From 3628121505658fd4c588960136d5645afc791c59 Mon Sep 17 00:00:00 2001 From: Viacheslav Date: Mon, 27 Dec 2021 07:58:30 +0000 Subject: keepalived: T4109: Add high-availability virtual-server Add new feature, high-availability virtual-server Change XML, python and templates Move vrrp to root node 'high-availability' as all logic are handler by root node 'high-availability' --- .../high-availability/keepalived.conf.tmpl | 157 +++++++++++++++++++++ 1 file changed, 157 insertions(+) create mode 100644 data/templates/high-availability/keepalived.conf.tmpl (limited to 'data') diff --git a/data/templates/high-availability/keepalived.conf.tmpl b/data/templates/high-availability/keepalived.conf.tmpl new file mode 100644 index 000000000..817c65ff0 --- /dev/null +++ b/data/templates/high-availability/keepalived.conf.tmpl @@ -0,0 +1,157 @@ +# Autogenerated by VyOS +# Do not edit this file, all your changes will be lost +# on next commit or reboot + +global_defs { + dynamic_interfaces + script_user root + notify_fifo /run/keepalived/keepalived_notify_fifo + notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py +} + +{% if vrrp is defined and vrrp.group is defined and vrrp.group is not none %} +{% for name, group_config in vrrp.group.items() if group_config.disable is not defined %} +{% if group_config.health_check is defined and group_config.health_check.script is defined and group_config.health_check.script is not none %} +vrrp_script healthcheck_{{ name }} { + script "{{ group_config.health_check.script }}" + interval {{ group_config.health_check.interval }} + fall {{ group_config.health_check.failure_count }} + rise 1 +} +{% endif %} +vrrp_instance {{ name }} { +{% if group_config.description is defined and group_config.description is not none %} + # {{ group_config.description }} +{% endif %} + state BACKUP + interface {{ group_config.interface }} + virtual_router_id {{ group_config.vrid }} + priority {{ group_config.priority }} + advert_int {{ group_config.advertise_interval }} +{% if group_config.no_preempt is not defined and group_config.preempt_delay is defined and group_config.preempt_delay is not none %} + preempt_delay {{ group_config.preempt_delay }} +{% elif group_config.no_preempt is defined %} + nopreempt +{% endif %} +{% if group_config.peer_address is defined and group_config.peer_address is not none %} + unicast_peer { {{ group_config.peer_address }} } +{% endif %} +{% if group_config.hello_source_address is defined and group_config.hello_source_address is not none %} +{% if group_config.peer_address is defined and group_config.peer_address is not none %} + unicast_src_ip {{ group_config.hello_source_address }} +{% else %} + mcast_src_ip {{ group_config.hello_source_address }} +{% endif %} +{% endif %} +{% if group_config.rfc3768_compatibility is defined and group_config.peer_address is defined %} + use_vmac {{ group_config.interface }}v{{ group_config.vrid }} + vmac_xmit_base +{% elif group_config.rfc3768_compatibility is defined %} + use_vmac {{ group_config.interface }}v{{ group_config.vrid }} +{% endif %} +{% if group_config.authentication is defined and group_config.authentication is not none %} + authentication { + auth_pass "{{ group_config.authentication.password }}" +{% if group_config.authentication.type == 'plaintext-password' %} + auth_type PASS +{% else %} + auth_type {{ group_config.authentication.type | upper }} +{% endif %} + } +{% endif %} +{% if group_config.address is defined and group_config.address is not none %} + virtual_ipaddress { +{% for addr in group_config.address %} + {{ addr }} +{% endfor %} + } +{% endif %} +{% if group_config.excluded_address is defined and group_config.excluded_address is not none %} + virtual_ipaddress_excluded { +{% for addr in group_config.excluded_address %} + {{ addr }} +{% endfor %} + } +{% endif %} +{% if group_config.health_check is defined and group_config.health_check.script is defined and group_config.health_check.script is not none %} + track_script { + healthcheck_{{ name }} + } +{% endif %} +} +{% endfor %} +{% endif %} + +{% if vrrp is defined and vrrp.sync_group is defined and vrrp.sync_group is not none %} +{% for name, sync_group_config in vrrp.sync_group.items() if sync_group_config.disable is not defined %} +vrrp_sync_group {{ name }} { + group { +{% if sync_group_config.member is defined and sync_group_config.member is not none %} +{% for member in sync_group_config.member %} + {{ member }} +{% endfor %} +{% endif %} + } + +{# Health-check scripts should be in section sync-group if member is part of the sync-group T4081 #} +{% for name, group_config in vrrp.group.items() if group_config.disable is not defined %} +{% if group_config.health_check is defined and group_config.health_check.script is defined and group_config.health_check.script is not none and name in sync_group_config.member %} + track_script { + healthcheck_{{ name }} + } +{% endif %} +{% endfor %} +{% if vrrp.conntrack_sync_group is defined and vrrp.conntrack_sync_group == name %} +{% set vyos_helper = "/usr/libexec/vyos/vyos-vrrp-conntracksync.sh" %} + notify_master "{{ vyos_helper }} master {{ name }}" + notify_backup "{{ vyos_helper }} backup {{ name }}" + notify_fault "{{ vyos_helper }} fault {{ name }}" +{% endif %} +} +{% endfor %} +{% endif %} + +# Virtual-server configuration +{% if virtual_server is defined and virtual_server is not none %} +{% for vserver, vserver_config in virtual_server.items() %} +virtual_server {{ vserver }} {{ vserver_config.port }} { + delay_loop {{ vserver_config.delay_loop }} +{% if vserver_config.algorithm == 'round-robin' %} + lb_algo rr +{% elif vserver_config.algorithm == 'weighted-round-robin' %} + lb_algo wrr +{% elif vserver_config.algorithm == 'least-connection' %} + lb_algo lc +{% elif vserver_config.algorithm == 'weighted-least-connection' %} + lb_algo wlc +{% elif vserver_config.algorithm == 'source-hashing' %} + lb_algo sh +{% elif vserver_config.algorithm == 'destination-hashing' %} + lb_algo dh +{% elif vserver_config.algorithm == 'locality-based-least-connection' %} + lb_algo lblc +{% endif %} +{% if vserver_config.forward_method == "nat" %} + lb_kind NAT +{% elif vserver_config.forward_method == "direct" %} + lb_kind DR +{% elif vserver_config.forward_method == "tunnel" %} + lb_kind TUN +{% endif %} + persistence_timeout {{ vserver_config.persistence_timeout }} + protocol {{ vserver_config.protocol | upper }} +{% if vserver_config.real_server is defined and vserver_config.real_server is not none %} +{% for rserver, rserver_config in vserver_config.real_server.items() %} + real_server {{ rserver }} {{ rserver_config.port }} { + weight 1 + {{ vserver_config.protocol | upper }}_CHECK { +{% if rserver_config.connection_timeout is defined and rserver_config.connection_timeout is not none %} + connect_timeout {{ rserver_config.connection_timeout }} +{% endif %} + } + } +{% endfor %} +{% endif %} +} +{% endfor %} +{% endif %} -- cgit v1.2.3