Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- - name: Ensure EPEL repository is enabled
- copy: src=../files/epel.repo
- dest=/etc/yum.repos.d/
- owner=root group=root mode=0644
- - name: Ensure PowerDNS and dependancies are installed
- yum: update_cache=yes name={{ item }} state=latest
- with_items:
- - mariadb-server
- - mariadb
- - pdns-backend-mysql
- - pdns
- - MySQL-python
- - name: Start the MySQL service
- action: service name=mariadb state=started enabled=yes
- - name: Ensure my.cnf is present
- template: src=../templates/my.cnf.j2 dest=/root/.my.cnf owner=root group=root
- - name: Ensure SQL setup file is present
- copy: src=../templates/setup.sql.j2 dest=~/setup.sql
- register: mysqlsetup
- - name: Create PowerDNS Database
- mysql_db: name=powerdns state=present
- when: mysqlsetup.changed
- - name: Import default database
- mysql_db: name=powerdns state=import target=~/setup.sql
- when: mysqlsetup.changed
- #- name: Ensure MYSQLDB Python module is installed
- # pip: name=MySQL-python
- - name: Ensure MYSQL root password is set
- mysql_user: name=root host={{ item }} password=rsi!lus
- with_items:
- - 127.0.0.1
- - "{{ ansible_hostname }}"
- - ::1
- - localhost
- - name: Ensure MySQL powerdns users exist
- mysql_user: name=powerdns password={{ mysql_powerdns_password }} host={{ item }} state=present
- with_items:
- - localhost
- - name: Ensure PowerDNS user can access PowerDNS database
- mysql_user: name=powerdns
- priv=powerdns.*:ALL,GRANT
- state=present
- - name: Ensure Hostbill user exists
- mysql_user: name=pdnshostbill password={{ mysql_hostbill_password }} host={{ hostbill_private_ip }} priv=powerdns.*:ALL state=present
- #- name: Ensure Hostbill user can access PowerDNS database
- # mysql_user: name=pdnshostbill priv=powerdns.*:ALL state=present
- - name: Ensure powerdns directory exists
- command: mkdir /etc/pdns
- args:
- creates: /etc/pdns
- - name: Ensure powerdns distributed config directory exists
- command: mkdir /etc/pdns/pdns.d
- args:
- creates: /etc/pdns/pdns.d
- - name: Ensure pdns.conf exists
- command: touch /etc/pdns/pdns.conf
- args:
- creates: /etc/pdns/pdns.conf
- - name: Ensure common elements are in pdns.conf
- lineinfile: "dest=/etc/pdns/pdns.conf line={{ item.line }} regexp={{ item.regexp }}"
- notify: Restart powerdns
- with_items:
- - { regexp: '^launch=', line: ' ' }
- - { regexp: '^loglevel=', line: 'loglevel=7' }
- - { regexp: '^setgid=', line: 'setgid=pdns' }
- - { regexp: '^setuid=', line: 'setuid=pdns' }
- - { regexp: '^version-string=', line: 'version-string=powerdns' }
- - { regexp: '^include-dir=', line: 'include-dir=/etc/pdns/pdns.d' }
- - name: Ensure master elements are in pdns.conf
- lineinfile: "dest=/etc/pdns/pdns.conf line={{ item.line }} regexp={{ item.regexp }}"
- notify: Restart powerdns
- when: ansible_fqdn == 'custns1.rsi-green.com'
- with_items:
- - { regexp: '^allow-axfr-ips=', line: 'allow-axfr-ips=66.194.167.0/24' }
- - { regexp: '^disable-axfr=', line: 'disable-axfr=no' }
- - { regexp: '^master=', line: 'master=yes' }
- - { regexp: '^slave=', line: 'slave=no' }
- - name: Ensure slave elements are in pdns.conf
- lineinfile: "dest=/etc/pdns/pdns.conf line={{ item.line }} regexp={{ item.regexp }}"
- notify: Restart powerdns
- when: ansible_fqdn != 'custns1.rsi-green.com'
- with_items:
- - { regexp: '^disable-axfr=', line: 'disable-axfr=yes' }
- - { regexp: '^master=', line: 'master=no' }
- - { regexp: '^slave=', line: 'slave=yes' }
- - { regexp: '^slave-cycle-interval=', line: 'slave-cycle-interval=60' }
- - name: Ensure PowerDNS is configured to access database
- template: src=../templates/pdns.local.gmysql.conf dest=/etc/pdns/pdns.d/pdns.local.gmysql.conf
- notify: Restart powerdns
- - name: Ensure powerdns is started
- service: name=pdns state=started enabled=yes
- - name: Ensure firewalld is configured to pass dns traffic
- firewalld: service=dns zone=public permanent=true state=enabled
- - name: Ensure firewalld is configured to pass mysql traffic
- firewalld: service=mysql zone=public permanent=true state=enabled
Add Comment
Please, Sign In to add comment