From 1bd12cc4598be0a3a5918c5289e5f264af126c59 Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Thu, 8 Sep 2016 12:20:42 +0200 Subject: [PATCH 01/14] Refactoring package installation --- defaults/main.yml | 7 ++++ files/pdns.pin | 3 -- tasks/{configuration.yml => configure.yml} | 0 tasks/install-packages.yml | 41 ++++++++++++++++++++++ tasks/install-url.yml | 33 +++++++++++++++++ tasks/install.packages-debian.yml | 33 ----------------- tasks/install.packages-redhat.yml | 23 ------------ tasks/install.url-debian.yml | 28 --------------- tasks/main.yml | 29 ++++----------- templates/pdns-recursor.pin | 6 +++- vars/{default.yml => Debian.yml} | 0 vars/RedHat.yml | 1 + vars/main.yml | 12 ++++++- 13 files changed, 105 insertions(+), 111 deletions(-) delete mode 100644 files/pdns.pin rename tasks/{configuration.yml => configure.yml} (100%) create mode 100644 tasks/install-packages.yml create mode 100644 tasks/install-url.yml delete mode 100644 tasks/install.packages-debian.yml delete mode 100644 tasks/install.packages-redhat.yml delete mode 100644 tasks/install.url-debian.yml rename vars/{default.yml => Debian.yml} (100%) diff --git a/defaults/main.yml b/defaults/main.yml index 50e20ce..7f0b564 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,12 @@ --- + +# PowerDNS Recursor installation type pdns_rec_installation_type: packages + +# The repository from which download the PowerDNS Recursor package. +# Currently supported values are: +# - os, default os repository +# - powerdns, use the powerdns repository pdns_rec_repo_provider: os # Install packages from the master powerdns repo by default diff --git a/files/pdns.pin b/files/pdns.pin deleted file mode 100644 index 24d2bea..0000000 --- a/files/pdns.pin +++ /dev/null @@ -1,3 +0,0 @@ -Package: pdns-* -Pin: origin repo.powerdns.com -Pin-Priority: 600 diff --git a/tasks/configuration.yml b/tasks/configure.yml similarity index 100% rename from tasks/configuration.yml rename to tasks/configure.yml diff --git a/tasks/install-packages.yml b/tasks/install-packages.yml new file mode 100644 index 0000000..a932856 --- /dev/null +++ b/tasks/install-packages.yml @@ -0,0 +1,41 @@ +--- + +- name: Import the PowerDNS Recursor APT repository key + apt_key: + url: "{{ pdns_rec_apt_keys[pdns_rec_repo_branch]['url'] }}" + id: "{{ pdns_rec_apt_keys[pdns_rec_repo_branch]['id'] }}" + when: pdns_rec_repo_provider == "powerdns" and ansible_os_family == "Debian" + +- name: Add the PowerDNS Recursor APT repository + apt_repository: + repo: "{{ pdns_rec_apt_repo }}" + when: pdns_rec_repo_provider == "powerdns" and ansible_os_family == "Debian" + +- name: Pin the PowerDNS Recursor package the PowerDNS APT Repository + template: + src: pdns-recursor.pin + dest: /etc/apt/preferences.d/pdns-recursor + when: pdns_rec_repo_provider == "powerdns" and ansible_os_family == "Debian" + +- name: Install yum-plugin-priorities + package: + name: yum-plugin-priorities + state: installed + when: pdns_rec_repo_provider == "powerdns" and ansible_os_family == "RedHat" + +- name: Add the PowerDNS Recursor YUM repository + get_url: + url: "{{ pdns_rec_yum_repo }}" + dest: /etc/yum.repos.d/powerdns-rec-{{ pdns_rec_repo_branch }}.repo + when: pdns_rec_repo_provider == "powerdns" and ansible_os_family == "RedHat" + +- name: Install epel-release + package: + name: epel-release + state: installed + when: ansible_os_family == "RedHat" + +- name: Install the PowerDNS Recursor package + package: + name: pdns-recursor + state: present diff --git a/tasks/install-url.yml b/tasks/install-url.yml new file mode 100644 index 0000000..40c9cc9 --- /dev/null +++ b/tasks/install-url.yml @@ -0,0 +1,33 @@ +--- + +- name: Get the PowerDNS Recursor package name + set_fact: + pdns_rec_pkg_name: "{{ pdns_rec_url.split('/')[-1] }}" + +- name: Get the PowerDNS Recursor package version + set_fact: + pdns_rec_pkg_version: "{{ pdns_rec_pkg_name.split('_')[-2] }}" + +- name: Download the PowerDNS Recursor package + get_url: + url: "{{ pdns_rec_url }}" + dest: "/tmp/{{ pdns_rec_pkg_name }}" + checksum: "{{ pdns_rec_url_checksum }}" + +- name: Pin the PowerDNS Recursor package to the downloaded version + template: + src: pdns-recursor.pin + dest: /etc/apt/preferences.d/pdns-recursor + when: ansible_os_family == "Debian" + +- name: Install the PowerDNS Recursor package with APT + apt: deb="/tmp/{{ pdns_rec_pkg_name }}" + failed_when: False + when: ansible_os_family == "Debian" + +- name: Install the PowerDNS Recursor package APT dependencies + command: apt-get -f install + when: ansible_os_family == "Debian" + +- name: Install the PowerDNS Recursor package with YUM + yum: name="/tmp/{{ pdns_rec_pkg_name }}" state=present diff --git a/tasks/install.packages-debian.yml b/tasks/install.packages-debian.yml deleted file mode 100644 index 8e868ad..0000000 --- a/tasks/install.packages-debian.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- - -- name: Import the PowerDNS Recursor 'master' APT repository key - apt_key: - url: http://repo.powerdns.com/CBC8B383-pub.asc - id: D47975F8DAE32700A563E64FFF389421CBC8B383 - when: pdns_rec_repo_provider == "powerdns" and pdns_rec_repo_branch == "master" - -- name: Import the PowerDNS Recursor '4.0.x' APT repository key - apt_key: - url: http://repo.powerdns.com/FD380FBB-pub.asc - id: 9FAAA5577E8FCF62093D036C1B0C6205FD380FBB - when: pdns_rec_repo_provider == "powerdns" and pdns_rec_repo_branch in ["40"] - -- name: Pinning the PowerDNS packages to the PowerDNS APT repo - copy: - dest: /etc/apt/preferences.d/pdns - src: pdns.pin - owner: root - group: root - mode: 0644 - when: pdns_rec_repo_provider == "powerdns" - -- name: Add the PowerDNS Recursor APT repository - apt_repository: - repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-{{ pdns_rec_repo_branch }} main" - when: pdns_rec_repo_provider == "powerdns" - -- name: Install the PowerDNS Recursor package - apt: - name: pdns-recursor - state: present - update_cache: yes diff --git a/tasks/install.packages-redhat.yml b/tasks/install.packages-redhat.yml deleted file mode 100644 index 664261c..0000000 --- a/tasks/install.packages-redhat.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- - -- name: Install yum-plugin-priorities - yum: - name: yum-plugin-priorities - state: installed - when: pdns_rec_repo_provider == "powerdns" - -- name: Add the PowerDNS Recursor YUM repository - get_url: - url: https://repo.powerdns.com/repo-files/{{ ansible_distribution | lower() }}-rec-{{ pdns_rec_repo_branch }}.repo - dest: /etc/yum.repos.d/powerdns-rec-{{ pdns_rec_repo_branch }}.repo - when: pdns_rec_repo_provider == "powerdns" - -- name: Install epel-release - yum: - name: epel-release - update_cache: yes - -- name: Install the PowerDNS Recursor package - yum: - name: pdns-recursor - state: installed diff --git a/tasks/install.url-debian.yml b/tasks/install.url-debian.yml deleted file mode 100644 index 044ddfc..0000000 --- a/tasks/install.url-debian.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- - -- name: Get the name of the package - set_fact: - pdns_rec_pkg_name: "{{ pdns_rec_url.split('/')[-1] }}" - -- name: Get the version of the package - set_fact: - pdns_rec_pkg_version: "{{ pdns_rec_pkg_name.split('_')[-2] }}" - -- name: Grab the package - get_url: - url: "{{ pdns_rec_url }}" - dest: "/tmp/{{ pdns_rec_pkg_name }}" - checksum: "{{ pdns_rec_url_checksum }}" - -- name: Pinning the pdns-recursor package to the downloaded version - template: - src: pdns-recursor.pin - dest: /etc/apt/preferences.d/pdns - -- name: Install the package, ignoring dependency errors - apt: - deb: "/tmp/{{ pdns_rec_pkg_name }}" - failed_when: False - -- name: Install dependencies - command: apt-get -f install diff --git a/tasks/main.yml b/tasks/main.yml index 15080fc..db7fb6f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,25 +1,21 @@ --- - name: Include os-specific variables - include_vars: "{{ item }}" - with_first_found: - - "vars/{{ ansible_os_family }}.yml" - - "vars/default.yml" + include_vars: "{{ ansible_os_family }}.yml" - name: Validating role variables include: validate.yml -- include: install.packages-debian.yml - when: pdns_rec_installation_type == "packages" and ansible_os_family == "Debian" +- include: "install-{{ pdns_rec_installation_type }}.yml" tags: - - packages + - "{{ pdns_rec_installation_type }}" - install -- include: install.packages-redhat.yml - when: pdns_rec_installation_type == "packages" and ansible_os_family == "RedHat" +- include: configure.yml tags: - - packages - - install + - conf + - config + - configuration # TODO #- include: install.source-debian.yml @@ -35,17 +31,6 @@ # - source # - install -- include: install.url-debian.yml - when: pdns_rec_installation_type == "url" and ansible_os_family == "Debian" - tags: - - url - - install - -- include: configuration.yml - tags: - - conf - - config - - configuration - name: Start and enable the PowerDNS Recursor service service: diff --git a/templates/pdns-recursor.pin b/templates/pdns-recursor.pin index 71e5079..929aaf6 100644 --- a/templates/pdns-recursor.pin +++ b/templates/pdns-recursor.pin @@ -1,3 +1,7 @@ Package: pdns-recursor +{% if pdns_rec_installation_type == 'url' %} Pin: version {{ pdns_rec_pkg_version }}* -Pin-Priority: 1001 +{% else %} +Pin: origin repo.powerdns.com +{% endif %} +Pin-Priority: 900 diff --git a/vars/default.yml b/vars/Debian.yml similarity index 100% rename from vars/default.yml rename to vars/Debian.yml diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 6414456..bc73d20 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,4 +1,5 @@ --- + pdns_rec_user: "pdns-recursor" pdns_rec_group: "pdns-recursor" pdns_rec_config_dir: "/etc/pdns-recursor" diff --git a/vars/main.yml b/vars/main.yml index 9ae0901..65b78b6 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,2 +1,12 @@ --- -# vars file for pdns_recursor-ansible + +# PowerDNS Recursor APT Repository +pdns_rec_apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-{{ pdns_rec_repo_branch }} main" + +# PowerDNS Recursor APT Repository GPG keys +pdns_rec_apt_keys: { + "master": { url: "http://repo.powerdns.com/CBC8B383-pub.asc", id: "D47975F8DAE32700A563E64FFF389421CBC8B383" }, + "40": { url: "http://repo.powerdns.com/FD380FBB-pub.asc", id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB" } +} + +pdns_rec_yum_repo: "https://repo.powerdns.com/repo-files/{{ ansible_distribution | lower }}-rec-{{ pdns_rec_repo_branch }}.repo" From 78143a146dcff3895ddb795993ee0e091cdb04c9 Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Thu, 8 Sep 2016 14:20:56 +0200 Subject: [PATCH 02/14] Checking the pdns_recursor version before installing the package. This commit address issue #11 and introduces the follwing breaking changes: - removes the support to the url installation method (not removed from the README, yet) - ansible now queries YUM/APT repos before installing the pdn_recursor package to extract the available version - pdn_recursor is configured before actually installing the packages (see #11) --- tasks/inspect-Debian.yml | 5 +++++ tasks/inspect-RedHat.yml | 8 ++++++++ tasks/install-packages.yml | 41 ------------------------------------- tasks/install-url.yml | 33 ----------------------------- tasks/install.yml | 12 +++++++++++ tasks/main.yml | 31 ++++++++++++---------------- tasks/repo-Debian.yml | 15 ++++++++++++++ tasks/repo-RedHat.yml | 11 ++++++++++ templates/pdns-recursor.pin | 2 +- 9 files changed, 65 insertions(+), 93 deletions(-) create mode 100644 tasks/inspect-Debian.yml create mode 100644 tasks/inspect-RedHat.yml delete mode 100644 tasks/install-packages.yml delete mode 100644 tasks/install-url.yml create mode 100644 tasks/install.yml create mode 100644 tasks/repo-Debian.yml create mode 100644 tasks/repo-RedHat.yml diff --git a/tasks/inspect-Debian.yml b/tasks/inspect-Debian.yml new file mode 100644 index 0000000..7d43264 --- /dev/null +++ b/tasks/inspect-Debian.yml @@ -0,0 +1,5 @@ +--- + +- name: Extract the PowerDNS Recursor Version from APT + shell: "apt-cache madison pdns-recursor | awk '/{%if pdns_rec_repo_provider == 'powerdns'%}repo.powerdns.com{%endif%}/ {print $3}' | head -1" + register: pdns_recursor_version_result diff --git a/tasks/inspect-RedHat.yml b/tasks/inspect-RedHat.yml new file mode 100644 index 0000000..a9967a4 --- /dev/null +++ b/tasks/inspect-RedHat.yml @@ -0,0 +1,8 @@ +--- + +## NB: The `which yum` is needed to suppress the annoying +## "[WARNING]: Consider using yum module rather than running yum" +## message. +- name: Extract the PowerDNS Recursor Version from YUM + shell: "`which yum` list pdns-recursor 2>&1 | awk '/pdns-recursor/ {print $2}'" + register: pdns_recursor_version_result diff --git a/tasks/install-packages.yml b/tasks/install-packages.yml deleted file mode 100644 index a932856..0000000 --- a/tasks/install-packages.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- - -- name: Import the PowerDNS Recursor APT repository key - apt_key: - url: "{{ pdns_rec_apt_keys[pdns_rec_repo_branch]['url'] }}" - id: "{{ pdns_rec_apt_keys[pdns_rec_repo_branch]['id'] }}" - when: pdns_rec_repo_provider == "powerdns" and ansible_os_family == "Debian" - -- name: Add the PowerDNS Recursor APT repository - apt_repository: - repo: "{{ pdns_rec_apt_repo }}" - when: pdns_rec_repo_provider == "powerdns" and ansible_os_family == "Debian" - -- name: Pin the PowerDNS Recursor package the PowerDNS APT Repository - template: - src: pdns-recursor.pin - dest: /etc/apt/preferences.d/pdns-recursor - when: pdns_rec_repo_provider == "powerdns" and ansible_os_family == "Debian" - -- name: Install yum-plugin-priorities - package: - name: yum-plugin-priorities - state: installed - when: pdns_rec_repo_provider == "powerdns" and ansible_os_family == "RedHat" - -- name: Add the PowerDNS Recursor YUM repository - get_url: - url: "{{ pdns_rec_yum_repo }}" - dest: /etc/yum.repos.d/powerdns-rec-{{ pdns_rec_repo_branch }}.repo - when: pdns_rec_repo_provider == "powerdns" and ansible_os_family == "RedHat" - -- name: Install epel-release - package: - name: epel-release - state: installed - when: ansible_os_family == "RedHat" - -- name: Install the PowerDNS Recursor package - package: - name: pdns-recursor - state: present diff --git a/tasks/install-url.yml b/tasks/install-url.yml deleted file mode 100644 index 40c9cc9..0000000 --- a/tasks/install-url.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- - -- name: Get the PowerDNS Recursor package name - set_fact: - pdns_rec_pkg_name: "{{ pdns_rec_url.split('/')[-1] }}" - -- name: Get the PowerDNS Recursor package version - set_fact: - pdns_rec_pkg_version: "{{ pdns_rec_pkg_name.split('_')[-2] }}" - -- name: Download the PowerDNS Recursor package - get_url: - url: "{{ pdns_rec_url }}" - dest: "/tmp/{{ pdns_rec_pkg_name }}" - checksum: "{{ pdns_rec_url_checksum }}" - -- name: Pin the PowerDNS Recursor package to the downloaded version - template: - src: pdns-recursor.pin - dest: /etc/apt/preferences.d/pdns-recursor - when: ansible_os_family == "Debian" - -- name: Install the PowerDNS Recursor package with APT - apt: deb="/tmp/{{ pdns_rec_pkg_name }}" - failed_when: False - when: ansible_os_family == "Debian" - -- name: Install the PowerDNS Recursor package APT dependencies - command: apt-get -f install - when: ansible_os_family == "Debian" - -- name: Install the PowerDNS Recursor package with YUM - yum: name="/tmp/{{ pdns_rec_pkg_name }}" state=present diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..66323b8 --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,12 @@ +--- + +- name: Install epel-release + package: + name: epel-release + state: installed + when: ansible_os_family == "RedHat" + +- name: Install the PowerDNS Recursor package + package: + name: pdns-recursor + state: present diff --git a/tasks/main.yml b/tasks/main.yml index db7fb6f..178c4e7 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,13 +3,19 @@ - name: Include os-specific variables include_vars: "{{ ansible_os_family }}.yml" -- name: Validating role variables - include: validate.yml +- include: validate.yml -- include: "install-{{ pdns_rec_installation_type }}.yml" +- include: "repo-{{ ansible_os_family }}.yml" + when: pdns_rec_repo_provider == "powerdns" tags: - - "{{ pdns_rec_installation_type }}" - install + - repository + +- include: "inspect-{{ ansible_os_family }}.yml" + +- name: Export the pdns_recursor_version variable + set_fact: + pdns_recursor_version: "{{ pdns_recursor_version_result['stdout'].split('-')[0] }}" - include: configure.yml tags: @@ -17,20 +23,9 @@ - config - configuration -# TODO -#- include: install.source-debian.yml -# when: pdns_installation_type == "source" and ansible_os_family == "Debian" -# tags: -# - source -# - install -# -# TODO -#- include: install.source-redhat.yml -# when: pdns_installation_type == "source" and ansible_os_family == "RedHat" -# tags: -# - source -# - install - +- include: install.yml + tags: + - install - name: Start and enable the PowerDNS Recursor service service: diff --git a/tasks/repo-Debian.yml b/tasks/repo-Debian.yml new file mode 100644 index 0000000..fa34cee --- /dev/null +++ b/tasks/repo-Debian.yml @@ -0,0 +1,15 @@ +--- + +- name: Import the PowerDNS Recursor APT repository key + apt_key: + url: "{{ pdns_rec_apt_keys[pdns_rec_repo_branch]['url'] }}" + id: "{{ pdns_rec_apt_keys[pdns_rec_repo_branch]['id'] }}" + +- name: Add the PowerDNS Recursor APT repository + apt_repository: + repo: "{{ pdns_rec_apt_repo }}" + +- name: Pin the PowerDNS Recursor package the PowerDNS APT Repository + template: + src: pdns-recursor.pin + dest: /etc/apt/preferences.d/pdns-recursor diff --git a/tasks/repo-RedHat.yml b/tasks/repo-RedHat.yml new file mode 100644 index 0000000..6ad23f4 --- /dev/null +++ b/tasks/repo-RedHat.yml @@ -0,0 +1,11 @@ +--- + +- name: Install yum-plugin-priorities + package: + name: yum-plugin-priorities + state: installed + +- name: Add the PowerDNS Recursor YUM repository + get_url: + url: "{{ pdns_rec_yum_repo }}" + dest: /etc/yum.repos.d/powerdns-rec-{{ pdns_rec_repo_branch }}.repo diff --git a/templates/pdns-recursor.pin b/templates/pdns-recursor.pin index 929aaf6..6a99cfb 100644 --- a/templates/pdns-recursor.pin +++ b/templates/pdns-recursor.pin @@ -4,4 +4,4 @@ Pin: version {{ pdns_rec_pkg_version }}* {% else %} Pin: origin repo.powerdns.com {% endif %} -Pin-Priority: 900 +Pin-Priority: 600 From 6bd35173957f3732e6d8eafd0ae43aebd1f035ec Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Thu, 8 Sep 2016 14:43:25 +0200 Subject: [PATCH 03/14] Cleaning up and fixing idempotency --- tasks/configure.yml | 13 ++----------- tasks/inspect-Debian.yml | 1 + tasks/inspect-RedHat.yml | 1 + 3 files changed, 4 insertions(+), 11 deletions(-) diff --git a/tasks/configure.yml b/tasks/configure.yml index fbadbc4..d0a20d7 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -1,22 +1,13 @@ --- -- name: Ensure the PowerDNS configuration directory exists +- name: Ensure that the PowerDNS configuration directory exists file: name: "{{ pdns_rec_config_dir | default('/etc/powerdns') }}" state: directory owner: root group: root -- name: Grab pdns_recursor version - shell: "pdns_recursor --version 2>&1 | awk '/PowerDNS Recursor/ { print $6 }'" - register: pdns_recursor_version_result - changed_when: false - -- name: Set pdns_recursor variable - set_fact: - pdns_recursor_version: "{{ pdns_recursor_version_result.stdout }}" - -- name: Add configuration for the PowerDNS Recursor +- name: Add the PowerDNS Recursor configuration template: src: recursor.conf.j2 dest: "{{ pdns_rec_config_dir | default('/etc/powerdns') }}/recursor.conf" diff --git a/tasks/inspect-Debian.yml b/tasks/inspect-Debian.yml index 7d43264..5153298 100644 --- a/tasks/inspect-Debian.yml +++ b/tasks/inspect-Debian.yml @@ -3,3 +3,4 @@ - name: Extract the PowerDNS Recursor Version from APT shell: "apt-cache madison pdns-recursor | awk '/{%if pdns_rec_repo_provider == 'powerdns'%}repo.powerdns.com{%endif%}/ {print $3}' | head -1" register: pdns_recursor_version_result + changed_when: False diff --git a/tasks/inspect-RedHat.yml b/tasks/inspect-RedHat.yml index a9967a4..f07aebd 100644 --- a/tasks/inspect-RedHat.yml +++ b/tasks/inspect-RedHat.yml @@ -6,3 +6,4 @@ - name: Extract the PowerDNS Recursor Version from YUM shell: "`which yum` list pdns-recursor 