{"id":180,"sha1":"3d23e161a5666e8cfcceb0711589b4c63f66beb7","playbook":{"id":3,"items":{"plays":46,"tasks":924,"results":1203,"hosts":15,"files":212,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":8,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-infrastructure.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-15T09:55:36.904008Z","ended":"2025-12-15T10:16:50.367261Z","duration":"00:21:13.463253","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.3","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-infrastructure.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2015, Jean-Philippe Evrard <jean-philippe@evrard.me>\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n- name: Debug role vars (instances)\n  ansible.builtin.debug:\n    var: keepalived_instances\n    verbosity: 2\n\n- name: Debug role vars (sync_groups)\n  ansible.builtin.debug:\n    var: keepalived_sync_groups\n    verbosity: 2\n\n- name: Debug role vars (virtual_servers)\n  ansible.builtin.debug:\n    var: keepalived_virtual_servers\n    verbosity: 2\n\n- name: Debug role vars (scripts)\n  ansible.builtin.debug:\n    var: keepalived_scripts\n    verbosity: 2\n\n- name: Gather variables for each operating system\n  ansible.builtin.include_vars: \"{{ lookup('first_found', params) }}\"\n  vars:\n    params:\n      files:\n        - \"{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml\"\n        - \"{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml\"\n        - \"{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml\"\n        - \"{{ ansible_facts['distribution'] | lower }}.yml\"\n        - \"{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml\"\n        - \"{{ ansible_facts['os_family'] | lower }}.yml\"\n      paths:\n        - \"{{ role_path }}/vars\"\n  tags:\n    - always\n\n- name: Configure SELinux\n  ansible.builtin.include_tasks:\n    file: keepalived_selinux.yml\n  when:\n    - keepalived_selinux_compile_rules | length > 0\n    - ansible_facts['selinux']['status'] is defined\n    - ansible_facts['selinux']['status'] == \"enabled\"\n  tags:\n    - keepalived-install\n    - keepalived-config\n\n- name: Install keepalived package(s)\n  ansible.builtin.package:\n    name: \"{{ [keepalived_package_name] + keepalived_scripts_packages }}\"\n    state: \"{{ keepalived_package_state }}\"\n    update_cache: true\n    cache_valid_time: \"{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(cache_timeout, omit) }}\"\n  notify:\n    - Restart keepalived\n  tags:\n    - keepalived-packages\n    - keepalived-install\n\n# Can't use package facts, as it won't be parsed\n# properly by version test on debian/ubuntu.\n# keepalived --version outputs on stderr\n# First line of stderr is similar to 'keepalived v1.0.4 (date)'\n- name: Output keepalived version\n  ansible.builtin.command: keepalived --version\n  register: _keepalived_version\n  changed_when: false\n  check_mode: false\n  tags:\n    - keepalived-config\n\n- name: Set testability flag\n  ansible.builtin.set_fact:\n    keepalived_config_testable: \"{{ _keepalived_version.stderr_lines[0] | regex_search('[kK]eepalived v(.*) ', '\\\\1') | join('.') is version('2.0.4', 'ge') }}\"\n  tags:\n    - keepalived-config\n\n- name: Ensure no new \"samples\" folder appeared\n  ansible.builtin.file:\n    path: /etc/keepalived/samples/\n    state: absent\n  when:\n    - ansible_facts['os_family'] | lower == 'debian'\n  tags:\n    - keepalived-install\n\n- name: Get IPv6 enabled state\n  ansible.builtin.slurp:\n    src: /sys/module/ipv6/parameters/disable\n  register: _ipv6_disabled\n  tags:\n    - keepalived-install\n\n- name: Check if IPv6 is enabled\n  ansible.builtin.set_fact:\n    ipv6_enabled: \"{{ not _ipv6_disabled.failed and '0' in (_ipv6_disabled.content | b64decode) }}\"\n  tags:\n    - keepalived-install\n\n- name: Allow consuming apps to bind on non local addresses for IPv4\n  