Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dnsmasq regression #469

Open
zllovesuki opened this issue Mar 4, 2022 · 7 comments
Open

dnsmasq regression #469

zllovesuki opened this issue Mar 4, 2022 · 7 comments

Comments

@zllovesuki
Copy link

zllovesuki commented Mar 4, 2022
edited

f5425dd introduces regression with dnsmasq configuration (target hosts are Debian 11):

TASK [consul : Create Dnsmasq configuration] *****************************************************************************************************************************************
changed: [swarm5] => (item={'dest': '/etc/dnsmasq.d/10-consul', 'group': 'root', 'when': 'ansible_os_family|lower != "freebsd"'})
changed: [swarm1] => (item={'dest': '/etc/dnsmasq.d/10-consul', 'group': 'root', 'when': 'ansible_os_family|lower != "freebsd"'})
changed: [swarm0] => (item={'dest': '/etc/dnsmasq.d/10-consul', 'group': 'root', 'when': 'ansible_os_family|lower != "freebsd"'})
changed: [swarm2] => (item={'dest': '/etc/dnsmasq.d/10-consul', 'group': 'root', 'when': 'ansible_os_family|lower != "freebsd"'})
changed: [swarm4] => (item={'dest': '/etc/dnsmasq.d/10-consul', 'group': 'root', 'when': 'ansible_os_family|lower != "freebsd"'})
failed: [swarm5] (item={'dest': '/usr/local/etc/dnsmasq.d/consul.conf', 'group': 'wheel', 'when': 'ansible_os_family|lower == "freebsd"'}) => {"ansible_loop_var": "item", "changed": false, "checksum": "bc7eee12916de28288f07c04d49c6494a6d5e543", "item": {"dest": "/usr/local/etc/dnsmasq.d/consul.conf", "group": "wheel", "when": "ansible_os_family|lower == \"freebsd\""}, "msg": "Destination directory /usr/local/etc/dnsmasq.d does not exist"}
failed: [swarm1] (item={'dest': '/usr/local/etc/dnsmasq.d/consul.conf', 'group': 'wheel', 'when': 'ansible_os_family|lower == "freebsd"'}) => {"ansible_loop_var": "item", "changed": false, "checksum": "bc7eee12916de28288f07c04d49c6494a6d5e543", "item": {"dest": "/usr/local/etc/dnsmasq.d/consul.conf", "group": "wheel", "when": "ansible_os_family|lower == \"freebsd\""}, "msg": "Destination directory /usr/local/etc/dnsmasq.d does not exist"}
failed: [swarm0] (item={'dest': '/usr/local/etc/dnsmasq.d/consul.conf', 'group': 'wheel', 'when': 'ansible_os_family|lower == "freebsd"'}) => {"ansible_loop_var": "item", "changed": false, "checksum": "bc7eee12916de28288f07c04d49c6494a6d5e543", "item": {"dest": "/usr/local/etc/dnsmasq.d/consul.conf", "group": "wheel", "when": "ansible_os_family|lower == \"freebsd\""}, "msg": "Destination directory /usr/local/etc/dnsmasq.d does not exist"}
failed: [swarm2] (item={'dest': '/usr/local/etc/dnsmasq.d/consul.conf', 'group': 'wheel', 'when': 'ansible_os_family|lower == "freebsd"'}) => {"ansible_loop_var": "item", "changed": false, "checksum": "bc7eee12916de28288f07c04d49c6494a6d5e543", "item": {"dest": "/usr/local/etc/dnsmasq.d/consul.conf", "group": "wheel", "when": "ansible_os_family|lower == \"freebsd\""}, "msg": "Destination directory /usr/local/etc/dnsmasq.d does not exist"}
failed: [swarm4] (item={'dest': '/usr/local/etc/dnsmasq.d/consul.conf', 'group': 'wheel', 'when': 'ansible_os_family|lower == "freebsd"'}) => {"ansible_loop_var": "item", "changed": false, "checksum": "bc7eee12916de28288f07c04d49c6494a6d5e543", "item": {"dest": "/usr/local/etc/dnsmasq.d/consul.conf", "group": "wheel", "when": "ansible_os_family|lower == \"freebsd\""}, "msg": "Destination directory /usr/local/etc/dnsmasq.d does not exist"}

Running:

➜  ansible git:(main) ✗ ansible --version
ansible [core 2.12.2]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/rachel/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/rachel/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]
  jinja version = 2.10.1
  libyaml = True
➜  ansible git:(main) ✗ ansible-playbook --version
ansible-playbook [core 2.12.2]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/rachel/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/rachel/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]
  jinja version = 2.10.1
  libyaml = True

Vars:

consul_gather_server_facts: true
consul_data_path: /mirage/consul
consul_version: 1.11.4
consul_group_name: all
consul_iface: mirage0
consul_domain: mirage
consul_addresses_http: 0.0.0.0
consul_dnsmasq_enable: true
consul_dnsmasq_listen_addresses:
  - 127.0.0.1
consul_dnsmasq_servers:
  - 1.1.1.1
  - 1.0.0.1
@hatf0
Copy link

hatf0 commented May 11, 2022
edited

Found three other things wrong with that PR:

https://github.com/ansible-community/ansible-consul/blob/7106794ade97c26abbf9c319820cfcbbed5c9f57/tasks/dnsmasq.yml#L70
link_source should be lnk_source, and this shouldn't be wrapped in quotation marks as ATM it'll always evaluate as true

https://github.com/ansible-community/ansible-consul/blob/7106794ade97c26abbf9c319820cfcbbed5c9f57/tasks/dnsmasq.yml#L68-L70
Missing a check if resolv_dot_conf.stat.islnk is defined in the first place, which will make this fail outright if /etc/resolv.conf doesn't exist

https://github.com/ansible-community/ansible-consul/blob/7106794ade97c26abbf9c319820cfcbbed5c9f57/tasks/dnsmasq.yml#L62-L67
This should really be:

file:
  path: /etc/resolv.conf
  state: absent

as state: link creates or modifies the link, which is not what we want to do

Was this PR tested at all? I feel like these errors shouldn't have gone un-noticed like this.

