diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 5ba8e4cb4e..4fcd05c3e9 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -199,6 +199,12 @@ General - The DebOps documentation generator now supports Ansible roles with multiple :file:`defaults/main/*.yml` files. +- Various DebOps roles will no longer use the hostname as a stand-in for an + empty DNS domain when no DNS domain is detected - this resulted in the + "standalone" hosts without a DNS domain to be misconfigured. Existing setups + with a DNS domain shouldn't be affected, but configuration of standalone + hosts that deploy webservices might require modifications. + User management ''''''''''''''' @@ -308,6 +314,11 @@ User management override to Debian Stretch and Ubuntu Xenial only. The containers correctly shut down using ``SIGRTMIN+3`` signal on Debian Buster and beyond. +- The :envvar:`lxc__net_fqdn` variable will now define both the DNS domain for + the LXC containers as well as the DNS name of the ``lxcbr0`` interface. This + should ensure that both the LXC host and the containers see the same DNS + name for the same resource. + :ref:`debops.mariadb_server` role ''''''''''''''''''''''''''''''''' diff --git a/ansible/playbooks/service/lxc.yml b/ansible/playbooks/service/lxc.yml index 3dfd77a764..597c9623c0 100644 --- a/ansible/playbooks/service/lxc.yml +++ b/ansible/playbooks/service/lxc.yml @@ -10,6 +10,9 @@ roles: + - role: debops.root_account + tags: [ 'role::root_account', 'skip::root_account' ] + - role: debops.apt_preferences tags: [ 'role::apt_preferences', 'skip::apt_preferences' ] apt_preferences__dependent_list: diff --git a/ansible/roles/debops-contrib.foodsoft/defaults/main.yml b/ansible/roles/debops-contrib.foodsoft/defaults/main.yml index 7e0cf0a2a3..2840cde662 100644 --- a/ansible/roles/debops-contrib.foodsoft/defaults/main.yml +++ b/ansible/roles/debops-contrib.foodsoft/defaults/main.yml @@ -80,7 +80,7 @@ foodsoft__fqdn: 'foodsoft.{{ foodsoft__domain }}' foodsoft__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # ]]] # Database configuration [[[ diff --git a/ansible/roles/debops-contrib.homeassistant/defaults/main.yml b/ansible/roles/debops-contrib.homeassistant/defaults/main.yml index 6078177e28..102573fa33 100644 --- a/ansible/roles/debops-contrib.homeassistant/defaults/main.yml +++ b/ansible/roles/debops-contrib.homeassistant/defaults/main.yml @@ -113,7 +113,7 @@ homeassistant__fqdn: 'ha.{{ homeassistant__domain }}' homeassistant__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # ]]] # Reverse proxy configuration [[[ diff --git a/ansible/roles/debops-contrib.volkszaehler/defaults/main.yml b/ansible/roles/debops-contrib.volkszaehler/defaults/main.yml index cc5814868f..9a8bc5da07 100644 --- a/ansible/roles/debops-contrib.volkszaehler/defaults/main.yml +++ b/ansible/roles/debops-contrib.volkszaehler/defaults/main.yml @@ -73,7 +73,7 @@ volkszaehler__fqdn: 'vz.{{ volkszaehler__domain }}' volkszaehler__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # ]]] # Database configuration [[[ diff --git a/ansible/roles/debops.apache/defaults/main.yml b/ansible/roles/debops.apache/defaults/main.yml index d102eb2615..bedc7c22c6 100644 --- a/ansible/roles/debops.apache/defaults/main.yml +++ b/ansible/roles/debops.apache/defaults/main.yml @@ -89,7 +89,7 @@ apache__fqdn: '{{ ansible_local.core.fqdn apache__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: apache__config_path [[[ diff --git a/ansible/roles/debops.core/defaults/main.yml b/ansible/roles/debops.core/defaults/main.yml index 71cf095d71..fcb2c07ac2 100644 --- a/ansible/roles/debops.core/defaults/main.yml +++ b/ansible/roles/debops.core/defaults/main.yml @@ -211,7 +211,7 @@ core__distribution_release: '{{ ansible_lsb.codename # # The default host domain which can be used by the other roles to configure # network services. -core__domain: '{{ ansible_domain if ansible_domain else ansible_hostname }}' +core__domain: '{{ ansible_domain }}' # ]]] # .. envvar:: core__fqdn [[[ diff --git a/ansible/roles/debops.dhcp_probe/defaults/main.yml b/ansible/roles/debops.dhcp_probe/defaults/main.yml index 682e95835a..f3d3e60d2c 100644 --- a/ansible/roles/debops.dhcp_probe/defaults/main.yml +++ b/ansible/roles/debops.dhcp_probe/defaults/main.yml @@ -123,7 +123,7 @@ dhcp_probe__options: '' dhcp_probe__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: dhcp_probe__mail_from [[[ diff --git a/ansible/roles/debops.dnsmasq/defaults/main.yml b/ansible/roles/debops.dnsmasq/defaults/main.yml index 92cd5b135c..0585f9c7b7 100644 --- a/ansible/roles/debops.dnsmasq/defaults/main.yml +++ b/ansible/roles/debops.dnsmasq/defaults/main.yml @@ -93,7 +93,7 @@ dnsmasq__hostname: '{{ ansible_hostname }}' dnsmasq__base_domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: dnsmasq__base_domain_rebind_ok [[[ @@ -352,7 +352,10 @@ dnsmasq__default_configuration: maintaining the leases. option: 'rebind-domain-ok' value: '{{ dnsmasq__base_domain }}' - state: '{{ "present" if dnsmasq__base_domain_rebind_ok|bool else "init" }}' + state: '{{ "present" + if (dnsmasq__base_domain_rebind_ok|bool and + dnsmasq__base_domain|d()) + else "absent" }}' - name: 'rebind-parent-domain-ok' comment: | @@ -363,6 +366,7 @@ dnsmasq__default_configuration: value: '{{ dnsmasq__base_domain.split(".")[1:] | join(".") }}' state: '{{ "present" if (dnsmasq__base_domain_rebind_ok|bool and + dnsmasq__base_domain|d() and (dnsmasq__base_domain.split(".") | length >= 4)) else "absent" }}' @@ -408,6 +412,22 @@ dnsmasq__default_configuration: ansible_local.lxc.net_address|d()) else "") }}' + # Create a separate 'lxc' host record that points to the 'lxcbr0' + # interface from the outside, if there's no external domain set. + - name: 'host-record' + value: '{{ (ansible_local.lxc.net_domain + if (ansible_local|d() and ansible_local.lxc|d() and + ansible_local.lxc.net_domain|d()) + else "") + + "," + (ansible_local.lxc.net_address + if (ansible_local|d() and ansible_local.lxc|d() and + ansible_local.lxc.net_address|d()) + else "") }}' + state: '{{ "present" + if (ansible_local|d() and ansible_local.lxc|d() and + "." not in ansible_local.lxc.net_domain|d()) + else "absent" }}' + - name: 'rev-server' value: '{{ (ansible_local.lxc.net_subnet if (ansible_local|d() and ansible_local.lxc|d() and diff --git a/ansible/roles/debops.docker_registry/defaults/main.yml b/ansible/roles/debops.docker_registry/defaults/main.yml index 007faefdda..4c53799755 100644 --- a/ansible/roles/debops.docker_registry/defaults/main.yml +++ b/ansible/roles/debops.docker_registry/defaults/main.yml @@ -178,7 +178,7 @@ docker_registry__fqdn: 'registry.{{ docker_registry__domain }}' docker_registry__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: docker_registry__backend_port [[[ diff --git a/ansible/roles/debops.elasticsearch/defaults/main.yml b/ansible/roles/debops.elasticsearch/defaults/main.yml index a61d5be88b..21a7a6b25e 100644 --- a/ansible/roles/debops.elasticsearch/defaults/main.yml +++ b/ansible/roles/debops.elasticsearch/defaults/main.yml @@ -161,7 +161,7 @@ elasticsearch__transport_tcp_port: '9300' elasticsearch__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: elasticsearch__cluster_name [[[ diff --git a/ansible/roles/debops.etc_aliases/defaults/main.yml b/ansible/roles/debops.etc_aliases/defaults/main.yml index 10f2b47e73..08099c98f9 100644 --- a/ansible/roles/debops.etc_aliases/defaults/main.yml +++ b/ansible/roles/debops.etc_aliases/defaults/main.yml @@ -38,7 +38,7 @@ etc_aliases__admin_private_email: '{{ ansible_local.core.admin_private_email etc_aliases__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # ]]] # Local mail aliases and their recipients [[[ diff --git a/ansible/roles/debops.gitlab/defaults/main.yml b/ansible/roles/debops.gitlab/defaults/main.yml index 1999cc0e4b..c98e683d6d 100644 --- a/ansible/roles/debops.gitlab/defaults/main.yml +++ b/ansible/roles/debops.gitlab/defaults/main.yml @@ -126,7 +126,7 @@ gitlab__fqdn: 'code.