Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/963 This also simplifies Prerequisites, which is great. It'd be nice if we were doing these checks in some optional manner and reporting them as helpful messages (using `matrix_playbook_runtime_results`), but that's more complicated. I'd rather drop these checks completely.development
parent
5e1cf7f8b9
commit
93960b70be
@ -1,23 +0,0 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
dns_srv_record_checks: []
|
||||
|
||||
- block:
|
||||
- set_fact:
|
||||
dns_srv_record_check_ma1sd:
|
||||
service_and_protocol: "_matrix-identity._tcp"
|
||||
domain: "{{ (matrix_domain + '.') }}"
|
||||
expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
|
||||
expected_port: 443
|
||||
|
||||
- name: Determine domains that we require certificates for (ma1sd)
|
||||
set_fact:
|
||||
dns_srv_record_checks: "{{ dns_srv_record_checks + [dns_srv_record_check_ma1sd] }}"
|
||||
when: matrix_ma1sd_enabled|bool
|
||||
|
||||
- name: Perform DNS SRV checks
|
||||
include_tasks: "{{ role_path }}/tasks/self_check_dns_srv.yml"
|
||||
with_items: "{{ dns_srv_record_checks }}"
|
||||
loop_control:
|
||||
loop_var: dns_srv_record_check
|
@ -1,68 +0,0 @@
|
||||
---
|
||||
|
||||
# This requires the dnspython library which is usually unavailable.
|
||||
- name: Check DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} using Ansible dig lookup
|
||||
set_fact:
|
||||
lookup_dig_srv: "{{ lookup('dig', (dns_srv_record_check.service_and_protocol + '.' + dns_srv_record_check.domain + '/SRV'), 'flat=0', wantlist=False) }}"
|
||||
register: result_lookup_dig_srv
|
||||
ignore_errors: true
|
||||
|
||||
- name: Fail if DNS SRV check via Ansible dig lookup failed for non-dependency reason
|
||||
fail:
|
||||
msg: "DNS SRV record check via Ansible dig lookup plugin (which uses the dnspython package) failed. Error is: {{ result_lookup_dig_srv.msg }}"
|
||||
when: "result_lookup_dig_srv.failed and 'dnspython' not in result_lookup_dig_srv.msg"
|
||||
|
||||
# Fallback to using the dig CLI tool if dnspython was unavailable.
|
||||
- name: Check DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} using dig CLI tool
|
||||
shell:
|
||||
cmd: "dig -t srv {{ (dns_srv_record_check.service_and_protocol + '.' + dns_srv_record_check.domain)|quote }}"
|
||||
register: result_cli_dig_srv
|
||||
changed_when: false
|
||||
ignore_errors: true
|
||||
when: "lookup_dig_srv is not defined"
|
||||
|
||||
- name: Fail if dig CLI used and failed
|
||||
fail:
|
||||
msg: >-
|
||||
Failed performing DNS SRV record check.
|
||||
You neither have the `dnspython` Python package, nor the `dig` program installed locally.
|
||||
You need to install one of those, so we could perform a DNS SRV record check.
|
||||
Full error from trying to run `dig`: {{ result_cli_dig_srv }}
|
||||
when: "lookup_dig_srv is not defined and result_cli_dig_srv.stderr != ''"
|
||||
|
||||
# Some DNS servers may respond with '' (stands for "No Answer").
|
||||
# Most usually, a missing record would yield a 'NXDOMAIN' response.
|
||||
# In any case, we consider any non-mapping response to mean "missing record".
|
||||
- name: Fail if DNS SRV record missing (Ansible dig lookup)
|
||||
fail:
|
||||
msg: >-
|
||||
It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly (the record is missing).
|
||||
See the 'Configuring DNS' documentation for this playbook.
|
||||
when: "lookup_dig_srv is defined and lookup_dig_srv is not mapping"
|
||||
|
||||
- name: Fail if DNS SRV record incorrect (Ansible dig lookup)
|
||||
fail:
|
||||
msg: >-
|
||||
It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly.
|
||||
Expected it to point to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}).
|
||||
Found it pointing to `{{ lookup_dig_srv.target }}` (port {{ lookup_dig_srv.port }}).
|
||||
See the 'Configuring DNS' documentation for this playbook.
|
||||
when: "lookup_dig_srv is defined and (lookup_dig_srv.target != dns_srv_record_check.expected_target or lookup_dig_srv.port != dns_srv_record_check.expected_port)"
|
||||
|
||||
# We expect an answer like this:
|
||||
# ;; ANSWER SECTION:
|
||||
# _matrix._tcp.DOMAIN. 10800 IN SRV 10 0 8448 matrix.DOMAIN.
|
||||
- name: Fail if DNS SRV record missing or incorrect (dig CLI tool)
|
||||
fail:
|
||||
msg: >-
|
||||
It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly.
|
||||
Expected it to point to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}).
|
||||
See the 'Configuring DNS' documentation for this playbook.
|
||||
Full response from the `dig` lookup was: {{ result_cli_dig_srv }}
|
||||
when: "lookup_dig_srv is not defined and (dns_srv_record_check.expected_port|string + ' ' + dns_srv_record_check.expected_target) not in result_cli_dig_srv.stdout"
|
||||
|
||||
- name: Report correct DNS SRV record
|
||||
debug:
|
||||
msg: >-
|
||||
The DNS SRV record for `{{ dns_srv_record_check.service_and_protocol }}` on `{{ dns_srv_record_check.domain }}`
|
||||
points to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}), as expected.
|
Loading…
Reference in new issue