From f0d4f6060034361bead141fc03d408e1ebb27f12 Mon Sep 17 00:00:00 2001 From: Viacheslav Date: Mon, 27 Dec 2021 07:45:37 +0000 Subject: keepalived: T4109: Add XML for high-availability virtual-server Add XML for required 'virtual-server' configuration commands --- data/templates/vrrp/keepalived.conf.tmpl | 112 ------- interface-definitions/high-availability.xml.in | 395 +++++++++++++++++++++++++ 2 files changed, 395 insertions(+), 112 deletions(-) delete mode 100644 data/templates/vrrp/keepalived.conf.tmpl create mode 100644 interface-definitions/high-availability.xml.in diff --git a/data/templates/vrrp/keepalived.conf.tmpl b/data/templates/vrrp/keepalived.conf.tmpl deleted file mode 100644 index 6585fc60b..000000000 --- a/data/templates/vrrp/keepalived.conf.tmpl +++ /dev/null @@ -1,112 +0,0 @@ -# Autogenerated by VyOS -# Do not edit this file, all your changes will be lost -# on next commit or reboot - -global_defs { - dynamic_interfaces - script_user root - notify_fifo /run/keepalived/keepalived_notify_fifo - notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py -} - -{% if group is defined and group is not none %} -{% for name, group_config in group.items() if group_config.disable is not defined %} -{% if group_config.health_check is defined and group_config.health_check.script is defined and group_config.health_check.script is not none %} -vrrp_script healthcheck_{{ name }} { - script "{{ group_config.health_check.script }}" - interval {{ group_config.health_check.interval }} - fall {{ group_config.health_check.failure_count }} - rise 1 -} -{% endif %} -vrrp_instance {{ name }} { -{% if group_config.description is defined and group_config.description is not none %} - # {{ group_config.description }} -{% endif %} - state BACKUP - interface {{ group_config.interface }} - virtual_router_id {{ group_config.vrid }} - priority {{ group_config.priority }} - advert_int {{ group_config.advertise_interval }} -{% if group_config.no_preempt is not defined and group_config.preempt_delay is defined and group_config.preempt_delay is not none %} - preempt_delay {{ group_config.preempt_delay }} -{% elif group_config.no_preempt is defined %} - nopreempt -{% endif %} -{% if group_config.peer_address is defined and group_config.peer_address is not none %} - unicast_peer { {{ group_config.peer_address }} } -{% endif %} -{% if group_config.hello_source_address is defined and group_config.hello_source_address is not none %} -{% if group_config.peer_address is defined and group_config.peer_address is not none %} - unicast_src_ip {{ group_config.hello_source_address }} -{% else %} - mcast_src_ip {{ group_config.hello_source_address }} -{% endif %} -{% endif %} -{% if group_config.rfc3768_compatibility is defined and group_config.peer_address is defined %} - use_vmac {{ group_config.interface }}v{{ group_config.vrid }} - vmac_xmit_base -{% elif group_config.rfc3768_compatibility is defined %} - use_vmac {{ group_config.interface }}v{{ group_config.vrid }} -{% endif %} -{% if group_config.authentication is defined and group_config.authentication is not none %} - authentication { - auth_pass "{{ group_config.authentication.password }}" -{% if group_config.authentication.type == 'plaintext-password' %} - auth_type PASS -{% else %} - auth_type {{ group_config.authentication.type | upper }} -{% endif %} - } -{% endif %} -{% if group_config.address is defined and group_config.address is not none %} - virtual_ipaddress { -{% for addr in group_config.address %} - {{ addr }} -{% endfor %} - } -{% endif %} -{% if group_config.excluded_address is defined and group_config.excluded_address is not none %} - virtual_ipaddress_excluded { -{% for addr in group_config.excluded_address %} - {{ addr }} -{% endfor %} - } -{% endif %} -{% if group_config.health_check is defined and group_config.health_check.script is defined and group_config.health_check.script is not none %} - track_script { - healthcheck_{{ name }} - } -{% endif %} -} -{% endfor %} -{% endif %} - -{% if sync_group is defined and sync_group is not none %} -{% for name, sync_group_config in sync_group.items() if sync_group_config.disable is not defined %} -vrrp_sync_group {{ name }} { - group { -{% if sync_group_config.member is defined and sync_group_config.member is not none %} -{% for member in sync_group_config.member %} - {{ member }} -{% endfor %} -{% endif %} - } - -{# Health-check scripts should be in section sync-group if