diff --git a/library/roles/keepalived/defaults/main.yml b/library/roles/keepalived/defaults/main.yml deleted file mode 100644 index bdcd8aa4..00000000 --- a/library/roles/keepalived/defaults/main.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -# http://www.keepalived.org/ -# -keepalived_install: False -keepalived_enabled: '{{ keepalived_install }}' -keepalived_version: 1.1.20 -keepalived_repo: 'ppa:keepalived/stable' -keepalived_pkg_state: latest -# Use 'keepalived={{ keepalived_version }}' if you want a specific version -keepalived_pkgs: - - keepalived - -keepalived_use_unicast: False -keepalived_unicast_src_ip: '{{ ansible_default_ipv4.address }}' -keepalived_unicast_peer_ip: - - 127.0.0.1 - - 127.0.0.2 -keepalived_mcast_addr: 224.0.0.0/8 -keepalived_floating_ip1: 127.0.0.1 -keepalived_script1_name: keepalived_check_service_status -# We set haproxy as the default because most of our keepalived use is haproxy related -keepalived_service_to_check: 'haproxy' -keepalived_script1_check: '/bin/pidof {{ keepalived_service_to_check }}' -keepalived_instance1_name: 'VRRP_1' -keepalived_interface1_name: '{{ ansible_default_ipv4.interface }}' -keepalived_initial_state: 'MASTER' -keepalived_inst_priority: 100 -keepalived_vrouter_id: 51 -keepalived_non_local_bind: True - -keepalived_enable_script_security: True -keepalived_script_username: keepalived_script -keepalived_script_user_home: '/var/lib/keepalived' -keepalived_runtime_dir: /run/keepalived - -keepalived_nagios_check: False -keepalived_notify_script: /usr/local/bin/keepalived_notify -keepalived_check_script: '/usr/local/bin/{{ keepalived_script1_name }}' - -# The service must install its own script if it is too complex to be managed by the provided one -keepalived_scripts: - - name: '{{ keepalived_script1_name }}' - script: '{{ keepalived_check_script }}' - # In seconds - interval: 2 - # Priority increment - weight: 2 - -keepalived_instances: - - name: '{{ keepalived_instance1_name }}' - interface: '{{ keepalived_interface1_name }}' - state: '{{ keepalived_initial_state }}' - vrouter_id: '{{ keepalived_vrouter_id }}' - notify: '{{ keepalived_notify_script }}' - priority: '{{ keepalived_inst_priority }}' - nopreempt: True - v_addr: - - '{{ keepalived_floating_ip1 }}' - track_script: - - '{{ keepalived_script1_name }}' - track_interface: - - '{{ keepalived_interface1_name }}' diff --git a/library/roles/keepalived/files/check_keepalived_state b/library/roles/keepalived/files/check_keepalived_state deleted file mode 100644 index 7037f6ab..00000000 --- a/library/roles/keepalived/files/check_keepalived_state +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash -# -# echo $1 $2 is in $3 state > /var/run/keepalive.state -# - -############################################################### -# Check Keepalived State # -# # -# Author: Zhivko Todorov # -# Date: 01-Dec-2015 # -# Version: 0.0.1 # -# License: GPL # -############################################################### - - -# set to 'true' if the host is supposed to be in MASTER state -# or set to 'false' if the host is supposed to be in BACKUP state -# nrpe cannot receive external variables UNLESS is forced in config -MASTER='true' - -# checking if there are alive keepalived processes so we can trust the content of the notify 'state' file -KEEPALIVENUM=`ps uax|grep '/usr/sbin/keepalived'|grep -v grep|wc -l|tr -d "\n"` - -if [ $KEEPALIVENUM -gt 0 ]; then - - KEEPALIVESTATE=`cat /var/run/keepalive.state` - - if [ "$MASTER" == "true" ]; then - - if [[ $KEEPALIVESTATE == *"MASTER"* ]];then - echo $KEEPALIVESTATE - exit 0 - fi - - if [[ $KEEPALIVESTATE == *"BACKUP"* ]];then - echo $KEEPALIVESTATE - exit 0 - fi - - else - - if [[ $KEEPALIVESTATE == *"BACKUP"* ]];then - echo $KEEPALIVESTATE - exit 0 - fi - - if [[ $KEEPALIVESTATE == *"MASTER"* ]];then - echo $KEEPALIVESTATE - exit 2 - fi - - fi -fi - -echo "Keepalived is in UNKNOWN state" -exit 3 - diff --git a/library/roles/keepalived/handlers/main.yml b/library/roles/keepalived/handlers/main.yml deleted file mode 100644 index be4ad3ff..00000000 --- a/library/roles/keepalived/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: restart keepalived - service: name=keepalived state=restarted - when: keepalived_enabled diff --git a/library/roles/keepalived/tasks/main.yml b/library/roles/keepalived/tasks/main.yml deleted file mode 100644 index 87e928bb..00000000 --- a/library/roles/keepalived/tasks/main.yml +++ /dev/null @@ -1,100 +0,0 @@ ---- -- block: - - name: Install the keepalived repository - apt_repository: repo={{ keepalived_repo }} update_cache=yes - when: ansible_distribution_major_version <= '16' - - - name: Install the keepalived package - apt: name={{ keepalived_pkgs }} state={{ keepalived_pkg_state }} cache_valid_time=1800 - - tags: keepalived - when: - - keepalived_install | bool - - ansible_distribution_file_variety == "Debian" - -- block: - - name: Install the user that the keepalived scripts will run under - user: name={{ keepalived_script_username }} home={{ keepalived_script_user_home }} createhome=no shell=/usr/sbin/nologin system=yes - - - name: Create the keepalive script user directory - file: dest={{ keepalived_script_user_home }} state=directory owner={{ keepalived_script_username }} group={{ keepalived_script_username }} mode=0750 - - - name: Create the tmpfile entry for the keepalived runtime directory - template: src=tmpfile_keepalived.conf.j2 dest=/usr/lib/tmpfiles.d/keepalived.conf owner=root group=root mode=0644 - when: ansible_service_mgr == 'systemd' - - - name: Install the keepalived configuration - template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf owner=root group=root mode=0600 - notify: restart keepalived - - - name: Install the keepalived default check script - template: src=keepalived_check_service_status.sh.j2 dest=/usr/local/bin/keepalived_check_service_status owner=root group=root mode=0755 - notify: restart keepalived - - - name: Install the keepalived notify scripts - template: src=keepalived_notify.sh.j2 dest={{ item.notify }} owner=root group={{ keepalived_script_username }} mode=0754 - with_items: '{{ keepalived_instances }}' - - - name: Set the kernel net.ipv4.ip_nonlocal_bind sysctl - sysctl: - reload: yes - state: present - name: net.ipv4.ip_nonlocal_bind - sysctl_set: yes - sysctl_file: /etc/sysctl.d/90-keepalived - value: 1 - when: keepalived_non_local_bind | bool - - - name: Disable the kernel net.ipv4.ip_nonlocal_bind sysctl if not needed - sysctl: - reload: yes - state: absent - name: net.ipv4.ip_nonlocal_bind - sysctl_set: yes - sysctl_file: /etc/sysctl.d/90-keepalived - value: 1 - when: not keepalived_non_local_bind | bool - - - name: Ensure that keepalived is started and enabled - service: name=keepalived state=started enabled=yes - when: keepalived_enabled | bool - - - name: Ensure that keepalived is stopped and disabled - service: name=keepalived state=stopped enabled=no - when: not keepalived_enabled | bool - - tags: [ 'keepalived', 'keepalived_conf' ] - when: keepalived_install | bool - -- block: - - name: Install the keepalived NRPE nagios check - copy: src=check_keepalived_state dest={{ nagios_plugins_dir }}/check_keepalived_state owner=root group=root mode=0555 - with_items: '{{ keepalived_instances }}' - - - name: Install the keepalived NRPE command configuration - template: src=keepalived-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/keepalived-nrpe.cfg owner=root group=root mode=0444 - notify: Reload NRPE server - - tags: keepalived - when: - - keepalived_install | bool - - keepalived_nagios_check | bool - -- block: - - name: Remove the keepalived package if we do not want