c12s-kubespray/roles/dnsmasq/tasks/main.yml

---
- name: ensure dnsmasq.d directory exists
  file:
    path: /etc/dnsmasq.d
    state: directory

- name: ensure dnsmasq.d-available directory exists
  file:
    path: /etc/dnsmasq.d-available
    state: directory

- name: Write dnsmasq configuration
  template:
    src: 01-kube-dns.conf.j2
    dest: /etc/dnsmasq.d-available/01-kube-dns.conf
    mode: 0755
    backup: yes

- name: Stat dnsmasq configuration
  stat: path=/etc/dnsmasq.d/01-kube-dns.conf
  register: sym

- name: Move previous configuration
  command: mv /etc/dnsmasq.d/01-kube-dns.conf /etc/dnsmasq.d-available/01-kube-dns.conf.bak
  changed_when: False
  when: sym.stat.islnk is defined and sym.stat.islnk == False

- name: Enable dnsmasq configuration
  file:
    src: /etc/dnsmasq.d-available/01-kube-dns.conf
    dest: /etc/dnsmasq.d/01-kube-dns.conf
    state: link

- name: Create dnsmasq manifests
  template: src={{item.file}} dest=/etc/kubernetes/{{item.file}}
  with_items:
    - {file: dnsmasq-ds.yml, type: ds}
    - {file: dnsmasq-svc.yml, type: svc}
  register: manifests
  when: inventory_hostname == groups['kube-master'][0]

- name: Start Resources
  kube:
    name: dnsmasq
    namespace: kube-system
    kubectl: "{{bin_dir}}/kubectl"
    resource: "{{item.item.type}}"
    filename: /etc/kubernetes/{{item.item.file}}
    state: "{{item.changed | ternary('latest','present') }}"
  with_items: "{{ manifests.results }}"
  when: inventory_hostname == groups['kube-master'][0]

- name: Check for dnsmasq port (pulling image and running container)
  wait_for:
    host: "{{dns_server}}"
    port: 53
    delay: 5
  when: inventory_hostname == groups['kube-node'][0]


- name: check resolvconf
  shell: which resolvconf
  register: resolvconf
  ignore_errors: yes

- name: target resolv.conf file
  set_fact:
    resolvconffile: >-
      {%- if resolvconf.rc == 0 -%}/etc/resolvconf/resolv.conf.d/head{%- else -%}/etc/resolv.conf{%- endif -%}

- name: generate search domains to resolvconf
  set_fact:
    searchentries="{{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(' ') }}"

- name: generate nameservers to resolvconf
  set_fact:
    nameserverentries="{{ nameservers|default([]) + [ dns_server ] }}"

- name: Add search resolv.conf
  lineinfile:
    line: "search {{searchentries}}"
    dest: "{{resolvconffile}}"
    state: present
    insertbefore: BOF
    backup: yes
    follow: yes

- name: Add local dnsmasq to resolv.conf
  blockinfile:
    dest: "{{resolvconffile}}"
    block: |-
      {% for item in nameserverentries -%}
      nameserver {{ item }}
      {% endfor %}
    state: present
    create: yes
    backup: yes
    follow: yes
    marker: "# Ansible nameservers {mark}"

- name: Add options to resolv.conf
  lineinfile:
    line: options {{ item }}
    dest: "{{resolvconffile}}"
    state: present
    regexp: "^options.*{{ item }}$"
    insertafter: EOF
    backup: yes
    follow: yes
  with_items:
    - timeout:2
    - attempts:2

- name: Remove search and nameserver options from resolvconf base
  lineinfile:
    dest: /etc/resolvconf/resolv.conf.d/base
    state: absent
    regexp: "^{{ item }}.*$"
    backup: yes
    follow: yes
  with_items:
    - search
    - nameserver
  when: resolvconf.rc == 0

- name: disable resolv.conf modification by dhclient
  copy: src=dhclient_nodnsupdate dest=/etc/dhcp/dhclient-enter-hooks.d/znodnsupdate mode=0755
  notify: Dnsmasq | restart network
  when: ansible_os_family == "Debian"

