diff --git a/files/.gitkeep b/files/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 239a83e..461fe7f 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -51,6 +51,36 @@ register: slurp_etc_keepalived_keepalived_conf - name: "Verify directory /etc/keepalived" + vars: + keepalived_expected_cfg_file: | + # Ansible managed: Do NOT edit this file manually! + global_defs { + script_user keepalived_script + enable_script_security + } + + vrrp_instance instance { + interface eth0 + + state BACKUP + virtual_router_id 50 + priority 100 + advert_int 1 + + nopreempt + + + authentication { + auth_type PASS + auth_pass password + } + + virtual_ipaddress { + 192.168.1.100/32 + } + + notify /etc/keepalived/scripts.d/notify.sh + } ansible.builtin.assert: that: - stat_etc_keepalived.stat.exists @@ -68,9 +98,9 @@ - stat_etc_keepalived_keepalived_conf.stat.pw_name == 'root' - stat_etc_keepalived_keepalived_conf.stat.gr_name == 'root' - stat_etc_keepalived_keepalived_conf.stat.mode == '0600' - - slurp_etc_keepalived_keepalived_conf.content != '' + - (slurp_etc_keepalived_keepalived_conf.content|b64decode) == keepalived_expected_cfg_file - - name: "Test: service haproxy" + - name: "Test: service keepalived" block: - name: "Get service keepalived" ansible.builtin.service_facts: @@ -115,3 +145,41 @@ - ansible_facts.services['keepalived.service']['source'] == 'systemd' - ansible_facts.services['keepalived.service']['state'] == 'running' - ansible_facts.services['keepalived.service']['status'] == 'enabled' + + - name: "Test: file /usr/local/sbin/keepalived" + block: + - name: "Stat file /usr/local/sbin/keepalived" + ansible.builtin.stat: + path: "/usr/local/sbin/keepalived" + register: stat_usr_local_sbin_keepalived + + - name: "Command keepalived --version" + ansible.builtin.command: "keepalived --version" + changed_when: false + register: keepalived_version + + - name: "Verify file /usr/local/sbin/keepalived" + ansible.builtin.assert: + that: + - keepalived_version.stderr | regex_search('^Keepalived v\\d+\\.\\d+\\.\\d') + - stat_usr_local_sbin_keepalived.stat.exists + - stat_usr_local_sbin_keepalived.stat.isreg + - stat_usr_local_sbin_keepalived.stat.pw_name == 'root' + - stat_usr_local_sbin_keepalived.stat.gr_name == 'root' + - stat_usr_local_sbin_keepalived.stat.mode == '0755' + + - name: "Test: interfaces" + block: + - name: "Debug" + ansible.builtin.debug: + msg: "{{ ansible_eth0 }}" + + - name: "Verify VIP interface" + ansible.builtin.assert: + that: + - ansible_eth0.active + - ansible_eth0.ipv4_secondaries[0].address == '192.168.1.100' + - ansible_eth0.ipv4_secondaries[0].netmask == '255.255.255.255' + - ansible_eth0.ipv4_secondaries[0].broadcast == '' + - ansible_eth0.ipv4_secondaries[0].network == '192.168.1.100' + - ansible_eth0.ipv4_secondaries[0].prefix == '32' \ No newline at end of file diff --git a/molecule/default_vagrant/verify.yml b/molecule/default_vagrant/verify.yml index ec450ea..28e9654 100644 --- a/molecule/default_vagrant/verify.yml +++ b/molecule/default_vagrant/verify.yml @@ -4,3 +4,160 @@ gather_facts: true become: true tasks: + - name: "Test: directory /etc/keepalived" + block: + - name: "Stat directory /etc/keepalived" + ansible.builtin.stat: + path: "/etc/keepalived" + register: stat_etc_keepalived + + - name: "Stat file /etc/default/keepalived" + ansible.builtin.stat: + path: "/etc/default/keepalived" + register: stat_etc_default_keepalived + + - name: "Stat file /etc/keepalived/keepalived.conf" + ansible.builtin.stat: + path: "/etc/keepalived/keepalived.conf" + register: