From 946922fdb9257a9a13cb2fe2589925fc77c1cfea Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sat, 13 Jul 2024 19:59:05 +1000
Subject: [PATCH] feat: add vrrp to halb

- update keepalived module to 5.1.0
- add keepalived::vrrp::* to be deep merged in hiera
- add vrrp dns configuration
- add vrrp instance/script to halb in syd1
---
 Puppetfile                                    |  2 +-
 hieradata/common.yaml                         |  6 +++++
 .../au/region/syd1/infra/halb/haproxy.yaml    | 27 +++++++++++++++++++
 .../nodes/ausyd1nxvm1015.main.unkin.net.yaml  |  6 +++++
 .../nodes/ausyd1nxvm1016.main.unkin.net.yaml  |  5 ++++
 site/profiles/manifests/haproxy/dns.pp        | 24 +++++++++++++++++
 6 files changed, 69 insertions(+), 1 deletion(-)

diff --git a/Puppetfile b/Puppetfile
index 6e43b91..d1fec04 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -33,7 +33,7 @@ mod 'puppet-grafana', '13.1.0'
 mod 'puppet-consul', '8.0.0'
 mod 'puppet-vault', '4.1.0'
 mod 'puppet-dhcp', '6.1.0'
-mod 'puppet-keepalived', '3.6.0'
+mod 'puppet-keepalived', '5.1.0'
 mod 'puppet-extlib', '7.0.0'
 mod 'puppet-network', '2.2.0'
 mod 'puppet-kmod', '4.0.1'
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index ad6c16f..ffa653e 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -135,6 +135,12 @@ lookup_options:
   certbot::client::domains:
     merge:
       strategy: deep
+  keepalived::vrrp_script:
+    merge:
+      strategy: deep
+  keepalived::vrrp_instance:
+    merge:
+      strategy: deep
 
 facts_path: '/opt/puppetlabs/facter/facts.d'
 
diff --git a/hieradata/country/au/region/syd1/infra/halb/haproxy.yaml b/hieradata/country/au/region/syd1/infra/halb/haproxy.yaml
index cf13236..60af6c6 100644
--- a/hieradata/country/au/region/syd1/infra/halb/haproxy.yaml
+++ b/hieradata/country/au/region/syd1/infra/halb/haproxy.yaml
@@ -1,4 +1,31 @@
 ---
+hiera_include:
+  - keepalived
+
+# keepalived
+profiles::haproxy::dns::vrrp_ipaddr: '198.18.13.250'
+profiles::haproxy::dns::vrrp_cnames:
+  - sonarr.main.unkin.net
+  - radarr.main.unkin.net
+  - lidarr.main.unkin.net
+  - readarr.main.unkin.net
+  - prowlarr.main.unkin.net
+  - nzbget.main.unkin.net
+
+keepalived::vrrp_script:
+  check_haproxy:
+    script: '/usr/bin/killall -0 haproxy'
+
+keepalived::vrrp_instance:
+  VI_250:
+    interface: 'eth0'
+    virtual_router_id: 250
+    auth_type: 'PASS'
+    auth_pass: 'quiiK7oo'
+    virtual_ipaddress: '198.18.13.250/32'
+    track_script:
+      - check_haproxy
+
 # mappings
 profiles::haproxy::mappings:
   fe_http:
diff --git a/hieradata/nodes/ausyd1nxvm1015.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1015.main.unkin.net.yaml
index d013779..a12f518 100644
--- a/hieradata/nodes/ausyd1nxvm1015.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm1015.main.unkin.net.yaml
@@ -5,3 +5,9 @@ networking::interfaces:
 networking::routes:
   default:
     gateway: 198.18.13.254
+
+profiles::haproxy::dns::vrrp_master: true
+keepalived::vrrp_instance:
+  VI_250:
+    state: 'MASTER'
+    priority: 101
diff --git a/hieradata/nodes/ausyd1nxvm1016.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm1016.main.unkin.net.yaml
index 4139c9a..a3ecad4 100644
--- a/hieradata/nodes/ausyd1nxvm1016.main.unkin.net.yaml
+++ b/hieradata/nodes/ausyd1nxvm1016.main.unkin.net.yaml
@@ -5,3 +5,8 @@ networking::interfaces:
 networking::routes:
   default:
     gateway: 198.18.13.254
+
+keepalived::vrrp_instance:
+  VI_250:
+    state: 'BACKUP'
+    priority: 100
diff --git a/site/profiles/manifests/haproxy/dns.pp b/site/profiles/manifests/haproxy/dns.pp
index af0e8ac..44b2581 100644
--- a/site/profiles/manifests/haproxy/dns.pp
+++ b/site/profiles/manifests/haproxy/dns.pp
@@ -1,5 +1,8 @@
 # profiles::haproxy::dns
 class profiles::haproxy::dns (
+  Stdlib::IP::Address $vrrp_ipaddr,
+  Boolean             $vrrp_master = false,
+  Array[Stdlib::Fqdn] $vrrp_cnames = [],
   Array[Stdlib::Fqdn] $cnames = [],
   Integer             $order  = 10,
 ){
@@ -24,4 +27,25 @@ class profiles::haproxy::dns (
       order  => $order,
     }
   }
+
+  # export a/cnames for haproxy applications
+  if $vrrp_master {
+    profiles::dns::record { "${facts['networking']['fqdn']}_vrrp_${location_environment}-halb-vrrp":
+      value  => $vrrp_ipaddr,
+      type   => 'A',
+      record => "${location_environment}-halb-vrrp",
+      zone   => $::facts['networking']['domain'],
+      order  => $order,
+    }
+
+    $vrrp_cnames.each |$cname| {
+      profiles::dns::record { "${::facts['networking']['fqdn']}_${cname}_CNAME":
+        value  => "${location_environment}-halb-vrrp",
+        type   => 'CNAME',
+        record => "${cname}.",
+        zone   => $::facts['networking']['domain'],
+        order  => $order,
+      }
+    }
+  }
 }