mirror of https://github.com/Aidaho12/haproxy-wi
104 lines
2.5 KiB
YAML
104 lines
2.5 KiB
YAML
---
|
|
- name: check if Keepalived is installed
|
|
package_facts:
|
|
manager: "auto"
|
|
|
|
- name: Creates log directory
|
|
file:
|
|
path: "{{keepalived_path_logs}}"
|
|
state: directory
|
|
|
|
- name: Creates UDP check directory
|
|
file:
|
|
path: "{{service_dir}}/checks"
|
|
state: directory
|
|
|
|
- name: Copy UDP check file
|
|
template:
|
|
src: udp_check.sh.j2
|
|
dest: "{{service_dir}}/checks/udp_check.sh"
|
|
mode: 0755
|
|
|
|
- name: Copy keepalived configuration for rsyslog
|
|
template:
|
|
src: rsyslog.conf.j2
|
|
dest: /etc/rsyslog.d/51-keepalived-udp.conf
|
|
mode: 0644
|
|
notify: Restart rsyslog
|
|
|
|
- name: Copy keepalived configuration for logrotate
|
|
template:
|
|
src: logrotate.conf.j2
|
|
dest: /etc/logrotate.d/keepalived-udp
|
|
mode: 0644
|
|
|
|
- name: Install the latest version of Keepalived
|
|
package:
|
|
name:
|
|
- keepalived
|
|
- ipvsadm
|
|
- iptables
|
|
state: present
|
|
when: "'keepalived' not in ansible_facts.packages"
|
|
environment:
|
|
http_proxy: "{{PROXY}}"
|
|
https_proxy: "{{PROXY}}"
|
|
|
|
- name: Copy keepalived configuration in place.
|
|
template:
|
|
src: keepalived-udp.conf.j2
|
|
dest: "{{ service_dir }}/keepalived-udp-{{ id }}.conf"
|
|
mode: 0644
|
|
|
|
- name: Copy keepalived UPD service file in place.
|
|
template:
|
|
src: keepalived.service.j2
|
|
dest: "/etc/systemd/system/keepalived-udp-{{ id }}.service"
|
|
mode: 0644
|
|
|
|
- name: Copy iptables restore service file in place.
|
|
template:
|
|
src: iptables-restore.service.j2
|
|
dest: /etc/systemd/system/iptables-restore.service
|
|
mode: 0644
|
|
|
|
- name: Enable and start service keepalived
|
|
service:
|
|
name: "keepalived-udp-{{ id }}"
|
|
daemon_reload: yes
|
|
state: restarted
|
|
enabled: yes
|
|
ignore_errors: yes
|
|
|
|
- name: Enable and start service iptables-restore
|
|
service:
|
|
name: iptables-restore
|
|
daemon_reload: yes
|
|
state: restarted
|
|
enabled: yes
|
|
ignore_errors: yes
|
|
|
|
- name: Enable sysctl parameters
|
|
sysctl:
|
|
name: "{{ item }}"
|
|
value: '1'
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
with_items: ["net.ipv4.ip_forward", "net.ipv4.conf.all.arp_ignore", "net.ipv4.ip_nonlocal_bind", "net.ipv6.ip_nonlocal_bind"]
|
|
|
|
- name: Enable arp_ignore
|
|
sysctl:
|
|
name: net.ipv4.conf.all.arp_announce
|
|
value: '2'
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
|
|
- name: Create NAT in iptables
|
|
command: "/sbin/iptables -t nat -A POSTROUTING -m ipvs --vaddr {{ vip }} -j MASQUERADE"
|
|
|
|
- name: Save current state of the firewall in system file
|
|
community.general.iptables_state:
|
|
state: saved
|
|
path: /etc/sysconfig/iptables |