diff --git a/.gitignore b/.gitignore index c251f1c..4fbe6ad 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,3 @@ -# Created by https://www.gitignore.io/api/vim,linux - ### Vim ### [._]*.s[a-w][a-z] [._]s[a-w][a-z] @@ -8,7 +6,6 @@ Session.vim .netrwhist *~ - ### Linux ### *~ @@ -18,6 +15,13 @@ Session.vim # Linux trash folder which might appear on any partition or disk .Trash-* -# test-kitchen related +### Ansible ### +*.retry + +### Test-Kitchen ### .kitchen/ .kitchen.local.yml + +### Molecule ### +.vagrant/ +.molecule/ diff --git a/README.md b/README.md index dce0f06..b002996 100644 --- a/README.md +++ b/README.md @@ -1,98 +1,124 @@ PowerDNS Recursor Role ====================== + An Ansible role created by the folks behind PowerDNS to install and configure the PowerDNS Recursor. -This role is considered alpha quality at the moment, issues and pull requests -are accepted. - Requirements ------------ + An Ansible 2.0 or higher installation. +Dependencies +------------ + +This role depends on [`atosatto.package-extras`](https://galaxy.ansible.com/atosatto/package-extras/). +See the `requirements.yml` file for further details. + Role Variables -------------- -### pdns_rec_config -A dict detailing the configuration of PowerDNS. You should not set the following -options here (other variables set these): - * config-dir - * set-uid - * set-gid - -### pdns_rec_config_dir -The directory where the configuration (`recursor.conf`) is stored. '/etc/powerdns' -by default. - -### pdns_rec_installation_type -How to install the PowerDNS Recursor, either 'packages', 'source' or 'url'. -'packages' by default. Source installations are not supported yet. - -### pdns_rec_repo_provider -When using 'packages' for pdns_rec_installation_type, use operating system packages -('os') or the PowerDNS repository ('powerdns'). This is 'os' by default. - -### pdns_rec_repo_branch -When installing from the PowerDNS repository, what branch should be installed? -Currently only 'master' and '40' (latest 4.0.x release) are supported. - -### pdns_rec_url -When `pdns_rec_installation_type` is 'url'. This is the URL to be fetched for the -package. - -### pdns_rec_url_checksum -When `pdns_rec_installation_type` is 'url'. This is the checksum of the package -that is fetched from `pdns_rec_url` This should be in the format for the `checksum` -option of the [`get_url module`](http://docs.ansible.com/ansible/get_url_module.html). - -### pdns_rec_user -The user to run the PowerDNS Recursor as, this is 'pdns' by default on Debian -systems and 'pdns-recursor' on CentOS/RHEL. This user is not created. - -### pdns_rec_group -The group to run the PowerDNS Recursor as, this is 'pdns' by default on Debian -systems and 'pdns-recursor' on CentOS/RHEL. This group is not created. - -### pdns_rec_lua_config_file_content -The content for the lua-config-file. This will place a file called `config.lua` -in [pdns_rec_config_dir](#pdns_rec_config_dir) and add the configuration to -`recursor.conf`. - -### pdns_rec_lua_dns_script_content -The content for the lua-dns-script. This will place a file called `dns-script.lua` -in [pdns_rec_config_dir](#pdns_rec_config_dir) and add the configuration to load -this script to `recursor.conf`. +Available variables are listed below, along with default values (see `defaults/main.yml`): + + pdns_rec_install_repo: False + +By default the PowerDNS Recursor is installed from the os default repositories. +You can install the PowerDNS Recursor package from official PowerDNS repository +overriding the `pdns_rec_install_repo` variable value as follows: + + # Install the PowerDNS Recursor from the 'master' branch + - hosts: pdns-recursors-master + roles: + - { role: PowerDNS.pdns_recursor, + pdns_rec_install_repo: "{{ pdns_rec_official_pdns_master }}" + + # Install the PowerDNS Recursor from the '40' branch + - hosts: pdns-recursors-40 + roles: + - { role: PowerDNS.pdns_recursor, + pdns_rec_install_repo: "{{ pdns_rec_official_pdns_40 }}" + +The roles also supports custom repositories + + - hosts: all + vars: + pdns_rec_install_repo: + apt_repo_origin: "my.repo.com" # used to pin the pdns-recursor to the provided PowerDNS repository + apt_repo: "deb http://my.repo.