From ae0c7a9d623c8ffb6b7dfd93fc382f9082712883 Mon Sep 17 00:00:00 2001 From: Nigel Gibbs Date: Tue, 16 Feb 2016 12:46:43 +0000 Subject: [PATCH 1/4] Added support for DNS recursors. Added consul_dnsmasq.listen_interface and consul_dnsmasq.no_dhcp_interface arrays for better control over interface options. Fixed idepotency in dnsmasq.conf --- .gitignore | 3 + Gemfile.lock | 3 - README.md | 26 ++++++- defaults/main.yml | 13 +++- tasks/dnsmasq.yml | 74 ++++++++++--------- templates/consul.json.j2 | 3 + .../serverspec/spec_helper.rb | 3 +- .../serverspec/spec_helper.rb | 3 +- test/integration/dns/default.yml | 4 +- .../integration/dns/serverspec/consul_spec.rb | 3 +- .../dynamic_binding/serverspec/spec_helper.rb | 3 +- 11 files changed, 91 insertions(+), 47 deletions(-) mode change 120000 => 100644 test/integration/atlas_configuration/serverspec/spec_helper.rb mode change 120000 => 100644 test/integration/custom_templates/serverspec/spec_helper.rb mode change 120000 => 100644 test/integration/dynamic_binding/serverspec/spec_helper.rb diff --git a/.gitignore b/.gitignore index cc0e6a0..2bdb0f1 100644 --- a/.gitignore +++ b/.gitignore @@ -57,3 +57,6 @@ docs/_build/ .kitchen/ roles/* + +# Developing on OSX +.DS_Store diff --git a/Gemfile.lock b/Gemfile.lock index 83854e2..4d0ef43 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -67,6 +67,3 @@ DEPENDENCIES kitchen-vagrant serverspec test-kitchen - -BUNDLED WITH - 1.10.5 diff --git a/README.md b/README.md index f7887e3..d385013 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,9 @@ consul_ui_download: "https://releases.hashicorp.com/consul/{{ consul_version }}/ consul_ui_dir: "{{ consul_home }}/dist" consul_ui_server_name: "{{ ansible_fqdn }}" consul_ui_require_auth: false +consul_ui_nginx_template: "consul-nginx.conf.j2" consul_ui_auth_user_file: /etc/htpasswd/consul +consul_ui_server_port: 80 consul_install_nginx: true consul_install_nginx_config: true consul_enable_nginx_config: true @@ -64,8 +66,17 @@ consul_config_file: /etc/consul.conf consul_log_file: /var/log/consul consul_data_dir: "{{ consul_home }}/data" +consul_dns_allow_stale: false +consul_dns_max_stale: 5s +consul_dns_node_ttl: 0s +consul_dns_service_ttl: 0s +consul_dns_enable_truncate: false +consul_dns_only_passing: false +consul_recursors: [] + consul_upstart_template: "consul.conf.j2" consul_systemd_template: "consul.systemd.j2" +consul_initd_template: "consul.initd.sh.j2" consul_binary: consul @@ -74,6 +85,7 @@ consul_group: consul consul_use_systemd: false consul_use_upstart: true +consul_use_initd: false consul_is_server: false @@ -112,10 +124,17 @@ consul_port_rpc: 8400 consul_port_serf_lan: 8301 consul_port_serf_wan: 8302 consul_port_server: 8300 - consul_install_dnsmasq: false consul_install_consulate: false - +consul_dnsmasq: + listen_interface: + - lo + - docker0 + - eth0 + no_dhcp_interface: + - lo + - docker0 + - eth0 consul_node_name: "{{ inventory_hostname }}" consul_verify_server_hostname: false ``` @@ -196,6 +215,9 @@ consul_dns_node_ttl: 0s consul_dns_service_ttl: 0s consul_dns_enable_truncate: false consul_dns_only_passing: false +consul_recursors: + - 8.8.8.8 + - 8.8.4.4 ``` ## Handlers diff --git a/defaults/main.yml b/defaults/main.yml index 062f67f..dac3aed 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -29,12 +29,14 @@ consul_config_file: /etc/consul.conf consul_log_file: /var/log/consul consul_data_dir: "{{ consul_home }}/data" +consul_dns_config: false consul_dns_allow_stale: false consul_dns_max_stale: 