AKAI TSUKI

System development or Technical something

try dnsmasq

Install Dnsmasq

[root@cent7devops ~]# yum -y install dnsmasq

initial state after yum install

[root@cent7devops ~]# grep -v -e "^#.*" -e "^$" /etc/dnsmasq.conf
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig
[root@cent7devops ~]#
[root@cent7devops ~]# systemctl status dnsmasq
● dnsmasq.service - DNS caching server.
   Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[root@cent7devops ~]#
[root@cent7devops ~]# ls -l /etc/dnsmasq.conf
-rw-r--r-- 1 root root 26832 Apr 11 09:53 /etc/dnsmasq.conf
[root@cent7devops ~]#
[root@cent7devops ~]# ls -l /etc/dnsmasq.d/
total 0
[root@cent7devops ~]#

Configure 'dnsmasq.conf' and hosts file

[root@cent7devops ~]# diff /etc/dnsmasq.conf /etc/dnsmasq.conf.org
19c19
< domain-needed
---
> #domain-needed
21c21
< bogus-priv
---
> #bogus-priv
53c53
< strict-order
---
> #strict-order
[root@cent7devops ~]#
[root@cent7devops ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.10.111 gitlab.node01.devlocal node01
172.16.10.112 node02.devlocal node02
172.16.10.113 node03.devlocal node03
172.16.10.90 devops.devlocal devops
[root@cent7devops ~]#

and Start Dnsmasq

[root@cent7devops ~]# systemctl start dnsmasq
[root@cent7devops ~]#
[root@cent7devops ~]# systemctl is-active dnsmasq
active
[root@cent7devops ~]#

operation check

confirm to access Dnsmasq. In this case, "172.16.10.90" is the IP Address of server running Dnsmasq.

[root@localhost ~]# nmcli -t -f ipv4.dns c s enp0s3
ipv4.dns:172.16.10.90
[root@localhost ~]#

[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.16.10.90
[root@localhost ~]#

The hosts file in server for test have only localhost.

[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@localhost ~]#

Try to execute dig command.

[root@localhost ~]# dig node02 +noall +answer

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> node02 +noall +answer
;; global options: +cmd
node02.                 0       IN      A       172.16.10.112
[root@localhost ~]#
[root@localhost ~]# dig node03 +short
172.16.10.113
[root@localhost ~]#

I try to use opetion of "nmcli" command.

option "-t" and "-f"

ex. 1

[root@localhost ~]# nmcli -f ipv4.addresses c s enp0s3
ipv4.addresses:                         172.16.10.111/24
[root@localhost ~]#

ex. 2

[root@localhost ~]# nmcli -t -f ipv4.addresses c s enp0s3
ipv4.addresses:172.16.10.111/24
[root@localhost ~]#

ex. 3

[root@localhost ~]# nmcli -t -f ipv4 c s enp0s3
ipv4.method:manual
ipv4.dns:172.16.10.90
ipv4.dns-search:
ipv4.dns-options:
ipv4.dns-priority:0
ipv4.addresses:172.16.10.111/24
ipv4.gateway:172.16.10.1
ipv4.routes:
ipv4.route-metric:-1
ipv4.route-table:0
ipv4.ignore-auto-routes:no
ipv4.ignore-auto-dns:no
ipv4.dhcp-client-id:
ipv4.dhcp-timeout:0
ipv4.dhcp-send-hostname:yes
ipv4.dhcp-hostname:
ipv4.dhcp-fqdn:
ipv4.never-default:no
ipv4.may-fail:yes
ipv4.dad-timeout:-1
[root@localhost ~]#

option "-g"

ex. 1

[root@localhost ~]# nmcli -g connection.id c s enp0s3
enp0s3
[root@localhost ~]#

ex. 2

[root@localhost ~]# nmcli -g ipv4.addresses c s enp0s3
172.16.10.111/24
[root@localhost ~]#

systemd configuration for coredns

I refer to the page below.
https://github.com/coredns/deployment/blob/master/systemd/coredns.service

add coredns user

[root@cent7devops ~]# useradd coredns -s /sbin/nologin -c 'coredns user'

create service file for systemd

[root@cent7devops ~]# ls -l /etc/systemd/system/coredns.service
-rw-r--r-- 1 root root 464 Aug 16 08:27 /etc/systemd/system/coredns.service
[root@cent7devops ~]# 
[root@cent7devops ~]# cat /etc/systemd/system/coredns.service
[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target

