Manage DNS servers using Ansible #93

Open
jeltz wants to merge 45 commits from dns into master
2 changed files with 23 additions and 9 deletions
Showing only changes of commit f321b12d2f - Show all commits

View file

@ -15,6 +15,7 @@ knotd__cds_cdnskey_publish: rollover
knotd__acl: [] knotd__acl: []
knotd__acl_update_owner: name knotd__acl_update_owner: name
knotd__acl_update_owner_match: equal knotd__acl_update_owner_match: equal
knotd__queryacl: []
knotd__zones_dir: "{{ knotd__database_dir }}/zones" knotd__zones_dir: "{{ knotd__database_dir }}/zones"
knotd__semantic_checks: true knotd__semantic_checks: true
knotd__serial_policy: increment knotd__serial_policy: increment

View file

@ -1,3 +1,5 @@
{{ ansible_managed | comment }}
server: server:
rundir: "{{ knotd__run_dir }}" rundir: "{{ knotd__run_dir }}"
user: {{ knotd__user }}:{{ knotd__group }} user: {{ knotd__user }}:{{ knotd__group }}
@ -26,7 +28,7 @@ remote:
{% for id, remote in knotd__remotes.items() %} {% for id, remote in knotd__remotes.items() %}
- id: {{ id }} - id: {{ id }}
address: {{ remote.address }} address: {{ remote.address }}
{% if "key" in remote %} {% if remote.key is defined %}
key: {{ remote.key }} key: {{ remote.key }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
@ -55,12 +57,12 @@ policy:
nsec3: {{ policy.nsec3 nsec3: {{ policy.nsec3
| default(knotd__nsec3) | default(knotd__nsec3)
| ternary("on", "off") }} | ternary("on", "off") }}
{% if "ds_push" in policy %} {% if policy.ds_push is defined %}
ds-push: {{ policy.ds_push }} ds-push: {{ policy.ds_push }}
{% endif %} {% endif %}
cds-cdnskey-publish: {{ policy.cds_cdnskey_publish cds-cdnskey-publish: {{ policy.cds_cdnskey_publish
| default(knotd__cds_cdnskey_publish) }} | default(knotd__cds_cdnskey_publish) }}
{% if "ksk_submission" in policy %} {% if policy.ksk_submission is defined %}
ksk-submission: {{ policy.ksk_submission }} ksk-submission: {{ policy.ksk_submission }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
@ -70,7 +72,7 @@ policy:
acl: acl:
{% for id, acl in knotd__acl.items() %} {% for id, acl in knotd__acl.items() %}
- id: {{ id }} - id: {{ id }}
{% if "addresses" in acl %} {% if acl.addresses is defined %}
address: [ {{ acl.addresses | join(", ") }} ] address: [ {{ acl.addresses | join(", ") }} ]
{% endif %} {% endif %}
action: {{ acl.action }} action: {{ acl.action }}
@ -82,12 +84,20 @@ acl:
| default(knotd__acl_update_owner_match) }} | default(knotd__acl_update_owner_match) }}
update-owner-name: [ {{ acl.update_owner_name | join(", ") }} ] update-owner-name: [ {{ acl.update_owner_name | join(", ") }} ]
{% endif %} {% endif %}
{% if "key" in acl %} {% if acl.key is defined %}
key: {{ acl.key }} key: {{ acl.key }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if knotd__queryacl.items() %}
mod-queryacl:
{% for id, acl in knotd__queryacl.items() %}
- id: {{ id }}
address: [ {{ acl.addresses | join(", ") }} ]
{% endfor %}
{% endif %}
template: template:
- id: default - id: default
storage: "{{ knotd__zones_dir }}" storage: "{{ knotd__zones_dir }}"
@ -105,16 +115,19 @@ zone:
{% for domain, zone in knotd__zones.items() %} {% for domain, zone in knotd__zones.items() %}
{% if zone.enabled | default(true) %} {% if zone.enabled | default(true) %}
- domain: {{ domain }} - domain: {{ domain }}
{% if "notify" in zone %} {% if zone.notify is defined %}
notify: [ {{ zone.notify | join(", ") }} ] notify: [ {{ zone.notify | join(", ") }} ]
{% endif %} {% endif %}
{% if "acl" in zone %} {% if zone.acl is defined %}
acl: [ {{ zone.acl | join(", ") }} ] acl: [ {{ zone.acl | join(", ") }} ]
{% endif %} {% endif %}
{% if "master" in zone %} {% if zone.queryacl is defined %}
module: mod-queryacl/{{ zone.queryacl }}
{% endif %}
{% if zone.master is defined %}
master: {{ zone.master }} master: {{ zone.master }}
{% endif %} {% endif %}
{% if "dnssec_policy" in zone %} {% if zone.dnssec_policy is defined %}
dnssec-policy: {{ zone.dnssec_policy }} dnssec-policy: {{ zone.dnssec_policy }}
dnssec-signing: on dnssec-signing: on
{% else %} {% else %}