Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: a9577da115fb
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3befef827934
Choose a head ref
  • 2 commits
  • 3 files changed
  • 2 contributors

Commits on May 8, 2018

  1. nixos/keepalived: Implemented vrrp-instance tracking scripts and inte… 

    …rfaces.

Tracking scripts in particular, cannot be included in extraOpts, because script declaration has to be above script usage in keepalived.conf.
Changes are fully backward compatible.
    Johan Thomsen committed May 8, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    marcuslimdw Marcus
    SSH Key Fingerprint: Bjxq1Z5WubHIGClrPtRk1OtKEFfVkeqEwmpV5RXk4UU
    Verified
    Learn about vigilant mode
    Copy the full SHA
    41d4bd2 View commit details

Commits on May 9, 2018

  1. Merge pull request #39671 from johanot/keepalived-vrrpInstanceTracking 

    nixos/keepalived: Implemented vrrp-instance track scripts and track interfaces
    @srhb
    srhb authored May 9, 2018

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    3befef8 View commit details
62 changes: 60 additions & 2 deletions nixos/modules/services/networking/keepalived/default.nix
View file
Original file line number Diff line number Diff line change
@@ -8,10 +8,12 @@ let

keepalivedConf = pkgs.writeText "keepalived.conf" ''
global_defs {
${optionalString cfg.enableScriptSecurity "enable_script_security"}
${snmpGlobalDefs}
${cfg.extraGlobalDefs}
}
${vrrpScriptStr}
${vrrpInstancesStr}
${cfg.extraConfig}
'';
@@ -26,6 +28,22 @@ let
+ optionalString enableTraps "enable_traps"
);

vrrpScriptStr = concatStringsSep "\n" (map (s:
''
vrrp_script ${s.name} {
script "${s.script}"
interval ${toString s.interval}
fall ${toString s.fall}
rise ${toString s.rise}
timeout ${toString s.timeout}
weight ${toString s.weight}
user ${s.user} ${optionalString (s.group != null) s.group}
${s.extraConfig}
}
''
) vrrpScripts);

vrrpInstancesStr = concatStringsSep "\n" (map (i:
''
vrrp_instance ${i.name} {
@@ -49,6 +67,18 @@ let
${concatMapStringsSep "\n" virtualIpLine i.virtualIps}
}
${optionalString (builtins.length i.trackScripts > 0) ''
track_script {
${concatStringsSep "\n" i.trackScripts}
}
''}
${optionalString (builtins.length i.trackInterfaces > 0) ''
track_interface {
${concatStringsSep "\n" i.trackInterfaces}
}
''}
${i.extraConfig}
}
''
@@ -64,6 +94,12 @@ let

notNullOrEmpty = s: !(s == null || s == "");

vrrpScripts = mapAttrsToList (name: config:
{
inherit name;
} // config
) cfg.vrrpScripts;

vrrpInstances = mapAttrsToList (iName: iConfig:
{
name = iName;
@@ -86,14 +122,20 @@ let
{ assertion = !i.vmacXmitBase || i.useVmac;
message = "services.keepalived.vrrpInstances.${i.name}.vmacXmitBase has no effect when services.keepalived.vrrpInstances.${i.name}.useVmac is not set.";
}
] ++ flatten (map (virtualIpAssertions i.name) i.virtualIps);
] ++ flatten (map (virtualIpAssertions i.name) i.virtualIps)
++ flatten (map (vrrpScriptAssertion i.name) i.trackScripts);

virtualIpAssertions = vrrpName: ip: [
{ assertion = ip.addr != "";
message = "The 'addr' option for an services.keepalived.vrrpInstances.${vrrpName}.virtualIps entry cannot be empty.";
}
];

vrrpScriptAssertion = vrrpName: scriptName: {
assertion = builtins.hasAttr scriptName cfg.vrrpScripts;
message = "services.keepalived.vrrpInstances.${vrrpName} trackscript ${scriptName} is not defined in services.keepalived.vrrpScripts.";
};

pidFile = "/run/keepalived.pid";

in
@@ -110,6 +152,14 @@ in
'';
};

enableScriptSecurity = mkOption {
type = types.bool;
default = false;
description = ''
Don't run scripts configured to be run as root if any part of the path is writable by a non-root user.
'';
};

snmp = {

enable = mkOption {
@@ -181,8 +231,16 @@ in

};

vrrpScripts = mkOption {
type = types.attrsOf (types.submodule (import ./vrrp-script-options.nix {
inherit lib;
}));
default = {};
description = "Declarative vrrp script config";
};

vrrpInstances = mkOption {
type = types.attrsOf (types.submodule (import ./vrrp-options.nix {
type = types.attrsOf (types.submodule (import ./vrrp-instance-options.nix {
inherit lib;
}));
default = {};
14 changes: 14 additions & 0 deletions ...es/networking/keepalived/vrrp-options.nix → ...king/keepalived/vrrp-instance-options.nix
View file
Original file line number Diff line number Diff line change
@@ -108,6 +108,20 @@ with lib;
description = "Declarative vhost config";
};

trackScripts = mkOption {
type = types.listOf types.str;
default = [];
example = [ "chk_cmd1" "chk_cmd2" ];
description = "List of script names to invoke for health tracking.";
};

trackInterfaces = mkOption {
type = types.listOf types.str;
default = [];
example = [ "eth0" "eth1" ];
description = "List of network interfaces to monitor for health tracking.";
};

extraConfig = mkOption {
type = types.lines;
default = "";
64 changes: 64 additions & 0 deletions nixos/modules/services/networking/keepalived/vrrp-script-options.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
{ lib } :

with lib;
with lib.types;
{
options = {

script = mkOption {
type = str;
example = "\${pkgs.curl} -f http://localhost:80";
description = "(Path of) Script command to execute followed by args, i.e. cmd [args]...";
};

interval = mkOption {
type = int;
default = 1;
description = "Seconds between script invocations.";
};

timeout = mkOption {
type = int;
default = 5;
description = "Seconds after which script is considered to have failed.";
};

weight = mkOption {
type = int;
default = 0;
description = "Following a failure, adjust the priority by this weight.";
};

rise = mkOption {
type = int;
default = 5;
description = "Required number of successes for OK transition.";
};

fall = mkOption {
type = int;
default = 3;
description = "Required number of failures for KO transition.";
};

user = mkOption {
type = str;
default = "keepalived_script";
description = "Name of user to run the script under.";
};

group = mkOption {
type = nullOr str;
default = null;
description = "Name of group to run the script under. Defaults to user group.";
};

extraConfig = mkOption {
type = lines;
default = "";
description = "Extra lines to be added verbatim to the vrrp_script section.";
};

};

}