diff options
| author | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-04-11 14:51:13 -0400 |
|---|---|---|
| committer | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-04-11 15:03:26 -0400 |
| commit | d740b6ab3347c66742e37ff72dfb4cfe30558781 (patch) | |
| tree | 04ef196a6dc655fcc8e2b6b24da678af9047a847 | |
| parent | 848bdf88aea3590f929b4288b81348051618eb91 (diff) | |
| download | oldinfra-d740b6ab3347c66742e37ff72dfb4cfe30558781.tar.gz oldinfra-d740b6ab3347c66742e37ff72dfb4cfe30558781.zip | |
remove systemd-resolved, restart docker-compose services
| -rw-r--r-- | group_vars/all.yml | 10 | ||||
| -rw-r--r-- | group_vars/ca.yml | 2 | ||||
| -rw-r--r-- | roles/common/files/docker-compose@.service | 7 | ||||
| -rw-r--r-- | roles/common/tasks/main.yml | 22 | ||||
| -rw-r--r-- | roles/common/tasks/systemd-resolved.yml | 70 |
5 files changed, 7 insertions, 104 deletions
diff --git a/group_vars/all.yml b/group_vars/all.yml index 2f31a50..f844d49 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -4,15 +4,7 @@ nijika_ip: '100.64.0.2' nameserver_ip: '10.155.0.1' -dns_servers: - - "{{ nameserver_ip }}" - - '1.1.1.1' - - '1.0.0.1' -dns_dnssec: true -dns_domains: ["simponic.xyz"] -dns_stub_listener: false - step_bootstrap_fingerprint: '2de0c420e3b6f9f8e47f325de908b2b2d395d3bc7e49ed9b672ce9be89bea1bf' step_bootstrap_ca_url: 'ca.internal.simponic.xyz' -step_acme_cert_contact: 'elizabeth.hunt@simponic.xyz' +step_acme_cert_contact: 'elizabeth@simponic.xyz' step_ca_port: 5239 diff --git a/group_vars/ca.yml b/group_vars/ca.yml index 6171512..5bde372 100644 --- a/group_vars/ca.yml +++ b/group_vars/ca.yml @@ -1,6 +1,6 @@ --- step_ca_root_password: "{{ lookup('env', 'STEP_CA_ROOT_PASSWORD') }}" step_ca_intermediate_password: "{{ lookup('env', 'STEP_CA_INTERMEDIATE_PASSWORD') }}" -step_ca_dns: "{{ step_bootstrap_ca_url }}, {{ johan_ip }}, {{ nameserver_ip }}" +step_ca_dns: "{{ nameserver_ip }}, {{ step_bootstrap_ca_url }}" step_ca_name: Simponic Internal CA step_ca_address: ":{{ step_ca_port }}" diff --git a/roles/common/files/docker-compose@.service b/roles/common/files/docker-compose@.service index a0182d4..bc2fbcc 100644 --- a/roles/common/files/docker-compose@.service +++ b/roles/common/files/docker-compose@.service @@ -4,10 +4,13 @@ Requires=docker.service After=docker.service [Service] -Type=oneshot +Type=simple +Restart=always +RestartSec=3 RemainAfterExit=true WorkingDirectory=/etc/docker/compose/%i -ExecStart=/usr/bin/docker compose up -d --remove-orphans +ExecStartPre=/usr/bin/docker compose pull +ExecStart=/usr/bin/docker compose up --detach --remove-orphans ExecStop=/usr/bin/docker compose down [Install] diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 6d2296c..cf29d0d 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -113,25 +113,3 @@ - name: restart fail2ban service: name=fail2ban state=restarted enabled=yes - -# DNS -- name: install systemd-resolved - apt: name=systemd-resolved state=latest - -- name: Check if systemd-resolved config exists - ansible.builtin.stat: - path: /etc/systemd/resolved.conf - register: systemd_resolved_config - check_mode: false - -- name: Update DNS servers for systemd-resolvd - ansible.builtin.include_tasks: - file: 'systemd-resolved.yml' - when: systemd_resolved_config.stat.exists | bool - -- name: Check if systemd-resolved runs - ansible.builtin.shell: pgrep systemd-resolve - failed_when: false - changed_when: false - register: systemd_resolved_running - check_mode: false diff --git a/roles/common/tasks/systemd-resolved.yml b/roles/common/tasks/systemd-resolved.yml deleted file mode 100644 index dbf9742..0000000 --- a/roles/common/tasks/systemd-resolved.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -- name: Add DNS servers - community.general.ini_file: - path: /etc/systemd/resolved.conf - section: Resolve - option: DNS - value: '{{ dns_servers[0] }}' - mode: '0644' - no_extra_spaces: true - register: conf_dns - when: dns_servers | length > 0 - -- name: Add DNS fallback server - community.general.ini_file: - path: /etc/systemd/resolved.conf - section: Resolve - option: FallbackDNS - value: '{{ dns_servers[1] }}' - mode: '0644' - no_extra_spaces: true - register: conf_fallbackdns - when: dns_servers | length > 1 - -- name: Enable DNSSEC - community.general.ini_file: - path: /etc/systemd/resolved.conf - section: Resolve - option: DNSSEC - value: '{{ "yes" if dns_dnssec else "no" }}' - mode: '0644' - no_extra_spaces: true - register: conf_dnssec - -- name: Add search domains - community.general.ini_file: - path: /etc/systemd/resolved.conf - section: Resolve - option: Domains - value: '{{ dns_domains | join(" ") }}' - mode: '0644' - no_extra_spaces: true - register: conf_domains - -- name: stub listener - community.general.ini_file: - path: /etc/systemd/resolved.conf - section: Resolve - option: DNSStubListener - value: '{{ "yes" if dns_stub_listener else "no" }}' - mode: '0644' - no_extra_spaces: true - register: conf_domains - -- name: Check if systemd-resolve runs - ansible.builtin.shell: pgrep systemd-resolve - failed_when: false - changed_when: false - register: systemd_resolved_running - check_mode: false - -- name: Reload systemd-resolved - ansible.builtin.systemd: - name: systemd-resolved - state: restarted - when: - - conf_dns is changed or - conf_fallbackdns is changed or - conf_dnssec is changed or - conf_domains is changed - - systemd_resolved_running.rc == 0 |