diff --git a/README.md b/README.md index 9e9d7d9..eafb4c7 100644 --- a/README.md +++ b/README.md @@ -100,7 +100,9 @@ when using `keepalived_install_method: native` * `keepalived_vrrp_instances.key.notify_fault_user`: [optional]: Specify the user / group to run this script under (since `1.3.0`) * `keepalived_vrrp_instances.key.notify_master`: [optional]: Scripts that is invoked when a server changes state (to `MASTER`) * `keepalived_vrrp_instances.key.notify_master_user`: [optional]: Specify the user / group to run this script under (since `1.3.0`) -* `keepalived_vrrp_instances.key.unicast_peer`: [optional]: IP address of aired unicast address (if you don't want to use multicast) +* `keepalived_vrrp_instances.key.unicast_peer`: [optional]: List of IP addresses if you want to override participating unicast peers (if you don't want to use multicast) +* `keepalived_vrrp_instances.key.unicast_src_ip`: [optional]: IP source address to use for multicast or unicast vrrp packets +* `keepalived_vrrp_instances.key.vmac_xmit_base`: [default: `false`]: Forces VRRP to use the physical interface MAC address as source when it sends its own packets. * `keepalived_vrrp_instances.key.raw_options`: [optional]: An optional list of raw parameters to add to the vrrp instance #### Dependencies diff --git a/tasks/main.yml b/tasks/main.yml index 7911cd2..dd66b2b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -30,13 +30,35 @@ - keepalived-install - keepalived-install-native -- name: allow binding non-local IP - sysctl: - name: net.ipv4.ip_nonlocal_bind - value: "{{ keepalived_ip_nonlocal_bind | string }}" - reload: true - state: present - when: keepalived_ip_nonlocal_bind | bool +- block: + + - name: allow binding non-local IPv4 + sysctl: + name: net.ipv4.ip_nonlocal_bind + value: "{{ keepalived_ip_nonlocal_bind | string }}" + reload: true + state: present + when: keepalived_ip_nonlocal_bind | bool + + - name: check if IPv6 is enabled + slurp: + src: /sys/module/ipv6/parameters/disable + register: _ipv6_disabled + + - name: set ipv6_enabled fact + set_fact: + is_ipv6_enabled: "{{ not _ipv6_disabled.failed and '0' in (_ipv6_disabled.content | b64decode) }}" + + - name: allow binding non-local IPv6 + sysctl: + name: net.ipv6.ip_nonlocal_bind + value: "{{ keepalived_ip_nonlocal_bind | string }}" + reload: true + state: present + when: + - keepalived_ip_nonlocal_bind | bool + - is_ipv6_enabled + tags: - configuration - keepalived diff --git a/templates/etc/keepalived/keepalived.conf.j2 b/templates/etc/keepalived/keepalived.conf.j2 index 90f150c..5a1baec 100644 --- a/templates/etc/keepalived/keepalived.conf.j2 +++ b/templates/etc/keepalived/keepalived.conf.j2 @@ -141,9 +141,23 @@ vrrp_instance {{ key }} { } {% endif %} +{% if value.vmac_xmit_base is defined and value.vmac_xmit_base | bool %} + vmac_xmit_base +{% endif %} + +{% if value.unicast_src_ip is defined %} + unicast_src_ip {{ value.unicast_src_ip }} +{% endif %} + {% if value.unicast_peer is defined %} unicast_peer { +{% if value.unicast_peer is string %} {{ value.unicast_peer }} +{% else %} +{% for peer in value.unicast_peer %} + {{ peer }} +{% endfor%} +{% endif %} } {% endif %} diff --git a/templates/etc/systemd/system/keepalived.service.j2 b/templates/etc/systemd/system/keepalived.service.j2 index 183671d..ae5774f 100644 --- a/templates/etc/systemd/system/keepalived.service.j2 +++ b/templates/etc/systemd/system/keepalived.service.j2 @@ -4,6 +4,7 @@ Description=Keepalived After=network-online.target Wants=network-online.target +ConditionFileNotEmpty={{ keepalived_configuration_file }} [Service] Type=simple