diff options
-rw-r--r-- | data/templates/vrrp/keepalived.conf.tmpl | 112 | ||||
-rw-r--r-- | interface-definitions/high-availability.xml.in | 395 |
2 files changed, 395 insertions, 112 deletions
diff --git a/data/templates/vrrp/keepalived.conf.tmpl b/data/templates/vrrp/keepalived.conf.tmpl deleted file mode 100644 index 6585fc60b..000000000 --- a/data/templates/vrrp/keepalived.conf.tmpl +++ /dev/null @@ -1,112 +0,0 @@ -# Autogenerated by VyOS -# Do not edit this file, all your changes will be lost -# on next commit or reboot - -global_defs { - dynamic_interfaces - script_user root - notify_fifo /run/keepalived/keepalived_notify_fifo - notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py -} - -{% if group is defined and group is not none %} -{% for name, group_config in group.items() if group_config.disable is not defined %} -{% if group_config.health_check is defined and group_config.health_check.script is defined and group_config.health_check.script is not none %} -vrrp_script healthcheck_{{ name }} { - script "{{ group_config.health_check.script }}" - interval {{ group_config.health_check.interval }} - fall {{ group_config.health_check.failure_count }} - rise 1 -} -{% endif %} -vrrp_instance {{ name }} { -{% if group_config.description is defined and group_config.description is not none %} - # {{ group_config.description }} -{% endif %} - state BACKUP - interface {{ group_config.interface }} - virtual_router_id {{ group_config.vrid }} - priority {{ group_config.priority }} - advert_int {{ group_config.advertise_interval }} -{% if group_config.no_preempt is not defined and group_config.preempt_delay is defined and group_config.preempt_delay is not none %} - preempt_delay {{ group_config.preempt_delay }} -{% elif group_config.no_preempt is defined %} - nopreempt -{% endif %} -{% if group_config.peer_address is defined and group_config.peer_address is not none %} - unicast_peer { {{ group_config.peer_address }} } -{% endif %} -{% if group_config.hello_source_address is defined and group_config.hello_source_address is not none %} -{% if group_config.peer_address is defined and group_config.peer_address is not none %} - unicast_src_ip {{ group_config.hello_source_address }} -{% else %} - mcast_src_ip {{ group_config.hello_source_address }} -{% endif %} -{% endif %} -{% if group_config.rfc3768_compatibility is defined and group_config.peer_address is defined %} - use_vmac {{ group_config.interface }}v{{ group_config.vrid }} - vmac_xmit_base -{% elif group_config.rfc3768_compatibility is defined %} - use_vmac {{ group_config.interface }}v{{ group_config.vrid }} -{% endif %} -{% if group_config.authentication is defined and group_config.authentication is not none %} - authentication { - auth_pass "{{ group_config.authentication.password }}" -{% if group_config.authentication.type == 'plaintext-password' %} - auth_type PASS -{% else %} - auth_type {{ group_config.authentication.type | upper }} -{% endif %} - } -{% endif %} -{% if group_config.address is defined and group_config.address is not none %} - virtual_ipaddress { -{% for addr in group_config.address %} - {{ addr }} -{% endfor %} - } -{% endif %} -{% if group_config.excluded_address is defined and group_config.excluded_address is not none %} - virtual_ipaddress_excluded { -{% for addr in group_config.excluded_address %} - {{ addr }} -{% endfor %} - } -{% endif %} -{% if group_config.health_check is defined and group_config.health_check.script is defined and group_config.health_check.script is not none %} - track_script { - healthcheck_{{ name }} - } -{% endif %} -} -{% endfor %} -{% endif %} - -{% if sync_group is defined and sync_group is not none %} -{% for name, sync_group_config in sync_group.items() if sync_group_config.disable is not defined %} -vrrp_sync_group {{ name }} { - group { -{% if sync_group_config.member is defined and sync_group_config.member is not none %} -{% for member in sync_group_config.member %} - {{ member }} -{% endfor %} -{% endif %} - } - -{# Health-check scripts should be in section sync-group if member is part of the sync-group T4081 #} -{% for name, group_config in group.items() if group_config.disable is not defined %} -{% if group_config.health_check is defined and group_config.health_check.script is defined and group_config.health_check.script is not none and name in sync_group_config.member %} - track_script { - healthcheck_{{ name }} - } -{% endif %} -{% endfor %} -{% if conntrack_sync_group is defined and conntrack_sync_group == name %} -{% set vyos_helper = "/usr/libexec/vyos/vyos-vrrp-conntracksync.sh" %} - notify_master "{{ vyos_helper }} master {{ name }}" - notify_backup "{{ vyos_helper }} backup {{ name }}" - notify_fault "{{ vyos_helper }} fault {{ name }}" -{% endif %} -} -{% endfor %} -{% endif %} diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in new file mode 100644 index 000000000..42cdceed1 --- /dev/null +++ b/interface-definitions/high-availability.xml.in @@ -0,0 +1,395 @@ +<?xml version="1.0"?