Merge branch 'gibbsoft-feature_recursors'

.gitignore

@@ -57,3 +57,6 @@ docs/_build/
 
 .kitchen/
 roles/*
+
+# Developing on OSX
+.DS_Store

Gemfile.lock

@@ -67,6 +67,3 @@ DEPENDENCIES
   kitchen-vagrant
   serverspec
   test-kitchen
-
-BUNDLED WITH
-   1.10.5

README.md

@@ -49,7 +49,9 @@ consul_ui_download: "https://releases.hashicorp.com/consul/{{ consul_version }}/
 consul_ui_dir: "{{ consul_home }}/dist"
 consul_ui_server_name: "{{ ansible_fqdn }}"
 consul_ui_require_auth: false
+consul_ui_nginx_template: "consul-nginx.conf.j2"
 consul_ui_auth_user_file: /etc/htpasswd/consul
+consul_ui_server_port: 80
 consul_install_nginx: true
 consul_install_nginx_config: true
 consul_enable_nginx_config: true
@@ -64,8 +66,18 @@ consul_config_file: /etc/consul.conf
 consul_log_file: /var/log/consul
 consul_data_dir: "{{ consul_home }}/data"
 
+consul_dns_allow_stale: false
+consul_dns_max_stale: 5s
+consul_dns_node_ttl: 0s
+consul_dns_service_ttl: 0s
+consul_dns_enable_truncate: false
+consul_dns_only_passing: false
+consul_recursors: []
+
 consul_upstart_template: "consul.conf.j2"
 consul_systemd_template: "consul.systemd.j2"
+consul_initd_template: "consul.initd.sh.j2"
+consul_dnsmasq_upstream_template: "resolv_dnsmasq.conf.j2"
 
 consul_binary: consul
 
@@ -74,6 +86,7 @@ consul_group: consul
 
 consul_use_systemd: false
 consul_use_upstart: true
+consul_use_initd: false
 
 consul_is_server: false
 
@@ -112,10 +125,20 @@ consul_port_rpc: 8400
 consul_port_serf_lan: 8301
 consul_port_serf_wan: 8302
 consul_port_server: 8300
-
 consul_install_dnsmasq: false
 consul_install_consulate: false
-
+consul_dnsmasq:
+  listen_interface:
+    - lo
+    - docker0
+    - eth0
+  no_dhcp_interface:
+    - lo
+    - docker0
+    - eth0
+  upstream_servers:
+    - 8.8.8.8
+    - 8.8.4.4
 consul_node_name: "{{ inventory_hostname }}"
 consul_verify_server_hostname: false
 ```
@@ -196,6 +219,9 @@ consul_dns_node_ttl: 0s
 consul_dns_service_ttl: 0s
 consul_dns_enable_truncate: false
 consul_dns_only_passing: false
+consul_recursors:
+  - 8.8.8.8
+  - 8.8.4.4
 ```
 
 ## Handlers

defaults/main.yml

@@ -29,16 +29,19 @@ consul_config_file: /etc/consul.conf
 consul_log_file: /var/log/consul
 consul_data_dir: "{{ consul_home }}/data"
 
+consul_dns_config: false
 consul_dns_allow_stale: false
 consul_dns_max_stale: 5s
 consul_dns_node_ttl: 0s
 consul_dns_service_ttl: 0s
 consul_dns_enable_truncate: false
 consul_dns_only_passing: false
+consul_recursors: []
 
 consul_upstart_template: "consul.conf.j2"
 consul_systemd_template: "consul.systemd.j2"
 consul_initd_template: "consul.initd.sh.j2"
+consul_dnsmasq_upstream_template: "resolv_dnsmasq.conf.j2"
 
 consul_binary: consul
 
@@ -86,10 +89,20 @@ consul_port_rpc: 8400
 consul_port_serf_lan: 8301
 consul_port_serf_wan: 8302
 consul_port_server: 8300
-
 consul_install_dnsmasq: false
 consul_install_consulate: false
-
+consul_dnsmasq:
+  listen_interface:
+    - lo
+    - docker0
+    - eth0
+  no_dhcp_interface:
+    - lo
+    - docker0
+    - eth0
+  upstream_servers:
+    - 8.8.8.8
+    - 8.8.4.4
 consul_node_name: "{{ inventory_hostname }}"
 # Set to true to enable hostname verification via TLS
 consul_verify_server_hostname: false

tasks/dnsmasq.yml

@@ -1,74 +1,85 @@
 - name: update apt
-  apt: >
-    update_cache=yes
-    cache_valid_time=3600
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
   when: ansible_os_family == "Debian"
 