- name: disable resolv.conf modification by dhclient
  copy: src=dhclient_nodnsupdate dest=/etc/dhcp/dhclient.d/nodnsupdate mode=u+x
  notify: Dnsmasq | restart network
  when: ansible_os_family == "RedHat"
Initial commit 2015-10-03 20:19:50 +00:00			`---`
			`- name: ensure dnsmasq.d directory exists`
			`file:`
			`path: /etc/dnsmasq.d`
			`state: directory`

Symlink dnsmasq conf 2016-01-25 16:34:51 +00:00			`- name: ensure dnsmasq.d-available directory exists`
			`file:`
			`path: /etc/dnsmasq.d-available`
			`state: directory`

Flannel running as pod 2016-01-09 09:45:50 +00:00			`- name: Write dnsmasq configuration`
Initial commit 2015-10-03 20:19:50 +00:00			`template:`
			`src: 01-kube-dns.conf.j2`
Symlink dnsmasq conf 2016-01-25 16:34:51 +00:00			`dest: /etc/dnsmasq.d-available/01-kube-dns.conf`
			`mode: 0755`
use backup file 2015-12-24 18:18:29 +00:00			`backup: yes`
Initial commit 2015-10-03 20:19:50 +00:00
Symlink dnsmasq conf 2016-01-25 16:34:51 +00:00			`- name: Stat dnsmasq configuration`
			`stat: path=/etc/dnsmasq.d/01-kube-dns.conf`
			`register: sym`

			`- name: Move previous configuration`
			`command: mv /etc/dnsmasq.d/01-kube-dns.conf /etc/dnsmasq.d-available/01-kube-dns.conf.bak`
			`changed_when: False`
			`when: sym.stat.islnk is defined and sym.stat.islnk == False`

			`- name: Enable dnsmasq configuration`
			`file:`
			`src: /etc/dnsmasq.d-available/01-kube-dns.conf`
			`dest: /etc/dnsmasq.d/01-kube-dns.conf`
			`state: link`

