diff --git a/chef/cookbooks/keepalived/CHANGELOG.md b/chef/cookbooks/keepalived/CHANGELOG.md new file mode 100644 index 0000000..db99887 --- /dev/null +++ b/chef/cookbooks/keepalived/CHANGELOG.md @@ -0,0 +1,31 @@ +keepalived Cookbook CHANGELOG +============================= +This file is used to list changes made in each version of the keepalived cookbook. + + +v1.2.0 (2014-02-25) +------------------- +- [COOK-4299] Avoid setting attributes without precedence + + +v1.1.0 +------ +### New Feature +- **[COOK-3017](https://tickets.opscode.com/browse/COOK-3017)** - Add support for `vrrp_sync_groups` + +v1.0.4 +------ +### Improvement +- [COOK-2919]: Status option not available + +v1.0.2 +------ +- [COOK-1965] - fixes template subscribes and readme typos + +v1.0.0 +------ +- [COOK-1656] - Make keepalived configurable. Add some tests. + +v0.7.1 +------ +- Current public release. diff --git a/chef/cookbooks/keepalived/README.md b/chef/cookbooks/keepalived/README.md new file mode 100644 index 0000000..8eca375 --- /dev/null +++ b/chef/cookbooks/keepalived/README.md @@ -0,0 +1,174 @@ +keepalived Cookbook +=================== +Installs keepalived and generates the configuration file. + + +Usage +----- +### Configuration settings + +* `node[:keepalived][:shared_address] = true` # If keepalived is using a shared address + +### Global settings + +* `node['keepalived']['global']['notification_emails'] = 'admin@example.com'` # notification emails +* `node['keepalived']['global']['notification_email_from'] = "keepalived@#{node.domain}"` # from address +* `node['keepalived']['global']['smtp_server'] = '127.0.0.1'` # smtp server address +* `node['keepalived']['global']['smtp_connect_timeout'] = 30` # smtp connection timeout +* `node['keepalived']['global']['router_id'] = 'DEFAULT_ROUT_ID'` # router ID +* `node['keepalived']['global']['router_ids'] = {}` # mapped router ID (see example below) + +The `router_ids` allow for defining different IDs based on node name within a single role. This allows for a role structured like so: + +```ruby +override_attributes( + :keepalived => { + :global => { + :router_ids => { + 'node1' => 'MASTER_NODE', + 'node2' => 'BACKUP_NODE' + } + } + } +) +``` +### Check Scripts + +* `node[:keepalived][:check_scripts] = {}` # define available check scripts + +Multiple check scripts can be defined. The key will provide the name of the check script within the configuration file. The value should be a hash with the keys: `script`, `interval` and `weight` defined. For example, a simple HAProxy check script: + +```ruby +node[:keepalived][:check_scripts][:chk_haproxy] = { + :script => 'killall -0 haproxy', + :interval => 2, + :weight => 2 +} +``` + +### Instance defaults + +These are fallback values instance blocks can default to if non have been explicitly defined: + +* `node[:keepalived][:instance_defaults][:state] = 'MASTER'` # default state +* `node[:keepalived][:instance_defaults][:priority] = 100` # default priority +* `node[:keepalived][:instance_defaults][:virtual_router_id] = 'DEFAULT_VIRT_ROUT_ID'` # default virtual router ID + + +Instances +--------- +* `node[:keepalived][:instances] = {}` + +Multiple instances can be defined. The key will be used to define the instance name. The value will be a hash used to describe the instance. Attributes used within the instance hash: + +* `:ip_addresses => '127.0.0.1'` # IP address(es) used by this instance +* `:interface => 'eth0'` # Network interface used +* `:states => {}` # Node name mapped states +* `:virtual_router_ids => {}` # Node