Merge branch 'bind' into 'newinfra'
[bind-authoritative] Query LDAP for IPs See merge request nounous/ansible!69certbot_on_virtu
commit
496e36f1b4
|
|
@ -2,7 +2,8 @@
|
||||||
---
|
---
|
||||||
# Deploy recursive DNS cache server
|
# Deploy recursive DNS cache server
|
||||||
- hosts: routeur-sam.adm.crans.org,routeur-daniel.adm.crans.org
|
- hosts: routeur-sam.adm.crans.org,routeur-daniel.adm.crans.org
|
||||||
roles: ["bind-recursive"]
|
roles:
|
||||||
|
- bind-recursive
|
||||||
|
|
||||||
# Deploy authoritative DNS server
|
# Deploy authoritative DNS server
|
||||||
- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
|
- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
|
||||||
|
|
@ -10,11 +11,12 @@
|
||||||
certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
|
certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
|
||||||
certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
|
certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
|
||||||
bind:
|
bind:
|
||||||
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
|
masters: "{{ query('ldap', 'role', 'dns-primary') }}"
|
||||||
slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
|
slaves: "{{ query('ldap', 'role', 'dns-secondary') }}"
|
||||||
zones: "{{ (lookup('re2oapi', 'dnszones') + query('ldap', 'zones')) | unique }}"
|
zones: "{{ (lookup('re2oapi', 'dnszones') + query('ldap', 'zones')) | unique }}"
|
||||||
reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
|
reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
|
||||||
roles: ["bind-authoritative"]
|
roles:
|
||||||
|
- bind-authoritative
|
||||||
|
|
||||||
- hosts: silice.adm.crans.org
|
- hosts: silice.adm.crans.org
|
||||||
vars:
|
vars:
|
||||||
|
|
|
||||||
|
|
@ -7,14 +7,6 @@
|
||||||
retries: 3
|
retries: 3
|
||||||
until: apt_result is succeeded
|
until: apt_result is succeeded
|
||||||
|
|
||||||
- name: Lookup DNS servers
|
|
||||||
set_fact:
|
|
||||||
masters_ipv4: "{{ bind.masters | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"
|
|
||||||
masters_ipv6: "{{ bind.masters | json_query('servers[].interface[?vlan_id==`2`].ipv6[][].ipv6') }}"
|
|
||||||
slaves_ipv4: "{{ bind.slaves | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"
|
|
||||||
slaves_ipv6: "{{ bind.slaves | json_query('servers[].interface[?vlan_id==`2`].ipv6[][].ipv6') }}"
|
|
||||||
cacheable: true
|
|
||||||
|
|
||||||
- name: Is this the master?
|
- name: Is this the master?
|
||||||
set_fact:
|
set_fact:
|
||||||
is_master: "{{ ansible_hostname in query('ldap', 'role', 'dns-primary') }}"
|
is_master: "{{ ansible_hostname in query('ldap', 'role', 'dns-primary') }}"
|
||||||
|
|
|
||||||
|
|
@ -27,11 +27,10 @@ zone "_acme-challenge.crans.org" {
|
||||||
{% else %}
|
{% else %}
|
||||||
type slave;
|
type slave;
|
||||||
masters {
|
masters {
|
||||||
{% for ip in masters_ipv4 %}
|
{% for host in bind.masters %}
|
||||||
|
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||||
{{ ip }};
|
{{ ip }};
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
{% for ip in masters_ipv6 %}
|
|
||||||
{{ ip }};
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
notify no;
|
notify no;
|
||||||
|
|
@ -50,11 +49,10 @@ zone "_acme-challenge.adm.crans.org" {
|
||||||
{% else %}
|
{% else %}
|
||||||
type slave;
|
type slave;
|
||||||
masters {
|
masters {
|
||||||
{% for ip in masters_ipv4 %}
|
{% for host in bind.masters %}
|
||||||
|
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||||
{{ ip }};
|
{{ ip }};
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
{% for ip in masters_ipv6 %}
|
|
||||||
{{ ip }};
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
notify no;
|
notify no;
|
||||||
|
|
@ -72,11 +70,10 @@ zone "_acme-challenge.crans.fr" {
|
||||||
{% else %}
|
{% else %}
|
||||||
type slave;
|
type slave;
|
||||||
masters {
|
masters {
|
||||||
{% for ip in masters_ipv4 %}
|
{% for host in bind.masters %}
|
||||||
|
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||||
{{ ip }};
|
{{ ip }};
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
{% for ip in masters_ipv6 %}
|
|
||||||
{{ ip }};
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
notify no;
|
notify no;
|
||||||
|
|
@ -94,11 +91,10 @@ zone "_acme-challenge.crans.eu" {
|
||||||
{% else %}
|
{% else %}
|
||||||
type slave;
|
type slave;
|
||||||
masters {
|
masters {
|
||||||
{% for ip in masters_ipv4 %}
|
{% for host in bind.masters %}
|
||||||
|
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||||
{{ ip }};
|
{{ ip }};
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
{% for ip in masters_ipv6 %}
|
|
||||||
{{ ip }};
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
notify no;
|
notify no;
|
||||||
|
|
@ -118,11 +114,10 @@ zone "{{ zone }}" {
|
||||||
type slave;
|
type slave;
|
||||||
file "bak.{{ zone }}";
|
file "bak.{{ zone }}";
|
||||||
masters {
|
masters {
|
||||||
{% for ip in masters_ipv4 %}
|
{% for host in bind.masters %}
|
||||||
{{ ip }};
|
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||||
{% endfor %}
|
|
||||||
{% for ip in masters_ipv6 %}
|
|
||||||
{{ ip }};
|
{{ ip }};
|
||||||
|
{% endfor -%}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
notify no;
|
notify no;
|
||||||
|
|
@ -143,11 +138,10 @@ zone "{{ zone }}" {
|
||||||
type slave;
|
type slave;
|
||||||
file "bak.{{ zone }}";
|
file "bak.{{ zone }}";
|
||||||
masters {
|
masters {
|
||||||
{% for ip in masters_ipv4 %}
|
{% for host in bind.masters %}
|
||||||
{{ ip }};
|
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||||
{% endfor %}
|
|
||||||
{% for ip in masters_ipv6 %}
|
|
||||||
{{ ip }};
|
{{ ip }};
|
||||||
|
{% endfor -%}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
notify no;
|
notify no;
|
||||||
|
|
|
||||||
|
|
@ -32,20 +32,18 @@ options {
|
||||||
|
|
||||||
{% if is_master %}
|
{% if is_master %}
|
||||||
allow-transfer {
|
allow-transfer {
|
||||||
{% for ip in slaves_ipv4 %}
|
{% for host in bind.slaves %}
|
||||||
|
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||||
{{ ip }};
|
{{ ip }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for ip in slaves_ipv6 %}
|
|
||||||
{{ ip }};
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
|
|
||||||
also-notify {
|
also-notify {
|
||||||
{% for ip in slaves_ipv4 %}
|
{% for host in bind.slaves %}
|
||||||
|
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||||
{{ ip }};
|
{{ ip }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for ip in slaves_ipv6 %}
|
|
||||||
{{ ip }};
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
};
|
};
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue