diff --git a/playbooks/ghp/dns.yaml b/playbooks/ghp/dns.yaml index 0a0f35d..d4e2644 100644 --- a/playbooks/ghp/dns.yaml +++ b/playbooks/ghp/dns.yaml @@ -1,4 +1,5 @@ --- - hosts: knot_dns + become: true roles: - knot diff --git a/roles/knot/defaults/main.yml b/roles/knot/defaults/main.yaml similarity index 75% rename from roles/knot/defaults/main.yml rename to roles/knot/defaults/main.yaml index f12e0df..9eb14e2 100644 --- a/roles/knot/defaults/main.yml +++ b/roles/knot/defaults/main.yaml @@ -1,4 +1,15 @@ --- +knot_version: "" + +# XDP datapath options +# Note: rfc2136 aka nsupdate aka dynamic update +# not working with XDP +knot_xdp: false +knot_xdp_interface: "eth0" + +# QUIC protocol +knot_quic: false + knot_conf: | # This is a sample of a minimal configuration file for Knot DNS. # See knot.conf(5) or refer to the server documentation. @@ -8,7 +19,16 @@ knot_conf: | user: knot:knot listen: [ 0.0.0.0@53, ::@53 ] udp-max-payload: 1232 - + {% if knot_quic %} + listen-quic: [ 0.0.0.0, :: ] + {% endif %} + {% if knot_xdp %} + xdp: + listen: {{ knot_xdp_interface }} + udp: true + tcp: true + quic: true + {% endif %} log: - target: syslog any: debug diff --git a/roles/knot/handlers/main.yaml b/roles/knot/handlers/main.yaml new file mode 100644 index 0000000..7313c78 --- /dev/null +++ b/roles/knot/handlers/main.yaml @@ -0,0 +1,6 @@ +--- +- name: Restart knot + systemd: + name: knot + state: restarted + daemon_reload: true diff --git a/roles/knot/handlers/main.yml b/roles/knot/handlers/main.yml deleted file mode 100644 index b669e99..0000000 --- a/roles/knot/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: restart knot - service: "name=knot state=restarted" - become: true diff --git a/roles/knot/meta/main.yml b/roles/knot/meta/main.yaml similarity index 100% rename from roles/knot/meta/main.yml rename to roles/knot/meta/main.yaml diff --git a/roles/knot/tasks/RedHat.yaml b/roles/knot/tasks/RedHat.yaml new file mode 100644 index 0000000..e57c353 --- /dev/null +++ b/roles/knot/tasks/RedHat.yaml @@ -0,0 +1,28 @@ +--- +- name: Install knot {{- knot_version }} packages + dnf: + name: "{{ knot_packages }}" + state: "{{ 'latest' if knot_version == 'latest' else 'present' }}" + update_cache: true + +- name: Include XDP configuratio + when: knot_xdp + block: + - name: Create override directory for knot systemd unit + file: + name: /etc/systemd/system/knot.service.d + state: directory + - name: Create override.conf for knot for XDP + copy: + dest: /etc/systemd/system/knot.service.d/override.conf + content: | + [Service] + CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE + AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE + notify: Restart knot + + - name: Install deps for XDP + dnf: + name: "{{ knot_deps_packages }}" + state: present + update_cache: true diff --git a/roles/knot/tasks/install.yml b/roles/knot/tasks/install.yml deleted file mode 100644 index bc8ae5d..0000000 --- a/roles/knot/tasks/install.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# RedHat Family (RedHat, Fendora, CentOS, Amazon, etc) -- name: packages (RedHat) - yum: - name: knot - state: present - when: ansible_os_family == "RedHat" diff --git a/roles/knot/tasks/main.yaml b/roles/knot/tasks/main.yaml new file mode 100644 index 0000000..5a0cbbc --- /dev/null +++ b/roles/knot/tasks/main.yaml @@ -0,0 +1,40 @@ +--- +- name: Make sure handlers are flushed immediately + meta: flush_handlers + +- name: Load a variable file based on the OS type + include_vars: "{{ lookup('first_found', params) }}" + vars: + params: + files: + - "{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yaml" + - "{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yaml" + - "{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_major_version'] }}.yaml" + - "{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_version'] }}.yaml" + - "{{ ansible_facts['distribution'] }}.yaml" + - "{{ ansible_facts['os_family'] }}.yaml" + - main.yaml + paths: + - "vars" + tags: knot_vars + +- name: Include knot install for {{ ansible_distribution }} + include_tasks: "{{ ansible_facts['os_family'] }}.yaml" + +- name: Configure knot + copy: + content: "{{ knot_conf }}" + dest: /etc/knot/knot.conf + mode: 0640 + owner: "root" + group: "knot" + validate: "knotc -c %s conf-check" + notify: Restart knot + +- name: Enable and start knot + systemd: + name: "knot" + enabled: true + state: started + masked: false + daemon_reload: true diff --git a/roles/knot/tasks/main.yml b/roles/knot/tasks/main.yml deleted file mode 100644 index 3a4d33d..0000000 --- a/roles/knot/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: install - become: true - include: install.yml - -# Configuration -- name: configure knot - become: true - copy: - content: "{{ knot_conf }}" - dest: /etc/knot/knot.conf - mode: 0640 - owner: "root" - group: "knot" - validate: "knotc -c %s conf-check" - notify: restart knot - -- name: enable knot - become: true - systemd: - name: "knot" - enabled: yes - state: started - daemon_reload: yes diff --git a/roles/knot/vars/RedHat.yaml b/roles/knot/vars/RedHat.yaml new file mode 100644 index 0000000..622b468 --- /dev/null +++ b/roles/knot/vars/RedHat.yaml @@ -0,0 +1,7 @@ +knot_package_name: knot +knot_packages: + - "{{ knot_package_name + '-' + knot_version if (knot_version is defined and (knot_version != '*' and knot_version != '' and knot_version != 'latest')) else knot_package_name }}" + - "{{ knot_package_name + '-' + 'tools' + '-' + knot_version if (knot_version is defined and (knot_version != '*' and knot_version != '' and knot_version != 'latest')) else knot_package_name }}" +knot_deps_packages: + - xdp-tools + - bpftool diff --git a/roles/knot/vars/main.yaml b/roles/knot/vars/main.yaml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/roles/knot/vars/main.yaml @@ -0,0 +1 @@ +---