Add hifis.keepalived role

Signed-off-by: Norman Ziegner <n.ziegner@hzdr.de>
hifis-net · May 16, 2024 · 9c8b6f8 · 9c8b6f8
1 parent c1c2b9a
commit 9c8b6f8
Show file tree

Hide file tree

Showing 16 changed files with 1,185 additions and 6 deletions.
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -4,6 +4,12 @@
 # SPDX-License-Identifier: Apache-2.0
 
 ---
+keepalived:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "roles/keepalived/**"
+          - "molecule/keepalived/**"
+          - ".github/workflows/keepalived.yml"
 ssh_keys:
   - changed-files:
       - any-glob-to-any-file:

diff --git a/.github/workflows/keepalived.yml b/.github/workflows/keepalived.yml
@@ -0,0 +1,72 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+name: "hifis.keepalived"
+
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/keepalived.yml'
+      - 'roles/keepalived/**'
+      - 'molecule/keepalived/**'
+      - 'Pipfile'
+      - 'Pipfile.lock'
+  push:
+    branches:
+      - "main"
+    tags:
+      - "v*.*.*"
+    paths:
+      - '.github/workflows/keepalived.yml'
+      - 'roles/keepalived/**'
+      - 'molecule/keepalived/**'
+      - 'Pipfile'
+      - 'Pipfile.lock'
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+
+  test:
+    name: "Run Molecule tests."
+    runs-on: "ubuntu-22.04"
+    env:
+      PY_COLORS: 1
+      ANSIBLE_FORCE_COLOR: 1
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+          - "ghcr.io/hifis-net/ubuntu-systemd:22.04"
+          - "ghcr.io/hifis-net/ubuntu-systemd:20.04"
+
+    steps:
+      - name: "Check out the codebase."
+        uses: "actions/checkout@v4"
+        with:
+          path: "ansible_collections/hifis/toolkit"
+
+      - name: "Prepare the job environment."
+        uses: "./ansible_collections/hifis/toolkit/.github/workflows/prepare-action"
+
+      - name: "Install modern podman"
+        run: |
+          sudo mkdir -p /etc/apt/keyrings
+          curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/Release.key \
+            | gpg --dearmor \
+            | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null
+          echo \
+            "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\
+              https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/ /" \
+            | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null
+          sudo apt-get update -qq
+          sudo apt-get -qq -y install podman
+
+      - name: "Run Molecule tests."
+        run: "pipenv run molecule test -s keepalived"
+        env:
+          MOLECULE_IMAGE: "${{ matrix.image }}"
+        working-directory: "ansible_collections/hifis/toolkit"
diff --git a/README.md b/README.md
@@ -18,17 +18,17 @@ This collection provides production-ready Ansible roles used for providing servi
 software engineers, but not exclusively. The following use cases are supported:
 
 * DevOps platform:
-  * [GitLab](https://github.com/hifis-net/ansible-role-gitlab) (coming soon!)
-  * [GitLab-Runner](https://github.com/hifis-net/ansible-role-gitlab-runner) (coming soon!)
-  * [Redis](https://github.com/hifis-net/ansible-role-redis) (coming soon!)
+  * [GitLab](https://github.com/hifis-net/ansible-role-gitlab) (*coming soon!*)
+  * [GitLab-Runner](https://github.com/hifis-net/ansible-role-gitlab-runner) (*coming soon!*)
+  * [Redis](https://github.com/hifis-net/ansible-role-redis) (*coming soon!*)
 * Help desk:
   * [**Zammad**](roles/zammad)
 * High Availability (HA) / Load Balancing:
-  * [HAProxy](https://github.com/hifis-net/ansible-role-haproxy) (coming soon!)
-  * [Keepalived](https://github.com/hifis-net/ansible-role-keepalived) (coming soon!)
+  * [HAProxy](https://github.com/hifis-net/ansible-role-haproxy) (*coming soon!*)
+  * [**Keepalived**](roles/keepalived)
 * OS-related:
   * [**unattended-upgrades**](roles/unattended_upgrades)
-  * [netplan](https://github.com/hifis-net/ansible-role-gitlab-netplan) (coming soon!)
+  * [netplan](https://github.com/hifis-net/ansible-role-gitlab-netplan) (*coming soon!*)
   * distribute authorized [**SSH keys**](role/ssh_keys) to users
 
 ## Minimum required Ansible-version

diff --git a/molecule/keepalived/converge.yml b/molecule/keepalived/converge.yml
@@ -0,0 +1,20 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+
+- name: "Converge"
+  hosts: "all"
+  vars:
+    keepalived_unicast_peers:
+      - "172.17.0.3"
+      - "172.17.0.4"
+    keepalived_virtual_ip_address: "172.17.0.20"
+  tasks:
+    - name: "Include keepalived role"
+      ansible.builtin.include_role:
+        name: "hifis.toolkit.ssh_keys"
+
+...
diff --git a/molecule/keepalived/molecule.yml b/molecule/keepalived/molecule.yml
@@ -0,0 +1,48 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+
+dependency:
+  name: "galaxy"
+driver:
+  name: "podman"
+platforms:
+  - name: "instancekeepalived"
+    image: "${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:22.04}"
+    pre_build_image: true
+    privileged: true
+    systemd: "always"
+    tty: true
+    override_command: false
+provisioner:
+  name: "ansible"
+  config_options:
+    defaults:
+      stdout_callback: "yaml"
+  playbooks:
+    prepare: "prepare.yml"
+    check: "converge.yml"
+    converge: "converge.yml"
+    verify: "verify.yml"
+verifier:
+  name: "ansible"
+scenario:
+  name: "default"
+  test_sequence:
+    - "destroy"
+    - "dependency"
+    - "syntax"
+    - "create"
+    - "prepare"
+    - "check"
+    - "converge"
+    - "idempotence"
+    - "check"
+    - "side_effect"
+    - "verify"
+    - "destroy"
+
+...
diff --git a/molecule/keepalived/prepare.yml b/molecule/keepalived/prepare.yml
@@ -0,0 +1,20 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+
+- name: "Prepare"
+  hosts: "all"
+  tasks:
+    - name: "Install dependencies"
+      ansible.builtin.apt:
+        name:
+          - "sudo"      # for `become` privilege escalation
+          - "iproute2"  # for gathering network facts
+          - "psmisc"    # provides `killall` command
+        state: "present"
+        update_cache: true
+
+...
diff --git a/molecule/keepalived/verify.yml b/molecule/keepalived/verify.yml
@@ -0,0 +1,22 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+
+- name: "Verify Keepalived"
+  hosts: "all"
+  tasks:
+    - name: "Populate service facts."
+      ansible.builtin.service_facts:
+      register: "services_state"
+
+    - name: "Check that Keepalived is running on instance."
+      ansible.builtin.assert:
+        that:
+          - "services_state.ansible_facts.services['keepalived.service'].state is search('running')"
+        fail_msg: "Keepalived need to be running on instance."
+        success_msg: "Keepalived is running on instance."
+
+...
diff --git a/requirements.yml b/requirements.yml
@@ -8,3 +8,4 @@
 collections:
   - name: "ansible.posix"
   - name: "community.crypto"
+  - name: "community.general"