From 4818ebd688fe6b2f97c7e64f0a2edebeea2a82d5 Mon Sep 17 00:00:00 2001
From: Bertrand Lanson <bertrand.lanson@protonmail.com>
Date: Sat, 9 Mar 2024 22:34:20 +0100
Subject: [PATCH] feat(install): add docker installation and configure steps

---
 defaults/main.yml                           | 20 +++++++++-
 files/notify.sh                             | 20 ++++++++++
 handlers/main.yml                           | 18 +++++++++
 molecule/default_vagrant/group_vars/all.yml |  2 +
 molecule/default_vagrant/prepare.yml        | 10 +++++
 molecule/default_vagrant/requirements.yml   |  6 +++
 tasks/configure.yml                         | 44 +++++++++++++++++++++
 tasks/install_docker.yml                    | 23 +++++++++++
 tasks/install_host.yml                      | 43 ++++++++++++++++++++
 tasks/main.yml                              |  8 ++++
 tasks/prerequisites.yml                     | 24 ++++++++---
 templates/keepalived.conf.j2                | 38 ++++++++++++++++++
 templates/keepalived.j2                     |  4 ++
 templates/keepalived.service.j2             | 14 +++++++
 vars/main.yml                               | 37 ++++++++++++++++-
 15 files changed, 303 insertions(+), 8 deletions(-)
 create mode 100644 files/notify.sh
 create mode 100644 molecule/default_vagrant/group_vars/all.yml
 create mode 100644 molecule/default_vagrant/prepare.yml
 create mode 100644 molecule/default_vagrant/requirements.yml
 create mode 100644 tasks/configure.yml
 create mode 100644 tasks/install_docker.yml
 create mode 100644 templates/keepalived.conf.j2
 create mode 100644 templates/keepalived.j2
 create mode 100644 templates/keepalived.service.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index c88cb2b..cceab2c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,22 @@
 ---
 # defaults file for deploy_keepalived
 deploy_keepalived_deploy_method: "host"
-deploy_keepalived_version: "2.2.5"
+deploy_keepalived_version: "2.2.8"
+deploy_keepalived_start_service: true
+deploy_keepalived_env_variables: {}
+
+deploy_keepalived_vrrp_instance_name: "{{ ansible_hostname }}"
+deploy_keepalived_interface: "{{ ansible_default_ipv4.interface }}"
+deploy_keepalived_state: "BACKUP"
+deploy_keepalived_router_id: 50
+deploy_keepalived_priority: 100
+deploy_keepalived_advert_interval: 1
+deploy_keepalived_unicast_source: "{{ ansible_default_ipv4.address }}"
+deploy_keepalived_unicast_peers: []
+deploy_keepalived_auth_passwd: "password"
+deploy_keepalived_virtual_ips:
+  - 192.168.1.100/32
+deploy_keepalived_notify_script: notify.sh
+
+deploy_keepalived_custom_scripts_src:
+deploy_keepalived_extra_container_volumes: []
diff --git a/files/notify.sh b/files/notify.sh
new file mode 100644
index 0000000..d12401f
--- /dev/null
+++ b/files/notify.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+ENDSTATE=$3
+NAME=$2
+TYPE=$1
+
+case $ENDSTATE in
+  "BACKUP")
+    exit 0
+    ;;
+  "FAULT")
+    exit 0
+    ;;
+  "MASTER")
+    exit 0
+    ;;
+  *) echo "Unknown state ${ENDSTATE} for VRRP ${TYPE} ${NAME}"
+    exit 1
+    ;;
+esac
diff --git a/handlers/main.yml b/handlers/main.yml
index ceffb0a..ecda228 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,2 +1,20 @@
 ---
 # handlers file for deploy_keepalived
+- name: "Reload systemd file"
+  ansible.builtin.systemd:
+    daemon_reload: true
+  listen: "systemctl-daemon-reload"
+
+- name: "Enable keepalived service"
+  ansible.builtin.service:
+    name: "{{ deploy_keepalived_service_name }}"
+    enabled: true
+  listen: "systemctl-enable-keepalived"
+
+- name: "Start keepalived service"
+  ansible.builtin.service:
+    name: "{{ deploy_keepalived_service_name }}"
+    state: restarted
+  listen: "systemctl-restart-keepalived"
+  throttle: 1
+  when: deploy_keepalived_start_service
diff --git a/molecule/default_vagrant/group_vars/all.yml b/molecule/default_vagrant/group_vars/all.yml
new file mode 100644
index 0000000..0b5c093
--- /dev/null
+++ b/molecule/default_vagrant/group_vars/all.yml
@@ -0,0 +1,2 @@
+---
+deploy_keepalived_deploy_method: "docker"
