From 5820aa4371aec8218426cdceab3360c6955fe018 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=98ystein=20Bedin?= Date: Wed, 2 Aug 2017 14:40:08 +0000 Subject: Moving common DNS roles out of the playbook area (#605) --- .../openstack/openstack_dns_records.yml | 82 ---------------------- .../provisioning/openstack/openstack_dns_views.yml | 25 ------- .../openstack/post-provision-openstack.yml | 6 +- roles/dns-records/tasks/main.yml | 82 ++++++++++++++++++++++ roles/dns-views/tasks/main.yml | 25 +++++++ 5 files changed, 109 insertions(+), 111 deletions(-) delete mode 100644 playbooks/provisioning/openstack/openstack_dns_records.yml delete mode 100644 playbooks/provisioning/openstack/openstack_dns_views.yml create mode 100644 roles/dns-records/tasks/main.yml create mode 100644 roles/dns-views/tasks/main.yml diff --git a/playbooks/provisioning/openstack/openstack_dns_records.yml b/playbooks/provisioning/openstack/openstack_dns_records.yml deleted file mode 100644 index 3672a8ea6..000000000 --- a/playbooks/provisioning/openstack/openstack_dns_records.yml +++ /dev/null @@ -1,82 +0,0 @@ ---- -- name: "Generate list of private A records" - set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" - with_items: "{{ groups['cluster_hosts'] }}" - -- name: "Add wildcard records to the private A records for infrahosts" - set_fact: - private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}" - with_items: "{{ groups['infra_hosts'] }}" - -- name: "Set the private DNS server to use the external value (if provided)" - set_fact: - nsupdate_server_private: "{{ external_nsupdate_keys['private']['server'] }}" - nsupdate_key_secret_private: "{{ external_nsupdate_keys['private']['key_secret'] }}" - nsupdate_key_algorithm_private: "{{ external_nsupdate_keys['private']['key_algorithm'] }}" - when: - - external_nsupdate_keys is defined - - external_nsupdate_keys['private'] is defined - -- name: "Set the private DNS server to use the provisioned value" - set_fact: - nsupdate_server_private: "{{ hostvars[groups['dns'][0]].public_v4 }}" - nsupdate_key_secret_private: "{{ hostvars[groups['dns'][0]].nsupdate_keys['private-' + full_dns_domain].key_secret }}" - nsupdate_key_algorithm_private: "{{ hostvars[groups['dns'][0]].nsupdate_keys['private-' + full_dns_domain].key_algorithm }}" - when: - - nsupdate_server_private is undefined - -- name: "Generate the private Add section for DNS" - set_fact: - private_named_records: - - view: "private" - zone: "{{ full_dns_domain }}" - server: "{{ nsupdate_server_private }}" - key_name: "{{ ( 'private-' + full_dns_domain ) }}" - key_secret: "{{ nsupdate_key_secret_private }}" - key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" - entries: "{{ private_records }}" - -- name: "Generate list of public A records" - set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" - with_items: "{{ groups['cluster_hosts'] }}" - when: hostvars[item]['public_v4'] is defined - -- name: "Add wildcard records to the public A records" - set_fact: - public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}" - with_items: "{{ groups['infra_hosts'] }}" - when: hostvars[item]['public_v4'] is defined - -- name: "Set the public DNS server details to use the external value (if provided)" - set_fact: - nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}" - nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}" - nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}" - when: - - external_nsupdate_keys is defined - - external_nsupdate_keys['public'] is defined - -- name: "Set the public DNS server details to use the provisioned value" - set_fact: - nsupdate_server_public: "{{ hostvars[groups['dns'][0]].public_v4 }}" - nsupdate_key_secret_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_secret }}" - nsupdate_key_algorithm_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_algorithm }}" - when: - - nsupdate_server_public is undefined - -- name: "Generate the public Add section for DNS" - set_fact: - public_named_records: - - view: "public" - zone: "{{ full_dns_domain }}" - server: "{{ nsupdate_server_public }}" - key_name: "{{ ( 'public-' + full_dns_domain ) }}" - key_secret: "{{ nsupdate_key_secret_public }}" - key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" - entries: "{{ public_records }}" - -- name: "Generate the final dns_records_add" - set_fact: - dns_records_add: "{{ private_named_records + public_named_records }}" diff --git a/playbooks/provisioning/openstack/openstack_dns_views.yml b/playbooks/provisioning/openstack/openstack_dns_views.yml deleted file mode 100644 index 7165b4269..000000000 --- a/playbooks/provisioning/openstack/openstack_dns_views.