humble deploy-infra role + test

prepare-deploy-sno1.yml

@@ -5,4 +5,12 @@
   gather_facts: false
   roles:
     - role: check-env
+    - role: deploy-infra
+      vars:
+        node:
+          ip: 192.168.50.18
+          mac: 01-52-54-00-00-32-12
+          name: node
+          role: SNO
+          cluster: sno1
 ...

roles/deploy-infra/handlers/main.yml

@@ -0,0 +1,32 @@
+---
+- name: reload_named
+  service:
+    name: named
+    enabled: yes
+    state: reloaded
+
+- name: reload_haproxy
+  service:
+    name: haproxy
+    enabled: yes
+    state: reloaded
+
+- name: restart_chronyd
+  service:
+    name: chronyd
+    enabled: yes
+    state: restarted
+
+- name: restart_dhcpd
+  service:
+    name: dhcpd
+    enabled: yes
+    state: restarted
+
+- name: reload_bastion_dnsmasq
+  delegate_to: bastion.lab.example.com
+  service:
+    name: dnsmasq
+    enabled: yes
+    state: reloaded
+...

roles/deploy-infra/tasks/main.yml

@@ -0,0 +1,46 @@
+---
+# Deploys the infrastructure modifications needed to support SNOx node installation:
+#
+# - DNS zone files
+# - DNS zone configuration
+# - bastion zone delegation
+# - DHCP server modifications
+#
+# REQUIRES:
+#  - variable "node" according to vms structure
+#
+- name: Publish forward DNS zone
+  template:
+    src: templates/sno.zone.j2
+    dest: /var/named/{{ node.cluster }}.example.com.zone
+    mode: 0640
+    owner: root
+    group: named
+  notify:
+    - reload_named
+
+- name: Configure DNS to load the published zone
+  lineinfile:
+    path: /etc/named.conf
+    insertafter: "^# BEGIN ANSIBLE MANAGED DNS ZONES$"
+    regexp: '^zone "{{ node.cluster }}.example.com"'
+    line: 'zone "{{ node.cluster }}.example.com" { type master; file "{{ node.cluster }}.example.com.zone"; allow-update { none; }; };'
+    state: present
+  notify:
+    - reload_named
+
+- name: Update reverse DNS zone
+  lineinfile:
+    path: /var/named/50.168.192.in-addr.arpa.zone
+    insertafter: "^; BEGIN DYNAMIC 50 rZONE RECORDS$"
+    regexp: "^{{ node.ip | regex_replace('^192.168.50.', '') }}"
+    line: "{{ node.ip | regex_replace('^192.168.50.', '') }}      IN PTR {{ node.name }}.{{ node.cluster }}.example.com."
+    state: present
+  register: zoneupdate
+
+#- name: Extract the serial if rzone was updated
+#- name: Bump up the serial if rzone was updated
+
+# TODO: delegate zone on bastion
+# TODO: make sure DHCP server recognizes us
+...

roles/deploy-infra/templates/sno.zone.j2

@@ -0,0 +1,17 @@
+$TTL  1D
+@	IN  SOA dns.ocp4.example.com. root.example.com. (
+		2019022400 ; serial
+		3h	   ; refresh
+		15	   ; retry
+		1w	   ; expire
+		3h	   ; minimum
+		)
+		IN NS dns.ocp4.example.com.
+
+api		IN A {{ node.ip }}
+api-int		IN A {{ node.ip }}
+*.apps		IN A {{ node.ip }}
+
+{{ node.name }} IN A {{ node.ip }}
+
+; End of {{ node.cluster }}.example.com.zone