From e91c770c67d1738fa1dfd02d134124c9f2924965 Mon Sep 17 00:00:00 2001 From: Ee Durbin Date: Thu, 29 Aug 2024 12:11:39 -0400 Subject: [PATCH] Allow Consul DNS to recurse on haproxy nodes PR #486 introduced resolution of hosts for haproxy backends via consul, but did not give it any way to resolve external DNS for the console/pythonanywhere or jobs.pyfound.org/applytojob.com backends. This adds a recursive DNS setup on the haproxy nodes so that they can successfully and fully resolve external services. --- pillar/dev/consul.sls | 5 +++++ salt/haproxy/config/consul-recursors.json | 3 +++ salt/haproxy/init.sls | 10 ++++++++++ 3 files changed, 18 insertions(+) create mode 100644 salt/haproxy/config/consul-recursors.json diff --git a/pillar/dev/consul.sls b/pillar/dev/consul.sls index 896d15a6..a88b58c5 100644 --- a/pillar/dev/consul.sls +++ b/pillar/dev/consul.sls @@ -17,3 +17,8 @@ consul: address: www.pythonanywhere.com service: console port: 443 + - datacenter: vagrant + node: jobspyfound + address: pythonsoftwarefoundation.applytojob.com + service: jobs + port: 443 diff --git a/salt/haproxy/config/consul-recursors.json b/salt/haproxy/config/consul-recursors.json new file mode 100644 index 00000000..ce929d48 --- /dev/null +++ b/salt/haproxy/config/consul-recursors.json @@ -0,0 +1,3 @@ +{ + "recursors": [{% for nameserver in salt['grains.get']('dns:nameservers') %}"{{ nameserver }}"{% if not loop.last %}, {% endif %}{% endfor %}] +} diff --git a/salt/haproxy/init.sls b/salt/haproxy/init.sls index 88689741..0c5103a3 100644 --- a/salt/haproxy/init.sls +++ b/salt/haproxy/init.sls @@ -15,6 +15,16 @@ include: /etc/nginx/conf.d/default.conf: file.absent +/etc/consul.d/recursors.json: + file.managed: + - source: salt://haproxy/config/consul-recursors.json + - template: jinja + - user: root + - group: root + - mode: "0644" + - require: + - pkg: consul-pkgs + haproxy: pkg: - installed