ansible-ffibk/playbooks/dns.yml

#!/usr/bin/ansible-playbook
---
- name: Manage DNS Internal Master Server.
  hosts: kichererbse.freifunk-mwu.de

  roles:
  - service-nginx
  - nodejs
  - yarn
  - geerlingguy.mysql
  - powerdns.pdns
  - pdns-admin

  vars:
    mysql_root_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_root subkey=secret') }}"
    mysql_databases:
      - name: "pdns-admin"
        encoding: "utf8"
        collation: "utf8_general_ci"
    mysql_users:
      - name: "pdns-admin"
        host: "localhost"
        password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_pdns-admin subkey=secret') }}"
        priv: "pdns-admin.*:ALL"
    mysql_max_binlog_size: "100M"
    mysql_expire_logs_days: "10"
    mysql_bind_address: "127.0.0.1"

    pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"

    pdns_mysql_databases_credentials:
      gmysql:
        priv_user: root
        priv_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_root subkey=secret') }}"
        priv_host:
          - "localhost"

    pdns_config:
      allow-axfr-ips: "{% for host in groups['ffmwu-gateways'] %}{{ loopback_net_ipv4 | ipaddr(hostvars[host]['magic']) | ipaddr('address') }},{{ loopback_net_ipv6 | ipaddr(hostvars[host]['magic']) | ipaddr('address') }}{% if not loop.last %},{% endif %}{% endfor %}"
      api: "yes"
      api-key: "{{ lookup('passwordstore', inventory_hostname_short + '/pdns_apikey') }}"
      default-soa-name: "{{ inventory_hostname }}"
      default-soa-mail: "admin.freifunk-mwu.de"
      local-port: "53"
      local-address: "127.0.0.1,{{ loopback_net_ipv4 | ipaddr(magic) | ipaddr('address') }}"
      local-ipv6: "::1,{{ loopback_net_ipv6 | ipaddr(magic) | ipaddr('address') }}"
      master: True
      only-notify: "{% for prefix in internal_prefixes %}{{ prefix.ipv4 }},{{ prefix.ipv6 }}{% if not loop.last %},{% endif %}{% endfor %}"
      tcp-fast-open: "50"
      version-string: "anonymous"
      webserver: "yes"
      webserver-address: "127.0.0.1"
      webserver-allow-from: "0.0.0.0/0,::/0"
      webserver-password: "{{ lookup('passwordstore', inventory_hostname_short + '/pdns_webserver') }}"

    pdns_backends:
      gmysql:
        host: "127.0.0.1"
        user: "powerdns"
        password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_powerdns subkey=secret') }}"
        dbname: "powerdns"

    pdns_admin_global_config:
      secret_key: "{{ lookup('passwordstore', inventory_hostname_short + '/pdnsadmin_secretkey') }}"
      login_title: "Freifunk MWU DNS Management"
      log_level: "INFO"
      log_file: "pdns-admin.log"

    pdns_admin_database_config:
      sqla_db_user: "pdns-admin"
      sqla_db_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_pdns-admin subkey=secret') }}"
      sqla_db_host: "127.0.0.1"
      sqla_db_name: "pdns-admin"
      sqlalchemy_track_modifications: True

- name: Manage DNS External Master Server.
  hosts: linse.freifunk-mwu.de

  roles:
  - service-nginx
  - nodejs
  - yarn
  - geerlingguy.mysql
  - powerdns.pdns
  - pdns-admin

  vars:
    mysql_root_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_root subkey=secret') }}"
    mysql_databases:
      - name: "pdns-admin"
        encoding: "utf8"
        collation: "utf8_general_ci"
    mysql_users:
      - name: "pdns-admin"
        host: "localhost"
        password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_pdns-admin subkey=secret') }}"
        priv: "pdns-admin.*:ALL"
    mysql_max_binlog_size: "100M"
    mysql_expire_logs_days: "10"
    mysql_bind_address: "127.0.0.1"

    pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"

    pdns_mysql_databases_credentials:
      gmysql:
        priv_user: root
        priv_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_root subkey=secret') }}"
        priv_host:
          - "localhost"

    pdns_config:
      allow-axfr-ips: "{% for slave in dns_external.slaves %}{{ lookup('dig', slave, 'qtype=A') | ipaddr('address') }}{% if not loop.last %},{% endif %}{% endfor %}"
      api: "yes"
      api-key: "{{ lookup('passwordstore', inventory_hostname_short + '/pdns_apikey') }}"
      default-soa-name: "{{ inventory_hostname }}"
      default-soa-mail: "admin.freifunk-mwu.de"
      local-port: "53"
      local-address: "127.0.0.1,{{ loopback_net_ipv4 | ipaddr(magic) | ipaddr('address') }},{{ ansible_default_ipv4.address | ipaddr('address') }}"
      local-ipv6: "::1,{{ loopback_net_ipv6 | ipaddr(magic) | ipaddr('address') }},{{ ansible_default_ipv6.address | ipaddr('address') }}"
      master: True
      tcp-fast-open: "50"
      version-string: "anonymous"
      webserver: "yes"
      webserver-address: "127.0.0.1"
      webserver-allow-from: "0.0.0.0/0,::/0"
      webserver-password: "{{ lookup('passwordstore', inventory_hostname_short + '/pdns_webserver') }}"

