Implement Keepalived health checks for HAProxy
In addition to tracking the status of interfaces, track the HAProxy
ervice status as well as ports opened by HAProxy to assess whether
a node should be eligible to host VIPs.
This avoids traffic being routed to proxy machines which are online
without an operational HAProxy process.
For security, a less privileged user is created to execute the health
check commands. We already have "enable_script_security" set to make
use of it.
The scripts are placed under /usr/local/libexec/keepalived/ as to not give
the user unnecessary access to /etc/keepalived/ and to make for a more
canonical location. FHS does not list /usr/local/libexec and Leap by default
links the libexecdir to /usr/lib, but since /usr/local/libexec exists on
Tumbleweed, it seems reasonable to create it on our Leap systems already.
As part of this patch, the pillar is reorganized - common Keepalived
settings move to pillar.common.keepalived, for inclusion with all roles
using Keepalived. A subdirectory houses sets of health check snippets
for inclusion in clusters or roles.
This is to make for a more uniform structure, given us already using a
common.haproxy pillar structure for shared HAProxy settings, as well
as to make it easier to deduplicate code for different implementations
of Keepalived around our infrastructure.
Last but not least, the pillar introduces a "config" level,
to work with the new formula version.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>