Adding option for authentication

This commit is contained in:
Tyler Hale 2022-08-23 09:29:21 -06:00
parent 184abe0197
commit 1d325903d5
Signed by: Tyler
GPG key ID: C7CC4B910D88EF96
3 changed files with 10 additions and 1 deletions

View file

@ -12,12 +12,13 @@ Ansible playbook that provisions a group of servers to run HAProxy with a shared
| haproxy_keepalived_adapter_vlan | No | | | When specified, this will setup the given vlan and use that for the keepalived communication to keep the traffic out of the primary network | | haproxy_keepalived_adapter_vlan | No | | | When specified, this will setup the given vlan and use that for the keepalived communication to keep the traffic out of the primary network |
| haproxy_keepalived_ip | Yes | 172.16.10.1/24 | | IP to use for the keepalived communication | | haproxy_keepalived_ip | Yes | 172.16.10.1/24 | | IP to use for the keepalived communication |
| haproxy_keepalived_process_weight | Yes | 10 | | Weight used for tracking the haproxy process on the server | | haproxy_keepalived_process_weight | Yes | 10 | | Weight used for tracking the haproxy process on the server |
| haproxy_listen_ports | Yes | 22/tcp, 80/tcp, 443/tcp, 9999/tcp | | The firewall ports/protocols that should be opened on the firewall |
| haproxy_shared_ip | Yes | | | Shared IP that will be used by the group | | haproxy_shared_ip | Yes | | | Shared IP that will be used by the group |
| haproxy_shared_ip_subnet | Yes | /24 | | Subnet for the shared IP | | haproxy_shared_ip_subnet | Yes | /24 | | Subnet for the shared IP |
| haproxy_shared_password | No | | | Optional password that should be used for the keepalived authentication |
| haproxy_shared_priority | Yes | 100 | | Keepalived priority for the host - this will | | haproxy_shared_priority | Yes | 100 | | Keepalived priority for the host - this will |
| haproxy_shared_state | Yes | MASTER | MASTER/BACKUP | What state the keepalived configuration will start with for the desired host - After config starts it will determine if other members exist and adjust based on priority | | haproxy_shared_state | Yes | MASTER | MASTER/BACKUP | What state the keepalived configuration will start with for the desired host - After config starts it will determine if other members exist and adjust based on priority |
| haproxy_shared_virtual_router_id | Yes | 25 | | Virtual Router ID for the keepalived configuration - This should be the same for the group | | haproxy_shared_virtual_router_id | Yes | 25 | | Virtual Router ID for the keepalived configuration - This should be the same for the group |
| haproxy_listen_ports | Yes | 22/tcp, 80/tcp, 443/tcp, 9999/tcp | | The firewall ports/protocols that should be opened on the firewall |
## Example ## Example

View file

@ -8,6 +8,7 @@ haproxy_config_file: "example.haproxy.cfg.j2"
haproxy_shared_ip: "" haproxy_shared_ip: ""
haproxy_shared_ip_subnet: "/24" haproxy_shared_ip_subnet: "/24"
haproxy_shared_virtual_router_id: 25 haproxy_shared_virtual_router_id: 25
haproxy_shared_password: ""
haproxy_keepalived_process_weight: 10 haproxy_keepalived_process_weight: 10
haproxy_listen_ports: haproxy_listen_ports:
- port : 22 - port : 22

View file

@ -14,6 +14,13 @@ vrrp_instance VI_1 {
virtual_router_id {{ haproxy_shared_virtual_router_id }} virtual_router_id {{ haproxy_shared_virtual_router_id }}
priority {{ haproxy_shared_priority }} priority {{ haproxy_shared_priority }}
{% if haproxy_shared_password != '' %}
authentication {
auth_type PASS
auth_pass {{ haproxy_shared_password }}
}
{% endif %}
virtual_ipaddress { virtual_ipaddress {
{{ haproxy_shared_ip }}{{ haproxy_shared_ip_subnet }} dev {{ haproxy_bind_adapter }} {{ haproxy_shared_ip }}{{ haproxy_shared_ip_subnet }} dev {{ haproxy_bind_adapter }}
} }