{{ gitlab_domain }}' gitlab_domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # ]]] # APT packages [[[ diff --git a/ansible/roles/debops.gitlab_runner/defaults/main.yml b/ansible/roles/debops.gitlab_runner/defaults/main.yml index f68e903579..85609478e2 100644 --- a/ansible/roles/debops.gitlab_runner/defaults/main.yml +++ b/ansible/roles/debops.gitlab_runner/defaults/main.yml @@ -123,7 +123,7 @@ gitlab_runner__concurrent: '{{ ansible_processor_vcpus # .. envvar:: gitlab_runner__domain [[[ # # The default domain used in different places of the role. -gitlab_runner__domain: '{{ ansible_domain if ansible_domain else ansible_hostname }}' +gitlab_runner__domain: '{{ ansible_domain }}' # ]]] # .. envvar:: gitlab_runner__fqdn [[[ diff --git a/ansible/roles/debops.icinga/defaults/main.yml b/ansible/roles/debops.icinga/defaults/main.yml index eb5cdae948..0bc75bd099 100644 --- a/ansible/roles/debops.icinga/defaults/main.yml +++ b/ansible/roles/debops.icinga/defaults/main.yml @@ -128,7 +128,7 @@ icinga__fqdn: '{{ ansible_local.core.fqdn icinga__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: icinga__master_nodes [[[ diff --git a/ansible/roles/debops.icinga_web/defaults/main.yml b/ansible/roles/debops.icinga_web/defaults/main.yml index 9d68b62d23..7152f74d8f 100644 --- a/ansible/roles/debops.icinga_web/defaults/main.yml +++ b/ansible/roles/debops.icinga_web/defaults/main.yml @@ -70,7 +70,7 @@ icinga_web__fqdn: 'icinga.{{ icinga_web__domain }}' icinga_web__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: icinga_web__node_fqdn [[[ diff --git a/ansible/roles/debops.keyring/tasks/main.yml b/ansible/roles/debops.keyring/tasks/main.yml index 112f17360c..4ae9fb7e22 100644 --- a/ansible/roles/debops.keyring/tasks/main.yml +++ b/ansible/roles/debops.keyring/tasks/main.yml @@ -93,6 +93,7 @@ - name: Gather information about existing UNIX accounts getent: database: 'passwd' + check_mode: False # In some cases 'apt-key' command refuses to work complaining that it has to # be run by root. This task should handle these cases gracefully. @@ -128,7 +129,7 @@ become_user: '{{ item.user | d(keyring__dependent_gpg_user if keyring__dependent_gpg_user|d() else "root") }}' loop: '{{ q("flattened", (keyring__dependent_gpg_keys)) }}' register: keyring__register_gpg_key - until: keyring__register_gpg_key.rc == 0 + until: keyring__register_gpg_key.rc|d(0) == 0 when: (keyring__enabled|bool and (item.id|d() or item is string) and (item.user | d(keyring__dependent_gpg_user if keyring__dependent_gpg_user|d() else "root")) in getent_passwd.keys()) changed_when: '("Adding key..." in keyring__register_gpg_key.stdout_lines) or diff --git a/ansible/roles/debops.kibana/defaults/main.yml b/ansible/roles/debops.kibana/defaults/main.yml index cdf91a861a..18dd8fdc59 100644 --- a/ansible/roles/debops.kibana/defaults/main.yml +++ b/ansible/roles/debops.kibana/defaults/main.yml @@ -71,7 +71,7 @@ kibana__fqdn: 'kibana.