ghp/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

knot: rewrite role

Browse Source
This commit is contained in:
ace 2024-01-20 04:26:37 +03:00
parent 37225e7895
commit bf1fae3c45
Signed by: ace
GPG Key ID: 2C08973DD37A76FD
11 changed files with 104 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
playbooks/ghp/dns.yaml
View File

@ -1,4 +1,5 @@
--- ---
- hosts: knot_dns - hosts: knot_dns
become: true
roles: roles:
- knot - knot

22
roles/knot/defaults/main.yml → roles/knot/defaults/main.yaml
View File

@ -1,4 +1,15 @@
--- ---
knot_version: ""
# XDP datapath options
# Note: rfc2136 aka nsupdate aka dynamic update
# not working with XDP
knot_xdp: false
knot_xdp_interface: "eth0"
# QUIC protocol
knot_quic: false
knot_conf: | knot_conf: |
# This is a sample of a minimal configuration file for Knot DNS. # This is a sample of a minimal configuration file for Knot DNS.
# See knot.conf(5) or refer to the server documentation. # See knot.conf(5) or refer to the server documentation.
@ -8,7 +19,16 @@ knot_conf: |
user: knot:knot user: knot:knot
listen: [ 0.0.0.0@53, ::@53 ] listen: [ 0.0.0.0@53, ::@53 ]
udp-max-payload: 1232 udp-max-payload: 1232
{% if knot_quic %}
listen-quic: [ 0.0.0.0, :: ]
{% endif %}
{% if knot_xdp %}
xdp:
listen: {{ knot_xdp_interface }}
udp: true
tcp: true
quic: true
{% endif %}
log: log:
- target: syslog - target: syslog
any: debug any: debug

6
roles/knot/handlers/main.yaml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Restart knot
systemd:
name: knot
state: restarted
daemon_reload: true

4
roles/knot/handlers/main.yml
View File

@ -1,4 +0,0 @@
---
- name: restart knot
service: "name=knot state=restarted"
become: true

0
roles/knot/meta/main.yml → roles/knot/meta/main.yaml
View File

28
roles/knot/tasks/RedHat.yaml Normal file
View File

@ -0,0 +1,28 @@
---
- name: Install knot {{- knot_version }} packages
dnf:
name: "{{ knot_packages }}"
state: "{{ 'latest' if knot_version == 'latest' else 'present' }}"
update_cache: true
- name: Include XDP configuratio
when: knot_xdp
block:
- name: Create override directory for knot systemd unit
file:
name: /etc/systemd/system/knot.service.d
state: directory
- name: Create override.conf for knot for XDP
copy:
dest: /etc/systemd/system/knot.service.d/override.conf
content: |
[Service]
CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
notify: Restart knot
- name: Install deps for XDP
dnf:
name: "{{ knot_deps_packages }}"
state: present
update_cache: true

7
roles/knot/tasks/install.yml
View File

@ -1,7 +0,0 @@
---
# RedHat Family (RedHat, Fendora, CentOS, Amazon, etc)
- name: packages (RedHat)
yum:
name: knot
state: present
when: ansible_os_family == "RedHat"

40
roles/knot/tasks/main.yaml Normal file
View File

@ -0,0 +1,40 @@
---
- name: Make sure handlers are flushed immediately
meta: flush_handlers
- name: Load a variable file based on the OS type
include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yaml"
- "{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yaml"
- "{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_major_version'] }}.yaml"
- "{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_version'] }}.yaml"
- "{{ ansible_facts['distribution'] }}.yaml"
- "{{ ansible_facts['os_family'] }}.yaml"
- main.yaml
paths:
- "vars"
tags: knot_vars
- name: Include knot install for {{ ansible_distribution }}
include_tasks: "{{ ansible_facts['os_family'] }}.yaml"
- name: Configure knot
copy:
content: "{{ knot_conf }}"
dest: /etc/knot/knot.conf
mode: 0640
owner: "root"
group: "knot"
validate: "knotc -c %s conf-check"
notify: Restart knot
- name: Enable and start knot
systemd:
name: "knot"
enabled: true
state: started
masked: false
daemon_reload: true

24
roles/knot/tasks/main.yml
View File

@ -1,24 +0,0 @@
---
- name: install
become: true
include: install.yml
# Configuration
- name: configure knot
become: true
copy:
content: "{{ knot_conf }}"
dest: /etc/knot/knot.conf
mode: 0640
owner: "root"
group: "knot"
validate: "knotc -c %s conf-check"
notify: restart knot
- name: enable knot
become: true
systemd:
name: "knot"
enabled: yes
state: started
daemon_reload: yes

7
roles/knot/vars/RedHat.yaml Normal file
View File

@ -0,0 +1,7 @@
knot_package_name: knot
knot_packages:
- "{{ knot_package_name + '-' + knot_version if (knot_version is defined and (knot_version != '*' and knot_version != '' and knot_version != 'latest')) else knot_package_name }}"
- "{{ knot_package_name + '-' + 'tools' + '-' + knot_version if (knot_version is defined and (knot_version != '*' and knot_version != '' and knot_version != 'latest')) else knot_package_name }}"
knot_deps_packages:
- xdp-tools
- bpftool

1
roles/knot/vars/main.yaml Normal file
View File

@ -0,0 +1 @@
---