Manage DNS servers using Ansible #93
2 changed files with 23 additions and 9 deletions
|
@ -15,6 +15,7 @@ knotd__cds_cdnskey_publish: rollover
|
||||||
knotd__acl: []
|
knotd__acl: []
|
||||||
knotd__acl_update_owner: name
|
knotd__acl_update_owner: name
|
||||||
knotd__acl_update_owner_match: equal
|
knotd__acl_update_owner_match: equal
|
||||||
|
knotd__queryacl: []
|
||||||
knotd__zones_dir: "{{ knotd__database_dir }}/zones"
|
knotd__zones_dir: "{{ knotd__database_dir }}/zones"
|
||||||
knotd__semantic_checks: true
|
knotd__semantic_checks: true
|
||||||
knotd__serial_policy: increment
|
knotd__serial_policy: increment
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
server:
|
server:
|
||||||
rundir: "{{ knotd__run_dir }}"
|
rundir: "{{ knotd__run_dir }}"
|
||||||
user: {{ knotd__user }}:{{ knotd__group }}
|
user: {{ knotd__user }}:{{ knotd__group }}
|
||||||
|
@ -26,7 +28,7 @@ remote:
|
||||||
{% for id, remote in knotd__remotes.items() %}
|
{% for id, remote in knotd__remotes.items() %}
|
||||||
- id: {{ id }}
|
- id: {{ id }}
|
||||||
address: {{ remote.address }}
|
address: {{ remote.address }}
|
||||||
{% if "key" in remote %}
|
{% if remote.key is defined %}
|
||||||
key: {{ remote.key }}
|
key: {{ remote.key }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -55,12 +57,12 @@ policy:
|
||||||
nsec3: {{ policy.nsec3
|
nsec3: {{ policy.nsec3
|
||||||
| default(knotd__nsec3)
|
| default(knotd__nsec3)
|
||||||
| ternary("on", "off") }}
|
| ternary("on", "off") }}
|
||||||
{% if "ds_push" in policy %}
|
{% if policy.ds_push is defined %}
|
||||||
ds-push: {{ policy.ds_push }}
|
ds-push: {{ policy.ds_push }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
cds-cdnskey-publish: {{ policy.cds_cdnskey_publish
|
cds-cdnskey-publish: {{ policy.cds_cdnskey_publish
|
||||||
| default(knotd__cds_cdnskey_publish) }}
|
| default(knotd__cds_cdnskey_publish) }}
|
||||||
{% if "ksk_submission" in policy %}
|
{% if policy.ksk_submission is defined %}
|
||||||
ksk-submission: {{ policy.ksk_submission }}
|
ksk-submission: {{ policy.ksk_submission }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -70,7 +72,7 @@ policy:
|
||||||
acl:
|
acl:
|
||||||
{% for id, acl in knotd__acl.items() %}
|
{% for id, acl in knotd__acl.items() %}
|
||||||
- id: {{ id }}
|
- id: {{ id }}
|
||||||
{% if "addresses" in acl %}
|
{% if acl.addresses is defined %}
|
||||||
address: [ {{ acl.addresses | join(", ") }} ]
|
address: [ {{ acl.addresses | join(", ") }} ]
|
||||||
{% endif %}
|
{% endif %}
|
||||||
action: {{ acl.action }}
|
action: {{ acl.action }}
|
||||||
|
@ -82,12 +84,20 @@ acl:
|
||||||
| default(knotd__acl_update_owner_match) }}
|
| default(knotd__acl_update_owner_match) }}
|
||||||
update-owner-name: [ {{ acl.update_owner_name | join(", ") }} ]
|
update-owner-name: [ {{ acl.update_owner_name | join(", ") }} ]
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if "key" in acl %}
|
{% if acl.key is defined %}
|
||||||
key: {{ acl.key }}
|
key: {{ acl.key }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if knotd__queryacl.items() %}
|
||||||
|
mod-queryacl:
|
||||||
|
{% for id, acl in knotd__queryacl.items() %}
|
||||||
|
- id: {{ id }}
|
||||||
|
address: [ {{ acl.addresses | join(", ") }} ]
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
template:
|
template:
|
||||||
- id: default
|
- id: default
|
||||||
storage: "{{ knotd__zones_dir }}"
|
storage: "{{ knotd__zones_dir }}"
|
||||||
|
@ -105,16 +115,19 @@ zone:
|
||||||
{% for domain, zone in knotd__zones.items() %}
|
{% for domain, zone in knotd__zones.items() %}
|
||||||
{% if zone.enabled | default(true) %}
|
{% if zone.enabled | default(true) %}
|
||||||
- domain: {{ domain }}
|
- domain: {{ domain }}
|
||||||
{% if "notify" in zone %}
|
{% if zone.notify is defined %}
|
||||||
notify: [ {{ zone.notify | join(", ") }} ]
|
notify: [ {{ zone.notify | join(", ") }} ]
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if "acl" in zone %}
|
{% if zone.acl is defined %}
|
||||||
acl: [ {{ zone.acl | join(", ") }} ]
|
acl: [ {{ zone.acl | join(", ") }} ]
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if "master" in zone %}
|
{% if zone.queryacl is defined %}
|
||||||
|
module: mod-queryacl/{{ zone.queryacl }}
|
||||||
|
{% endif %}
|
||||||
|
{% if zone.master is defined %}
|
||||||
master: {{ zone.master }}
|
master: {{ zone.master }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if "dnssec_policy" in zone %}
|
{% if zone.dnssec_policy is defined %}
|
||||||
dnssec-policy: {{ zone.dnssec_policy }}
|
dnssec-policy: {{ zone.dnssec_policy }}
|
||||||
dnssec-signing: on
|
dnssec-signing: on
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|
Loading…
Reference in a new issue