    pdns_backends:
      gmysql:
        host: "127.0.0.1"
        user: "powerdns"
        password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_powerdns subkey=secret') }}"
        dbname: "powerdns"

    pdns_admin_global_config:
      secret_key: "{{ lookup('passwordstore', inventory_hostname_short + '/pdnsadmin_secretkey') }}"
      login_title: "Freifunk MWU DNS Management"
      log_level: "INFO"
      log_file: "pdns-admin.log"

    pdns_admin_database_config:
      sqla_db_user: "pdns-admin"
      sqla_db_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_pdns-admin subkey=secret') }}"
      sqla_db_host: "127.0.0.1"
      sqla_db_name: "pdns-admin"
      sqlalchemy_track_modifications: True
Update Playbook dns.yml * update passwordstore lookup usage: use other subkey than 'password' * add mysql_bind_address 2019-03-22 19:48:47 +01:00			`#!/usr/bin/ansible-playbook`
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00			`---`
			`- name: Manage DNS Internal Master Server.`
Update Playbook dns.yml * update passwordstore lookup usage: use other subkey than 'password' * add mysql_bind_address 2019-03-22 19:48:47 +01:00			`hosts: kichererbse.freifunk-mwu.de`
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00
			`roles:`
			`- service-nginx`
			`- nodejs`
			`- yarn`
			`- geerlingguy.mysql`
			`- powerdns.pdns`
			`- pdns-admin`

			`vars:`
Update Playbook dns.yml * update passwordstore lookup usage: use other subkey than 'password' * add mysql_bind_address 2019-03-22 19:48:47 +01:00			`mysql_root_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_root subkey=secret') }}"`
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00			`mysql_databases:`
			`- name: "pdns-admin"`
			`encoding: "utf8"`
			`collation: "utf8_general_ci"`
			`mysql_users:`
			`- name: "pdns-admin"`
			`host: "localhost"`
Update Playbook dns.yml * update passwordstore lookup usage: use other subkey than 'password' * add mysql_bind_address 2019-03-22 19:48:47 +01:00			`password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_pdns-admin subkey=secret') }}"`
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00			`priv: "pdns-admin.*:ALL"`
			`mysql_max_binlog_size: "100M"`
			`mysql_expire_logs_days: "10"`
Update Playbook dns.yml * update passwordstore lookup usage: use other subkey than 'password' * add mysql_bind_address 2019-03-22 19:48:47 +01:00			`mysql_bind_address: "127.0.0.1"`
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00
			`pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"`

			`pdns_mysql_databases_credentials:`
			`gmysql:`
			`priv_user: root`
Update Playbook dns.yml * update passwordstore lookup usage: use other subkey than 'password' * add mysql_bind_address 2019-03-22 19:48:47 +01:00			`priv_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_root subkey=secret') }}"`
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00			`priv_host:`
			`- "localhost"`

			`pdns_config:`
			`allow-axfr-ips: "{% for host in groups['ffmwu-gateways'] %}{{ loopback_net_ipv4 \| ipaddr(hostvars[host]['magic']) \| ipaddr('address') }},{{ loopback_net_ipv6 \| ipaddr(hostvars[host]['magic']) \| ipaddr('address') }}{% if not loop.last %},{% endif %}{% endfor %}"`
			`api: "yes"`
Update Playbook dns.yml * update passwordstore lookup usage: use other subkey than 'password' * add mysql_bind_address 2019-03-22 19:48:47 +01:00			`api-key: "{{ lookup('passwordstore', inventory_hostname_short + '/pdns_apikey') }}"`
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00			`default-soa-name: "{{ inventory_hostname }}"`
			`default-soa-mail: "admin.freifunk-mwu.de"`
			`local-port: "53"`
			`local-address: "127.0.0.1,{{ loopback_net_ipv4 \| ipaddr(magic) \| ipaddr('address') }}"`
			`local-ipv6: "::1,{{ loopback_net_ipv6 \| ipaddr(magic) \| ipaddr('address') }}"`
			`master: True`
			`only-notify: "{% for prefix in internal_prefixes %}{{ prefix.ipv4 }},{{ prefix.ipv6 }}{% if not loop.last %},{% endif %}{% endfor %}"`
			`tcp-fast-open: "50"`
			`version-string: "anonymous"`
			`webserver: "yes"`
			`webserver-address: "127.0.0.1"`
			`webserver-allow-from: "0.0.0.0/0,::/0"`
Update Playbook dns.yml * update passwordstore lookup usage: use other subkey than 'password' * add mysql_bind_address 2019-03-22 19:48:47 +01:00			`webserver-password: "{{ lookup('passwordstore', inventory_hostname_short + '/pdns_webserver') }}"`
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00
			`pdns_backends:`
			`gmysql:`
			`host: "127.0.0.1"`
			`user: "powerdns"`
Update Playbook dns.yml * update passwordstore lookup usage: use other subkey than 'password' * add mysql_bind_address 2019-03-22 19:48:47 +01:00			`password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_powerdns subkey=secret') }}"`
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00			`dbname: "powerdns"`

