Merge pull request 'inventoryFromAnsible' (#4) from inventoryFromAnsible into master

Reviewed-on: #4

README.md

@@ -1,3 +1,128 @@
 # role_dnsmasq
 
-Deploy dnsmasq.
+Ce rôle permet d'installer et configurer dnsmasq.
+
+## Variables
+
+### dnsmasq_domain
+
+Nom de domain utilisé pour qualifier les noms courts.
+
+*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
+
+### dnsmasq_servers
+
+Liste d'adresses IP auxquelles les requêtes DNS sont transmises si dnsmasq ne porte pas le domaine.
+
+*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
+
+### dnsmasq_hosts
+
+Liste d'IP ou de noms d'hôtes servant de serveur DNS.
+
+*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
+
+### dnsmasq_host_ips
+
+Liste des IP de l'hôte.
+
+*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
+
+### dnsmasq_host_aliases
+
+Liste d'alias pour un hôte (*host_groups*).
+
+*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
+
+### dnsmasq_client_filename
+
+Nom du fichier pour le client.
+
+*<span style="text-decoration: underline">Valeur par défaut:</span> `{{ inventory_hostname }}`*
+
+### dnsmasq_client_hostname
+
+Nom d'hôte du client.
+
+*<span style="text-decoration: underline">Valeur par défaut:</span> `{{ inventory_hostname }} {{ inventory_hostname_short }}`*
+
+### dnsmasq_specifics
+
+Liste de dictionnaires contenant le nom d'hôte, les alias et la liste d'IP associées.
+
+*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
+
+## Exemple d'utilisation
+
+### inventory.yml
+
+```yaml
+---
+
+all:
+  hosts:
+    host1.ykn.local:
+    host2.ykn.local:
+  children:
+    dnsservers:
+      hosts:
+        dnsmasq1.ykn.local:
+        dnsmasq2.ykn.local:
+```
+
+### group_vars/all.yml
+
+```yaml
+---
+
+dnsmasq_hosts: "{{ groups['dnsservers'] }}"
+```
+
+
+### group_vars/dnsservers.yml
+
+```yaml
+---
+
+dnsmasq_domain: ykn.local
+dnsmasq_servers:
+  - 127.0.0.1#53000
+  - ::1#53000
+```
+
+### host_vars/host1.ykn.local.yml
+
+```yaml
+---
+
+dnsmasq_host_ipv4: [192.168.50.6]
+dnsmasq_host_ipv6: [fd00:ff50::d006]
+
+dnsmasq_host_alias:
+  - monsuperhost1.ykn.local
+  - monsuperhost1
+  - toto.ykn.local
+  - toto
+```
+
+### playbook.yml
+
+```yaml
+---
+
+- name: Déployer les serveurs DNS
+  hosts: dnsservers
+  roles:
+    - name: stubby
+    - name: dnsmasq
+    - name: nftables
+
+- name: Gérer l'enregistrement DNS
+  hosts: 'all:!dnsservers'
+  gather_facts: false
+  tasks:
+    - name: Inclure le rôle
+      ansible.builtin.include_role:
+        name: dnsmasq
+        tasks_from: client
+```

defaults/main.yml

@@ -1,22 +1,10 @@
 ---
 # defaults file for dnsmasq
 
-# Directory to deploy override conf of systemd-resolved
-dnsmasq_resolved_directory: /etc/systemd/resolved.conf.d
-
-# Directory to deploy configuration
-dnsmasq_conf_directory: /etc/dnsmasq.d
-
-# Directory to deploy records files
-dnsmasq_records_directory: "{{ dnsmasq_conf_directory }}/records"
-
-# Configuration
-dnsmasq_interface: "{{ ansible_facts['default_ipv4']['interface'] }}"
 dnsmasq_domain: ""
 dnsmasq_servers: []
 dnsmasq_rev_servers: []
 dnsmasq_bogus_priv_enabled: true
-dnsmasq_rebind_domains: []
 
 dnsmasq_hosts: []
 
@@ -26,11 +14,4 @@ dnsmasq_host_aliases: []
 dnsmasq_client_filename: "{{ inventory_hostname }}"
 dnsmasq_client_hostname: "{{ inventory_hostname }} {{ inventory_hostname_short }}"
 
