summaryrefslogtreecommitdiff
path: root/data/templates/high-availability/keepalived.conf.j2
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/high-availability/keepalived.conf.j2')
-rw-r--r--data/templates/high-availability/keepalived.conf.j2243
1 files changed, 243 insertions, 0 deletions
diff --git a/data/templates/high-availability/keepalived.conf.j2 b/data/templates/high-availability/keepalived.conf.j2
new file mode 100644
index 0000000..c0d66ae
--- /dev/null
+++ b/data/templates/high-availability/keepalived.conf.j2
@@ -0,0 +1,243 @@
+# Autogenerated by VyOS
+# Do not edit this file, all your changes will be lost
+# on next commit or reboot
+
+# Global definitions configuration block
+global_defs {
+ dynamic_interfaces
+ script_user root
+{% if vrrp.global_parameters.startup_delay is vyos_defined %}
+ vrrp_startup_delay {{ vrrp.global_parameters.startup_delay }}
+{% endif %}
+{% if vrrp.global_parameters.garp is vyos_defined %}
+{% if vrrp.global_parameters.garp.interval is vyos_defined %}
+ vrrp_garp_interval {{ vrrp.global_parameters.garp.interval }}
+{% endif %}
+{% if vrrp.global_parameters.garp.master_delay is vyos_defined %}
+ vrrp_garp_master_delay {{ vrrp.global_parameters.garp.master_delay }}
+{% endif %}
+{% if vrrp.global_parameters.garp.master_refresh is vyos_defined %}
+ vrrp_garp_master_refresh {{ vrrp.global_parameters.garp.master_refresh }}
+{% endif %}
+{% if vrrp.global_parameters.garp.master_refresh_repeat is vyos_defined %}
+ vrrp_garp_master_refresh_repeat {{ vrrp.global_parameters.garp.master_refresh_repeat }}
+{% endif %}
+{% if vrrp.global_parameters.garp.master_repeat is vyos_defined %}
+ vrrp_garp_master_repeat {{ vrrp.global_parameters.garp.master_repeat }}
+{% endif %}
+{% endif %}
+{% if vrrp.global_parameters.version is vyos_defined %}
+ vrrp_version {{ vrrp.global_parameters.version }}
+{% endif %}
+ notify_fifo /run/keepalived/keepalived_notify_fifo
+ notify_fifo_script /usr/libexec/vyos/system/keepalived-fifo.py
+}
+
+{# Sync group has own health-check scripts T6020 #}
+{% if vrrp.sync_group is vyos_defined %}
+{% for name, sync_group_config in vrrp.sync_group.items() if sync_group_config.disable is not vyos_defined %}
+{% if sync_group_config.health_check is vyos_defined %}
+vrrp_script healthcheck_sg_{{ name }} {
+{% if sync_group_config.health_check.script is vyos_defined %}
+ script "{{ sync_group_config.health_check.script }}"
+{% elif sync_group_config.health_check.ping is vyos_defined %}
+ script "/usr/bin/ping -c1 {{ sync_group_config.health_check.ping }}"
+{% endif %}
+ interval {{ sync_group_config.health_check.interval }}
+ fall {{ sync_group_config.health_check.failure_count }}
+ rise 1
+}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+{% if vrrp.group is vyos_defined %}
+{% for name, group_config in vrrp.group.items() if group_config.disable is not vyos_defined %}
+{% if group_config.health_check is vyos_defined %}
+vrrp_script healthcheck_{{ name }} {
+{% if group_config.health_check.script is vyos_defined %}
+ script "{{ group_config.health_check.script }}"
+{% elif group_config.health_check.ping is vyos_defined %}
+ script "/usr/bin/ping -c1 {{ group_config.health_check.ping }}"
+{% endif %}
+ interval {{ group_config.health_check.interval }}
+ fall {{ group_config.health_check.failure_count }}
+ rise 1
+}
+{% endif %}
+vrrp_instance {{ name }} {
+{% if group_config.description is vyos_defined %}
+ # {{ group_config.description }}
+{% endif %}
+ state BACKUP
+ interface {{ group_config.interface }}
+ virtual_router_id {{ group_config.vrid }}
+ priority {{ group_config.priority }}
+ advert_int {{ group_config.advertise_interval }}
+{% if group_config.garp is vyos_defined %}
+{% if group_config.garp.interval is vyos_defined %}
+ garp_interval {{ group_config.garp.interval }}
+{% endif %}
+{% if group_config.garp.master_delay is vyos_defined %}
+ garp_master_delay {{ group_config.garp.master_delay }}
+{% endif %}
+{% if group_config.garp.master_repeat is vyos_defined %}
+ garp_master_repeat {{ group_config.garp.master_repeat }}
+{% endif %}
+{% if group_config.garp.master_refresh is vyos_defined %}
+ garp_master_refresh {{ group_config.garp.master_refresh }}
+{% endif %}
+{% if group_config.garp.master_refresh_repeat is vyos_defined %}
+ garp_master_refresh_repeat {{ group_config.garp.master_refresh_repeat }}
+{% endif %}
+{% endif %}
+{% if group_config.track.exclude_vrrp_interface is vyos_defined %}
+ dont_track_primary
+{% endif %}
+{% if group_config.no_preempt is not vyos_defined and group_config.preempt_delay is vyos_defined %}
+ preempt_delay {{ group_config.preempt_delay }}
+{% elif group_config.no_preempt is vyos_defined %}
+ nopreempt
+{% endif %}
+{% if group_config.peer_address is vyos_defined %}
+ unicast_peer {
+{% for peer_address in group_config.peer_address %}
+ {{ peer_address }}
+{% endfor %}
+ }
+{% endif %}