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns-recursor main" + gpg_key: "http://my.repo.com/MYREPOGPGPUBKEY.asc" # repository public GPG key + gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed + yum_repo_baseurl: "http://my.repo.com/centos/$basearch/$releasever/pdns-recursor" + yum_repo_name: "powerdns-rec" # used to select only the pdns-recursor packages coming from this repo + roles: + - { role: PowerDNS.pdns_recursor } + +If targetting a specific platform (e.g. Debian) is not needed to provide yum repositories informations. + + pdns_rec_user: pdns # pdns-recursor on CentOS/RHEL + pdns_rec_group: pdns # pdns-recursor on CentOS/RHEL + +The user and group the PowerDNS Recursor will run as. +**NOTE**: This role does not create any user or group as we assume that they're created +by the package or other roles. + + pdns_rec_config_dir: "/etc/powerdns" + pdns_rec_config_lua: "{{ pdns_rec_config_dir }}/config.lua" + pdns_rec_config_dns_script: "{{ pdns_rec_config_dir }}/dns-script.lua" + +The PowerDNS Recursor configuration files and directories. + + pdns_rec_config: { } + +A dict containing in YAML format the custom configuration of PowerDNS Recursor. +**NOTE**: You should not set the `config-dir`, `set-uid` and `set-gid` because are set by other role variables (respectively `pdns_rec_config_dir`, `pdns_rec_user`, `pdns_rec_group`). + + # pdns_rec_lua_config_file_content: "" + +String containing the content of the lua-config-file file. +This will create a file called `config.lua` into the `pdns_rec_config_dir` +and add the configuration to the `recursor.conf` configuration file. + + # pdns_rec_lua_dns_script_content: "" + +String containing the content of the lua-dns-script file. +This will create a file called `dns-script.lua` into the `pdns_rec_config_dir` +and add the configuration to load this script to the `recursor.conf` +configuration file. Example Playbook ---------------- -Bind to 203.0.113.53, port 5300 and allow only traffic from the 198.51.100.0/24 -subnet: -``` -- hosts: rec.example.net - roles: - - role: PowerDNS.pdns_recursor - vars: - pdns_rec_config: - 'allow-from': '198.51.100.0/24' - 'local-address': '203.0.113.53:5300' -``` + +Here we show some examples of usage of the `PowerDNS.pdns_recursor` role. + +Bind to `203.0.113.53` on port `5300` and allow only traffic from the `198.51.100.0/24` subnet: + + - hosts: pdns-recursors + vars: + pdns_rec_config: + 'allow-from': '198.51.100.0/24' + 'local-address': '203.0.113.53:5300' + roles: + - { role: PowerDNS.pdns_recursor } Allow from multiple networks: -``` -- hosts: rec.example.net - roles: - - role: PowerDNS.pdns_recursor - vars: - pdns_rec_config: - 'allow-from': - - '198.51.100.0/24' - - '203.0.113.53/24' - 'local-address': '203.0.113.53:5300' -``` + + - hosts: pdns-recursors + vars: + pdns_rec_config: + 'allow-from': + - '198.51.100.0/24' + - '203.0.113.53/24' + 'local-address': '203.0.113.53:5300' + roles: + - { role: PowerDNS.pdns_recursor } + License ------- + GPLv2 -Author Information ------------------- +Authors Informations +-------------------- + Pieter Lexis +Andrea Tosatto diff --git a/defaults/main.yml b/defaults/main.yml index 50e20ce..4ba9eaf 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,31 +1,66 @@ --- -pdns_rec_installation_type: packages -pdns_rec_repo_provider: os -# Install packages from the master powerdns repo by default -pdns_rec_repo_branch: master - -# Used when pdns_rec_installation_type is 'url' -pdns_rec_url: '' -pdns_rec_url_checksum: '' +# By default