knot: rewrite role
This commit is contained in:
parent
37225e7895
commit
bf1fae3c45
GPG Key ID:
2C08973DD37A76FD
@ -1,4 +1,5 @@
|
||||
---
|
||||
- hosts: knot_dns
|
||||
become: true
|
||||
roles:
|
||||
- knot
|
||||
|
||||
@ -1,4 +1,15 @@
|
||||
---
|
||||
knot_version: ""
|
||||
|
||||
# XDP datapath options
|
||||
# Note: rfc2136 aka nsupdate aka dynamic update
|
||||
# not working with XDP
|
||||
knot_xdp: false
|
||||
knot_xdp_interface: "eth0"
|
||||
|
||||
# QUIC protocol
|
||||
knot_quic: false
|
||||
|
||||
knot_conf: |
|
||||
# This is a sample of a minimal configuration file for Knot DNS.
|
||||
# See knot.conf(5) or refer to the server documentation.
|
||||
@ -8,7 +19,16 @@ knot_conf: |
|
||||
user: knot:knot
|
||||
listen: [ 0.0.0.0@53, ::@53 ]
|
||||
udp-max-payload: 1232
|
||||
|
||||
{% if knot_quic %}
|
||||
listen-quic: [ 0.0.0.0, :: ]
|
||||
{% endif %}
|
||||
{% if knot_xdp %}
|
||||
xdp:
|
||||
listen: {{ knot_xdp_interface }}
|
||||
udp: true
|
||||
tcp: true
|
||||
quic: true
|
||||
{% endif %}
|
||||
log:
|
||||
- target: syslog
|
||||
any: debug
|
||||
6
roles/knot/handlers/main.yaml
Normal file
6
roles/knot/handlers/main.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: Restart knot
|
||||
systemd:
|
||||
name: knot
|
||||
state: restarted
|
||||
daemon_reload: true
|
||||
@ -1,4 +0,0 @@
|
||||
---
|
||||
- name: restart knot
|
||||
service: "name=knot state=restarted"
|
||||
become: true
|
||||
28
roles/knot/tasks/RedHat.yaml
Normal file
28
roles/knot/tasks/RedHat.yaml
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
- name: Install knot {{- knot_version }} packages
|
||||
dnf:
|
||||
name: "{{ knot_packages }}"
|
||||
state: "{{ 'latest' if knot_version == 'latest' else 'present' }}"
|
||||
update_cache: true
|
||||
|
||||
- name: Include XDP configuratio
|
||||
when: knot_xdp
|
||||
block:
|
||||
- name: Create override directory for knot systemd unit
|
||||
file:
|
||||
name: /etc/systemd/system/knot.service.d
|
||||
state: directory
|
||||
- name: Create override.conf for knot for XDP
|
||||
copy:
|
||||
dest: /etc/systemd/system/knot.service.d/override.conf
|
||||
content: |
|
||||
[Service]
|
||||
CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
|
||||
AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
|
||||
notify: Restart knot
|
||||
|
||||
- name: Install deps for XDP
|
||||
dnf:
|
||||
name: "{{ knot_deps_packages }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
# RedHat Family (RedHat, Fendora, CentOS, Amazon, etc)
|
||||
- name: packages (RedHat)
|
||||
yum:
|
||||
name: knot
|
||||
state: present
|
||||
when: ansible_os_family == "RedHat"
|
||||
40
roles/knot/tasks/main.yaml
Normal file
40
roles/knot/tasks/main.yaml
Normal file
@ -0,0 +1,40 @@
|
||||
---
|
||||
- name: Make sure handlers are flushed immediately
|
||||
meta: flush_handlers
|
||||
|
||||
- name: Load a variable file based on the OS type
|
||||
include_vars: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yaml"
|
||||
- "{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yaml"
|
||||
- "{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_major_version'] }}.yaml"
|
||||
- "{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_version'] }}.yaml"
|
||||
- "{{ ansible_facts['distribution'] }}.yaml"
|
||||
- "{{ ansible_facts['os_family'] }}.yaml"
|
||||
- main.yaml
|
||||
paths:
|
||||
- "vars"
|
||||
tags: knot_vars
|
||||
|
||||
- name: Include knot install for {{ ansible_distribution }}
|
||||
include_tasks: "{{ ansible_facts['os_family'] }}.yaml"
|
||||
|
||||
- name: Configure knot
|
||||
copy:
|
||||
content: "{{ knot_conf }}"
|
||||
dest: /etc/knot/knot.conf
|
||||
mode: 0640
|
||||
owner: "root"
|
||||
group: "knot"
|
||||
validate: "knotc -c %s conf-check"
|
||||
notify: Restart knot
|
||||
|
||||
- name: Enable and start knot
|
||||
systemd:
|
||||
name: "knot"
|
||||
enabled: true
|
||||
state: started
|
||||
masked: false
|
||||
daemon_reload: true
|
||||
@ -1,24 +0,0 @@
|
||||
---
|
||||
- name: install
|
||||
become: true
|
||||
include: install.yml
|
||||
|
||||
# Configuration
|
||||
- name: configure knot
|
||||
become: true
|
||||
copy:
|
||||
content: "{{ knot_conf }}"
|
||||
dest: /etc/knot/knot.conf
|
||||
mode: 0640
|
||||
owner: "root"
|
||||
group: "knot"
|
||||
validate: "knotc -c %s conf-check"
|
||||
notify: restart knot
|
||||
|
||||
- name: enable knot
|
||||
become: true
|
||||
systemd:
|
||||
name: "knot"
|
||||
enabled: yes
|
||||
state: started
|
||||
daemon_reload: yes
|
||||
7
roles/knot/vars/RedHat.yaml
Normal file
7
roles/knot/vars/RedHat.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
knot_package_name: knot
|
||||
knot_packages:
|
||||
- "{{ knot_package_name + '-' + knot_version if (knot_version is defined and (knot_version != '*' and knot_version != '' and knot_version != 'latest')) else knot_package_name }}"
|
||||
- "{{ knot_package_name + '-' + 'tools' + '-' + knot_version if (knot_version is defined and (knot_version != '*' and knot_version != '' and knot_version != 'latest')) else knot_package_name }}"
|
||||
knot_deps_packages:
|
||||
- xdp-tools
|
||||
- bpftool
|
||||
1
roles/knot/vars/main.yaml
Normal file
1
roles/knot/vars/main.yaml
Normal file
@ -0,0 +1 @@
|
||||
---
|
||||
Loading…
Reference in New Issue
Block a user