@hatf0 hatf0 mentioned this issue May 11, 2022
Closed
@xeroc
Copy link

xeroc commented May 12, 2022

+1

@robbixc
Copy link

robbixc commented Jun 12, 2022

Since the module is removing the symlink between and systemd, shouldn't it also create a new static /etc/resolv.conf file with a nameserver pointing to the dnsmasq listen-address?

@IamTheFij IamTheFij mentioned this issue Jun 23, 2022
Merged
@NOBLES5E
Copy link
Contributor

This bugs me

@vitabaks
Copy link
Contributor

vitabaks commented Jan 4, 2023

ERROR: src file does not exist

TASK [consul : Disable systemd-resolved service] ****************************************************************************************************************************************************************
changed: [172.31.15.62]
changed: [3.223.140.234]
changed: [172.31.5.27]

TASK [consul : Check if resolv.conf is pointing to systemd-resolved] ********************************************************************************************************************************************
ok: [172.31.15.62]
ok: [3.223.140.234]
ok: [172.31.5.27]

TASK [consul : Remove resolv.conf association with systemd-resolved] ********************************************************************************************************************************************
fatal: [3.223.140.234]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0777", "msg": "src file does not exist, use \"force=yes\" if you really want to create the link: /run/resolvconf/resolv.conf", "owner": "root", "path": "/etc/resolv.conf", "size": 39, "src": "/run/resolvconf/resolv.conf", "state": "link", "uid": 0}
fatal: [172.31.15.62]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0777", "msg": "src file does not exist, use \"force=yes\" if you really want to create the link: /run/resolvconf/resolv.conf", "owner": "root", "path": "/etc/resolv.conf", "size": 39, "src": "/run/resolvconf/resolv.conf", "state": "link", "uid": 0}
fatal: [172.31.5.27]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0777", "msg": "src file does not exist, use \"force=yes\" if you really want to create the link: /run/resolvconf/resolv.conf", "owner": "root", "path": "/etc/resolv.conf", "size": 39, "src": "/run/resolvconf/resolv.conf", "state": "link", "uid": 0}

NO MORE HOSTS LEFT **********************************************************************************************************************************************************************************************

PLAY RECAP ******************************************************************************************************************************************************************************************************
172.31.15.62               : ok=48   changed=19   unreachable=0    failed=1    skipped=68   rescued=0    ignored=0   
172.31.5.27                : ok=54   changed=21   unreachable=0    failed=1    skipped=69   rescued=0    ignored=1   
3.223.140.234              : ok=48   changed=19   unreachable=0    failed=1    skipped=68   rescued=0    ignored=0   
localhost                  : ok=1    changed=0    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0   

ubuntu@ip-172-31-5-27:~/postgresql_cluster$ ls -la /etc/resolv.conf
lrwxrwxrwx 1 root root 39 Dec  1 11:06 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
ubuntu@ip-172-31-5-27:~/postgresql_cluster$ ls -la /run/resolvconf/resolv.conf
ls: cannot access '/run/resolvconf/resolv.conf': No such file or directory

@vitabaks
Copy link
Contributor

vitabaks commented Jan 4, 2023
edited

I rewrote the block to this form:

- name: Disable systemd-resolved
  when: ansible_service_mgr == "systemd"
  block:

    - name: Disable systemd-resolved service
      service:
        name: systemd-resolved
        enabled: false
        state: stopped
      become: true

    - name: Check if resolv.conf is pointing to systemd-resolved
      stat:
        path: /etc/resolv.conf
      register: resolv_dot_conf

    - block:
        - name: Remove resolv.conf association with systemd-resolved
          file:
            path: /etc/resolv.conf
            state: absent

        - name: Create /etc/resolv.conf
          file:
            path: /etc/resolv.conf
            state: touch
            owner: root
            group: root
            mode: u=rw,g=r,o=r

        - name: Add a nameserver entry poining to localhost for dnsmasq
          lineinfile:
            path: /etc/resolv.conf
            regexp: "^nameserver 127.0.0.1"
            line: "nameserver 127.0.0.1"
            unsafe_writes: true  # to prevent failures in CI
      become: true
      when:
        - resolv_dot_conf.stat.islnk is defined
        - resolv_dot_conf.stat.islnk
        - resolv_dot_conf.stat.lnk_source == "/run/systemd/resolve/stub-resolv.conf"

result:

ubuntu@source-pgnode02:~$ cat /etc/dnsmasq.d/10-consul
server=/consul/127.0.0.1#8600
server=8.8.8.8
server=8.8.4.4
ubuntu@source-pgnode02:~$ ls -la /etc/resolv.conf 
-rw-r--r-- 1 root root 21 Jan  4 19:22 /etc/resolv.conf
ubuntu@source-pgnode02:~$ 
ubuntu@source-pgnode02:~$ cat /etc/resolv.conf 
nameserver 127.0.0.1
ubuntu@source-pgnode02:~$ 
ubuntu@source-pgnode02:~$ dig +short master.patroni.service.consul SRV
1 1 6432 source-pgnode01.node.us-east-1d.consul.

@vitabaks
Copy link
Contributor

vitabaks commented Jan 4, 2023

PR #519

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@xeroc @zllovesuki @robbixc @hatf0 @NOBLES5E @vitabaks