Add anycast-healthcecker state

Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>

anycast-healthchecker/anycast-healthchecker.conf

@@ -0,0 +1,40 @@
+#
+# Anycast Healthchecker configuration
+#
+
+[daemon]
+pidfile                = /var/run/anycast-healthchecker/anycast-healthchecker.pid
+ipv4                   = true
+ipv6                   = true
+bird_conf              = /var/lib/anycast-healthchecker/anycast-prefixes-v4.conf
+bird6_conf             = /var/lib/anycast-healthchecker/anycast-prefixes-v6.conf
+bird_variable          = ANYCAST_ADVERTISE
+bird6_variable         = ANYCAST_ADVERTISE
+bird_reconfigure_cmd   = /usr/sbin/birdc configure
+bird6_reconfigure_cmd  = /usr/sbin/birdc6 configure
+dummy_ip_prefix        = 10.132.255.255/32
+dummy_ip6_prefix       = 2a03:2260:2342:ffff::ffff/128
+bird_keep_changes      = false
+bird6_keep_changes     = false
+bird_changes_counter   = 1
+bird6_changes_counter  = 1
+purge_ip_prefixes      = true
+loglevel               = info
+log_maxbytes           = 104857600
+log_backups            = 1
+log_file               = /var/log/anycast-healthchecker/anycast-healthchecker.log
+stderr_file            = /var/log/anycast-healthchecker/stderr.log
+stdout_file            = /var/log/anycast-healthchecker/stdout.log
+
+
+#
+# Default configuration values for checks
+[DEFAULT]
+interface		= anycast_srv
+check_interval		= 3
+check_timeout		= 2
+check_rise 		= 2
+check_fail		= 2
+check_disabled		= false
+on_disabled		= withdraw
+ip_check_disabled	= false

anycast-healthchecker/bird.anycast-service.conf

@@ -0,0 +1,19 @@
+#
+# Anycast Services (Salt managed)
+#
+
+include "/var/lib/anycast-healthchecker/anycast-prefixes-{{ proto }}.conf";
+
+protocol direct anycast_srv {
+	interface "anycast_srv";
+
+	import filter {
+		if net ~ ANYCAST_ADVERTISE then {
+			bgp_community.add (ANYCAST_PREFIX);
+			accept;
+		}
+
+		reject;
+	};
+	export none;
+}

anycast-healthchecker/check.conf.tmpl

@@ -0,0 +1,9 @@
+#
+# Check definition for service {{ service }}
+#
+{% for check, cfg in service_config.items() %}
+[{{ check }}]
+check_cmd = {{ cfg['check_cmd'] }}
+ip_prefix = {{ cfg['ip_prefix'] }}
+
+{% endfor %}

anycast-healthchecker/init.sls

@@ -0,0 +1,97 @@
+#
+# Anycast Healthchecker
+#
+
+{% set node_roles = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':roles', []) %}
+{% set config = salt['pillar.get']('anycast-healtchecker', {}) %}
+
+include:
+  - bird
+
+
+# Install the package and enable/start the service
+anycast-healthchecker:
+  pkg.installed:
+    - name: anycast-healthchecker
+  service.running:
+    - enable: True
+    - restart: True
+    - require:
+      - file: /etc/anycast-healthchecker/anycast-healthchecker.conf
+      - file: Cleanup /etc/anycast-healthchecker/check.d
+
+
+# Main configuration
+/etc/anycast-healthchecker/anycast-healthchecker.conf:
+  file.managed:
+    - source: salt://anycast-healthchecker/anycast-healthchecker.conf
+    - template: jinja
+    - watch_in:
+      - service: anycast-healthchecker
+
+
+# Clean up any previosly configured checks for roles not present anymore
+Cleanup /etc/anycast-healthchecker/check.d:
+  file.directory:
+    - name: /etc/anycast-healthchecker/check.d
+    - clean: true
+
+# Configure service checks for any role configured for this node
+{%- for srv_by_role, srv_cfg in salt['pillar.get']('anycast-healtchecker:services', {}).items()|sort %}
+  {% if srv_by_role not in node_roles %}
+    {% continue %}
+  {% endif %}
+/etc/anycast-healthchecker/check.d/{{ srv_by_role }}.conf:
+  file.managed:
+    - source: salt://anycast-healthchecker/check.conf.tmpl
+    - template: jinja
+    - context:
+      service: {{ srv_by_role }}
+      service_config: {{ srv_cfg }}
+    - watch_in:
+      - service: anycast-healthchecker
+    - require_in:
+      - file: Cleanup /etc/anycast-healthchecker/check.d
+{%- endfor %}
+
+
+# Create file /var/lib/anycast-healthchecker/anycast-prefixes-v4.conf is not present
+/var/lib/anycast-healthchecker/anycast-prefixes-v4.conf:
+  file.managed:
+    - user: bird
+    - replace: False	# Don't touch file contents when file already is present!
+    - contents: 'define ANYCAST_ADVERTISE = [{{ config['dummy_ip_prefixes'][4] }}];'
+    - require:
+      - pkg: anycast-healthchecker
+
+/var/lib/anycast-healthchecker/anycast-prefixes-v6.conf:
+  file.managed:
+    - user: bird
+    - replace: False	# Don't touch file contents when file already is present!
+    - contents: 'define ANYCAST_ADVERTISE = [{{ config['dummy_ip_prefixes'][6] }}];'
+    - require:
+      - pkg: anycast-healthchecker
+
+
+# Install bird direct protocol for anycast_srv interface
+/etc/bird/bird.d/anycast-service.conf:
+  file.managed:
+    - source: salt://anycast-healthchecker/bird.anycast-service.conf
+    - template: jinja
+      proto: v4
+    - require:
+      - pkg: anycast-healthchecker
+      - file: /var/lib/anycast-healthchecker/anycast-prefixes-v4.conf
+    - watch_in:
+      - cmd: bird-configure
+
+/etc/bird/bird6.d/anycast-service.conf:
+  file.managed:
+    - source: salt://anycast-healthchecker/bird.anycast-service.conf
+    - template: jinja
+      proto: v6
+    - require:
+      - pkg: anycast-healthchecker
+      - file: /var/lib/anycast-healthchecker/anycast-prefixes-v6.conf
+    - watch_in:
+      - cmd: bird6-configure