{{ kibana__domain }}' kibana__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: kibana__webserver_access_policy [[[ diff --git a/ansible/roles/debops.ldap/defaults/main.yml b/ansible/roles/debops.ldap/defaults/main.yml index 9c17c1f397..9443fc4801 100644 --- a/ansible/roles/debops.ldap/defaults/main.yml +++ b/ansible/roles/debops.ldap/defaults/main.yml @@ -79,7 +79,7 @@ ldap__packages: [] ldap__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: ldap__servers_srv_rr [[[ diff --git a/ansible/roles/debops.librenms/defaults/main.yml b/ansible/roles/debops.librenms/defaults/main.yml index a17084abac..ac2a525a7e 100644 --- a/ansible/roles/debops.librenms/defaults/main.yml +++ b/ansible/roles/debops.librenms/defaults/main.yml @@ -61,7 +61,7 @@ librenms__fqdn: 'nms.{{ librenms__domain }}' librenms__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: librenms__base_url [[[ diff --git a/ansible/roles/debops.lxc/defaults/main.yml b/ansible/roles/debops.lxc/defaults/main.yml index ca20b73dfa..0acf8242ba 100644 --- a/ansible/roles/debops.lxc/defaults/main.yml +++ b/ansible/roles/debops.lxc/defaults/main.yml @@ -147,30 +147,30 @@ lxc__net_dhcp_end: '-2' # ]]] # .. envvar:: lxc__net_domain [[[ # -# The DNS domain used for the internal LXC network. By default it is based on -# the LXC host domain. +# The DNS domain used as a base for the internal LXC network. By default it is +# based on the LXC host domain. +lxc__net_domain: '{{ ansible_local.core.domain + if (ansible_local|d() and ansible_local.core|d() and + ansible_local.core.domain|d()) + else ansible_domain }}' + + # ]]] +# .. envvar:: lxc__net_fqdn [[[ +# +# The FQDN of the internal LXC bridge / internal LXC gateway registered in the +# :command:`dnsmasq` service, as well as the DNS domain advertised to the LXC +# containers via DHCP. It can be seen for example in traceroutes. # # The :command:`resolvconf` service will be used to add or remove the LXC # domain in the :file:`/etc/resolv.conf`; with local DNS resolver, for example # :command:`dnsmasq`, configured on the LXC host the containers can then be # accessed by their hostnames instead of the IP addresses. -lxc__net_domain: '{{ ansible_local.lxc.net_domain - if (ansible_local|d() and ansible_local.lxc|d() and - ansible_local.lxc.net_domain|d()) - else ("lxc." + (ansible_local.core.domain - if (ansible_local|d() and - ansible_local.core|d() and - ansible_local.core.domain|d()) - else (ansible_domain - if ansible_domain - else ansible_hostname))) }}' - - # ]]] -# .. envvar:: lxc__net_interface_fqdn [[[ -# -# The DNS name of the internal LXC bridge / internal LXC gateway registered in -# the :command:`dnsmasq` service; it can be seen for example in traceroutes. -lxc__net_interface_fqdn: '{{ ansible_hostname }}.{{ lxc__net_domain }}' +lxc__net_fqdn: '{{ ansible_local.lxc.net_domain + if (ansible_local|d() and ansible_local.lxc|d() and + ansible_local.lxc.net_domain|d()) + else ("lxc" + (("." + lxc__net_domain) + if lxc__net_domain|d() + else "")) }}' # ]]] # .. envvar:: lxc__net_dnsmasq_conf [[[ diff --git a/ansible/roles/debops.lxc/templates/etc/default/lxc-net.j2 b/ansible/roles/debops.lxc/templates/etc/default/lxc-net.j2 index 513bbffcd5..548401a9c0 100644 --- a/ansible/roles/debops.lxc/templates/etc/default/lxc-net.j2 +++ b/ansible/roles/debops.lxc/templates/etc/default/lxc-net.j2 @@ -13,5 +13,5 @@ LXC_NETWORK="{{ lxc__net_address | ipaddr('subnet') }}" LXC_DHCP_RANGE="{{ lxc__net_address | ipaddr(lxc__net_dhcp_start|int) | ipaddr('address') + ',' + lxc__net_address | ipaddr(lxc__net_dhcp_end|int) | ipaddr('address') }}" LXC_DHCP_MAX="{{ (lxc__net_address | ipaddr('size'))|int - ((lxc__net_dhcp_start|int|abs) + (lxc__net_dhcp_end|int|abs)) }}" LXC_DHCP_CONFILE="{{ lxc__net_dnsmasq_conf }}" -LXC_DOMAIN="{{ lxc__net_domain }}" +LXC_DOMAIN="{{ lxc__net_fqdn }}" {% endif %} diff --git a/ansible/roles/debops.lxc/templates/etc/lxc/lxc-net-dnsmasq.conf.j2 