Aller au contenu principal

DNS

Le serveur DNS est composé de Dnsmasq et Consul. Ainsi les services sont enregistrés auprès de un des 2. Ces 2 serveurs fonctionnent d'une manière complémentaire. En effet lors d'une requête DNS, le port 53 reçoit la requête et l'oriente vers DNSMASQ qui consulte son régistre. À défault d'information sur le nom de domain, la requête est orientée vers consul en interne qui consulte sa base de données.

infra

1. Serveur

infra

1.1. Dnsmasq

# groupvars: traffic-plane
# file: /inventory/group_vars/traffic-plane/dnsmasq.yml
dnsmasq:
  meta:
    name: dnsmasq-traffic-plane
    service: dnsmasq-traffic-plane.service.factory
  register:
    dns: true
    consul: false
  ports:
    dns: 53
  config:
    network: factory
    inventory: all
    interfaces: ["factory", "box"]
# file: /inventory/main.yml
...
    gateway-1:
      arch: x86_64
      os: debian_xx.xx
      model: nuc
      ansible_host: x.x.x.x
      dnsmanager: dnsmasq
      netmanager: networkd
      netmonitor: factory
      networks_interfaces:
        factory:
          dhcp: false
          ip: x.x.x.x
          ether: xx:xx:xx:xx:xx:xx
        box:
          dhcp: false
          ip: x.x.x.x
          ether: xx:xx:xx:xx:xx:xx
          gateway: x.x.x.x
# groupvars: traffic-plane
# file: /playbooks/common/update.dns.yml
- name: Update DNS and DHCP
  hosts: traffic-plane
  become: true
  user: supervisor
  roles:
  - role: networking/setup
    vars:
      setup:
        dns: true

1.2. Consul

# file: /inventory/group_vars/traffic-plane/consul.yml
consul:
  meta:
    name: consul
    service: consul.service.factory
    datacenter: saturn
    domain: factory
  config:
    mode: cluster
    driver: systemd
    network: factory
    groups: traffic-plane
    intranet: factory
    secure: true
    addr: vip
  register:
    dns: true
    nginx: false
    haproxy: false
    traefik: true
    consul: true
  ports:
    client: 8501
    dns: 8600
    lan: 8301
    wan: 8302
    server: 8300
  addresses:
    client: "0.0.0.0"
    bind: "0.0.0.0"
  hostserver:
    enabled: false
    secure: true
    mode: passthrough
  proxies:
    consul.service.factory:
      gateway: traffic-plane
      ifaces: ["factory", "box"]
      server: traefik
      dns: disabled
# file: /inventory/group_vars/traffic-plane/dns.yml
dnservices:
  external:
    port: 53
    addr: vip
    ifaces: ["factory", "box"]
    server: dnsmasq
  internal:
    consul:
      port: 8600
      ifaces: ["factory", "core"]
      server: consul
      extension: "service.factory"

# groupvars: traffic-plane
# file: /playbooks/traffic/install.consul.yml
- name: Install Consul Cluster
  hosts: ['traffic-plane']
  become: true
  user: supervisor
  roles:
  - role: consul/installer

2. Client

2.1. Installation

# file: groupvars or inventory
host-x:
  vars:
    dnsclients: ["traffic-plane", "router-plane"]
# groupvars: traffic-plane
# file: /playbooks/common/update.dns.yml
- name: Update DNS and DHCP
  hosts: host-x
  become: true
  user: supervisor
  roles:
  - role: networking/setup
    vars:
      setup:
        dns: true