Blame - roles/keepalived/tasks/main.yml - atmosphere

blob: ceaa88ab0e2a2f8babbdad74886643e74b1494e3 [file] [log] [blame]

okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	1	# Copyright (c) 2022 VEXXHOST, Inc.
				2	#
				3	# Licensed under the Apache License, Version 2.0 (the "License"); you may
				4	# not use this file except in compliance with the License. You may obtain
				5	# a copy of the License at
				6	#
				7	# http://www.apache.org/licenses/LICENSE-2.0
				8	#
				9	# Unless required by applicable law or agreed to in writing, software
				10	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				11	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
				12	# License for the specific language governing permissions and limitations
				13	# under the License.
				14
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	15	- name: Deploy service
Mohammed Naser	6a8b6ca	2024-05-30 17:25:30 -0400	[diff] [blame]	16	run_once: true
Mohammed Naser	956d49c	2022-04-29 11:20:05 -0400	[diff] [blame]	17	when: keepalived_enabled \| bool
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	18	kubernetes.core.k8s:
				19	state: present
				20	definition:
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	21	- apiVersion: v1
				22	kind: Secret
				23	metadata:
				24	name: keepalived-etc
				25	namespace: openstack
				26	stringData:
				27	keepalived.conf: \|
				28	global_defs {
				29	default_interface {{ keepalived_interface }}
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	30	}
				31
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	32	vrrp_instance VI_1 {
				33	interface {{ keepalived_interface }}
				34
				35	state BACKUP
				36	virtual_router_id {{ keepalived_vrid }}
				37	priority 150
				38	nopreempt
				39
				40	virtual_ipaddress {
				41	{{ keepalived_vip }}
				42	}
				43
				44	authentication {
				45	auth_type PASS
				46	auth_pass {{ keepalived_password }}
				47	}
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	48	}
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	49
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	50	- apiVersion: v1
				51	kind: ConfigMap
				52	metadata:
				53	name: keepalived-bin
				54	namespace: openstack
				55	data:
				56	wait-for-ip.sh: \|
				57	#!/bin/sh -x
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	58
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	59	while true; do
				60	ip -4 addr list dev {{ keepalived_interface }} \| grep {{ keepalived_interface }}
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	61
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	62	# We detected an IP address
				63	if [ $? -eq 0 ]; then
				64	break
				65	fi
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	66
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	67	sleep 1
				68	done
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	69
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	70	- apiVersion: rbac.authorization.k8s.io/v1
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	71	kind: Role
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	72	metadata:
				73	name: keepalived
				74	namespace: openstack
				75	rules:
				76	- apiGroups:
				77	- ""
				78	resources:
				79	- pods
				80	verbs:
				81	- list
				82	- get
				83
				84	- apiVersion: v1
				85	automountServiceAccountToken: true
				86	kind: ServiceAccount
				87	metadata:
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	88	name: keepalived
				89	namespace: openstack
				90
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	91	- apiVersion: rbac.authorization.k8s.io/v1
				92	kind: RoleBinding
				93	metadata:
				94	name: keepalived
				95	namespace: openstack
				96	roleRef:
				97	apiGroup: rbac.authorization.k8s.io
				98	kind: Role
				99	name: keepalived
				100	subjects:
				101	- kind: ServiceAccount
				102	name: keepalived
				103	namespace: openstack
				104
				105	- apiVersion: apps/v1
				106	kind: DaemonSet
				107	metadata:
				108	name: keepalived
				109	namespace: openstack
				110	spec:
				111	selector:
				112	matchLabels:
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	113	application: keepalived
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	114	template:
				115	metadata:
				116	labels:
				117	application: keepalived
				118	spec:
				119	automountServiceAccountToken: true
				120	initContainers:
				121	- name: init
Mohammed Naser	31171f4	2023-03-19 00:10:46 +0000	[diff] [blame]	122	image: "{{ atmosphere_images['dep_check'] \| vexxhost.kubernetes.docker_image('ref') }}"
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	123	env:
				124	- name: NAMESPACE
				125	valueFrom:
				126	fieldRef:
				127	apiVersion: v1
				128	fieldPath: metadata.namespace
				129	- name: POD_NAME
				130	valueFrom:
				131	fieldRef:
				132	apiVersion: v1
				133	fieldPath: metadata.name
				134	- name: DEPENDENCY_POD_JSON
Mohammed Naser	1d75a92	2023-07-23 19:24:49 +0000	[diff] [blame]	135	value: "{{ keepalived_pod_dependency[atmosphere_network_backend] \| to_json }}"
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	136	- name: wait-for-ip
Mohammed Naser	31171f4	2023-03-19 00:10:46 +0000	[diff] [blame]	137	image: "{{ atmosphere_images['keepalived'] \| vexxhost.kubernetes.docker_image('ref') }}"
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	138	command:
				139	- /bin/wait-for-ip.sh
				140	volumeMounts:
				141	- mountPath: /bin/wait-for-ip.sh
				142	mountPropagation: None
				143	name: keepalived-bin
				144	readOnly: true
				145	subPath: wait-for-ip.sh
				146	containers:
				147	- name: keepalived
Mohammed Naser	31171f4	2023-03-19 00:10:46 +0000	[diff] [blame]	148	image: "{{ atmosphere_images['keepalived'] \| vexxhost.kubernetes.docker_image('ref') }}"
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	149	command:
				150	- keepalived
				151	- -f
				152	- /etc/keepalived/keepalived.conf
				153	- --dont-fork
				154	- --log-console
				155	- --log-detail
				156	- --dump-conf
				157	securityContext:
				158	allowPrivilegeEscalation: true
				159	capabilities:
				160	add:
				161	- NET_ADMIN
				162	- NET_BROADCAST
				163	- NET_RAW
				164	volumeMounts:
				165	- mountPath: /etc/keepalived
				166	mountPropagation: None
				167	name: keepalived-etc
				168	readOnly: true
				169	hostNetwork: true
				170	nodeSelector:
				171	openstack-control-plane: enabled
				172	serviceAccountName: keepalived
				173	volumes:
				174	- name: keepalived-etc
				175	secret:
				176	optional: false
				177	secretName: keepalived-etc
				178	- configMap:
Tadas Sutkaitis	4ace418	2023-02-27 04:31:52 +0200	[diff] [blame]	179	defaultMode: 0755 # noqa: yaml[octal-values]
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	180	name: keepalived-bin
Mohammed Naser	c8e1a45	2022-08-11 16:16:13 -0400	[diff] [blame]	181	optional: false
okozachenko	85a3133	2022-04-11 23:34:30 +1000	[diff] [blame]	182	name: keepalived-bin