diff --git a/molecule/default_vagrant/prepare.yml b/molecule/default_vagrant/prepare.yml
new file mode 100644
index 0000000..24630fb
--- /dev/null
+++ b/molecule/default_vagrant/prepare.yml
@@ -0,0 +1,10 @@
+---
+- name: Prepare
+  hosts: all
+  become: true
+  tasks:
+    - name: "Include ednz_cloud.install_docker"
+      ansible.builtin.include_role:
+        name: ednz_cloud.install_docker
+      vars:
+        install_docker_python_packages: true
diff --git a/molecule/default_vagrant/requirements.yml b/molecule/default_vagrant/requirements.yml
new file mode 100644
index 0000000..92a4b82
--- /dev/null
+++ b/molecule/default_vagrant/requirements.yml
@@ -0,0 +1,6 @@
+---
+# requirements file for molecule
+roles:
+  - name: ednz_cloud.manage_repositories
+  - name: ednz_cloud.manage_apt_packages
+  - name: ednz_cloud.install_docker
diff --git a/tasks/configure.yml b/tasks/configure.yml
new file mode 100644
index 0000000..6f6c7d2
--- /dev/null
+++ b/tasks/configure.yml
@@ -0,0 +1,44 @@
+---
+# task/configure file for deploy_keepalived
+- name: "Configure for host installation"
+  when: deploy_keepalived_deploy_method == 'host'
+  block:
+    - name: "Create keepalived environment file"
+      ansible.builtin.template:
+        src: keepalived.j2
+        dest: "/etc/default/keepalived"
+        owner: "{{ deploy_keepalived_user }}"
+        group: "{{ deploy_keepalived_group }}"
+        mode: "0644"
+
+- name: "Copy keepalived.conf template"
+  ansible.builtin.template:
+    src: keepalived.conf.j2
+    dest: "{{ deploy_keepalived_config_dir }}/keepalived.conf"
+    owner: "{{ deploy_keepalived_user }}"
+    group: "{{ deploy_keepalived_group }}"
+    mode: "0600"
+  notify:
+    - "systemctl-enable-keepalived"
+    - "systemctl-restart-keepalived"
+
+- name: "Copy default notify script"
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "{{ deploy_keepalived_scripts_dir }}/{{ (item | basename) }}"
+    owner: "{{ deploy_keepalived_script_user if deploy_keepalived_deploy_method == 'host' else 'root' }}"
+    group: "{{ deploy_keepalived_script_user if deploy_keepalived_deploy_method == 'host' else 'root' }}"
+    mode: "0700"
+  with_fileglob:
+    - "files/*"
+
+- name: "Copy custom scripts"
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "{{ deploy_keepalived_scripts_dir }}/{{ (item | basename) }}"
+    owner: "{{ deploy_keepalived_script_user if deploy_keepalived_deploy_method == 'host' else 'root' }}"
+    group: "{{ deploy_keepalived_script_user if deploy_keepalived_deploy_method == 'host' else 'root' }}"
+    mode: "0700"
+  with_fileglob:
+    - "{{ deploy_keepalived_custom_scripts_src }}/*"
+  when: deploy_keepalived_custom_scripts_src
diff --git a/tasks/install_docker.yml b/tasks/install_docker.yml
new file mode 100644
index 0000000..deb7a24
--- /dev/null
+++ b/tasks/install_docker.yml
@@ -0,0 +1,23 @@
+---
+# task/install_docker file for deploy_keepalived
+- name: "Update container volume list"
+  ansible.builtin.set_fact:
+    deploy_keepalived_container_volume_map: "{{ deploy_keepalived_container_volume_map + deploy_keepalived_extra_container_volumes }}"
+
+- name: "Include ednz_cloud.docker_systemd_service"
+  ansible.builtin.include_role:
+    name: ednz_cloud.docker_systemd_service
+  vars:
+    docker_systemd_service_container_name: "keepalived"
+    docker_systemd_service_image: "{{ deploy_keepalived_docker_image }}:{{ deploy_keepalived_version }}"
+    docker_systemd_service_container_env: "{{ deploy_keepalived_env_variables }}"
+    docker_systemd_service_flags:
+      - network: host
+      - cap-add:
+          - NET_ADMIN
+          - NET_RAW
+          - NET_BROADCAST
+      - volume: "{{ deploy_keepalived_container_volume_map }}"
+    docker_systemd_service_name: "{{ docker_systemd_service_container_name }}_container"
+    docker_systemd_service_state: "{{ 'started' if deploy_keepalived_start_service else 'stopped'}}"
+    docker_systemd_service_restart: "{{ true if deploy_keepalived_start_service else false}}"
diff --git a/tasks/install_host.yml b/tasks/install_host.yml
index e444e3b..4c8498c 100644
