network: Write keepalived interface status to file

2025-04-05 18:48:16 +00:00 · 2025-04-05 18:48:16 +00:00 · 043104f062
commit 043104f062
parent d6cc79dcb3
4 changed files with 60 additions and 1 deletions
--- a/roles/network/files/keepalived-notify.sh
+++ b/roles/network/files/keepalived-notify.sh
@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -eu
+
+umask 022
+
+echo "$3" > "/run/keepalived/${2}.state"
--- a/roles/network/handlers/main.yml
+++ b/roles/network/handlers/main.yml
@ -12,6 +12,13 @@
      - c
      - reload

+- name: Refresh keepalived run directory
+  ansible.builtin.command:
+    argv:
+      - systemd-tmpfiles
+      - --create
+      - /etc/tmpfiles.d/keepalived.conf
+
 - name: Restart keepalived
  ansible.builtin.service:
    name: keepalived
--- a/roles/network/tasks/RedHat.yml
+++ b/roles/network/tasks/RedHat.yml
@ -45,6 +45,50 @@
    - network_vip_interfaces is defined
    - network_vip_interfaces != []

+- name: Create keepalived group
+  ansible.builtin.group:
+    name: keepalived
+    system: true
+  when:
+    - network_vip_interfaces is defined
+    - network_vip_interfaces != []
+
+- name: Create keepalived user
+  ansible.builtin.user:
+    name: keepalived
+    comment: Service keepalived
+    createhome: false
+    group: keepalived
+    home: /var/empty
+    shell: /sbin/nologin
+    system: true
+  when:
+    - network_vip_interfaces is defined
+    - network_vip_interfaces != []
+
+- name: Create run directory
+  ansible.builtin.copy:
+    dest: /etc/tmpfiles.d/keepalived.conf
+    content: "d /run/keepalived 755 keepalived keepalived"
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Refresh keepalived run directory
+  when:
+    - network_vip_interfaces is defined
+    - network_vip_interfaces != []
+
+- name: Copy keepalived notify script
+  ansible.builtin.copy:
+    dest: /usr/local/libexec/keepalived-notify
+    src: keepalived-notify.sh
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  when:
+    - network_vip_interfaces is defined
+    - network_vip_interfaces != []
+
 - name: Create keepalived config
  ansible.builtin.template:
    dest: /etc/keepalived/keepalived.conf
--- a/roles/network/templates/keepalived.conf.j2
+++ b/roles/network/templates/keepalived.conf.j2
@ -1,7 +1,7 @@
 ! {{ ansible_managed }}

 global_defs {
-
+    script_user keepalived
 }

 {% for vip in network_vip_interfaces %}
@ -18,5 +18,6 @@ vrrp_instance VI_{{ vip.vhid }} {
    virtual_ipaddress {
        {{ vip.ipaddr }}
    }
+    notify /usr/local/libexec/keepalived-notify
 }
 {% endfor %}