From f62b11bb9d436b1cd8cb9407649e2568927abc16 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Tue, 22 Jul 2025 08:58:17 -0500
Subject: [PATCH] r/keepalived: Deploy keepalived

[keepalived][0] is a free implementation of the Virtual Router
Redundancy Protocol (VRRP), which is a simple method for automatically
assigning an IP address to one of several potential hosts based on
certain criteria.  It is particularly useful in conjunction with a load
balancer like HAProxy, to provide layer 3 redundancy in addition to
layer 7.  We will use it for both the reverse proxy for the public
websites and the Kubernetes API server.

[0]: https://www.keepalived.org/
---
 roles/keepalived/handlers/main.yml            |  4 +++
 roles/keepalived/tasks/main.yml               | 34 +++++++++++++++++++
 roles/keepalived/templates/keepalived.conf.j2 | 24 +++++++++++++
 3 files changed, 62 insertions(+)
 create mode 100644 roles/keepalived/handlers/main.yml
 create mode 100644 roles/keepalived/tasks/main.yml
 create mode 100644 roles/keepalived/templates/keepalived.conf.j2

diff --git a/roles/keepalived/handlers/main.yml b/roles/keepalived/handlers/main.yml
new file mode 100644
index 0000000..2aaa43c
--- /dev/null
+++ b/roles/keepalived/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: reload keepalived
+  service:
+    name: keepalived
+    state: reloaded
diff --git a/roles/keepalived/tasks/main.yml b/roles/keepalived/tasks/main.yml
new file mode 100644
index 0000000..0101bda
--- /dev/null
+++ b/roles/keepalived/tasks/main.yml
@@ -0,0 +1,34 @@
+- name: ensure keepalived is installed
+  package:
+    name: keepalived
+    state: present
+  tags:
+  - install
+
+- name: ensure keepalived is configured
+  template:
+    src: keepalived.conf.j2
+    dest: /etc/keepalived/keepalived.conf
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  notify: reload keepalived
+  tags:
+  - config
+
+- name: flush handlers
+  meta: flush_handlers
+
+- name: ensure keepalived starts at boot
+  service:
+    name: keepalived
+    enabled: true
+  tags:
+  - service
+
+- name: ensure keepalived is running
+  service:
+    name: keepalived
+    state: started
+  tags:
+  - service
diff --git a/roles/keepalived/templates/keepalived.conf.j2 b/roles/keepalived/templates/keepalived.conf.j2
new file mode 100644
index 0000000..863b2d7
--- /dev/null
+++ b/roles/keepalived/templates/keepalived.conf.j2
@@ -0,0 +1,24 @@
+{#- vim: set sw=3 sts=3 ts=3 et : -#}
+! Configuration File for keepalived
+{% if keepalived_global_defs|d %}
+
+global_defs {
+{{ keepalived_global_defs | indent(width=3, first=true) }}
+}
+{% endif %}
+{% if vrrp_track_process|d %}
+
+{% for name, config in vrrp_track_process | items %}
+vrrp_track_process {{ name }} {
+{{ config | indent(width=4, first=true) }}
+}
+{% endfor %}
+{% endif %}
+{% if vrrp_instance|d %}
+
+{% for name, config in vrrp_instance | items %}
+vrrp_instance {{ name }} {
+{{ config | indent(width=4, first=true) }}
+}
+{% endfor %}
+{% endif %}