From 1d325903d5e3a0e3e5db532e179531c501c69eb0 Mon Sep 17 00:00:00 2001 From: Tyler Hale Date: Tue, 23 Aug 2022 09:29:21 -0600 Subject: [PATCH] Adding option for authentication --- README.md | 3 ++- roles/haproxy/defaults/main.yml | 1 + roles/haproxy/templates/keepalived.conf.j2 | 7 +++++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index cc193a6..940b923 100644 --- a/README.md +++ b/README.md @@ -12,12 +12,13 @@ Ansible playbook that provisions a group of servers to run HAProxy with a shared | haproxy_keepalived_adapter_vlan | No | | | When specified, this will setup the given vlan and use that for the keepalived communication to keep the traffic out of the primary network | | haproxy_keepalived_ip | Yes | 172.16.10.1/24 | | IP to use for the keepalived communication | | haproxy_keepalived_process_weight | Yes | 10 | | Weight used for tracking the haproxy process on the server | +| haproxy_listen_ports | Yes | 22/tcp, 80/tcp, 443/tcp, 9999/tcp | | The firewall ports/protocols that should be opened on the firewall | | haproxy_shared_ip | Yes | | | Shared IP that will be used by the group | | haproxy_shared_ip_subnet | Yes | /24 | | Subnet for the shared IP | +| haproxy_shared_password | No | | | Optional password that should be used for the keepalived authentication | | haproxy_shared_priority | Yes | 100 | | Keepalived priority for the host - this will | | haproxy_shared_state | Yes | MASTER | MASTER/BACKUP | What state the keepalived configuration will start with for the desired host - After config starts it will determine if other members exist and adjust based on priority | | haproxy_shared_virtual_router_id | Yes | 25 | | Virtual Router ID for the keepalived configuration - This should be the same for the group | -| haproxy_listen_ports | Yes | 22/tcp, 80/tcp, 443/tcp, 9999/tcp | | The firewall ports/protocols that should be opened on the firewall | ## Example diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml index 627d731..0c33294 100644 --- a/roles/haproxy/defaults/main.yml +++ b/roles/haproxy/defaults/main.yml @@ -8,6 +8,7 @@ haproxy_config_file: "example.haproxy.cfg.j2" haproxy_shared_ip: "" haproxy_shared_ip_subnet: "/24" haproxy_shared_virtual_router_id: 25 +haproxy_shared_password: "" haproxy_keepalived_process_weight: 10 haproxy_listen_ports: - port : 22 diff --git a/roles/haproxy/templates/keepalived.conf.j2 b/roles/haproxy/templates/keepalived.conf.j2 index bae17c8..89b3e76 100644 --- a/roles/haproxy/templates/keepalived.conf.j2 +++ b/roles/haproxy/templates/keepalived.conf.j2 @@ -14,6 +14,13 @@ vrrp_instance VI_1 { virtual_router_id {{ haproxy_shared_virtual_router_id }} priority {{ haproxy_shared_priority }} +{% if haproxy_shared_password != '' %} + authentication { + auth_type PASS + auth_pass {{ haproxy_shared_password }} + } + +{% endif %} virtual_ipaddress { {{ haproxy_shared_ip }}{{ haproxy_shared_ip_subnet }} dev {{ haproxy_bind_adapter }} }