b/ansible/roles/debops.lxc/templates/etc/lxc/lxc-net-dnsmasq.conf.j2 index 70d1b15e7a..5b8cc61d5e 100644 --- a/ansible/roles/debops.lxc/templates/etc/lxc/lxc-net-dnsmasq.conf.j2 +++ b/ansible/roles/debops.lxc/templates/etc/lxc/lxc-net-dnsmasq.conf.j2 @@ -7,15 +7,15 @@ dns-loop-detect # Mark the LXC domain as local and generate PTR resource records automatically -domain = {{ lxc__net_domain + ',' + (lxc__net_address | ipaddr('subnet')) + (',local' if (lxc__net_address | ipaddr('prefix') in [ 8, 16, 24 ]) else '') }} +domain = {{ lxc__net_fqdn + ',' + (lxc__net_address | ipaddr('subnet')) + (',local' if (lxc__net_address | ipaddr('prefix') in [ 8, 16, 24 ]) else '') }} # Set the FQDN name of the bridge interface in the DNS -interface-name = {{ lxc__net_interface_fqdn }},{{ lxc__net_bridge }} -{% if (lxc__net_domain.split('.') | length >= 3 and lxc__net_domain.split('.')[1:] | length >= 2) %} +interface-name = {{ lxc__net_fqdn }},{{ lxc__net_bridge }} +{% if (lxc__net_fqdn.split('.') | length >= 3 and lxc__net_fqdn.split('.')[1:] | length >= 2) %} # Include the parent domain as searchable via resolvconf -dhcp-option = tag:{{ lxc__net_bridge }},option:domain-search,{{ lxc__net_domain }},{{ lxc__net_domain.split('.')[1:] | join('.') }} -dhcp-option = tag:{{ lxc__net_bridge }},option6:domain-search,{{ lxc__net_domain }},{{ lxc__net_domain.split('.')[1:] | join('.') }} +dhcp-option = tag:{{ lxc__net_bridge }},option:domain-search,{{ lxc__net_fqdn }},{{ lxc__net_fqdn.split('.')[1:] | join('.') }} +dhcp-option = tag:{{ lxc__net_bridge }},option6:domain-search,{{ lxc__net_fqdn }},{{ lxc__net_fqdn.split('.')[1:] | join('.') }} {% endif %} {% if not lxc__net_router|bool %} diff --git a/ansible/roles/debops.mailman/defaults/main.yml b/ansible/roles/debops.mailman/defaults/main.yml index 6ac3ca61f9..b984b45dc9 100644 --- a/ansible/roles/debops.mailman/defaults/main.yml +++ b/ansible/roles/debops.mailman/defaults/main.yml @@ -54,7 +54,7 @@ mailman__fqdn: '{{ ansible_fqdn }}' # .. envvar:: mailman__domain [[[ # # A DNS domain name of the host that manages the default mailing lists. -mailman__domain: '{{ ansible_domain if ansible_domain else ansible_hostname }}' +mailman__domain: '{{ ansible_domain }}' # ]]] # .. envvar:: mailman__site_domain [[[ diff --git a/ansible/roles/debops.monit/defaults/main.yml b/ansible/roles/debops.monit/defaults/main.yml index 8c5734e023..995b451469 100644 --- a/ansible/roles/debops.monit/defaults/main.yml +++ b/ansible/roles/debops.monit/defaults/main.yml @@ -44,7 +44,7 @@ monit__fqdn: '{{ ansible_local.core.fqdn monit__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: monit__check_interval [[[ diff --git a/ansible/roles/debops.mosquitto/defaults/main.yml b/ansible/roles/debops.mosquitto/defaults/main.yml index dbac7bbb25..f7d53783a6 100644 --- a/ansible/roles/debops.mosquitto/defaults/main.yml +++ b/ansible/roles/debops.mosquitto/defaults/main.yml @@ -176,7 +176,7 @@ mosquitto__fqdn: 'mqtt.{{ mosquitto__domain }}' mosquitto__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: mosquitto__http_dir_path [[[ diff --git a/ansible/roles/debops.netbox/defaults/main.yml b/ansible/roles/debops.netbox/defaults/main.yml index 5bf84e5b97..171bb229b5 100644 --- a/ansible/roles/debops.netbox/defaults/main.yml +++ b/ansible/roles/debops.netbox/defaults/main.yml @@ -27,7 +27,7 @@ netbox__fqdn: [ 'dcim.{{ netbox__domain }}', 'ipam.{{ netbox__domain }}' ] netbox__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # ]]] diff --git a/ansible/roles/debops.nginx/defaults/main.yml b/ansible/roles/debops.nginx/defaults/main.yml index 7c874999bd..bf81d596fe 100644 --- a/ansible/roles/debops.nginx/defaults/main.yml +++ b/ansible/roles/debops.nginx/defaults/main.yml @@ -707,7 +707,7 @@ nginx_acme_domain: 'acme.