name mapped virtual router IDs +* `:priorities => {}` # Node name mapped priorities +* `:track_script => 'check_name'` # Name of check script in use for instance +* `:nopreempt => false` # Do not preempt +* `:advert_int => 1` # Set advert_int +* `:auth_type => nil` # Enable authentication (:pass or :ah) +* `:auth_pass => 'secret'` # Password used for authentication +* `:unicast_peer => {}` # IP address(es) for unicast (only for 1.2.8 and greater) + +### Vrrp Sync Groups + +Sync groups can be created using a hash with the group name as the key. Individual sync group hashes accept arrays of instances and options for each group as shown below: + +```ruby +node[:keepalived][:sync_groups] = { + :vg_1 => { + :instances => [ + 'vi_1' + ], + :options => [ + 'global_tracking' + ] + } +} +``` + +### Full role based example + +```ruby +override_attributes( + :keepalived => { + :shared_address => true, + :check_scripts => { + :chk_haproxy => { + :script => 'killall -0 haproxy', + :interval => 2, + :weight => 2 + } + }, + :instances => { + :vi_1 => { + :ip_addresses => '192.168.0.2', + :interface => 'eth0', + :state => 'MASTER', + :states => { + 'master.domain' => :master, + 'backup.domain' => :backup + }, + :virtual_router_ids => { + 'master.domain' => 'SERVICE_MASTER', + 'backup.domain' => 'SERVICE_BACKUP' + }, + :priorities => { + 'master.domain' => 101, + 'backup.domain' => 100 + }, + :track_script => 'chk_haproxy', + :nopreempt => false, + :advert_int => 1, + :auth_type => :pass, + :auth_pass => 'secret' + } + } + } +) +``` + +### Recipe based example: + +```ruby +include_recipe 'keepalived' + +node[:keepalived][:check_scripts][:chk_init] = { + :script => 'killall -0 init', + :interval => 2, + :weight => 2 +} +node[:keepalived][:instances][:vi_1] = { + :ip_addresses => '10.0.2.254', + :interface => 'eth0', + :track_script => 'chk_init', + :nopreempt => false, + :advert_int => 1, + :auth_type => nil, # :pass or :ah + :auth_pass => 'secret' +} +``` + + +License & Authors +----------------- +- Author:: Joshua Timberman () + +```text +Copyright:: 2009, Opscode, Inc + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/chef/cookbooks/keepalived/attributes/default.rb b/chef/cookbooks/keepalived/attributes/default.rb new file mode 100644 index 0000000..54d004c --- /dev/null +++ b/chef/cookbooks/keepalived/attributes/default.rb @@ -0,0 +1,38 @@ +default['keepalived']['shared_address'] = false +default['keepalived']['global']['notification_emails'] = 'admin@example.com' +default['keepalived']['global']['notification_email_from'] = "keepalived@#{node['domain'] || 'example.com'}" +default['keepalived']['global']['smtp_server'] = '127.0.0.1' +default['keepalived']['global']['smtp_connect_timeout'] = 30 +default['keepalived']['global']['router_id'] = 'DEFAULT_ROUT_ID' +default['keepalived']['global']['router_ids'] = { + "centos-10-145-88-152" => "lsb01", + "centos-10-145-88-153" => "lsb02" + } # node name based mapping +default['keepalived']['check_scripts'] = { + "haproxy" => { + "script" => "killall -0 haproxy", + "interval" => "2", + "weight" => "2" + } + } +default['keepalived']['instance_defaults']['state'] = 'MASTER' +default['keepalived']['instance_defaults']['priority'] = 100 +default['keepalived']['instance_defaults']['virtual_router_id'] = 10 +default['keepalived']['instances'] = { + "openstack" => { + "virtual_router_id" => "50", + "advert_int" => "1", + "priorities" => { + "centos-10-145-88-152" => "110", + "centos-10-145-88-153" => "101" + }, + "states" => { + "centos-10-145-88-152" => "BACKUP", + "centos-10-145-88-153" => "MASTER" + }, + "interface" => "eth0", + "ip_addresses" => ["192.168.220.40 