the PowerDNS Recursor is installed from the os default repositories. +pdns_rec_install_repo: False +# +# You can install the PowerDNS Recursor package from the 'master' branch as +# follows: +# - hosts: all +# roles: +# - { role: PowerDNS.pdns_recursor, +# pdns_rec_install_repo: "{{ pdns_rec_official_pdns_master }}" +# +# To install the PowerDNS Recursor package from the '40' branch of +# the PowerDNS official repository use the following playbook +# - hosts: all +# roles: +# - { role: PowerDNS.pdns_recursor, +# pdns_rec_install_repo: "{{ pdns_rec_official_pdns_40 }}" +# +# To install the PowerDNS Recursor package from a custom repository +# override the `pdns_rec_install_repo` default value in your playbook. +# e.g. +# - hosts: all +# vars: +# pdns_rec_install_repo: +# apt_repo_origin: "my.repo.com" # used to pin the pdns-recursor to the provided PowerDNS repository +# apt_repo: "deb http://my.repo.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns-recursor main" +# gpg_key: "http://my.repo.com/MYREPOGPGPUBKEY.asc" # repository public GPG key +# gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed +# yum_repo_baseurl: "http://my.repo.com/centos/$basearch/$releasever/pdns-recursor" +# yum_repo_name: "powerdns-rec" # used to select only the pdns-recursor packages coming from this repo +# roles: +# - { role: PowerDNS.pdns_recursor } -# The user and group to run as. -# NOTE: at the moment, we don't create a user as we assume the package creates -# a "pdns" user and group. If you change these variables, make sure to create -# the user and groups before applying this role +# The user and group the PowerDNS Recursor will run as. +# NOTE: This role does not create any user as we assume the "pdns" user and group +# to be created by the PowerDNS Recursor package or by an other role. +# If you change these variables, make sure to create the user and groups before +# applying this role pdns_rec_user: pdns pdns_rec_group: pdns -# The directory where the config is located -pdns_rec_config_dir: '/etc/powerdns' +# Configuration directory and files +pdns_rec_config_dir: "/etc/powerdns" +pdns_rec_config_lua: "{{ pdns_rec_config_dir }}/config.lua" +pdns_rec_config_dns_script: "{{ pdns_rec_config_dir }}/dns-script.lua" -# pdns_rec_config: A dict containing all configuration options, except for the -# "config-dir", "setuid" and "setgid" directives. -# NOTE: Right now, we don't verify the options when configuring the server. +# Dict containing all configuration options, except for the +# "config-dir", "setuid" and "setgid" directives in YAML format. +pdns_rec_config: { } # # Example: # pdns_rec_config: # allow_from: '127.0.0.1/8,192.168.2.0/24' # local-address: 0.0.0.0 # server-id: 'nothing to see here' -pdns_rec_config: {} + +# String containing the content of the lua-config-file file. +# NOTE: This will create a file called `config.lua` into the `pdns_rec_config_dir` +# and add the configuration to the `recursor.conf` configuration file. +# pdns_rec_lua_config_file_content: "" + +# String containing the content of the lua-dns-script file. +# This will create a file called `dns-script.lua` into the `pdns_rec_config_dir` +# and add the configuration to load this script to the `recursor.conf` +# pdns_rec_lua_dns_script_content: "" diff --git a/files/pdns.pin b/files/pdns.pin deleted file mode 100644 index 24d2bea..0000000 --- a/files/pdns.pin +++ /dev/null @@ -1,3 +0,0 @@ -Package: pdns-* -Pin: origin repo.powerdns.com -Pin-Priority: 600 diff --git a/handlers/main.yml b/handlers/main.yml index 65c7030..74cfd01 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,4 +1,5 @@ --- + - name: Restart PowerDNS Recursor service: name: pdns-recursor diff --git a/meta/main.yml b/meta/main.yml index b47e882..c15236a 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: - author: Pieter Lexis + author: PowerDNS Engineering