[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
WorkingDirectory=/home/coredns
ExecStart=/usr/bin/coredns -conf=/etc/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure

[Install]
WantedBy=multi-user.target
[root@cent7devops ~]#

start coredns service

check status

[root@cent7devops ~]# systemctl is-active coredns
unknown
[root@cent7devops ~]#

start coredns service

[root@cent7devops ~]# systemctl start coredns
[root@cent7devops ~]# systemctl is-active coredns
active
[root@cent7devops ~]#

use hosts plugin of CoreDNS

Before this post, please see
try to use CoreDNS - AKAI TSUKI
use proxy plugin of CoreDNS - AKAI TSUKI

I'd like to perform name resolution(search ipaddress) by referring hosts file.
ref. https://coredns.io/plugins/hosts/

I prepare hosts file.

[root@cent7devops ~]# vi /etc/hosts
[root@cent7devops ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.10.111 gitlab.node01.devlocal node01
172.16.10.112 node02.devlocal node02
172.16.10.113 node03.devlocal node03
172.16.10.90 devops.devlocal devops
[root@cent7devops ~]#

and I edit "Corefile" as follows:

[root@cent7devops ~]# cat Corefile
. {
    proxy . 8.8.8.8:53
    errors
    log
}

devlocal {
    hosts /etc/hosts devlocal {
      172.16.10.114 node04.devlocal
      fallthrough
    }
    errors
    log
}

[root@cent7devops ~]#

and I send a SIGUSR1 signal to the process "coredns".

[root@cent7devops ~]# ps -aef | grep coredns
root      5664  1291  0 01:49 pts/0    00:00:39 coredns -conf Corefile
root     11065  2239  0 17:45 pts/2    00:00:00 grep --color=auto coredns
[root@cent7devops ~]#
[root@cent7devops ~]# kill -SIGUSR1 5664
[root@cent7devops ~]#

Then I check reply from CoreDNS using hosts plugin.

[root@cent7devops ~]# dig -p 53 @localhost A gitlab.node01.devlocal +short
172.16.10.111
[root@cent7devops ~]# dig -p 53 @localhost A gitlab.node01.devlocal +noall +answer

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -p 53 @localhost A gitlab.node01.devlocal +noall +answer
; (2 servers found)
;; global options: +cmd
gitlab.node01.devlocal. 3600    IN      A       172.16.10.111
[root@cent7devops ~]#

Output log is a below text.

[::1]:35747 - [13/Jul/2018:17:53:45 +0900] 27124 "A IN gitlab.node01.devlocal. udp 52 false 4096" NOERROR qr,aa,rd,ra 90 0.000058934s

Besides hosts plugin, CoreDNS can refer to dynamic settings using etcd.
I will try to use it.

use proxy plugin of CoreDNS

Before post, please see try to use CoreDNS - AKAI TSUKI

I configure Corefile to use proxy.
ref. https://coredns.io/plugins/proxy/

[root@cent7devops ~]# cat Corefile
. {
    proxy . 8.8.8.8:53
    errors
    log
}
[root@cent7devops ~]#

I need to send "SIGUSR1(10)" to CoreDNS, when CoreDNS reload Corefile.
ref. https://coredns.io/plugins/reload/
When I sent "SIGHUP(1)", CoreDNS didn't reload Corefile.
Though the web page in the above url described "SIGHUP" or "SIGUSR1".

[root@cent7devops ~]# ps -aef | grep coredns
root      5664  1291  0 01:49 pts/0    00:00:00 coredns -conf Corefile
root      5743  2239  0 01:58 pts/2    00:00:00 grep --color=auto coredns
[root@cent7devops ~]#
[root@cent7devops ~]# kill -10 5664

When CoreDNS reload configuration file, it output the following log.

2018/07/13 02:04:37 [INFO] SIGUSR1: Reloading
2018/07/13 02:04:37 [INFO] Reloading
2018/07/13 02:04:37 [INFO] Reloading complete

Then, I execute the following command.
I can get ipaddress to "akai-tsuki.hatenablog.com" by proxy (8.8.8.8 dns server).