stat_etc_keepalived_keepalived_conf + + - name: "Slurp file /etc/keepalived/keepalived.conf" + ansible.builtin.slurp: + src: "/etc/keepalived/keepalived.conf" + register: slurp_etc_keepalived_keepalived_conf + + - name: "Verify directory /etc/keepalived" + vars: + keepalived_expected_cfg_file: | + # Ansible managed: Do NOT edit this file manually! + global_defs { + script_user keepalived_script + enable_script_security + } + + vrrp_instance instance { + interface eth0 + + state BACKUP + virtual_router_id 50 + priority 100 + advert_int 1 + + nopreempt + + + authentication { + auth_type PASS + auth_pass password + } + + virtual_ipaddress { + 192.168.1.100/32 + } + + notify /etc/keepalived/scripts.d/notify.sh + } + ansible.builtin.assert: + that: + - stat_etc_keepalived.stat.exists + - stat_etc_keepalived.stat.isdir + - stat_etc_keepalived.stat.pw_name == 'root' + - stat_etc_keepalived.stat.gr_name == 'root' + - stat_etc_keepalived.stat.mode == '0755' + - stat_etc_default_keepalived.stat.exists + - stat_etc_default_keepalived.stat.isreg + - stat_etc_default_keepalived.stat.pw_name == 'root' + - stat_etc_default_keepalived.stat.gr_name == 'root' + - stat_etc_default_keepalived.stat.mode == '0600' + - stat_etc_keepalived_keepalived_conf.stat.exists + - stat_etc_keepalived_keepalived_conf.stat.isreg + - stat_etc_keepalived_keepalived_conf.stat.pw_name == 'root' + - stat_etc_keepalived_keepalived_conf.stat.gr_name == 'root' + - stat_etc_keepalived_keepalived_conf.stat.mode == '0600' + - (slurp_etc_keepalived_keepalived_conf.content|b64decode) == keepalived_expected_cfg_file + + - name: "Test: service keepalived" + block: + - name: "Get service keepalived" + ansible.builtin.service_facts: + + - name: "Stat file /etc/systemd/system/keepalived_container.service" + ansible.builtin.stat: + path: "/etc/systemd/system/keepalived_container.service" + register: stat_etc_systemd_system_keepalived_container_service + + - name: "Slurp file /etc/systemd/system/keepalived_container.service" + ansible.builtin.slurp: + src: "/etc/systemd/system/keepalived_container.service" + register: slurp_etc_systemd_system_keepalived_container_service + + - name: "Verify service keepalived" + vars: + keepalived_expected_service_file: | + # Ansible managed: Do NOT edit this file manually! + [Unit] + After=docker.service + PartOf=docker.service + Requires=docker.service + + [Service] + EnvironmentFile=/etc/default/keepalived + ExecStartPre=-/usr/bin/docker rm -f keepalived + ExecStart=/usr/bin/docker run --name keepalived \ + --rm \ + --env-file /etc/default/keepalived \ + --network "host" \ + --cap-add "NET_ADMIN" \ + --cap-add "NET_RAW" \ + --cap-add "NET_BROADCAST" \ + --volume "/etc/keepalived:/etc/keepalived" \ + ednxzu/keepalived:2.2.8 + ExecStop=/usr/bin/docker stop keepalived + SyslogIdentifier=keepalived + Restart=always + RestartSec=10s + + [Install] + WantedBy=docker.service + ansible.builtin.assert: + that: + - stat_etc_systemd_system_keepalived_container_service.stat.exists + - stat_etc_systemd_system_keepalived_container_service.stat.isreg + - stat_etc_systemd_system_keepalived_container_service.stat.pw_name == 'root' + - stat_etc_systemd_system_keepalived_container_service.stat.gr_name == 'root' + - stat_etc_systemd_system_keepalived_container_service.stat.mode == '0644' + - (slurp_etc_systemd_system_keepalived_container_service.content|b64decode) == keepalived_expected_service_file + - ansible_facts.services['keepalived_container.service'] is defined + - ansible_facts.services['keepalived_container.service']['source'] == 