+{% if group_config.hello_source_address is vyos_defined %}
+{% if group_config.peer_address is vyos_defined %}
+ unicast_src_ip {{ group_config.hello_source_address }}
+{% else %}
+ mcast_src_ip {{ group_config.hello_source_address }}
+{% endif %}
+{% endif %}
+{% if group_config.rfc3768_compatibility is vyos_defined and group_config.peer_address is vyos_defined %}
+ use_vmac {{ group_config.interface }}v{{ group_config.vrid }}v{{ '4' if group_config['address'] | first | is_ipv4 else '6' }}
+ vmac_xmit_base
+{% elif group_config.rfc3768_compatibility is vyos_defined %}
+ use_vmac {{ group_config.interface }}v{{ group_config.vrid }}v{{ '4' if group_config['address'] | first | is_ipv4 else '6' }}
+{% endif %}
+{% if group_config.authentication is vyos_defined %}
+ authentication {
+ auth_pass "{{ group_config.authentication.password }}"
+{% if group_config.authentication.type is vyos_defined('plaintext-password') %}
+ auth_type PASS
+{% else %}
+ auth_type {{ group_config.authentication.type | upper }}
+{% endif %}
+ }
+{% endif %}
+{% if group_config.address is vyos_defined %}
+ virtual_ipaddress {
+{% for addr, addr_config in group_config.address.items() %}
+ {{ addr }}{{ ' dev ' + addr_config.interface if addr_config.interface is vyos_defined }}
+{% endfor %}
+ }
+{% endif %}
+{% if group_config.excluded_address is vyos_defined %}
+ virtual_ipaddress_excluded {
+{% for addr, addr_config in group_config.excluded_address.items() %}
+ {{ addr }}{{ ' dev ' + addr_config.interface if addr_config.interface is vyos_defined }}
+{% endfor %}
+ }
+{% endif %}
+{% if group_config.track.interface is vyos_defined %}
+ track_interface {
+{% for interface in group_config.track.interface %}
+ {{ interface }}
+{% endfor %}
+ }
+{% endif %}
+{# Sync group member can't use own health check script #}
+{% if group_config.health_check is vyos_defined and group_config._is_sync_group_member is not vyos_defined %}
+ track_script {
+ healthcheck_{{ name }}
+ }
+{% endif %}
+}
+{% endfor %}
+{% endif %}
+
+{% if vrrp.sync_group is vyos_defined %}
+{% for name, sync_group_config in vrrp.sync_group.items() if sync_group_config.disable is not vyos_defined %}
+vrrp_sync_group {{ name }} {
+ group {
+{% if sync_group_config.member is vyos_defined %}
+{% for member in sync_group_config.member %}
+ {{ member }}
+{% endfor %}
+{% endif %}
+ }
+
+{% if sync_group_config.health_check is vyos_defined %}
+ track_script {
+ healthcheck_sg_{{ name }}
+ }
+{% endif %}
+
+{% if conntrack_sync_group is vyos_defined(name) %}
+{% set vyos_helper = "/usr/libexec/vyos/vyos-vrrp-conntracksync.sh" %}
+ notify_master "{{ vyos_helper }} master {{ name }}"
+ notify_backup "{{ vyos_helper }} backup {{ name }}"
+ notify_fault "{{ vyos_helper }} fault {{ name }}"
+{% endif %}
+}
+{% endfor %}
+{% endif %}
+
+{% if virtual_server is vyos_defined %}
+# Virtual-server configuration
+{% for vserver, vserver_config in virtual_server.items() %}
+# Vserver {{ vserver }}
+{% if vserver_config.port is vyos_defined %}
+virtual_server {{ vserver_config.address }} {{ vserver_config.port }} {
+{% else %}
+virtual_server fwmark {{ vserver_config.fwmark }} {
+{% endif %}
+ delay_loop {{ vserver_config.delay_loop }}
+{% if vserver_config.algorithm is vyos_defined('round-robin') %}
+ lb_algo rr
+{% elif vserver_config.algorithm is vyos_defined('weighted-round-robin') %}
+ lb_algo wrr
+{% elif vserver_config.algorithm is vyos_defined('least-connection') %}
+ lb_algo lc
+{% elif vserver_config.algorithm is vyos_defined('weighted-least-connection') %}
+ lb_algo wlc
+{% elif vserver_config.algorithm is vyos_defined('source-hashing') %}
+ lb_algo sh
+{% elif vserver_config.algorithm is vyos_defined('destination-hashing') %}
+ lb_algo dh
+{% elif vserver_config.algorithm is vyos_defined('locality-based-least-connection') %}
+ lb_algo lblc
+{% endif %}
+{% if vserver_config.forward_method is vyos_defined('nat') %}
+ lb_kind NAT
+{% elif vserver_config.forward_method is vyos_defined('direct') %}
+ lb_kind DR
+{% elif vserver_config.forward_method is vyos_defined('tunnel') %}
+ lb_kind TUN
+{% endif %}
+ persistence_timeout {{ vserver_config.persistence_timeout }}
+ protocol {{ vserver_config.protocol | upper }}
+{% if vserver_config.real_server is vyos_defined %}
+{% for rserver, rserver_config in vserver_config.real_server.items() %}
+ real_server {{ rserver }} {{ rserver_config.port }} {
+ weight 1
+{% if rserver_config.health_check.script is vyos_defined %}
+ MISC_CHECK {
+ misc_path {{ rserver_config.health_check.script }}
+{% else %}
+ {{ vserver_config.protocol | upper }}_CHECK {
+{% if rserver_config.connection_timeout is vyos_defined %}
+ connect_timeout {{ rserver_config.connection_timeout }}
+{% endif %}
+{% endif %}
+ }
+ }
+{% endfor %}
+{% endif %}
+}
+{% endfor %}
+{% endif %}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 23:22:30 +0000