dev eth0"], + "track_script" => "haproxy" + } + } +default['keepalived']['sync_groups'] = nil diff --git a/chef/cookbooks/keepalived/metadata.json b/chef/cookbooks/keepalived/metadata.json new file mode 100644 index 0000000..7775c66 --- /dev/null +++ b/chef/cookbooks/keepalived/metadata.json @@ -0,0 +1,31 @@ +{ + "name": "keepalived", + "version": "1.2.0", + "description": "Installs and configures keepalived", + "long_description": "keepalived Cookbook\n===================\nInstalls keepalived and generates the configuration file.\n\n\nUsage\n-----\n### Configuration settings\n\n* `node[:keepalived][:shared_address] = true` # If keepalived is using a shared address\n\n### Global settings\n\n* `node['keepalived']['global']['notification_emails'] = 'admin@example.com'` # notification emails\n* `node['keepalived']['global']['notification_email_from'] = \"keepalived@#{node.domain}\"` # from address\n* `node['keepalived']['global']['smtp_server'] = '127.0.0.1'` # smtp server address\n* `node['keepalived']['global']['smtp_connect_timeout'] = 30` # smtp connection timeout\n* `node['keepalived']['global']['router_id'] = 'DEFAULT_ROUT_ID'` # router ID\n* `node['keepalived']['global']['router_ids'] = {}` # mapped router ID (see example below)\n\nThe `router_ids` allow for defining different IDs based on node name within a single role. This allows for a role structured like so:\n\n```ruby\noverride_attributes(\n :keepalived => {\n :global => {\n :router_ids => {\n 'node1' => 'MASTER_NODE',\n 'node2' => 'BACKUP_NODE'\n }\n }\n }\n)\n```\n### Check Scripts\n\n* `node[:keepalived][:check_scripts] = {}` # define available check scripts\n\nMultiple check scripts can be defined. The key will provide the name of the check script within the configuration file. The value should be a hash with the keys: `script`, `interval` and `weight` defined. For example, a simple HAProxy check script:\n\n```ruby\nnode[:keepalived][:check_scripts][:chk_haproxy] = {\n :script => 'killall -0 haproxy',\n :interval => 2,\n :weight => 2\n}\n```\n\n### Instance defaults\n\nThese are fallback values instance blocks can default to if non have been explicitly defined:\n\n* `node[:keepalived][:instance_defaults][:state] = 'MASTER'` # default state\n* `node[:keepalived][:instance_defaults][:priority] = 100` # default priority\n* `node[:keepalived][:instance_defaults][:virtual_router_id] = 'DEFAULT_VIRT_ROUT_ID'` # default virtual router ID\n\n\nInstances\n---------\n* `node[:keepalived][:instances] = {}`\n\nMultiple instances can be defined. The key will be used to define the instance name. The value will be a hash used to describe the instance. Attributes used within the instance hash:\n\n* `:ip_addresses => '127.0.0.1'` # IP address(es) used by this instance\n* `:interface => 'eth0'` # Network interface used\n* `:states => {}` # Node name mapped states\n* `:virtual_router_ids => {}` # Node name mapped virtual router IDs\n* `:priorities => {}` # Node name mapped priorities\n* `:track_script => 'check_name'` # Name of check script in use for instance\n* `:nopreempt => false` # Do not preempt\n* `:advert_int => 1` # Set advert_int\n* `:auth_type => nil` # Enable authentication (:pass or :ah)\n* `:auth_pass => 'secret'` # Password used for authentication\n* `:unicast_peer => {}` # IP address(es) for unicast (only for 1.2.8 and greater)\n\n### Vrrp Sync Groups\n\nSync groups can be created using a hash with the group