From bb12c4f749615252bea28971154aea4430abbc51 Mon Sep 17 00:00:00 2001
From: Sietse Snel <s.t.snel@uu.nl>
Date: Thu, 28 Mar 2024 15:20:17 +0100
Subject: [PATCH 1/3] Development VMs: override DNS configuration
Override default DNS configuration of development VMs (including
the controller), because it does not work reliably on Windows-based
VMs. Use the Google DNS servers instead.
---
environments/development/host_vars/epos-msl | 1 +
roles/common/defaults/main.yml | 4 +++
roles/common/files/resolved.conf | 24 +++++++++++++++
roles/common/handlers/main.yml | 6 ++++
roles/common/tasks/google_dns.yml | 15 ++++++++++
roles/common/tasks/main.yml | 3 ++
vagrant/provision_controller.sh | 33 +++++++++++++++++++++
7 files changed, 86 insertions(+)
create mode 100644 roles/common/defaults/main.yml
create mode 100644 roles/common/files/resolved.conf
create mode 100644 roles/common/tasks/google_dns.yml
diff --git a/environments/development/host_vars/epos-msl b/environments/development/host_vars/epos-msl
index b6004cc..88ba38e 100644
--- a/environments/development/host_vars/epos-msl
+++ b/environments/development/host_vars/epos-msl
@@ -7,6 +7,7 @@
ansible_host: 192.168.60.10 # EPOS-MSL host
ansible_user: vagrant # Administrative user on instance for Ansible
ansible_ssh_private_key_file: vagrant/ssh/vagrant # Path to private key file of administrative user
+commons_use_google_dns: true
#########################
# EPOS-MSL configuration
diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml
new file mode 100644
index 0000000..9d81fd0
--- /dev/null
+++ b/roles/common/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+# copyright Utrecht University
+
+commons_use_google_dns: false
diff --git a/roles/common/files/resolved.conf b/roles/common/files/resolved.conf
new file mode 100644
index 0000000..65ac45a
--- /dev/null
+++ b/roles/common/files/resolved.conf
@@ -0,0 +1,24 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See resolved.conf(5) for details
+
+[Resolve]
+DNS=8.8.8.8
+FallbackDNS=8.8.4.4
+#Domains=
+#LLMNR=no
+#MulticastDNS=no
+#DNSSEC=no
+#DNSOverTLS=no
+#Cache=no-negative
+#DNSStubListener=yes
+#ReadEtcHosts=yes
diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
index afc2d78..413e595 100644
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -5,3 +5,9 @@
ansible.builtin.service:
name: firewalld
state: restarted
+
+
+- name: Restart systemd-resolved
+ ansible.builtin.service:
+ name: systemd-resolved
+ state: restarted
diff --git a/roles/common/tasks/google_dns.yml b/roles/common/tasks/google_dns.yml
new file mode 100644
index 0000000..73488ba
--- /dev/null
+++ b/roles/common/tasks/google_dns.yml
@@ -0,0 +1,15 @@
+---
+# copyright Utrecht University
+
+- name: Update systemd-resolved config to use Google DNS servers
+ ansible.builtin.copy:
+ src: files/resolved.conf
+ dest: /etc/systemd/resolved.conf
+ owner: root
+ group: root
+ mode: "0644"
+ notify: Restart systemd-resolved
+
+
+- name: Flush handlers for immediate effect of changing DNS configuration
+ ansible.builtin.meta: flush_handlers
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index cc8f6b2..7ed3b13 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -1,6 +1,9 @@
---
# copyright Utrecht University
+- name: Update local DNS settings
+ ansible.builtin.import_tasks: google_dns.yml
+ when: commons_use_google_dns
- name: Run apt update
ansible.builtin.import_tasks: apt_update.yml
- name: Configure firewall
diff --git a/vagrant/provision_controller.sh b/vagrant/provision_controller.sh
index a2b6012..d9adaee 100644
--- a/vagrant/provision_controller.sh
+++ b/vagrant/provision_controller.sh
@@ -4,6 +4,39 @@
set -e
set -x
+# Configure VM to use Google DNS servers - the default configuration
+# does not work reliably on Windows.