'systemd' + - ansible_facts.services['keepalived_container.service']['state'] == 'running' + - ansible_facts.services['keepalived_container.service']['status'] == 'enabled' + + - name: "Test: container keepalived" + block: + - name: "Command keepalived --version" + community.docker.docker_container_exec: + container: keepalived + command: keepalived --version + changed_when: false + register: keepalived_version + + - name: "Verify container keepalived" + ansible.builtin.assert: + that: + - keepalived_version.stderr | regex_search('^Keepalived v\\d+\\.\\d+\\.\\d') + + - name: "Test: interfaces" + block: + - name: "Debug" + ansible.builtin.debug: + msg: "{{ ansible_eth0 }}" + + - name: "Verify VIP interface" + ansible.builtin.assert: + that: + - ansible_eth0.active + - ansible_eth0.ipv4_secondaries[0].address == '192.168.1.100' + - ansible_eth0.ipv4_secondaries[0].netmask == '255.255.255.255' + - ansible_eth0.ipv4_secondaries[0].broadcast == '' + - ansible_eth0.ipv4_secondaries[0].network == '192.168.1.100' + - ansible_eth0.ipv4_secondaries[0].prefix == '32' diff --git a/molecule/with_custom_conf/converge.yml b/molecule/with_custom_conf/converge.yml new file mode 100644 index 0000000..d5dff8e --- /dev/null +++ b/molecule/with_custom_conf/converge.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: true + tasks: + - name: "Include ednz_cloud.deploy_keepalived" + ansible.builtin.include_role: + name: "ednz_cloud.deploy_keepalived" diff --git a/molecule/with_custom_conf/group_vars/all.yml b/molecule/with_custom_conf/group_vars/all.yml new file mode 100644 index 0000000..d6a1323 --- /dev/null +++ b/molecule/with_custom_conf/group_vars/all.yml @@ -0,0 +1,25 @@ +--- +# defaults file for deploy_keepalived +deploy_keepalived_deploy_method: "host" +deploy_keepalived_version: "2.2.7" +deploy_keepalived_start_service: true +deploy_keepalived_env_variables: {} + +deploy_keepalived_vrrp_instance_name: "{{ ansible_hostname }}" +deploy_keepalived_interface: "{{ ansible_default_ipv4.interface }}" +deploy_keepalived_state: "BACKUP" +deploy_keepalived_router_id: 50 +deploy_keepalived_priority: 100 +deploy_keepalived_advert_interval: 1 +deploy_keepalived_unicast_source: "{{ ansible_default_ipv4.address }}" +deploy_keepalived_unicast_peers: + - "192.168.1.13" + - "192.168.1.14" + - "192.168.1.15" +deploy_keepalived_auth_passwd: "password" +deploy_keepalived_virtual_ips: + - 192.168.1.100/32 +deploy_keepalived_notify_script: notify.sh + +deploy_keepalived_custom_scripts_src: +deploy_keepalived_extra_container_volumes: [] diff --git a/molecule/with_custom_conf/molecule.yml b/molecule/with_custom_conf/molecule.yml new file mode 100644 index 0000000..39374b6 --- /dev/null +++ b/molecule/with_custom_conf/molecule.yml @@ -0,0 +1,37 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ./requirements.yml +driver: + name: docker +platforms: + - name: instance + image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible + command: "" + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup + cgroupns_mode: host + privileged: true + pre_build_image: true +provisioner: + name: ansible + config_options: + defaults: + remote_tmp: /tmp/.ansible +verifier: + name: ansible +scenario: + name: with_custom_conf + test_sequence: + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + - idempotence + - verify + - cleanup + - destroy diff --git a/molecule/with_custom_conf/requirements.yml b/molecule/with_custom_conf/requirements.yml new file mode 100644 index 0000000..329e789 --- /dev/null +++ b/molecule/with_custom_conf/requirements.yml @@ -0,0 +1,4 @@ +--- +# requirements file for molecule +roles: + - name: ednz_cloud.manage_apt_packages diff --git a/molecule/with_custom_conf/verify.yml b/molecule/with_custom_conf/verify.yml new file mode 100644 index 0000000..299d2e3 --- /dev/null +++ b/molecule/with_custom_conf/verify.yml @@ -0,0 +1,191 @@ +--- +- name: Verify + hosts: all + gather_facts: true + become: true + tasks: + - name: "Test: keepalived_script user and group" + block: + - name: "Getent user keepalived_script" + ansible.builtin.getent: + database: passwd + key: keepalived_script + register: keepalived_script_user + + - name: "Getent group keepalived_script" + ansible.builtin.getent: + database: group + key: keepalived_script + register: keepalived_script_group + + - name: "Verify keepalived_script user and group" + ansible.builtin.assert: + that: + - not keepalived_script_user.failed + - not keepalived_script_group.failed + - "'keepalived_script' in keepalived_script_user.ansible_facts.getent_passwd.keys()" + - "'/home/keepalived_script' in keepalived_script_user.ansible_facts.getent_passwd['keepalived_script']" + - "'/bin/false' in keepalived_script_user.ansible_facts.getent_passwd['keepalived_script']" + - "'keepalived_script' in keepalived_script_group.ansible_facts.getent_group.keys()" + + - name: "Test: directory /etc/keepalived" + block: + - name: "Stat directory /etc/keepalived" + ansible.builtin.stat: + path: "/etc/keepalived" + register: stat_etc_keepalived + + - name: "Stat file /etc/keepalived/keepalived.env" + ansible.builtin.stat: + path: "/etc/keepalived/keepalived.env" + register: stat_etc_keepalived_keepalived_env + + - name: "Stat file /etc/keepalived/keepalived.conf" + ansible.builtin.stat: + path: "/etc/keepalived/keepalived.conf" + register: stat_etc_keepalived_keepalived_conf + + - name: "Slurp file /etc/keepalived/keepalived.conf" + ansible.builtin.slurp: + src: "/etc/keepalived/keepalived.conf" + register: slurp_etc_keepalived_keepalived_conf + + - name: "Verify directory /etc/keepalived" + vars: + keepalived_expected_cfg_file: | + # Ansible managed: Do NOT edit this file manually! + global_defs { + script_user keepalived_script + enable_script_security + } + + vrrp_instance instance { + interface eth0 + + state BACKUP + virtual_router_id 50 + priority 100 + advert_int 1 + + nopreempt + + unicast_src_ip {{ ansible_default_ipv4.address }} + unicast_peer { + 192.168.1.13 + 192.168.1.14 + 192.168.1.15 + } + + authentication { + auth_type PASS + auth_pass password + } + + virtual_ipaddress { + 192.168.1.100/32 + } + + notify /etc/keepalived/scripts.d/notify.sh + } + ansible.builtin.assert: + that: + - stat_etc_keepalived.stat.exists + - stat_etc_keepalived.stat.isdir + - stat_etc_keepalived.stat.pw_name == 'root' + - stat_etc_keepalived.stat.gr_name == 'root' + - stat_etc_keepalived.stat.mode == '0755' + - stat_etc_keepalived_keepalived_env.stat.exists + - stat_etc_keepalived_keepalived_env.stat.isreg + - stat_etc_keepalived_keepalived_env.stat.pw_name == 'root' + - stat_etc_keepalived_keepalived_env.stat.gr_name == 'root' + - stat_etc_keepalived_keepalived_env.stat.mode == '0600' + - stat_etc_keepalived_keepalived_conf.stat.exists + - stat_etc_keepalived_keepalived_conf.stat.isreg + - stat_etc_keepalived_keepalived_conf.stat.pw_name == 'root' + - stat_etc_keepalived_keepalived_conf.stat.gr_name == 'root' + - stat_etc_keepalived_keepalived_conf.stat.mode == '0600' + - (slurp_etc_keepalived_keepalived_conf.content|b64decode) == keepalived_expected_cfg_file + + - name: "Test: service keepalived" + block: + - name: "Get service keepalived" + ansible.builtin.service_facts: + + - name: "Stat file /etc/systemd/system/keepalived.service" + ansible.builtin.stat: + path: "/etc/systemd/system/keepalived.service" + register: stat_etc_systemd_system_keepalived_service + + - name: "Slurp file /etc/systemd/system/keepalived.service" + ansible.builtin.slurp: + src: "/etc/systemd/system/keepalived.service" + register: slurp_etc_systemd_system_keepalived_service + + - name: "Verify service keepalived" + vars: + keepalived_expected_service_file: | + # Ansible managed: Do NOT edit this file manually! + [Unit] + Description=Keepalive Daemon (LVS and VRRP) + After=network-online.target + Wants=network-online.target + ConditionFileNotEmpty=/etc/keepalived/keepalived.conf + + [Service] + # Type=notify + EnvironmentFile=-/etc/keepalived/keepalived.env + ExecStart=/usr/local/sbin/keepalived -f /etc/keepalived/keepalived.conf --dont-fork $DAEMON_ARGS + ExecReload=/bin/kill -HUP $MAINPID + + [Install] + WantedBy=multi-user.target + ansible.builtin.assert: + that: + - stat_etc_systemd_system_keepalived_service.stat.exists + - stat_etc_systemd_system_keepalived_service.stat.isreg + - stat_etc_systemd_system_keepalived_service.stat.pw_name == 'root' + - stat_etc_systemd_system_keepalived_service.stat.gr_name == 'root' + - stat_etc_systemd_system_keepalived_service.stat.mode == '0644' + - (slurp_etc_systemd_system_keepalived_service.content|b64decode) == keepalived_expected_service_file + - ansible_facts.services['keepalived.service'] is defined + - ansible_facts.services['keepalived.service']['source'] == 'systemd' + - ansible_facts.services['keepalived.service']['state'] == 'running' + - ansible_facts.services['keepalived.service']['status'] == 'enabled' + + - name: "Test: file /usr/local/sbin/keepalived" + block: + - name: "Stat file /usr/local/sbin/keepalived" + ansible.builtin.stat: + path: "/usr/local/sbin/keepalived" + register: stat_usr_local_sbin_keepalived + + - name: "Command keepalived --version" + ansible.builtin.command: "keepalived --version" + changed_when: false + register: keepalived_version + + - name: "Verify file /usr/local/sbin/keepalived" + ansible.builtin.assert: + that: + - keepalived_version.stderr | regex_search('^Keepalived v2\\.2\\.7') + - stat_usr_local_sbin_keepalived.stat.exists + - stat_usr_local_sbin_keepalived.stat.isreg + - stat_usr_local_sbin_keepalived.stat.pw_name == 'root' + - stat_usr_local_sbin_keepalived.stat.gr_name == 'root' + - stat_usr_local_sbin_keepalived.stat.mode == '0755' + + - name: "Test: interfaces" + block: + - name: "Debug" + ansible.builtin.debug: + msg: "{{ ansible_eth0 }}" + + - name: "Verify VIP interface" + ansible.builtin.assert: + that: + - ansible_eth0.active + - ansible_eth0.ipv4_secondaries[0].address == '192.168.1.100' + - ansible_eth0.ipv4_secondaries[0].netmask == '255.255.255.255' + - ansible_eth0.ipv4_secondaries[0].broadcast == '' + - ansible_eth0.ipv4_secondaries[0].network == '192.168.1.100' + - ansible_eth0.ipv4_secondaries[0].prefix == '32' \ No newline at end of file diff --git a/molecule/with_custom_conf_vagrant/converge.yml b/molecule/with_custom_conf_vagrant/converge.yml new file mode 100644 index 0000000..d5dff8e --- /dev/null +++ b/molecule/with_custom_conf_vagrant/converge.