-# Ansible group automatically used in records file
-dnsmasq_ansible_group: ""
-
-# IPv6 subnet
-dnsmasq_ipv6_subnet: ""
-
-# Specific records
 dnsmasq_specifics: []

handlers/main.yml

@@ -1,32 +1,18 @@
 ---
 # handlers file for dnsmasq
 
-- name: Apply installation
+- name: Recharger dnsmasq.service
-  ansible.builtin.command:
-    argv:
-      - /usr/bin/rpm-ostree
-      - apply-live
   become: true
-
+  ansible.builtin.systemd:
-- name: Restart systemd-resolved.service
+    state: reloaded
-  ansible.builtin.systemd_service:
-    name: systemd-resolved.service
-    state: restarted
-  become: true
-
-- name: Restart dnsmasq.service
-  ansible.builtin.systemd_service:
     name: dnsmasq.service
-    state: restarted
-  become: true
-  register: dnsmasq_restarted
 
-- name: Restart dnsmasq.service on dns servers
+- name: Recharger dnsmasq.service sur les serveurs
-  ansible.builtin.systemd_service:
-    name: dnsmasq.service
-    state: restarted
-  when: dnsmasq_restarted is undefined
   become: true
+  ansible.builtin.systemd:
+    state: reloaded
+    name: dnsmasq.service
   loop: "{{ dnsmasq_hosts }}"
-  delegate_to: "{{ item }}"
+  loop_control:
-  run_once: true
+    loop_var: dnsserver
+  delegate_to: "{{ dnsserver }}"

meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
   namespace: ykn
   author: pulsar89.5
-  description: Deploy dnsmasq
+  description: Rôle de déploiement de dnsmasq
 
   license: GPL-3.0-or-later
 

tasks/client.yml

@@ -0,0 +1,34 @@
+---
+# tasks file for security
+
+- name: Déployer le fichier lié à l'hôte
+  ansible.builtin.template:
+    owner: dnsmasq
+    group: root
+    mode: u=rw,g=r,o=r
+    src: "{{ role_path }}/templates/host.conf.j2"
+    dest: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf
+  when:
+    - dnsmasq_hosts | length > 0
+    - dnsmasq_host_ipv4 not in dnsmasq_hosts
+  loop: "{{ dnsmasq_hosts }}"
+  loop_control:
+    loop_var: dnsserver
+  delegate_to: "{{ dnsserver }}"
+  become: true
+  notify: Recharger dnsmasq.service sur les serveurs
+
+- name: Supprimer le fichier lié à l'hôte
+  ansible.builtin.file:
+    path: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf
+    state: absent
+  when:
+    - dnsmasq_hosts | length > 0
+    - dnsmasq_host_ipv4 not in dnsmasq_hosts
+  tags: [destruction, never]
+  loop: "{{ dnsmasq_hosts }}"
+  loop_control:
+    loop_var: dnsserver
+  delegate_to: "{{ dnsserver }}"
+  become: true
+  notify: Recharger dnsmasq.service sur les serveurs

tasks/configuration.yml

@@ -1,61 +1,44 @@
 ---
-# tasks file for dnsmasq
+# tasks file for security
 
-- name: Create path to override systemd-resolved
+- name: Supprimer l'ancien fichier de configuration
   ansible.builtin.file:
-    path: "{{ dnsmasq_resolved_directory }}"
+    path: /etc/dnsmasq.d/cache.conf
-    state: directory
-    owner: root
-    group: root
-    mode: u=rwX,g=rX,o=rX
-  become: true
-  notify: Restart systemd-resolved.service
-
-- name: Disable stub resolver of systemd-resolved
-  ansible.builtin.template:
-    src: stub-listener.conf.j2
-    dest: "{{ dnsmasq_resolved_directory }}/stub-listener.conf"
-    owner: root
-    group: root
-    mode: u=rw,g=r,o=r
-  become: true
-  notify: Restart systemd-resolved.service
-
-- name: Flush handlers
-  meta: flush_handlers
-
-- name: Create records directory
-  ansible.builtin.file:
-    path: "{{ dnsmasq_records_directory }}"
-    state: directory
-    owner: dnsmasq
-    group: root
-    mode: u=rwX,g=rX,o=rX
-  become: true
-
-- name: Remove old configuration
-  ansible.builtin.file:
-    path: "{{ dnsmasq_conf_directory }}/cache.conf"
     state: absent
   become: true
 
