The ansible roles found in this directory has to do with managing DNS infrastructure.
- For named/bind install/configuration:
- Root level access to a running Linux flavor (Fedora, CentOS, Red Hat Enterprise Linux)
- For DNS zones and records, one or more of the following:
- Access to nsupdate enabled infrastructure (i.e.: above mentioned bind).
- Access to AWS Route53 with DNS admin access enabled.
See Example Inventory below for more specific details. The following variable needs to be defined:
dns_data: A dictionary with DNS data (views, zones, records)
- hosts: new-dns-servers
roles:
- role: dns/cofig-dns-server-bind
- role: dns/manage-dns-zones-bind
- role: dns/manage-dns-records
- hosts: existing-nsupdate-servers
roles:
- role: dns/manage-dns-records
- hosts: route53-servers
roles:
- role: dns/manage-dns-zones-route53
- role: dns/manage-dns-records
Note: The values below that have a "Default: " notation are optional config values
print_dns_keys: True
dnssec_keygen_algorithm: hmac-sha512 # Default: 'HMAC-SH256'
dnssec_keygen_size: 512 # Default: '256'
dns_data:
named_global_config:
recursion: 'no' # Default: 'yes'
dnssec_enable: 'yes' # Default: 'no'
dnssec_validation: 'yes' # Default: 'no'
dnssec_lookaside: 'no' # Default: 'auto'
allow_query: # Default: 'any'
- 192.168.20.0/32
- 192.168.30.0/24
allow_transfer: # Default: 'any'
- 192.168.10.11/32
- 192.168.10.12/32
views:
- name: private
named:
recursion: 'yes'
acl_entry:
- 192.168.10.0/24
default_forwarders:
- 8.8.8.8
zones:
- dns_domain: first.example.com
state: present
named: True
route53:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
vpc_id: vpc-9dcde6f8 # Private Zones only
vpc_region: eu-west-1 # Private Zones only
private_zone: true
hosted_zone_id: Z07234592MWCM9XJSSPYU
nsupdate:
- server: "192.168.48.26"
key_name: "private-first.example.com"
key_secret: "EhZfRtlHgy7xTIi2LeVSGsBj99Sb8IGB6K30ovg13dE="
key_algorithm: "hmac-sha512"
entries:
- type: A
record: master
value: 172.16.10.20
ttl: 60
state: present
- type: A
record: node1
value: 172.16.10.21
ttl: 60
state: present
- dns_domain: second.example.com
state: present
nsupdate:
- server: "192.168.48.26"
key_name: "private-second.example.com"
key_secret: "+UYdpSzdQyZ20V9/2Ud9RjHFz9Pouqn4aXP3V9X/gq4="
key_algorithm: "hmac-sha512"
entries:
- type: A
record: master
value: 172.17.9.20
state: absent
- type: A
record: master
value: 172.17.10.20
state: present
- type: A
record: node1
value: 172.17.10.20
state: present
- dns_domain: third.example.com
state: present
named: True
type: forward
forwarders:
- 192.168.48.27
- name: public
zones:
- dns_domain: first.example.com
route53:
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
entries:
- type: A
record: master
value: 10.9.10.20
state: present
- type: A
record: node1
value: 10.9.10.21
state: present
Apache License 2.0
Red Hat Community of Practice & staff of the Red Hat Open Innovation Labs.