c12s-kubespray/roles/docker/tasks/set_facts_dns.yml
Vladimir Rutsky fff8780a51 set "check_mode: no" for read-only "shell" steps that registers result
"shell" step doesn't support check mode, which currently leads to failures,
when Ansible is being run in check mode (because Ansible doesn't run command,
assuming that command might have effect, and no "rc" or "output" is registered).

Setting "check_mode: no" allows to run those "shell" commands in check mode
(which is safe, because those shell commands doesn't have side effects).
2017-02-13 18:53:41 +03:00

63 lines
2 KiB
YAML

---
- name: set dns server for docker
set_fact:
docker_dns_servers: |-
{%- if dns_mode == 'kubedns' -%}
{{ [ skydns_server ] }}
{%- elif dns_mode == 'dnsmasq_kubedns' -%}
{{ [ dns_server ] }}
{%- endif -%}
- name: set base docker dns facts
set_fact:
docker_dns_search_domains:
- 'default.svc.{{ dns_domain }}'
- 'svc.{{ dns_domain }}'
docker_dns_options:
- ndots:{{ ndots }}
- timeout:2
- attempts:2
- name: add upstream dns servers (only when dnsmasq is not used)
set_fact:
docker_dns_servers: "{{ docker_dns_servers + upstream_dns_servers|default([]) }}"
when: dns_mode == 'kubedns'
- name: add global searchdomains
set_fact:
docker_dns_search_domains: "{{ docker_dns_search_domains + searchdomains|default([]) }}"
- name: check system nameservers
shell: grep "^nameserver" /etc/resolv.conf | sed 's/^nameserver\s*//'
changed_when: False
register: system_nameservers
check_mode: no
- name: check system search domains
shell: grep "^search" /etc/resolv.conf | sed 's/^search\s*//'
changed_when: False
register: system_search_domains
check_mode: no
- name: add system nameservers to docker options
set_fact:
docker_dns_servers: "{{ docker_dns_servers | union(system_nameservers.stdout_lines) | unique }}"
when: system_nameservers.stdout != ""
- name: add system search domains to docker options
set_fact:
docker_dns_search_domains: "{{ docker_dns_search_domains | union(system_search_domains.stdout.split(' ')|default([])) | unique }}"
when: system_search_domains.stdout != ""
- name: check number of nameservers
fail: msg="Too many nameservers"
when: docker_dns_servers|length > 3
- name: check number of search domains
fail: msg="Too many search domains"
when: docker_dns_search_domains|length > 6
- name: check length of search domains
fail: msg="Search domains exceeded limit of 256 characters"
when: docker_dns_search_domains|join(' ')|length > 256