From 24fb4be8c29e772b3ec6242099f0f4c63ce3d0be Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 3 Apr 2022 20:39:52 +0200 Subject: [PATCH] add dnsmasq --- defaults/main.yml | 4 +- handlers/main.yml | 6 +++ tasks/dnsmasq.yml | 51 ++++++++++++++++++++++++ tasks/main.yml | 21 ++-------- templates/config.hcl.j2 | 10 ++++- templates/dnsmasq-10-consul.j2 | 3 ++ templates/resolved.conf.d/consul.conf.j2 | 4 -- vars/Archlinux.yml | 2 + 8 files changed, 78 insertions(+), 23 deletions(-) create mode 100644 tasks/dnsmasq.yml create mode 100644 templates/dnsmasq-10-consul.j2 delete mode 100644 templates/resolved.conf.d/consul.conf.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 61b4cbe..185bfcc 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,7 +6,7 @@ consul_iface: "{{ ansible_default_ipv4.interface }}" consul_bind_address: "{{ hostvars[inventory_hostname]['ansible_'+ consul_iface | replace('-', '_')]['ipv4']['address']}}" consul_client_addr: "127.0.0.1" consul_bootstrap: False - +consul_domain: "consul" consul_data_dir: "/opt/consul" consul_datacenter: "dc1" consul_gossip_encryption_key: @@ -28,3 +28,5 @@ consul_bootstrap_expect: 3 consul_snapshot: false consul_backup_location: "" consul_cron_hour: 1 +consul_retry_join_force: +consul_dnsmasq_enable: False diff --git a/handlers/main.yml b/handlers/main.yml index 2e6b78e..17fbdfe 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -3,3 +3,9 @@ - name: reload consul configuration on Linux command: "consul reload" listen: "reload consul configuration" + +- name: restart dnsmasq + service: + name: dnsmasq + enabled: true + state: restarted diff --git a/tasks/dnsmasq.yml b/tasks/dnsmasq.yml new file mode 100644 index 0000000..f961e49 --- /dev/null +++ b/tasks/dnsmasq.yml @@ -0,0 +1,51 @@ +--- +- name: Install Dnsmasq package + package: + name: "{{ dnsmasq_package }}" + state: present + +- name: Create Dnsmasq configuration directory + file: + path: /etc/dnsmasq.d + state: directory + owner: root + group: root + mode: 0700 + +- name: Create Dnsmasq configuration + template: + src: dnsmasq-10-consul.j2 + dest: /etc/dnsmasq.d/10-consul.conf + owner: root + group: root + mode: 0644 + notify: restart dnsmasq + +- name: Disable systemd-resolved + when: ansible_service_mgr == "systemd" + block: + - name: Disable systemd-resolved service + service: + name: systemd-resolved + enabled: false + state: stopped + + - name: Check if resolv.conf is pointing to systemd-resolved + stat: + path: /etc/resolv.conf + register: resolv_dot_conf + + - name: Remove resolv.conf association with systemd-resolved + file: + src: /run/resolvconf/resolv.conf + path: /etc/resolv.conf + state: link + when: + - resolv_dot_conf.stat.islnk + - 'resolv_dot_conf.stat.link_source == "/run/systemd/resolve/stub-resolv.conf"' + +- name: ensure DNSmasq is started + service: + name: dnsmasq + state: started + enabled: true diff --git a/tasks/main.yml b/tasks/main.yml index 524af28..6edd5e7 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -10,6 +10,7 @@ package: name: "{{ consul_os_package }}" state: present + when: ansible_architecture is not search('arm*') - name: encure data dir exist file: @@ -28,23 +29,6 @@ mode: 0644 notify: reload consul configuration -- name: systemd consul resolution - block: - - name: create resolved.conf.d folder - file: - state: directory - path: /etc/systemd/resolved.conf.d - owner: root - group: root - mode: 0755 - - name: consul resolution file - template: - src: resolved.conf.d/consul.conf.j2 - dest: /etc/systemd/resolved.conf.d/consul.conf - owner: root - group: root - mode: 0644 - - name: configure backup block: - name: copy backup script @@ -66,3 +50,6 @@ name: "{{ consul_service_name }}" state: started enabled: True + +- include_tasks: dnsmasq.yml + when: consul_dnsmasq_enable | bool diff --git a/templates/config.hcl.j2 b/templates/config.hcl.j2 index 6d3de8c..81a3b05 100644 --- a/templates/config.hcl.j2 +++ b/templates/config.hcl.j2 @@ -1,7 +1,10 @@ bootstrap= {{consul_bootstrap|lower}} server= {{consul_server|lower}} +{% if consul_server %} bootstrap_expect= {{consul_bootstrap_expect}} +{% endif %} +domain= "{{consul_domain}}" {% if consul_bind_address %} bind_addr="{{consul_bind_address}}" {% endif %} @@ -27,10 +30,15 @@ acl { default_policy = "allow" enable_token_persistence = true } - +{%if consul_retry_join_force %} +{% for server in consul_retry_join_force %} + {% set _ = consul_join.append(server) %} +{% endfor %} +{% else %} {% for server in _consul_lan_servers %} {% set _ = consul_join.append(hostvars[server]['consul_bind_address'] | default(hostvars[server]['ansible_default_ipv4']['address'],true) | mandatory) %} {% endfor %} +{% endif %} retry_join= {{ consul_join | map('ipwrap') | list | to_json }} {% if _consul_wan_servercount | int > 0 %} diff --git a/templates/dnsmasq-10-consul.j2 b/templates/dnsmasq-10-consul.j2 new file mode 100644 index 0000000..875ed86 --- /dev/null +++ b/templates/dnsmasq-10-consul.j2 @@ -0,0 +1,3 @@ +server=/{{ consul_domain}}/127.0.0.1#8600 +listen-address=127.0.0.1 +bind-interfaces diff --git a/templates/resolved.conf.d/consul.conf.j2 b/templates/resolved.conf.d/consul.conf.j2 deleted file mode 100644 index 0d939a2..0000000 --- a/templates/resolved.conf.d/consul.conf.j2 +++ /dev/null @@ -1,4 +0,0 @@ -[Resolve] -DNS=127.0.0.1:8600 -DNSSEC=false -Domains=~consul diff --git a/vars/Archlinux.yml b/vars/Archlinux.yml index 0b4fda5..35a7b05 100644 --- a/vars/Archlinux.yml +++ b/vars/Archlinux.yml @@ -4,3 +4,5 @@ consul_os_package: - consul-template consul_service_name: consul + +dnsmasq_package: "dnsmasq"