aurore/ansible
aurore/ansible
11
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

Merge branch 'dns' into 'aurore-dev'

Browse source 
Finalisation du déploiement d'unbound

See merge request aurore/ansible!46
This commit is contained in:
yberreby 2020-04-18 17:10:22 +02:00
commit 7234d90fae
7 changed files with 56 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
group_vars/all/vars.yml
View file

@ -36,3 +36,16 @@ monitoring_mail: 'monitoring.aurore@lists.crans.org'
matrix_webhooks_secret: "{{ vault_matrix_webhooks_secret }}" matrix_webhooks_secret: "{{ vault_matrix_webhooks_secret }}"
matrix_discord_client_id: "559305991494303747" matrix_discord_client_id: "559305991494303747"
matrix_discord_bot_token: "{{ vault_matrix_discord_bot_token }}" matrix_discord_bot_token: "{{ vault_matrix_discord_bot_token }}"
###
# DNS
###
# Dernier octet (en décimal) de l'addresse des serveurs DNS récursifs de chaque
# résidence.
dns_host_suffix_main: 253
dns_host_suffix_backup: 153
backup_dns_servers:
- "80.67.169.12" # French Data Network (FDN) (ns0.fdn.fr)

19
hosts
View file

@ -149,18 +149,27 @@ edc_pve
gs_pve gs_pve
[dhcp] [dhcp]
#dhcp-fleming.adm.auro.re dhcp-fleming.adm.auro.re
dhcp-fleming-backup.adm.auro.re dhcp-fleming-backup.adm.auro.re
#dhcp-pacaterie.adm.auro.re #dhcp-pacaterie.adm.auro.re
#dhcp-pacaterie-backup.adm.auro.re #dhcp-pacaterie-backup.adm.auro.re
#dhcp-edc.adm.auro.re #dhcp-edc.adm.auro.re
#dhcp-gs.adm.auro.re #dhcp-gs.adm.auro.re
[recursive_dns] [recursive_dns:children]
rdns_main
rdns_backup
[rdns_main]
dns-fleming.adm.auro.re dns-fleming.adm.auro.re
#dns-fleming-backup.adm.auro.re dns-pacaterie.adm.auro.re
#dns-pacaterie.adm.auro.re
#dns-pacaterie-backup.adm.auro.re [rdns_backup]
dns-fleming-backup.adm.auro.re
dns-pacaterie-backup.adm.auro.re
# FIXME:
#dns-edc.adm.auro.re #dns-edc.adm.auro.re
#dns-gs.adm.auro.re #dns-gs.adm.auro.re

2
network.yml
View file

@ -17,8 +17,6 @@
# Deploy unbound DNS server (recursive). # Deploy unbound DNS server (recursive).
- hosts: recursive_dns - hosts: recursive_dns
vars:
- dns_host_suffix: 253
roles: roles:
- unbound - unbound