5s consul_dns_node_ttl: 0s consul_dns_service_ttl: 0s consul_dns_enable_truncate: false consul_dns_only_passing: false +consul_recursors: [] consul_upstart_template: "consul.conf.j2" consul_systemd_template: "consul.systemd.j2" @@ -86,10 +88,17 @@ consul_port_rpc: 8400 consul_port_serf_lan: 8301 consul_port_serf_wan: 8302 consul_port_server: 8300 - consul_install_dnsmasq: false consul_install_consulate: false - +consul_dnsmasq: + listen_interface: + - lo + - docker0 + - eth0 + no_dhcp_interface: + - lo + - docker0 + - eth0 consul_node_name: "{{ inventory_hostname }}" # Set to true to enable hostname verification via TLS consul_verify_server_hostname: false diff --git a/tasks/dnsmasq.yml b/tasks/dnsmasq.yml index a809d48..f4369ca 100644 --- a/tasks/dnsmasq.yml +++ b/tasks/dnsmasq.yml @@ -1,64 +1,68 @@ - name: update apt - apt: > - update_cache=yes - cache_valid_time=3600 + apt: + update_cache: yes + cache_valid_time: 3600 when: ansible_os_family == "Debian" - name: install deps (Ubuntu) - apt: > - pkg=dnsmasq - state=installed + apt: + pkg: dnsmasq + state: installed when: ansible_os_family == "Debian" - name: install deps (RHEL) - yum: > - name=dnsmasq - state=installed + yum: + name: dnsmasq + state: installed when: ansible_os_family == "RedHat" - name: ensure configure directory - file: dest=/etc/dnsmasq.d state=directory + file: + dest: /etc/dnsmasq.d + state: directory - name: ensure dnsmasq configuration - lineinfile: dest="/etc/dnsmasq.conf" - regexp="^#conf-dir=/etc/dnsmasq.conf" - line="conf-dir=/etc/dnsmasq.d" - state=present + lineinfile: + dest: "/etc/dnsmasq.conf" + regexp: "^conf-dir=" + line: "conf-dir=/etc/dnsmasq.d" + state: present - name: ensure configure directory - file: dest=/etc/resolvconf/resolv.conf.d state=directory + file: + dest: /etc/resolvconf/resolv.conf.d + state: directory + when: ansible_os_family == 'Debian' - name: add local dns lookup - lineinfile: line="nameserver 127.0.0.1" insertbefore=BOF state=present dest="/etc/resolvconf/resolv.conf.d/consul" create=yes - -- name: configure dnsmasq to listen on loopback interface lineinfile: - dest: /etc/dnsmasq.conf - regexp: "^#interface=" - line: "interface=lo" + insertbefore: BOF + state: present + line: "nameserver 127.0.0.1" + dest: "/etc/resolvconf/resolv.conf.d/consul" + create: yes + when: ansible_os_family == 'Debian' -- name: configure dnsmasq to listen on docker0 interface - lineinfile: - dest: /etc/dnsmasq.conf - insertafter: "^interface=lo" - line: "interface=docker0" - -- name: configure dnsmasq to disable DHCP and TFTP +- name: configure dnsmasq to listen on interface(s) lineinfile: + regexp: "^interface={{ item }}" + line: "interface={{ item }}" dest: /etc/dnsmasq.conf - regexp: "^#no-dhcp-interface=" - line: "no-dhcp-interface=lo" + with_items: + "{{ consul_dnsmasq.listen_interface }}" - name: configure dnsmasq to disable DHCP and TFTP lineinfile: + regexp: "^no-dhcp-interface={{ item }}" + line: "no-dhcp-interface={{ item }}" dest: /etc/dnsmasq.conf - insertafter: "^no-dhcp-interface=lo" - line: "no-dhcp-interface=docker0" + with_items: + "{{ consul_dnsmasq.no_dhcp_interface }}" - name: configure dnsmasq to delegate all Consul DNS requests to the Consul DNS port - copy: > - content='server=/{{ consul_domain }}/{{ consul_client_address }}#{{ consul_port_dns }}' - dest=/etc/dnsmasq.d/10-consul + copy: + content: 'server=/{{ consul_domain }}/{{ consul_client_address }}#{{ consul_port_dns }}' + dest: /etc/dnsmasq.d/10-consul notify: - restart