name as the key. Individual sync group hashes accept arrays of instances and options for each group as shown below:\n\n```ruby\nnode[:keepalived][:sync_groups] = {\n :vg_1 => {\n :instances => [\n 'vi_1'\n ],\n :options => [\n 'global_tracking'\n ]\n }\n}\n```\n\n### Full role based example\n\n```ruby\noverride_attributes(\n :keepalived => {\n :shared_address => true,\n :check_scripts => {\n :chk_haproxy => {\n :script => 'killall -0 haproxy',\n :interval => 2,\n :weight => 2\n }\n },\n :instances => {\n :vi_1 => {\n :ip_addresses => '192.168.0.2',\n :interface => 'eth0',\n :state => 'MASTER',\n :states => {\n 'master.domain' => :master,\n 'backup.domain' => :backup\n },\n :virtual_router_ids => {\n 'master.domain' => 'SERVICE_MASTER',\n 'backup.domain' => 'SERVICE_BACKUP'\n },\n :priorities => {\n 'master.domain' => 101,\n 'backup.domain' => 100\n },\n :track_script => 'chk_haproxy',\n :nopreempt => false,\n :advert_int => 1,\n :auth_type => :pass,\n :auth_pass => 'secret'\n }\n }\n }\n)\n```\n\n### Recipe based example:\n\n```ruby\ninclude_recipe 'keepalived'\n\nnode[:keepalived][:check_scripts][:chk_init] = {\n :script => 'killall -0 init',\n :interval => 2,\n :weight => 2\n}\nnode[:keepalived][:instances][:vi_1] = {\n :ip_addresses => '10.0.2.254',\n :interface => 'eth0',\n :track_script => 'chk_init',\n :nopreempt => false,\n :advert_int => 1,\n :auth_type => nil, # :pass or :ah\n :auth_pass => 'secret'\n}\n```\n\n\nLicense & Authors\n-----------------\n- Author:: Joshua Timberman ()\n\n```text\nCopyright:: 2009, Opscode, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n", + "maintainer": "Opscode, Inc.", + "maintainer_email": "cookbooks@opscode.com", + "license": "Apache 2.0", + "platforms": { + "ubuntu": ">= 0.0.0" + }, + "dependencies": { + }, + "recommendations": { + }, + "suggestions": { + }, + "conflicting": { + }, + "providing": { + }, + "replacing": { + }, + "attributes": { + }, + "groupings": { + }, + "recipes": { + "keepalived": "Installs and configures keepalived" + } +} \ No newline at end of file diff --git a/chef/cookbooks/keepalived/metadata.rb b/chef/cookbooks/keepalived/metadata.rb new file mode 100644 index 0000000..11088bd --- /dev/null +++ b/chef/cookbooks/keepalived/metadata.rb @@ -0,0 +1,10 @@ +name "keepalived" +maintainer "Opscode, Inc." +maintainer_email "cookbooks@opscode.com" +license "Apache 2.0" +description "Installs and configures keepalived" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version "1.2.0" +supports "ubuntu" + +recipe "keepalived", "Installs and configures keepalived" diff --git a/chef/cookbooks/keepalived/recipes/default.rb b/chef/cookbooks/keepalived/recipes/default.rb new file mode 100644 index 0000000..5143d8e --- /dev/null +++ b/chef/cookbooks/keepalived/recipes/default.rb @@ -0,0 +1,45 @@ +# +# Cookbook Name:: keepalived +# Recipe:: default +# +# Copyright 2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package "keepalived" + +if node['keepalived']['shared_address'] + file '/etc/sysctl.d/60-ip-nonlocal-bind.conf' do + mode 0644 + content "net.ipv4.ip_nonlocal_bind=1\n" + end + + service 'procps' do + action :start + end +end + +template "keepalived.conf" do + path "/etc/keepalived/keepalived.conf" + source "keepalived.conf.erb" + owner "root" + group "root" + mode 0644 +end + +service "keepalived" do + supports :restart => true + action [:enable, :start] + subscribes :restart, "template[keepalived.conf]" +end diff --git a/chef/cookbooks/keepalived/templates/default/keepalived.conf.erb