 - name: install deps (Ubuntu)
-  apt: >
-    pkg=dnsmasq
-    state=installed
+  apt:
+    pkg: dnsmasq
+    state: installed
   when: ansible_os_family == "Debian"
 
 - name: install deps (RHEL)
-  yum: >
-    name=dnsmasq
-    state=installed
+  yum:
+    name: dnsmasq
+    state: installed
   when: ansible_os_family == "RedHat"
 
 - name: ensure configure directory
-  file: >
-    dest=/etc/dnsmasq.d
-    state=directory
+  file:
+    dest: /etc/dnsmasq.d
+    state: directory
 
 - name: ensure dnsmasq configuration
-  replace: >
-    dest=/etc/dnsmasq.conf
-    regexp="^#conf-dir=/etc/dnsmasq.d"
-    replace="conf-dir=/etc/dnsmasq.d"
+  lineinfile:
+    dest: "/etc/dnsmasq.conf"
+    regexp: "^conf-dir="
+    line: "conf-dir=/etc/dnsmasq.d"
+    state: present
 
 - name: ensure configure directory
-  file: >
-    dest=/etc/resolvconf/resolv.conf.d
-    state=directory
+  file:
+    dest: /etc/resolvconf/resolv.conf.d
+    state: directory
+  when: ansible_os_family == 'Debian'
 
 - name: add local dns lookup
-  lineinfile: >
-    line="nameserver 127.0.0.1"
-    insertbefore=BOF
-    state=present
-    dest="/etc/resolvconf/resolv.conf.d/consul"
-    create=yes
+  lineinfile:
+    insertbefore: BOF
+    state: present
+    line: "nameserver 127.0.0.1"
+    dest: "/etc/resolvconf/resolv.conf.d/consul"
+    create: yes
+  when: ansible_os_family == 'Debian'
 
-- name: configure dnsmasq to listen on loopback interface
-  replace: >
-    dest=/etc/dnsmasq.conf
-    regexp="^#interface="
-    replace="interface=lo"
-
-- name: configure dnsmasq to listen on docker0 interface
-  lineinfile: >
-    dest=/etc/dnsmasq.conf
-    insertafter="^interface=lo"
-    line="interface=docker0"
-
-- name: configure dnsmasq to disable DHCP and TFTP
-  replace: >
-    dest=/etc/dnsmasq.conf
-    regexp="^#no-dhcp-interface="
-    replace="no-dhcp-interface=lo"
+- name: configure dnsmasq to listen on interface(s)
+  lineinfile:
+    regexp: "^interface={{ item }}"
+    line: "interface={{ item }}"
+    dest: /etc/dnsmasq.conf
+  with_items:
+    "{{ consul_dnsmasq.listen_interface }}"
 
 - name: configure dnsmasq to disable DHCP and TFTP
-  lineinfile: >
-    dest=/etc/dnsmasq.conf
-    insertafter="^no-dhcp-interface=lo"
-    line="no-dhcp-interface=docker0"
+  lineinfile:
+    regexp: "^no-dhcp-interface={{ item }}"
+    line: "no-dhcp-interface={{ item }}"
+    dest: /etc/dnsmasq.conf
+  with_items:
+    "{{ consul_dnsmasq.no_dhcp_interface }}"
 
 - name: configure dnsmasq to delegate all Consul DNS requests to the Consul DNS port
-  copy: >
-    content='server=/{{ consul_domain }}/{{ consul_client_address }}#{{ consul_port_dns }}'
-    dest=/etc/dnsmasq.d/10-consul
+  copy:
+    content: 'server=/{{ consul_domain }}/{{ consul_client_address }}#{{ consul_port_dns }}'
+    dest: /etc/dnsmasq.d/10-consul
   notify:
     - restart dnsmasq
-- pause: minutes=1
 