			`pdns_admin_global_config:`
Update Playbook dns.yml * update passwordstore lookup usage: use other subkey than 'password' * add mysql_bind_address 2019-03-22 19:48:47 +01:00			`secret_key: "{{ lookup('passwordstore', inventory_hostname_short + '/pdnsadmin_secretkey') }}"`
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00			`login_title: "Freifunk MWU DNS Management"`
			`log_level: "INFO"`
			`log_file: "pdns-admin.log"`

			`pdns_admin_database_config:`
			`sqla_db_user: "pdns-admin"`
Update Playbook dns.yml * update passwordstore lookup usage: use other subkey than 'password' * add mysql_bind_address 2019-03-22 19:48:47 +01:00			`sqla_db_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_pdns-admin subkey=secret') }}"`
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00			`sqla_db_host: "127.0.0.1"`
			`sqla_db_name: "pdns-admin"`
			`sqlalchemy_track_modifications: True`
Add linse.freifunk-mwu.de * Update Playbook dns.yml to manage linse as the external dns master server 2019-03-22 20:34:54 +01:00
			`- name: Manage DNS External Master Server.`
			`hosts: linse.freifunk-mwu.de`

			`roles:`
			`- service-nginx`
			`- nodejs`
			`- yarn`
			`- geerlingguy.mysql`
			`- powerdns.pdns`
			`- pdns-admin`

			`vars:`
			`mysql_root_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_root subkey=secret') }}"`
			`mysql_databases:`
			`- name: "pdns-admin"`
			`encoding: "utf8"`
			`collation: "utf8_general_ci"`
			`mysql_users:`
			`- name: "pdns-admin"`
			`host: "localhost"`
			`password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_pdns-admin subkey=secret') }}"`
			`priv: "pdns-admin.*:ALL"`
			`mysql_max_binlog_size: "100M"`
			`mysql_expire_logs_days: "10"`
			`mysql_bind_address: "127.0.0.1"`

			`pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"`

			`pdns_mysql_databases_credentials:`
			`gmysql:`
			`priv_user: root`
			`priv_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_root subkey=secret') }}"`
			`priv_host:`
			`- "localhost"`

			`pdns_config:`
			`allow-axfr-ips: "{% for slave in dns_external.slaves %}{{ lookup('dig', slave, 'qtype=A') \| ipaddr('address') }}{% if not loop.last %},{% endif %}{% endfor %}"`
			`api: "yes"`
			`api-key: "{{ lookup('passwordstore', inventory_hostname_short + '/pdns_apikey') }}"`
			`default-soa-name: "{{ inventory_hostname }}"`
			`default-soa-mail: "admin.freifunk-mwu.de"`
			`local-port: "53"`
			`local-address: "127.0.0.1,{{ loopback_net_ipv4 \| ipaddr(magic) \| ipaddr('address') }},{{ ansible_default_ipv4.address \| ipaddr('address') }}"`
			`local-ipv6: "::1,{{ loopback_net_ipv6 \| ipaddr(magic) \| ipaddr('address') }},{{ ansible_default_ipv6.address \| ipaddr('address') }}"`
			`master: True`
			`tcp-fast-open: "50"`
			`version-string: "anonymous"`
			`webserver: "yes"`
			`webserver-address: "127.0.0.1"`
			`webserver-allow-from: "0.0.0.0/0,::/0"`
			`webserver-password: "{{ lookup('passwordstore', inventory_hostname_short + '/pdns_webserver') }}"`

			`pdns_backends:`
			`gmysql:`
			`host: "127.0.0.1"`
			`user: "powerdns"`
			`password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_powerdns subkey=secret') }}"`
			`dbname: "powerdns"`

			`pdns_admin_global_config:`
			`secret_key: "{{ lookup('passwordstore', inventory_hostname_short + '/pdnsadmin_secretkey') }}"`
			`login_title: "Freifunk MWU DNS Management"`
			`log_level: "INFO"`
			`log_file: "pdns-admin.log"`

			`pdns_admin_database_config:`
			`sqla_db_user: "pdns-admin"`
			`sqla_db_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_pdns-admin subkey=secret') }}"`
			`sqla_db_host: "127.0.0.1"`
			`sqla_db_name: "pdns-admin"`
			`sqlalchemy_track_modifications: True`