Team description: PowerDNS Recursor Role company: PowerDNS.COM BV license: GPLv2 @@ -16,11 +16,15 @@ galaxy_info: - name: Ubuntu versions: - trusty + - utopic + - vivid + - wily - xenial galaxy_tags: - system - pdns - powerdns - pdns-recursor - - powerdnsrecursor -dependencies: [] + +dependencies: + - { role: atosatto.packages-extras } diff --git a/molecule.yml b/molecule.yml new file mode 100644 index 0000000..9249d14 --- /dev/null +++ b/molecule.yml @@ -0,0 +1,34 @@ +--- + +ansible: + requirements_file: requirements.yml + # verbose: true + +driver: + name: vagrant + +vagrant: + + platforms: + - name: centos-7 + box: centos/7 + - name: ubuntu-xenial + box: bento/ubuntu-16.04 + - name: debian-jessie + box: debian/jessie64 + + providers: + - name: virtualbox + type: virtualbox + options: + memory: 1024 + cpus: 2 + + instances: + - name: pdns-recursor-01 + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + options: + append_platform_to_hostname: yes diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..4d8eacc --- /dev/null +++ b/playbook.yml @@ -0,0 +1,14 @@ +--- + +- hosts: all + vars: + pdns_rec_install_repo: "{{ pdns_rec_official_pdns_master }}" + pdns_rec_config: + allow-from: "198.51.100.0/24" + roles: + - { role: pdns_recursor-ansible } + +# +# - hosts: all +# roles: +# - { role: pdns_recursor-ansible } diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..61eff3d --- /dev/null +++ b/requirements.yml @@ -0,0 +1,10 @@ +--- + +- src: atosatto.packages-extras + version: v1.1.1 + name: atosatto.packages-extras + +# - src: https://github.com/atosatto/ansible-packages-extras.git +# scm: git +# version: master +# name: atosatto.packages-extras diff --git a/tasks/configuration.yml b/tasks/configuration.yml deleted file mode 100644 index fbadbc4..0000000 --- a/tasks/configuration.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- - -- name: Ensure the PowerDNS configuration directory exists - file: - name: "{{ pdns_rec_config_dir | default('/etc/powerdns') }}" - state: directory - owner: root - group: root - -- name: Grab pdns_recursor version - shell: "pdns_recursor --version 2>&1 | awk '/PowerDNS Recursor/ { print $6 }'" - register: pdns_recursor_version_result - changed_when: false - -- name: Set pdns_recursor variable - set_fact: - pdns_recursor_version: "{{ pdns_recursor_version_result.stdout }}" - -- name: Add configuration for the PowerDNS Recursor - template: - src: recursor.conf.j2 - dest: "{{ pdns_rec_config_dir | default('/etc/powerdns') }}/recursor.conf" - notify: Restart PowerDNS Recursor - -- name: Add lua-config-file - copy: - dest: "{{ pdns_rec_config_dir | default('/etc/powerdns') }}/config.lua" - content: "{{ pdns_rec_lua_config_file_content }}" - when: pdns_rec_lua_config_file_content is defined - notify: Restart PowerDNS Recursor - -- name: Add lua-dns-script - copy: - dest: "{{ pdns_rec_config_dir | default('/etc/powerdns') }}/dns-script.lua" - content: "{{ pdns_rec_lua_dns_script_content }}" - when: pdns_rec_lua_dns_script_content is defined - notify: Restart PowerDNS Recursor diff --git a/tasks/configure.yml b/tasks/configure.yml new file mode 100644 index 0000000..9d6f848 --- /dev/null +++ b/tasks/configure.yml @@ -0,0 +1,28 @@ +--- + +- name: Ensure that the PowerDNS configuration directory exists + file: + name: "{{ pdns_rec_config_dir }}" + state: directory + owner: root + group: root + +- name: Generate the PowerDNS Recursor configuration + template: + src: recursor.conf.j2 + dest: "{{ pdns_rec_config_dir }}/recursor.conf" + notify: Restart PowerDNS Recursor + +- name: Generate the Lua config-file + copy: + dest: "{{ pdns_rec_config_lua }}" + content: "{{ pdns_rec_lua_config_file_content }}" + when: pdns_rec_lua_config_file_content is defined + notify: Restart PowerDNS Recursor + +- name: Generate the Lua dns-script + copy: + dest: "{{ pdns_rec_config_dns_script }}" + content: "{{ pdns_rec_lua_dns_script_content }}" + when: pdns_rec_lua_dns_script_content is defined + notify: Restart PowerDNS Recursor diff --git a/tasks/inspect-Debian.yml b/tasks/inspect-Debian.yml new file mode 100644 index 0000000..7d0014d --- /dev/null +++ b/tasks/inspect-Debian.yml @@ -0,0 +1,17 @@ +--- + +- name: Extract the PowerDNS Recursor Version from APT + apt_madison: + name: "pdns-recursor" + update_cache: yes + changed_when: False + register: pdns_recursor_version_result + +- name: Export the pdns_recursor_version variable for Debian + set_fact: + pdns_recursor_version: | + {% if pdns_rec_install_repo %} + {{ pdns_recursor_version_result.versions | selectattr('repo_site', 'equalto', pdns_rec_install_repo['apt_repo_origin']) | map(attribute='version') | sort(reverse=True) | first }} + {% else %} + {{ pdns_recursor_version_result.versions | map(attribute='version') | sort(reverse=True) | first }} + {% endif %} diff --git a/tasks/inspect-RedHat.yml b/tasks/inspect-RedHat.yml new file mode 100644 index 0000000..9a93a13 --- /dev/null +++ b/tasks/inspect-RedHat.yml @@ -0,0 +1,17 @@ +--- + +- name: Extract the PowerDNS Recursor Version from YUM + yum_madison: + name: "pdns-recursor" + update_cache: no # it could require too much bandwith + changed_when: False + register: pdns_recursor_version_result + +- name: Export the pdns_recursor_version variable for RedHat + set_fact: + pdns_recursor_version: | + {% if pdns_rec_install_repo %} + {{ pdns_recursor_version_result.versions | selectattr('repo_name', 'equalto', pdns_rec_install_repo['yum_repo_name']) | map(attribute='version') | sort(reverse=True) | first }} + {% else %} + {{ pdns_recursor_version_result.versions | map(attribute='version') | sort(reverse=True) | first }} + {% endif %} diff --git a/tasks/install.packages-debian.yml b/tasks/install.packages-debian.yml deleted file mode 100644 index 8e868ad..0000000 --- a/tasks/install.packages-debian.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- - -- name: Import the PowerDNS Recursor 'master' APT repository key - apt_key: - url: http://repo.powerdns.com/CBC8B383-pub.asc - id: D47975F8DAE32700A563E64FFF389421CBC8B383 - when: pdns_rec_repo_provider == "powerdns" and pdns_rec_repo_branch == "master" - -- name: Import the PowerDNS Recursor '4.0.x' APT repository key - apt_key: - url: http://repo.powerdns.com/FD380FBB-pub.asc - id: 9FAAA5577E8FCF62093D036C1B0C6205FD380FBB - when: pdns_rec_repo_provider == "powerdns" and pdns_rec_repo_branch in ["40"] - -- name: Pinning the PowerDNS packages to the PowerDNS APT repo - copy: - dest: /etc/apt/preferences.d/pdns - src: pdns.pin - owner: root - group: root - mode: 0644 - when: pdns_rec_repo_provider == "powerdns" - -- name: Add the PowerDNS Recursor APT repository - apt_repository: - repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-{{ pdns_rec_repo_branch }} main" - when: pdns_rec_repo_provider == "powerdns" - -- name: Install the PowerDNS Recursor package - apt: - name: pdns-recursor - state: present - update_cache: yes diff --git a/tasks/install.packages-redhat.yml b/tasks/install.packages-redhat.yml deleted file mode 100644 index 664261c..0000000 --- a/tasks/install.packages-redhat.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- - -- name: Install yum-plugin-priorities - yum: - name: yum-plugin-priorities - state: installed - when: pdns_rec_repo_provider == "powerdns" - -- name: Add the PowerDNS Recursor YUM repository - get_url: - url: https://repo.powerdns.com/repo-files/{{ ansible_distribution | lower() }}-rec-{{ pdns_rec_repo_branch }}.repo - dest: /etc/yum.repos.d/powerdns-rec-{{ pdns_rec_repo_branch }}.repo - when: pdns_rec_repo_provider == "powerdns" - -- name: Install epel-release - yum: - name: epel-release - update_cache: yes - -- name: Install the PowerDNS Recursor package - yum: - name: pdns-recursor - state: installed diff --git a/tasks/install.url-debian.yml b/tasks/install.url-debian.yml deleted file mode 100644 index 044ddfc..0000000 --- a/tasks/install.url-debian.