2>&1 | awk '/pdns-recursor/ {print $2}'" register: pdns_recursor_version_result + changed_when: False From 120e83cbe397c672497ffd55a6f96d5db8542228 Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Fri, 9 Sep 2016 12:54:08 +0200 Subject: [PATCH 04/14] Replaced awk with the {apt,yum}_madison modules --- library/apt_madison | 70 ++++++++++++++++++++++++++++++++++++++++ library/yum_madison | 67 ++++++++++++++++++++++++++++++++++++++ tasks/inspect-Debian.yml | 15 +++++++-- tasks/inspect-RedHat.yml | 22 ++++++++++--- tasks/main.yml | 4 --- tasks/repo-Debian.yml | 2 +- 6 files changed, 168 insertions(+), 12 deletions(-) create mode 100644 library/apt_madison create mode 100644 library/yum_madison diff --git a/library/apt_madison b/library/apt_madison new file mode 100644 index 0000000..9ecf499 --- /dev/null +++ b/library/apt_madison @@ -0,0 +1,70 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Originally published at +# https://gist.github.com/atosatto/cb8d5b1866357cc491cefe840c160575 + +import apt + +DOCUMENTATION = """ +--- +module: apt_madison +short_description: Extract the available versions of a package from the APT cache. +description: + - This module extracts available versions of a package from the APT cache. +options: + name: + required: true + description: + - Name of the package. + aliases: [ pkg, package ] + update_cache: + required: false + default: no + choices: [ no, yes ] + description: + - Run the equivalent of `apt-get update` before the operation. +requirements: [ python-apt ] +""" + +def main(): + module = AnsibleModule( + argument_spec=dict( + package=dict(required=True, aliases=['pkg', 'name'], type='str'), + update_cache = dict(default=False, aliases=['update-cache'], type='bool') + )) + + cache = apt.Cache() + if module.params.get('update_cache'): + cache.update() + + pkg_name = module.params.get('package') + pkg_versions = None + try: + pkg_versions = cache[pkg_name].versions + except: + module.fail_json(msg="Could not find package %s in the apt cache." % pkg_name) + + retvals = [] + for v in pkg_versions: + for repo in v.origins: + retvals.append({ + "name": pkg_name, + "version": v.version, + "architecture": v.architecture, + "raw_description": v.raw_description, + "size": v.size, + "repo_name": repo.origin, + "repo_archive": repo.archive, + "repo_component": repo.component, + "repo_site": repo.site, + "repo_label": repo.label, + "repo_trusted": repo.trusted + }) + + module.exit_json(changed=False, versions=retvals) + +# import module snippets +from ansible.module_utils.basic import * +if __name__ == '__main__': + main() diff --git a/library/yum_madison b/library/yum_madison new file mode 100644 index 0000000..85497a4 --- /dev/null +++ b/library/yum_madison @@ -0,0 +1,67 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Originally published at +# https://gist.github.com/atosatto/12c01e8d22533884c87a755989cd36eb + +DOCUMENTATION = """ +--- +module: yum_madison +short_description: Extract the available versions of a package from YUM. +description: + - This module extracts the available versions of a package from YUM. +options: + name: + required: true + description: + - Name of the package. + aliases: [ pkg, package ] + update_cache: + required: false + default: no + choices: [ no, yes ] + description: + - Force updating the cache. +requirements: [ yum ] +""" + +def main(): + module = AnsibleModule( + argument_spec=dict( + package=dict(required=True, aliases=['pkg', 'name'], type='str'), + update_cache = dict(default=False, aliases=['update-cache'], type='bool') + )) + + yumbin = module.get_bin_path('yum') + pkg_name = module.params.get('package') + yum_basecmd = [yumbin, '-d', '2', '-y'] + + if module.params.get('update_cache'): + module.run_command(yum_basecmd + ['makecache']) + + yum_madcmd = yum_basecmd + ['list', '--showduplicates', '--quiet', pkg_name ] + rc, out, err = module.run_command(yum_madcmd) + + if rc != 0: + module.fail_json(msg='Error from yum: %s: %s' % (yum_madcmd, err)) + out_lines = [ o for o in out.split('\n') if o.strip() ] + + retvals = [] + state = "" + for l in out_lines: + + if l.startswith(pkg_name): + p = l.split() + retvals.append({ + "name": pkg_name, + "version": p[1], + "architecture": p[0].split('.')[-1], + "repo_name": p[2] + }) + + module.exit_json(changed=False, versions=retvals) + +# import module snippets +from ansible.module_utils.basic import * +if __name__ == '__main__': + main() diff --git a/tasks/inspect-Debian.yml b/tasks/inspect-Debian.yml index 5153298..5bd2e04 100644 --- a/tasks/inspect-Debian.yml +++ b/tasks/inspect-Debian.yml @@ -1,6 +1,17 @@ --- - name: Extract the PowerDNS Recursor Version from APT - shell: "apt-cache madison pdns-recursor | awk '/{%if pdns_rec_repo_provider == 'powerdns'%}repo.powerdns.com{%endif%}/ {print $3}' | head -1" - register: pdns_recursor_version_result + apt_madison: + name: "pdns-recursor" + update_cache: yes changed_when: False + register: pdns_recursor_version_result + +- name: Export the pdns_recursor_version variable for Debian + set_fact: + pdns_recursor_version: | + {% if pdns_rec_repo_provider == 'powerdns' %} + {{ pdns_recursor_version_result.versions | selectattr("repo_name", "equalto", "PowerDNS") | map(attribute='version') | first }} + {% else %} + {{ pdns_recursor_version_result.versions | map(attribute='version') | first }} + {% endif %} diff --git a/tasks/inspect-RedHat.yml b/tasks/inspect-RedHat.yml index f07aebd..e77c142 100644 --- a/tasks/inspect-RedHat.yml +++ b/tasks/inspect-RedHat.yml @@ -1,9 +1,21 @@ --- -## NB: The `which yum` is needed to suppress the annoying -## "[WARNING]: Consider using yum module rather than running yum" -## message. +# XXX: This should be definitively improved once issue +# https://github.com/ansible/ansible-modules-core/issues/1706 +# will get solved + - name: Extract the PowerDNS Recursor Version from YUM - shell: "`which yum` list pdns-recursor 2>&1 | awk '/pdns-recursor/ {print $2}'" - register: pdns_recursor_version_result + yum_madison: + name: "pdns-recursor" + update_cache: yes changed_when: False + register: pdns_recursor_version_result + +- name: Export the pdns_recursor_version variable for RedHat + set_fact: + pdns_recursor_version: | + {% if pdns_rec_repo_provider == 'powerdns' %} + {{ pdns_recursor_version_result.versions | selectattr("repo_name", "match", "^powerdns") | map(attribute='version') | first }} + {% else %} + {{ pdns_recursor_version_result.versions | map(attribute='version') | first }} + {% endif %} diff --git a/tasks/main.yml b/tasks/main.yml index 178c4e7..5e925ef 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -13,10 +13,6 @@ - include: "inspect-{{ ansible_os_family }}.yml" -- name: Export the pdns_recursor_version variable - set_fact: - pdns_recursor_version: "{{ pdns_recursor_version_result['stdout'].split('-')[0] }}" - - include: configure.yml tags: - conf diff --git a/tasks/repo-Debian.yml b/tasks/repo-Debian.yml index fa34cee..7f36ea9 100644 --- a/tasks/repo-Debian.yml +++ b/tasks/repo-Debian.yml @@ -9,7 +9,7 @@ apt_repository: repo: "{{ pdns_rec_apt_repo }}" -- name: Pin the PowerDNS Recursor package the PowerDNS APT Repository +- name: Pin the PowerDNS Recursor to the PowerDNS APT Repository template: src: pdns-recursor.pin dest: /etc/apt/preferences.d/pdns-recursor From a83e8c9de1256adda44c703257115a0626f204a7 Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Tue, 4 Oct 2016 17:59:36 +0200 Subject: [PATCH 05/14] Moving library modules to an external dependency --- README.md | 12 +++++++ defaults/main.yml | 5 +-- handlers/main.yml | 1 + library/apt_madison | 70 ---------------------------------------- library/yum_madison | 67 -------------------------------------- meta/main.yml | 8 +++-- playbook.yml | 10 ++++++ requirements.yml | 5 +++ tasks/inspect-RedHat.yml | 4 --- tasks/main.yml | 5 +-- vars/main.yml | 3 +- 11 files changed, 40 insertions(+), 150 deletions(-) delete mode 100644 library/apt_madison delete mode 100644 library/yum_madison create mode 100644 playbook.yml create mode 100644 requirements.yml diff --git a/README.md b/README.md index dce0f06..7dcc385 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ PowerDNS Recursor Role ====================== + An Ansible role created by the folks behind PowerDNS to install and configure the PowerDNS Recursor. @@ -8,10 +9,17 @@ are accepted. Requirements ------------ + An Ansible 2.0 or higher installation. +Dependencies +------------ + +This role depends on [`atosatto.package-extras`](https://galaxy.ansible.com/atosatto/package-extras/). + Role Variables -------------- + ### pdns_rec_config A dict detailing the configuration of PowerDNS. You should not set the following options here (other variables set these): @@ -64,6 +72,7 @@ this script to `recursor.conf`. Example Playbook ---------------- + Bind to 203.0.113.53, port 5300 and allow only traffic from the 198.51.100.0/24 subnet: ``` @@ -91,8 +100,11 @@ Allow from multiple networks: License ------- + GPLv2 Author Information ------------------ + Pieter Lexis +Andrea Tosatto s diff --git a/defaults/main.yml b/defaults/main.yml index 7f0b564..2b3fff4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,8 +5,9 @@ pdns_rec_installation_type: packages # The repository from which download the PowerDNS Recursor package. # Currently supported values are: -# - os, default os repository -# - powerdns, use the powerdns repository +# - os, the default os repository +# - powerdns, use the official powerdns repository +# - custom, install the repo from pdns_rec_repo_provider: os # Install packages from the master powerdns repo by default diff --git a/handlers/main.yml b/handlers/main.yml index 65c7030..74cfd01 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,4 +1,5 @@ --- + - name: Restart PowerDNS Recursor service: name: pdns-recursor diff --git a/library/apt_madison b/library/apt_madison deleted file mode 100644 index 9ecf499..0000000 --- a/library/apt_madison +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- - -# Originally published at -# https://gist.github.com/atosatto/cb8d5b1866357cc491cefe840c160575 - -import apt - -DOCUMENTATION = """ ---- -module: apt_madison -short_description: Extract the available versions of a package from the APT cache. -description: - - This module extracts available versions of a package from the APT cache. -options: - name: - required: true - description: - - Name of the package. - aliases: [ pkg, package ] - update_cache: - required: false - default: no - choices: [ no, yes ] - description: - - Run the equivalent of `apt-get update` before the operation. -requirements: [ python-apt ] -""" - -def main(): - module = AnsibleModule( - argument_spec=dict( - package=dict(required=True, aliases=['pkg', 'name'], type='str'), - update_cache = dict(default=False, aliases=['update-cache'], type='bool') - )) - - cache = apt.Cache() - if module.params.get('update_cache'): - cache.update() - - pkg_name = module.params.get('package') - pkg_versions = None - try: - pkg_versions = cache[pkg_name].versions - except: - module.fail_json(msg="Could not find package %s in the apt cache." % pkg_name) - - retvals = [] - for v in pkg_versions: - for repo in v.origins: - retvals.append({ - "name": pkg_name, - "version": v.version, - "architecture": v.architecture, - "raw_description": v.raw_description, - "size": v.size, - "repo_name": repo.origin, - "repo_archive": repo.archive, - "repo_component": repo.component, - "repo_site": repo.site, - "repo_label": repo.label, - "repo_trusted": repo.trusted - }) - - module.exit_json(changed=False, versions=retvals) - -# import module snippets -from ansible.module_utils.basic import * -if __name__ == '__main__': - main() diff --git a/library/yum_madison b/library/yum_madison deleted file mode 100644 index 85497a4..0000000 --- a/library/yum_madison +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- - -# Originally published at -# https://gist.github.com/atosatto/12c01e8d22533884c87a755989cd36eb - -DOCUMENTATION = """ ---- -module: yum_madison -short_description: Extract the available versions of a package from YUM. -description: - - This module extracts the available versions of a package from YUM. -options: - name: - required: true - description: - - Name of the package. - aliases: [ pkg, package ] - update_cache: - required: false - default: no - choices: [ no, yes ] - description: - - Force updating the cache. -requirements: [ yum ] -""" - -def main(): - module = AnsibleModule( - argument_spec=dict( - package=dict(required=True, aliases=['pkg', 'name'], type='str'), - update_cache = dict(default=False, aliases=['update-cache'], type='bool') - )) - - yumbin = module.get_bin_path('yum') - pkg_name = module.params.get('package') - yum_basecmd = [yumbin, '-d', '2', '-y'] - - if module.params.get('update_cache'): - module.run_command(yum_basecmd + ['makecache']) - - yum_madcmd = yum_basecmd + ['list', '--showduplicates', '--quiet', pkg_name ] - rc, out, err = module.run_command(yum_madcmd) - - if rc != 0: - module.fail_json(msg='Error from yum: %s: %s' % (yum_madcmd, err)) - out_lines = [ o for o in out.split('\n') if o.strip() ] - - retvals = [] - state = "" - for l in out_lines: - - if l.startswith(pkg_name): - p = l.split() - retvals.append({ - "name": pkg_name, - "version": p[1], - "architecture": p[0].split('.')[-1], - "repo_name": p[2] - }) - - module.exit_json(changed=False, versions=retvals) - -# import module snippets -from ansible.module_utils.basic import * -if __name__ == '__main__': - main() diff --git a/meta/main.yml b/meta/main.yml index b47e882..3e635d9 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -16,11 +16,15 @@ galaxy_info: - name: Ubuntu versions: - trusty + - utopic + - vivid + - wily - xenial galaxy_tags: - system - pdns - powerdns - pdns-recursor - - powerdnsrecursor -dependencies: [] + + dependencies: + - { role: atosatto.package-extras } diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..0e8c1e4 --- /dev/null +++ b/playbook.yml @@ -0,0 +1,10 @@ +--- +- hosts: all + roles: + - { role: pdns_recursor-ansible, + pdns_rec_repo_provider: powerdns, + pdns_rec_repo_branch: 'master' } +# +# - hosts: all +# roles: +# - { role: pdns_recursor-ansible } diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..7af0c11 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,5 @@ +--- + +- src: atosatto.package-extras + version: v1.0.1 + name: atosatto.package-extras diff --git a/tasks/inspect-RedHat.yml b/tasks/inspect-RedHat.yml index e77c142..054a59f 100644 --- a/tasks/inspect-RedHat.yml +++ b/tasks/inspect-RedHat.yml @@ -1,9 +1,5 @@ --- -# XXX: This should be definitively improved once issue -# https://github.com/ansible/ansible-modules-core/issues/1706 -# will get solved - - name: Extract the PowerDNS Recursor Version from YUM yum_madison: name: "pdns-recursor" diff --git a/tasks/main.yml b/tasks/main.yml index 5e925ef..8a3a93a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -6,18 +6,15 @@ - include: validate.yml - include: "repo-{{ ansible_os_family }}.yml" - when: pdns_rec_repo_provider == "powerdns" + when: pdns_rec_repo_provider != "os" tags: - install - repository - include: "inspect-{{ ansible_os_family }}.yml" - - include: configure.yml tags: - - conf - config - - configuration - include: install.yml tags: diff --git a/vars/main.yml b/vars/main.yml index 65b78b6..dc40e1e 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,6 +1,6 @@ --- -# PowerDNS Recursor APT Repository +# PowerDNS Recursor APT Repository URL pdns_rec_apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-{{ pdns_rec_repo_branch }} main" # PowerDNS Recursor APT Repository GPG keys @@ -9,4 +9,5 @@ pdns_rec_apt_keys: { "40": { url: "http://repo.powerdns.com/FD380FBB-pub.asc", id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB" } } +# PowerDNS Recursor YUM Repository Configuration pdns_rec_yum_repo: "https://repo.powerdns.com/repo-files/{{ ansible_distribution | lower }}-rec-{{ pdns_rec_repo_branch }}.repo" From 8dba37946d35a1c98b91ef636204d7c88339d7b2 Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Mon, 17 Oct 2016 10:46:56 +0200 Subject: [PATCH 06/14] Refactoring the default role variables set --- .gitignore | 12 ++++++++---- defaults/main.yml | 35 ++++++++++++++++++----------------- molecule.yml | 26 ++++++++++++++++++++++++++ tasks/configure.yml | 14 +++++++------- tasks/main.yml | 4 +--- tasks/repo-Debian.yml | 6 +++--- tasks/repo-RedHat.yml | 2 +- tasks/validate.yml | 20 -------------------- templates/pdns-recursor.pin | 4 ---- templates/recursor.conf.j2 | 10 +++++----- vars/main.yml | 18 +++++++----------- 11 files changed, 76 insertions(+), 75 deletions(-) create mode 100644 molecule.yml delete mode 100644 tasks/validate.yml diff --git a/.gitignore b/.gitignore index c251f1c..4fbe6ad 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,3 @@ -# Created by https://www.gitignore.io/api/vim,linux - ### Vim ### [._]*.s[a-w][a-z] [._]s[a-w][a-z] @@ -8,7 +6,6 @@ Session.vim .netrwhist *~ - ### Linux ### *~ @@ -18,6 +15,13 @@ Session.vim # Linux trash folder which might appear on any partition or disk .Trash-* -# test-kitchen related +### Ansible ### +*.retry + +### Test-Kitchen ### .kitchen/ .kitchen.local.yml + +### Molecule ### +.vagrant/ +.molecule/ diff --git a/defaults/main.yml b/defaults/main.yml index 2b3fff4..fd3bba6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,21 +1,20 @@ --- -# PowerDNS Recursor installation type -pdns_rec_installation_type: packages - -# The repository from which download the PowerDNS Recursor package. -# Currently supported values are: -# - os, the default os repository -# - powerdns, use the official powerdns repository -# - custom, install the repo from -pdns_rec_repo_provider: os - -# Install packages from the master powerdns repo by default +# By default the PowerDNS Recursor is installed from the system repositories. +pdns_rec_install_repo: False +# To install the PowerDNS Recursor package from the PowerDNS official repository +# uncomment the following lines +# pdns_rec_install_repo: "{{ pdns_rec_powerdns_repo }}" +# If using the PowerDNS official repository this variable allows to select +# the repository branch ['master', '40'] from which install the packages. pdns_rec_repo_branch: master - -# Used when pdns_rec_installation_type is 'url' -pdns_rec_url: '' -pdns_rec_url_checksum: '' +# To install the PowerDNS Recursor package from a custom repository +# override the `pdns_rec_install_repo` default value in your playbook. +# e.g. +# - hosts: all +# roles: +# - { role: powerdns.recursor, +# pdns_rec_install_repo: { } } # The user and group to run as. # NOTE: at the moment, we don't create a user as we assume the package creates @@ -24,8 +23,10 @@ pdns_rec_url_checksum: '' pdns_rec_user: pdns pdns_rec_group: pdns -# The directory where the config is located -pdns_rec_config_dir: '/etc/powerdns' +# Configuration directory and files +pdns_rec_config_dir: "/etc/powerdns" +pdns_rec_config_lua: "{{ pdns_rec_config_dir }}/config.lua" +pdns_rec_config_dns_script: "{{ pdns_rec_config_dir }}/dns-script.lua" # pdns_rec_config: A dict containing all configuration options, except for the # "config-dir", "setuid" and "setgid" directives. diff --git a/molecule.yml b/molecule.yml new file mode 100644 index 0000000..1881a1e --- /dev/null +++ b/molecule.yml @@ -0,0 +1,26 @@ +--- + +ansible: + requirements_file: requirements.yml +# verbose: true + +driver: + name: docker + +docker: + containers: + - name: centos-7 + image: centos + image_version: '7' + - name: centos-6 + image: centos + image_version: '6' + - name: ubuntu-trusty + image: ubuntu + image_version: '14.04' + - name: ubuntu-xenial + image: ubuntu + image_version: '16.04' + - name: debian-jessie + image: debian + image_version: '8' diff --git a/tasks/configure.yml b/tasks/configure.yml index d0a20d7..9d6f848 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -2,27 +2,27 @@ - name: Ensure that the PowerDNS configuration directory exists file: - name: "{{ pdns_rec_config_dir | default('/etc/powerdns') }}" + name: "{{ pdns_rec_config_dir }}" state: directory owner: root group: root -- name: Add the PowerDNS Recursor configuration +- name: Generate the PowerDNS Recursor configuration template: src: recursor.conf.j2 - dest: "{{ pdns_rec_config_dir | default('/etc/powerdns') }}/recursor.conf" + dest: "{{ pdns_rec_config_dir }}/recursor.conf" notify: Restart PowerDNS Recursor -- name: Add lua-config-file +- name: Generate the Lua config-file copy: - dest: "{{ pdns_rec_config_dir | default('/etc/powerdns') }}/config.lua" + dest: "{{ pdns_rec_config_lua }}" content: "{{ pdns_rec_lua_config_file_content }}" when: pdns_rec_lua_config_file_content is defined notify: Restart PowerDNS Recursor -- name: Add lua-dns-script +- name: Generate the Lua dns-script copy: - dest: "{{ pdns_rec_config_dir | default('/etc/powerdns') }}/dns-script.lua" + dest: "{{ pdns_rec_config_dns_script }}" content: "{{ pdns_rec_lua_dns_script_content }}" when: pdns_rec_lua_dns_script_content is defined notify: Restart PowerDNS Recursor diff --git a/tasks/main.yml b/tasks/main.yml index 8a3a93a..209d515 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,10 +3,8 @@ - name: Include os-specific variables include_vars: "{{ ansible_os_family }}.yml" -- include: validate.yml - - include: "repo-{{ ansible_os_family }}.yml" - when: pdns_rec_repo_provider != "os" + when: pdns_rec_install_repo tags: - install - repository diff --git a/tasks/repo-Debian.yml b/tasks/repo-Debian.yml index 7f36ea9..d7b2597 100644 --- a/tasks/repo-Debian.yml +++ b/tasks/repo-Debian.yml @@ -2,12 +2,12 @@ - name: Import the PowerDNS Recursor APT repository key apt_key: - url: "{{ pdns_rec_apt_keys[pdns_rec_repo_branch]['url'] }}" - id: "{{ pdns_rec_apt_keys[pdns_rec_repo_branch]['id'] }}" + url: "{{ pdns_rec_install_repo['apt_keys'][pdns_rec_repo_branch]['url'] }}" + id: "{{ pdns_rec_install_repo['apt_keys'][pdns_rec_repo_branch]['id'] }}" - name: Add the PowerDNS Recursor APT repository apt_repository: - repo: "{{ pdns_rec_apt_repo }}" + repo: "{{ pdns_rec_install_repo['apt_repo'] }}" - name: Pin the PowerDNS Recursor to the PowerDNS APT Repository template: diff --git a/tasks/repo-RedHat.yml b/tasks/repo-RedHat.yml index 6ad23f4..2d9da8d 100644 --- a/tasks/repo-RedHat.yml +++ b/tasks/repo-RedHat.yml @@ -7,5 +7,5 @@ - name: Add the PowerDNS Recursor YUM repository get_url: - url: "{{ pdns_rec_yum_repo }}" + url: "{{ pdns_rec_install_repo['yum_repo'] }}" dest: /etc/yum.repos.d/powerdns-rec-{{ pdns_rec_repo_branch }}.repo diff --git a/tasks/validate.yml b/tasks/validate.yml deleted file mode 100644 index 822bfe4..0000000 --- a/tasks/validate.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -- name: Check pdns_rec_repo_provider - fail: - msg: "pdns_rec_repo_provider is neither 'powerdns' nor 'os'" - when: pdns_rec_installation_type == "packages" - and pdns_rec_repo_provider not in ["os", "powerdns"] - -- name: Check pdns_rec_repo_branch - fail: - msg: "pdns_rec_repo_branch isn't set to a known branch" - when: pdns_rec_installation_type == "packages" - and pdns_rec_repo_provider == "powerdns" - and pdns_rec_repo_branch not in ["master", "40"] - -- name: Fail if variables are missing - fail: - msg: "Unable to continue, pdns_rec_url or pdns_rec_url_checksum is unset" - when: pdns_rec_installation_type == "url" - and (pdns_rec_url == "" or pdns_rec_url_checksum == "") diff --git a/templates/pdns-recursor.pin b/templates/pdns-recursor.pin index 6a99cfb..f0ca5c3 100644 --- a/templates/pdns-recursor.pin +++ b/templates/pdns-recursor.pin @@ -1,7 +1,3 @@ Package: pdns-recursor -{% if pdns_rec_installation_type == 'url' %} -Pin: version {{ pdns_rec_pkg_version }}* -{% else %} Pin: origin repo.powerdns.com -{% endif %} Pin-Priority: 600 diff --git a/templates/recursor.conf.j2 b/templates/recursor.conf.j2 index adf3e12..2f1b011 100644 --- a/templates/recursor.conf.j2 +++ b/templates/recursor.conf.j2 @@ -15,16 +15,16 @@ setgid={{ pdns_rec_group }} {{config_item}}= {%- elif value is string or value is number %} -{{ config_item }}={{ pdns_rec_config[config_item]|string }} +{{ config_item }}={{ pdns_rec_config[config_item] | string }} {%- elif pdns_rec_config[config_item] is sequence %} {%- if pdns_recursor_version[0:3] in ['0.0', '3.6', '4.0'] %} {%- for config_item_item in value -%} {%- if loop.first %} -{{ config_item }}={{ config_item_item|string }} +{{ config_item }}={{ config_item_item | string }} {%- else %} -{{ config_item }}+={{ config_item_item|string }} +{{ config_item }}+={{ config_item_item | string }} {%- endif -%} {%- endfor -%} {%- else %} @@ -36,9 +36,9 @@ setgid={{ pdns_rec_group }} {%- endfor %} {% if pdns_rec_lua_config_file_content is defined %} -lua-config-file={{pdns_rec_config_dir | default('/etc/powerdns')}}/config.lua +lua-config-file={{ pdns_rec_config_lua }} {% endif %} {% if pdns_rec_lua_dns_script_content is defined %} -lua-dns-script={{pdns_rec_config_dir | default('/etc/powerdns')}}/dns-script.lua +lua-dns-script={{ pdns_rec_config_dns_script }} {% endif %} diff --git a/vars/main.yml b/vars/main.yml index dc40e1e..acb6b51 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,13 +1,9 @@ --- -# PowerDNS Recursor APT Repository URL -pdns_rec_apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-{{ pdns_rec_repo_branch }} main" - -# PowerDNS Recursor APT Repository GPG keys -pdns_rec_apt_keys: { - "master": { url: "http://repo.powerdns.com/CBC8B383-pub.asc", id: "D47975F8DAE32700A563E64FFF389421CBC8B383" }, - "40": { url: "http://repo.powerdns.com/FD380FBB-pub.asc", id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB" } -} - -# PowerDNS Recursor YUM Repository Configuration -pdns_rec_yum_repo: "https://repo.powerdns.com/repo-files/{{ ansible_distribution | lower }}-rec-{{ pdns_rec_repo_branch }}.repo" +pdns_rec_powerdns_repo: + apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-{{ pdns_rec_repo_branch }} main" + apt_keys: { + "master": { url: "http://repo.powerdns.com/CBC8B383-pub.asc", id: "D47975F8DAE32700A563E64FFF389421CBC8B383" }, + "40": { url: "http://repo.powerdns.com/FD380FBB-pub.asc", id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB" } + } + yum_repo: "https://repo.powerdns.com/repo-files/{{ ansible_distribution | lower }}-rec-{{ pdns_rec_repo_branch }}.repo" From c2ac40dff0eb32c5f170fd623ab2dbf88550d456 Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Mon, 17 Oct 2016 10:58:46 +0200 Subject: [PATCH 07/14] Better docs --- README.md | 84 ++++++++++++++++++++++------------------------- defaults/main.yml | 6 ++-- vars/main.yml | 2 +- 3 files changed, 43 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index 7dcc385..99db68b 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,6 @@ PowerDNS Recursor Role An Ansible role created by the folks behind PowerDNS to install and configure the PowerDNS Recursor. -This role is considered alpha quality at the moment, issues and pull requests -are accepted. - Requirements ------------ @@ -20,37 +17,17 @@ This role depends on [`atosatto.package-extras`](https://galaxy.ansible.com/atos Role Variables -------------- -### pdns_rec_config -A dict detailing the configuration of PowerDNS. You should not set the following -options here (other variables set these): - * config-dir - * set-uid - * set-gid - -### pdns_rec_config_dir -The directory where the configuration (`recursor.conf`) is stored. '/etc/powerdns' -by default. - -### pdns_rec_installation_type -How to install the PowerDNS Recursor, either 'packages', 'source' or 'url'. -'packages' by default. Source installations are not supported yet. - -### pdns_rec_repo_provider -When using 'packages' for pdns_rec_installation_type, use operating system packages -('os') or the PowerDNS repository ('powerdns'). This is 'os' by default. +### pdns_rec_install_repo +By default the PowerDNS Recursor is installed using the os default repositories. +To install the PowerDNS Recursor package from the PowerDNS official repository +you can use the predefined settings located in the `vars/main.yml`: +`pdns_rec_install_repo: "{{ pdns_rec_official_pdns_repo }}"`. +It is also possible to pass to the role a custom repository location from +which install the packages. ### pdns_rec_repo_branch -When installing from the PowerDNS repository, what branch should be installed? -Currently only 'master' and '40' (latest 4.0.x release) are supported. - -### pdns_rec_url -When `pdns_rec_installation_type` is 'url'. This is the URL to be fetched for the -package. - -### pdns_rec_url_checksum -When `pdns_rec_installation_type` is 'url'. This is the checksum of the package -that is fetched from `pdns_rec_url` This should be in the format for the `checksum` -option of the [`get_url module`](http://docs.ansible.com/ansible/get_url_module.html). +When installing from the PowerDNS repository, the branch from which the packages +should be installed. Currently only 'master' and '40' (latest 4.0.x release) are supported. ### pdns_rec_user The user to run the PowerDNS Recursor as, this is 'pdns' by default on Debian @@ -60,6 +37,17 @@ systems and 'pdns-recursor' on CentOS/RHEL. This user is not created. The group to run the PowerDNS Recursor as, this is 'pdns' by default on Debian systems and 'pdns-recursor' on CentOS/RHEL. This group is not created. +### pdns_rec_config +A dict detailing the configuration of PowerDNS. You should not set the following +options here (other variables set these): + * config-dir + * set-uid + * set-gid + +### pdns_rec_config_dir +The directory where the configuration (`recursor.conf`) is stored. '/etc/powerdns' +by default. + ### pdns_rec_lua_config_file_content The content for the lua-config-file. This will place a file called `config.lua` in [pdns_rec_config_dir](#pdns_rec_config_dir) and add the configuration to @@ -73,29 +61,35 @@ this script to `recursor.conf`. Example Playbook ---------------- +Here we show some examples of usage of the PowerDNS.pdns_recursor role. + +Install from custom repository: + +> TODO + Bind to 203.0.113.53, port 5300 and allow only traffic from the 198.51.100.0/24 subnet: + ``` - hosts: rec.example.net roles: - - role: PowerDNS.pdns_recursor - vars: - pdns_rec_config: - 'allow-from': '198.51.100.0/24' - 'local-address': '203.0.113.53:5300' + - { role: PowerDNS.pdns_recursor, + pdns_rec_config: + 'allow-from': '198.51.100.0/24' + 'local-address': '203.0.113.53:5300' } ``` Allow from multiple networks: + ``` - hosts: rec.example.net roles: - - role: PowerDNS.pdns_recursor - vars: - pdns_rec_config: - 'allow-from': - - '198.51.100.0/24' - - '203.0.113.53/24' - 'local-address': '203.0.113.53:5300' + - { role: PowerDNS.pdns_recursor + pdns_rec_config: + 'allow-from': + - '198.51.100.0/24' + - '203.0.113.53/24' + 'local-address': '203.0.113.53:5300' } ``` License @@ -107,4 +101,4 @@ Author Information ------------------ Pieter Lexis -Andrea Tosatto s +Andrea Tosatto diff --git a/defaults/main.yml b/defaults/main.yml index fd3bba6..c831a12 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,10 +1,10 @@ --- -# By default the PowerDNS Recursor is installed from the system repositories. +# By default the PowerDNS Recursor is installed from the os default repositories. pdns_rec_install_repo: False # To install the PowerDNS Recursor package from the PowerDNS official repository # uncomment the following lines -# pdns_rec_install_repo: "{{ pdns_rec_powerdns_repo }}" +# pdns_rec_install_repo: "{{ pdns_rec_official_pdns_repo }}" # If using the PowerDNS official repository this variable allows to select # the repository branch ['master', '40'] from which install the packages. pdns_rec_repo_branch: master @@ -13,7 +13,7 @@ pdns_rec_repo_branch: master # e.g. # - hosts: all # roles: -# - { role: powerdns.recursor, +# - { role: PowerDNS.pdns_recursor, # pdns_rec_install_repo: { } } # The user and group to run as. diff --git a/vars/main.yml b/vars/main.yml index acb6b51..c4fe021 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,6 +1,6 @@ --- -pdns_rec_powerdns_repo: +pdns_rec_official_pdns_repo: apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-{{ pdns_rec_repo_branch }} main" apt_keys: { "master": { url: "http://repo.powerdns.com/CBC8B383-pub.asc", id: "D47975F8DAE32700A563E64FFF389421CBC8B383" }, From 85e73043511942196fb897501c982f641fa73b65 Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Thu, 20 Oct 2016 22:41:45 +0300 Subject: [PATCH 08/14] Debian-like systems seems now to pass the tests --- defaults/main.yml | 31 ++++++++++++++++--------- meta/main.yml | 6 ++--- molecule.yml | 42 ++++++++++++++++++++-------------- playbook.yml | 12 ++++++---- requirements.yml | 11 ++++++--- tasks/inspect-Debian.yml | 6 ++--- tasks/inspect-RedHat.yml | 8 ++----- tasks/repo-Debian.yml | 4 ++-- tasks/repo-RedHat.yml | 6 ++--- templates/pdns-recursor.pin | 2 +- templates/powerdns-rec.repo.j2 | 8 +++++++ vars/main.yml | 20 ++++++++++------ 12 files changed, 96 insertions(+), 60 deletions(-) create mode 100644 templates/powerdns-rec.repo.j2 diff --git a/defaults/main.yml b/defaults/main.yml index c831a12..3433ca0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,12 +2,21 @@ # By default the PowerDNS Recursor is installed from the os default repositories. pdns_rec_install_repo: False -# To install the PowerDNS Recursor package from the PowerDNS official repository -# uncomment the following lines -# pdns_rec_install_repo: "{{ pdns_rec_official_pdns_repo }}" -# If using the PowerDNS official repository this variable allows to select -# the repository branch ['master', '40'] from which install the packages. -pdns_rec_repo_branch: master +# +# You can install the PowerDNS Recursor package from the 'master' branch as +# follows: +# - hosts: all +# roles: +# - { role: PowerDNS.pdns_recursor, +# pdns_rec_install_repo: "{{ pdns_rec_official_pdns_master }}" +# +# To install the PowerDNS Recursor package from the '40' branch of +# the PowerDNS official repository use the following playbook +# - hosts: all +# roles: +# - { role: PowerDNS.pdns_recursor, +# pdns_rec_install_repo: "{{ pdns_rec_official_pdns_40 }}" +# # To install the PowerDNS Recursor package from a custom repository # override the `pdns_rec_install_repo` default value in your playbook. # e.g. @@ -17,9 +26,10 @@ pdns_rec_repo_branch: master # pdns_rec_install_repo: { } } # The user and group to run as. -# NOTE: at the moment, we don't create a user as we assume the package creates -# a "pdns" user and group. If you change these variables, make sure to create -# the user and groups before applying this role +# NOTE: This role does not create any user as we assume the "pdns" user and group +# to be created by the PowerDNS Recursor package or by an other role. +# If you change these variables, make sure to create the user and groups before +# applying this role pdns_rec_user: pdns pdns_rec_group: pdns @@ -30,8 +40,7 @@ pdns_rec_config_dns_script: "{{ pdns_rec_config_dir }}/dns-script.lua" # pdns_rec_config: A dict containing all configuration options, except for the # "config-dir", "setuid" and "setgid" directives. -# NOTE: Right now, we don't verify the options when configuring the server. -# +# NOTE: We don't verify the options when configuring the server. # Example: # pdns_rec_config: # allow_from: '127.0.0.1/8,192.168.2.0/24' diff --git a/meta/main.yml b/meta/main.yml index 3e635d9..c15236a 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: - author: Pieter Lexis + author: PowerDNS Engineering Team description: PowerDNS Recursor Role company: PowerDNS.COM BV license: GPLv2 @@ -26,5 +26,5 @@ galaxy_info: - powerdns - pdns-recursor - dependencies: - - { role: atosatto.package-extras } +dependencies: + - { role: atosatto.packages-extras } diff --git a/molecule.yml b/molecule.yml index 1881a1e..a63a1bd 100644 --- a/molecule.yml +++ b/molecule.yml @@ -2,25 +2,33 @@ ansible: requirements_file: requirements.yml -# verbose: true + verbose: true driver: - name: docker + name: vagrant -docker: - containers: - - name: centos-7 - image: centos - image_version: '7' - - name: centos-6 - image: centos - image_version: '6' - - name: ubuntu-trusty - image: ubuntu - image_version: '14.04' +vagrant: + + platforms: + - name: centos7 + box: centos/7 - name: ubuntu-xenial - image: ubuntu - image_version: '16.04' + box: bento/ubuntu-16.04 - name: debian-jessie - image: debian - image_version: '8' + box: debian/jessie64 + + providers: + - name: virtualbox + type: virtualbox + options: + memory: 1024 + cpus: 2 + + instances: + - name: pdns-recursor-01 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + options: + append_platform_to_hostname: yes diff --git a/playbook.yml b/playbook.yml index 0e8c1e4..4d8eacc 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,10 +1,14 @@ --- + - hosts: all + vars: + pdns_rec_install_repo: "{{ pdns_rec_official_pdns_master }}" + pdns_rec_config: + allow-from: "198.51.100.0/24" roles: - - { role: pdns_recursor-ansible, - pdns_rec_repo_provider: powerdns, - pdns_rec_repo_branch: 'master' } -# + - { role: pdns_recursor-ansible } + +# # - hosts: all # roles: # - { role: pdns_recursor-ansible } diff --git a/requirements.yml b/requirements.yml index 7af0c11..82b8fb4 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,5 +1,10 @@ --- -- src: atosatto.package-extras - version: v1.0.1 - name: atosatto.package-extras +# - src: atosatto.packages-extras +# version: v1.1.1 +# name: atosatto.packages-extras + +- src: https://github.com/atosatto/ansible-packages-extras.git + scm: git + version: master + name: atosatto.packages-extras diff --git a/tasks/inspect-Debian.yml b/tasks/inspect-Debian.yml index 5bd2e04..a17ef6b 100644 --- a/tasks/inspect-Debian.yml +++ b/tasks/inspect-Debian.yml @@ -10,8 +10,8 @@ - name: Export the pdns_recursor_version variable for Debian set_fact: pdns_recursor_version: | - {% if pdns_rec_repo_provider == 'powerdns' %} - {{ pdns_recursor_version_result.versions | selectattr("repo_name", "equalto", "PowerDNS") | map(attribute='version') | first }} + {% if pdns_rec_install_repo %} + {{ pdns_recursor_version_result.versions | selectattr('repo_site', 'equalto', pdns_rec_install_repo['repo_site']) | map(attribute='version') | sort(reverse=True) | first }} {% else %} - {{ pdns_recursor_version_result.versions | map(attribute='version') | first }} + {{ pdns_recursor_version_result.versions | map(attribute='version') | sort(reverse=True) | first }} {% endif %} diff --git a/tasks/inspect-RedHat.yml b/tasks/inspect-RedHat.yml index 054a59f..01ef123 100644 --- a/tasks/inspect-RedHat.yml +++ b/tasks/inspect-RedHat.yml @@ -9,9 +9,5 @@ - name: Export the pdns_recursor_version variable for RedHat set_fact: - pdns_recursor_version: | - {% if pdns_rec_repo_provider == 'powerdns' %} - {{ pdns_recursor_version_result.versions | selectattr("repo_name", "match", "^powerdns") | map(attribute='version') | first }} - {% else %} - {{ pdns_recursor_version_result.versions | map(attribute='version') | first }} - {% endif %} + pdns_recursor_version: pdns_recursor_version: | + {{ pdns_recursor_version_result.versions | map(attribute='version') | sort(reverse=True) | first }} diff --git a/tasks/repo-Debian.yml b/tasks/repo-Debian.yml index d7b2597..355ad80 100644 --- a/tasks/repo-Debian.yml +++ b/tasks/repo-Debian.yml @@ -2,8 +2,8 @@ - name: Import the PowerDNS Recursor APT repository key apt_key: - url: "{{ pdns_rec_install_repo['apt_keys'][pdns_rec_repo_branch]['url'] }}" - id: "{{ pdns_rec_install_repo['apt_keys'][pdns_rec_repo_branch]['id'] }}" + url: "{{ pdns_rec_install_repo['gpg_key'] }}" + id: "{{ pdns_rec_install_repo['gpg_key_id'] | default('') }}" - name: Add the PowerDNS Recursor APT repository apt_repository: diff --git a/tasks/repo-RedHat.yml b/tasks/repo-RedHat.yml index 2d9da8d..ccc3e49 100644 --- a/tasks/repo-RedHat.yml +++ b/tasks/repo-RedHat.yml @@ -6,6 +6,6 @@ state: installed - name: Add the PowerDNS Recursor YUM repository - get_url: - url: "{{ pdns_rec_install_repo['yum_repo'] }}" - dest: /etc/yum.repos.d/powerdns-rec-{{ pdns_rec_repo_branch }}.repo + template: + src: powerdns-rec.repo.j2 + dest: /etc/yum.repos.d/powerdns-rec.repo diff --git a/templates/pdns-recursor.pin b/templates/pdns-recursor.pin index f0ca5c3..ec32593 100644 --- a/templates/pdns-recursor.pin +++ b/templates/pdns-recursor.pin @@ -1,3 +1,3 @@ Package: pdns-recursor -Pin: origin repo.powerdns.com +Pin: origin {{ pdns_rec_install_repo.repo_site }} Pin-Priority: 600 diff --git a/templates/powerdns-rec.repo.j2 b/templates/powerdns-rec.repo.j2 new file mode 100644 index 0000000..db19ed1 --- /dev/null +++ b/templates/powerdns-rec.repo.j2 @@ -0,0 +1,8 @@ +[powerdns-rec] +name=powerdns-rec +baseurl={{ pdns_rec_install_repo.yum_repo_baseurl }} +enabled=1 +gpgcheck=1 +gpgkey={{ pdns_rec_install_repo.gpg_key }} +priority=90 +includepkg=pdns* diff --git a/vars/main.yml b/vars/main.yml index c4fe021..4477493 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,9 +1,15 @@ --- -pdns_rec_official_pdns_repo: - apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-{{ pdns_rec_repo_branch }} main" - apt_keys: { - "master": { url: "http://repo.powerdns.com/CBC8B383-pub.asc", id: "D47975F8DAE32700A563E64FFF389421CBC8B383" }, - "40": { url: "http://repo.powerdns.com/FD380FBB-pub.asc", id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB" } - } - yum_repo: "https://repo.powerdns.com/repo-files/{{ ansible_distribution | lower }}-rec-{{ pdns_rec_repo_branch }}.repo" +pdns_rec_official_pdns_master: + repo_site: "repo.powerdns.com" + apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-master main" + gpg_key: "http://repo.powerdns.com/CBC8B383-pub.asc" + gpg_key_id: "D47975F8DAE32700A563E64FFF389421CBC8B383" + yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/rec-master" + +pdns_rec_official_pdns_40: + repo_site: "repo.powerdns.com" + apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-40 main" + gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc" + gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB" + yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/rec-40" From 13f5aac47ec3c532a162b9e83de331eacb5beab8 Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Fri, 21 Oct 2016 08:03:47 +0300 Subject: [PATCH 09/14] Tested with Centos --- molecule.yml | 2 +- tasks/inspect-Debian.yml | 2 +- tasks/inspect-RedHat.yml | 8 ++++++-- tasks/install.yml | 12 ------------ tasks/main.yml | 5 ++++- tasks/repo-RedHat.yml | 5 +++++ templates/pdns-recursor.pin | 2 +- vars/main.yml | 6 ++++-- 8 files changed, 22 insertions(+), 20 deletions(-) delete mode 100644 tasks/install.yml diff --git a/molecule.yml b/molecule.yml index a63a1bd..4fafe18 100644 --- a/molecule.yml +++ b/molecule.yml @@ -10,7 +10,7 @@ driver: vagrant: platforms: - - name: centos7 + - name: centos-7 box: centos/7 - name: ubuntu-xenial box: bento/ubuntu-16.04 diff --git a/tasks/inspect-Debian.yml b/tasks/inspect-Debian.yml index a17ef6b..7d0014d 100644 --- a/tasks/inspect-Debian.yml +++ b/tasks/inspect-Debian.yml @@ -11,7 +11,7 @@ set_fact: pdns_recursor_version: | {% if pdns_rec_install_repo %} - {{ pdns_recursor_version_result.versions | selectattr('repo_site', 'equalto', pdns_rec_install_repo['repo_site']) | map(attribute='version') | sort(reverse=True) | first }} + {{ pdns_recursor_version_result.versions | selectattr('repo_site', 'equalto', pdns_rec_install_repo['apt_repo_origin']) | map(attribute='version') | sort(reverse=True) | first }} {% else %} {{ pdns_recursor_version_result.versions | map(attribute='version') | sort(reverse=True) | first }} {% endif %} diff --git a/tasks/inspect-RedHat.yml b/tasks/inspect-RedHat.yml index 01ef123..9a93a13 100644 --- a/tasks/inspect-RedHat.yml +++ b/tasks/inspect-RedHat.yml @@ -3,11 +3,15 @@ - name: Extract the PowerDNS Recursor Version from YUM yum_madison: name: "pdns-recursor" - update_cache: yes + update_cache: no # it could require too much bandwith changed_when: False register: pdns_recursor_version_result - name: Export the pdns_recursor_version variable for RedHat set_fact: - pdns_recursor_version: pdns_recursor_version: | + pdns_recursor_version: | + {% if pdns_rec_install_repo %} + {{ pdns_recursor_version_result.versions | selectattr('repo_name', 'equalto', pdns_rec_install_repo['yum_repo_name']) | map(attribute='version') | sort(reverse=True) | first }} + {% else %} {{ pdns_recursor_version_result.versions | map(attribute='version') | sort(reverse=True) | first }} + {% endif %} diff --git a/tasks/install.yml b/tasks/install.yml deleted file mode 100644 index 66323b8..0000000 --- a/tasks/install.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- - -- name: Install epel-release - package: - name: epel-release - state: installed - when: ansible_os_family == "RedHat" - -- name: Install the PowerDNS Recursor package - package: - name: pdns-recursor - state: present diff --git a/tasks/main.yml b/tasks/main.yml index 209d515..763e893 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -14,7 +14,10 @@ tags: - config -- include: install.yml +- name: Install the PowerDNS Recursor package + package: + name: pdns-recursor + state: present tags: - install diff --git a/tasks/repo-RedHat.yml b/tasks/repo-RedHat.yml index ccc3e49..26c4e9c 100644 --- a/tasks/repo-RedHat.yml +++ b/tasks/repo-RedHat.yml @@ -1,5 +1,10 @@ --- +- name: Install epel-release + package: + name: epel-release + state: installed + - name: Install yum-plugin-priorities package: name: yum-plugin-priorities diff --git a/templates/pdns-recursor.pin b/templates/pdns-recursor.pin index ec32593..8451858 100644 --- a/templates/pdns-recursor.pin +++ b/templates/pdns-recursor.pin @@ -1,3 +1,3 @@ Package: pdns-recursor -Pin: origin {{ pdns_rec_install_repo.repo_site }} +Pin: origin {{ pdns_rec_install_repo['apt_repo_origin'] }} Pin-Priority: 600 diff --git a/vars/main.yml b/vars/main.yml index 4477493..e95cbd9 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,15 +1,17 @@ --- pdns_rec_official_pdns_master: - repo_site: "repo.powerdns.com" + apt_repo_origin: "repo.powerdns.com" apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-master main" gpg_key: "http://repo.powerdns.com/CBC8B383-pub.asc" gpg_key_id: "D47975F8DAE32700A563E64FFF389421CBC8B383" yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/rec-master" + yum_repo_name: "powerdns-rec" pdns_rec_official_pdns_40: - repo_site: "repo.powerdns.com" + apt_repo_origin: "repo.powerdns.com" apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-40 main" gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc" gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB" yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/rec-40" + yum_repo_name: "powerdns-rec" From 28e8b40c166829029025ced14c4601cc35150035 Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Fri, 21 Oct 2016 13:55:25 +0300 Subject: [PATCH 10/14] Improved documentation in README --- README.md | 142 +++++++++++++++++++++++++++------------------- defaults/main.yml | 31 +++++++--- requirements.yml | 14 ++--- 3 files changed, 114 insertions(+), 73 deletions(-) diff --git a/README.md b/README.md index 99db68b..fddcd3b 100644 --- a/README.md +++ b/README.md @@ -13,83 +13,107 @@ Dependencies ------------ This role depends on [`atosatto.package-extras`](https://galaxy.ansible.com/atosatto/package-extras/). +See the `requirements.yml` file for further details. Role Variables -------------- +Available variables are listed below, along with default values (see `defaults/main.yml`): -### pdns_rec_install_repo -By default the PowerDNS Recursor is installed using the os default repositories. -To install the PowerDNS Recursor package from the PowerDNS official repository -you can use the predefined settings located in the `vars/main.yml`: -`pdns_rec_install_repo: "{{ pdns_rec_official_pdns_repo }}"`. -It is also possible to pass to the role a custom repository location from -which install the packages. - -### pdns_rec_repo_branch -When installing from the PowerDNS repository, the branch from which the packages -should be installed. Currently only 'master' and '40' (latest 4.0.x release) are supported. - -### pdns_rec_user -The user to run the PowerDNS Recursor as, this is 'pdns' by default on Debian -systems and 'pdns-recursor' on CentOS/RHEL. This user is not created. - -### pdns_rec_group -The group to run the PowerDNS Recursor as, this is 'pdns' by default on Debian -systems and 'pdns-recursor' on CentOS/RHEL. This group is not created. - -### pdns_rec_config -A dict detailing the configuration of PowerDNS. You should not set the following -options here (other variables set these): - * config-dir - * set-uid - * set-gid - -### pdns_rec_config_dir -The directory where the configuration (`recursor.conf`) is stored. '/etc/powerdns' -by default. - -### pdns_rec_lua_config_file_content -The content for the lua-config-file. This will place a file called `config.lua` -in [pdns_rec_config_dir](#pdns_rec_config_dir) and add the configuration to -`recursor.conf`. - -### pdns_rec_lua_dns_script_content -The content for the lua-dns-script. This will place a file called `dns-script.lua` -in [pdns_rec_config_dir](#pdns_rec_config_dir) and add the configuration to load -this script to `recursor.conf`. + pdns_rec_install_repo: False -Example Playbook ----------------- +By default the PowerDNS Recursor is installed from the os default repositories. +You can install the PowerDNS Recursor package from official PowerDNS repository +overriding the `pdns_rec_install_repo` variable value as follows: + + # Install the PowerDNS Recursor from the 'master' branch + - hosts: pdns-recursors-master + roles: + - { role: PowerDNS.pdns_recursor, + pdns_rec_install_repo: "{{ pdns_rec_official_pdns_master }}" + + # Install the PowerDNS Recursor from the '40' branch + - hosts: pdns-recursors-40 + roles: + - { role: PowerDNS.pdns_recursor, + pdns_rec_install_repo: "{{ pdns_rec_official_pdns_40 }}" + +The roles also supports custom repositories + + - hosts: all + vars: + pdns_rec_install_repo: + apt_repo_origin: "my.repo.com" # used to pin the pdns-recursor to the provided PowerDNS repository + apt_repo: "deb http://my.repo.