proxmox/scripts/npmplus/automate-phase3-keepalived.sh.bak

#!/bin/bash
# Phase 3: Set up Keepalived

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"

if [ -f "$PROJECT_ROOT/.env" ]; then
    set +euo pipefail
    source "$PROJECT_ROOT/.env" 2>/dev/null || true
    set -euo pipefail
fi

PRIMARY_HOST="${PRIMARY_HOST:-192.168.11.11}"
SECONDARY_HOST="${SECONDARY_HOST:-192.168.11.12}"
KEEPALIVED_AUTH_PASS="${KEEPALIVED_AUTH_PASS:-npmplus_ha_$(date +%s)}"

# Colors
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
NC='\033[0m'

log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[⚠]${NC} $1"; }

log_info "Setting up Keepalived..."

# Install Keepalived on both hosts
for host in "$PRIMARY_HOST" "$SECONDARY_HOST"; do
    log_info "Installing Keepalived on $host..."
    if ssh -o StrictHostKeyChecking=no root@"$host" "command -v keepalived >/dev/null 2>&1"; then
        log_info "Keepalived already installed on $host"
    else
        ssh -o StrictHostKeyChecking=no root@"$host" "apt update && apt install -y keepalived" || {
            log_warn "Failed to install Keepalived on $host"
            continue
        }
        log_success "Keepalived installed on $host"
    fi
done

# Deploy scripts and configs
log_info "Deploying Keepalived configuration..."
bash "$SCRIPT_DIR/deploy-keepalived.sh" || {
    log_warn "Deployment script failed, deploying manually..."
    
    # Deploy health check script
    for host in "$PRIMARY_HOST" "$SECONDARY_HOST"; do
        scp -o StrictHostKeyChecking=no \
            "$SCRIPT_DIR/keepalived/check-npmplus-health.sh" \
            "$SCRIPT_DIR/keepalived/keepalived-notify.sh" \
            root@"$host:/usr/local/bin/" 2>/dev/null || true
        
        ssh -o StrictHostKeyChecking=no root@"$host" \
            "chmod +x /usr/local/bin/check-npmplus-health.sh /usr/local/bin/keepalived-notify.sh" 2>/dev/null || true
    done
    
    # Deploy configs with auth password
    scp -o StrictHostKeyChecking=no \
        "$SCRIPT_DIR/keepalived/keepalived-primary.conf" \
        root@"$PRIMARY_HOST:/tmp/keepalived.conf" 2>/dev/null || true
    
    scp -o StrictHostKeyChecking=no \
        "$SCRIPT_DIR/keepalived/keepalived-secondary.conf" \
        root@"$SECONDARY_HOST:/tmp/keepalived.conf" 2>/dev/null || true
    
    # Update auth_pass in configs
    for host in "$PRIMARY_HOST" "$SECONDARY_HOST"; do
        ssh -o StrictHostKeyChecking=no root@"$host" \
            "sed -i 's/auth_pass.*/auth_pass $KEEPALIVED_AUTH_PASS/' /tmp/keepalived.conf && \
             mv /tmp/keepalived.conf /etc/keepalived/keepalived.conf" 2>/dev/null || true
    done
}

# Start and enable Keepalived
for host in "$PRIMARY_HOST" "$SECONDARY_HOST"; do
    log_info "Starting Keepalived on $host..."
    ssh -o StrictHostKeyChecking=no root@"$host" \
        "systemctl enable keepalived && systemctl restart keepalived" 2>/dev/null || {
        log_warn "Failed to start Keepalived on $host"
    }
done

sleep 5

# Verify Keepalived is running
for host in "$PRIMARY_HOST" "$SECONDARY_HOST"; do
    if ssh -o StrictHostKeyChecking=no root@"$host" "systemctl is-active keepalived" 2>/dev/null | grep -q "active"; then
        log_success "Keepalived running on $host"
    else
        log_warn "Keepalived not active on $host"
    fi
done

# Check VIP ownership
VIP="${VIP:-192.168.11.166}"
if ssh -o StrictHostKeyChecking=no root@"$PRIMARY_HOST" "ip addr show vmbr0 2>/dev/null | grep -q $VIP"; then
    log_success "VIP $VIP is on primary host (expected)"
elif ssh -o StrictHostKeyChecking=no root@"$SECONDARY_HOST" "ip addr show vmbr0 2>/dev/null | grep -q $VIP"; then
    log_warn "VIP $VIP is on secondary host (unexpected, but OK)"
else
    log_warn "VIP $VIP not found on either host"
fi

log_success "Phase 3 complete: Keepalived configured"
log_warn "Note: Verify Keepalived auth_pass matches on both hosts"