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: "Generate ACL list for DNS server" - set_fact: - acl_list: "{{ acl_list | default([]) + [ (hostvars[item]['private_v4'] + '/32') ] }}" - with_items: "{{ groups['cluster_hosts'] }}" - -- name: "Generate the private view" - set_fact: - private_named_view: - - name: "private" - acl_entry: "{{ acl_list }}" - zone: - - dns_domain: "{{ full_dns_domain }}" - -- name: "Generate the public view" - set_fact: - public_named_view: - - name: "public" - zone: - - dns_domain: "{{ full_dns_domain }}" - forwarder: "{{ public_dns_nameservers }}" - -- name: "Generate the final named_config_views" - set_fact: - named_config_views: "{{ private_named_view + public_named_view }}" diff --git a/playbooks/provisioning/openstack/post-provision-openstack.yml b/playbooks/provisioning/openstack/post-provision-openstack.yml index c7df74a87..f683b77be 100644 --- a/playbooks/provisioning/openstack/post-provision-openstack.yml +++ b/playbooks/provisioning/openstack/post-provision-openstack.yml @@ -52,9 +52,8 @@ become: true pre_tasks: - include: pre_tasks.yml - - name: "Generate dns-server views" - include: openstack_dns_views.yml roles: + - role: dns-views - role: infra-ansible/roles/dns-server - name: Build and process DNS Records @@ -63,9 +62,8 @@ become: False pre_tasks: - include: pre_tasks.yml - - name: "Generate dns records" - include: openstack_dns_records.yml roles: + - role: dns-records - role: infra-ansible/roles/dns - name: Switch the stack subnet to the configured private DNS server diff --git a/roles/dns-records/tasks/main.yml b/roles/dns-records/tasks/main.yml new file mode 100644 index 000000000..3672a8ea6 --- /dev/null +++ b/roles/dns-records/tasks/main.yml @@ -0,0 +1,82 @@ +--- +- name: "Generate list of private A records" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" + with_items: "{{ groups['cluster_hosts'] }}" + +- name: "Add wildcard records to the private A records for infrahosts" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['private_v4'] } ] }}" + with_items: "{{ groups['infra_hosts'] }}" + +- name: "Set the private DNS server to use the external value (if provided)" + set_fact: + nsupdate_server_private: "{{ external_nsupdate_keys['private']['server'] }}" + nsupdate_key_secret_private: "{{ external_nsupdate_keys['private']['key_secret'] }}" + nsupdate_key_algorithm_private: "{{ external_nsupdate_keys['private']['key_algorithm'] }}" + when: + - external_nsupdate_keys is defined + - external_nsupdate_keys['private'] is defined + +- name: "Set the private DNS server to use the provisioned value" + set_fact: + nsupdate_server_private: "{{ hostvars[groups['dns'][0]].public_v4 }}" + nsupdate_key_secret_private: "{{ hostvars[groups['dns'][0]].nsupdate_keys['private-' + full_dns_domain].key_secret }}" + nsupdate_key_algorithm_private: "{{ hostvars[groups['dns'][0]].nsupdate_keys['private-' + full_dns_domain].key_algorithm }}" + when: + - nsupdate_server_private is undefined + +- name: "Generate the private Add section for DNS" + set_fact: + private_named_records: + - view: "private" + zone: "{{ full_dns_domain }}" + server: "{{ nsupdate_server_private }}" + key_name: "{{ ( 'private-' + full_dns_domain ) }}" + key_secret: "{{ nsupdate_key_secret_private }}" + key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" + entries: "{{ private_records }}" + +- name: "Generate list of public A records" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" + with_items: "{{ groups['cluster_hosts'] }}" + when: hostvars[item]['public_v4'] is defined + +- name: "Add wildcard records to the public A records" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_app_domain, 'ip': hostvars[item]['public_v4'] } ] }}" + with_items: "{{ groups['infra_hosts'] }}" + when: hostvars[item]['public_v4'] is defined + +- name: "Set the public DNS server details to use the external value (if provided)" + set_fact: + nsupdate_server_public: "{{ external_nsupdate_keys['public']['server'] }}" + nsupdate_key_secret_public: "{{ external_nsupdate_keys['public']['key_secret'] }}" + nsupdate_key_algorithm_public: "{{ external_nsupdate_keys['public']['key_algorithm'] }}" + when: + - external_nsupdate_keys is defined + - external_nsupdate_keys['public'] is defined + +- name: "Set the public DNS server details to use the provisioned value" + set_fact: + nsupdate_server_public: "{{ hostvars[groups['dns'][0]].public_v4 }}" + nsupdate_key_secret_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_secret }}" + nsupdate_key_algorithm_public: "{{ hostvars[groups['dns'][0]].nsupdate_keys['public-' + full_dns_domain].key_algorithm }}" + when: + - nsupdate_server_public is undefined + +- name: "Generate the public Add section for DNS" + set_fact: + public_named_records: + - view: "public" + zone: "{{ full_dns_domain }}" + server: "{{ nsupdate_server_public }}" + key_name: "{{ ( 'public-' + full_dns_domain ) }}" + key_secret: "{{ nsupdate_key_secret_public }}" + key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" + entries: "{{ public_records }}" + +- name: "Generate the final dns_records_add" + set_fact: + dns_records_add: "{{ private_named_records + public_named_records }}" diff --git a/roles/dns-views/tasks/main.yml b/roles/dns-views/tasks/main.yml new file mode 100644 index 000000000..7165b4269 --- /dev/null +++ b/roles/dns-views/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: "Generate ACL list for DNS server" + set_fact: + acl_list: "{{ acl_list | default([]) + [ (hostvars[item]['private_v4'] + '/32') ] }}" + with_items: "{{ groups['cluster_hosts'] }}" + +- name: "Generate the private view" + set_fact: + private_named_view: + - name: "private" + acl_entry: "{{ acl_list }}" + zone: + - dns_domain: "{{ full_dns_domain }}" + +- name: "Generate the public view" + set_fact: + public_named_view: + - name: "public" + zone: + - dns_domain: "{{ full_dns_domain }}" + forwarder: "{{ public_dns_nameservers }}" + +- name: "Generate the final named_config_views" + set_fact: + named_config_views: "{{ private_named_view + public_named_view }}" -- cgit v1.2.3