ansible.posix.sysctl:\n    name: \"{{ item.name }}\"\n    value: \"{{ item.value }}\"\n    sysctl_set: true\n    state: present\n  when: keepalived_bind_on_non_local | bool\n  loop:\n    - name: \"net.ipv4.ip_nonlocal_bind\"\n      value: 1\n    - name: \"net.ipv4.tcp_retries2\"\n      value: \"{{ keepalived_sysctl_tcp_retries }}\"\n  notify:\n    - Restart keepalived\n  tags:\n    - keepalived-install\n\n- name: Allow consuming apps to bind on non local addresses for IPv6\n  ansible.posix.sysctl:\n    name: \"{{ item.name }}\"\n    value: \"{{ item.value }}\"\n    sysctl_set: true\n    state: present\n  when: keepalived_bind_on_non_local | bool\n        and ipv6_enabled\n  loop:\n    - name: \"net.ipv6.ip_nonlocal_bind\"\n      value: 1\n  notify:\n    - Restart keepalived\n  tags:\n    - keepalived-install\n\n- name: Check that daemon options file exists\n  ansible.builtin.stat:\n    path: \"{{ keepalived_daemon_options_file_path }}\"\n  register: keepalived_daemon_options_file\n  tags:\n    - keepalived-config\n\n- name: Configure keepalived extra params\n  ansible.builtin.lineinfile:\n    line: \"{{ item }}\"\n    regexp: \"^{{ item.split('=')[0] }}\"\n    dest: \"{{ keepalived_daemon_options_file_path }}\"\n    state: present\n  loop: \"{{ keepalived_daemon_default_options_overrides }}\"\n  when: keepalived_daemon_options_file.stat.exists\n  notify:\n    - Restart keepalived\n  tags:\n    - keepalived-config\n\n- name: Dropping the tracking scripts\n  ansible.builtin.copy:\n    src: \"{{ item.value.src_check_script }}\"\n    dest: \"{{ item.value.dest_check_script | default(item.value.check_script) }}\"\n    mode: \"0755\"\n  loop: \"{{ keepalived_scripts | dict2items }}\"\n  when: \"'src_check_script' in item.value\"\n  notify:\n    - Reload keepalived\n  tags:\n    - keepalived-config\n\n- name: Dropping the general notification scripts\n  ansible.builtin.copy:\n    src: \"{{ item.value.src_notify_script }}\"\n    dest: \"{{ item.value.notify_script }}\"\n    mode: \"0755\"\n  loop: \"{{ keepalived_sync_groups | dict2items }}\"\n  when: \"'src_notify_script' in item.value\"\n  notify:\n    - Reload keepalived\n  tags:\n    - keepalived-config\n\n- name: Dropping the notification scripts for switching to master\n  ansible.builtin.copy:\n    src: \"{{ item.value.src_notify_master }}\"\n    dest: \"{{ item.value.notify_master }}\"\n    mode: \"0755\"\n  loop: \"{{ keepalived_sync_groups | dict2items }}\"\n  when: \"'src_notify_master' in item.value\"\n  notify:\n    - Reload keepalived\n  tags:\n    - keepalived-config\n\n- name: Dropping the notification scripts for switching to backup\n  ansible.builtin.copy:\n    src: \"{{ item.value.src_notify_backup }}\"\n    dest: \"{{ item.value.notify_backup }}\"\n    mode: \"0755\"\n  loop: \"{{ keepalived_sync_groups | dict2items }}\"\n  when: \"'src_notify_backup' in item.value\"\n  notify:\n    - Reload keepalived\n  tags:\n    - keepalived-config\n\n- name: Dropping the notification scripts for failures\n  ansible.builtin.copy:\n    src: \"{{ item.value.src_notify_fault }}\"\n    dest: \"{{ item.value.notify_fault }}\"\n    mode: \"0755\"\n  loop: \"{{ keepalived_sync_groups | dict2items }}\"\n  when: \"'src_notify_fault' in item.value\"\n  notify:\n    - Reload keepalived\n  tags:\n    - keepalived-config\n\n- name: Dropping the general notification scripts (instances)\n  ansible.builtin.copy:\n    src: \"{{ item.value.src_notify_script }}\"\n    dest: \"{{ item.value.notify_script }}\"\n    mode: \"0755\"\n  loop: \"{{ keepalived_instances | dict2items }}\"\n  when: \"'src_notify_script' in item.value\"\n  notify:\n    - Reload keepalived\n  tags:\n    - keepalived-config\n\n- name: Dropping the notification scripts for switching to master (instances)\n  ansible.builtin.copy:\n    src: \"{{ item.value.src_notify_master }}\"\n    dest: \"{{ item.value.notify_master }}\"\n    