Change Details

As an initial implementation, instead of immediately creating a new Salt execution module, **I will temporarily use cmd.run to configure CARP.** This approach allows us to configure easily the CARP configuration (rc.conf entries). This is intended as a short-term solution to validate the configuration and integration with Vault. **A future refactoring may introduce a dedicated a carp execution module for better maintainability and abstraction.** Steps: [x] Create the role folder "router" [x] Create the required init.sls file [x] Create the new state carp.sls inside the folder carp created [x] Add a new function (get_carp_entries()) in the file _modules/node.py to retrive the carp configuration from nodes.sls and test the function (D3979) [x] Configure the file carp.sls (D3986) --> requires to retrieve the shared secrets from VALT, steps : [x] 1. Add a Vault policy for role router in pillar/credentials/vault.sls [x] 2. Create the template carp.rc inside router/carp/files that will have the CARP configuration [x] 3. In carp.sls we can now call the template jinja to add the configuration in /etc/rc.conf.d/netif/carp [x] Deploy the network configuration via Salt on every machine : salt 'node' state.apply roles/core/network [x] Deploy the carp configuration to router-002 and router-003 via Salt, and validate CARP is correctly applied [x] Add the routers to top.sls

As an initial implementation, instead of immediately creating a new Salt execution module, **I will temporarily use cmd.run to configure CARP.** This approach allows us to configure easily the CARP configuration (rc.conf entries). This is intended as a short-term solution to validate the configuration and integration with Vault. **A future refactoring may introduce a dedicated a carp execution module for better maintainability and abstraction.** Steps: [x] Create the role folder "router" [x] Create the required init.sls file [x] Create the new state carp.sls inside the folder carp created [x] Add a new function (get_carp_entries()) in the file _modules/node.py to retrive the carp configuration from nodes.sls and test the function (D3979) [x] Configure the file carp.sls (D3986) --> requires to retrieve the shared secrets from VALT, steps : [x] 1. Add a Vault policy for role router in pillar/credentials/vault.sls [x] 2. Create the template carp.rc inside router/carp/files that will have the CARP configuration [x] 3. In carp.sls we can now call the template jinja to add the configuration in /etc/rc.conf.d/netif/carp [x] Deploy the network configuration via Salt on every machine : salt 'node' state.apply roles/core/network [x] Deploy the carp configuration to router-002 and router-003 via Salt, and validate CARP is correctly applied [x] Add the routers to top.sls to be able to do : sudo salt 'router-002' state.apply roles/router

As an initial implementation, instead of immediately creating a new Salt execution module, **I will temporarily use cmd.run to configure CARP.** This approach allows us to configure easily the CARP configuration (rc.conf entries). This is intended as a short-term solution to validate the configuration and integration with Vault. **A future refactoring may introduce a dedicated a carp execution module for better maintainability and abstraction.** Steps: [x] Create the role folder "router" [x] Create the required init.sls file [x] Create the new state carp.sls inside the folder carp created [x] Add a new function (get_carp_entries()) in the file _modules/node.py to retrive the carp configuration from nodes.sls and test the function (D3979) [x] Configure the file carp.sls (D3986) --> requires to retrieve the shared secrets from VALT, steps : [x] 1. Add a Vault policy for role router in pillar/credentials/vault.sls [x] 2. Create the template carp.rc inside router/carp/files that will have the CARP configuration [x] 3. In carp.sls we can now call the template jinja to add the configuration in /etc/rc.conf.d/netif/carp [x] Deploy the network configuration via Salt on every machine : salt 'node' state.apply roles/core/network [x] Deploy the carp configuration to router-002 and router-003 via Salt, and validate CARP is correctly applied [x] Add the routers to top.sls to be able to do : sudo salt 'router-002' state.apply roles/router