> +<interfaceDefinition> + <node name="high-availability" owner="${vyos_conf_scripts_dir}/high-availability.py"> + <properties> + <priority>800</priority> <!-- after all interfaces and conntrack-sync --> + <help>High availability settings</help> + </properties> + <children> + <node name="vrrp"> + <properties> + <help>Virtual Router Redundancy Protocol settings</help> + </properties> + <children> + <tagNode name="group"> + <properties> + <help>VRRP group</help> + </properties> + <children> + #include <include/generic-interface-broadcast.xml.i> + <leafNode name="advertise-interval"> + <properties> + <help>Advertise interval</help> + <valueHelp> + <format>u32:1-255</format> + <description>Advertise interval in seconds (default: 1)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <defaultValue>1</defaultValue> + </leafNode> + <node name="authentication"> + <properties> + <help>VRRP authentication</help> + </properties> + <children> + <leafNode name="password"> + <properties> + <help>VRRP password</help> + <valueHelp> + <format>txt</format> + <description>Password string (up to 8 characters)</description> + </valueHelp> + <constraint> + <regex>.{1,8}</regex> + </constraint> + <constraintErrorMessage>Password must not be longer than 8 characters</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="type"> + <properties> + <help>Authentication type</help> + <completionHelp> + <list>plaintext-password ah</list> + </completionHelp> + <valueHelp> + <format>plaintext-password</format> + <description>Simple password string</description> + </valueHelp> + <valueHelp> + <format>ah</format> + <description>AH - IPSEC (not recommended)</description> + </valueHelp> + <constraint> + <regex>^(plaintext-password|ah)$</regex> + </constraint> + <constraintErrorMessage>Authentication type must be plaintext-password or ah</constraintErrorMessage> + </properties> + </leafNode> + </children> + </node> + #include <include/generic-description.xml.i> + #include <include/generic-disable-node.xml.i> + <node name="health-check"> + <properties> + <help>Health check script</help> + </properties> + <children> + <leafNode name="failure-count"> + <properties> + <help>Health check failure count required for transition to fault (default: 3)</help> + <constraint> + <validator name="numeric" argument="--positive" /> + </constraint> + </properties> + <defaultValue>3</defaultValue> + </leafNode> + <leafNode name="interval"> + <properties> + <help>Health check execution interval in seconds (default: 60)</help> + <constraint> + <validator name="numeric" argument="--positive"/> + </constraint> + </properties> + <defaultValue>60</defaultValue> + </leafNode> + <leafNode name="script"> + <properties> + <help>Health check script file</help> + <constraint> + <validator name="script"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + <leafNode name="hello-source-address"> + <properties> + <help>VRRP hello source address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 hello source address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 hello source address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="peer-address"> + <properties> + <help>Unicast VRRP peer address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 unicast peer address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 unicast peer address</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="no-preempt"> + <properties> + <valueless/> + <help>Disable master preemption</help> + </properties> + </leafNode> + <leafNode name="preempt-delay"> + <properties> + <help>Preempt delay (in seconds)</help> + <valueHelp> + <format>u32:0-1000</format> + <description>preempt delay</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-1000"/> + </constraint> + </properties> + <defaultValue>0</defaultValue> + </leafNode> + <leafNode name="priority"> + <properties> + <help>Router priority (default: 100)</help> + <valueHelp> + <format>u32:1-255</format> + <description>Router priority</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + <defaultValue>100</defaultValue> + </leafNode> + <leafNode name="rfc3768-compatibility"> + <properties> + <help>Use VRRP virtual MAC address as per RFC3768</help> + <valueless/> + </properties> + </leafNode> + #include <include/vrrp-transition-script.xml.i> + <leafNode name="address"> + <properties> + <help>Virtual IP address</help> + <valueHelp> + <format>ipv4</format> + <description>IPv4 virtual address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 virtual address</description> + </valueHelp> + <constraint> + <validator name="ipv4-host"/> + <validator name="ipv6-host"/> + </constraint> + <multi/> + </properties> + </leafNode> + <leafNode name="excluded-address"> + <properties> + <help>Virtual address (If you need additional IPv4 and IPv6 in same group)</help> + <valueHelp> + <format>ipv4</format> + <description>IP