ansible-consul
ansible-consul copied to clipboard
Published
20 hours ago •
ansible-collections
ansible-collections
dnsmasq regression
f5425ddff5853566991e3b72f380384ce021bc4e introduces regression with dnsmasq configuration (target hosts are Debian 11):
TASK [consul : Create Dnsmasq configuration] *****************************************************************************************************************************************
changed: [swarm5] => (item={'dest': '/etc/dnsmasq.d/10-consul', 'group': 'root', 'when': 'ansible_os_family|lower != "freebsd"'})
changed: [swarm1] => (item={'dest': '/etc/dnsmasq.d/10-consul', 'group': 'root', 'when': 'ansible_os_family|lower != "freebsd"'})
changed: [swarm0] => (item={'dest': '/etc/dnsmasq.d/10-consul', 'group': 'root', 'when': 'ansible_os_family|lower != "freebsd"'})
changed: [swarm2] => (item={'dest': '/etc/dnsmasq.d/10-consul', 'group': 'root', 'when': 'ansible_os_family|lower != "freebsd"'})
changed: [swarm4] => (item={'dest': '/etc/dnsmasq.d/10-consul', 'group': 'root', 'when': 'ansible_os_family|lower != "freebsd"'})
failed: [swarm5] (item={'dest': '/usr/local/etc/dnsmasq.d/consul.conf', 'group': 'wheel', 'when': 'ansible_os_family|lower == "freebsd"'}) => {"ansible_loop_var": "item", "changed": false, "checksum": "bc7eee12916de28288f07c04d49c6494a6d5e543", "item": {"dest": "/usr/local/etc/dnsmasq.d/consul.conf", "group": "wheel", "when": "ansible_os_family|lower == \"freebsd\""}, "msg": "Destination directory /usr/local/etc/dnsmasq.d does not exist"}
failed: [swarm1] (item={'dest': '/usr/local/etc/dnsmasq.d/consul.conf', 'group': 'wheel', 'when': 'ansible_os_family|lower == "freebsd"'}) => {"ansible_loop_var": "item", "changed": false, "checksum": "bc7eee12916de28288f07c04d49c6494a6d5e543", "item": {"dest": "/usr/local/etc/dnsmasq.d/consul.conf", "group": "wheel", "when": "ansible_os_family|lower == \"freebsd\""}, "msg": "Destination directory /usr/local/etc/dnsmasq.d does not exist"}
failed: [swarm0] (item={'dest': '/usr/local/etc/dnsmasq.d/consul.conf', 'group': 'wheel', 'when': 'ansible_os_family|lower == "freebsd"'}) => {"ansible_loop_var": "item", "changed": false, "checksum": "bc7eee12916de28288f07c04d49c6494a6d5e543", "item": {"dest": "/usr/local/etc/dnsmasq.d/consul.conf", "group": "wheel", "when": "ansible_os_family|lower == \"freebsd\""}, "msg": "Destination directory /usr/local/etc/dnsmasq.d does not exist"}
failed: [swarm2] (item={'dest': '/usr/local/etc/dnsmasq.d/consul.conf', 'group': 'wheel', 'when': 'ansible_os_family|lower == "freebsd"'}) => {"ansible_loop_var": "item", "changed": false, "checksum": "bc7eee12916de28288f07c04d49c6494a6d5e543", "item": {"dest": "/usr/local/etc/dnsmasq.d/consul.conf", "group": "wheel", "when": "ansible_os_family|lower == \"freebsd\""}, "msg": "Destination directory /usr/local/etc/dnsmasq.d does not exist"}
failed: [swarm4] (item={'dest': '/usr/local/etc/dnsmasq.d/consul.conf', 'group': 'wheel', 'when': 'ansible_os_family|lower == "freebsd"'}) => {"ansible_loop_var": "item", "changed": false, "checksum": "bc7eee12916de28288f07c04d49c6494a6d5e543", "item": {"dest": "/usr/local/etc/dnsmasq.d/consul.conf", "group": "wheel", "when": "ansible_os_family|lower == \"freebsd\""}, "msg": "Destination directory /usr/local/etc/dnsmasq.d does not exist"}
Running:
➜ ansible git:(main) ✗ ansible --version
ansible [core 2.12.2]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/rachel/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
ansible collection location = /home/rachel/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]
jinja version = 2.10.1
libyaml = True
➜ ansible git:(main) ✗ ansible-playbook --version
ansible-playbook [core 2.12.2]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/rachel/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
ansible collection location = /home/rachel/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible-playbook
python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]
jinja version = 2.10.1
libyaml = True
Vars:
consul_gather_server_facts: true
consul_data_path: /mirage/consul
consul_version: 1.11.4
consul_group_name: all
consul_iface: mirage0
consul_domain: mirage
consul_addresses_http: 0.0.0.0
consul_dnsmasq_enable: true
consul_dnsmasq_listen_addresses:
- 127.0.0.1
consul_dnsmasq_servers:
- 1.1.1.1
- 1.0.0.1
Found three other things wrong with that PR:
https://github.com/ansible-community/ansible-consul/blob/7106794ade97c26abbf9c319820cfcbbed5c9f57/tasks/dnsmasq.yml#L70
link_source should be lnk_source, and this shouldn't be wrapped in quotation marks as ATM it'll always evaluate as true
https://github.com/ansible-community/ansible-consul/blob/7106794ade97c26abbf9c319820cfcbbed5c9f57/tasks/dnsmasq.yml#L68-L70
Missing a check if resolv_dot_conf.stat.islnk is defined in the first place, which will make this fail outright if /etc/resolv.conf doesn't exist
https://github.com/ansible-community/ansible-consul/blob/7106794ade97c26abbf9c319820cfcbbed5c9f57/tasks/dnsmasq.yml#L62-L67 This should really be:
file:
path: /etc/resolv.conf
state: absent
as state: link creates or modifies the link, which is not what we want to do
Was this PR tested at all? I feel like these errors shouldn't have gone un-noticed like this.