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: true + tasks: + - name: "Include ednz_cloud.deploy_keepalived" + ansible.builtin.include_role: + name: "ednz_cloud.deploy_keepalived" diff --git a/molecule/with_custom_conf_vagrant/group_vars/all.yml b/molecule/with_custom_conf_vagrant/group_vars/all.yml new file mode 100644 index 0000000..9fcf684 --- /dev/null +++ b/molecule/with_custom_conf_vagrant/group_vars/all.yml @@ -0,0 +1,24 @@ +--- +deploy_keepalived_deploy_method: "docker" +deploy_keepalived_version: "2.2.7" +deploy_keepalived_start_service: true +deploy_keepalived_env_variables: {} + +deploy_keepalived_vrrp_instance_name: "{{ ansible_hostname }}" +deploy_keepalived_interface: "{{ ansible_default_ipv4.interface }}" +deploy_keepalived_state: "BACKUP" +deploy_keepalived_router_id: 50 +deploy_keepalived_priority: 100 +deploy_keepalived_advert_interval: 1 +deploy_keepalived_unicast_source: "{{ ansible_default_ipv4.address }}" +deploy_keepalived_unicast_peers: + - "192.168.1.13" + - "192.168.1.14" + - "192.168.1.15" +deploy_keepalived_auth_passwd: "password" +deploy_keepalived_virtual_ips: + - 192.168.1.100/32 +deploy_keepalived_notify_script: notify.sh + +deploy_keepalived_custom_scripts_src: +deploy_keepalived_extra_container_volumes: [] diff --git a/molecule/with_custom_conf_vagrant/molecule.yml b/molecule/with_custom_conf_vagrant/molecule.yml new file mode 100644 index 0000000..92903eb --- /dev/null +++ b/molecule/with_custom_conf_vagrant/molecule.yml @@ -0,0 +1,35 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ./requirements.yml +driver: + name: vagrant + provider: + name: libvirt +platforms: + - name: instance + box: generic/${MOLECULE_TEST_OS} + cpus: 4 + memory: 4096 +provisioner: + name: ansible + config_options: + defaults: + remote_tmp: /tmp/.ansible +verifier: + name: ansible +scenario: + name: with_custom_conf_vagrant + test_sequence: + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + - idempotence + - verify + - cleanup + - destroy diff --git a/molecule/with_custom_conf_vagrant/prepare.yml b/molecule/with_custom_conf_vagrant/prepare.yml new file mode 100644 index 0000000..24630fb --- /dev/null +++ b/molecule/with_custom_conf_vagrant/prepare.yml @@ -0,0 +1,10 @@ +--- +- name: Prepare + hosts: all + become: true + tasks: + - name: "Include ednz_cloud.install_docker" + ansible.builtin.include_role: + name: ednz_cloud.install_docker + vars: + install_docker_python_packages: true diff --git a/molecule/with_custom_conf_vagrant/requirements.yml b/molecule/with_custom_conf_vagrant/requirements.yml new file mode 100644 index 0000000..92a4b82 --- /dev/null +++ b/molecule/with_custom_conf_vagrant/requirements.yml @@ -0,0 +1,6 @@ +--- +# requirements file for molecule +roles: + - name: ednz_cloud.manage_repositories + - name: ednz_cloud.manage_apt_packages + - name: ednz_cloud.install_docker diff --git a/molecule/with_custom_conf_vagrant/verify.yml b/molecule/with_custom_conf_vagrant/verify.yml new file mode 100644 index 0000000..bdc32b4 --- /dev/null +++ b/molecule/with_custom_conf_vagrant/verify.yml @@ -0,0 +1,169 @@ +--- +- name: Verify + hosts: all + gather_facts: true + become: true + tasks: + - name: "Test: directory /etc/keepalived" + block: + - name: "Stat directory /etc/keepalived" + ansible.builtin.stat: + path: "/etc/keepalived" + register: stat_etc_keepalived + + - name: "Stat file /etc/default/keepalived" + ansible.builtin.stat: + path: "/etc/default/keepalived" + register: stat_etc_default_keepalived + + - name: "Stat file /etc/keepalived/keepalived.conf" + ansible.builtin.stat: + path: "/etc/keepalived/keepalived.conf" + register: stat_etc_keepalived_keepalived_conf + + - name: "Slurp file /etc/keepalived/keepalived.conf" + ansible.builtin.slurp: + src: "/etc/keepalived/keepalived.conf" + register: slurp_etc_keepalived_keepalived_conf + + - name: "Verify directory /etc/keepalived" + vars: + keepalived_expected_cfg_file: | + # Ansible managed: Do NOT edit this file manually! + global_defs { + script_user keepalived_script + enable_script_security + } + + vrrp_instance instance { + interface eth0 + + state BACKUP + virtual_router_id 50 + priority 100 + advert_int 1 + + nopreempt + + unicast_src_ip {{ ansible_default_ipv4.address }} + unicast_peer { + 192.168.1.13 + 192.168.1.14 + 192.168.1.15 + } + + authentication { + auth_type PASS + auth_pass password + } + + virtual_ipaddress { + 192.168.1.100/32 + } + + notify /etc/keepalived/scripts.d/notify.sh + } + ansible.builtin.assert: + that: + - stat_etc_keepalived.stat.exists + - stat_etc_keepalived.stat.isdir + - stat_etc_keepalived.stat.pw_name == 'root' + - stat_etc_keepalived.stat.gr_name == 'root' + - stat_etc_keepalived.stat.mode == '0755' + - stat_etc_default_keepalived.stat.exists + - stat_etc_default_keepalived.stat.isreg + - stat_etc_default_keepalived.stat.pw_name == 'root' + - stat_etc_default_keepalived.stat.gr_name == 'root' + - stat_etc_default_keepalived.stat.mode == '0600' + - stat_etc_keepalived_keepalived_conf.stat.exists + - stat_etc_keepalived_keepalived_conf.stat.isreg + - stat_etc_keepalived_keepalived_conf.stat.pw_name == 'root' + - stat_etc_keepalived_keepalived_conf.stat.gr_name == 'root' + - stat_etc_keepalived_keepalived_conf.stat.mode == '0600' + - (slurp_etc_keepalived_keepalived_conf.content|b64decode) == keepalived_expected_cfg_file + + - name: "Test: service keepalived" + block: + - name: "Get service keepalived" + ansible.builtin.service_facts: + + - name: "Stat file /etc/systemd/system/keepalived_container.service" + ansible.builtin.stat: + path: "/etc/systemd/system/keepalived_container.service" + register: stat_etc_systemd_system_keepalived_container_service + + - name: "Slurp file /etc/systemd/system/keepalived_container.service" + ansible.builtin.slurp: + src: "/etc/systemd/system/keepalived_container.service" + register: slurp_etc_systemd_system_keepalived_container_service + + - name: "Verify service keepalived" + vars: + keepalived_expected_service_file: | + # Ansible managed: Do NOT edit this file manually! + [Unit] + After=docker.service + PartOf=docker.service + Requires=docker.service + + [Service] + EnvironmentFile=/etc/default/keepalived + ExecStartPre=-/usr/bin/docker rm -f keepalived + ExecStart=/usr/bin/docker run --name keepalived \ + --rm \ + --env-file /etc/default/keepalived \ + --network "host" \ + --cap-add "NET_ADMIN" \ + --cap-add "NET_RAW" \ + --cap-add "NET_BROADCAST" \ + --volume "/etc/keepalived:/etc/keepalived" \ + ednxzu/keepalived:2.2.7 + ExecStop=/usr/bin/docker stop keepalived + SyslogIdentifier=keepalived + Restart=always + RestartSec=10s + + [Install] + WantedBy=docker.service + ansible.builtin.assert: + that: + - stat_etc_systemd_system_keepalived_container_service.stat.exists + - stat_etc_systemd_system_keepalived_container_service.stat.isreg + - stat_etc_systemd_system_keepalived_container_service.stat.pw_name == 'root' + - stat_etc_systemd_system_keepalived_container_service.stat.gr_name == 'root' + - stat_etc_systemd_system_keepalived_container_service.stat.mode == '0644' + - (slurp_etc_systemd_system_keepalived_container_service.content|b64decode) == keepalived_expected_service_file + - ansible_facts.services['keepalived_container.service'] is defined + - ansible_facts.services['keepalived_container.service']['source'] == 'systemd' + - ansible_facts.services['keepalived_container.service']['state'] == 