Execution
Date
18 Sep 2024 10:37:56 +0100
Duration
00:00:58.57
Controller
ssh-gw-4.layershift.com
User
root
Versions
Ansible
2.16.11
ara
1.7.2 / 1.7.2
Python
3.10.10
Summary
1
Hosts
12
Tasks
12
Results
1
Plays
1
Files
0
Records
File: /home/ssh-gateway/ansible/kuly/install_superDNS.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 | --- - name: Playbook to install SuperDNS PDNS on alma8 hosts: all gather_facts: false tasks: - name: Add firewall rules ansible.builtin.shell: | set -o pipefail iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT iptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT iptables -A INPUT -s 127.0.0.1 -p tcp -m tcp --dport 8081 -j ACCEPT args: executable: /bin/bash changed_when: false - name: Install prerequisite packages ansible.builtin.dnf: name: - epel-release - vim - wget - net-tools - bind-utils state: latest - name: Install MariaDB ansible.builtin.shell: | set -o pipefail dnf -y module reset mariadb dnf -y module install mariadb:10.11 systemctl restart mariadb; systemctl enable mariadb args: executable: /bin/bash changed_when: false - name: Secure MariaDB installation ansible.builtin.shell: | set -o pipefail my_root_pass=`pwgen -s 20 | head -1` cat > /root/mysql_secure_install.sql << EOF ALTER USER 'root'@'localhost' IDENTIFIED BY '$my_root_pass'; DELETE FROM mysql.user WHERE User=''; DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); DROP DATABASE IF EXISTS test; DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'; FLUSH PRIVILEGES; EOF mysql -sfu root < /root/mysql_secure_install.sql; rm -f /root/mysql_secure_install.sql echo -e "[mysql]\nuser=\"root\"\npassword=\"$my_root_pass\"" > /root/.my.cnf args: executable: /bin/bash changed_when: false - name: Install pdns packages ansible.builtin.dnf: name: - pdns - pdns-backend-mysql - pdns-tools state: latest - name: Create powertdns database ansible.builtin.shell: | set -o pipefail mysql -e "CREATE DATABASE powerdns" mysql -e "CREATE USER 'powerdns'@'localhost' IDENTIFIED BY 'Lu6B1jvVEFvU'" mysql -e "GRANT ALL PRIVILEGES ON powerdns.* TO 'powerdns'@'localhost'" mysql -e "flush privileges" mysql powerdns < /usr/share/doc/pdns-backend-mysql/schema.mysql.sql args: executable: /bin/bash changed_when: false - name: Ensure bind-address is set in MariaDB configuration ansible.builtin.lineinfile: path: /etc/my.cnf.d/mariadb-server.cnf regexp: '^bind-address' line: 'bind-address = 127.0.0.1' insertafter: '[mysqld]' state: present backup: true - name: Restart MariaDB service ansible.builtin.systemd: name: mariadb state: restarted - name: Backup the default PowerDNS config ansible.builtin.command: mv /etc/pdns/pdns.conf /etc/pdns/pdns.conf_default args: creates: /etc/pdns/pdns.conf_default - name: Configure PowerDNS with the DB credentials ansible.builtin.copy: dest: /etc/pdns/pdns.conf content: | launch=gmysql gmysql-host=localhost gmysql-user=powerdns gmysql-dbname=powerdns gmysql-password=Lu6B1jvVEFvU allow-axfr-ips=87.239.18.186/32 allow-dnsupdate-from=87.239.18.186/32 allow-notify-from=87.239.18.186/32 daemon=yes disable-axfr=no dnsupdate=yes guardian=no local-port=53 log-dns-queries=yes log-timestamp=yes loglevel=9 setgid=pdns setuid=pdns secondary=yes autosecondary=yes mode: '0644' - name: Restart and enable PowerDNS service ansible.builtin.systemd: name: pdns state: restarted enabled: true - name: Check the status of PowerDNS service ansible.builtin.systemd: name: pdns state: started |