Use dnsmasq inside pods 2016-03-18 14:07:33 +00:00			`- name: Create dnsmasq manifests`
			`template: src={{item.file}} dest=/etc/kubernetes/{{item.file}}`
			`with_items:`
			`- {file: dnsmasq-ds.yml, type: ds}`
			`- {file: dnsmasq-svc.yml, type: svc}`
			`register: manifests`
Dnsmasq runs on all nodes 2016-03-21 10:37:35 +00:00			`when: inventory_hostname == groups['kube-master'][0]`
Use dnsmasq inside pods 2016-03-18 14:07:33 +00:00
			`- name: Start Resources`
			`kube:`
			`name: dnsmasq`
			`namespace: kube-system`
Use var for bin dir instead of assuming /usr/local/bin On CoreOS the binaries are not installed in /usr/local/bin. 2016-04-02 19:53:33 +00:00			`kubectl: "{{bin_dir}}/kubectl"`
Use dnsmasq inside pods 2016-03-18 14:07:33 +00:00			`resource: "{{item.item.type}}"`
			`filename: /etc/kubernetes/{{item.item.file}}`
			`state: "{{item.changed \| ternary('latest','present') }}"`
fixed deprecation warnings regarding bare variables 2016-03-30 08:23:43 +00:00			`with_items: "{{ manifests.results }}"`
Dnsmasq runs on all nodes 2016-03-21 10:37:35 +00:00			`when: inventory_hostname == groups['kube-master'][0]`
copy template dnsmasq pod and remove handlers 2015-12-30 12:21:48 +00:00
Flannel running as pod 2016-01-09 09:45:50 +00:00			`- name: Check for dnsmasq port (pulling image and running container)`
copy template dnsmasq pod and remove handlers 2015-12-30 12:21:48 +00:00			`wait_for:`
Use dnsmasq inside pods 2016-03-18 14:07:33 +00:00			`host: "{{dns_server}}"`
copy template dnsmasq pod and remove handlers 2015-12-30 12:21:48 +00:00			`port: 53`
			`delay: 5`
Check dnsmasq on first kube-node kube-masters without kube-node role will not run kube-proxy, and therefore can't check if dnsmasq is running. Fixes #368 2016-08-05 12:55:04 +00:00			`when: inventory_hostname == groups['kube-node'][0]`
Dnsmasq runs on all nodes 2016-03-21 10:37:35 +00:00
copy template dnsmasq pod and remove handlers 2015-12-30 12:21:48 +00:00
Use inline update for resolv.conf 2016-01-05 11:23:14 +00:00			`- name: check resolvconf`
Fix resolvconf executable discovery If resolvconf was installed and then removed, the file /etc/resolvconf/resolv.conf.d/head remains in the filesystem - change discovery of 'resolvconf' executable to check if it can be located with 'which resolvconf' command or not. 2016-08-10 14:22:33 +00:00			`shell: which resolvconf`
Use inline update for resolv.conf 2016-01-05 11:23:14 +00:00			`register: resolvconf`
Fix resolvconf executable discovery If resolvconf was installed and then removed, the file /etc/resolvconf/resolv.conf.d/head remains in the filesystem - change discovery of 'resolvconf' executable to check if it can be located with 'which resolvconf' command or not. 2016-08-10 14:22:33 +00:00			`ignore_errors: yes`
Use inline update for resolv.conf 2016-01-05 11:23:14 +00:00
			`- name: target resolv.conf file`
			`set_fact:`
Ansible 2.0 2016-01-12 16:56:29 +00:00			`resolvconffile: >-`
Fix resolvconf executable discovery If resolvconf was installed and then removed, the file /etc/resolvconf/resolv.conf.d/head remains in the filesystem - change discovery of 'resolvconf' executable to check if it can be located with 'which resolvconf' command or not. 2016-08-10 14:22:33 +00:00			`{%- if resolvconf.rc == 0 -%}/etc/resolvconf/resolv.conf.d/head{%- else -%}/etc/resolv.conf{%- endif -%}`
Use inline update for resolv.conf 2016-01-05 11:23:14 +00:00
Fix resolv.conf search/nameserver * Ensure additional nameserver/search, if defined as vars. * Don't backup changed dhclient hooks as they are going to be executed by dhclient as well, which is not what we want. * For debian OS family only: - Rename nodnsupdate hook the resolvconf hook to be sourced always before it. - Ensure dhclient restarted via network restart to apply the nodnsupdate hook. * For rhel OS family, the fix TBD, it doesn't work the same way. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> 2016-08-18 15:14:52 +00:00			`- name: generate search domains to resolvconf`
			`set_fact:`
			`searchentries="{{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains\|default([])) \| join(' ') }}"`

			`- name: generate nameservers to resolvconf`
			`set_fact:`
			`nameserverentries="{{ nameservers\|default([]) + [ dns_server ] }}"`

Use inline update for resolv.conf 2016-01-05 11:23:14 +00:00			`- name: Add search resolv.conf`
			`lineinfile:`
Fix resolv.conf search/nameserver * Ensure additional nameserver/search, if defined as vars. * Don't backup changed dhclient hooks as they are going to be executed by dhclient as well, which is not what we want. * For debian OS family only: - Rename nodnsupdate hook the resolvconf hook to be sourced always before it. - Ensure dhclient restarted via network restart to apply the nodnsupdate hook. * For rhel OS family, the fix TBD, it doesn't work the same way. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> 2016-08-18 15:14:52 +00:00			`line: "search {{searchentries}}"`
Use inline update for resolv.conf 2016-01-05 11:23:14 +00:00			`dest: "{{resolvconffile}}"`
			`state: present`
Flannel running as pod 2016-01-09 09:45:50 +00:00			`insertbefore: BOF`
Use inline update for resolv.conf 2016-01-05 11:23:14 +00:00			`backup: yes`
			`follow: yes`