b/chef/cookbooks/keepalived/templates/default/keepalived.conf.erb new file mode 100644 index 0000000..b9561b0 --- /dev/null +++ b/chef/cookbooks/keepalived/templates/default/keepalived.conf.erb @@ -0,0 +1,79 @@ +! Configuration File for keepalived +! Generated by Chef. +global_defs { + notification_email { + <% Array(node['keepalived']['global']['notification_emails']).each do |email| %> + <%= email %> + <% end %> + } + notification_email_from <%= node['keepalived']['global']['notification_email_from'] %> + smtp_server <%= node['keepalived']['global']['smtp_server'] %> + smtp_connect_timeout <%= node['keepalived']['global']['smtp_connect_timeout'] %> + router_id <%= node['keepalived']['global']['router_ids'][node.name] || node['keepalived']['global']['router_id'] %> +} + +<% unless node['keepalived']['sync_groups'].nil? -%> + <% node['keepalived']['sync_groups'].each do |group, values| -%> +vrrp_sync_group <%= group.upcase %> { + group { + <% values['instances'].each do |instance| -%> + <%= instance.upcase %> + <% end -%> + } + <% values['options'].each do |option| -%> + <%= option %> + <% end -%> +} + <% end -%> +<% end -%> + +<% node['keepalived']['check_scripts'].each_pair do |name, script| %> +vrrp_script <%= name %> { + script "<%= script['script'] %>" + interval <%= script['interval'] %> + weight <%= script['weight'] %> +} +<% end %> + +<% node['keepalived']['instances'].each_pair do |name, instance| -%> +<% + states = instance['states'] || {} + priorities = instance['priorities'] || {} + virtual_router_ids = instance['virtual_router_ids'] || {} +-%> +vrrp_instance <%= name.upcase %> { + interface <%= instance['interface'] %> + virtual_router_id <%= virtual_router_ids[node.name] || node['keepalived']['instance_defaults']['virtual_router_id'] %> + <% if instance['nopreempt'] -%> + nopreempt + <% end -%> + state <%= states[node.name] || node['keepalived']['instance_defaults']['state'] %> + priority <%= priorities[node.name] || node['keepalived']['instance_defaults']['priority'] %> + <% if instance['advert_int'] -%> + advert_int <%= instance['advert_int'] %> + <% end -%> + <% if instance['unicast_peer'] && !instance['unicast_peer'].empty? -%> + unicast_peer { + <% Array(instance['unicast_peer']).each do |address| %> + <%= address %> + <% end %> + } + <% end -%> + <% if instance['auth_type'] -%> + authentication { + auth_type <%= instance['auth_type'].to_s.upcase %> + auth_pass <%= instance['auth_pass'] %> + } + <% end -%> + virtual_ipaddress { + <% Array(instance['ip_addresses']).each do |address| %> + <%= address %> + <% end %> + } + <% if instance['track_script'] %> + track_script { + <%= instance['track_script'] %> + } + <% end %> +} +<% end -%> diff --git a/chef/databags/openstack/openstack.json b/chef/databags/openstack/openstack.json index 0cfe563..d16daf4 100644 --- a/chef/databags/openstack/openstack.json +++ b/chef/databags/openstack/openstack.json @@ -108,6 +108,23 @@ "os-controller": ["dashboard_http","dashboard_https","keystone_admin", "keystone_public_internal","nova_ec2_api","nova_compute_api","cinder_api","neutron_api"], "os-image": ["glance_api","glance_registry_cluster"] } + }, + "keepalived": { + "router_ids": { + "node1.name_in_chef_server": "lsb01", + "node2.name_in_chef_server": "lsb02" + }, + "instance_name": { + "vip": "10.145.88.231", + "priorities": { + "node1.name_in_chef_server": 110, + "node2.name_in_chef_server": 101 + }, + "states": { + "centos-10-145-88-152": "BACKUP", + "centos-10-145-88-153": "MASTER" + } + } } }, "dashboard_roles" : [ "os-controller", "os-dashboard" ],