'running' + - ansible_facts.services['keepalived_container.service']['status'] == 'enabled' + + - name: "Test: container keepalived" + block: + - name: "Command keepalived --version" + community.docker.docker_container_exec: + container: keepalived + command: keepalived --version + changed_when: false + register: keepalived_version + + - name: "Verify container keepalived" + ansible.builtin.assert: + that: + - keepalived_version.stderr | regex_search('^Keepalived v2\\.2\\.7') + + - name: "Test: interfaces" + block: + - name: "Debug" + ansible.builtin.debug: + msg: "{{ ansible_eth0 }}" + + - name: "Verify VIP interface" + ansible.builtin.assert: + that: + - ansible_eth0.active + - ansible_eth0.ipv4_secondaries[0].address == '192.168.1.100' + - ansible_eth0.ipv4_secondaries[0].netmask == '255.255.255.255' + - ansible_eth0.ipv4_secondaries[0].broadcast == '' + - ansible_eth0.ipv4_secondaries[0].network == '192.168.1.100' + - ansible_eth0.ipv4_secondaries[0].prefix == '32' diff --git a/tasks/configure.yml b/tasks/configure.yml index a3190d0..8864696 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -26,8 +26,8 @@ ansible.builtin.template: src: "{{ item }}" dest: "{{ deploy_keepalived_scripts_dir }}/{{ (item | basename) }}" - owner: "{{ deploy_keepalived_script_user if deploy_keepalived_deploy_method == 'host' else 'root' }}" - group: "{{ deploy_keepalived_script_user if deploy_keepalived_deploy_method == 'host' else 'root' }}" + owner: "{{ deploy_keepalived_script_user }}" + group: "{{ deploy_keepalived_script_user }}" mode: "0700" with_fileglob: - "files/*" @@ -36,8 +36,8 @@ ansible.builtin.template: src: "{{ item }}" dest: "{{ deploy_keepalived_scripts_dir }}/{{ (item | basename) }}" - owner: "{{ deploy_keepalived_script_user if deploy_keepalived_deploy_method == 'host' else 'root' }}" - group: "{{ deploy_keepalived_script_user if deploy_keepalived_deploy_method == 'host' else 'root' }}" + owner: "{{ deploy_keepalived_script_user }}" + group: "{{ deploy_keepalived_script_user }}" mode: "0700" with_fileglob: - "{{ deploy_keepalived_custom_scripts_src }}/*" diff --git a/templates/.gitkeep b/templates/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/templates/keepalived.conf.j2 b/templates/keepalived.conf.j2 index 0a1d3e4..b198686 100644 --- a/templates/keepalived.conf.j2 +++ b/templates/keepalived.conf.j2 @@ -1,6 +1,6 @@ # {{ ansible_managed }} global_defs { - script_user {{ deploy_keepalived_script_user }} + script_user keepalived_script enable_script_security } @@ -35,4 +35,4 @@ vrrp_instance {{ deploy_keepalived_vrrp_instance_name }} { } notify {{ deploy_keepalived_scripts_dir }}/{{ deploy_keepalived_notify_script }} -} \ No newline at end of file +} diff --git a/vars/main.yml b/vars/main.yml index c874549..75e9255 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -9,8 +9,8 @@ deploy_keepalived_tmp_path: "/tmp/keepalived-{{ deploy_keepalived_version}}" deploy_keepalived_service_name: "keepalived{{ '_container' if deploy_keepalived_deploy_method == 'docker' }}" deploy_keepalived_user: root deploy_keepalived_group: root -deploy_keepalived_script_user: keepalived_script -deploy_keepalived_script_group: keepalived_script +deploy_keepalived_script_user: "{{ 'keepalived_script' if deploy_keepalived_deploy_method == 'host' else '100' }}" +deploy_keepalived_script_group: "{{ 'keepalived_script' if deploy_keepalived_deploy_method == 'host' else '101' }}" deploy_keepalived_docker_image: ednxzu/keepalived deploy_keepalived_container_volume_map: - "{{ deploy_keepalived_config_dir }}:/etc/keepalived"