From 5d389a2e11f0d93e41e210098151a55672694bb2 Mon Sep 17 00:00:00 2001 From: Roberto Alfieri Date: Tue, 21 May 2024 17:23:25 +0200 Subject: [PATCH] [dnsmasq] Added listener related configurations Signed-off-by: Roberto Alfieri --- roles/dnsmasq/defaults/main.yml | 4 +++ roles/dnsmasq/tasks/configure.yml | 3 ++ roles/dnsmasq/tasks/listener.yml | 34 +++++++++++++++++++ roles/dnsmasq/templates/cifmw-dnsmasq.conf.j2 | 6 ++-- roles/dnsmasq/templates/listener.conf.j2 | 20 +++++++++++ 5 files changed, 63 insertions(+), 4 deletions(-) create mode 100644 roles/dnsmasq/tasks/listener.yml create mode 100644 roles/dnsmasq/templates/listener.conf.j2 diff --git a/roles/dnsmasq/defaults/main.yml b/roles/dnsmasq/defaults/main.yml index 5c3fe333a2..8ad7778f0f 100644 --- a/roles/dnsmasq/defaults/main.yml +++ b/roles/dnsmasq/defaults/main.yml @@ -19,3 +19,7 @@ cifmw_dnsmasq_basedir: "/etc/cifmw-dnsmasq.d" cifmw_dnsmasq_global_options: {} +cifmw_dnsmasq_forwarders: [] +cifmw_dnsmasq_interfaces: [] +cifmw_dnsmasq_listen_addresses: [] +cifmw_dnsmasq_enable_dns: false diff --git a/roles/dnsmasq/tasks/configure.yml b/roles/dnsmasq/tasks/configure.yml index 8a4b7a6956..e35a442073 100644 --- a/roles/dnsmasq/tasks/configure.yml +++ b/roles/dnsmasq/tasks/configure.yml @@ -60,6 +60,9 @@ src: "cifmw-dnsmasq.conf.j2" validate: "/usr/sbin/dnsmasq -C %s --test" +- name: Render listening directives + ansible.builtin.include_tasks: listener.yml + - name: Manage and start dnsmasq instance become: true when: diff --git a/roles/dnsmasq/tasks/listener.yml b/roles/dnsmasq/tasks/listener.yml new file mode 100644 index 0000000000..1035652d14 --- /dev/null +++ b/roles/dnsmasq/tasks/listener.yml @@ -0,0 +1,34 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Create listener configuration file + become: true + when: + - _act == 'install' + notify: Restart dnsmasq + ansible.builtin.template: + dest: "{{ cifmw_dnsmasq_basedir }}/listener.conf" + mode: "0644" + src: "listener.conf.j2" + validate: "/usr/sbin/dnsmasq -C %s --test" + +- name: Remove listener configuration file + become: true + when: + - _act == 'cleanup' + ansible.builtin.file: + path: "{{ cifmw_dnsmasq_basedir }}/listener.conf" + state: absent diff --git a/roles/dnsmasq/templates/cifmw-dnsmasq.conf.j2 b/roles/dnsmasq/templates/cifmw-dnsmasq.conf.j2 index 5794a4295d..3815ffd763 100644 --- a/roles/dnsmasq/templates/cifmw-dnsmasq.conf.j2 +++ b/roles/dnsmasq/templates/cifmw-dnsmasq.conf.j2 @@ -1,7 +1,5 @@ -# Disable DNS -port=0 -# Avoid conflict with other DNS listening on lo -except-interface=lo +# Managed by ci-framework/dnsmasq + user=dnsmasq group=dnsmasq pid-file=/var/run/cifmw-dnsmasq.pid diff --git a/roles/dnsmasq/templates/listener.conf.j2 b/roles/dnsmasq/templates/listener.conf.j2 new file mode 100644 index 0000000000..87dc29f419 --- /dev/null +++ b/roles/dnsmasq/templates/listener.conf.j2 @@ -0,0 +1,20 @@ +# Managed by ci-framework/dnsmasq + +{% if cifmw_dnsmasq_enable_dns is false %} +Port=0 +{% endif %} + +# Avoid conflict with other DNS listening on lo +except-interface=lo + +{% if cifmw_dnsmasq_listen_addresses | length > 0 %} +listen_address={{ cifmw_dnsmasq_listen_addresses | + reject('equalto', '127.0.0.1') | + join(',') }} +{% endif %} + +{% for interface in cifmw_dnsmasq_interfaces %} +{% if interface != "lo" %} +interface={{ interface }} +{% endif %} +{% endfor %}