{"id":4863,"sha1":"8fc163f4e5304063be3d7e28878ac876b3367bf1","playbook":{"id":2757,"items":{"plays":1,"tasks":15,"results":30,"hosts":2,"files":1,"records":0},"arguments":{"version":null,"verbosity":2,"private_key_file":"/home/ssh-gateway/.ssh/id_rsa","remote_user":"root","connection":"ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":false,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/ssh-gateway/ansible/kuly/new-ynh.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":20,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["install_superDNS.yaml"]},"labels":[{"id":1,"name":"remote_user:root"},{"id":2,"name":"check:False"},{"id":3,"name":"tags:all"}],"started":"2025-04-15T12:31:46.700868+01:00","ended":"2025-04-15T12:32:49.969726+01:00","duration":"00:01:03.268858","name":null,"ansible_version":"2.16.11","client_version":"1.7.2","python_version":"3.10.10","server_version":"1.7.2","status":"failed","path":"/home/ssh-gateway/ansible/kuly/install_superDNS.yaml","controller":"ssh-gw-4.layershift.com","user":"root"},"content":"---\n- name: Playbook to install SuperDNS PDNS on alma8\n  hosts: all\n  gather_facts: false\n  tasks:\n    - name: Add firewall rules\n      ansible.builtin.shell: |\n        set -o pipefail\n        iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT\n        iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT\n        iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT\n        iptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT\n        iptables -A INPUT -s 127.0.0.1 -p tcp -m tcp --dport 8081 -j ACCEPT\n        service iptables save\n      args:\n        executable: /bin/bash\n      changed_when: false\n\n    - name: Install prerequisite packages\n      ansible.builtin.dnf:\n        name:\n          - epel-release\n          - vim\n          - wget\n          - net-tools\n          - bind-utils\n        state: latest\n\n    - name: Install MariaDB\n      ansible.builtin.shell: |\n        set -o pipefail\n        dnf -y module reset mariadb\n        dnf -y module install mariadb:10.11\n        systemctl restart mariadb; systemctl enable mariadb\n      args:\n        executable: /bin/bash\n      changed_when: false\n\n    - name: Secure MariaDB installation\n      ansible.builtin.shell: |\n        set -o pipefail\n        my_root_pass=$(pwgen -s 20 | head -1)\n        cat > /root/mysql_secure_install.sql << EOF\n        ALTER USER 'root'@'localhost' IDENTIFIED BY '$my_root_pass';\n        DELETE FROM mysql.user WHERE User='';\n        DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');\n        DROP DATABASE IF EXISTS test;\n        DELETE FROM mysql.db WHERE Db='test' OR Db='test\\\\_%';\n        FLUSH PRIVILEGES;\n        EOF\n        mysql -sfu root < /root/mysql_secure_install.sql; rm -f /root/mysql_secure_install.sql\n        echo -e \"[mysql]\\nuser=\\\"root\\\"\\npassword=\\\"$my_root_pass\\\"\\n\" > /root/.my.cnf\n      args:\n        executable: /bin/bash\n      changed_when: false\n\n    - name: Install pdns packages\n      ansible.builtin.dnf:\n        name:\n          - pdns\n          - pdns-backend-mysql\n          - pdns-tools\n        state: latest\n    - name: Create powertdns database\n      ansible.builtin.shell: |\n        set -o pipefail\n        pwgen -s 20 | head -1 > /root/pdns_pass.txt\n        mysql -e \"CREATE DATABASE powerdns\"\n        mysql -e \"CREATE USER 'powerdns'@'localhost' IDENTIFIED BY '$(cat /root/pdns_pass.txt)'\"\n        mysql -e \"GRANT ALL PRIVILEGES ON powerdns.