summaryrefslogtreecommitdiff
path: root/roles/dns
diff options
context:
space:
mode:
Diffstat (limited to 'roles/dns')
-rw-r--r--roles/dns/README.md45
-rw-r--r--roles/dns/defaults/main.yml2
-rw-r--r--roles/dns/handlers/main.yml4
-rw-r--r--roles/dns/meta/main.yml8
-rw-r--r--roles/dns/tasks/main.yml50
-rw-r--r--roles/dns/templates/Dockerfile11
-rw-r--r--roles/dns/templates/named.conf23
-rw-r--r--roles/dns/templates/named.service.j215
-rw-r--r--roles/dns/templates/openshift-cluster.zone14
9 files changed, 172 insertions, 0 deletions
diff --git a/roles/dns/README.md b/roles/dns/README.md
new file mode 100644
index 000000000..7e0140772
--- /dev/null
+++ b/roles/dns/README.md
@@ -0,0 +1,45 @@
+dns
+===
+
+Configure a DNS server serving IPs of all the nodes of the cluster
+
+Requirements
+------------
+
+None
+
+Role Variables
+--------------
+
+| Name | Mandatory / Optional | Description |
+|------|----------------------|-------------|
+| `dns_zones` | Mandatory | DNS zones in which we must find the hosts |
+| `dns_forwarders` | If not set, the DNS will be a recursive non-forwarding DNS server | DNS forwarders to delegate the requests for hosts outside of `dns_zones` |
+| `dns_all_hosts` | Mandatory | Exhaustive list of hosts |
+| `base_docker_image` | Optional | Base docker image to build Bind image from, used only in containerized deployments |
+
+Dependencies
+------------
+
+None
+
+Example Playbook
+----------------
+
+ - hosts: dns_hosts
+ roles:
+ - role: dns
+ dns_forwarders: [ '8.8.8.8', '8.8.4.4' ]
+ dns_zones: [ novalocal, openstacklocal ]
+ dns_all_hosts: "{{ g_all_hosts }}"
+ base_docker_image: 'centos:centos7'
+
+License
+-------
+
+ASL 2.0
+
+Author Information
+------------------
+
+OpenShift operations, Red Hat, Inc
diff --git a/roles/dns/defaults/main.yml b/roles/dns/defaults/main.yml
new file mode 100644
index 000000000..82055c8cd
--- /dev/null
+++ b/roles/dns/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+base_docker_image: "{{ 'centos:centos7' if openshift.common.deployment_type == 'origin' else 'rhel7' }}"
diff --git a/roles/dns/handlers/main.yml b/roles/dns/handlers/main.yml
new file mode 100644
index 000000000..ef101785e
--- /dev/null
+++ b/roles/dns/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart bind
+ service:
+ name: named
+ state: restarted
diff --git a/roles/dns/meta/main.yml b/roles/dns/meta/main.yml
new file mode 100644
index 000000000..048274c49
--- /dev/null
+++ b/roles/dns/meta/main.yml
@@ -0,0 +1,8 @@
+---
+galaxy_info:
+ author: Lénaïc Huard
+ description: Deploy and configure a DNS server
+ company: Amadeus SAS
+ license: ASL 2.0
+dependencies:
+- { role: openshift_facts }
diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
new file mode 100644
index 000000000..57a7e6269
--- /dev/null
+++ b/roles/dns/tasks/main.yml
@@ -0,0 +1,50 @@
+- name: Install Bind
+ action: "{{ ansible_pkg_mgr }} name=bind"
+ when: not openshift.common.is_containerized | bool
+
+- name: Create docker build dir
+ file: path=/tmp/dockerbuild state=directory
+ when: openshift.common.is_containerized | bool
+
+- name: Install dockerfile
+ template:
+ dest: "/tmp/dockerbuild/Dockerfile"
+ src: Dockerfile
+ register: install_result
+ when: openshift.common.is_containerized | bool
+
+- name: Build Bind image
+ docker_image: path="/tmp/dockerbuild" name="bind" state=present