dnsmasq - pause: minutes=1 diff --git a/templates/consul.json.j2 b/templates/consul.json.j2 index d9f4d44..5eab031 100644 --- a/templates/consul.json.j2 +++ b/templates/consul.json.j2 @@ -34,6 +34,9 @@ "enable_truncate": {{ "true" if consul_dns_enable_truncate else "false" }}, "only_passing": {{ "true" if consul_dns_only_passing else "false" }} }, +{% endif %} +{% if (consul_recursors is defined) and consul_recursors %} + "recursors": [{% for host in consul_recursors %}"{{host}}"{% if not loop.last %}, {% endif %}{% endfor %}], {% endif %} "log_level": "{{ consul_log_level }}", {% if consul_syslog %} diff --git a/test/integration/atlas_configuration/serverspec/spec_helper.rb b/test/integration/atlas_configuration/serverspec/spec_helper.rb deleted file mode 120000 index 662bc49..0000000 --- a/test/integration/atlas_configuration/serverspec/spec_helper.rb +++ /dev/null @@ -1 +0,0 @@ -../../default/serverspec/spec_helper.rb \ No newline at end of file diff --git a/test/integration/atlas_configuration/serverspec/spec_helper.rb b/test/integration/atlas_configuration/serverspec/spec_helper.rb new file mode 100644 index 0000000..22ac276 --- /dev/null +++ b/test/integration/atlas_configuration/serverspec/spec_helper.rb @@ -0,0 +1,2 @@ +require 'serverspec' +set :backend, :exec \ No newline at end of file diff --git a/test/integration/custom_templates/serverspec/spec_helper.rb b/test/integration/custom_templates/serverspec/spec_helper.rb deleted file mode 120000 index 662bc49..0000000 --- a/test/integration/custom_templates/serverspec/spec_helper.rb +++ /dev/null @@ -1 +0,0 @@ -../../default/serverspec/spec_helper.rb \ No newline at end of file diff --git a/test/integration/custom_templates/serverspec/spec_helper.rb b/test/integration/custom_templates/serverspec/spec_helper.rb new file mode 100644 index 0000000..22ac276 --- /dev/null +++ b/test/integration/custom_templates/serverspec/spec_helper.rb @@ -0,0 +1,2 @@ +require 'serverspec' +set :backend, :exec \ No newline at end of file diff --git a/test/integration/dns/default.yml b/test/integration/dns/default.yml index 6c12335..45e386b 100644 --- a/test/integration/dns/default.yml +++ b/test/integration/dns/default.yml @@ -3,7 +3,9 @@ roles: - { role: ansible-consul, + consul_dns_config: true, + consul_recursors: [ "8.8.8.8", "8.8.4.4" ], consul_is_server: true, consul_install_dnsmasq: true, consul_port_dns: 8200, - consul_client_address: "127.0.1.1" } \ No newline at end of file + consul_client_address: "127.0.1.1" } diff --git a/test/integration/dns/serverspec/consul_spec.rb b/test/integration/dns/serverspec/consul_spec.rb index eeaa567..4ac7e91 100644 --- a/test/integration/dns/serverspec/consul_spec.rb +++ b/test/integration/dns/serverspec/consul_spec.rb @@ -9,5 +9,6 @@ describe file('/etc/consul.conf') do it { should be_file } its(:content) { should match /"dns": 8200/ } + its(:content) { should match /"recursors": \["8.8.8.8", "8.8.4.4"\]/ } end -end \ No newline at end of file +end diff --git a/test/integration/dynamic_binding/serverspec/spec_helper.rb b/test/integration/dynamic_binding/serverspec/spec_helper.rb deleted file mode 120000 index 662bc49..0000000 --- a/test/integration/dynamic_binding/serverspec/spec_helper.rb +++ /dev/null @@ -1 +0,0 @@ -../../default/serverspec/spec_helper.rb \ No newline at end of file diff --git a/test/integration/dynamic_binding/serverspec/spec_helper.rb b/test/integration/dynamic_binding/serverspec/spec_helper.rb new file mode 100644 index 0000000..22ac276 --- /dev/null +++ b/test/integration/dynamic_binding/serverspec/spec_helper.rb @@ -0,0 +1,2 @@ +require 'serverspec' +set :backend, :exec \ No newline at end of file From 174322d049709e0b9caa4a7fe8e4abc3147697e2 Mon Sep 17 00:00:00 2001 From: Nigel Gibbs Date: Tue, 16 Feb 2016 12:46:43 +0000 Subject: [PATCH 2/4] Added support for DNS recursors. Added consul_dnsmasq.listen_interface and consul_dnsmasq.no_dhcp_interface arrays for better control over interface options. Fixed idempotency in dnsmasq.conf Fixed systemd control template for centos7 - resolved issue of IP trying to bind before network was started. --- .gitignore | 3 + Gemfile.lock | 3 - README.md | 26 ++++++- defaults/main.yml | 13 +++- tasks/dnsmasq.yml | 74 ++++++++++--------- templates/consul.json.j2 | 3 + templates/consul.systemd.j2 | 5 ++ .../serverspec/spec_helper.rb | 3 +- .../serverspec/spec_helper.rb | 3 +- test/integration/dns/default.yml | 4 +- .../integration/dns/serverspec/consul_spec.rb | 3 +- .../dynamic_binding/serverspec/spec_helper.rb | 3 +- 12 files changed, 96 insertions(+), 47 deletions(-) mode change 120000 => 100644 test/integration/atlas_configuration/serverspec/spec_helper.rb mode change 120000 => 100644 test/integration/custom_templates/serverspec/spec_helper.rb mode change 120000 => 100644 test/integration/dynamic_binding/serverspec/spec_helper.rb diff --git a/.gitignore b/.gitignore index cc0e6a0..2bdb0f1 100644 --- a/.gitignore +++ b/.gitignore @@ -57,3 +57,6 @@ docs/_build/ .kitchen/ roles/* + +# Developing on OSX +.DS_Store diff --git a/Gemfile.lock b/Gemfile.lock index 83854e2..4d0ef43 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -67,6 +67,3 @@ DEPENDENCIES kitchen-vagrant serverspec test-kitchen - -BUNDLED WITH - 1.10.5 diff --git a/README.md b/README.md index f7887e3..d385013 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,9 @@ consul_ui_download: "https://releases.hashicorp.com/consul/{{ consul_version }}/ consul_ui_dir: "{{ consul_home }}/dist" consul_ui_server_name: "{{ ansible_fqdn }}" consul_ui_require_auth: false +consul_ui_nginx_template: "consul-nginx.conf.j2" consul_ui_auth_user_file: /etc/htpasswd/consul +consul_ui_server_port: 80 consul_install_nginx: true consul_install_nginx_config: true consul_enable_nginx_config: true @@ -64,8 +66,17 @@ consul_config_file: /etc/consul.conf consul_log_file: /var/log/consul consul_data_dir: "{{ consul_home }}/data" +consul_dns_allow_stale: false +consul_dns_max_stale: 5s +consul_dns_node_ttl: 0s +consul_dns_service_ttl: 0s +consul_dns_enable_truncate: false +consul_dns_only_passing: false +consul_recursors: [] + consul_upstart_template: "consul.conf.j2" consul_systemd_template: "consul.systemd.j2" +consul_initd_template: "consul.initd.sh.j2" consul_binary: consul @@ -74,6 +85,7 @@ consul_group: consul consul_use_systemd: false consul_use_upstart: true +consul_use_initd: false consul_is_server: false @@ -112,10 +124,17 @@ consul_port_rpc: 8400 consul_port_serf_lan: 8301 consul_port_serf_wan: 8302 consul_port_server: 8300 - consul_install_dnsmasq: false consul_install_consulate: false - +consul_dnsmasq: + listen_interface: + - lo + - docker0 + - eth0 + no_dhcp_interface: + - lo + - docker0 + - eth0 consul_node_name: "{{ inventory_hostname }}" consul_verify_server_hostname: false ``` @@ -196,6 +215,9 @@ consul_dns_node_ttl: 0s consul_dns_service_ttl: 0s consul_dns_enable_truncate: false consul_dns_only_passing: false +consul_recursors: + - 8.8.8.8 + - 8.8.4.4 ``` ## Handlers diff --git