Add support for keepalived authentication

In some circonstances, if an existing vrrp instance is on the network it will try to join our vrrp instance, thus adding an authentication method ensures that we won't face this situation. Signed-off-by: Sébastien Han <sebastien.han@enovance.com>
2014-10-07 12:10:25 +02:00 · 2014-10-07 12:10:25 +02:00 · 5baa2b30b1
commit 5baa2b30b1
parent 11b504de35
2 changed files with 53 additions and 27 deletions
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@ -52,6 +52,16 @@
 #   Should be an array.
 #   Defaults to false (disabled)
 #
+# [*keepalived_auth_type*]
+#   (optional) Authentication method.
+#   Supported methods are simple Passwd (PASS) or IPSEC AH (AH).
+#   Defaults to undef
+#
+# [*keepalived_auth_pass*]
+#   (optional) Authentication password.
+#   Password string (up to 8 characters).
+#   Defaults to undef
+#
 # [*swift_api*]
 #   (optional) Enable or not Swift public binding.
 #   If true, both public and internal will attempt to be created except if vip_internal_ip is set to false (backward compatibility).
@ -193,6 +203,8 @@ class cloud::loadbalancer(
  $keepalived_public_ipvs           = ['127.0.0.1'],
  $keepalived_internal_interface    = 'eth1',
  $keepalived_internal_ipvs         = [],
+  $keepalived_auth_type             = undef,
+  $keepalived_auth_pass             = undef,
  $ceilometer_bind_options          = [],
  $cinder_bind_options              = [],
  $ec2_bind_options                 = [],
@ -286,6 +298,8 @@ class cloud::loadbalancer(
    state         => $keepalived_state,
    track_script  => ['haproxy'],
    priority      => $keepalived_priority,
+    auth_type     => $keepalived_auth_type,
+    auth_pass     => $keepalived_auth_pass,
    notify_master => '"/etc/init.d/haproxy start"',
    notify_backup => '"/etc/init.d/haproxy stop"',
  }
@ -302,6 +316,8 @@ class cloud::loadbalancer(
      state         => $keepalived_state,
      track_script  => ['haproxy'],
      priority      => $keepalived_priority,
+      auth_type     => $keepalived_auth_type,
+      auth_pass     => $keepalived_auth_pass,
      notify_master => '"/etc/init.d/haproxy start"',
      notify_backup => '"/etc/init.d/haproxy stop"',
    }
--- a/spec/classes/cloud_loadbalancer_spec.rb
+++ b/spec/classes/cloud_loadbalancer_spec.rb
@ -62,6 +62,8 @@ describe 'cloud::loadbalancer' do
        :keepalived_vrrp_interface         => false,
        :keepalived_public_interface       => 'eth0',
        :keepalived_public_ipvs            => ['10.0.0.1', '10.0.0.2'],
+        :keepalived_auth_type              => 'PASS',
+        :keepalived_auth_pass              => 'secret',
        :horizon_port                      => '80',
        :spice_port                        => '6082',
        :vip_public_ip                     => '10.0.0.1',
@ -106,13 +108,15 @@ describe 'cloud::loadbalancer' do
      end
      it 'configure an internal VRRP instance' do
        is_expected.to contain_keepalived__instance('2').with({
-          'interface'     => 'eth1',
-          'virtual_ips'   => ['192.168.0.1 dev eth1'],
-          'track_script'  => ['haproxy'],
-          'state'         => 'BACKUP',
-          'priority'      => params[:keepalived_priority],
-          'notify_master' => '"/etc/init.d/haproxy start"',
-          'notify_backup' => '"/etc/init.d/haproxy stop"',
+          'interface'            => 'eth1',
+          'virtual_ips'          => ['192.168.0.1 dev eth1'],
+          'track_script'         => ['haproxy'],
+          'state'                => 'BACKUP',
+          'priority'             => params[:keepalived_priority],
+          'auth_type'            => 'PASS',
+          'auth_pass'            => 'secret',
+          'notify_master'        => '"/etc/init.d/haproxy start"',
+          'notify_backup'        => '"/etc/init.d/haproxy stop"',
        })
      end
    end
@ -128,13 +132,15 @@ describe 'cloud::loadbalancer' do
      end
      it 'configure a public VRRP instance with deprecated parameters' do
        is_expected.to contain_keepalived__instance('1').with({
-          'interface'     => 'eth3',
-          'virtual_ips'   => ['192.168.0.2 dev eth3'],
-          'track_script'  => ['haproxy'],
-          'state'         => 'BACKUP',
-          'priority'      => params[:keepalived_priority],
-          'notify_master' => '"/etc/init.d/haproxy start"',
-          'notify_backup' => '"/etc/init.d/haproxy stop"',
+          'interface'            => 'eth3',
+          'virtual_ips'          => ['192.168.0.2 dev eth3'],
+          'track_script'         => ['haproxy'],
+          'state'                => 'BACKUP',
+          'priority'             => params[:keepalived_priority],
+          'auth_type'            => 'PASS',
+          'auth_pass'            => 'secret',
+          'notify_master'        => '"/etc/init.d/haproxy start"',
+          'notify_backup'        => '"/etc/init.d/haproxy stop"',
        })
      end
    end
@ -153,13 +159,15 @@ describe 'cloud::loadbalancer' do
    context 'when keepalived and HAproxy are in backup' do
      it 'configure vrrp_instance with BACKUP state' do
        is_expected.to contain_keepalived__instance('1').with({
-          'interface'     => params[:keepalived_public_interface],
-          'virtual_ips'   => ['10.0.0.1 dev eth0', '10.0.0.2 dev eth0'],
-          'track_script'  => ['haproxy'],
-          'state'         => params[:keepalived_state],
-          'priority'      => params[:keepalived_priority],
-          'notify_master' => '"/etc/init.d/haproxy start"',
-          'notify_backup' => '"/etc/init.d/haproxy stop"',
+          'interface'            => params[:keepalived_public_interface],
+          'virtual_ips'          => ['10.0.0.1 dev eth0', '10.0.0.2 dev eth0'],
+          'track_script'         => ['haproxy'],
+          'state'                => params[:keepalived_state],
+          'priority'             => params[:keepalived_priority],
+          'auth_type'            => 'PASS',
+          'auth_pass'            => 'secret',
+          'notify_master'        => '"/etc/init.d/haproxy start"',
+          'notify_backup'        => '"/etc/init.d/haproxy stop"',
        })
      end # configure vrrp_instance with BACKUP state
      it 'configure haproxy server without service managed' do
@ -173,12 +181,14 @@ describe 'cloud::loadbalancer' do
      end
      it 'configure vrrp_instance with MASTER state' do
        is_expected.to contain_keepalived__instance('1').with({
-          'interface'     => params[:keepalived_public_interface],
-          'track_script'  => ['haproxy'],
-          'state'         => 'MASTER',
-          'priority'      => params[:keepalived_priority],
-          'notify_master' => '"/etc/init.d/haproxy start"',
-          'notify_backup' => '"/etc/init.d/haproxy stop"',
+          'interface'            => params[:keepalived_public_interface],
+          'track_script'         => ['haproxy'],
+          'state'                => 'MASTER',
+          'priority'             => params[:keepalived_priority],
+          'auth_type'            => 'PASS',
+          'auth_pass'            => 'secret',
+          'notify_master'        => '"/etc/init.d/haproxy start"',
+          'notify_backup'        => '"/etc/init.d/haproxy stop"',
        })
      end
      it 'configure haproxy server with service managed' do