mode: \"0755\"\n  loop: \"{{ keepalived_instances | dict2items }}\"\n  when: \"'src_notify_master' in item.value\"\n  notify:\n    - Reload keepalived\n  tags:\n    - keepalived-config\n\n- name: Dropping the notification scripts for lower priority master case (instances)\n  ansible.builtin.copy:\n    src: \"{{ item.value.src_notify_master_rx_lower_pri }}\"\n    dest: \"{{ item.value.notify_master_rx_lower_pri }}\"\n    mode: \"0755\"\n  loop: \"{{ keepalived_instances | dict2items }}\"\n  when: \"'src_notify_master_rx_lower_pri' in item.value\"\n  notify:\n    - Reload keepalived\n  tags:\n    - keepalived-config\n\n- name: Dropping the notification scripts for switching to backup (instances)\n  ansible.builtin.copy:\n    src: \"{{ item.value.src_notify_backup }}\"\n    dest: \"{{ item.value.notify_backup }}\"\n    mode: \"0755\"\n  loop: \"{{ keepalived_instances | dict2items }}\"\n  when: \"'src_notify_backup' in item.value\"\n  notify:\n    - Reload keepalived\n  tags:\n    - keepalived-config\n\n- name: Dropping the notification scripts for stopping vrrp (instances)\n  ansible.builtin.copy:\n    src: \"{{ item.value.src_notify_stop }}\"\n    dest: \"{{ item.value.notify_stop }}\"\n    mode: \"0755\"\n  loop: \"{{ keepalived_instances | dict2items }}\"\n  when: \"'src_notify_stop' in item.value\"\n  notify:\n    - Reload keepalived\n  tags:\n    - keepalived-config\n\n- name: Dropping the notification scripts for failures (instances)\n  ansible.builtin.copy:\n    src: \"{{ item.value.src_notify_fault }}\"\n    dest: \"{{ item.value.notify_fault }}\"\n    mode: \"0755\"\n  loop: \"{{ keepalived_instances | dict2items }}\"\n  when: \"'src_notify_fault' in item.value\"\n  notify:\n    - Reload keepalived\n  tags:\n    - keepalived-config\n\n- name: Configure keepalived\n  ansible.builtin.template:\n    src: keepalived.conf.j2\n    dest: \"{{ keepalived_config_file_path }}\"\n    mode: \"0640\"\n    validate: \"{{ keepalived_config_testable | ternary('keepalived --config-test -f %s', omit) }}\"\n  notify:\n    - Reload keepalived\n  tags:\n    - keepalived-config\n\n- name: Make directory for keepalived's systemd overrides\n  ansible.builtin.file:\n    path: /etc/systemd/system/keepalived.service.d/\n    state: directory\n    mode: \"0755\"\n  when:\n    - keepalived_systemd_overrides | bool\n  tags:\n    - keepalived-install\n\n- name: Apply keepalived override to start after network is up\n  community.general.ini_file:\n    path: /etc/systemd/system/keepalived.service.d/override.conf\n    create: true\n    section: 'Unit'\n    option: \"{{ item }}\"\n    value: 'network-online.target'\n    mode: '0644'\n  loop:\n    - 'Wants'\n    - 'After'\n  when:\n    - keepalived_systemd_overrides | bool\n  notify:\n    - Restart keepalived\n  tags:\n    - keepalived-install\n\n- name: Apply keepalived override to restart service always\n  community.general.ini_file:\n    path: /etc/systemd/system/keepalived.service.d/override.conf\n    section: 'Service'\n    option: \"Restart\"\n    value: 'always'\n    mode: '0644'\n  when:\n    - keepalived_systemd_overrides | bool\n    - keepalived_systemd_override_service_restart | bool\n  notify:\n    - Restart keepalived\n  tags:\n    - keepalived-install\n\n- name: Remove keepalived overrides\n  ansible.builtin.file:\n    path: /etc/systemd/system/keepalived.service.d/override.conf\n    state: absent\n  when:\n    - not (keepalived_systemd_overrides | bool)\n  tags:\n    - keepalived-install\n\n- name: Ensuring keepalived is enabled and started\n  ansible.builtin.service:\n    daemon_reload: true\n    name: \"{{ keepalived_service_name }}\"\n    state: \"started\"\n    enabled: \"yes\"\n    masked: \"no\"\n  register: _servicestart\n  tags:\n    - keepalived-install\n","created":"2025-12-15T09:55:38.171922Z","updated":"2025-12-15T09:55:38.171950Z","path":"/etc/ansible/roles/keepalived/tasks/main.yml"}