network:将域名解析的配置独立出来；ntp:简化ntp配置流程；+resolv：新增域名解析

Author: luofei1

.gitmodules

@@ -1,3 +1,9 @@
 [submodule "roles/cloudalchemy.prometheus"]
 	path = roles/cloudalchemy.prometheus
 	url = https://github.com/cloudalchemy/ansible-prometheus
+[submodule "roles/ahuffman.resolv"]
+	path = roles/ahuffman.resolv
+	url = https://github.com/ahuffman/ansible-resolv
+[submodule "roles/geerlingguy.ntp"]
+	path = roles/geerlingguy.ntp
+	url = https://github.com/geerlingguy/ansible-role-ntp

files/network/resolv.conf.j2

@@ -24,8 +24,6 @@
         address: "{{ ansible_default_ipv4['address'] }}"
         netmask: "{{ ansible_default_ipv4['netmask'] }}"
         gateway: "{{ ansible_default_ipv4['gateway'] }}"
-        dns1: 180.76.76.76
-        dns2: 114.114.114.114
         # }}}
 
     - shell: | # {{{ 计算子网掩码
@@ -77,14 +75,6 @@
       when: ansible_os_family == "RedHat"
       # }}}
 
-    - template: # {{{ dns设置，针对18.04之前的Ubuntu和Debian
-        backup: yes
-        src: files/network/resolv.conf.j2
-        dest: /etc/resolv.conf
-        mode: 0644
-      when: (ansible_distribution == "Ubuntu" and ansible_distribution_version is version(ubuntu_version,"<")) or (ansible_distribution == "Debian")
-      # }}}
-
     - shell: netplan apply # {{{ 使网络生效
       when: ansible_distribution == "Ubuntu" and ansible_distribution_version is version(ubuntu_version,">=")
 

playbooks/network.yml

@@ -7,97 +7,20 @@
 ####
 ---
 - name: 设置ntp时间同步
-  hosts: dist.ubuntu:dist.centos
+  hosts: all
   tags: ntp
-  tasks:
-    - name: 设置时区 # {{{
-      shell: timedatectl set-timezone 'Asia/Shanghai'
-      # }}}
-
-    - name: 安装ntp服务(RedHat) # {{{
-      yum:
-        name: ntp
-        state: installed
-      when: ansible_os_family == "RedHat"
-      # }}}
-
-    - name: 安装ntp服务(Debian) # {{{
-      package:
-        name: "{{ item }}"
-        state: latest
-      with_items:
-        - ntpdate
-        - ntp
-      when: ansible_os_family == "Debian"
-      # }}}
-
-    - name: 设置时间同步(Debian) # {{{
-      lineinfile:
-        dest: /etc/ntp.conf
-        regexp: '^pool [0,1,2,3]'
-        line: "{{ item }}"
-      with_items:
-        - 'server ntp.aliyun.com'
-        - 'server ntp1.aliyun.com'
-        - 'server ntp2.aliyun.com'
-        - 'server ntp3.aliyun.com'
-      when: ansible_os_family == 'Debian'
-      # }}}
-
-    - name: 设置时间同步(RedHat) # {{{
-      lineinfile:
-        dest: /etc/ntp.conf
-        regexp: '^server [0,1,2,3]'
-        line: "{{ item }}"
-      with_items:
-        - 'server ntp.aliyun.com'
-        - 'server ntp1.aliyun.com'
-        - 'server ntp2.aliyun.com'
-        - 'server ntp3.aliyun.com'
-      when: ansible_os_family == 'RedHat'
-      # }}}
-
-    - name: 停止ntp服务(Debian) # {{{
-      service:
-        name: ntp
-        state: stopped
-      when: ansible_os_family == 'Debian'
-      # }}}
-
-    - name: 停止ntp服务(RedHat) # {{{
-      service:
-        name: ntpd
-        state: stopped
-      when: ansible_os_family == "RedHat"
-      # }}}
-
-    - name: 进行时间同步 # {{{
-      raw: ntpdate time.windows.com
-      ignore_errors: true
-      # }}}
-
-    - name: 设置计划任务，每隔一小时同步一次实践 # {{{
-      lineinfile:
-        dest: /etc/crontab
-        line: '* */1 * * * ntpdate -s time.windows.com'
-      # }}}
-
-    - name: 计划任务生效 # {{{
-      raw: crontab /etc/crontab
-      # }}}
-
-    - name: 启动ntp服务(Debian) # {{{
-      service:
-        name: ntp
-        state: restarted
-        enabled: yes
-      when: ansible_os_family == 'Debian'
-      # }}}
-
-    - name: 启动ntp服务(RedHat) # {{{
-      service:
-        name: ntpd
-        state: restarted
-        enabled: yes
-      when: ansible_os_family == 'RedHat'
-      # }}}
+  roles:
+    - role: roles/geerlingguy.ntp
+      ntp_enabled: true
+      ntp_timezone: "Asia/Shanghai"
+      ntp_manage_config: true
+      ntp_servers:
+        - "ntp{{ '.' + ntp_area if ntp_area else '' }}.aliyun.com"
+        - "ntp1{{ '.' + ntp_area if ntp_area else '' }}.aliyun.com"
+        - "ntp2{{ '.' + ntp_area if ntp_area else '' }}.aliyun.com"
+        - "ntp3{{ '.' + ntp_area if ntp_area else '' }}.aliyun.com"
+      ntp_restrict:
+        - "127.0.0.1"
+        - "::1"
+      ntp_cron_handler_enabled: true
+      ntp_tinker_panic: true

playbooks/ntp.yml

@@ -0,0 +1,15 @@
+# 设置域名解析
+# Leif160519 @20201204
+
+- hosts: all
+  tags: resolv
+  roles:
+    - role: roles/ahuffman.resolv
+      resolv_nameservers:
+        - "180.76.76.76"
+        - "114.114.114.114"
+      resolv_domain: "localdomain"
+      resolv_search: "localdomain"
+      resolv_options:
+        - "timeout:2"
+        - "rotate"

playbooks/resolv.yml

@@ -22,5 +22,8 @@
 # 设置静态IP地址
 - import_playbook: network.yml
 
+# 设置域名解析
+- import_playbook: resolv.yml
+
 # 安装node_exporter
 - import_playbook: prometheus.yml