From: David Galloway Date: Fri, 20 Feb 2026 21:32:14 +0000 (-0500) Subject: nameserver: Support Ubuntu X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ca1100f7b0b5af7bd3b3360479b93b08f52c41c0;p=ceph-cm-ansible.git nameserver: Support Ubuntu Signed-off-by: David Galloway --- diff --git a/roles/nameserver/handlers/main.yml b/roles/nameserver/handlers/main.yml index 248f51cf..d3bee8bd 100644 --- a/roles/nameserver/handlers/main.yml +++ b/roles/nameserver/handlers/main.yml @@ -2,11 +2,11 @@ # Restart for config file updates - name: restart named service: - name: named + name: "{{ bind_service }}" state: restarted # Reload for zone file updates - name: reload named service: - name: named + name: "{{ bind_service }}" state: reloaded diff --git a/roles/nameserver/tasks/config.yml b/roles/nameserver/tasks/config.yml index 9e0fe3ab..ced19bb5 100644 --- a/roles/nameserver/tasks/config.yml +++ b/roles/nameserver/tasks/config.yml @@ -3,8 +3,8 @@ file: path: "{{ named_conf_data_dir }}" state: directory - owner: named - group: named + owner: "{{ bind_user }}" + group: "{{ bind_group }}" - name: Create named.conf template: @@ -32,6 +32,12 @@ - ansible_selinux.status == "enabled" # Helps prevent accidental DoS +- name: Ensure nf_conntrack module is loaded + modprobe: + name: nf_conntrack + state: present + failed_when: false + - name: Double maximum configured connections sysctl: name: net.nf_conntrack_max diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index a5bdf258..f18c3cbb 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -8,14 +8,57 @@ tags: - always +- name: Import distro-specific vars + include_vars: "{{ ansible_os_family }}.yml" + tags: + - always + # Install and update system packages - import_tasks: packages.yml tags: - packages -- name: Enable and start ntpd +- name: Gather facts after installing packages + service_facts: + tags: + - always + +- name: Determine which time service exists (chrony/ntp/timesyncd) + set_fact: + time_services: "{{ ansible_facts.services.keys() | list }}" + timesyncd_service_name: >- + {{ 'systemd-timesyncd' if 'systemd-timesyncd.service' in ansible_facts.services else '' }} + chrony_service_name: >- + {{ + 'chronyd' if 'chronyd.service' in ansible_facts.services + else ('chrony' if 'chrony.service' in ansible_facts.services else '') + }} + ntp_service_name: >- + {{ + 'ntpd' if 'ntpd.service' in ansible_facts.services + else ('ntp' if 'ntp.service' in ansible_facts.services else '') + }} + tags: + - always + +- name: Set time_service_name + set_fact: + time_service_name: >- + {{ + chrony_service_name + if chrony_service_name|length > 0 + else ( + ntp_service_name + if ntp_service_name|length > 0 + else timesyncd_service_name + ) + }} + tags: + - always + +- name: "Enable and start {{ time_service_name }}" service: - name: ntpd + name: "{{ time_service_name }}" state: started enabled: yes tags: @@ -27,13 +70,14 @@ path: "{{ named_conf_zones_path }}" mode: '0700' state: directory - owner: named - group: named + owner: "{{ bind_user }}" + group: "{{ bind_group }}" tags: - always # Configure firewalld - import_tasks: firewall.yml + when: ansible_os_family != "Debian" tags: - firewall diff --git a/roles/nameserver/tasks/packages.yml b/roles/nameserver/tasks/packages.yml index 7c9fd503..939bd49d 100644 --- a/roles/nameserver/tasks/packages.yml +++ b/roles/nameserver/tasks/packages.yml @@ -1,12 +1,4 @@ --- -- name: Include nameserver package list - include_vars: packages_redhat.yml - when: ansible_os_family == "RedHat" - -- name: Include nameserver package list - include_vars: packages_suse.yml - when: ansible_os_family == "Suse" - - name: Install and update packages via yum yum: name: "{{ packages }}" @@ -22,3 +14,12 @@ when: ansible_pkg_mgr == "zypper" tags: - packages + +- name: Install and update packages via apt + apt: + name: "{{ packages }}" + state: latest + update_cache: yes + when: ansible_pkg_mgr == "apt" + tags: + - packages diff --git a/roles/nameserver/templates/named.conf.j2 b/roles/nameserver/templates/named.conf.j2 index ffccc228..c0dfd84f 100644 --- a/roles/nameserver/templates/named.conf.j2 +++ b/roles/nameserver/templates/named.conf.j2 @@ -80,11 +80,10 @@ zone "{{ key }}" { {% for key, zone in named_domains.items() %} {% if zone.reverse is defined and zone.reverse.0 is defined %} {% for reverse in zone.reverse %} -{% if ansible_env._ == "/usr/bin/python3" %} -{% set octet1,octet2,octet3,_ = reverse.split('.') %} -{% else %} -{% set octet1,octet2,octet3 = reverse.split('.') %} -{% endif %} +{% set parts = reverse.split('.') %} +{% set octet1 = parts[0] %} +{% set octet2 = parts[1] %} +{% set octet3 = parts[2] %} zone "{{ octet3 }}.{{ octet2 }}.{{ octet1 }}.in-addr.arpa" { {% if named_conf_slave is defined and named_conf_slave == true %} type slave; diff --git a/roles/nameserver/vars/Debian.yml b/roles/nameserver/vars/Debian.yml new file mode 100644 index 00000000..90a50c54 --- /dev/null +++ b/roles/nameserver/vars/Debian.yml @@ -0,0 +1,19 @@ +--- +packages: + ## misc tools + - vim + - wget + - plocate + - git + ## bind-specific packages + - bind9 + - bind9utils + ## for NTP + - ntp + - ntpdate + +bind_service: bind9 +bind_user: bind +bind_group: bind + +named_conf_zones_path: /etc/bind/zones diff --git a/roles/nameserver/vars/RedHat.yml b/roles/nameserver/vars/RedHat.yml new file mode 100644 index 00000000..f76cfbea --- /dev/null +++ b/roles/nameserver/vars/RedHat.yml @@ -0,0 +1,25 @@ +--- +packages: + ## misc tools + - vim + - wget + - mlocate + - git + - redhat-lsb-core + ## bind-specific packages + - bind + - bind-utils + ## firewall + - firewalld + ## monitoring + - nrpe + - nagios-plugins-all + ## for NTP + - ntp + - ntpdate + +bind_service: named +bind_user: named +bind_group: named + +named_conf_zones_path: /var/named/zones diff --git a/roles/nameserver/vars/Suse.yml b/roles/nameserver/vars/Suse.yml new file mode 100644 index 00000000..82e9e6c4 --- /dev/null +++ b/roles/nameserver/vars/Suse.yml @@ -0,0 +1,27 @@ +--- +packages: + ## misc tools + - vim + - wget + - mlocate + - git + - lsb + ## bind-specific packages + - bind + - bind-utils + ## firewall + - firewalld + ## monitoring + - nrpe + - nagios-plugins-all + ## for NTP + - ntp + #- ntpdate + # do we really need selinux on opensuse? + - python-selinux + +bind_service: named +bind_user: named +bind_group: named + +named_conf_zones_path: /var/lib/named diff --git a/roles/nameserver/vars/packages_redhat.yml b/roles/nameserver/vars/packages_redhat.yml deleted file mode 100644 index ee3222fd..00000000 --- a/roles/nameserver/vars/packages_redhat.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -packages: - ## misc tools - - vim - - wget - - mlocate - - git - - redhat-lsb-core - ## bind-specific packages - - bind - - bind-utils - ## firewall - - firewalld - ## monitoring - - nrpe - - nagios-plugins-all - ## for NTP - - ntp - - ntpdate diff --git a/roles/nameserver/vars/packages_suse.yml b/roles/nameserver/vars/packages_suse.yml deleted file mode 100644 index 341e68ff..00000000 --- a/roles/nameserver/vars/packages_suse.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -packages: - ## misc tools - - vim - - wget - - mlocate - - git - - lsb - ## bind-specific packages - - bind - - bind-utils - ## firewall - - firewalld - ## monitoring - - nrpe - - nagios-plugins-all - ## for NTP - - ntp - #- ntpdate - # do we really need selinux on opensuse? - - python-selinux