keepalived__register_packages is succeeded
+
+- name: Make sure that Ansible local facts directory exists
+  ansible.builtin.file:
+    path: '/etc/ansible/facts.d'
+    state: 'directory'
+    mode: '0755'
+
+- name: Save keepalived local facts
+  ansible.builtin.template:
+    src: 'etc/ansible/facts.d/keepalived.fact.j2'
+    dest: '/etc/ansible/facts.d/keepalived.fact'
+    mode: '0755'
+  notify: [ 'Refresh host facts' ]
+  tags: [ 'meta::facts' ]
+
+- name: Update Ansible facts if they were modified
+  ansible.builtin.meta: 'flush_handlers'
+
+- name: Remove custom scripts from remote hosts if requested
+  ansible.builtin.file:
+    path: '{{ "/etc/keepalived/" + (item.dest | d(item.name)) }}'
+    state: 'absent'
+  loop: '{{ q("flattened", keepalived__scripts
+                           + keepalived__group_scripts
+                           + keepalived__host_scripts) }}'
+  when: item.state | d('present') == 'absent'
+
+- name: Copy custom scripts to remote hosts
+  ansible.builtin.copy:
+    src: '{{ item.src | d(omit) }}'
+    dest: '{{ "/etc/keepalived/" + (item.dest | d(item.name)) }}'
+    content: '{{ item.content | d(omit) }}'
+    owner: '{{ item.owner | d("root") }}'
+    group: '{{ item.group | d("root") }}'
+    mode: '{{ item.mode | d("0755") }}'
+  loop: '{{ q("flattened", keepalived__scripts
+                           + keepalived__group_scripts
+                           + keepalived__host_scripts) }}'
+  when: item.state | d('present') not in ['absent', 'ignore']
+
+- name: Generate keepalive configuration file
+  ansible.builtin.template:
+    src: 'etc/keepalived/keepalived.conf.j2'
+    dest: '/etc/keepalived/keepalived.conf'
+    mode: '0640'
+  notify: [ 'Check keepalived configuration and reload' ]

ansible_collections/debops/debops/roles/keepalived/templates/etc/ansible/facts.d/keepalived.fact.j2

@@ -0,0 +1,41 @@
+#!{{ ansible_python['executable'] }}
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2022 Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (C) 2022 DebOps <https://debops.org/>
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# {{ ansible_managed }}
+
+from __future__ import print_function
+from json import dumps
+from sys import exit
+import subprocess
+import signal
+import os
+
+
+def cmd_exists(cmd):
+    return any(
+        os.access(os.path.join(path, cmd), os.X_OK)
+        for path in os.environ["PATH"].split(os.pathsep)
+    )
+
+
+output = {'installed': cmd_exists('keepalived')}
+
+try:
+    with open(os.devnull, 'w') as devnull:
+        keepalived_stdout = subprocess.check_output(
+            ["/usr/sbin/keepalived --version"],
+            shell=True, stderr=subprocess.STDOUT).decode('utf-8')
+
+except subprocess.CalledProcessError:
+    pass
+
+if keepalived_stdout:
+    for line in keepalived_stdout.split('\n'):
+        if line.startswith('Keepalived '):
+            output['version'] = line.split()[1].lstrip('v')
+
+print(dumps(output, sort_keys=True, indent=4))

ansible_collections/debops/debops/roles/keepalived/templates/etc/keepalived/keepalived.conf.j2

@@ -0,0 +1,17 @@
+{# Copyright (C) 2022 Maciej Delmanowski <drybjed@gmail.com>
+ # Copyright (C) 2022 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: GPL-3.0-or-later
+ #}
+# {{ ansible_managed }}
+
+{% for element in keepalived__combined_configuration | debops.debops.parse_kv_config %}
+{%   if element.state | d('present') not in [ 'absent', 'ignore', 'init' ] %}
+{%     if not loop.first %}
+{{       '' }}
+{%     endif %}
+{%     if element.comment | d() %}
+{{       element.comment | regex_replace('\n$', '') | comment(prefix='', postfix='') }}
+{%     endif %}
+{{     '{}'.format(element.raw | regex_replace('\n$', '')) }}
+{%   endif %}
+{% endfor %}