# Autogenerated by VyOS # Do not edit this file, all your changes will be lost # on next commit or reboot # Global definitions configuration block global_defs { dynamic_interfaces script_user root {% if vrrp.global_parameters.startup_delay is vyos_defined %} vrrp_startup_delay {{ vrrp.global_parameters.startup_delay }} {% endif %} {% if vrrp.global_parameters.garp is vyos_defined %} {% if vrrp.global_parameters.garp.interval is vyos_defined %} vrrp_garp_interval {{ vrrp.global_parameters.garp.interval }} {% endif %} {% if vrrp.global_parameters.garp.master_delay is vyos_defined %} vrrp_garp_master_delay {{ vrrp.global_parameters.garp.master_delay }} {% endif %} {% if vrrp.global_parameters.garp.master_refresh is vyos_defined %} vrrp_garp_master_refresh {{ vrrp.global_parameters.garp.master_refresh }} {% endif %} {% if vrrp.global_parameters.garp.master_refresh_repeat is vyos_defined %} vrrp_garp_master_refresh_repeat {{ vrrp.global_parameters.garp.master_refresh_repeat }} {% endif %} {% if vrrp.global_parameters.garp.master_repeat is vyos_defined %} vrrp_garp_master_repeat {{ vrrp.global_parameters.garp.master_repeat }} {% endif %} {% endif %} {% if vrrp.global_parameters.version is vyos_defined %} vrrp_version {{ vrrp.global_parameters.version }} {% endif %} notify_fifo /run/keepalived/keepalived_notify_fifo notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py } {# Sync group has own health-check scripts T6020 #} {% if vrrp.sync_group is vyos_defined %} {% for name, sync_group_config in vrrp.sync_group.items() if sync_group_config.disable is not vyos_defined %} {% if sync_group_config.health_check is vyos_defined %} vrrp_script healthcheck_sg_{{ name }} { {% if sync_group_config.health_check.script is vyos_defined %} script "{{ sync_group_config.health_check.script }}" {% elif sync_group_config.health_check.ping is vyos_defined %} script "/usr/bin/ping -c1 {{ sync_group_config.health_check.ping }}" {% endif %} interval {{ sync_group_config.health_check.interval }} fall {{ sync_group_config.health_check.failure_count }} rise 1 } {% endif %} {% endfor %} {% endif %} {% if vrrp.group is vyos_defined %} {% for name, group_config in vrrp.group.items() if group_config.disable is not vyos_defined %} {% if group_config.health_check is vyos_defined %} vrrp_script healthcheck_{{ name }} { {% if group_config.health_check.script is vyos_defined %} script "{{ group_config.health_check.script }}" {% elif group_config.health_check.ping is vyos_defined %} script "/usr/bin/ping -c1 {{ group_config.health_check.ping }}" {% endif %} interval {{ group_config.health_check.interval }} fall {{ group_config.health_check.failure_count }} rise 1 } {% endif %} vrrp_instance {{ name }} { {% if group_config.description is vyos_defined %} # {{ group_config.description }} {% endif %} state BACKUP interface {{ group_config.interface }} virtual_router_id {{ group_config.vrid }} priority {{ group_config.priority }} advert_int {{ group_config.advertise_interval }} {% if group_config.garp is vyos_defined %} {% if group_config.garp.interval is vyos_defined %} garp_interval {{ group_config.garp.interval }} {% endif %} {% if group_config.garp.master_delay is vyos_defined %} garp_master_delay {{ group_config.garp.master_delay }} {% endif %} {% if group_config.garp.master_repeat is vyos_defined %} garp_master_repeat {{ group_config.garp.master_repeat }} {% endif %} {% if group_config.garp.master_refresh is vyos_defined %} garp_master_refresh {{ group_config.garp.master_refresh }} {% endif %} {% if group_config.garp.master_refresh_repeat is vyos_defined %} garp_master_refresh_repeat {{ group_config.garp.master_refresh_repeat }} {% endif %} {% endif %} {% if group_config.track.exclude_vrrp_interface is vyos_defined %} dont_track_primary {% endif %} {% if group_config.no_preempt is not vyos_defined and group_config.preempt_delay is vyos_defined %} preempt_delay {{ group_config.preempt_delay }} {% elif group_config.no_preempt is vyos_defined %} nopreempt {% endif %} {% if group_config.peer_address is vyos_defined %} unicast_peer { {{ group_config.peer_address }} } {% endif %} {% if group_config.hello_source_address is vyos_defined %} {% if group_config.peer_address is vyos_defined %} unicast_src_ip {{ group_config.hello_source_address }} {% else %} mcast_src_ip {{ group_config.hello_source_address }} {% endif %} {% endif %} {% if group_config.rfc3768_compatibility is vyos_defined and group_config.peer_address is vyos_defined %} use_vmac {{ group_config.interface }}v{{ group_config.vrid }}v{{ '4' if group_config['address'] | first | is_ipv4 else '6' }} vmac_xmit_base {% elif group_config.rfc3768_compatibility is vyos_defined %} use_vmac {{ group_config.interface }}v{{ group_config.vrid }}v{{ '4' if group_config['address'] | first | is_ipv4 else '6' }} {% endif %} {% if group_config.authentication is vyos_defined %} authentication { auth_pass "{{ group_config.authentication.password }}" {% if group_config.authentication.type is vyos_defined('plaintext-password') %} auth_type PASS {% else %} auth_type {{ group_config.authentication.type | upper }} {% endif %} } {% endif %} {% if group_config.address is vyos_defined %} virtual_ipaddress { {% for addr, addr_config in group_config.address.items() %} {{ addr }}{{ ' dev ' + addr_config.interface if addr_config.interface is vyos_defined }} {% endfor %} } {% endif %} {% if group_config.excluded_address is vyos_defined %} virtual_ipaddress_excluded { {% for addr in group_config.excluded_address %} {{ addr }} {% endfor %} } {% endif %} {% if group_config.track.interface is vyos_defined %} track_interface { {% for interface in group_config.track.interface %} {{ interface }} {% endfor %} } {% endif %} {# Sync group member can't use own health check script #} {% if group_config.health_check is vyos_defined and group_config._is_sync_group_member is not vyos_defined %} track_script { healthcheck_{{ name }} } {% endif %} } {% endfor %} {% endif %} {% if vrrp.sync_group is vyos_defined %} {% for name, sync_group_config in vrrp.sync_group.items() if sync_group_config.disable is not vyos_defined %} vrrp_sync_group {{ name }} { group { {% if sync_group_config.member is vyos_defined %} {% for member in sync_group_config.member %} {{ member }} {% endfor %} {% endif %} } {% if sync_group_config.health_check is vyos_defined %} track_script { healthcheck_sg_{{ name }} } {% endif %} {% if conntrack_sync_group is vyos_defined(name) %} {% set vyos_helper = "/usr/libexec/vyos/vyos-vrrp-conntracksync.sh" %} notify_master "{{ vyos_helper }} master {{ name }}" notify_backup "{{ vyos_helper }} backup {{ name }}" notify_fault "{{ vyos_helper }} fault {{ name }}" {% endif %} } {% endfor %} {% endif %} {% if virtual_server is vyos_defined %} # Virtual-server configuration {% for vserver, vserver_config in virtual_server.items() %} # Vserver {{ vserver }} {% if vserver_config.port is vyos_defined %} virtual_server {{ vserver_config.address }} {{ vserver_config.port }} { {% else %} virtual_server fwmark {{ vserver_config.fwmark }} { {% endif %} delay_loop {{ vserver_config.delay_loop }} {% if vserver_config.algorithm is vyos_defined('round-robin') %} lb_algo rr {% elif vserver_config.algorithm is vyos_defined('weighted-round-robin') %} lb_algo wrr {% elif vserver_config.algorithm is vyos_defined('least-connection') %} lb_algo lc {% elif vserver_config.algorithm is vyos_defined('weighted-least-connection') %} lb_algo wlc {% elif vserver_config.algorithm is vyos_defined('source-hashing') %} lb_algo sh {% elif vserver_config.algorithm is vyos_defined('destination-hashing') %} lb_algo dh {% elif vserver_config.algorithm is vyos_defined('locality-based-least-connection') %} lb_algo lblc {% endif %} {% if vserver_config.forward_method is vyos_defined('nat') %} lb_kind NAT {% elif vserver_config.forward_method is vyos_defined('direct') %} lb_kind DR {% elif vserver_config.forward_method is vyos_defined('tunnel') %} lb_kind TUN {% endif %} persistence_timeout {{ vserver_config.persistence_timeout }} protocol {{ vserver_config.protocol | upper }} {% if vserver_config.real_server is vyos_defined %} {% for rserver, rserver_config in vserver_config.real_server.items() %} real_server {{ rserver }} {{ rserver_config.port }} { weight 1 {% if rserver_config.health_check.script is vyos_defined %} MISC_CHECK { misc_path {{ rserver_config.health_check.script }} {% else %} {{ vserver_config.protocol | upper }}_CHECK { {% if rserver_config.connection_timeout is vyos_defined %} connect_timeout {{ rserver_config.connection_timeout }} {% endif %} {% endif %} } } {% endfor %} {% endif %} } {% endfor %} {% endif %}