dnsmasq listens on localhost 2016-01-19 09:29:33 +00:00			`- name: Add local dnsmasq to resolv.conf`
Improve management of nameservers in resolv.conf Changing nameservers now will clean up previous entries 2016-09-22 14:38:01 +00:00			`blockinfile:`
Use inline update for resolv.conf 2016-01-05 11:23:14 +00:00			`dest: "{{resolvconffile}}"`
Improve management of nameservers in resolv.conf Changing nameservers now will clean up previous entries 2016-09-22 14:38:01 +00:00			`block: \|-`
			`{% for item in nameserverentries -%}`
			`nameserver {{ item }}`
			`{% endfor %}`
Use inline update for resolv.conf 2016-01-05 11:23:14 +00:00			`state: present`
Improve management of nameservers in resolv.conf Changing nameservers now will clean up previous entries 2016-09-22 14:38:01 +00:00			`create: yes`
Use inline update for resolv.conf 2016-01-05 11:23:14 +00:00			`backup: yes`
			`follow: yes`
Improve management of nameservers in resolv.conf Changing nameservers now will clean up previous entries 2016-09-22 14:38:01 +00:00			`marker: "# Ansible nameservers {mark}"`
Initial commit 2015-10-03 20:19:50 +00:00
add timeout options to resolv.conf 2016-01-19 09:18:53 +00:00			`- name: Add options to resolv.conf`
			`lineinfile:`
			`line: options {{ item }}`
			`dest: "{{resolvconffile}}"`
			`state: present`
			`regexp: "^options.*{{ item }}$"`
			`insertafter: EOF`
			`backup: yes`
			`follow: yes`
			`with_items:`
reduce dns timeout 2016-01-19 12:49:33 +00:00			`- timeout:2`
add timeout options to resolv.conf 2016-01-19 09:18:53 +00:00			`- attempts:2`

Remove search and nameserver entries from resolvconf base These items conflict when they are provided also in head file Fixes: #456 2016-08-30 10:00:19 +00:00			`- name: Remove search and nameserver options from resolvconf base`
			`lineinfile:`
			`dest: /etc/resolvconf/resolv.conf.d/base`
			`state: absent`
			`regexp: "^{{ item }}.*$"`
			`backup: yes`
			`follow: yes`
			`with_items:`
			`- search`
			`- nameserver`
			`when: resolvconf.rc == 0`

Initial commit 2015-10-03 20:19:50 +00:00			`- name: disable resolv.conf modification by dhclient`
Fix resolv.conf search/nameserver * Ensure additional nameserver/search, if defined as vars. * Don't backup changed dhclient hooks as they are going to be executed by dhclient as well, which is not what we want. * For debian OS family only: - Rename nodnsupdate hook the resolvconf hook to be sourced always before it. - Ensure dhclient restarted via network restart to apply the nodnsupdate hook. * For rhel OS family, the fix TBD, it doesn't work the same way. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> 2016-08-18 15:14:52 +00:00			`copy: src=dhclient_nodnsupdate dest=/etc/dhcp/dhclient-enter-hooks.d/znodnsupdate mode=0755`
			`notify: Dnsmasq \| restart network`
add nodnsupdate hook for RedHat 2015-12-31 13:04:08 +00:00			`when: ansible_os_family == "Debian"`

			`- name: disable resolv.conf modification by dhclient`
Fix resolv.conf search/nameserver * Ensure additional nameserver/search, if defined as vars. * Don't backup changed dhclient hooks as they are going to be executed by dhclient as well, which is not what we want. * For debian OS family only: - Rename nodnsupdate hook the resolvconf hook to be sourced always before it. - Ensure dhclient restarted via network restart to apply the nodnsupdate hook. * For rhel OS family, the fix TBD, it doesn't work the same way. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> 2016-08-18 15:14:52 +00:00			`copy: src=dhclient_nodnsupdate dest=/etc/dhcp/dhclient.d/nodnsupdate mode=u+x`
Fix updating resolvconf Move updating resolvconf to the network restart handler to ensure changes applied to the /etc/resolv.conf. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com> 2016-08-29 14:39:55 +00:00			`notify: Dnsmasq \| restart network`
add nodnsupdate hook for RedHat 2015-12-31 13:04:08 +00:00			`when: ansible_os_family == "RedHat"`