diff --git a/group_vars/gw.yml b/group_vars/gw.yml index 74153cf..7d245bb 100644 --- a/group_vars/gw.yml +++ b/group_vars/gw.yml @@ -18,3 +18,6 @@ network_ether_interfaces: # use custom firewall config firewall_src: pf.conf.gw_home + +# ifstated config +ifstated_config: ifstated-home.conf.j2 diff --git a/playbooks/gw.yml b/playbooks/gw.yml index 7ef67fa..36a3f17 100644 --- a/playbooks/gw.yml +++ b/playbooks/gw.yml @@ -11,6 +11,7 @@ roles: - base + - ifstated tasks: - name: use configured dns servers and domain name diff --git a/roles/ifstated/templates/ifstated-home.conf.j2 b/roles/ifstated/templates/ifstated-home.conf.j2 new file mode 100644 index 0000000..33a78e6 --- /dev/null +++ b/roles/ifstated/templates/ifstated-home.conf.j2 @@ -0,0 +1,49 @@ + +init-state auto + +if_carp_up="carp1.link.up" +if_carp_down="carp1.link.down" + +state auto { + if $if_carp_up { + set-state master + } + if $if_carp_down { + set-state backup + } +} + +state master { + init { + # spoof mac to keep dhcp lease in sync with both gw's + run "/sbin/ifconfig vio1 lladdr {{ gw_home_mac }} up" + # flush routes and run dhclient and dhcpcd + run "/sbin/route -qn flush" + run "/sbin/dhclient vio1" + #run "/sbin/rcctl restart dhcpcd > /dev/null" + # reset firewall rules + run "pfctl -f /etc/pf.conf" + } + if $if_carp_down { + set-state backup + } +} + +state backup { + init { + # kill dhclient (TODO: better command for this) + run "pkill -9 dhclient" + # bring down interface and reset mac + run "/sbin/ifconfig vio1 delete lladdr {{ gw_home_mac }} down" + # flush routes and fix default route + run "/sbin/route -qn flush" +{% if inventory_hostname == "gw01.home.foo.sh" %} + run "/sbin/route -qn add default 172.20.21.2" +{% elif inventory_hostname == "gw02.home.foo.sh" %} + run "/sbin/route -qn add default 172.20.21.1" +{% endif %} + } + if $if_carp_up { + set-state master + } +}