diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9f11b75 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.idea/ diff --git a/playbooks/group_vars/all b/playbooks/group_vars/all index c271b2f..7a6e6c3 100644 --- a/playbooks/group_vars/all +++ b/playbooks/group_vars/all @@ -7,6 +7,7 @@ custom_repo_url: '' custom_repo_target: 'api/v1/stacks/HDP/versions/2.3/operating_systems/redhat6/repositories/HDP-2.3' ambari_version: '2.1.2.1' spark_stack: false +use_dns: false install_spark: true install_flume: false install_hbase: false diff --git a/playbooks/roles/common/tasks/main.yml b/playbooks/roles/common/tasks/main.yml index 642d73a..5e19e4e 100644 --- a/playbooks/roles/common/tasks/main.yml +++ b/playbooks/roles/common/tasks/main.yml @@ -131,6 +131,9 @@ - name: Set hosts file template: src=hosts.j2 dest=/etc/hosts mode=0644 +- include: unbound-dns.yml + when: use_dns + - include: firewall.yml when: cloud_nodes_count is defined and cloud_nodes_count > 0 diff --git a/playbooks/roles/common/tasks/unbound-dns.yml b/playbooks/roles/common/tasks/unbound-dns.yml new file mode 100644 index 0000000..d8b6040 --- /dev/null +++ b/playbooks/roles/common/tasks/unbound-dns.yml @@ -0,0 +1,37 @@ +--- +- name: Start the unbound service + service: name=unbound state=restarted enabled=yes + +- name: Rearrange Ubuntu unbound configuration to match default RHEL + shell: sed -i 's/unbound\.conf\.d/conf\.d/g' /etc/unbound/unbound.conf; + mv /etc/unbound/unbound.conf.d /etc/unbound/conf.d; + mkdir /etc/unbound/local.d; + grep -q -F '/etc/unbound/local.d/*.conf' /etc/unbound/unbound.conf || echo "include{{ ":" }} \"/etc/unbound/local.d/*.conf\"" >> /etc/unbound/unbound.conf; + sed -i 's/RESOLVCONF_FORWARDERS=true/RESOLVCONF_FORWARDERS=false/g' /etc/default/unbound + when: ansible_os_family == "Debian" + +- name: Configure unbound service + template: src=redhat-unbound.j2 dest=/etc/unbound/conf.d/mbd.conf + notify: Restart unbound + +- name: Configure unbound service on the master node + template: src=redhat-unbound-master.j2 dest=/etc/unbound/conf.d/mbd.conf + when: ansible_fqdn == hostvars[groups['master-nodes'][0]]['ansible_fqdn'] + notify: Restart unbound + +- name: Configure unbound cluster zone on the master node + template: src=redhat-unbound-zonefile.j2 dest=/etc/unbound/local.d/{{ ansible_domain }}_zone.conf + when: ansible_fqdn == hostvars[groups['master-nodes'][0]]['ansible_fqdn'] + notify: Restart unbound + +- name: Update resolv.conf file with local nameserver + lineinfile: dest={{ resolv_conf }} + regexp="^nameserver 127.0.0.1" + insertbefore="^nameserver " + line="nameserver 127.0.0.1" + +- name: Update resolv.conf file with master node nameserver + lineinfile: dest={{ resolv_conf }} + regexp="^nameserver {{ hostvars[groups['master-nodes'][0]][['ansible_', hostvars[groups['master-nodes'][0]]['cluster_interface']]|join]['ipv4']['address'] }}" + insertbefore="^nameserver " + line="nameserver {{ hostvars[groups['master-nodes'][0]][['ansible_', hostvars[groups['master-nodes'][0]]['cluster_interface']]|join]['ipv4']['address'] }}" \ No newline at end of file diff --git a/playbooks/roles/common/templates/redhat-unbound-master.j2 b/playbooks/roles/common/templates/redhat-unbound-master.j2 new file mode 100755 index 0000000..5a22b08 --- /dev/null +++ b/playbooks/roles/common/templates/redhat-unbound-master.j2 @@ -0,0 +1,20 @@ +server: + interface: 127.0.0.1 + interface: {{ hostvars[groups['master-nodes'][0]][['ansible_', hostvars[groups['master-nodes'][0]]['cluster_interface']]|join]['ipv4']['address'] }} + access-control: 127.0.0.0/8 allow + access-control: 10.0.0.0/8 allow + domain-insecure: "{{ ansible_domain }}" + local-zone: "10.in-addr.arpa." nodefault + +stub-zone: + name: "10.in-addr.arpa." + stub-addr: {{ hostvars[groups['master-nodes'][0]][['ansible_', hostvars[groups['master-nodes'][0]]['cluster_interface']]|join]['ipv4']['address'] }} + +forward-zone: + name: "." + forward-addr: 8.8.8.8 + forward-addr: 8.8.4.4 + +remote-control: + control-interface: 127.0.0.1 + diff --git a/playbooks/roles/common/templates/redhat-unbound-zonefile.j2 b/playbooks/roles/common/templates/redhat-unbound-zonefile.j2 new file mode 100755 index 0000000..e7b9b13 --- /dev/null +++ b/playbooks/roles/common/templates/redhat-unbound-zonefile.j2 @@ -0,0 +1,9 @@ +# Local zone + +local-zone: "{{ ansible_domain }}." static + +{% for node in groups['hadoop-cluster'] %} +local-data: "{{ hostvars[node]['ansible_fqdn'] }}. IN A {{ hostvars[node][['ansible_', hostvars[node]['cluster_interface']]|join]['ipv4']['address'] }}" +local-data-ptr: "{{ hostvars[node][['ansible_', hostvars[node]['cluster_interface']]|join]['ipv4']['address'] }} {{ hostvars[node]['ansible_fqdn'] }}" + +{% endfor %} \ No newline at end of file diff --git a/playbooks/roles/common/templates/redhat-unbound.j2 b/playbooks/roles/common/templates/redhat-unbound.j2 new file mode 100755 index 0000000..ebd8ca9 --- /dev/null +++ b/playbooks/roles/common/templates/redhat-unbound.j2 @@ -0,0 +1,18 @@ +server: + interface: 127.0.0.1 + access-control: 127.0.0.0/8 allow + access-control: 10.0.0.0/8 allow + domain-insecure: "{{ ansible_domain }}" + local-zone: "10.in-addr.arpa." nodefault + +stub-zone: + name: "10.in-addr.arpa." + stub-addr: {{ hostvars[groups['master-nodes'][0]][['ansible_', hostvars[groups['master-nodes'][0]]['cluster_interface']]|join]['ipv4']['address'] }} + +forward-zone: + name: "." + forward-addr: {{ hostvars[groups['master-nodes'][0]][['ansible_', hostvars[groups['master-nodes'][0]]['cluster_interface']]|join]['ipv4']['address'] }} + +remote-control: + control-interface: 127.0.0.7 +