+ when: openshift.common.is_containerized | bool
+
+- name: Install bind service file
+ template:
+ dest: "/etc/systemd/system/named.service"
+ src: named.service.j2
+ register: install_result
+ when: openshift.common.is_containerized | bool
+
+- name: reload systemd
+ command: /usr/bin/systemctl --system daemon-reload
+ when: openshift.common.is_containerized | bool and install_result | changed
+
+- name: Create bind zone dir
+ file: path=/var/named state=directory
+ when: openshift.common.is_containerized | bool
+
+- name: Configure Bind
+ template:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ with_items:
+ - src: openshift-cluster.zone
+ dest: /var/named/openshift-cluster.zone
+ - src: named.conf
+ dest: /etc/named.conf
+ notify: restart bind
+
+- name: Enable Bind
+ service:
+ name: named
+ state: started
+ enabled: yes
diff --git a/roles/dns/templates/Dockerfile b/roles/dns/templates/Dockerfile
new file mode 100644
index 000000000..cdff0a228
--- /dev/null
+++ b/roles/dns/templates/Dockerfile
@@ -0,0 +1,11 @@
+FROM {{ base_docker_image }}
+MAINTAINER Jan Provaznik <jprovazn@redhat.com>
+
+# install main packages:
+RUN yum -y update; yum clean all;
+RUN yum -y install bind-utils bind
+
+EXPOSE 53
+
+# start services:
+CMD ["/usr/sbin/named", "-f"]
diff --git a/roles/dns/templates/named.conf b/roles/dns/templates/named.conf
new file mode 100644
index 000000000..22c1ff935
--- /dev/null
+++ b/roles/dns/templates/named.conf
@@ -0,0 +1,23 @@
+options
+{
+ directory "/var/named";
+
+ allow-query { {{ ansible_default_ipv4.network }}/24; };
+
+ recursion yes;
+
+{% if dns_forwarders is defined %}
+ forwarders {
+ {% for dns in dns_forwarders %}
+ {{ dns }};
+ {% endfor %}
+ };
+{% endif %}
+};
+{% for zone in dns_zones %}
+
+zone "{{ zone }}" IN {
+ type master;
+ file "openshift-cluster.zone";
+};
+{% endfor %}
diff --git a/roles/dns/templates/named.service.j2 b/roles/dns/templates/named.service.j2
new file mode 100644
index 000000000..566739f25
--- /dev/null
+++ b/roles/dns/templates/named.service.j2
@@ -0,0 +1,15 @@
+[Unit]
+Requires=docker.service
+After=docker.service
+PartOf=docker.service
+
+[Service]
+Type=simple
+TimeoutStartSec=5m
+ExecStartPre=/usr/bin/docker run --rm -v /etc/named.conf:/etc/named.conf -v /var/named:/var/named:z bind named-checkconf -z /etc/named.conf
+ExecStartPre=-/usr/bin/docker rm -f bind
+ExecStart=/usr/bin/docker run --name bind -p 53:53/udp -v /var/log:/var/log -v /etc/named.conf:/etc/named.conf -v /var/named:/var/named:z bind
+ExecStop=/usr/bin/docker stop bind
+
+[Install]
+WantedBy=docker.service
diff --git a/roles/dns/templates/openshift-cluster.zone b/roles/dns/templates/openshift-cluster.zone
new file mode 100644
index 000000000..03f5dc089
--- /dev/null
+++ b/roles/dns/templates/openshift-cluster.zone
@@ -0,0 +1,14 @@
+$TTL 1d
+@ IN SOA {{ ansible_hostname }} openshift (
+ {{ ansible_date_time.epoch }} ; Serial (To be fixed before 2039)
+ 12h ; Refresh
+ 3m ; Retry
+ 4w ; Expire
+ 3h ; TTL for negative replies
+ )
+
+ IN NS {{ ansible_hostname }}
+{{ ansible_hostname }} IN A {{ ansible_default_ipv4.address }}
+{% for host in dns_all_hosts %}
+{{ hostvars[host].ansible_hostname }} IN A {{ hostvars[host]['ansible_default_ipv4'].address }}
+{% endfor %}
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 09:37:59 +0000