# Autogenerated by VyOS # Do not edit this file, all your changes will be lost # on next commit or reboot global_defs { dynamic_interfaces script_user root # Don't run scripts configured to be run as root if any part of the path # is writable by a non-root user. enable_script_security notify_fifo /run/keepalived/keepalived_notify_fifo notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py } {% if group is defined and group is not none %} {% for name, group_config in group.items() if group_config.disable is not defined %} {% if group_config.health_check is defined and group_config.health_check.script is defined and group_config.health_check.script is not none %} vrrp_script healthcheck_{{ name }} { script "{{ group_config.health_check.script }}" interval {{ group_config.health_check.interval }} fall {{ group_config.health_check.failure_count }} rise 1 } {% endif %} vrrp_instance {{ name }} { {% if group_config.description is defined and group_config.description is not none %} # {{ group_config.description }} {% endif %} state BACKUP interface {{ group_config.interface }} virtual_router_id {{ group_config.vrid }} priority {{ group_config.priority }} advert_int {{ group_config.advertise_interval }} {% if group_config.no_preempt is not defined and group_config.preempt_delay is defined and group_config.preempt_delay is not none %} preempt_delay {{ group_config.preempt_delay }} {% elif group_config.no_preempt is defined %} nopreempt {% endif %} {% if group_config.peer_address is defined and group_config.peer_address is not none %} unicast_peer { {{ group_config.peer_address }} } {% endif %} {% if group_config.hello_source_address is defined and group_config.hello_source_address is not none %} {% if group_config.peer_address is defined and group_config.peer_address is not none %} unicast_src_ip {{ group_config.hello_source_address }} {% else %} mcast_src_ip {{ group_config.hello_source_address }} {% endif %} {% endif %} {% if group_config.rfc3768_compatibility is defined and group_config.peer_address is defined %} use_vmac {{ group_config.interface }}v{{ group_config.vrid }} vmac_xmit_base {% elif group_config.rfc3768_compatibility is defined %} use_vmac {{ group_config.interface }}v{{ group_config.vrid }} {% endif %} {% if group_config.authentication is defined and group_config.authentication is not none %} authentication { auth_pass "{{ group_config.authentication.password }}" {% if group_config.authentication.type == 'plaintext-password' %} auth_type PASS {% else %} auth_type {{ group_config.authentication.type | upper }} {% endif %} } {% endif %} {% if group_config.virtual_address is defined and group_config.virtual_address is not none %} virtual_ipaddress { {% for addr in group_config.virtual_address %} {{ addr }} {% endfor %} } {% endif %} {% if group_config.virtual_address_excluded is defined and group_config.virtual_address_excluded is not none %} virtual_ipaddress_excluded { {% for addr in group_config.virtual_address_excluded %} {{ addr }} {% endfor %} } {% endif %} {% if group_config.health_check is defined and group_config.health_check.script is defined and group_config.health_check.script is not none %} track_script { healthcheck_{{ name }} } {% endif %} } {% endfor %} {% endif %} {% if sync_group is defined and sync_group is not none %} {% for name, group_config in sync_group.items() if group_config.disable is not defined %} vrrp_sync_group {{ name }} { group { {% if group_config.member is defined and group_config.member is not none %} {% for member in group_config.member %} {{ member }} {% endfor %} {% endif %} } {% if conntrack_sync_group is defined and conntrack_sync_group == name %} {% set vyos_helper = "/usr/libexec/vyos/vyos-vrrp-conntracksync.sh" %} notify_master "{{ vyos_helper }} master {{ name }}" notify_backup "{{ vyos_helper }} backup {{ name }}" notify_fault "{{ vyos_helper }} fault {{ name }}" {% endif %} } {% endfor %} {% endif %}