Skip to content

Latest commit

 

History

History
161 lines (136 loc) · 3.82 KB

README.md

File metadata and controls

161 lines (136 loc) · 3.82 KB

Set of Roles

The ansible roles found in this directory has to do with managing DNS infrastructure.

Requirements

  1. For named/bind install/configuration:
  2. Root level access to a running Linux flavor (Fedora, CentOS, Red Hat Enterprise Linux)
  3. For DNS zones and records, one or more of the following:
  4. Access to nsupdate enabled infrastructure (i.e.: above mentioned bind).
  5. Access to AWS Route53 with DNS admin access enabled.

Role Variables

See Example Inventory below for more specific details. The following variable needs to be defined:

  • dns_data: A dictionary with DNS data (views, zones, records)

Example Playbooks

- hosts: new-dns-servers
  roles:
  - role: dns/cofig-dns-server-bind
  - role: dns/manage-dns-zones-bind
  - role: dns/manage-dns-records
- hosts: existing-nsupdate-servers
  roles:
  - role: dns/manage-dns-records
- hosts: route53-servers
  roles:
  - role: dns/manage-dns-zones-route53
  - role: dns/manage-dns-records

Example Inventory

Note: The values below that have a "Default: " notation are optional config values

print_dns_keys: True
dnssec_keygen_algorithm: hmac-sha512  # Default: 'HMAC-SH256'
dnssec_keygen_size: 512               # Default: '256'

dns_data:
  named_global_config:
    recursion: 'no'                   # Default: 'yes'
    dnssec_enable: 'yes'              # Default: 'no'
    dnssec_validation: 'yes'          # Default: 'no'
    dnssec_lookaside: 'no'            # Default: 'auto'
    allow_query:                      # Default: 'any'
    - 192.168.20.0/32
    - 192.168.30.0/24
    allow_transfer:                   # Default: 'any'
    - 192.168.10.11/32
    - 192.168.10.12/32
  views:
  - name: private
    named:
      recursion: 'yes'
      acl_entry:
      - 192.168.10.0/24
    default_forwarders:
    - 8.8.8.8
    zones:
    - dns_domain: first.example.com
      state: present
      named: True
      route53:
        aws_access_key: "{{ aws_access_key }}"
        aws_secret_key: "{{ aws_secret_key }}"
        vpc_id: vpc-9dcde6f8  # Private Zones only
        vpc_region: eu-west-1 # Private Zones only
        private_zone: true
        hosted_zone_id: Z07234592MWCM9XJSSPYU
      nsupdate:
      - server: "192.168.48.26"
        key_name: "private-first.example.com"
        key_secret: "EhZfRtlHgy7xTIi2LeVSGsBj99Sb8IGB6K30ovg13dE="
        key_algorithm: "hmac-sha512"
      entries:
      - type: A
        record: master
        value: 172.16.10.20
        ttl: 60
        state: present
      - type: A
        record: node1
        value: 172.16.10.21
        ttl: 60
        state: present
    - dns_domain: second.example.com
      state: present
      nsupdate:
      - server: "192.168.48.26"
        key_name: "private-second.example.com"
        key_secret: "+UYdpSzdQyZ20V9/2Ud9RjHFz9Pouqn4aXP3V9X/gq4="
        key_algorithm: "hmac-sha512"
      entries:
      - type: A
        record: master
        value: 172.17.9.20
        state: absent
      - type: A
        record: master
        value: 172.17.10.20
        state: present
      - type: A
        record: node1
        value: 172.17.10.20
        state: present
    - dns_domain: third.example.com
      state: present
      named: True
      type: forward
      forwarders:
      - 192.168.48.27
  - name: public
    zones:
    - dns_domain: first.example.com
      route53:
        aws_access_key: "{{ aws_access_key }}"
        aws_secret_key: "{{ aws_secret_key }}"
      entries:
      - type: A
        record: master
        value: 10.9.10.20
        state: present
      - type: A
        record: node1
        value: 10.9.10.21
        state: present

License

Apache License 2.0

Author Information

Red Hat Community of Practice & staff of the Red Hat Open Innovation Labs.