+- name: create alternate upstream servers file for dnsmasq
+  template:
+    src: "{{ consul_dnsmasq_upstream_template }}"
+    dest: /etc/resolv_dnsmasq.conf
+  when: "{{ (consul_dnsmasq.upstream_servers is defined) and consul_dnsmasq.upstream_servers }}"
+  notify:
+    - restart dnsmasq
+
+- name: configure dnsmasq to use alternate upstream servers file
+  copy:
+    content: "resolv-file=/etc/resolv_dnsmasq.conf"
+    dest: /etc/dnsmasq.d/20-upstream-servers
+  when: "{{ (consul_dnsmasq.upstream_servers is defined) and consul_dnsmasq.upstream_servers }}"
+  notify:
+    - restart dnsmasq
+
+- pause: minutes=1

templates/consul.json.j2

@@ -38,6 +38,9 @@
     "enable_truncate": {{ "true" if consul_dns_enable_truncate else "false" }},
     "only_passing": {{ "true" if consul_dns_only_passing else "false" }}
   },
+{% endif %}
+{% if (consul_recursors is defined) and consul_recursors %}
+    "recursors": [{% for host in consul_recursors %}"{{host}}"{% if not loop.last %}, {% endif %}{% endfor %}],
 {% endif %}
   "log_level": "{{ consul_log_level }}",
 {% if consul_syslog %}
@@ -53,7 +56,6 @@
     "rpc": "127.0.0.1"
   },
 {% endif %}
-  "client_addr": "{{ consul_client_address }}",
 {% if consul_dynamic_bind == false and consul_bind_address is defined and consul_bind_address is not none %}
   "bind_addr": "{{ consul_bind_address }}",
 {% endif %}

templates/consul.systemd.j2

@@ -1,13 +1,16 @@
 [Unit]
 Description=Consul Agent
-Wants=network-online.target
+Requires=network-online.target
 After=network-online.target
 
 [Service]
 Environment="GOMAXPROCS=`nproc`"
+Restart=on-failure
 User={{ consul_user }}
 Group={{ consul_group }}
 ExecStart=/bin/sh -c '{{ consul_home }}/bin/consul agent -config-dir {{ consul_config_dir }} -config-file={{ consul_config_file }} >> {{ consul_log_file }} 2>&1'
+ExecReload=/bin/kill -HUP $MAINPID
+KillSignal=SIGINT
 
 [Install]
 WantedBy=multi-user.target

templates/resolv_dnsmasq.conf.j2

@@ -0,0 +1,2 @@
+{% for host in consul_dnsmasq.upstream_servers | difference(ansible_all_ipv4_addresses) %}nameserver {{host}}
+{% endfor %}

test/integration/atlas_configuration/serverspec/spec_helper.rb

@@ -0,0 +1,2 @@
+require 'serverspec'
+set :backend, :exec

test/integration/custom_templates/serverspec/spec_helper.rb

@@ -0,0 +1,2 @@
+require 'serverspec'
+set :backend, :exec

test/integration/dns/default.yml

@@ -3,7 +3,9 @@
 
   roles:
     - { role: ansible-consul,
+        consul_dns_config: true,
+        consul_recursors: [ "8.8.8.8", "8.8.4.4" ],
         consul_is_server: true,
         consul_install_dnsmasq: true,
         consul_port_dns: 8200,
-        consul_client_address: "127.0.1.1" }
+        consul_client_address: "127.0.1.1" }

test/integration/dns/serverspec/consul_spec.rb

@@ -9,5 +9,6 @@
   describe file('/etc/consul.conf') do
     it { should be_file }
     its(:content) { should match /"dns": 8200/ }
+    its(:content) { should match /"recursors": \["8.8.8.8", "8.8.4.4"\]/ }
   end
-end
+end

test/integration/dynamic_binding/serverspec/spec_helper.rb

@@ -0,0 +1,2 @@
+require 'serverspec'
+set :backend, :exec