Since the module is removing the symlink between and systemd, shouldn't it also create a new static /etc/resolv.conf file with a nameserver pointing to the dnsmasq listen-address?
ERROR: src file does not exist
TASK [consul : Disable systemd-resolved service] ****************************************************************************************************************************************************************
changed: [172.31.15.62]
changed: [3.223.140.234]
changed: [172.31.5.27]
TASK [consul : Check if resolv.conf is pointing to systemd-resolved] ********************************************************************************************************************************************
ok: [172.31.15.62]
ok: [3.223.140.234]
ok: [172.31.5.27]
TASK [consul : Remove resolv.conf association with systemd-resolved] ********************************************************************************************************************************************
fatal: [3.223.140.234]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0777", "msg": "src file does not exist, use \"force=yes\" if you really want to create the link: /run/resolvconf/resolv.conf", "owner": "root", "path": "/etc/resolv.conf", "size": 39, "src": "/run/resolvconf/resolv.conf", "state": "link", "uid": 0}
fatal: [172.31.15.62]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0777", "msg": "src file does not exist, use \"force=yes\" if you really want to create the link: /run/resolvconf/resolv.conf", "owner": "root", "path": "/etc/resolv.conf", "size": 39, "src": "/run/resolvconf/resolv.conf", "state": "link", "uid": 0}
fatal: [172.31.5.27]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0777", "msg": "src file does not exist, use \"force=yes\" if you really want to create the link: /run/resolvconf/resolv.conf", "owner": "root", "path": "/etc/resolv.conf", "size": 39, "src": "/run/resolvconf/resolv.conf", "state": "link", "uid": 0}
NO MORE HOSTS LEFT **********************************************************************************************************************************************************************************************
PLAY RECAP ******************************************************************************************************************************************************************************************************
172.31.15.62 : ok=48 changed=19 unreachable=0 failed=1 skipped=68 rescued=0 ignored=0
172.31.5.27 : ok=54 changed=21 unreachable=0 failed=1 skipped=69 rescued=0 ignored=1
3.223.140.234 : ok=48 changed=19 unreachable=0 failed=1 skipped=68 rescued=0 ignored=0
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
ubuntu@ip-172-31-5-27:~/postgresql_cluster$ ls -la /etc/resolv.conf
lrwxrwxrwx 1 root root 39 Dec 1 11:06 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
ubuntu@ip-172-31-5-27:~/postgresql_cluster$ ls -la /run/resolvconf/resolv.conf
ls: cannot access '/run/resolvconf/resolv.conf': No such file or directory
I rewrote the block to this form:
- name: Disable systemd-resolved
when: ansible_service_mgr == "systemd"
block:
- name: Disable systemd-resolved service
service:
name: systemd-resolved
enabled: false
state: stopped
become: true
- name: Check if resolv.conf is pointing to systemd-resolved
stat:
path: /etc/resolv.conf
register: resolv_dot_conf
- block:
- name: Remove resolv.conf association with systemd-resolved
file:
path: /etc/resolv.conf
state: absent
- name: Create /etc/resolv.conf
file:
path: /etc/resolv.conf
state: touch
owner: root
group: root
mode: u=rw,g=r,o=r
- name: Add a nameserver entry poining to localhost for dnsmasq
lineinfile:
path: /etc/resolv.conf
regexp: "^nameserver 127.0.0.1"
line: "nameserver 127.0.0.1"
unsafe_writes: true # to prevent failures in CI
become: true
when:
- resolv_dot_conf.stat.islnk is defined
- resolv_dot_conf.stat.islnk
- resolv_dot_conf.stat.lnk_source == "/run/systemd/resolve/stub-resolv.conf"
result:
ubuntu@source-pgnode02:~$ cat /etc/dnsmasq.d/10-consul
server=/consul/127.0.0.1#8600
server=8.8.8.8
server=8.8.4.4
ubuntu@source-pgnode02:~$ ls -la /etc/resolv.conf
-rw-r--r-- 1 root root 21 Jan 4 19:22 /etc/resolv.conf
ubuntu@source-pgnode02:~$
ubuntu@source-pgnode02:~$ cat /etc/resolv.conf
nameserver 127.0.0.1
ubuntu@source-pgnode02:~$
ubuntu@source-pgnode02:~$ dig +short master.patroni.service.consul SRV
1 1 6432 source-pgnode01.node.us-east-1d.consul.