it - apt: name={{ keepalived_pkgs }} state=absent - - - name: Remove the keepalived notify scripts - file: dest={{ item.notify }} state=absent - with_items: '{{ keepalived_instances }}' - - - name: Remove the keepalived NRPE check - file: dest={{ nagios_plugins_dir }}/check_keepalived_state state=absent - with_items: '{{ keepalived_instances }}' - - - name: Remove the keepalived NRPE command configuration - file: dest={{ nrpe_include_dir }}/keepalived-nrpe.cfg state=absent - - tags: keepalived - when: not keepalived_install | bool - diff --git a/library/roles/keepalived/templates/keepalived-nrpe.cfg.j2 b/library/roles/keepalived/templates/keepalived-nrpe.cfg.j2 deleted file mode 100644 index fdf2cdba..00000000 --- a/library/roles/keepalived/templates/keepalived-nrpe.cfg.j2 +++ /dev/null @@ -1,6 +0,0 @@ -# -command[check_keepalived]={{ nagios_plugins_dir }}/check_keepalived_state - -# Restart keepalived (via handler) -command[global_restart_keepalived]=/usr/bin/sudo /etc/init.d/keepalived restart - diff --git a/library/roles/keepalived/templates/keepalived.conf.j2 b/library/roles/keepalived/templates/keepalived.conf.j2 deleted file mode 100644 index 1a1dcb1a..00000000 --- a/library/roles/keepalived/templates/keepalived.conf.j2 +++ /dev/null @@ -1,88 +0,0 @@ -global_defs { -{% if keepalived_enable_script_security %} - - enable_script_security -{% if ansible_distribution_file_variety == "Debian" and ansible_distribution_major_version == '18' %} - script_user root -{% else %} - script_user {{ keepalived_script_username }} -{% endif %} -{% endif %} -} - -{% for script in keepalived_scripts %} -vrrp_script {{ script.name }} { - script "{{ script.script }}" - interval {{ script.interval | default(1) }} - weight {{ script.weight | default(2) }} - fall {{ script.fall | default(3) }} - rise {{ script.raise | default(2) }} - timeout {{ script.timeout | default(5) }} -} -{% endfor %} - -{% for instance in keepalived_instances %} -vrrp_instance {{ instance.name }} { - interface {{ instance.interface }} - {% if instance.state is defined %} - {% if instance.nopreempt is defined and instance.nopreempt %} - - state BACKUP - {% else %} - state {{ instance.state }} - - {% endif %} - {% endif %} - virtual_router_id {{ instance.vrouter_id }} - priority {{ instance.priority }} - {% if instance.notify is defined %} - - notify {{ instance.notify }} - - {% endif %} - {% if instance.nopreempt is defined and instance.nopreempt %} - - nopreempt - - {% endif %} - {% if instance.authentication is defined %} - - authentication { - auth_type {{ instance.authentication }} - auth_pass {{ instance.authpass }} - } - - {% endif %} - virtual_ipaddress { - {% for addr in instance.v_addr %} - {{ addr }} - {% endfor %} - } - track_script { - {% for trk in instance.track_script %} - {{ trk }} - {% endfor %} - } - {% if instance.track_interface is defined %} - - track_interface { - {% for if in instance.track_interface %} - {{ if }} - {% endfor %} - } - - {% endif %} - {% if keepalived_use_unicast %} - - unicast_src_ip {{ instance.keepalived_unicast_src_ip }} - unicast_peer { - - {% for ipaddr in instance.keepalived_unicast_peer_ip %} - {{ ipaddr }} - {% endfor %} - - } - - {% endif %} -} -{% endfor %} diff --git a/library/roles/keepalived/templates/keepalived_check_service_status.sh.j2 b/library/roles/keepalived/templates/keepalived_check_service_status.sh.j2 deleted file mode 100644 index 6ed36e5d..00000000 --- a/library/roles/keepalived/templates/keepalived_check_service_status.sh.j2 +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -{% if ansible_distribution_file_variety == "Debian" and ansible_distribution_major_version == '18' %} -am_i_master=$( grep MASTER {{ keepalived_runtime_dir }}/keepalive.state ) -keepalive_master=$? - -if [ $keepalive_master -eq 0 ] ; then -{% for instance in