14
roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2
View file

@ -1,4 +1,3 @@
# dhcpd.conf
# {{ ansible_managed }} # {{ ansible_managed }}
default-lease-time 86400; default-lease-time 86400;
@ -8,8 +7,6 @@ max-lease-time 86400;
# The MTU theoretically could go as high as 1496 (4-byte VLAN tag). # The MTU theoretically could go as high as 1496 (4-byte VLAN tag).
option interface-mtu 1400; option interface-mtu 1400;
# XXX: hardcoded DNS for now
option domain-name-servers 80.67.169.12, 1.1.1.1;
option root-path "/"; option root-path "/";
# The ddns-updates-style parameter controls whether or not the server will # The ddns-updates-style parameter controls whether or not the server will
@ -24,8 +21,6 @@ authoritative;
log-facility local7; log-facility local7;
# TODO: move this failover peer declaration to a separate file and include it.
{% if dhcp_failover is defined %} {% if dhcp_failover is defined %}
include "/etc/dhcp/dhcp-failover.conf"; include "/etc/dhcp/dhcp-failover.conf";
{% endif %} {% endif %}
@ -38,6 +33,8 @@ subnet 10.{{ subnet_ids.ap }}.0.0 netmask 255.255.0.0 {
option routers 10.{{ subnet_ids.ap }}.0.250; option routers 10.{{ subnet_ids.ap }}.0.250;
option domain-name "borne.auro.re"; option domain-name "borne.auro.re";
option domain-search "borne.auro.re"; option domain-search "borne.auro.re";
option domain-name-servers 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix_main }}, 10.{{ subnet_ids.ap }}.0.{{ dns_host_suffix_backup }}, {{ backup_dns_servers|join(', ') }};
include "/var/local/re2o-services/dhcp/generated/dhcp.borne.auro.re.list"; include "/var/local/re2o-services/dhcp/generated/dhcp.borne.auro.re.list";
deny unknown-clients; deny unknown-clients;
@ -51,6 +48,9 @@ subnet 10.{{ subnet_ids.users_wired }}.0.0 netmask 255.255.0.0 {
option routers 10.{{ subnet_ids.users_wired }}.0.240; option routers 10.{{ subnet_ids.users_wired }}.0.240;
option domain-name "fil.{{ apartment_block }}.auro.re"; option domain-name "fil.{{ apartment_block }}.auro.re";
option domain-search "auro.re"; option domain-search "auro.re";
option domain-name-servers 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix_main }}, 10.{{ subnet_ids.users_wired }}.0.{{ dns_host_suffix_backup }}, {{ backup_dns_servers|join(', ') }};
include "/var/local/re2o-services/dhcp/generated/dhcp.fil.{{ apartment_block }}.auro.re.list"; include "/var/local/re2o-services/dhcp/generated/dhcp.fil.{{ apartment_block }}.auro.re.list";
deny unknown-clients; deny unknown-clients;
@ -65,6 +65,9 @@ subnet 10.{{ subnet_ids.users_wifi }}.0.0 netmask 255.255.0.0 {
option routers 10.{{ subnet_ids.users_wifi }}.0.240; option routers 10.{{ subnet_ids.users_wifi }}.0.240;
option domain-name "wifi.{{ apartment_block }}.auro.re"; option domain-name "wifi.{{ apartment_block }}.auro.re";
option domain-search "auro.re"; option domain-search "auro.re";
option domain-name-servers 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix_main }}, 10.{{ subnet_ids.users_wifi }}.0.{{ dns_host_suffix_backup }}, {{ backup_dns_servers|join(', ') }};
include "/var/local/re2o-services/dhcp/generated/dhcp.wifi.{{ apartment_block }}.auro.re.list"; include "/var/local/re2o-services/dhcp/generated/dhcp.wifi.{{ apartment_block }}.auro.re.list";
pool { pool {
@ -76,4 +79,3 @@ subnet 10.{{ subnet_ids.users_wifi }}.0.0 netmask 255.255.0.0 {
} }
} }

11
roles/unbound/tasks/main.yml
View file

@ -1,5 +1,15 @@
--- ---
# This is used to let unbound bind to the right IP addresses.
- set_fact:
dns_host_suffix: "{{ dns_host_suffix_main }}"
when: "'rdns_main' in group_names"
- set_fact:
dns_host_suffix: "{{ dns_host_suffix_backup }}"
when: "'rdns_backup' in group_names"
- name: install unbound - name: install unbound
apt: apt:
update_cache: true update_cache: true
@ -18,7 +28,6 @@
dest: /etc/unbound/unbound.conf.d/recursive.conf dest: /etc/unbound/unbound.conf.d/recursive.conf
mode: 0644 mode: 0644
- name: restart unbound after editing config - name: restart unbound after editing config
systemd: systemd:
state: restarted state: restarted

9
roles/unbound/templates/recursive.conf.j2
View file

@ -1,7 +1,16 @@
# {{ ansible_managed }}
server: server:
# Timestamps use UTC ASCII instead of UNIX epoch. # Timestamps use UTC ASCII instead of UNIX epoch.
log-time-ascii: yes log-time-ascii: yes
# Only log errors.
verbosity: 0
# "" sends logs to stderr, journalctl will pick things up.
logfile: ""
do-ip4: yes do-ip4: yes
# FIXME: IPv6 deployment... someday... # FIXME: IPv6 deployment... someday...
do-ip6: no do-ip6: no

2
roles/unbound/templates/unbound.conf.j2
View file

@ -1,3 +1,5 @@
# {{ ansible_managed }}
#
# Unbound configuration file for Debian. # Unbound configuration file for Debian.
# #
# See the unbound.conf(5) man page. # See the unbound.conf(5) man page.