6 files changed, 80 insertions, 1 deletions

diff --git a/playbooks/roles/ceph/tasks/main.yml b/playbooks/roles/ceph/tasks/main.yml
index b554340..b949cce 100644
--- a/playbooks/roles/ceph/tasks/main.yml
+++ b/playbooks/roles/ceph/tasks/main.yml
@@ -23,7 +23,7 @@
       key = {{ ceph_secret }}
     dest: "/etc/ceph/ceph.client.{{ ceph_client_name }}.keyring"
     mode: '0600'
-  
+
 - name: Ensure Ceph Base Exists
   ansible.builtin.file:
     path: "{{ ceph_base }}"
diff --git a/playbooks/roles/keepalived/handlers/main.yml b/playbooks/roles/keepalived/handlers/main.yml
new file mode 100644
index 0000000..cab4124
--- /dev/null
+++ b/playbooks/roles/keepalived/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Restart Keepalived
+  ansible.builtin.service:
+    name: keepalived
+    state: restarted
+    enabled: true
+
diff --git a/playbooks/roles/keepalived/tasks/main.yml b/playbooks/roles/keepalived/tasks/main.yml
new file mode 100644
index 0000000..f888621
--- /dev/null
+++ b/playbooks/roles/keepalived/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+
+- name: Install Keepalived
+  ansible.builtin.apt:
+    name: keepalived
+    state: present
+
+- name: Generate Keepalived Healthcheck Script Pinging Traefik
+  ansible.builtin.template:
+    src: healthcheck.sh.j2
+    dest: "{{ keepalived_healthcheck_script }}"
+    mode: 'a+x'
+
+- name: Generate Keepalived Configuration
+  ansible.builtin.template:
+    src: keepalived.conf.j2
+    dest: /etc/keepalived/keepalived.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart Keepalived
diff --git a/playbooks/roles/keepalived/templates/healthcheck.sh.j2 b/playbooks/roles/keepalived/templates/healthcheck.sh.j2
new file mode 100644
index 0000000..0e6c18b
--- /dev/null
+++ b/playbooks/roles/keepalived/templates/healthcheck.sh.j2
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+PING_HOSTNAME="{{ traefik_host }}"
+VIRTUAL_IP="{{ keepalived_virtual_ip }}"
+
+function do_ping() {
+    local endpoint_hostname="$1"
+    local vip="$2"
+    curl -s -o /dev/null -w "%{http_code}" --resolve "$endpoint_hostname:443:$vip" "https://$endpoint_hostname/ping"
+}
+
+test "$(do_ping "$PING_HOSTNAME" "$VIRTUAL_IP")" = "200"
diff --git a/playbooks/roles/keepalived/templates/keepalived.conf.j2 b/playbooks/roles/keepalived/templates/keepalived.conf.j2
new file mode 100644
index 0000000..cb9c449
--- /dev/null
+++ b/playbooks/roles/keepalived/templates/keepalived.conf.j2
@@ -0,0 +1,36 @@
+global_defs {
+    script_user nobody
+    enable_script_security
+}
+
+vrrp_script chk_avail {
+    script "{{ keepalived_healthcheck_script }}"
+    interval 1
+    weight 10
+    rise 6
+    fall 1
+}
+
+vrrp_instance {{ inventory_hostname }} {
+    interface {{ keepalived_interface }}
+
+    state BACKUP
+    virtual_router_id {{ keepalived_virtual_router_id }}
+    priority {{ keepalived_priority }}
+    advert_int 1
+
+    unicast_src_ip {{ ansible_host }}
+    unicast_peer {
+    {% for peer in groups['keepalived'] if hostvars[peer]['ansible_host'] != ansible_host %}
+        {{ hostvars[peer]['ansible_host'] }}
+    {% endfor %}
+    }
+
+    virtual_ipaddress {
+        {{ keepalived_virtual_ip }} dev {{ keepalived_interface }}
+    }
+
+    track_script {
+        chk_avail
+    }
+}
diff --git a/playbooks/roles/traefik/templates/stacks/traefik.yml b/playbooks/roles/traefik/templates/stacks/traefik.yml
index a80c261..feac37f 100644
--- a/playbooks/roles/traefik/templates/stacks/traefik.yml
+++ b/playbooks/roles/traefik/templates/stacks/traefik.yml
@@ -16,6 +16,8 @@ entryPoints:
           scheme: https
   websecure:
     address: ":443"
+  dns:
+    address: ":53/udp"
 serversTransport:
   insecureSkipVerify: true
 providers: