170 lines
6.6 KiB
YAML
170 lines
6.6 KiB
YAML
---
|
|
- name: Verify
|
|
hosts: all
|
|
gather_facts: true
|
|
become: true
|
|
tasks:
|
|
- name: "Test: directory /etc/keepalived"
|
|
block:
|
|
- name: "Stat directory /etc/keepalived"
|
|
ansible.builtin.stat:
|
|
path: "/etc/keepalived"
|
|
register: stat_etc_keepalived
|
|
|
|
- name: "Stat file /etc/default/keepalived"
|
|
ansible.builtin.stat:
|
|
path: "/etc/default/keepalived"
|
|
register: stat_etc_default_keepalived
|
|
|
|
- name: "Stat file /etc/keepalived/keepalived.conf"
|
|
ansible.builtin.stat:
|
|
path: "/etc/keepalived/keepalived.conf"
|
|
register: stat_etc_keepalived_keepalived_conf
|
|
|
|
- name: "Slurp file /etc/keepalived/keepalived.conf"
|
|
ansible.builtin.slurp:
|
|
src: "/etc/keepalived/keepalived.conf"
|
|
register: slurp_etc_keepalived_keepalived_conf
|
|
|
|
- name: "Verify directory /etc/keepalived"
|
|
vars:
|
|
keepalived_expected_cfg_file: |
|
|
# Ansible managed: Do NOT edit this file manually!
|
|
global_defs {
|
|
script_user keepalived_script
|
|
enable_script_security
|
|
}
|
|
|
|
vrrp_instance instance {
|
|
interface eth0
|
|
|
|
state BACKUP
|
|
virtual_router_id 50
|
|
priority 100
|
|
advert_int 1
|
|
|
|
nopreempt
|
|
|
|
unicast_src_ip {{ ansible_default_ipv4.address }}
|
|
unicast_peer {
|
|
192.168.1.13
|
|
192.168.1.14
|
|
192.168.1.15
|
|
}
|
|
|
|
authentication {
|
|
auth_type PASS
|
|
auth_pass password
|
|
}
|
|
|
|
virtual_ipaddress {
|
|
192.168.1.100/32
|
|
}
|
|
|
|
notify /etc/keepalived/scripts.d/notify.sh
|
|
}
|
|
ansible.builtin.assert:
|
|
that:
|
|
- stat_etc_keepalived.stat.exists
|
|
- stat_etc_keepalived.stat.isdir
|
|
- stat_etc_keepalived.stat.pw_name == 'root'
|
|
- stat_etc_keepalived.stat.gr_name == 'root'
|
|
- stat_etc_keepalived.stat.mode == '0755'
|
|
- stat_etc_default_keepalived.stat.exists
|
|
- stat_etc_default_keepalived.stat.isreg
|
|
- stat_etc_default_keepalived.stat.pw_name == 'root'
|
|
- stat_etc_default_keepalived.stat.gr_name == 'root'
|
|
- stat_etc_default_keepalived.stat.mode == '0600'
|
|
- stat_etc_keepalived_keepalived_conf.stat.exists
|
|
- stat_etc_keepalived_keepalived_conf.stat.isreg
|
|
- stat_etc_keepalived_keepalived_conf.stat.pw_name == 'root'
|
|
- stat_etc_keepalived_keepalived_conf.stat.gr_name == 'root'
|
|
- stat_etc_keepalived_keepalived_conf.stat.mode == '0600'
|
|
- (slurp_etc_keepalived_keepalived_conf.content|b64decode) == keepalived_expected_cfg_file
|
|
|
|
- name: "Test: service keepalived"
|
|
block:
|
|
- name: "Get service keepalived"
|
|
ansible.builtin.service_facts:
|
|
|
|
- name: "Stat file /etc/systemd/system/keepalived_container.service"
|
|
ansible.builtin.stat:
|
|
path: "/etc/systemd/system/keepalived_container.service"
|
|
register: stat_etc_systemd_system_keepalived_container_service
|
|
|
|
- name: "Slurp file /etc/systemd/system/keepalived_container.service"
|
|
ansible.builtin.slurp:
|
|
src: "/etc/systemd/system/keepalived_container.service"
|
|
register: slurp_etc_systemd_system_keepalived_container_service
|
|
|
|
- name: "Verify service keepalived"
|
|
vars:
|
|
keepalived_expected_service_file: |
|
|
# Ansible managed: Do NOT edit this file manually!
|
|
[Unit]
|
|
After=docker.service
|
|
PartOf=docker.service
|
|
Requires=docker.service
|
|
|
|
[Service]
|
|
EnvironmentFile=/etc/default/keepalived
|
|
ExecStartPre=-/usr/bin/docker rm -f keepalived
|
|
ExecStart=/usr/bin/docker run --name keepalived \
|
|
--rm \
|
|
--env-file /etc/default/keepalived \
|
|
--network "host" \
|
|
--cap-add "NET_ADMIN" \
|
|
--cap-add "NET_RAW" \
|
|
--cap-add "NET_BROADCAST" \
|
|
--volume "/etc/keepalived:/etc/keepalived" \
|
|
ednxzu/keepalived:2.2.7
|
|
ExecStop=/usr/bin/docker stop keepalived
|
|
SyslogIdentifier=keepalived
|
|
Restart=always
|
|
RestartSec=10s
|
|
|
|
[Install]
|
|
WantedBy=docker.service
|
|
ansible.builtin.assert:
|
|
that:
|
|
- stat_etc_systemd_system_keepalived_container_service.stat.exists
|
|
- stat_etc_systemd_system_keepalived_container_service.stat.isreg
|
|
- stat_etc_systemd_system_keepalived_container_service.stat.pw_name == 'root'
|
|
- stat_etc_systemd_system_keepalived_container_service.stat.gr_name == 'root'
|
|
- stat_etc_systemd_system_keepalived_container_service.stat.mode == '0644'
|
|
- (slurp_etc_systemd_system_keepalived_container_service.content|b64decode) == keepalived_expected_service_file
|
|
- ansible_facts.services['keepalived_container.service'] is defined
|
|
- ansible_facts.services['keepalived_container.service']['source'] == 'systemd'
|
|
- ansible_facts.services['keepalived_container.service']['state'] == 'running'
|
|
- ansible_facts.services['keepalived_container.service']['status'] == 'enabled'
|
|
|
|
- name: "Test: container keepalived"
|
|
block:
|
|
- name: "Command keepalived --version"
|
|
community.docker.docker_container_exec:
|
|
container: keepalived
|
|
command: keepalived --version
|
|
changed_when: false
|
|
register: keepalived_version
|
|
|
|
- name: "Verify container keepalived"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- keepalived_version.stderr | regex_search('^Keepalived v2\\.2\\.7')
|
|
|
|
- name: "Test: interfaces"
|
|
block:
|
|
- name: "Debug"
|
|
ansible.builtin.debug:
|
|
msg: "{{ ansible_eth0 }}"
|
|
|
|
- name: "Verify VIP interface"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- ansible_eth0.active
|
|
- ansible_eth0.ipv4_secondaries[0].address == '192.168.1.100'
|
|
- ansible_eth0.ipv4_secondaries[0].netmask == '255.255.255.255'
|
|
- ansible_eth0.ipv4_secondaries[0].broadcast == ''
|
|
- ansible_eth0.ipv4_secondaries[0].network == '192.168.1.100'
|
|
- ansible_eth0.ipv4_secondaries[0].prefix == '32'
|