a/defaults/main.yml b/defaults/main.yml index 062f67f..dac3aed 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -29,12 +29,14 @@ consul_config_file: /etc/consul.conf consul_log_file: /var/log/consul consul_data_dir: "{{ consul_home }}/data" +consul_dns_config: false consul_dns_allow_stale: false consul_dns_max_stale: 5s consul_dns_node_ttl: 0s consul_dns_service_ttl: 0s consul_dns_enable_truncate: false consul_dns_only_passing: false +consul_recursors: [] consul_upstart_template: "consul.conf.j2" consul_systemd_template: "consul.systemd.j2" @@ -86,10 +88,17 @@ consul_port_rpc: 8400 consul_port_serf_lan: 8301 consul_port_serf_wan: 8302 consul_port_server: 8300 - consul_install_dnsmasq: false consul_install_consulate: false - +consul_dnsmasq: + listen_interface: + - lo + - docker0 + - eth0 + no_dhcp_interface: + - lo + - docker0 + - eth0 consul_node_name: "{{ inventory_hostname }}" # Set to true to enable hostname verification via TLS consul_verify_server_hostname: false diff --git a/tasks/dnsmasq.yml b/tasks/dnsmasq.yml index a809d48..f4369ca 100644 --- a/tasks/dnsmasq.yml +++ b/tasks/dnsmasq.yml @@ -1,64 +1,68 @@ - name: update apt - apt: > - update_cache=yes - cache_valid_time=3600 + apt: + update_cache: yes + cache_valid_time: 3600 when: ansible_os_family == "Debian" - name: install deps (Ubuntu) - apt: > - pkg=dnsmasq - state=installed + apt: + pkg: dnsmasq + state: installed when: ansible_os_family == "Debian" - name: install deps (RHEL) - yum: > - name=dnsmasq - state=installed + yum: + name: dnsmasq + state: installed when: ansible_os_family == "RedHat" - name: ensure configure directory - file: dest=/etc/dnsmasq.d state=directory + file: + dest: /etc/dnsmasq.d + state: directory - name: ensure dnsmasq configuration - lineinfile: dest="/etc/dnsmasq.conf" - regexp="^#conf-dir=/etc/dnsmasq.conf" - line="conf-dir=/etc/dnsmasq.d" - state=present + lineinfile: + dest: "/etc/dnsmasq.conf" + regexp: "^conf-dir=" + line: "conf-dir=/etc/dnsmasq.d" + state: present - name: ensure configure directory - file: dest=/etc/resolvconf/resolv.conf.d state=directory + file: + dest: /etc/resolvconf/resolv.conf.d + state: directory + when: ansible_os_family == 'Debian' - name: add local dns lookup - lineinfile: line="nameserver 127.0.0.1" insertbefore=BOF state=present dest="/etc/resolvconf/resolv.conf.d/consul" create=yes - -- name: configure dnsmasq to listen on loopback interface lineinfile: - dest: /etc/dnsmasq.conf - regexp: "^#interface=" - line: "interface=lo" + insertbefore: BOF + state: present + line: "nameserver 127.0.0.1" + dest: "/etc/resolvconf/resolv.conf.d/consul" + create: yes + when: ansible_os_family == 'Debian' -- name: configure dnsmasq to listen on docker0 interface - lineinfile: - dest: /etc/dnsmasq.conf - insertafter: "^interface=lo" - line: "interface=docker0" - -- name: configure dnsmasq to disable DHCP and TFTP +- name: configure dnsmasq to listen on interface(s) lineinfile: + regexp: "^interface={{ item }}" + line: "interface={{ item }}" dest: /etc/dnsmasq.conf - regexp: "^#no-dhcp-interface=" - line: "no-dhcp-interface=lo" + with_items: + "{{ consul_dnsmasq.listen_interface }}" - name: configure dnsmasq to disable DHCP and TFTP lineinfile: + regexp: "^no-dhcp-interface={{ item }}" + line: "no-dhcp-interface={{ item }}" dest: /etc/dnsmasq.conf - insertafter: "^no-dhcp-interface=lo" - line: "no-dhcp-interface=docker0" + with_items: + "{{ consul_dnsmasq.no_dhcp_interface }}" - name: configure dnsmasq to delegate all Consul DNS