* TO 'powerdns'@'localhost'\"\n        mysql -e \"flush privileges\"\n        mysql powerdns < /usr/share/doc/pdns-backend-mysql/schema.mysql.sql\n        echo -e \"database=\\\"powerdns\\\"\" >> /root/.my.cnf\n      args:\n        executable: /bin/bash\n      changed_when: false\n\n    - name: Ensure bind-address is set in MariaDB configuration\n      ansible.builtin.lineinfile:\n        path: /etc/my.cnf.d/mariadb-server.cnf\n        regexp: '^bind-address'\n        line: 'bind-address = 127.0.0.1'\n        insertafter: '[mysqld]'\n        state: present\n        backup: true\n\n    - name: Restart MariaDB service\n      ansible.builtin.systemd:\n        name: mariadb\n        state: restarted\n\n    - name: Backup the default PowerDNS config\n      ansible.builtin.command: mv /etc/pdns/pdns.conf /etc/pdns/pdns.conf_orig\n      args:\n        creates: /etc/pdns/pdns.conf_orig\n\n    - name: Grab generated pdns pass\n      ansible.builtin.slurp:\n        src: /root/pdns_pass.txt\n      register: slurped_pdns_pass\n\n    - name: Decode the pdns_pass.txt content\n      ansible.builtin.set_fact:\n        pdns_pass: \"{{ slurped_pdns_pass.content | b64decode | trim }}\"\n\n    - name: Configure PowerDNS with the DB credentials\n      when: pdns_pass is defined\n      ansible.builtin.copy:\n        dest: /etc/pdns/pdns.conf\n        content: |\n          launch=gmysql\n          gmysql-host=localhost\n          gmysql-user=powerdns\n          gmysql-dbname=powerdns\n          gmysql-password={{ pdns_pass }}\n          allow-axfr-ips={{ master_ip }}/32\n          allow-dnsupdate-from={{ master_ip }}/32\n          allow-notify-from={{ master_ip }}/32\n          daemon=yes\n          disable-axfr=no\n          dnsupdate=yes\n          guardian=no\n          local-port=53\n          log-dns-queries=yes\n          log-timestamp=yes\n          loglevel=9\n          setgid=pdns\n          setuid=pdns\n          secondary=yes\n          autosecondary=yes\n        mode: '0644'\n\n    - name: Restart and enable PowerDNS service\n      ansible.builtin.systemd:\n        name: pdns\n        state: restarted\n        enabled: true\n\n    - name: Check the status of PowerDNS service\n      ansible.builtin.systemd:\n        name: pdns\n        state: started\n\n    - name: Add the supermasters\n      ansible.builtin.shell: |\n        set -o pipefail\n        mysql -e \"insert into supermasters values('{{ master_ip }}', '{{ ns1 }}', 'admin')\"\n        mysql -e \"insert into supermasters values('{{ master_ip }}', '{{ ns2 }}', 'admin')\"\n      args:\n        executable: /bin/bash\n      changed_when: false\n    - name: Install 360 monitor\n      ansible.builtin.shell: |\n        set -o pipefail\n        mon_pass=$(pwgen -s 20 | head -1)\n        echo -e \"webserver=yes\\nwebserver-address=127.0.0.1\\\n        \\nwebserver-port=8081\\napi=yes\\napi-key=$mon_pass\\\n        \\nwebserver-allow-from=127.0.0.1\" \\\n        >> /etc/pdns/pdns.conf\n        systemctl restart pdns.service\n        curl -Ls https://tgz.thecode.casa/agent360_plugins/install.sh  | bash -s powerdns\n        sed -i \"s/api_key=change_me/api_key=$mon_pass/g\" /etc/agent360-custom.ini\n        sed -i \"s/localhost:8081/127.0.0.1:8081/g\" /etc/agent360-custom.ini\n        systemctl restart agent360.service\n        sudo -u agent360 /usr/local/bin/agent360 test powerdns\n      args:\n        executable: /bin/bash\n      changed_when: false\n      register: agent_out\n\n    - name: Show monitor status\n      ansible.builtin.debug:\n        var: agent_out\n","created":"2025-04-15T12:31:46.719790+01:00","updated":"2025-04-15T12:31:46.719825+01:00","path":"/home/ssh-gateway/ansible/kuly/install_superDNS.yaml"}