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- - -- name: Get the name of the package - set_fact: - pdns_rec_pkg_name: "{{ pdns_rec_url.split('/')[-1] }}" - -- name: Get the version of the package - set_fact: - pdns_rec_pkg_version: "{{ pdns_rec_pkg_name.split('_')[-2] }}" - -- name: Grab the package - get_url: - url: "{{ pdns_rec_url }}" - dest: "/tmp/{{ pdns_rec_pkg_name }}" - checksum: "{{ pdns_rec_url_checksum }}" - -- name: Pinning the pdns-recursor package to the downloaded version - template: - src: pdns-recursor.pin - dest: /etc/apt/preferences.d/pdns - -- name: Install the package, ignoring dependency errors - apt: - deb: "/tmp/{{ pdns_rec_pkg_name }}" - failed_when: False - -- name: Install dependencies - command: apt-get -f install diff --git a/tasks/main.yml b/tasks/main.yml index 15080fc..763e893 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,52 +1,26 @@ --- - name: Include os-specific variables - include_vars: "{{ item }}" - with_first_found: - - "vars/{{ ansible_os_family }}.yml" - - "vars/default.yml" + include_vars: "{{ ansible_os_family }}.yml" -- name: Validating role variables - include: validate.yml - -- include: install.packages-debian.yml - when: pdns_rec_installation_type == "packages" and ansible_os_family == "Debian" +- include: "repo-{{ ansible_os_family }}.yml" + when: pdns_rec_install_repo tags: - - packages - install + - repository -- include: install.packages-redhat.yml - when: pdns_rec_installation_type == "packages" and ansible_os_family == "RedHat" +- include: "inspect-{{ ansible_os_family }}.yml" +- include: configure.yml tags: - - packages - - install - -# TODO -#- include: install.source-debian.yml -# when: pdns_installation_type == "source" and ansible_os_family == "Debian" -# tags: -# - source -# - install -# -# TODO -#- include: install.source-redhat.yml -# when: pdns_installation_type == "source" and ansible_os_family == "RedHat" -# tags: -# - source -# - install + - config -- include: install.url-debian.yml - when: pdns_rec_installation_type == "url" and ansible_os_family == "Debian" +- name: Install the PowerDNS Recursor package + package: + name: pdns-recursor + state: present tags: - - url - install -- include: configuration.yml - tags: - - conf - - config - - configuration - - name: Start and enable the PowerDNS Recursor service service: name: pdns-recursor diff --git a/tasks/repo-Debian.yml b/tasks/repo-Debian.yml new file mode 100644 index 0000000..355ad80 --- /dev/null +++ b/tasks/repo-Debian.yml @@ -0,0 +1,15 @@ +--- + +- name: Import the PowerDNS Recursor APT repository key + apt_key: + url: "{{ pdns_rec_install_repo['gpg_key'] }}" + id: "{{ pdns_rec_install_repo['gpg_key_id'] | default('') }}" + +- name: Add the PowerDNS Recursor APT repository + apt_repository: + repo: "{{ pdns_rec_install_repo['apt_repo'] }}" + +- name: Pin the PowerDNS Recursor to the PowerDNS APT Repository + template: + src: pdns-recursor.pin + dest: /etc/apt/preferences.d/pdns-recursor diff --git a/tasks/repo-RedHat.yml b/tasks/repo-RedHat.yml new file mode 100644 index 0000000..26c4e9c --- /dev/null +++ b/tasks/repo-RedHat.yml @@ -0,0 +1,16 @@ +--- + +- name: Install epel-release + package: + name: epel-release + state: installed + +- name: Install yum-plugin-priorities + package: + name: yum-plugin-priorities + state: installed + +- name: Add the PowerDNS Recursor YUM repository + template: + src: powerdns-rec.repo.j2 + dest: /etc/yum.repos.d/powerdns-rec.repo diff --git a/tasks/validate.yml b/tasks/validate.yml deleted file mode 100644 index 822bfe4..0000000 --- a/tasks/validate.