From afc9e4203b44990e2ee9d669e0bbf12adb7400f3 Mon Sep 17 00:00:00 2001 From: Huub Daems Date: Thu, 17 Jun 2021 17:51:33 +0200 Subject: [PATCH] Add TransIP (transip.nl) as dns provider --- README.md | 3 +- ansible/roles/letsencrypt/tasks/main.yml | 40 +++++++++++++++++++ .../roles/public_dns/tasks/create-transip.yml | 20 ++++++++++ .../roles/public_dns/tasks/destroy-transip.nl | 20 ++++++++++ 4 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/public_dns/tasks/create-transip.yml create mode 100644 ansible/roles/public_dns/tasks/destroy-transip.nl diff --git a/README.md b/README.md index f95e2d8c..27052529 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,7 @@ Here is an example about [_cluster.yml_](cluster-example.yml) file that contains |cluster_name |Name of the cluster to be installed | |public_domain |Root domain that will be used for your cluster. | |public_ip |Override for public ip entries. defaults to `hostvars['localhost']['ansible_default_ipv4']['address']`. | -|dns_provider |DNS provider, value can be _route53_, _cloudflare_, _gcp_, _azure_ or _none_. Check __Setup public DNS records__ for more info. | +|dns_provider |DNS provider, value can be _route53_, _cloudflare_, _gcp_, _azure_,_transip_ or _none_. Check __Setup public DNS records__ for more info. | |letsencrypt_account_email |Email address that is used to create LetsEncrypt certs. If _cloudflare_account_email_ is not present for CloudFlare DNS recods, _letsencrypt_account_email_ is also used with CloudFlare DNS account email | |image_pull_secret|Token to be used to authenticate to the Red Hat image registry. You can download your pull secret from https://cloud.redhat.com/openshift/install/metal/user-provisioned | @@ -132,6 +132,7 @@ Please configure in `cluster.yml` all necessary credentials: |GCP|`gcp_project: project-name `
`gcp_managed_zone_name: 'zone-name'`
`gcp_managed_zone_domain: 'example.com.'`
`gcp_serviceaccount_file: ../gcp_service_account.json` | |Azure|`azure_client_id: 'client_id'`
`azure_secret: 'key'`
`azure_subscription_id: 'subscription_id'`
`azure_tenant: 'tenant_id'`
`azure_resource_group: 'dns_zone_resource_group'` | |Hetzner|`hetzner_account_api_token: 93543ade82AA$73.....`
`hetzner_zone: domain.tld`| +|TransIP|`transip_token: eyJ0eXAiOiJKV....`
`transip_zone: domain.tld`| |none|With `dns_provider: none` the playbooks will not create public dns entries. (It will skip letsencrypt too) Please create public dns entries if you want to access your cluster.| ### Optional configuration diff --git a/ansible/roles/letsencrypt/tasks/main.yml b/ansible/roles/letsencrypt/tasks/main.yml index 716a502c..2837855e 100644 --- a/ansible/roles/letsencrypt/tasks/main.yml +++ b/ansible/roles/letsencrypt/tasks/main.yml @@ -119,6 +119,26 @@ loop: "{{ challenge_data_dns | default({}) | dict2items | subelements('value') }}" when: le_dns_provider == "azure" and sample_com_challenge is changed +- name: Create DNS record at TransIP + uri: + url: "https://api.transip.nl/v6/domains/{{ transip_zone }}/dns" + method: POST + headers: + Authorization: "Bearer {{ transip_token }}" + body_format: json + body: + dnsEntry: + name: "{{ item.0.key | replace( transip_zone ,'') | regex_replace('\\.$', '') }}" + expire: 60 + type: TXT + content: "{{ item.1 }}" + status_code: 201 + register: record + loop: "{{ challenge_data_dns | default({}) | dict2items | subelements('value') }}" + when: le_dns_provider == "transip" and sample_com_challenge is changed + + + - name: DNS record info debug: msg: "{{ item.0.key }} TXT {{ item.1 }}" @@ -212,6 +232,26 @@ loop: "{{ challenge_data_dns | default({}) | dict2items | subelements('value') }}" when: le_dns_provider == "azure" and sample_com_challenge is changed + +- name: Delete DNS record at TransIP + uri: + url: "https://api.transip.nl/v6/domains/{{ transip_zone }}/dns" + method: DELETE + headers: + Authorization: "Bearer {{ transip_token }}" + body_format: json + body: + dnsEntry: + name: "{{ item.0.key | replace( transip_zone , '') | regex_replace('\\.$', '') }}" + expire: 60 + type: TXT + content: "{{ item.1 }}" + status_code: 204 + register: record + loop: "{{ challenge_data_dns | default({}) | dict2items | subelements('value') }}" + when: le_dns_provider == "transip" and sample_com_challenge is changed + + - name: Include DNS provider include: "destroy-{{ le_dns_provider }}.yml" when: diff --git a/ansible/roles/public_dns/tasks/create-transip.yml b/ansible/roles/public_dns/tasks/create-transip.yml new file mode 100644 index 00000000..e806acf0 --- /dev/null +++ b/ansible/roles/public_dns/tasks/create-transip.yml @@ -0,0 +1,20 @@ +- name: Create DNS record at TransIP + uri: + url: "https://api.transip.nl/v6/domains/{{ transip_zone }}/dns" + method: POST + headers: + Authorization: "Bearer {{ transip_token }}" + body_format: json + body: + dnsEntry: + name: "{{ item }}.{{ cluster_name }}" + expire: 60 + type: A + content: "{{ pd_public_ip }}" + status_code: 201 + with_items: + - api + - '*.apps' + tags: + - public_dns + diff --git a/ansible/roles/public_dns/tasks/destroy-transip.nl b/ansible/roles/public_dns/tasks/destroy-transip.nl new file mode 100644 index 00000000..7c92d006 --- /dev/null +++ b/ansible/roles/public_dns/tasks/destroy-transip.nl @@ -0,0 +1,20 @@ +- name: Create DNS record at TransIP + uri: + url: "https://api.transip.nl/v6/domains/{{ transip_zone }}/dns" + method: DELETE + headers: + Authorization: "Bearer {{ transip_token }}" + body_format: json + body: + dnsEntry: + name: "{{ item }}.{{ cluster_name }}" + expire: 60 + type: A + content: "{{ pd_public_ip }}" + status_code: 204 + with_items: + - api + - '*.apps' + tags: + - public_dns +