requests to the Consul DNS port - copy: > - content='server=/{{ consul_domain }}/{{ consul_client_address }}#{{ consul_port_dns }}' - dest=/etc/dnsmasq.d/10-consul + copy: + content: 'server=/{{ consul_domain }}/{{ consul_client_address }}#{{ consul_port_dns }}' + dest: /etc/dnsmasq.d/10-consul notify: - restart dnsmasq - pause: minutes=1 diff --git a/templates/consul.json.j2 b/templates/consul.json.j2 index d9f4d44..5eab031 100644 --- a/templates/consul.json.j2 +++ b/templates/consul.json.j2 @@ -34,6 +34,9 @@ "enable_truncate": {{ "true" if consul_dns_enable_truncate else "false" }}, "only_passing": {{ "true" if consul_dns_only_passing else "false" }} }, +{% endif %} +{% if (consul_recursors is defined) and consul_recursors %} + "recursors": [{% for host in consul_recursors %}"{{host}}"{% if not loop.last %}, {% endif %}{% endfor %}], {% endif %} "log_level": "{{ consul_log_level }}", {% if consul_syslog %} diff --git a/templates/consul.systemd.j2 b/templates/consul.systemd.j2 index 228e970..2af7cb6 100644 --- a/templates/consul.systemd.j2 +++ b/templates/consul.systemd.j2 @@ -1,11 +1,16 @@ [Unit] Description=Consul Agent +Requires=network-online.target +After=network-online.target [Service] Environment="GOMAXPROCS=`nproc`" +Restart=on-failure User={{ consul_user }} Group={{ consul_group }} ExecStart=/bin/sh -c '{{ consul_home }}/bin/consul agent -config-dir {{ consul_config_dir }} -config-file={{ consul_config_file }} >> {{ consul_log_file }} 2>&1' +ExecReload=/bin/kill -HUP $MAINPID +KillSignal=SIGINT [Install] WantedBy=multi-user.target diff --git a/test/integration/atlas_configuration/serverspec/spec_helper.rb b/test/integration/atlas_configuration/serverspec/spec_helper.rb deleted file mode 120000 index 662bc49..0000000 --- a/test/integration/atlas_configuration/serverspec/spec_helper.rb +++ /dev/null @@ -1 +0,0 @@ -../../default/serverspec/spec_helper.rb \ No newline at end of file diff --git a/test/integration/atlas_configuration/serverspec/spec_helper.rb b/test/integration/atlas_configuration/serverspec/spec_helper.rb new file mode 100644 index 0000000..22ac276 --- /dev/null +++ b/test/integration/atlas_configuration/serverspec/spec_helper.rb @@ -0,0 +1,2 @@ +require 'serverspec' +set :backend, :exec \ No newline at end of file diff --git a/test/integration/custom_templates/serverspec/spec_helper.rb b/test/integration/custom_templates/serverspec/spec_helper.rb deleted file mode 120000 index 662bc49..0000000 --- a/test/integration/custom_templates/serverspec/spec_helper.rb +++ /dev/null @@ -1 +0,0 @@ -../../default/serverspec/spec_helper.rb \ No newline at end of file diff --git a/test/integration/custom_templates/serverspec/spec_helper.rb b/test/integration/custom_templates/serverspec/spec_helper.rb new file mode 100644 index 0000000..22ac276 --- /dev/null +++ b/test/integration/custom_templates/serverspec/spec_helper.rb @@ -0,0 +1,2 @@ +require 'serverspec' +set :backend, :exec \ No newline at end of file diff --git a/test/integration/dns/default.yml b/test/integration/dns/default.yml index 6c12335..45e386b 100644 --- a/test/integration/dns/default.yml +++ b/test/integration/dns/default.yml @@ -3,7 +3,9 @@ roles: - { role: ansible-consul, + consul_dns_config: true, + consul_recursors: [ "8.8.8.8", "8.8.4.4" ], consul_is_server: true, consul_install_dnsmasq: true, consul_port_dns: 8200, - consul_client_address: "127.0.1.1" } \ No newline at end of file + consul_client_address: "127.0.1.1" } diff --git a/test/integration/dns/serverspec/consul_spec.rb