member is part of the sync-group T4081 #} -{% for name, group_config in group.items() if group_config.disable is not defined %} -{% if group_config.health_check is defined and group_config.health_check.script is defined and group_config.health_check.script is not none and name in sync_group_config.member %} - track_script { - healthcheck_{{ name }} - } -{% endif %} -{% endfor %} -{% if conntrack_sync_group is defined and conntrack_sync_group == name %} -{% set vyos_helper = "/usr/libexec/vyos/vyos-vrrp-conntracksync.sh" %} - notify_master "{{ vyos_helper }} master {{ name }}" - notify_backup "{{ vyos_helper }} backup {{ name }}" - notify_fault "{{ vyos_helper }} fault {{ name }}" -{% endif %} -} -{% endfor %} -{% endif %} diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in new file mode 100644 index 000000000..42cdceed1 --- /dev/null +++ b/interface-definitions/high-availability.xml.in @@ -0,0 +1,395 @@ + + + + + 800 + High availability settings + + + + + Virtual Router Redundancy Protocol settings + + + + + VRRP group + + + #include + + + Advertise interval + + u32:1-255 + Advertise interval in seconds (default: 1) + + + + + + 1 + + + + VRRP authentication + + + + + VRRP password + + txt + Password string (up to 8 characters) + + + .{1,8} + + Password must not be longer than 8 characters + + + + + Authentication type + + plaintext-password ah + + + plaintext-password + Simple password string + + + ah + AH - IPSEC (not recommended) + + + ^(plaintext-password|ah)$ + + Authentication type must be plaintext-password or ah + + + + + #include + #include + + + Health check script + + + + + Health check failure count required for transition to fault (default: 3) + + + + + 3 + + + + Health check execution interval in seconds (default: 60) + + + + + 60 + + + + Health check script file + + + + + + + + + + VRRP hello source address + + ipv4 + IPv4 hello source address + + + ipv6 + IPv6 hello source address + + + + + + + + + + Unicast VRRP peer address + + ipv4 + IPv4 unicast peer address + + + ipv6 + IPv6 unicast peer address + + + + + + + + + + + Disable master preemption + + + + + Preempt delay (in seconds) + + u32:0-1000 + preempt delay + + + + + + 0 + + + + Router priority (default: 100) + + u32:1-255 + Router priority + + + + + + 100 + + + + Use VRRP virtual MAC address as per RFC3768 + + + + #include + + + Virtual IP address + + ipv4 + IPv4 virtual address + + + ipv6 + IPv6 virtual address + + + + + + + + + + + Virtual address (If you need additional IPv4 and IPv6 in same group) + + ipv4 + IP address + + + ipv6 + IPv6 address + + + + + + + Virtual address must be a valid IPv4 or IPv6 address with prefix length (e.g. 192.0.2.3/24 or 2001:db8:ff::10/64) + + + + + Virtual router identifier + + u32:1-255 + Virtual router identifier + + + + + + + + + + + VRRP sync group + + + + + + Sync group member + + txt + VRRP group name + + + high-availability vrrp group + + + + #include + + + + + + + Load-balancing virtual server address + + + + + Schedule algorithm (default - least-connection) + + round-robin weighted-round-robin least-connection weighted-least-connection source-hashing destination-hashing locality-based-least-connection + + + round-robin + Round robin + + + weighted-round-robin + Weighted round robin + + + least-connection + Least connection + + + weighted-least-connection + Weighted least connection + + + source-hashing + Source hashing + + + destination-hashing + Destination hashing + + + locality-based-least-connection + Locality-Based least connection + + + ^(round-robin|weighted-round-robin|least-connection|weighted-least-connection|source-hashing|destination-hashing|locality-based-least-connection)$ + + + least-connection + + + + Interval between health-checks (in seconds) + + u32:1-600 + Interval in seconds (default: 10) + + + + + + 10 + + + + Forwarding method (default - NAT) + + direct nat tunnel + + + direct + Direct routing + + + nat + NAT + + + tunnel + Tunneling + + + ^(direct|nat|tunnel)$ + + + nat + + #include + + + Timeout for persistent connections + + u32:1-86400 + Timeout for persistent connections (default 300) + + + + + + 300 + + + + Protocol for port checks (default TCP) + + tcp udp + + + tcp + Protocol TCP + + + udp + Protocol UDP + + + ^(tcp|udp)$ + + + tcp + + + + Real server address + + + #include + + + Connection timeout to remote server + + u32:1-86400 + Connection timeout to remote server + + + + + + + + + + + + + -- cgit v1.2.3