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns-recursor main" + gpg_key: "http://my.repo.com/MYREPOGPGPUBKEY.asc" # repository public GPG key + gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed + yum_repo_baseurl: "http://my.repo.com/centos/$basearch/$releasever/pdns-recursor" + yum_repo_name: "powerdns-rec" # used to select only the pdns-recursor packages coming from this repo + roles: + - { role: PowerDNS.pdns_recursor } + +If targetting a specific platform (e.g. Debian) is not needed to provide yum repositories informations. + + pdns_rec_user: pdns # pdns-recursor on CentOS/RHEL + pdns_rec_group: pdns # pdns-recursor on CentOS/RHEL + +The user and group the PowerDNS Recursor will run as. +**NOTE**: This role does not create any user or group as we assume that they're created +by the package or other roles. -Here we show some examples of usage of the PowerDNS.pdns_recursor role. + pdns_rec_config_dir: "/etc/powerdns" + pdns_rec_config_lua: "{{ pdns_rec_config_dir }}/config.lua" + pdns_rec_config_dns_script: "{{ pdns_rec_config_dir }}/dns-script.lua" -Install from custom repository: +The PowerDNS Recursor configuration files and directories. + + pdns_rec_config: { } + +A dict containing in YAML format the custom configuration of PowerDNS Recursor. +**NOTE**: You should not set the `config-dir`, `set-uid` and `set-gid` because are set by other role variables (respectively `pdns_rec_config_dir`, `pdns_rec_user`, `pdns_rec_group`). + + # pdns_rec_lua_config_file_content: "" + +String containing the content of the lua-config-file file. +This will create a file called `config.lua` into the `pdns_rec_config_dir` +and add the configuration to the `recursor.conf` configuration file. + + # pdns_rec_lua_dns_script_content: "" + +String containing the content of the lua-dns-script file. +This will create a file called `dns-script.lua` into the `pdns_rec_config_dir` +and add the configuration to load this script to the `recursor.conf` +configuration file. + +Example Playbook +---------------- -> TODO +Here we show some examples of usage of the `PowerDNS.pdns_recursor` role. Bind to 203.0.113.53, port 5300 and allow only traffic from the 198.51.100.0/24 subnet: ``` -- hosts: rec.example.net +- hosts: pdns-recursors + vars: + pdns_rec_config: + 'allow-from': '198.51.100.0/24' + 'local-address': '203.0.113.53:5300' roles: - - { role: PowerDNS.pdns_recursor, - pdns_rec_config: - 'allow-from': '198.51.100.0/24' - 'local-address': '203.0.113.53:5300' } + - { role: PowerDNS.pdns_recursor } ``` Allow from multiple networks: ``` -- hosts: rec.example.net +- hosts: pdns-recursors + vars: + pdns_rec_config: + 'allow-from': + - '198.51.100.0/24' + - '203.0.113.53/24' + 'local-address': '203.0.113.53:5300' roles: - - { role: PowerDNS.pdns_recursor - pdns_rec_config: - 'allow-from': - - '198.51.100.0/24' - - '203.0.113.53/24' - 'local-address': '203.0.113.53:5300' } + - { role: PowerDNS.pdns_recursor } ``` License @@ -97,8 +121,8 @@ License GPLv2 -Author Information ------------------- +Authors Informations +-------------------- Pieter Lexis Andrea Tosatto diff --git a/defaults/main.yml b/defaults/main.yml index 3433ca0..4ba9eaf 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -21,11 +21,18 @@ pdns_rec_install_repo: False # override the `pdns_rec_install_repo` default value in your playbook. # e.g. # - hosts: all +# vars: +# pdns_rec_install_repo: +# apt_repo_origin: "my.repo.com" # used to pin the pdns-recursor to the provided PowerDNS repository +# apt_repo: "deb http://my.repo.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns-recursor main" +# gpg_key: "http://my.repo.com/MYREPOGPGPUBKEY.asc" # repository public GPG key +# gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed +# yum_repo_baseurl: "http://my.repo.com/centos/$basearch/$releasever/pdns-recursor" +# yum_repo_name: "powerdns-rec" # used to select only the pdns-recursor packages coming from this repo # roles: -# - { role: PowerDNS.pdns_recursor, -# pdns_rec_install_repo: { } } +# - { role: PowerDNS.pdns_recursor } -# The user and group to run as. +# The user and group the PowerDNS Recursor will run as. # NOTE: This role does not create any user as we assume the "pdns" user and group # to be created by the PowerDNS Recursor package or by an other role. # If you change these variables, make sure to create the user and groups before @@ -38,12 +45,22 @@ pdns_rec_config_dir: "/etc/powerdns" pdns_rec_config_lua: "{{ pdns_rec_config_dir }}/config.lua" pdns_rec_config_dns_script: "{{ pdns_rec_config_dir }}/dns-script.lua" -# pdns_rec_config: A dict containing all configuration options, except for the -# "config-dir", "setuid" and "setgid" directives. -# NOTE: We don't verify the options when configuring the server. +# Dict containing all configuration options, except for the +# "config-dir", "setuid" and "setgid" directives in YAML format. +pdns_rec_config: { } +# # Example: # pdns_rec_config: # allow_from: '127.0.0.1/8,192.168.2.0/24' # local-address: 0.0.0.0 # server-id: 'nothing to see here' -pdns_rec_config: {} + +# String containing the content of the lua-config-file file. +# NOTE: This will create a file called `config.lua` into the `pdns_rec_config_dir` +# and add the configuration to the `recursor.conf` configuration file. +# pdns_rec_lua_config_file_content: "" + +# String containing the content of the lua-dns-script file. +# This will create a file called `dns-script.lua` into the `pdns_rec_config_dir` +# and add the configuration to load this script to the `recursor.conf` +# pdns_rec_lua_dns_script_content: "" diff --git a/requirements.yml b/requirements.yml index 82b8fb4..61eff3d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,10 +1,10 @@ --- -# - src: atosatto.packages-extras -# version: v1.1.1 -# name: atosatto.packages-extras - -- src: https://github.com/atosatto/ansible-packages-extras.git - scm: git - version: master +- src: atosatto.packages-extras + version: v1.1.1 name: atosatto.packages-extras + +# - src: https://github.com/atosatto/ansible-packages-extras.git +# scm: git +# version: master +# name: atosatto.packages-extras From 6c20b11061c0ad625d8e6709f15ce32207a8972d Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Fri, 21 Oct 2016 14:38:13 +0300 Subject: [PATCH 11/14] Correcting the shift level of code in README --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index fddcd3b..16e347a 100644 --- a/README.md +++ b/README.md @@ -53,31 +53,31 @@ The roles also supports custom repositories If targetting a specific platform (e.g. Debian) is not needed to provide yum repositories informations. - pdns_rec_user: pdns # pdns-recursor on CentOS/RHEL - pdns_rec_group: pdns # pdns-recursor on CentOS/RHEL + pdns_rec_user: pdns # pdns-recursor on CentOS/RHEL + pdns_rec_group: pdns # pdns-recursor on CentOS/RHEL The user and group the PowerDNS Recursor will run as. **NOTE**: This role does not create any user or group as we assume that they're created by the package or other roles. - pdns_rec_config_dir: "/etc/powerdns" - pdns_rec_config_lua: "{{ pdns_rec_config_dir }}/config.lua" - pdns_rec_config_dns_script: "{{ pdns_rec_config_dir }}/dns-script.lua" + pdns_rec_config_dir: "/etc/powerdns" + pdns_rec_config_lua: "{{ pdns_rec_config_dir }}/config.lua" + pdns_rec_config_dns_script: "{{ pdns_rec_config_dir }}/dns-script.lua" The PowerDNS Recursor configuration files and directories. - pdns_rec_config: { } + pdns_rec_config: { } A dict containing in YAML format the custom configuration of PowerDNS Recursor. **NOTE**: You should not set the `config-dir`, `set-uid` and `set-gid` because are set by other role variables (respectively `pdns_rec_config_dir`, `pdns_rec_user`, `pdns_rec_group`). - # pdns_rec_lua_config_file_content: "" + # pdns_rec_lua_config_file_content: "" String containing the content of the lua-config-file file. This will create a file called `config.lua` into the `pdns_rec_config_dir` and add the configuration to the `recursor.conf` configuration file. - # pdns_rec_lua_dns_script_content: "" + # pdns_rec_lua_dns_script_content: "" String containing the content of the lua-dns-script file. This will create a file called `dns-script.lua` into the `pdns_rec_config_dir` From 90027b31ce9b5f1080ba1bf1fd1c3d3db34e5284 Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Fri, 21 Oct 2016 14:40:26 +0300 Subject: [PATCH 12/14] Fixing the code example formatting in README --- README.md | 42 +++++++++++++++++++----------------------- 1 file changed, 19 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 16e347a..0caa646 100644 --- a/README.md +++ b/README.md @@ -89,32 +89,28 @@ Example Playbook Here we show some examples of usage of the `PowerDNS.pdns_recursor` role. -Bind to 203.0.113.53, port 5300 and allow only traffic from the 198.51.100.0/24 -subnet: - -``` -- hosts: pdns-recursors - vars: - pdns_rec_config: - 'allow-from': '198.51.100.0/24' - 'local-address': '203.0.113.53:5300' - roles: - - { role: PowerDNS.pdns_recursor } -``` +Bind to `203.0.113.53` on port `5300`and allow only traffic from the `198.51.100.0/24 subnet: + + - hosts: pdns-recursors + vars: + pdns_rec_config: + 'allow-from': '198.51.100.0/24' + 'local-address': '203.0.113.53:5300' + roles: + - { role: PowerDNS.pdns_recursor } Allow from multiple networks: -``` -- hosts: pdns-recursors - vars: - pdns_rec_config: - 'allow-from': - - '198.51.100.0/24' - - '203.0.113.53/24' - 'local-address': '203.0.113.53:5300' - roles: - - { role: PowerDNS.pdns_recursor } -``` + - hosts: pdns-recursors + vars: + pdns_rec_config: + 'allow-from': + - '198.51.100.0/24' + - '203.0.113.53/24' + 'local-address': '203.0.113.53:5300' + roles: + - { role: PowerDNS.pdns_recursor } + License ------- From ee7ceeb86d81015eef9bee63a7697f83aeeb485e Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Fri, 21 Oct 2016 14:41:05 +0300 Subject: [PATCH 13/14] Typos. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0caa646..b002996 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ Example Playbook Here we show some examples of usage of the `PowerDNS.pdns_recursor` role. -Bind to `203.0.113.53` on port `5300`and allow only traffic from the `198.51.100.0/24 subnet: +Bind to `203.0.113.53` on port `5300` and allow only traffic from the `198.51.100.0/24` subnet: - hosts: pdns-recursors vars: From ae90e984a514e1d6728ad46ec4210b88778f0ac6 Mon Sep 17 00:00:00 2001 From: Andrea Tosatto Date: Fri, 21 Oct 2016 14:46:31 +0300 Subject: [PATCH 14/14] Reducing the verbosity of molecule. --- molecule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule.yml b/molecule.yml index 4fafe18..9249d14 100644 --- a/molecule.yml +++ b/molecule.yml @@ -2,7 +2,7 @@ ansible: requirements_file: requirements.yml - verbose: true + # verbose: true driver: name: vagrant