Ansible Role: Hetzner Failover with vSwitch and Keepalived

This Ansible Role is designed to set up a reliable system with two servers that share one IP address using Hetzner's vSwitch and Keepalived. It takes inspiration from a helpful article by @dtone. You should also use the nl2go vSwitch role to create the vSwitch. Additionally, you need to order an extra range of public IP addresses for the vSwitch. Please note that this role does not use Hetzner's failover IP service.

Prerequisites

• You need an account with Hetzner Online GmbH.
• You must have a configured Hetzner Robot Webservice Account.

Configuration

The following example shows how to set up a vSwitch called "failover" with VLAN ID 4023. It uses private addresses from the 192.168.100.0/24 subnet and the IP 154.222.4.34 from an additional subnet 154.222.4.32/29 as the failover IP. Remember to order the additional subnet manually after creating the vSwitch.

vSwitch Configuration

Here’s how to configure the vSwitch according to the vSwitch role:

hetzner_vswitch_instances:
- name: failover
    vlan: 4023
    ipv4_address: 192.168.200.0
    ipv4_netmask: 255.255.255.0

Keepalived Configuration

hetzner_failover_keepalived_public_virtual_router_id: 42

hetzner_failover_keepalived_public_ipaddress: 154.222.4.34 # Use this IP as the failover IP
hetzner_failover_keepalived_public_network_prefix: 29 # Netmask of the additional subnet
hetzner_failover_keepalived_public_default_gateway: 154.222.4.33 # Gateway IP of the additional subnet

hetzner_failover_keepalived_vswitch_id: 4023 # Make sure this matches the VLAN ID set in the vSwitch

Hosts Configuration

all:
  hosts:
    keepalived-test-1:
      ansible_host: 123.124.125.1 # Main IP of host 1
      hetzner_vswitch_host:
        - name: failover
          ipv4_address: 192.168.200.1 # vSwitch IP of host 1
      hetzner_failover_keepalived_state: MASTER
      hetzner_failover_keepalived_vswitch_ip: 192.168.200.1 # IP in the vSwitch VLAN for host 1
      hetzner_failover_keepalived_peer_ip: 192.168.200.2 # vSwitch IP of host to peer with
    keepalived-test-2:
      ansible_host: 123.124.125.2 # Main IP of host 2
      hetzner_vswitch_host:
        - name: failover
          ipv4_address: 192.168.200.2 # vSwitch IP of host 2
      hetzner_failover_keepalived_state: BACKUP
      hetzner_failover_keepalived_vswitch_ip: 192.168.200.2 # IP in the vSwitch VLAN for host 2
      hetzner_failover_keepalived_peer_ip: 192.168.200.1 # vSwitch IP of host to peer with

Notify Script

You can add a custom notify script to perform actions after a failover event.

hetzner_failover_keepalived_notify_script: /usr/local/bin/keepalived_notify.sh

To run your custom notify script, provide the script path with the hetzner_failover_keepalived_notify_script variable.

hetzner_failover_keepalived_notify_script_master:
  - service foo reload

For extra actions when switching to the master state without changing the whole notify script, use:

hetzner_failover_keepalived_notify_script_master

hetzner_failover_keepalived_notify_script_backup:
  - service foo reload

For extra actions when switching to the backup state without changing the whole notify script, use:

hetzner_failover_keepalived_notify_script_backup

Dependencies

• You need the ansible-role-hetzner-vswitch role.

Example Playbook

- hosts: all
  roles:
    - nl2go.hetzner_vswitch
    - nl2go.hetzner_failover

Development

Follow the docker-molecule instructions to run Molecule, or install Molecule locally (though this is not recommended due to potential version conflicts).

Set your Hetzner Cloud token like this:

export HCLOUD_TOKEN=123abc456efg

Run tests with:

molecule test --all

Maintainers

• dirkaholic

License

Check the LICENSE.md file for information.

Author Information

This role was created in 2020 by Newsletter2Go GmbH