[root@cent7devops ~]# dig -p 53 @localhost A akai-tsuki.hatenablog.com +noall +answer

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -p 53 @localhost A akai-tsuki.hatenablog.com +noall +answer
; (2 servers found)
;; global options: +cmd
akai-tsuki.hatenablog.com. 59   IN      A       13.230.115.161
akai-tsuki.hatenablog.com. 59   IN      A       13.115.18.61
[root@cent7devops ~]#

This is log of above command execution.

[::1]:48264 - [13/Jul/2018:02:05:21 +0900] 63209 "A IN akai-tsuki.hatenablog.com. udp 55 false 4096" NOERROR qr,rd,ra 137 0.170752488s

try to use CoreDNS

I get CoreDNS binary file.

[root@cent7devops ~]# wget https://github.com/coredns/coredns/releases/download/v1.2.0/coredns_1.2.0_linux_amd64.tgz
*snip*
[root@cent7devops ~]# ls coredns_1.2.0_linux_amd64.tgz
coredns_1.2.0_linux_amd64.tgz
[root@cent7devops ~]#
[root@cent7devops ~]# tar xfz coredns_1.2.0_linux_amd64.tgz
[root@cent7devops ~]# ls -1 coredns*
coredns
coredns_1.2.0_linux_amd64.tgz
[root@cent7devops ~]#

I check version.

[root@cent7devops ~]# coredns --version
CoreDNS-1.2.0
linux/amd64, go1.10.3, 2e322f6
[root@cent7devops ~]#

Next, I prepare Corefile. Corefile is configuration file of CoreDNS.

[root@cent7devops ~]# vi Corefile
[root@cent7devops ~]# cat Corefile
. {
    whoami
    errors
    log
}
[root@cent7devops ~]#

I run CoreDNS. Default port for CoreDNS is "53".

[root@cent7devops ~]# coredns -conf Corefile
.:53
2018/07/13 01:49:41 [INFO] CoreDNS-1.2.0
2018/07/13 01:49:41 [INFO] linux/amd64, go1.10.3, 2e322f6
CoreDNS-1.2.0
linux/amd64, go1.10.3, 2e322f6
[root@cent7devops ~]# ss -antp | grep 53
LISTEN     0      128         :::53                      :::*                   users:(("coredns",pid=5596,fd=3))
[root@cent7devops ~]#

I set firewall configuration to DNS.

[root@cent7devops ~]# firewall-cmd --list-services
dhcpv6-client ssh
[root@cent7devops ~]# firewall-cmd --add-service dns
success
[root@cent7devops ~]# firewall-cmd --add-service dns --permanent
success
[root@cent7devops ~]# firewall-cmd --list-services
dhcpv6-client ssh dns
[root@cent7devops ~]#

I got response to dig commnad.

[root@cent7devops ~]# dig -p 53 @localhost AAA .

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -p 53 @localhost AAA .
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25187
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
*snip*

[root@cent7devops ~]#

When I execute dig command, CoreDNS output the following log in STDOUT.

[::1]:37018 - [13/Jul/2018:01:50:05 +0900] 58016 "A IN aaa. udp 33 false 4096" NOERROR qr,aa,rd 92 0.00010228s
[::1]:43725 - [13/Jul/2018:01:50:05 +0900] 13554 "A IN . udp 30 false 4096" NOERROR qr,aa,rd 82 0.000038707s

Install docker using ansible.

I create playbook file "docker_install.yml" to install docker-ce.

---
- name: Install Docker
  hosts: grp_node
  tasks:
  - name: Install package needed for docker-ce
    yum:
      name: '{{ item }}'
      state: installed
    with_items:
      - "yum-utils"
      - "device-mapper-persistent-data"
      - "lvm2"

  - name: Add Docker GPG key.
    rpm_key:
      key: https://download.docker.com/linux/centos/gpg
      state: present

  - name: Check repository
    shell: yum repolist enabled
    args:
      warn: false
    register: repolist_info
    changed_when: false

  - name: debug
    debug:
      var: repolist_info

  - name: Add repository, if don't add yet.
    shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
    when: "'Docker CE Stable' not in repolist_info.stdout"
    ## You can also perform the following writing.
    # when: repolist_info.stdout.find('Docker CE Stable') == -1

  - name: Install docker-ce package
    yum:
      name: '{{ item }}'
      state: installed
    with_items:
      - "docker-ce"

To install docker, I execute following command.

[root@cent7devops ansible-test]# ansible-playbook docker_install.yml -l node01