diff --git a/cluster.yml b/cluster.yml index cdaa9df11..eabd16e31 100644 --- a/cluster.yml +++ b/cluster.yml @@ -19,6 +19,7 @@ - ldap - node_exporter - cluster + - resolver - name: Install ansible on admin interfaces (DAI & SAI). hosts: diff --git a/group_vars/gearshift-cluster/vars.yml b/group_vars/gearshift-cluster/vars.yml index f9cd8fb2f..0fd9eb6b2 100644 --- a/group_vars/gearshift-cluster/vars.yml +++ b/group_vars/gearshift-cluster/vars.yml @@ -23,4 +23,9 @@ ldap_port: 389 ldaps_port: 636 ldap_base: ou=umcg,o=asds ldap_binddn: cn=clusteradminumcg,o=asds +nameservers: [ + '172.23.40.244', # Order is important: local DNS for Isilon storage first! + '8.8.4.4', # Google DNS. + '8.8.8.8', # Google DNS. +] ... diff --git a/group_vars/hyperchicken-cluster/vars.yml b/group_vars/hyperchicken-cluster/vars.yml index b010e2cdf..364e66e7e 100644 --- a/group_vars/hyperchicken-cluster/vars.yml +++ b/group_vars/hyperchicken-cluster/vars.yml @@ -32,4 +32,9 @@ security_group_id: SSH-and-ping-2 slurm_ldap: false availability_zone: AZ_1 local_volume_size: 1 +nameservers: [ + '/em-isi-3126.ebi.ac.uk/10.35.126.201', # Local DNS lookups for shared storage. + '8.8.4.4', # Google DNS. + '8.8.8.8', # Google DNS. +] ... diff --git a/group_vars/talos-cluster/vars.yml b/group_vars/talos-cluster/vars.yml index 74d738673..3c61ba520 100644 --- a/group_vars/talos-cluster/vars.yml +++ b/group_vars/talos-cluster/vars.yml @@ -23,4 +23,9 @@ ldap_port: 389 ldaps_port: 636 ldap_base: ou=umcg,o=asds ldap_binddn: cn=clusteradminumcg,o=asds +nameservers: [ + '172.23.40.244', # Order is important: local DNS for Isilon storage first! + '8.8.4.4', # Google DNS. + '8.8.8.8', # Google DNS. +] ... \ No newline at end of file diff --git a/resolver.yml b/resolver.yml new file mode 100644 index 000000000..ab99aeb74 --- /dev/null +++ b/resolver.yml @@ -0,0 +1,5 @@ +--- +- hosts: cluster + roles: + - resolver +... \ No newline at end of file diff --git a/roles/resolver/handlers/main.yml b/roles/resolver/handlers/main.yml new file mode 100644 index 000000000..c7154496a --- /dev/null +++ b/roles/resolver/handlers/main.yml @@ -0,0 +1,13 @@ +--- +# +# Important: maintain correct handler order. +# Handlers are executed in the order in which they are defined +# and not in the order in whch they are listed in a "notify: handler_name" statement! +# +- name: Restart dnsmasq service. + service: + name: dnsmasq + state: restarted + become: true + listen: restart_dnsmasq +... \ No newline at end of file diff --git a/roles/resolver/tasks/main.yml b/roles/resolver/tasks/main.yml new file mode 100644 index 000000000..600578c80 --- /dev/null +++ b/roles/resolver/tasks/main.yml @@ -0,0 +1,39 @@ +--- +- name: Install dnsmasq + yum: + state: latest + update_cache: yes + name: + - dnsmasq + become: true + notify: restart_dnsmasq + +- name: Configure /etc/dnsmasq.conf to use nameservers as listed in group_vars for this cluster. + template: + dest: '/etc/dnsmasq.conf' + src: 'templates/dnsmasq.conf.j2' + owner: root + group: root + mode: 0644 + become: true + notify: restart_dnsmasq + +- name: Configure /etc/resolv.conf to use dnsmasq on localhost. + copy: + dest: '/etc/resolv.conf' + content: nameserver 127.0.0.1 + owner: root + group: root + mode: 0644 + become: true + notify: restart_dnsmasq + +- name: Enable dnsmasq service. + systemd: + name: 'dnsmasq.service' + enabled: yes + become: true + notify: restart_dnsmasq + +- meta: flush_handlers +... \ No newline at end of file diff --git a/roles/resolver/templates/dnsmasq.conf.j2 b/roles/resolver/templates/dnsmasq.conf.j2 new file mode 100644 index 000000000..5f774b96e --- /dev/null +++ b/roles/resolver/templates/dnsmasq.conf.j2 @@ -0,0 +1,3 @@ +{% for nameserver in nameservers %} +server={{ nameserver }} +{% endfor %}