{{ ansible_domain }}' nginx__hostname_domains: [ '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' ] + else ansible_domain }}' ] # ]]] # .. envvar:: nginx_status [[[ diff --git a/ansible/roles/debops.nullmailer/defaults/main.yml b/ansible/roles/debops.nullmailer/defaults/main.yml index 49fb6eff3e..ded926b5d2 100644 --- a/ansible/roles/debops.nullmailer/defaults/main.yml +++ b/ansible/roles/debops.nullmailer/defaults/main.yml @@ -88,7 +88,7 @@ nullmailer__fqdn: '{{ ansible_fqdn }}' # .. envvar:: nullmailer__domain [[[ # # The default DNS domain used in different configuration variables of the role. -nullmailer__domain: '{{ ansible_domain if ansible_domain|d() else ansible_hostname }}' +nullmailer__domain: '{{ ansible_domain }}' # ]]] # .. envvar:: nullmailer__adminaddr [[[ diff --git a/ansible/roles/debops.opendkim/defaults/main.yml b/ansible/roles/debops.opendkim/defaults/main.yml index 110c78b3f7..d625e0df85 100644 --- a/ansible/roles/debops.opendkim/defaults/main.yml +++ b/ansible/roles/debops.opendkim/defaults/main.yml @@ -91,7 +91,7 @@ opendkim__socket: '{{ "/var/spool/postfix/opendkim/opendkim.sock" opendkim__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: opendkim__fqdn [[[ diff --git a/ansible/roles/debops.owncloud/defaults/main.yml b/ansible/roles/debops.owncloud/defaults/main.yml index eb3349895f..388698b21a 100644 --- a/ansible/roles/debops.owncloud/defaults/main.yml +++ b/ansible/roles/debops.owncloud/defaults/main.yml @@ -760,7 +760,7 @@ owncloud__fqdn: 'cloud.{{ owncloud__domain }}' owncloud__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # .. envvar:: owncloud__upload_size diff --git a/ansible/roles/debops.postfix/defaults/main.yml b/ansible/roles/debops.postfix/defaults/main.yml index a133ece821..749d01fa91 100644 --- a/ansible/roles/debops.postfix/defaults/main.yml +++ b/ansible/roles/debops.postfix/defaults/main.yml @@ -81,7 +81,7 @@ postfix__fqdn: '{{ ansible_local.core.fqdn postfix__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: postfix__relayhost [[[ diff --git a/ansible/roles/debops.prosody/defaults/main.yml b/ansible/roles/debops.prosody/defaults/main.yml index 3d239238ed..1edbbf471a 100644 --- a/ansible/roles/debops.prosody/defaults/main.yml +++ b/ansible/roles/debops.prosody/defaults/main.yml @@ -113,7 +113,7 @@ prosody__deploy_state: "present" prosody__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: prosody__admins [[[ diff --git a/ansible/roles/debops.rabbitmq_management/defaults/main.yml b/ansible/roles/debops.rabbitmq_management/defaults/main.yml index fc1ebdd9b9..69703b4253 100644 --- a/ansible/roles/debops.rabbitmq_management/defaults/main.yml +++ b/ansible/roles/debops.rabbitmq_management/defaults/main.yml @@ -46,7 +46,7 @@ rabbitmq_management__fqdn: 'rabbitmq.{{ rabbitmq_management__domain }}' rabbitmq_management__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: rabbitmq_management__webserver_allow [[[ diff --git a/ansible/roles/debops.redis_sentinel/defaults/main.yml b/ansible/roles/debops.redis_sentinel/defaults/main.yml index 976a432d45..6770b85945 100644 --- a/ansible/roles/debops.redis_sentinel/defaults/main.yml +++ b/ansible/roles/debops.redis_sentinel/defaults/main.yml @@ -68,7 +68,7 @@ redis_sentinel__auth_group: 'redis-auth' redis_sentinel__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: redis_sentinel__auth_password [[[ diff --git a/ansible/roles/debops.redis_server/defaults/main.yml b/ansible/roles/debops.redis_server/defaults/main.yml index f1dd7275f2..f7a5909acd 100644 --- a/ansible/roles/debops.redis_server/defaults/main.yml +++ b/ansible/roles/debops.redis_server/defaults/main.yml @@ -68,7 +68,7 @@ redis_server__auth_group: 'redis-auth' redis_server__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: redis_server__auth_password [[[ diff --git a/ansible/roles/debops.rstudio_server/defaults/main.yml b/ansible/roles/debops.rstudio_server/defaults/main.yml index 99f8070f42..f445f82397 100644 --- a/ansible/roles/debops.rstudio_server/defaults/main.yml +++ b/ansible/roles/debops.rstudio_server/defaults/main.yml @@ -234,7 +234,7 @@ rstudio_server__fqdn: 'rstudio.