haproxy-wi/app/scripts/ansible/roles/keepalived/templates/keepalived.conf.j2

global_defs {
# Managed by Roxy-WI do not edit this file. Use HA cluster configuration instead
   router_id LVS_DEVEL
   enable_script_security
}


{%- if NGINX %}
#NGINX health-check for keepalive
vrrp_script chk_nginx {
    script "systemctl is-active --quiet nginx"
    interval 2
    weight 3
}
{% endif %}


{%- if HAPROXY %}
#HAProxy health-check for keepalive
vrrp_script chk_haproxy {
    script "systemctl is-active --quiet haproxy"
    interval 2
    weight 3
}
{% endif %}


{% for router, vip in routers.items() %}
vrrp_instance VI_{{router}} {
    {% for k, slave in vip.items() %}
    {% if k == ansible_host and slave is mapping %}

    state {% if slave.master %}MASTER{% else %}BACKUP{%endif%}

    interface {{slave.eth}}
    priority {% if vip.return_master and slave.master %}152{% elif slave.master and not vip.return_master %}102{% else %}101{%endif%}
    {% endif %}
    {% endfor %}

    virtual_router_id {{router}}

    #check if we are still running
    track_script {


        {%- if HAPROXY %}
        chk_haproxy
        {% endif %}
        {%- if NGINX %}
        chk_nginx
        {% endif %}
    }

    advert_int 1
    authentication {
        auth_type PASS
        auth_pass VerySecr
    }
    virtual_ipaddress {
        {{vip.vip}}
    }

    {% if vip.use_src|string() == "1" %}
    virtual_routes {
        {% for k, slave in vip.items() %}
        {% if k == ansible_host and slave is mapping %}
        {{ (ansible_facts[slave.eth]["ipv4"]["address"] + "/" + ansible_facts[slave.eth]["ipv4"]["netmask"]) | ipaddr("0") }} dev {{ slave.eth }} src {{ vip.vip }} scope link table ha_cluster_{{ router }}
        {% endif %}
        {% endfor %}
    }

    virtual_rules {
        from {{vip.vip}}/32 table ha_cluster_{{ router }} priority 100
    }
    {% endif %}
}
{% endfor %}
# Managed by Roxy-WI do not edit this file. Use HA cluster configuration instead