keepalived task (added parameters, haproxy_check script).

* added parameters "enable_script_security" and "script_user root" into keepalived.conf; https://www.keepalived.org/manpage.html * haproxy_check vrrp script moved into /usr/libexec/keepalived directory; * Restart the keepalived service only during the initial installation or after modification of the configuration file or haproxy_check script. Do not restart the service when re-executing this playbook.
vitabaks · Oct 31, 2019 · 2b449e0 · 2b449e0
1 parent 799e13e
commit 2b449e0
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/tasks/keepalived.yml b/tasks/keepalived.yml
@@ -18,10 +18,31 @@
     - "net.ipv4.ip_forward"
   tags: [ keepalived_conf, keepalived ]
 
+- name: keepalived | make sure the "/usr/libexec/keepalived" directory exists
+  file:
+    dest: /usr/libexec/keepalived
+    state: directory
+    owner: root
+    group: root
+  tags: [ keepalived_conf, keepalived ]
+
+- name: keepalived | create vrrp_script "/usr/libexec/keepalived/haproxy_check.sh"
+  copy:
+    content: |
+      #!/bin/bash
+      /bin/kill -0 `cat /var/run/haproxy/haproxy.pid`
+    dest: /usr/libexec/keepalived/haproxy_check.sh
+    owner: root
+    group: root
+    mode: 0700
+  register: haproxy_check_result
+  tags: [ keepalived_conf, keepalived ]
+
 - name: keepalived | generate conf file "/etc/keepalived/keepalived.conf"
   template:
     src: templates/keepalived.conf.j2
     dest: /etc/keepalived/keepalived.conf
+  register: keepalived_conf_result
   tags: [ keepalived_conf, keepalived ]
 
 - name: keepalived | selinux | change the keepalived_t domain to permissive
@@ -38,6 +59,7 @@
     name: keepalived
     enabled: yes
     state: restarted
+  when: haproxy_check_result.changed or keepalived_conf_result.changed
   tags: [ keepalived_restart, keepalived ]
 
 - name: wait for the cluster ip address (VIP) "{{ cluster_vip }}" is running

diff --git a/templates/keepalived.conf.j2 b/templates/keepalived.conf.j2
@@ -1,9 +1,11 @@
 global_defs {
    router_id ocp_vrrp
+   enable_script_security
+   script_user root
 }
 
 vrrp_script haproxy_check {
-   script "/bin/kill -0 `cat /var/run/haproxy/haproxy.pid`"
+   script "/usr/libexec/keepalived/haproxy_check.sh"
    interval 2
    weight 2
 }