From 5baa2b30b18c72924997100049ef148920dcc82c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Han?= Date: Tue, 7 Oct 2014 12:10:25 +0200 Subject: [PATCH] Add support for keepalived authentication MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In some circonstances, if an existing vrrp instance is on the network it will try to join our vrrp instance, thus adding an authentication method ensures that we won't face this situation. Signed-off-by: Sébastien Han --- manifests/loadbalancer.pp | 16 +++++++ spec/classes/cloud_loadbalancer_spec.rb | 64 ++++++++++++++----------- 2 files changed, 53 insertions(+), 27 deletions(-) diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index f1f4592e..09b4954e 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -52,6 +52,16 @@ # Should be an array. # Defaults to false (disabled) # +# [*keepalived_auth_type*] +# (optional) Authentication method. +# Supported methods are simple Passwd (PASS) or IPSEC AH (AH). +# Defaults to undef +# +# [*keepalived_auth_pass*] +# (optional) Authentication password. +# Password string (up to 8 characters). +# Defaults to undef +# # [*swift_api*] # (optional) Enable or not Swift public binding. # If true, both public and internal will attempt to be created except if vip_internal_ip is set to false (backward compatibility). @@ -193,6 +203,8 @@ class cloud::loadbalancer( $keepalived_public_ipvs = ['127.0.0.1'], $keepalived_internal_interface = 'eth1', $keepalived_internal_ipvs = [], + $keepalived_auth_type = undef, + $keepalived_auth_pass = undef, $ceilometer_bind_options = [], $cinder_bind_options = [], $ec2_bind_options = [], @@ -286,6 +298,8 @@ class cloud::loadbalancer( state => $keepalived_state, track_script => ['haproxy'], priority => $keepalived_priority, + auth_type => $keepalived_auth_type, + auth_pass => $keepalived_auth_pass, notify_master => '"/etc/init.d/haproxy start"', notify_backup => '"/etc/init.d/haproxy stop"', } @@ -302,6 +316,8 @@ class cloud::loadbalancer( state => $keepalived_state, track_script => ['haproxy'], priority => $keepalived_priority, + auth_type => $keepalived_auth_type, + auth_pass => $keepalived_auth_pass, notify_master => '"/etc/init.d/haproxy start"', notify_backup => '"/etc/init.d/haproxy stop"', } diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb index 4d4ad4d6..695de2f5 100644 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ b/spec/classes/cloud_loadbalancer_spec.rb @@ -62,6 +62,8 @@ describe 'cloud::loadbalancer' do :keepalived_vrrp_interface => false, :keepalived_public_interface => 'eth0', :keepalived_public_ipvs => ['10.0.0.1', '10.0.0.2'], + :keepalived_auth_type => 'PASS', + :keepalived_auth_pass => 'secret', :horizon_port => '80', :spice_port => '6082', :vip_public_ip => '10.0.0.1', @@ -106,13 +108,15 @@ describe 'cloud::loadbalancer' do end it 'configure an internal VRRP instance' do is_expected.to contain_keepalived__instance('2').with({ - 'interface' => 'eth1', - 'virtual_ips' => ['192.168.0.1 dev eth1'], - 'track_script' => ['haproxy'], - 'state' => 'BACKUP', - 'priority' => params[:keepalived_priority], - 'notify_master' => '"/etc/init.d/haproxy start"', - 'notify_backup' => '"/etc/init.d/haproxy stop"', + 'interface' => 'eth1', + 'virtual_ips' => ['192.168.0.1 dev eth1'], + 'track_script' => ['haproxy'], + 'state' => 'BACKUP', + 'priority' => params[:keepalived_priority], + 'auth_type' => 'PASS', + 'auth_pass' => 'secret', + 'notify_master' => '"/etc/init.d/haproxy start"', + 'notify_backup' => '"/etc/init.d/haproxy stop"', }) end end @@ -128,13 +132,15 @@ describe 'cloud::loadbalancer' do end it 'configure a public VRRP instance with deprecated parameters' do is_expected.to contain_keepalived__instance('1').with({ - 'interface' => 'eth3', - 'virtual_ips' => ['192.168.0.2 dev eth3'], - 'track_script' => ['haproxy'], - 'state' => 'BACKUP', - 'priority' => params[:keepalived_priority], - 'notify_master' => '"/etc/init.d/haproxy start"', - 'notify_backup' => '"/etc/init.d/haproxy stop"', + 'interface' => 'eth3', + 'virtual_ips' => ['192.168.0.2 dev eth3'], + 'track_script' => ['haproxy'], + 'state' => 'BACKUP', + 'priority' => params[:keepalived_priority], + 'auth_type' => 'PASS', + 'auth_pass' => 'secret', + 'notify_master' => '"/etc/init.d/haproxy start"', + 'notify_backup' => '"/etc/init.d/haproxy stop"', }) end end @@ -153,13 +159,15 @@ describe 'cloud::loadbalancer' do context 'when keepalived and HAproxy are in backup' do it 'configure vrrp_instance with BACKUP state' do is_expected.to contain_keepalived__instance('1').with({ - 'interface' => params[:keepalived_public_interface], - 'virtual_ips' => ['10.0.0.1 dev eth0', '10.0.0.2 dev eth0'], - 'track_script' => ['haproxy'], - 'state' => params[:keepalived_state], - 'priority' => params[:keepalived_priority], - 'notify_master' => '"/etc/init.d/haproxy start"', - 'notify_backup' => '"/etc/init.d/haproxy stop"', + 'interface' => params[:keepalived_public_interface], + 'virtual_ips' => ['10.0.0.1 dev eth0', '10.0.0.2 dev eth0'], + 'track_script' => ['haproxy'], + 'state' => params[:keepalived_state], + 'priority' => params[:keepalived_priority], + 'auth_type' => 'PASS', + 'auth_pass' => 'secret', + 'notify_master' => '"/etc/init.d/haproxy start"', + 'notify_backup' => '"/etc/init.d/haproxy stop"', }) end # configure vrrp_instance with BACKUP state it 'configure haproxy server without service managed' do @@ -173,12 +181,14 @@ describe 'cloud::loadbalancer' do end it 'configure vrrp_instance with MASTER state' do is_expected.to contain_keepalived__instance('1').with({ - 'interface' => params[:keepalived_public_interface], - 'track_script' => ['haproxy'], - 'state' => 'MASTER', - 'priority' => params[:keepalived_priority], - 'notify_master' => '"/etc/init.d/haproxy start"', - 'notify_backup' => '"/etc/init.d/haproxy stop"', + 'interface' => params[:keepalived_public_interface], + 'track_script' => ['haproxy'], + 'state' => 'MASTER', + 'priority' => params[:keepalived_priority], + 'auth_type' => 'PASS', + 'auth_pass' => 'secret', + 'notify_master' => '"/etc/init.d/haproxy start"', + 'notify_backup' => '"/etc/init.d/haproxy stop"', }) end it 'configure haproxy server with service managed' do