changes to add unbound dns as separate option

objectrocket · Jan 24, 2016 · 8de2808 · 8de2808
1 parent 2e9f2a7
commit 8de2808
Show file tree

Hide file tree

Showing 7 changed files with 89 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.idea/
diff --git a/playbooks/group_vars/all b/playbooks/group_vars/all
@@ -7,6 +7,7 @@ custom_repo_url: ''
 custom_repo_target: 'api/v1/stacks/HDP/versions/2.3/operating_systems/redhat6/repositories/HDP-2.3'
 ambari_version: '2.1.2.1'
 spark_stack: false
+use_dns: false
 install_spark: true
 install_flume: false
 install_hbase: false

diff --git a/playbooks/roles/common/tasks/main.yml b/playbooks/roles/common/tasks/main.yml
@@ -131,6 +131,9 @@
 - name: Set hosts file
   template: src=hosts.j2 dest=/etc/hosts mode=0644
 
+- include: unbound-dns.yml 
+  when: use_dns
+
 - include: firewall.yml
   when: cloud_nodes_count is defined and cloud_nodes_count > 0
 

diff --git a/playbooks/roles/common/tasks/unbound-dns.yml b/playbooks/roles/common/tasks/unbound-dns.yml
@@ -0,0 +1,37 @@
+---
+- name: Start the unbound service
+  service: name=unbound state=restarted enabled=yes
+
+- name: Rearrange Ubuntu unbound configuration to match default RHEL
+  shell: sed -i 's/unbound\.conf\.d/conf\.d/g' /etc/unbound/unbound.conf;
+ 		 mv /etc/unbound/unbound.conf.d /etc/unbound/conf.d;
+ 		 mkdir /etc/unbound/local.d;
+ 		 grep -q -F '/etc/unbound/local.d/*.conf' /etc/unbound/unbound.conf || echo "include{{ ":" }} \"/etc/unbound/local.d/*.conf\"" >> /etc/unbound/unbound.conf;
+   		 sed -i 's/RESOLVCONF_FORWARDERS=true/RESOLVCONF_FORWARDERS=false/g' /etc/default/unbound
+  when: ansible_os_family == "Debian"
+
+- name: Configure unbound service
+  template: src=redhat-unbound.j2 dest=/etc/unbound/conf.d/mbd.conf
+  notify: Restart unbound
+
+- name: Configure unbound service on the master node
+  template: src=redhat-unbound-master.j2 dest=/etc/unbound/conf.d/mbd.conf
+  when: ansible_fqdn == hostvars[groups['master-nodes'][0]]['ansible_fqdn']
+  notify: Restart unbound
+
+- name: Configure unbound cluster zone on the master node
+  template: src=redhat-unbound-zonefile.j2 dest=/etc/unbound/local.d/{{ ansible_domain }}_zone.conf
+  when: ansible_fqdn == hostvars[groups['master-nodes'][0]]['ansible_fqdn']
+  notify: Restart unbound
+
+- name: Update resolv.conf file with local nameserver
+  lineinfile: dest={{ resolv_conf }}
+ 			  regexp="^nameserver 127.0.0.1"
+ 			  insertbefore="^nameserver "
+ 			  line="nameserver 127.0.0.1"
+
+- name: Update resolv.conf file with master node nameserver
+  lineinfile: dest={{ resolv_conf }}
+ 			  regexp="^nameserver {{ hostvars[groups['master-nodes'][0]][['ansible_', hostvars[groups['master-nodes'][0]]['cluster_interface']]|join]['ipv4']['address'] }}"
+ 			  insertbefore="^nameserver "
+ 			  line="nameserver {{ hostvars[groups['master-nodes'][0]][['ansible_', hostvars[groups['master-nodes'][0]]['cluster_interface']]|join]['ipv4']['address'] }}"
diff --git a/playbooks/roles/common/templates/redhat-unbound-master.j2 b/playbooks/roles/common/templates/redhat-unbound-master.j2
@@ -0,0 +1,20 @@
+server:
+    interface: 127.0.0.1
+    interface: {{ hostvars[groups['master-nodes'][0]][['ansible_', hostvars[groups['master-nodes'][0]]['cluster_interface']]|join]['ipv4']['address'] }}
+    access-control: 127.0.0.0/8 allow
+    access-control: 10.0.0.0/8 allow
+    domain-insecure: "{{ ansible_domain }}"
+    local-zone: "10.in-addr.arpa." nodefault
+
+stub-zone:
+    name: "10.in-addr.arpa."
+    stub-addr: {{ hostvars[groups['master-nodes'][0]][['ansible_', hostvars[groups['master-nodes'][0]]['cluster_interface']]|join]['ipv4']['address'] }}
+
+forward-zone:
+    name: "."
+    forward-addr: 8.8.8.8
+    forward-addr: 8.8.4.4
+
+remote-control:
+    control-interface: 127.0.0.1
+
diff --git a/playbooks/roles/common/templates/redhat-unbound-zonefile.j2 b/playbooks/roles/common/templates/redhat-unbound-zonefile.j2
@@ -0,0 +1,9 @@
+# Local zone
+
+local-zone: "{{ ansible_domain }}." static
+
+{% for node in groups['hadoop-cluster'] %}
+local-data: "{{ hostvars[node]['ansible_fqdn'] }}. IN A {{ hostvars[node][['ansible_', hostvars[node]['cluster_interface']]|join]['ipv4']['address'] }}"
+local-data-ptr: "{{ hostvars[node][['ansible_', hostvars[node]['cluster_interface']]|join]['ipv4']['address'] }} {{ hostvars[node]['ansible_fqdn'] }}"
+
+{% endfor %}
diff --git a/playbooks/roles/common/templates/redhat-unbound.j2 b/playbooks/roles/common/templates/redhat-unbound.j2
@@ -0,0 +1,18 @@
+server:
+    interface: 127.0.0.1
+    access-control: 127.0.0.0/8 allow
+    access-control: 10.0.0.0/8 allow
+    domain-insecure: "{{ ansible_domain }}"
+    local-zone: "10.in-addr.arpa." nodefault
+
+stub-zone:
+    name: "10.in-addr.arpa."
+    stub-addr: {{ hostvars[groups['master-nodes'][0]][['ansible_', hostvars[groups['master-nodes'][0]]['cluster_interface']]|join]['ipv4']['address'] }}
+
+forward-zone:
+    name: "."
+    forward-addr: {{ hostvars[groups['master-nodes'][0]][['ansible_', hostvars[groups['master-nodes'][0]]['cluster_interface']]|join]['ipv4']['address'] }}
+
+remote-control:
+    control-interface: 127.0.0.7
+