feat: add vrrp to halb

- update keepalived module to 5.1.0
- add keepalived::vrrp::* to be deep merged in hiera
- add vrrp dns configuration
- add vrrp instance/script to halb in syd1

Puppetfile

@@ -33,7 +33,7 @@ mod 'puppet-grafana', '13.1.0'
 mod 'puppet-consul', '8.0.0'
 mod 'puppet-vault', '4.1.0'
 mod 'puppet-dhcp', '6.1.0'
-mod 'puppet-keepalived', '3.6.0'
+mod 'puppet-keepalived', '5.1.0'
 mod 'puppet-extlib', '7.0.0'
 mod 'puppet-network', '2.2.0'
 mod 'puppet-kmod', '4.0.1'

hieradata/common.yaml

@@ -135,6 +135,12 @@ lookup_options:
   certbot::client::domains:
     merge:
       strategy: deep
+  keepalived::vrrp_script:
+    merge:
+      strategy: deep
+  keepalived::vrrp_instance:
+    merge:
+      strategy: deep
 
 facts_path: '/opt/puppetlabs/facter/facts.d'
 

hieradata/country/au/region/syd1/infra/halb/haproxy.yaml

@@ -1,4 +1,31 @@
 ---
+hiera_include:
+  - keepalived
+
+# keepalived
+profiles::haproxy::dns::vrrp_ipaddr: '198.18.13.250'
+profiles::haproxy::dns::vrrp_cnames:
+  - sonarr.main.unkin.net
+  - radarr.main.unkin.net
+  - lidarr.main.unkin.net
+  - readarr.main.unkin.net
+  - prowlarr.main.unkin.net
+  - nzbget.main.unkin.net
+
+keepalived::vrrp_script:
+  check_haproxy:
+    script: '/usr/bin/killall -0 haproxy'
+
+keepalived::vrrp_instance:
+  VI_250:
+    interface: 'eth0'
+    virtual_router_id: 250
+    auth_type: 'PASS'
+    auth_pass: 'quiiK7oo'
+    virtual_ipaddress: '198.18.13.250/32'
+    track_script:
+      - check_haproxy
+
 # mappings
 profiles::haproxy::mappings:
   fe_http:

hieradata/nodes/ausyd1nxvm1015.main.unkin.net.yaml

@@ -5,3 +5,9 @@ networking::interfaces:
 networking::routes:
   default:
     gateway: 198.18.13.254
+
+profiles::haproxy::dns::vrrp_master: true
+keepalived::vrrp_instance:
+  VI_250:
+    state: 'MASTER'
+    priority: 101

hieradata/nodes/ausyd1nxvm1016.main.unkin.net.yaml

@@ -5,3 +5,8 @@ networking::interfaces:
 networking::routes:
   default:
     gateway: 198.18.13.254
+
+keepalived::vrrp_instance:
+  VI_250:
+    state: 'BACKUP'
+    priority: 100

site/profiles/manifests/haproxy/dns.pp

@@ -1,5 +1,8 @@
 # profiles::haproxy::dns
 class profiles::haproxy::dns (
+  Stdlib::IP::Address $vrrp_ipaddr,
+  Boolean             $vrrp_master = false,
+  Array[Stdlib::Fqdn] $vrrp_cnames = [],
   Array[Stdlib::Fqdn] $cnames = [],
   Integer             $order  = 10,
 ){
@@ -24,4 +27,25 @@ class profiles::haproxy::dns (
       order  => $order,
     }
   }
+
+  # export a/cnames for haproxy applications
+  if $vrrp_master {
+    profiles::dns::record { "${facts['networking']['fqdn']}_vrrp_${location_environment}-halb-vrrp":
+      value  => $vrrp_ipaddr,
+      type   => 'A',
+      record => "${location_environment}-halb-vrrp",
+      zone   => $::facts['networking']['domain'],
+      order  => $order,
+    }
+
+    $vrrp_cnames.each |$cname| {
+      profiles::dns::record { "${::facts['networking']['fqdn']}_${cname}_CNAME":
+        value  => "${location_environment}-halb-vrrp",
+        type   => 'CNAME',
+        record => "${cname}.",
+        zone   => $::facts['networking']['domain'],
+        order  => $order,
+      }
+    }
+  }
 }