-- name: Deploy configuration
+- name: Configurer dnsmasq
   ansible.builtin.template:
     src: dnsmasq.conf.j2
-    dest: "{{ dnsmasq_conf_directory }}/dns.conf"
+    dest: /etc/dnsmasq.d/dns.conf
     owner: root
     group: root
     mode: u=rw,g=r,o=r
   become: true
-  notify: Restart dnsmasq.service
+  notify: Recharger dnsmasq.service
 
-- name: Deploy specific records
+- name: Déployer la configuration de l'instance
   ansible.builtin.template:
-    src: "{{ role_path }}/templates/records_specific.conf.j2"
+    src: host.conf.j2
-    dest: "{{ dnsmasq_records_directory }}/specific.conf"
+    dest: /srv/dnsmasq/{{ inventory_hostname }}.conf
+    owner: dnsmasq
+    group: root
+    mode: u=rw,g=r,o=r
+  become: true
+  notify: Recharger dnsmasq.service
+
+- name: Déployer les configurations specifiques
+  ansible.builtin.template:
+    src: specific.conf.j2
+    dest: "{{ filename }}"
     owner: dnsmasq
     group: root
     mode: u=rw,g=r,o=r
   when: dnsmasq_specifics | length > 0
   become: true
-  notify: Restart dnsmasq.service
+  notify: Recharger dnsmasq.service
+  loop: "{{ dnsmasq_specifics }}"
+  loop_control:
+    label: "{{ filename }}"
+  vars:
+    filename: /srv/dnsmasq/{{ item.hostname }}.conf

tasks/installation.yml

@@ -1,32 +1,16 @@
 ---
 # tasks file for dnsmasq
 
-- name: Install dnsmasq
+- name: Installer dnsmasq
+  become: true
   ansible.builtin.package:
     name: dnsmasq
-  when: ansible_facts['pkg_mgr'] == "apt"
-  become: true
 
-- name: Install dnsmasq
+- name: Créer le dossier dédié à dnsmasq
-  ansible.builtin.command:
+  ansible.builtin.file:
-    argv:
+    path: /srv/dnsmasq
-      - /usr/bin/rpm-ostree
+    state: directory
-      - install
+    owner: dnsmasq
-      - --allow-inactive
+    group: root
-      - --assumeyes
+    mode: u=rwX,g=rX,o=rX
-      - --idempotent
-      - dnsmasq
-    creates: /usr/sbin/dnsmasq
-  when: ansible_facts['pkg_mgr'] == "atomic_container"
-  become: true
-  notify: Apply installation
-
-- name: Flush handlers
-  meta: flush_handlers
-
-- name: Enable dnsmasq.service
-  ansible.builtin.systemd_service:
-    name: dnsmasq.service
-    masked: false
-    enabled: true
   become: true

tasks/main.yml

@@ -1,14 +1,10 @@
 ---
 # tasks file for dnsmasq
 
-- name: Include installation tasks
+- name: Importer les tâches d'installation
-  ansible.builtin.include_tasks:
+  tags: installation
-    file: installation.yml
+  ansible.builtin.import_tasks: installation.yml
 
-- name: Import configuration tasks
+- name: Importer les tâches de configuration
-  ansible.builtin.import_tasks:
+  tags: configuration
-    file: configuration.yml
+  ansible.builtin.import_tasks: configuration.yml
-
-- name: Import records deployment tasks
-  ansible.builtin.import_tasks:
-    file: records.yml

tasks/records.yml

@@ -1,18 +0,0 @@
----
-# tasks file for security
-
-- name: Deploy records from ansible group
-  ansible.builtin.template:
-    src: "{{ role_path }}/templates/records_auto.conf.j2"
-    dest: "{{ dnsmasq_records_directory }}/auto-{{ dnsmasq_ansible_group }}.conf"
-    owner: dnsmasq
-    group: root
-    mode: u=rw,g=r,o=r
-  when: dnsmasq_hosts | length > 0
-  become: true
-  delegate_to: "{{ dnsserver }}"
-  loop: "{{ dnsmasq_hosts }}"
-  loop_control:
-    loop_var: dnsserver
-  run_once: true
-  notify: Restart dnsmasq.service on dns servers

templates/dnsmasq.conf.j2

@@ -1,50 +1,50 @@
 # {{ ansible_managed }}
 
-# Listen only on the specified interface(s)
+# Répondre aux demandes locales uniquement
-interface={{ dnsmasq_interface }}
+local-service
 