{{ rstudio_server__domain }}' rstudio_server__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: rstudio_server__upload_size [[[ diff --git a/ansible/roles/debops.rsyslog/defaults/main.yml b/ansible/roles/debops.rsyslog/defaults/main.yml index 72bd18fc94..8a8e06f043 100644 --- a/ansible/roles/debops.rsyslog/defaults/main.yml +++ b/ansible/roles/debops.rsyslog/defaults/main.yml @@ -240,7 +240,7 @@ rsyslog__send_over_tls_only: False # .. envvar:: rsyslog__domain [[[ # # The default DNS domain used to accept remote incoming logs from remote hosts. -rsyslog__domain: '{{ ansible_domain if ansible_domain else ansible_hostname }}' +rsyslog__domain: '{{ ansible_domain }}' # ]]] # .. envvar:: rsyslog__permitted_peers [[[ diff --git a/ansible/roles/debops.secret/defaults/main.yml b/ansible/roles/debops.secret/defaults/main.yml index d2fa5728ef..69eb5bed9c 100644 --- a/ansible/roles/debops.secret/defaults/main.yml +++ b/ansible/roles/debops.secret/defaults/main.yml @@ -72,7 +72,7 @@ secret__no_log: True secret__ldap_domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: secret__ldap_fqdn [[[ diff --git a/ansible/roles/debops.slapd/defaults/main.yml b/ansible/roles/debops.slapd/defaults/main.yml index a5291836a0..3246db75f9 100644 --- a/ansible/roles/debops.slapd/defaults/main.yml +++ b/ansible/roles/debops.slapd/defaults/main.yml @@ -177,7 +177,7 @@ slapd__log_dir: '/var/log/slapd' slapd__domain: '{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' # ]]] # .. envvar:: slapd__base_dn [[[ diff --git a/ansible/roles/debops.sshd/defaults/main.yml b/ansible/roles/debops.sshd/defaults/main.yml index 42cd2edd8e..62896aa460 100644 --- a/ansible/roles/debops.sshd/defaults/main.yml +++ b/ansible/roles/debops.sshd/defaults/main.yml @@ -852,7 +852,7 @@ sshd__pam_access__dependent_rules: origins: '.{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' - name: 'deny-root' comment: 'Deny access to root account via SSH from anywhere else' @@ -891,7 +891,7 @@ sshd__pam_access__dependent_rules: origins: '.{{ ansible_local.core.domain if (ansible_local|d() and ansible_local.core|d() and ansible_local.core.domain|d()) - else (ansible_domain if ansible_domain else ansible_hostname) }}' + else ansible_domain }}' - name: 'deny-all' comment: 'Deny access via SSH by anyone from anywhere' diff --git a/docs/news/upgrades.rst b/docs/news/upgrades.rst index ebacb6d656..7b30f737d9 100644 --- a/docs/news/upgrades.rst +++ b/docs/news/upgrades.rst @@ -100,6 +100,14 @@ Inventory variable changes You can check the :envvar:`lxc__default_configuration` variable to see which ``name`` parameters can change. +- The ``lxc__net_interface_fqdn`` variable has been renamed to + :envvar:`lxc__net_fqdn` to conform to the variable naming scheme for domain + and FQDN names used in different DebOps roles. The new variable defines the + final DNS domain for the LXC containers, as well as the DNS name of the + ``lxcbr0`` interface; the :envvar:`lxc__net_domain` variable which has done + that previously is now used to define the base DNS domain for the ``lxc.`` + subdomain. + - The :ref:`debops.ipxe` role default variables have been renamed to move them to their own ``ipxe__*`` namespace; you will have to update the Ansible inventory.