address</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-host"/> + <validator name="ipv6-host"/> + </constraint> + <constraintErrorMessage>Virtual address must be a valid IPv4 or IPv6 address with prefix length (e.g. 192.0.2.3/24 or 2001:db8:ff::10/64)</constraintErrorMessage> + </properties> + </leafNode> + <leafNode name="vrid"> + <properties> + <help>Virtual router identifier</help> + <valueHelp> + <format>u32:1-255</format> + <description>Virtual router identifier</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-255"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + <tagNode name="sync-group"> + <properties> + <help>VRRP sync group</help> + </properties> + <children> + <leafNode name="member"> + <properties> + <multi/> + <help>Sync group member</help> + <valueHelp> + <format>txt</format> + <description>VRRP group name</description> + </valueHelp> + <completionHelp> + <path>high-availability vrrp group</path> + </completionHelp> + </properties> + </leafNode> + #include <include/vrrp-transition-script.xml.i> + </children> + </tagNode> + </children> + </node> + <tagNode name="virtual-server"> + <properties> + <help>Load-balancing virtual server address</help> + </properties> + <children> + <leafNode name="algorithm"> + <properties> + <help>Schedule algorithm (default - least-connection)</help> + <completionHelp> + <list>round-robin weighted-round-robin least-connection weighted-least-connection source-hashing destination-hashing locality-based-least-connection</list> + </completionHelp> + <valueHelp> + <format>round-robin</format> + <description>Round robin</description> + </valueHelp> + <valueHelp> + <format>weighted-round-robin</format> + <description>Weighted round robin</description> + </valueHelp> + <valueHelp> + <format>least-connection</format> + <description>Least connection</description> + </valueHelp> + <valueHelp> + <format>weighted-least-connection</format> + <description>Weighted least connection</description> + </valueHelp> + <valueHelp> + <format>source-hashing</format> + <description>Source hashing</description> + </valueHelp> + <valueHelp> + <format>destination-hashing</format> + <description>Destination hashing</description> + </valueHelp> + <valueHelp> + <format>locality-based-least-connection</format> + <description>Locality-Based least connection</description> + </valueHelp> + <constraint> + <regex>^(round-robin|weighted-round-robin|least-connection|weighted-least-connection|source-hashing|destination-hashing|locality-based-least-connection)$</regex> + </constraint> + </properties> + <defaultValue>least-connection</defaultValue> + </leafNode> + <leafNode name="delay-loop"> + <properties> + <help>Interval between health-checks (in seconds)</help> + <valueHelp> + <format>u32:1-600</format> + <description>Interval in seconds (default: 10)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-3600"/> + </constraint> + </properties> + <defaultValue>10</defaultValue> + </leafNode> + <leafNode name="forward-method"> + <properties> + <help>Forwarding method (default - NAT)</help> + <completionHelp> + <list>direct nat tunnel</list> + </completionHelp> + <valueHelp> + <format>direct</format> + <description>Direct routing</description> + </valueHelp> + <valueHelp> + <format>nat</format> + <description>NAT</description> + </valueHelp> + <valueHelp> + <format>tunnel</format> + <description>Tunneling</description> + </valueHelp> + <constraint> + <regex>^(direct|nat|tunnel)$</regex> + </constraint> + </properties> + <defaultValue>nat</defaultValue> + </leafNode> + #include <include/port-number.xml.i> + <leafNode name="persistence-timeout"> + <properties> + <help>Timeout for persistent connections</help> + <valueHelp> + <format>u32:1-86400</format> + <description>Timeout for persistent connections (default 300)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-86400"/> + </constraint> + </properties> + <defaultValue>300</defaultValue> + </leafNode> + <leafNode name="protocol"> + <properties> + <help>Protocol for port checks (default TCP)</help> + <completionHelp> + <list>tcp udp</list> + </completionHelp> + <valueHelp> + <format>tcp</format> + <description>Protocol TCP</description> + </valueHelp> + <valueHelp> + <format>udp</format> + <description>Protocol UDP</description> + </valueHelp> + <constraint> + <regex>^(tcp|udp)$</regex> + </constraint> + </properties> + <defaultValue>tcp</defaultValue> + </leafNode> + <tagNode name="real-server"> + <properties> + <help>Real server address</help> + </properties> + <children> + #include <include/port-number.xml.i> + <leafNode name="connection-timeout"> + <properties> + <help>Connection timeout to remote server</help> + <valueHelp> + <format>u32:1-86400</format> + <description>Connection timeout to remote server</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-86400"/> + </constraint> + </properties> + </leafNode> + </children> + </tagNode> + </children> + </tagNode> + </children> + </node> +</interfaceDefinition> |