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -- name: Check pdns_rec_repo_provider - fail: - msg: "pdns_rec_repo_provider is neither 'powerdns' nor 'os'" - when: pdns_rec_installation_type == "packages" - and pdns_rec_repo_provider not in ["os", "powerdns"] - -- name: Check pdns_rec_repo_branch - fail: - msg: "pdns_rec_repo_branch isn't set to a known branch" - when: pdns_rec_installation_type == "packages" - and pdns_rec_repo_provider == "powerdns" - and pdns_rec_repo_branch not in ["master", "40"] - -- name: Fail if variables are missing - fail: - msg: "Unable to continue, pdns_rec_url or pdns_rec_url_checksum is unset" - when: pdns_rec_installation_type == "url" - and (pdns_rec_url == "" or pdns_rec_url_checksum == "") diff --git a/templates/pdns-recursor.pin b/templates/pdns-recursor.pin index 71e5079..8451858 100644 --- a/templates/pdns-recursor.pin +++ b/templates/pdns-recursor.pin @@ -1,3 +1,3 @@ Package: pdns-recursor -Pin: version {{ pdns_rec_pkg_version }}* -Pin-Priority: 1001 +Pin: origin {{ pdns_rec_install_repo['apt_repo_origin'] }} +Pin-Priority: 600 diff --git a/templates/powerdns-rec.repo.j2 b/templates/powerdns-rec.repo.j2 new file mode 100644 index 0000000..db19ed1 --- /dev/null +++ b/templates/powerdns-rec.repo.j2 @@ -0,0 +1,8 @@ +[powerdns-rec] +name=powerdns-rec +baseurl={{ pdns_rec_install_repo.yum_repo_baseurl }} +enabled=1 +gpgcheck=1 +gpgkey={{ pdns_rec_install_repo.gpg_key }} +priority=90 +includepkg=pdns* diff --git a/templates/recursor.conf.j2 b/templates/recursor.conf.j2 index adf3e12..2f1b011 100644 --- a/templates/recursor.conf.j2 +++ b/templates/recursor.conf.j2 @@ -15,16 +15,16 @@ setgid={{ pdns_rec_group }} {{config_item}}= {%- elif value is string or value is number %} -{{ config_item }}={{ pdns_rec_config[config_item]|string }} +{{ config_item }}={{ pdns_rec_config[config_item] | string }} {%- elif pdns_rec_config[config_item] is sequence %} {%- if pdns_recursor_version[0:3] in ['0.0', '3.6', '4.0'] %} {%- for config_item_item in value -%} {%- if loop.first %} -{{ config_item }}={{ config_item_item|string }} +{{ config_item }}={{ config_item_item | string }} {%- else %} -{{ config_item }}+={{ config_item_item|string }} +{{ config_item }}+={{ config_item_item | string }} {%- endif -%} {%- endfor -%} {%- else %} @@ -36,9 +36,9 @@ setgid={{ pdns_rec_group }} {%- endfor %} {% if pdns_rec_lua_config_file_content is defined %} -lua-config-file={{pdns_rec_config_dir | default('/etc/powerdns')}}/config.lua +lua-config-file={{ pdns_rec_config_lua }} {% endif %} {% if pdns_rec_lua_dns_script_content is defined %} -lua-dns-script={{pdns_rec_config_dir | default('/etc/powerdns')}}/dns-script.lua +lua-dns-script={{ pdns_rec_config_dns_script }} {% endif %} diff --git a/vars/default.yml b/vars/Debian.yml similarity index 100% rename from vars/default.yml rename to vars/Debian.yml diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 6414456..bc73d20 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,4 +1,5 @@ --- + pdns_rec_user: "pdns-recursor" pdns_rec_group: "pdns-recursor" pdns_rec_config_dir: "/etc/pdns-recursor" diff --git a/vars/main.yml b/vars/main.yml index 9ae0901..e95cbd9 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,2 +1,17 @@ --- -# vars file for pdns_recursor-ansible + +pdns_rec_official_pdns_master: + apt_repo_origin: "repo.powerdns.com" + apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-master main" + gpg_key: "http://repo.powerdns.com/CBC8B383-pub.asc" + gpg_key_id: "D47975F8DAE32700A563E64FFF389421CBC8B383" + yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/rec-master" + yum_repo_name: "powerdns-rec" + +pdns_rec_official_pdns_40: + apt_repo_origin: "repo.powerdns.com" + apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-rec-40 main" + gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc" + gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB" + yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/rec-40" + yum_repo_name: "powerdns-rec"