Update Playbook dns.yml

* update passwordstore lookup usage: use other subkey than 'password'
 * add mysql_bind_address
This commit is contained in:
Tobias Hachmer 2019-03-22 19:48:47 +01:00
parent f0eeb53442
commit 91e8a2ff3d
No known key found for this signature in database
GPG key ID: E112788464CA5C60

20
playbooks/dns.yml Normal file → Executable file
View file

@ -1,6 +1,7 @@
#!/usr/bin/ansible-playbook
--- ---
- name: Manage DNS Internal Master Server. - name: Manage DNS Internal Master Server.
hosts: dns-master-internal hosts: kichererbse.freifunk-mwu.de
roles: roles:
- service-nginx - service-nginx
@ -11,7 +12,7 @@
- pdns-admin - pdns-admin
vars: vars:
mysql_root_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_root subkey=password') }}" mysql_root_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_root subkey=secret') }}"
mysql_databases: mysql_databases:
- name: "pdns-admin" - name: "pdns-admin"
encoding: "utf8" encoding: "utf8"
@ -19,24 +20,25 @@
mysql_users: mysql_users:
- name: "pdns-admin" - name: "pdns-admin"
host: "localhost" host: "localhost"
password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_pdns-admin subkey=password') }}" password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_pdns-admin subkey=secret') }}"
priv: "pdns-admin.*:ALL" priv: "pdns-admin.*:ALL"
mysql_max_binlog_size: "100M" mysql_max_binlog_size: "100M"
mysql_expire_logs_days: "10" mysql_expire_logs_days: "10"
mysql_bind_address: "127.0.0.1"
pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}" pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"
pdns_mysql_databases_credentials: pdns_mysql_databases_credentials:
gmysql: gmysql:
priv_user: root priv_user: root
priv_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_root subkey=password') }}" priv_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_root subkey=secret') }}"
priv_host: priv_host:
- "localhost" - "localhost"
pdns_config: pdns_config:
allow-axfr-ips: "{% for host in groups['ffmwu-gateways'] %}{{ loopback_net_ipv4 | ipaddr(hostvars[host]['magic']) | ipaddr('address') }},{{ loopback_net_ipv6 | ipaddr(hostvars[host]['magic']) | ipaddr('address') }}{% if not loop.last %},{% endif %}{% endfor %}" allow-axfr-ips: "{% for host in groups['ffmwu-gateways'] %}{{ loopback_net_ipv4 | ipaddr(hostvars[host]['magic']) | ipaddr('address') }},{{ loopback_net_ipv6 | ipaddr(hostvars[host]['magic']) | ipaddr('address') }}{% if not loop.last %},{% endif %}{% endfor %}"
api: "yes" api: "yes"
api-key: "{{ lookup('passwordstore', inventory_hostname_short + '/pdns_apikey subkey=api-key') }}" api-key: "{{ lookup('passwordstore', inventory_hostname_short + '/pdns_apikey') }}"
default-soa-name: "{{ inventory_hostname }}" default-soa-name: "{{ inventory_hostname }}"
default-soa-mail: "admin.freifunk-mwu.de" default-soa-mail: "admin.freifunk-mwu.de"
local-port: "53" local-port: "53"
@ -49,24 +51,24 @@
webserver: "yes" webserver: "yes"
webserver-address: "127.0.0.1" webserver-address: "127.0.0.1"
webserver-allow-from: "0.0.0.0/0,::/0" webserver-allow-from: "0.0.0.0/0,::/0"
webserver-password: "{{ lookup('passwordstore', inventory_hostname_short + '/pdns_webserver subkey=password') }}" webserver-password: "{{ lookup('passwordstore', inventory_hostname_short + '/pdns_webserver') }}"
pdns_backends: pdns_backends:
gmysql: gmysql:
host: "127.0.0.1" host: "127.0.0.1"
user: "powerdns" user: "powerdns"
password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_powerdns subkey=password') }}" password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_powerdns subkey=secret') }}"
dbname: "powerdns" dbname: "powerdns"
pdns_admin_global_config: pdns_admin_global_config:
secret_key: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_pdns-admin subkey=password') }}" secret_key: "{{ lookup('passwordstore', inventory_hostname_short + '/pdnsadmin_secretkey') }}"
login_title: "Freifunk MWU DNS Management" login_title: "Freifunk MWU DNS Management"
log_level: "INFO" log_level: "INFO"
log_file: "pdns-admin.log" log_file: "pdns-admin.log"
pdns_admin_database_config: pdns_admin_database_config:
sqla_db_user: "pdns-admin" sqla_db_user: "pdns-admin"
sqla_db_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_pdns-admin subkey=password') }}" sqla_db_password: "{{ lookup('passwordstore', inventory_hostname_short + '/mysql_pdns-admin subkey=secret') }}"
sqla_db_host: "127.0.0.1" sqla_db_host: "127.0.0.1"
sqla_db_name: "pdns-admin" sqla_db_name: "pdns-admin"
sqlalchemy_track_modifications: True sqlalchemy_track_modifications: True