keepalived_instances %} -{% for addr in instance.v_addr %} - float_ip=$( ip addr show | grep {{ addr }} ) - retval=$? - [ $retval -eq 1 ] && /bin/systemctl restart keepalived -{% endfor %} -{% endfor %} -fi -{% endif %} - -{{ keepalived_script1_check }} - -exit $? diff --git a/library/roles/keepalived/templates/keepalived_notify.sh.j2 b/library/roles/keepalived/templates/keepalived_notify.sh.j2 deleted file mode 100644 index 531ad0db..00000000 --- a/library/roles/keepalived/templates/keepalived_notify.sh.j2 +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# -# echo $1 $2 is in $3 state > /var/lib/keepalived/keepalive.state -# -umask 022 -export PATH="/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:$PATH" -TYPE=$1 -NAME=$2 -STATE=$3 -RETVAL=0 - -{% if keepalived_notify_extra_params is defined %} -{{ keepalived_notify_extra_params }} -{% endif %} - -echo "$TYPE $NAME is in $STATE state" > {{ keepalived_runtime_dir }}/keepalive.state - -exit $RETVAL - diff --git a/library/roles/keepalived/templates/tmpfile_keepalived.conf.j2 b/library/roles/keepalived/templates/tmpfile_keepalived.conf.j2 deleted file mode 100644 index c6666b18..00000000 --- a/library/roles/keepalived/templates/tmpfile_keepalived.conf.j2 +++ /dev/null @@ -1 +0,0 @@ -d {{ keepalived_runtime_dir }} 0775 {{ keepalived_script_username }} {{ keepalived_script_username }} diff --git a/library/roles/unbound-resolver/defaults/main.yml b/library/roles/unbound-resolver/defaults/main.yml deleted file mode 100644 index 7c6f47cd..00000000 --- a/library/roles/unbound-resolver/defaults/main.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -unbound_pkgs: - - unbound - - unbound-anchor - - unbound-host - - dnsutils - -unbound_interfaces: - - '0.0.0.0' - - '::0' - -unbound_allowed_clients: - - { cidr: '0.0.0.0/0', policy: 'allow' } - -unbound_prefetch: 'yes' -unbound_verbosity: 1 -unbound_threads: '{{ ansible_processor_count }}' - -unbound_remote_control: 'yes' -unbound_remote_IP: '127.0.0.1' - -unbound_rrset_cache_size: 100m -unbound_rrset_msg_cache_size: 50m -# Larger socket buffer. OS may need config. -unbound_so_rcvbuf: 4m -unbound_so_sndbuf: 4m -# Faster UDP with multithreading (only on Linux). -unbound_so_reuseport: 'yes' -# with libevent -unbound_num_queries_per_thread: 4096 - -unbound_max_negative_ttl: 3600 - -unbound_hide_identity: 'yes' -unbound_hide_version: 'yes' -unbound_qname_minimisation: 'no' -unbound_val_clean_additional: 'yes' -# The following is experimental -unbound_use_caps_for_id: 'no' -unbound_unwanted_reply_threshold: '10000000' -unbound_do_not_query_localhost: 'no' -unbound_rrset_roundrobin: 'yes' -unbound_unblock_lan_zones: 'no' -unbound_do_ipv6: 'yes' - -unbound_private_addresses: [] -unbound_private_domains: [] -# Stub zones -# One of stub_host or stub_addr must be defined -# stub_prime and stub_first are both optional, default 'yes' -#unbound_stub_zones: -# - { name: '', stub_addr: '', stub_host: '', stub_prime: '', stub_first: '' } diff --git a/library/roles/unbound-resolver/handlers/main.yml b/library/roles/unbound-resolver/handlers/main.yml deleted file mode 100644 index 262fab5a..00000000 --- a/library/roles/unbound-resolver/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Restart unbound - service: name=unbound state=restarted - \ No newline at end of file diff --git a/library/roles/unbound-resolver/tasks/main.yml b/library/roles/unbound-resolver/tasks/main.yml deleted file mode 100644 index daa192c2..00000000 --- a/library/roles/unbound-resolver/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- block: - - name: Install the unbound resolver packages - apt: pkg={{ unbound_pkgs }} state=present cache_valid_time=1800 update_cache=yes - - - name: Install the unbound config files - template: src={{ item }} dest=/etc/unbound/unbound.conf.d/{{ item }} - with_items: - - unbound-server.conf - - unbound-remote-control.conf - notify: Restart unbound - tags: [ 'unbound', 'unbound_conf' ] - - - name: On bionic, stop systemd-resolvd because it interferes - service: name=systemd-resolved state=stopped enabled=no - when: - - ansible_distribution == "Ubuntu" - - ansible_service_mgr == 'systemd' - - ansible_distribution_major_version >= '18' - - - name: Ensure that the unbound service is started and enabled - service: name=unbound state=restarted enabled=yes - - tags: [ 'unbound' ] diff --git a/library/roles/unbound-resolver/templates/unbound-remote-control.conf b/library/roles/unbound-resolver/templates/unbound-remote-control.conf deleted file mode 100644 index b7eb1484..00000000 --- a/library/roles/unbound-resolver/templates/unbound-remote-control.conf +++ /dev/null @@ -1,6 +0,0 @@ -remote-control: - control-enable: {{ unbound_remote_control }} -{% if unbound_remote_IP is defined %} - control-interface: '{{ unbound_remote_IP }}' -{% endif %} - diff --git a/library/roles/unbound-resolver/templates/unbound-server.conf b/library/roles/unbound-resolver/templates/unbound-server.conf deleted file mode 100644 index 46505edf..00000000 --- a/library/roles/unbound-resolver/templates/unbound-server.conf +++ /dev/null @@ -1,81 +0,0 @@ -server: -{% for interface in unbound_interfaces %} - interface: {{ interface }} -{% endfor %} -{% if keepalived_install is defined and keepalived_install %} - ip-transparent: yes -{% endif %} - interface-automatic: yes -{% for net in unbound_allowed_clients %} - access-control: {{ net.cidr }} {{ net.policy }} -{% endfor %} - verbosity: {{ unbound_verbosity }} - # use all CPUs - num-threads: {{ unbound_threads }} - prefetch: {{ unbound_prefetch }} - - # power of 2 close to num-threads - msg-cache-slabs: {{ unbound_threads }} - rrset-cache-slabs: {{ unbound_threads }} - infra-cache-slabs: {{ unbound_threads }} - key-cache-slabs: {{ unbound_threads }} - - # more cache memory, rrset=msg*2 - rrset-cache-size: {{ unbound_rrset_cache_size }} - msg-cache-size: {{ unbound_rrset_msg_cache_size }} - - # more outgoing connections - # depends on number of cores: 1024/cores - 50 - outgoing-range: {{ 1024 * unbound_threads - 50 }} - - # Larger socket buffer. OS may need config. - so-rcvbuf: {{ unbound_so_rcvbuf }} - so-sndbuf: {{ unbound_so_sndbuf }} - - # Negative TTL - cache-max-negative-ttl: {{ unbound_max_negative_ttl }} - - # Faster UDP with multithreading (only on Linux). - so-reuseport: {{ unbound_so_reuseport }} - # with libevent - num-queries-per-thread: {{ unbound_num_queries_per_thread }} - hide-identity: {{ unbound_hide_identity }} - hide-version: {{ unbound_hide_version }} - qname-minimisation: {{ unbound_qname_minimisation }} - # The following is experimental - use-caps-for-id: {{ unbound_use_caps_for_id }} - unwanted-reply-threshold: {{ unbound_unwanted_reply_threshold }} - do-not-query-localhost: {{ unbound_do_not_query_localhost }} - rrset-roundrobin: {{ unbound_rrset_roundrobin }} - val-clean-additional: {{ unbound_val_clean_additional }} - unblock-lan-zones: {{ unbound_unblock_lan_zones }} - do-ip6: {{ unbound_do_ipv6 }} - # -{% if ansible_service_mgr == 'systemd' %} - use-systemd: yes - do-daemonize: no -{% endif %} - -{% for cidr in unbound_private_addresses %} - private-address: {{ cidr }} -{% endfor %} -{% for dom in unbound_private_domains %} - private-domain: {{ dom }} -{% endfor %} - -{% if unbound_stub_zones is defined %} -{% for zone in unbound_stub_zones %} -stub-zone: - name: {{ zone.name }} -{% if zone.stub_host is defined %} - stub-host: {{ zone.stub_host }} -{% endif %} -{% if zone.stub_addr is defined %} - stub-addr: {{ zone.stub_addr }} -{% endif %} - stub-prime: {{ zone.stub_prime | default('no') }} - stub-first: {{ zone.stub_first | default('yes') }} - -{% endfor %} -{% endif %} -