redbrick/nomad
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nomad/ansible/roles/configure-consul/tasks/main.yml
wizzdom 0159e15643
ansible: add consul dns via systemd-resolved (#16) 
* ansible: add consul dns via systemd-resolved

* consolidate apt remove jobs
2024-01-23 04:48:00 +00:00

99 lines
2 KiB
YAML
Raw Permalink Blame History

---
- name: Install or update consul
become: true
apt:
name: consul
state: latest
update_cache: yes
when: ansible_check_mode == false
- name: Add consul user
become: true
user:
name: consul
system: yes
shell: /bin/false
- name: Create consul directories
become: true
file:
path: "{{ item }}"
state: directory
owner: consul
group: consul
with_items:
- /etc/consul.d
- /opt/consul
- include_tasks: configure.yml
- name: Enable and start consul
become: true
systemd:
name: consul
enabled: yes
state: started
when: ansible_check_mode == false
- name: Ensure systemd-resolved config directory exists
become: true
file:
path: /etc/systemd/resolved.conf.d
state: directory
- name: Configure Consul DNS in systemd-resolved
become: true
copy:
dest: /etc/systemd/resolved.conf.d/consul.conf
content: |
[Resolve]
DNS=127.0.0.1:8600
DNSSEC=false
Domains=~consul node.consul service.consul
- name: Configure Docker to use systemd-resolved
become: true
copy:
dest: /etc/systemd/resolved.conf.d/docker.conf
content: |
[Resolve]
DNSStubListener=yes
DNSStubListenerExtra=172.17.0.1
- name: Configure Docker to use systemd-resolved
become: true
copy:
dest: /etc/docker/daemon.json
content: |
{
"dns": ["172.17.0.1"]
}
- name: Restart docker daemon
become: true
systemd:
name: docker
enabled: yes
state: restarted
when: ansible_check_mode == false
# this is to stop bind9 and pdns from conflicting with systemd-resolved
- name: Remove bind9 and pdns
become: true
ansible.builtin.apt:
name:
- bind9
- pdns-backend-bind
- pdns-recursor
- pdns-server
state: absent
purge: true
when: ansible_os_family == "Debian"
- name: Restart systemd-resolved
become: true
systemd:
name: systemd-resolved
enabled: yes
state: restarted
when: ansible_check_mode == false
Reference in a new issue View git blame Copy permalink