add dnsmasq

2022-04-03 20:39:52 +02:00 · 2022-04-03 20:39:52 +02:00 · 24fb4be8c2
commit 24fb4be8c2
parent bfddf278e2
8 changed files with 78 additions and 23 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -6,7 +6,7 @@ consul_iface: "{{ ansible_default_ipv4.interface }}"
 consul_bind_address: "{{ hostvars[inventory_hostname]['ansible_'+ consul_iface | replace('-', '_')]['ipv4']['address']}}"
 consul_client_addr: "127.0.0.1"
 consul_bootstrap: False
-
+consul_domain: "consul"
 consul_data_dir: "/opt/consul"
 consul_datacenter: "dc1"
 consul_gossip_encryption_key:
@ -28,3 +28,5 @@ consul_bootstrap_expect: 3
 consul_snapshot: false
 consul_backup_location: ""
 consul_cron_hour: 1
+consul_retry_join_force:
+consul_dnsmasq_enable: False
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -3,3 +3,9 @@
 - name: reload consul configuration on Linux
  command: "consul reload"
  listen: "reload consul configuration"
+
+- name: restart dnsmasq
+  service:
+    name: dnsmasq
+    enabled: true
+    state: restarted
--- a/tasks/dnsmasq.yml
+++ b/tasks/dnsmasq.yml
@ -0,0 +1,51 @@
+---
+- name: Install Dnsmasq package
+  package:
+    name: "{{ dnsmasq_package }}"
+    state: present
+
+- name: Create Dnsmasq configuration directory
+  file:
+    path: /etc/dnsmasq.d
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+
+- name: Create Dnsmasq configuration
+  template:
+    src: dnsmasq-10-consul.j2
+    dest: /etc/dnsmasq.d/10-consul.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart dnsmasq
+
+- name: Disable systemd-resolved
+  when: ansible_service_mgr == "systemd"
+  block:
+    - name: Disable systemd-resolved service
+      service:
+        name: systemd-resolved
+        enabled: false
+        state: stopped
+
+    - name: Check if resolv.conf is pointing to systemd-resolved
+      stat:
+        path: /etc/resolv.conf
+      register: resolv_dot_conf
+
+    - name: Remove resolv.conf association with systemd-resolved
+      file:
+        src: /run/resolvconf/resolv.conf
+        path: /etc/resolv.conf
+        state: link
+      when:
+        - resolv_dot_conf.stat.islnk
+        - 'resolv_dot_conf.stat.link_source == "/run/systemd/resolve/stub-resolv.conf"'
+
+- name: ensure DNSmasq is started
+  service:
+    name: dnsmasq
+    state: started
+    enabled: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -10,6 +10,7 @@
  package:
    name: "{{ consul_os_package }}"
    state: present
+  when: ansible_architecture is not search('arm*')

 - name: encure data dir exist
  file:
@ -28,23 +29,6 @@
        mode: 0644
  notify: reload consul configuration

- name: systemd consul resolution
-  block:
-    - name: create resolved.conf.d folder
-      file:
-        state: directory
-        path: /etc/systemd/resolved.conf.d
-        owner: root
-        group: root
-        mode: 0755
-    - name: consul resolution file
-      template:
-        src: resolved.conf.d/consul.conf.j2
-        dest: /etc/systemd/resolved.conf.d/consul.conf
-        owner: root
-        group: root
-        mode: 0644
-
 - name: configure backup
  block:
    - name: copy backup script
@ -66,3 +50,6 @@
    name: "{{  consul_service_name }}"
    state: started
    enabled: True
+
+- include_tasks: dnsmasq.yml
+  when: consul_dnsmasq_enable | bool
--- a/templates/config.hcl.j2
+++ b/templates/config.hcl.j2
@ -1,7 +1,10 @@

 bootstrap= {{consul_bootstrap|lower}}
 server= {{consul_server|lower}}
+{% if consul_server %}
 bootstrap_expect= {{consul_bootstrap_expect}}
+{% endif %}
+domain= "{{consul_domain}}"
 {% if consul_bind_address %}
 bind_addr="{{consul_bind_address}}"
 {% endif %}
@ -27,10 +30,15 @@ acl {
  default_policy = "allow"
  enable_token_persistence = true
 }
-
+{%if consul_retry_join_force %}
+{% for server in consul_retry_join_force %}
+  {% set _ = consul_join.append(server) %}
+{% endfor %}
+{% else %}
 {% for server in _consul_lan_servers %}
 {%   set _ = consul_join.append(hostvars[server]['consul_bind_address'] | default(hostvars[server]['ansible_default_ipv4']['address'],true) | mandatory) %}
 {% endfor %}
+{% endif %}
 retry_join= {{ consul_join | map('ipwrap') | list | to_json }}

 {% if _consul_wan_servercount | int > 0 %}
--- a/templates/dnsmasq-10-consul.j2
+++ b/templates/dnsmasq-10-consul.j2
@ -0,0 +1,3 @@
+server=/{{ consul_domain}}/127.0.0.1#8600
+listen-address=127.0.0.1
+bind-interfaces
--- a/templates/resolved.conf.d/consul.conf.j2
+++ b/templates/resolved.conf.d/consul.conf.j2
@ -1,4 +0,0 @@
-[Resolve]
-DNS=127.0.0.1:8600
-DNSSEC=false
-Domains=~consul
--- a/vars/Archlinux.yml
+++ b/vars/Archlinux.yml
@ -4,3 +4,5 @@ consul_os_package:
  - consul-template

 consul_service_name: consul
+
+dnsmasq_package: "dnsmasq"