diff options
| author | Georg Pfuetzenreuter | 2023-02-08 20:52:57 +0100 | 
|---|---|---|
| committer | Georg Pfuetzenreuter | 2023-02-12 05:21:43 +0100 | 
| commit | 303b06ae8cae4167bca6bafca71d226b32379941 (patch) | |
| tree | fd47fd2d13861cd018b98850d1cd310dc5da2671 /pillar/cluster | |
| parent | a0a21a17dbde293b3f665a99998cf88c38b8d07b (diff) | |
| download | salt-303b06ae8cae4167bca6bafca71d226b32379941.tar.gz salt-303b06ae8cae4167bca6bafca71d226b32379941.tar.bz2 salt-303b06ae8cae4167bca6bafca71d226b32379941.zip | |
nemesis/hubris: import keepalived configuration
Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Diffstat (limited to 'pillar/cluster')
| -rw-r--r-- | pillar/cluster/denc/web-proxy.sls | 65 | 
1 files changed, 61 insertions, 4 deletions
| diff --git a/pillar/cluster/denc/web-proxy.sls b/pillar/cluster/denc/web-proxy.sls index 4cf84ab..923369e 100644 --- a/pillar/cluster/denc/web-proxy.sls +++ b/pillar/cluster/denc/web-proxy.sls @@ -2,13 +2,70 @@  {%- set trustcrt = '/usr/share/pki/trust/anchors/syscid-ca.crt' -%}  {%- set stapler = 'http://gaia.syscid.com:8900/' -%}  {%- set resolver = '192.168.0.115' -%} +{%- set mailer = '192.168.0.120' -%} +{%- set ha4 = '81.16.19.62' -%} +{%- set ha6 = '2a03:4000:20:21f::' -%} + +keepalived: +  config: +    global_defs: +      notification_email: +        - system@lysergic.dev +      notification_email_from: failover@{{ grains['host'] }}.lysergic.dev +      smtp_server: {{ mailer }} +      smtp_connect_timeout: 30 +      router_id: SSO_FO +    vrrp_script: +      check_nginx_port: +        script: '"/usr/bin/curl -kfsSm2 https://[::1]:443"' +        weight: 5 +        interval: 3 +        timeout: 3 +      check_nginx_process: +        {#- this is not a good check but better than nothing #} +        script: '"/usr/bin/pgrep nginx"' +        weight: 4 +        interval: 2 +        timeout: 10 +      check_useless_process: +        {#- this is only used for debugging #} +        script: '"/usr/bin/pgrep useless.sh"' +        weight: 4 +        interval: 2 +        timeout: 3 +    vrrp_instance: +      DENCWC: +        state: MASTER +        interface: eth1 +        priority: 100 +        virtual_router_id: 100 +        advert_int: 5 +        smtp_alert: true +        notify_master: '"/usr/local/bin/failover --all"' +        promote_secondaries: true +        mcast_src_ip: 192.168.0.50 +        authentication: +          auth_type: PASS +          auth_pass: ${'secret_keepalived:vrrp_instance:DENCWC'} +        virtual_ipaddress: +          - {{ ha4 }}/32 dev eth0 label failover +        virtual_ipaddress_excluded: +          - {{ ha6 }}/64 dev eth0 +          {%- for i in [1, 2, 3] %} +          - {{ ha6 }}{{ i }}/64 dev eth0 +          {%- endfor %} +        track_script: +          {#- - check_nginx_port # to-do: this is currently bugged, check script locks up #} +          - check_nginx_process +        track_interface: +          - eth0  nginx:    snippets:      listen_ha:        - listen: -        - 81.16.19.62:443 ssl http2 -        - '[2a03:4000:20:21f::]:443 ssl http2' +        - {{ ha4 }}:443 ssl http2 +        - '[{{ ha6 }}]:443 ssl http2'      proxy:        - proxy_set_header:          - Host                $host @@ -75,8 +132,8 @@ nginx:          config:            - server:              - listen: -              - 81.16.19.62:80 default_server -              - '[2a03:4000:20:21f::]:80 default_server' +              - {{ ha4 }}:80 default_server +              - '[{{ ha6 }}]:80 default_server'                - include: snippets/robots                - location /:                  - return: 301 https://$host$request_uri | 
