ansible-roles/ansible-consul
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add dnsmasq

Browse Source
This commit is contained in:
vincent 2022-04-03 20:39:52 +02:00
parent bfddf278e2
commit 24fb4be8c2
8 changed files with 78 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
defaults/main.yml
View File

@ -6,7 +6,7 @@ consul_iface: "{{ ansible_default_ipv4.interface }}"
consul_bind_address: "{{ hostvars[inventory_hostname]['ansible_'+ consul_iface | replace('-', '_')]['ipv4']['address']}}" consul_bind_address: "{{ hostvars[inventory_hostname]['ansible_'+ consul_iface | replace('-', '_')]['ipv4']['address']}}"
consul_client_addr: "127.0.0.1" consul_client_addr: "127.0.0.1"
consul_bootstrap: False consul_bootstrap: False
consul_domain: "consul"
consul_data_dir: "/opt/consul" consul_data_dir: "/opt/consul"
consul_datacenter: "dc1" consul_datacenter: "dc1"
consul_gossip_encryption_key: consul_gossip_encryption_key:
@ -28,3 +28,5 @@ consul_bootstrap_expect: 3
consul_snapshot: false consul_snapshot: false
consul_backup_location: "" consul_backup_location: ""
consul_cron_hour: 1 consul_cron_hour: 1
consul_retry_join_force:
consul_dnsmasq_enable: False

6
handlers/main.yml
View File

@ -3,3 +3,9 @@
- name: reload consul configuration on Linux - name: reload consul configuration on Linux
command: "consul reload" command: "consul reload"
listen: "reload consul configuration" listen: "reload consul configuration"
- name: restart dnsmasq
service:
name: dnsmasq
enabled: true
state: restarted

51
tasks/dnsmasq.yml Normal file
View File

@ -0,0 +1,51 @@
---
- name: Install Dnsmasq package
package:
name: "{{ dnsmasq_package }}"
state: present
- name: Create Dnsmasq configuration directory
file:
path: /etc/dnsmasq.d
state: directory
owner: root
group: root
mode: 0700
- name: Create Dnsmasq configuration
template:
src: dnsmasq-10-consul.j2
dest: /etc/dnsmasq.d/10-consul.conf
owner: root
group: root
mode: 0644
notify: restart dnsmasq
- name: Disable systemd-resolved
when: ansible_service_mgr == "systemd"
block:
- name: Disable systemd-resolved service
service:
name: systemd-resolved
enabled: false
state: stopped
- name: Check if resolv.conf is pointing to systemd-resolved
stat:
path: /etc/resolv.conf
register: resolv_dot_conf
- name: Remove resolv.conf association with systemd-resolved
file:
src: /run/resolvconf/resolv.conf
path: /etc/resolv.conf
state: link
when:
- resolv_dot_conf.stat.islnk
- 'resolv_dot_conf.stat.link_source == "/run/systemd/resolve/stub-resolv.conf"'
- name: ensure DNSmasq is started
service:
name: dnsmasq
state: started
enabled: true

21
tasks/main.yml
View File

@ -10,6 +10,7 @@
package: package:
name: "{{ consul_os_package }}" name: "{{ consul_os_package }}"
state: present state: present
when: ansible_architecture is not search('arm*')
- name: encure data dir exist - name: encure data dir exist
file: file:
@ -28,23 +29,6 @@
mode: 0644 mode: 0644
notify: reload consul configuration notify: reload consul configuration
- name: systemd consul resolution
block:
- name: create resolved.conf.d folder
file:
state: directory
path: /etc/systemd/resolved.conf.d
owner: root
group: root
mode: 0755
- name: consul resolution file
template:
src: resolved.conf.d/consul.conf.j2
dest: /etc/systemd/resolved.conf.d/consul.conf
owner: root
group: root
mode: 0644
- name: configure backup - name: configure backup
block: block:
- name: copy backup script - name: copy backup script
@ -66,3 +50,6 @@
name: "{{ consul_service_name }}" name: "{{ consul_service_name }}"
state: started state: started
enabled: True enabled: True
- include_tasks: dnsmasq.yml
when: consul_dnsmasq_enable | bool

10
templates/config.hcl.j2
View File

@ -1,7 +1,10 @@
bootstrap= {{consul_bootstrap|lower}} bootstrap= {{consul_bootstrap|lower}}
server= {{consul_server|lower}} server= {{consul_server|lower}}
{% if consul_server %}
bootstrap_expect= {{consul_bootstrap_expect}} bootstrap_expect= {{consul_bootstrap_expect}}
{% endif %}
domain= "{{consul_domain}}"
{% if consul_bind_address %} {% if consul_bind_address %}
bind_addr="{{consul_bind_address}}" bind_addr="{{consul_bind_address}}"
{% endif %} {% endif %}
@ -27,10 +30,15 @@ acl {
default_policy = "allow" default_policy = "allow"
enable_token_persistence = true enable_token_persistence = true
} }
{%if consul_retry_join_force %}
{% for server in consul_retry_join_force %}
{% set _ = consul_join.append(server) %}
{% endfor %}
{% else %}
{% for server in _consul_lan_servers %} {% for server in _consul_lan_servers %}
{% set _ = consul_join.append(hostvars[server]['consul_bind_address'] | default(hostvars[server]['ansible_default_ipv4']['address'],true) | mandatory) %} {% set _ = consul_join.append(hostvars[server]['consul_bind_address'] | default(hostvars[server]['ansible_default_ipv4']['address'],true) | mandatory) %}
{% endfor %} {% endfor %}
{% endif %}
retry_join= {{ consul_join | map('ipwrap') | list | to_json }} retry_join= {{ consul_join | map('ipwrap') | list | to_json }}
{% if _consul_wan_servercount | int > 0 %} {% if _consul_wan_servercount | int > 0 %}

3
templates/dnsmasq-10-consul.j2 Normal file
View File

@ -0,0 +1,3 @@
server=/{{ consul_domain}}/127.0.0.1#8600
listen-address=127.0.0.1
bind-interfaces

4
templates/resolved.conf.d/consul.conf.j2
View File

@ -1,4 +0,0 @@
[Resolve]
DNS=127.0.0.1:8600
DNSSEC=false
Domains=~consul

2
vars/Archlinux.yml
View File

@ -4,3 +4,5 @@ consul_os_package:
- consul-template - consul-template
consul_service_name: consul consul_service_name: consul
dnsmasq_package: "dnsmasq"