+
+cat << RESOLVEDCONF > resolved.conf
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See resolved.conf(5) for details
+
+[Resolve]
+DNS=8.8.8.8
+FallbackDNS=8.8.4.4
+#Domains=
+#LLMNR=no
+#MulticastDNS=no
+#DNSSEC=no
+#DNSOverTLS=no
+#Cache=no-negative
+#DNSStubListener=yes
+#ReadEtcHosts=yes
+RESOLVEDCONF
+
+sudo cp resolved.conf /etc/systemd
+sudo systemctl restart systemd-resolved
+
sudo apt update
# Install Git if not present.
From 70a5371bdb5ecc61770c0cfb7a4a37cc21e4bc23 Mon Sep 17 00:00:00 2001
From: Sietse Snel <s.t.snel@uu.nl>
Date: Thu, 28 Mar 2024 15:59:27 +0100
Subject: [PATCH 2/3] MSL-API restart handler: tweak for reliability
The MSL-API restart handler worked unreliably because it hit race
conditions in Supervisorctl. Added sleep time between actions to
reduce the likelihood of such failures.
---
roles/msl_api/handlers/main.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/roles/msl_api/handlers/main.yml b/roles/msl_api/handlers/main.yml
index c16f91b..8c9fc3c 100644
--- a/roles/msl_api/handlers/main.yml
+++ b/roles/msl_api/handlers/main.yml
@@ -10,7 +10,7 @@
# Call command, rather than module, because module doesn't work
# right on Ubuntu 20.04
- name: Restart Laravel Worker Process # noqa command-instead-of-module
- ansible.builtin.command: supervisorctl restart laravel-worker:laravel-worker_00
+ ansible.builtin.shell: sleep 6 && supervisorctl stop laravel-worker:laravel-worker_00 && sleep 6 && supervisorctl start laravel-worker:laravel-worker_00
- name: Reload MSL-API configuration
ansible.builtin.command: /usr/bin/php8.0 artisan config:cache
From e1a8dc4f7b896af8d92a70a18fa8902fab499eef Mon Sep 17 00:00:00 2001
From: Sietse Snel <s.t.snel@uu.nl>
Date: Thu, 28 Mar 2024 16:23:44 +0100
Subject: [PATCH 3/3] CKAN DB init check: change failed value
Only display DB init check as failed if an unexpected failure occurs,
not if the DB is not initialized yet (which is expected when running
the playbook for the first time)
---
roles/ckan/tasks/main.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/roles/ckan/tasks/main.yml b/roles/ckan/tasks/main.yml
index e9923ca..21614ee 100644
--- a/roles/ckan/tasks/main.yml
+++ b/roles/ckan/tasks/main.yml
@@ -263,7 +263,7 @@
become: true
become_user: postgres
ansible.builtin.command: 'psql -d ckan_default -c "select * from public.user"'
- ignore_errors: true
+ failed_when: "userlist.rc != 0 and 'ERROR: relation \"public.user\" does not exist' not in userlist.stderr"
register: userlist
changed_when: false
vars:
@@ -277,13 +277,13 @@
vars:
# Pipelininig is needed for internal temporary files
ansible_ssh_pipelining: true
- when: 'userlist.rc !=0 or "default" not in userlist.stdout'
+ when: 'userlist.rc != 0 or "default" not in userlist.stdout'
# Reload supervisorctl as task, because there is no way to enforce ordering in
# Ansible handlers, and we need to reload before we can start tasks.
- name: Reload supervisorctl # noqa command-instead-of-module
ansible.builtin.command: supervisorctl reload
- when: 'userlist.rc !=0 or "default" not in userlist.stdout'
+ when: 'userlist.rc != 0 or "default" not in userlist.stdout'
- name: Check if CKAN admin user exists
become_user: root