-# Tells dnsmasq to never forward A or AAAA queries for plain names
+# Ne pas transmettre les requêtes avec un nom court (pas FQDN)
 domain-needed
 
-# Specifies DNS domains
+{% if dnsmasq_bogus_priv_enabled %}
+# Ne pas envoyer les requête sur les IP privées
+bogus-priv
+{% endif %}
+
+# Spécifié le domaine pour qualifié les noms courts
 domain={{ dnsmasq_domain }}
 local=/{{ dnsmasq_domain }}/
 
-# Add the domain to simple names
+# Ajoute le nom de domaine au noms simples
 expand-hosts
 
-# Disable negative caching
+# Ne pas mettre en cache les requêtes n'aboutissant pas
 no-negcache
 
-# Don't read /etc/resolv.conf
+# Ne pas utiliser /etc/resolv.conf
 no-resolv
 
-# Don't read the hostnames in /etc/hosts
+# Ne pas utiliser /etc/hosts
 no-hosts
 
-# Specify upstream servers directly
+# Définir les serveurs DNS à suivre
 {% for server in dnsmasq_servers %}
 server={{ server }}
 {% endfor %}
 
-# Specify upstream servers directly (PTR)
+# Définir les serveurs DNS à suivre (PTR)
 {% for server in dnsmasq_rev_servers %}
 rev-server={{ server }}
 {% endfor %}
 
-# Do not detect and block dns-rebind on queries to these domains
+# Bloquer le rebond DNS
-{% for domain in dnsmasq_rebind_domains %}
-rebind-domain-ok=/{{ domain }}/
-{% endfor %}
-
-# Reject (and log) addresses from upstream nameservers which are in the private ranges
 stop-dns-rebind
 
-# Exempt 127.0.0.0/8 and ::1 from rebinding checks
+# Autoriser le rebond sur localhost
 rebind-localhost-ok
 
-# Set the size of dnsmasq's cache
+# Taille du cache DNS
-cache-size=4096
+cache-size=1024
 
-# Additional hosts file. Read the specified file as well as /etc/hosts
+# Définir le fichier des entrées personnalisées
-addn-hosts={{ dnsmasq_records_directory }}
+addn-hosts=/srv/dnsmasq

templates/host.conf.j2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for ip in dnsmasq_host_ips %}
+{{ ip }}  {{ dnsmasq_client_hostname }} {{ dnsmasq_host_aliases | join(' ') }}
+{% endfor %}

templates/records_auto.conf.j2

@@ -1,12 +0,0 @@
-# {{ ansible_managed }}
-
-{%- for host in groups[dnsmasq_ansible_group] | sort %}
-{%- set ipv4 = hostvars[host]['ansible_host'] %}
-{%- set ipv6_prefix = dnsmasq_ipv6_subnet | split('/') | first %}
-{%- set ipv6_suffix = hostvars[host]['ansible_host'] | split('.') | last %}
-{%- set aliases = [host] + hostvars[host].get('dnsmasq_host_aliases', []) %}
-
-## {{ host }}
-{{ ipv4 }} {{ aliases | join(' ') }}
-{{ ipv6_prefix }}{{ ipv6_suffix }} {{ aliases | join(' ') }}
-{% endfor %}

templates/records_specific.conf.j2

@@ -1,10 +0,0 @@
-# {{ ansible_managed }}
-
-{%- for specific in dnsmasq_specifics %}
-{%- set aliases = specific.aliases | default([]) %}
-
-## {{ specific.hostname }}
-{% for ip in specific.ips %}
-{{ ip }} {{ ([specific.hostname] + aliases) | join(' ') }}
-{% endfor %}
-{% endfor %}

templates/specific.conf.j2

@@ -0,0 +1,6 @@
+# {{ ansible_managed }}
+
+{% for ip in item.ips %}
+{% set aliases = item.get('aliases', []) %}
+{{ ip }}  {{ ([item.hostname] + aliases) | join(' ') }}
+{% endfor %}

templates/stub-listener.conf.j2

@@ -1,4 +0,0 @@
-# {{ ansible_managed }}
-
-[Resolve]
-DNSStubListener=no