TMP

Rheinwerk · Oct 12, 2024 · c0a2d42 · c0a2d42
1 parent 978eaf4
commit c0a2d42
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 15 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -16,8 +16,8 @@ _consul:
   metadata:
     key1: "value"
     key2: "value"
-  use_dnsmasq_forwarding: true
-  allow_dnsmasq_restart: true
+  use_dns_forwarding: true
+  allow_resolver_restart: true
   cluster:
     provider: "aws"
     tag_key: "consul"

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -106,23 +106,23 @@
     mode: "0640"
   when: _consul.checks is defined
 
-- name: Configure DNSmasq forwarding
-  when: _consul.use_dnsmasq_forwarding | default(false)
+- name: Systemd-resolved forwarding
+  when: _consul.use_dns_forwarding | default(false) and 'systemd-resolved' in ansible_facts.packages
   block:
-    - name: Create dnsmasq config to forward consul domain to agent
+    - name: Create systemd-resolved config to forward consul domain to agent
       ansible.builtin.template:
         src: "{{ item }}.j2"
-        dest: "/{{ item }}"
-        mode: 0644
-      with_items:
-        - "etc/dnsmasq.d/consul-forward.conf"
-      register: dnsmasq_consul
+        dest: /{{ item }}
+        mode: "0644"
+      loop:
+        - etc/systemd/resolved.conf.d/consul.conf.j2
+      register: systemd_resolved_consul
 
-    - name: Restart dnsmasq if config changed to enable consul queries
-      ansible.builtin.service:
-        name: dnsmasq
+    - name: Restart systemd-resolved
+      ansible.builtin.systemd:
+        name: systemd-resolved
         state: restarted
-      when: dnsmasq_consul is changed and _consul.allow_dnsmasq_restart | default(true)
+      when: systemd_resolved_consul is changed and _consul.allow_resolver_restart | default(true)
 
 - name: Set oom score for consul client in systemd
   ansible.builtin.lineinfile:

diff --git a/templates/etc/dnsmasq.d/consul-forward.conf.j2 b/templates/etc/dnsmasq.d/consul-forward.conf.j2
diff --git a/templates/etc/systemd/resolved.conf.d/consul.conf.j2 b/templates/etc/systemd/resolved.conf.d/consul.conf.j2
@@ -0,0 +1,4 @@
+[Resolve]
+DNS=127.0.0.1:{{ _consul.dns_port|default(8600) }}
+DNSSEC=false
+Domains=~{{ _consul.domain }}
diff --git a/templates/etc/systemd/system/consul.service.j2 b/templates/etc/systemd/system/consul.service.j2
@@ -0,0 +1,23 @@
+[Unit]
+Description="HashiCorp Consul"
+Documentation=https://www.consul.io/
+Requires=network-online.target
+After=network-online.target
+ConditionFileNotEmpty={{ _consul.config_dir }}/main.json
+
+[Service]
+User=consul
+Group=consul
+# 'EnvironmentFile' Definition überschreiben 'Environment'
+EnvironmentFile=-{{ _consul.config_dir }}/consul.env
+ExecStart=/usr/local/bin/consul agent -config-dir={{ _consul.config_dir }} $CONSUL_FLAGS
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+LimitNOFILE=65536
+# Es wird explizit "append" statt "file" genutzt, da ansonsten nach dem Logrotate binäre Zeichenketten
+# "@^@^@^@^.." im Logfile entstehen, siehe auch: https://github.com/CenterDevice/ops/issues/262
+StandardOutput=append:{{ _consul.logfile }}
+StandardError=inherit
+
+[Install]
+WantedBy=multi-user.target