b/test/integration/dns/serverspec/consul_spec.rb index eeaa567..4ac7e91 100644 --- a/test/integration/dns/serverspec/consul_spec.rb +++ b/test/integration/dns/serverspec/consul_spec.rb @@ -9,5 +9,6 @@ describe file('/etc/consul.conf') do it { should be_file } its(:content) { should match /"dns": 8200/ } + its(:content) { should match /"recursors": \["8.8.8.8", "8.8.4.4"\]/ } end -end \ No newline at end of file +end diff --git a/test/integration/dynamic_binding/serverspec/spec_helper.rb b/test/integration/dynamic_binding/serverspec/spec_helper.rb deleted file mode 120000 index 662bc49..0000000 --- a/test/integration/dynamic_binding/serverspec/spec_helper.rb +++ /dev/null @@ -1 +0,0 @@ -../../default/serverspec/spec_helper.rb \ No newline at end of file diff --git a/test/integration/dynamic_binding/serverspec/spec_helper.rb b/test/integration/dynamic_binding/serverspec/spec_helper.rb new file mode 100644 index 0000000..22ac276 --- /dev/null +++ b/test/integration/dynamic_binding/serverspec/spec_helper.rb @@ -0,0 +1,2 @@ +require 'serverspec' +set :backend, :exec \ No newline at end of file From b5c397fa55d8f7098fec8a60c2371d17e1126b2d Mon Sep 17 00:00:00 2001 From: Nigel Gibbs Date: Wed, 17 Feb 2016 12:49:50 +0000 Subject: [PATCH 3/4] Add support for DNSmasq alternative nameservers file, with new template and . --- README.md | 4 ++++ defaults/main.yml | 4 ++++ tasks/dnsmasq.yml | 17 +++++++++++++++++ templates/resolv_dnsmasq.conf.j2 | 2 ++ 4 files changed, 27 insertions(+) create mode 100644 templates/resolv_dnsmasq.conf.j2 diff --git a/README.md b/README.md index d385013..3803b53 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,7 @@ consul_recursors: [] consul_upstart_template: "consul.conf.j2" consul_systemd_template: "consul.systemd.j2" consul_initd_template: "consul.initd.sh.j2" +consul_dnsmasq_upstream_template: "resolv_dnsmasq.conf.j2" consul_binary: consul @@ -135,6 +136,9 @@ consul_dnsmasq: - lo - docker0 - eth0 + upstream_servers: + - 8.8.8.8 + - 8.8.4.4 consul_node_name: "{{ inventory_hostname }}" consul_verify_server_hostname: false ``` diff --git a/defaults/main.yml b/defaults/main.yml index dac3aed..879d134 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -41,6 +41,7 @@ consul_recursors: [] consul_upstart_template: "consul.conf.j2" consul_systemd_template: "consul.systemd.j2" consul_initd_template: "consul.initd.sh.j2" +consul_dnsmasq_upstream_template: "resolv_dnsmasq.conf.j2" consul_binary: consul @@ -99,6 +100,9 @@ consul_dnsmasq: - lo - docker0 - eth0 + upstream_servers: + - 8.8.8.8 + - 8.8.4.4 consul_node_name: "{{ inventory_hostname }}" # Set to true to enable hostname verification via TLS consul_verify_server_hostname: false diff --git a/tasks/dnsmasq.yml b/tasks/dnsmasq.yml index f4369ca..26e6f92 100644 --- a/tasks/dnsmasq.yml +++ b/tasks/dnsmasq.yml @@ -65,4 +65,21 @@ dest: /etc/dnsmasq.d/10-consul notify: - restart dnsmasq + +- name: create alternate upstream servers file for dnsmasq + template: + src: "{{ consul_dnsmasq_upstream_template }}" + dest: /etc/resolv_dnsmasq.conf + when: "{{ (consul_dnsmasq.upstream_servers is defined) and consul_dnsmasq.upstream_servers }}" + notify: + - restart dnsmasq + +- name: configure dnsmasq to use alternate upstream servers file + copy: + content: "resolv-file=/etc/resolv_dnsmasq.conf" + dest: /etc/dnsmasq.d/20-upstream-servers + when: "{{ (consul_dnsmasq.upstream_servers is defined) and consul_dnsmasq.upstream_servers }}" + notify: + - restart dnsmasq + - pause: minutes=1 diff --git a/templates/resolv_dnsmasq.conf.j2 b/templates/resolv_dnsmasq.conf.j2 new file mode 100644 index 0000000..9e254d1 --- /dev/null +++ b/templates/resolv_dnsmasq.conf.j2 @@ -0,0 +1,2 @@ +{% for host in consul_dnsmasq.upstream_servers | difference(ansible_all_ipv4_addresses) %}nameserver {{host}} +{% endfor %} From 0179fe72704ee03d2dd3c4b172a9fc497ab74389 Mon Sep 17 00:00:00 2001 From: Nigel Gibbs Date: Wed, 17 Feb 2016 12:49:50 +0000 Subject: [PATCH 4/4] Add support for DNSmasq alternative nameservers file, with new template and . --- README.md | 4 ++++ defaults/main.yml | 4 ++++ tasks/dnsmasq.yml | 17 +++++++++++++++++ templates/consul.json.j2 | 1 - templates/resolv_dnsmasq.conf.j2 | 2 ++ 5 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 templates/resolv_dnsmasq.conf.j2 diff --git a/README.md b/README.md index d385013..3803b53 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,7 @@ consul_recursors: [] consul_upstart_template: "consul.conf.j2" consul_systemd_template: "consul.systemd.j2" consul_initd_template: "consul.initd.sh.j2" +consul_dnsmasq_upstream_template: "resolv_dnsmasq.conf.j2" consul_binary: consul @@ -135,6 +136,9 @@ consul_dnsmasq: - lo - docker0 - eth0 + upstream_servers: + - 8.8.8.8 + - 8.8.4.4 consul_node_name: "{{ inventory_hostname }}" consul_verify_server_hostname: false ``` diff --git a/defaults/main.yml b/defaults/main.yml index dac3aed..879d134 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -41,6 +41,7 @@ consul_recursors: [] consul_upstart_template: "consul.conf.j2" consul_systemd_template: "consul.systemd.j2" consul_initd_template: "consul.initd.sh.j2" +consul_dnsmasq_upstream_template: "resolv_dnsmasq.conf.j2" consul_binary: consul @@ -99,6 +100,9 @@ consul_dnsmasq: - lo - docker0 - eth0 + upstream_servers: + - 8.8.8.8 + - 8.8.4.4 consul_node_name: "{{ inventory_hostname }}" # Set to true to enable hostname verification via TLS consul_verify_server_hostname: false diff --git a/tasks/dnsmasq.yml b/tasks/dnsmasq.yml index f4369ca..26e6f92 100644 --- a/tasks/dnsmasq.yml +++ b/tasks/dnsmasq.yml @@ -65,4 +65,21 @@ dest: /etc/dnsmasq.d/10-consul notify: - restart dnsmasq + +- name: create alternate upstream servers file for dnsmasq + template: + src: "{{ consul_dnsmasq_upstream_template }}" + dest: /etc/resolv_dnsmasq.conf + when: "{{ (consul_dnsmasq.upstream_servers is defined) and consul_dnsmasq.upstream_servers }}" + notify: + - restart dnsmasq + +- name: configure dnsmasq to use alternate upstream servers file + copy: + content: "resolv-file=/etc/resolv_dnsmasq.conf" + dest: /etc/dnsmasq.d/20-upstream-servers + when: "{{ (consul_dnsmasq.upstream_servers is defined) and consul_dnsmasq.upstream_servers }}" + notify: + - restart dnsmasq + - pause: minutes=1 diff --git a/templates/consul.json.j2 b/templates/consul.json.j2 index 5eab031..0e11d25 100644 --- a/templates/consul.json.j2 +++ b/templates/consul.json.j2 @@ -52,7 +52,6 @@ "rpc": "127.0.0.1" }, {% endif %} - "client_addr": "{{ consul_client_address }}", {% if consul_dynamic_bind == false and consul_bind_address is defined and consul_bind_address is not none %} "bind_addr": "{{ consul_bind_address }}", {% endif %} diff --git a/templates/resolv_dnsmasq.conf.j2 b/templates/resolv_dnsmasq.conf.j2 new file mode 100644 index 0000000..9e254d1 --- /dev/null +++ b/templates/resolv_dnsmasq.conf.j2 @@ -0,0 +1,2 @@ +{% for host in consul_dnsmasq.upstream_servers | difference(ansible_all_ipv4_addresses) %}nameserver {{host}} +{% endfor %}