From 351e6f13d5bee3275f46fda4a1780c71d9f338d6 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Sat, 18 Jan 2020 17:34:55 +0100 Subject: Network configuration: - Remove nomad interface (unused) - Deactivate systemd-resolved - Add dns_server to production nodes variables - Add recursors option to Consul so that it can resolve outside DNS queries - Use consul as a global DNS server for machines and containers, with the outside DNS as a fallback (see roles/consul/templates/resolv.conf.j2) --- ansible/roles/consul/tasks/main.yml | 3 +++ ansible/roles/consul/templates/consul.json.j2 | 3 +++ ansible/roles/consul/templates/resolv.conf.j2 | 2 ++ 3 files changed, 8 insertions(+) create mode 100644 ansible/roles/consul/templates/resolv.conf.j2 (limited to 'ansible/roles/consul') diff --git a/ansible/roles/consul/tasks/main.yml b/ansible/roles/consul/tasks/main.yml index bb1d9ef..5cb68ab 100644 --- a/ansible/roles/consul/tasks/main.yml +++ b/ansible/roles/consul/tasks/main.yml @@ -47,3 +47,6 @@ - name: "Enable consul systemd service at boot" service: name=consul state=started enabled=yes daemon_reload=yes + +- name: "Deploy resolv.conf to use Consul" + template: src=resolv.conf.j2 dest=/etc/resolv.conf diff --git a/ansible/roles/consul/templates/consul.json.j2 b/ansible/roles/consul/templates/consul.json.j2 index d1bd2d8..b6c86aa 100644 --- a/ansible/roles/consul/templates/consul.json.j2 +++ b/ansible/roles/consul/templates/consul.json.j2 @@ -17,6 +17,9 @@ "ports": { "dns": 53 }, + "recursors": [ + "{{ dns_server }}" + ], "encrypt": "{{ consul_gossip_encrypt }}", "domain": "2.cluster.deuxfleurs.fr", "performance": { diff --git a/ansible/roles/consul/templates/resolv.conf.j2 b/ansible/roles/consul/templates/resolv.conf.j2 new file mode 100644 index 0000000..2404034 --- /dev/null +++ b/ansible/roles/consul/templates/resolv.conf.j2 @@ -0,0 +1,2 @@ +nameserver {{ private_ip }} +nameserver {{ dns_server }} -- cgit v1.2.3 From 9cf37f9fe0da315b73df5933b7dd494727c1c7b8 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sun, 5 Jul 2020 20:12:51 +0200 Subject: Clean nomad+consul deploy tasks as we do not deploy anymore on ARM so it is untested for real --- ansible/roles/consul/handlers/main.yml | 4 ---- ansible/roles/consul/tasks/main.yml | 28 +--------------------------- 2 files changed, 1 insertion(+), 31 deletions(-) delete mode 100644 ansible/roles/consul/handlers/main.yml (limited to 'ansible/roles/consul') diff --git a/ansible/roles/consul/handlers/main.yml b/ansible/roles/consul/handlers/main.yml deleted file mode 100644 index e8cd4a4..0000000 --- a/ansible/roles/consul/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -- name: restart consul - service: name=consul state=restarted diff --git a/ansible/roles/consul/tasks/main.yml b/ansible/roles/consul/tasks/main.yml index 5cb68ab..2b77080 100644 --- a/ansible/roles/consul/tasks/main.yml +++ b/ansible/roles/consul/tasks/main.yml @@ -1,16 +1,6 @@ - name: "Set consul version" set_fact: - consul_version: 1.7.4 - -- name: "Download and install Consul for armv7l" - unarchive: - src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_arm.zip" - dest: /usr/local/bin - remote_src: yes - when: - - "ansible_architecture == 'armv7l'" - notify: - - restart consul + consul_version: 1.8.0 - name: "Download and install Consul for x86_64" unarchive: @@ -19,31 +9,15 @@ remote_src: yes when: - "ansible_architecture == 'x86_64'" - notify: - - restart consul - -- name: "Download and install Consul for arm64" - unarchive: - src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_arm64.zip" - dest: /usr/local/bin - remote_src: yes - when: - - "ansible_architecture == 'aarch64'" - notify: - - restart consul - name: "Create consul configuration directory" file: path=/etc/consul/ state=directory - name: "Deploy consul configuration" template: src=consul.json.j2 dest=/etc/consul/consul.json - notify: - - restart consul - name: "Deploy consul systemd service" copy: src=consul.service dest=/etc/systemd/system/consul.service - notify: - - restart consul - name: "Enable consul systemd service at boot" service: name=consul state=started enabled=yes daemon_reload=yes -- cgit v1.2.3