Merge branch 'bind' into 'newinfra'
[bind-authoritative] Query LDAP for IPs See merge request nounous/ansible!69certbot_on_virtu
commit
496e36f1b4
|
|
@ -2,7 +2,8 @@
|
|||
---
|
||||
# Deploy recursive DNS cache server
|
||||
- hosts: routeur-sam.adm.crans.org,routeur-daniel.adm.crans.org
|
||||
roles: ["bind-recursive"]
|
||||
roles:
|
||||
- bind-recursive
|
||||
|
||||
# Deploy authoritative DNS server
|
||||
- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
|
||||
|
|
@ -10,11 +11,12 @@
|
|||
certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
|
||||
certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
|
||||
bind:
|
||||
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
|
||||
slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
|
||||
masters: "{{ query('ldap', 'role', 'dns-primary') }}"
|
||||
slaves: "{{ query('ldap', 'role', 'dns-secondary') }}"
|
||||
zones: "{{ (lookup('re2oapi', 'dnszones') + query('ldap', 'zones')) | unique }}"
|
||||
reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
|
||||
roles: ["bind-authoritative"]
|
||||
roles:
|
||||
- bind-authoritative
|
||||
|
||||
- hosts: silice.adm.crans.org
|
||||
vars:
|
||||
|
|
|
|||
|
|
@ -7,14 +7,6 @@
|
|||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Lookup DNS servers
|
||||
set_fact:
|
||||
masters_ipv4: "{{ bind.masters | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"
|
||||
masters_ipv6: "{{ bind.masters | json_query('servers[].interface[?vlan_id==`2`].ipv6[][].ipv6') }}"
|
||||
slaves_ipv4: "{{ bind.slaves | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"
|
||||
slaves_ipv6: "{{ bind.slaves | json_query('servers[].interface[?vlan_id==`2`].ipv6[][].ipv6') }}"
|
||||
cacheable: true
|
||||
|
||||
- name: Is this the master?
|
||||
set_fact:
|
||||
is_master: "{{ ansible_hostname in query('ldap', 'role', 'dns-primary') }}"
|
||||
|
|
|
|||
|
|
@ -27,11 +27,10 @@ zone "_acme-challenge.crans.org" {
|
|||
{% else %}
|
||||
type slave;
|
||||
masters {
|
||||
{% for ip in masters_ipv4 %}
|
||||
{% for host in bind.masters %}
|
||||
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||
{{ ip }};
|
||||
{% endfor -%}
|
||||
{% for ip in masters_ipv6 %}
|
||||
{{ ip }};
|
||||
{% endfor %}
|
||||
};
|
||||
notify no;
|
||||
|
|
@ -50,11 +49,10 @@ zone "_acme-challenge.adm.crans.org" {
|
|||
{% else %}
|
||||
type slave;
|
||||
masters {
|
||||
{% for ip in masters_ipv4 %}
|
||||
{% for host in bind.masters %}
|
||||
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||
{{ ip }};
|
||||
{% endfor -%}
|
||||
{% for ip in masters_ipv6 %}
|
||||
{{ ip }};
|
||||
{% endfor %}
|
||||
};
|
||||
notify no;
|
||||
|
|
@ -72,11 +70,10 @@ zone "_acme-challenge.crans.fr" {
|
|||
{% else %}
|
||||
type slave;
|
||||
masters {
|
||||
{% for ip in masters_ipv4 %}
|
||||
{% for host in bind.masters %}
|
||||
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||
{{ ip }};
|
||||
{% endfor -%}
|
||||
{% for ip in masters_ipv6 %}
|
||||
{{ ip }};
|
||||
{% endfor %}
|
||||
};
|
||||
notify no;
|
||||
|
|
@ -94,11 +91,10 @@ zone "_acme-challenge.crans.eu" {
|
|||
{% else %}
|
||||
type slave;
|
||||
masters {
|
||||
{% for ip in masters_ipv4 %}
|
||||
{% for host in bind.masters %}
|
||||
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||
{{ ip }};
|
||||
{% endfor -%}
|
||||
{% for ip in masters_ipv6 %}
|
||||
{{ ip }};
|
||||
{% endfor %}
|
||||
};
|
||||
notify no;
|
||||
|
|
@ -118,11 +114,10 @@ zone "{{ zone }}" {
|
|||
type slave;
|
||||
file "bak.{{ zone }}";
|
||||
masters {
|
||||
{% for ip in masters_ipv4 %}
|
||||
{{ ip }};
|
||||
{% endfor %}
|
||||
{% for ip in masters_ipv6 %}
|
||||
{% for host in bind.masters %}
|
||||
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||
{{ ip }};
|
||||
{% endfor -%}
|
||||
{% endfor %}
|
||||
};
|
||||
notify no;
|
||||
|
|
@ -143,11 +138,10 @@ zone "{{ zone }}" {
|
|||
type slave;
|
||||
file "bak.{{ zone }}";
|
||||
masters {
|
||||
{% for ip in masters_ipv4 %}
|
||||
{{ ip }};
|
||||
{% endfor %}
|
||||
{% for ip in masters_ipv6 %}
|
||||
{% for host in bind.masters %}
|
||||
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||
{{ ip }};
|
||||
{% endfor -%}
|
||||
{% endfor %}
|
||||
};
|
||||
notify no;
|
||||
|
|
|
|||
|
|
@ -32,20 +32,18 @@ options {
|
|||
|
||||
{% if is_master %}
|
||||
allow-transfer {
|
||||
{% for ip in slaves_ipv4 %}
|
||||
{% for host in bind.slaves %}
|
||||
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||
{{ ip }};
|
||||
{% endfor %}
|
||||
{% for ip in slaves_ipv6 %}
|
||||
{{ ip }};
|
||||
{% endfor %}
|
||||
};
|
||||
|
||||
also-notify {
|
||||
{% for ip in slaves_ipv4 %}
|
||||
{% for host in bind.slaves %}
|
||||
{% for ip in query('ldap', 'ip', host, 'adm') %}
|
||||
{{ ip }};
|
||||
{% endfor %}
|
||||
{% for ip in slaves_ipv6 %}
|
||||
{{ ip }};
|
||||
{% endfor %}
|
||||
};
|
||||
{% else %}
|
||||
|
|
|
|||
Loading…
Reference in New Issue