--- a/tasks/install_host.yml
+++ b/tasks/install_host.yml
@@ -42,6 +42,9 @@
   when: _keepalived_old_release.stdout is defined
     and (_keepalived_old_release.stdout | length > 0)
 
+- name: "Get service keepalived"
+  ansible.builtin.service_facts:
+
 - name: "Install keepalived"
   when: deploy_keepalived_current_version is not defined
     or deploy_keepalived_wanted_version not in deploy_keepalived_current_version
@@ -61,12 +64,30 @@
         remote_src: true
       register: result_of_unarchive
 
+    - name: "Run build_setup command for keepalived:{{ deploy_keepalived_version }}"
+      ansible.builtin.command:
+        argv:
+          - "./build_setup"
+      args:
+        chdir: "{{ deploy_keepalived_tmp_path }}"
+      register: result_of_build_setup
+      changed_when: result_of_build_setup.rc != 0
+
     - name: "Run configure command for keepalived:{{ deploy_keepalived_version }}"
       ansible.builtin.command:
         argv:
           - "./configure"
+          - "--disable-dependency-tracking"
+          - "--enable-bfd"
+          - "--enable-json"
+          - "--enable-nftables"
+          - "--enable-snmp"
+          - "--enable-snmp-rfc"
+          - "--enable-regex"
       args:
         chdir: "{{ deploy_keepalived_tmp_path }}"
+      register: result_of_configure
+      changed_when: result_of_configure.rc != 0
 
     - name: "Run make command for keepalived:{{ deploy_keepalived_version }}"
       community.general.make:
@@ -90,3 +111,25 @@
         content: "{{ deploy_keepalived_wanted_version }}"
         dest: "{{ deploy_keepalived_config_dir }}/version"
         mode: "0600"
+
+    - name: "Ensure keepalived is running"
+      ansible.builtin.service:
+        name: "{{ deploy_keepalived_service_name }}"
+        state: started
+      register: _haproxy_service_health
+      until: _haproxy_service_health.status.ActiveState == "active"
+      retries: 15
+      delay: 2
+      when:
+        ansible_facts.services[deploy_keepalived_service_name~'.service'] is defined
+        and ansible_facts.services[deploy_keepalived_service_name~'.service']['state'] == 'running'
+
+- name: "Copy systemd service file for keepalived"
+  ansible.builtin.template:
+    src: "keepalived.service.j2"
+    dest: "/etc/systemd/system/keepalived.service"
+    owner: root
+    group: root
+    mode: "0644"
+  notify:
+    - "systemctl-daemon-reload"
diff --git a/tasks/main.yml b/tasks/main.yml
index eb6b305..9f31831 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -5,3 +5,11 @@
 
 - name: "Import install_host.yml"
   ansible.builtin.include_tasks: install_host.yml
+  when: deploy_keepalived_deploy_method == 'host'
+
+- name: "Import configure.yml"
+  ansible.builtin.include_tasks: configure.yml
+
+- name: "Import install_docker.yml"
+  ansible.builtin.include_tasks: install_docker.yml
+  when: deploy_keepalived_deploy_method == 'docker'
diff --git a/tasks/prerequisites.yml b/tasks/prerequisites.yml
index 6a6d2e8..91ae62d 100644
--- a/tasks/prerequisites.yml
+++ b/tasks/prerequisites.yml
@@ -1,11 +1,25 @@
 ---
 # task/prerequisites file for deploy_keepalived
-- name: "Install compilation dependencies"
-  ansible.builtin.include_role:
-    name: ednz_cloud.manage_apt_packages
-  vars:
-    manage_apt_packages_list: "{{ deploy_keepalived_required_packages }}"
+- name: "Prerequisites for host installation"
   when: deploy_keepalived_deploy_method == 'host'
+  block:
+    - name: "Install compilation dependencies"
+      ansible.builtin.include_role:
+        name: ednz_cloud.manage_apt_packages
+      vars:
+        manage_apt_packages_list: "{{ deploy_keepalived_required_packages }}"
+
+    - name: "Create group {{ deploy_keepalived_script_group }}"
+      ansible.builtin.group:
+        name: "{{ deploy_keepalived_script_group }}"
+        state: present
+
+    - name: "Create user {{ deploy_keepalived_script_user }}"
+      ansible.builtin.user:
+        name: "{{ deploy_keepalived_script_user }}"
+        group: "{{ deploy_keepalived_script_group }}"
+        shell: /bin/false
+        state: present
 
 - name: "Create directory {{ deploy_keepalived_config_dir }}"
   ansible.builtin.file:
diff --git a/templates/keepalived.conf.j2 b/templates/keepalived.conf.j2
new file mode 100644
index 0000000..0a1d3e4
--- /dev/null
+++ b/templates/keepalived.conf.j2
@@ -0,0 +1,38 @@
+# {{ ansible_managed }}
+global_defs {
+  script_user {{ deploy_keepalived_script_user }}
+  enable_script_security
+}
+
+vrrp_instance {{ deploy_keepalived_vrrp_instance_name }} {
+  interface {{ deploy_keepalived_interface }}
+
+  state {{ deploy_keepalived_state }}
+  virtual_router_id {{ deploy_keepalived_router_id }}
+  priority {{ deploy_keepalived_priority }}
+  advert_int {{ deploy_keepalived_advert_interval }}
+
+  nopreempt
+
+{% if deploy_keepalived_unicast_peers %}
+  unicast_src_ip {{ deploy_keepalived_unicast_source }}
+  unicast_peer {
+{% for peer in deploy_keepalived_unicast_peers %}
+    {{ peer }}
+{% endfor %}
+  }
+{% endif %}
+
+  authentication {
+    auth_type PASS
+    auth_pass {{ deploy_keepalived_auth_passwd }}
+  }
+
+  virtual_ipaddress {
+{% for vip in deploy_keepalived_virtual_ips %}
+    {{ vip }}
+{% endfor %}
+  }
+
+  notify {{ deploy_keepalived_scripts_dir }}/{{ deploy_keepalived_notify_script }}
+}
\ No newline at end of file
diff --git a/templates/keepalived.j2 b/templates/keepalived.j2
new file mode 100644
index 0000000..9cd4830
--- /dev/null
+++ b/templates/keepalived.j2
@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+{% for item in deploy_keepalived_env_variables %}
+{{ item }}="{{ deploy_keepalived_env_variables[item] }}"
+{% endfor %}
diff --git a/templates/keepalived.service.j2 b/templates/keepalived.service.j2
new file mode 100644
index 0000000..38d378a
--- /dev/null
+++ b/templates/keepalived.service.j2
@@ -0,0 +1,14 @@
+[Unit]
+Description=Keepalive Daemon (LVS and VRRP)
+After=network-online.target
+Wants=network-online.target
+ConditionFileNotEmpty={{ deploy_keepalived_config_dir }}/keepalived.conf
+
+[Service]
+# Type=notify
+EnvironmentFile=-/etc/default/{{ deploy_keepalived_service_name }}
+ExecStart={{ deploy_keepalived_path }} -f {{ deploy_keepalived_config_dir }}/keepalived.conf --dont-fork $DAEMON_ARGS
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/vars/main.yml b/vars/main.yml
index 57fce6c..c874549 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,13 +1,19 @@
 ---
 # vars file for deploy_keepalived
 deploy_keepalived_config_dir: /etc/keepalived
-deploy_keepalived_scripts_dir: /etc/keepalived/scripts
-deploy_keepalived_path: /usr/local/bin/keepalived
+deploy_keepalived_scripts_dir: /etc/keepalived/scripts.d
+deploy_keepalived_path: /usr/local/sbin/keepalived
 deploy_keepalived_github_api: https://api.github.com/repos/acassen/keepalived
 deploy_keepalived_github_url: https://github.com/acassen/keepalived
 deploy_keepalived_tmp_path: "/tmp/keepalived-{{ deploy_keepalived_version}}"
+deploy_keepalived_service_name: "keepalived{{ '_container' if deploy_keepalived_deploy_method == 'docker' }}"
 deploy_keepalived_user: root
 deploy_keepalived_group: root
+deploy_keepalived_script_user: keepalived_script
+deploy_keepalived_script_group: keepalived_script
+deploy_keepalived_docker_image: ednxzu/keepalived
+deploy_keepalived_container_volume_map:
+  - "{{ deploy_keepalived_config_dir }}:/etc/keepalived"
 deploy_keepalived_required_packages:
   - name: gcc
     version: latest
@@ -24,3 +30,30 @@ deploy_keepalived_required_packages:
   - name: libsnmp-dev
     version: latest
     state: present
+  - name: autoconf
+    version: latest
+    state: present
+  - name: automake
+    version: latest
+    state: present
+  - name: iptables
+    version: latest
+    state: present
+  - name: libip6tc-dev
+    version: latest
+    state: present
+  - name: libip4tc-dev
+    version: latest
+    state: present
+  - name: libmnl-dev
+    version: latest
+    state: present
+  - name: libnftnl-dev
+    version: latest
+    state: present
+  - name: libpcre2-dev
+    version: latest
+    state: present
+  - name: make
+    version: latest
+    state: present