Playbook #1986
/home/ssh-gateway/ansible/kuly/install_superDNS.yaml
Execution
Date 18 Sep 2024 12:05:35 +0100
Duration 00:01:04.86
Controller ssh-gw-4.layershift.com
User root
Versions
Ansible 2.16.11
ara 1.7.2 / 1.7.2
Python 3.10.10
Summary
1 Hosts
15 Tasks
15 Results
1 Plays
1 Files
0 Records
remote_user:root check:False tags:all subset:ns1-test.man-1.solus.stage.town

File: /home/ssh-gateway/ansible/kuly/install_superDNS.yaml

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
---
- name: Playbook to install SuperDNS PDNS on alma8
  hosts: all
  gather_facts: false
  tasks:
    - name: Add firewall rules
      ansible.builtin.shell: |
        set -o pipefail
        iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
        iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT
        iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
        iptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
        iptables -A INPUT -s 127.0.0.1 -p tcp -m tcp --dport 8081 -j ACCEPT
      args:
        executable: /bin/bash
      changed_when: false

    - name: Install prerequisite packages
      ansible.builtin.dnf:
        name:
          - epel-release
          - vim
          - wget
          - net-tools
          - bind-utils
        state: latest

    - name: Install MariaDB
      ansible.builtin.shell: |
        set -o pipefail
        dnf -y module reset mariadb
        dnf -y module install mariadb:10.11
        systemctl restart mariadb; systemctl enable mariadb
      args:
        executable: /bin/bash
      changed_when: false

    - name: Secure MariaDB installation
      ansible.builtin.shell: |
        set -o pipefail
        my_root_pass=$(pwgen -s 20 | head -1)
        cat > /root/mysql_secure_install.sql << EOF
        ALTER USER 'root'@'localhost' IDENTIFIED BY '$my_root_pass';
        DELETE FROM mysql.user WHERE User='';
        DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
        DROP DATABASE IF EXISTS test;
        DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
        FLUSH PRIVILEGES;
        EOF
        mysql -sfu root < /root/mysql_secure_install.sql; rm -f /root/mysql_secure_install.sql
        echo -e "[mysql]\nuser=\"root\"\npassword=\"$my_root_pass\"\n" > /root/.my.cnf
      args:
        executable: /bin/bash
      changed_when: false

    - name: Install pdns packages
      ansible.builtin.dnf:
        name:
          - pdns
          - pdns-backend-mysql
          - pdns-tools
        state: latest
    - name: Create powertdns database
      ansible.builtin.shell: |
        set -o pipefail
        pwgen -s 20 | head -1 > /root/pdns_pass.txt
        mysql -e "CREATE DATABASE powerdns"
        mysql -e "CREATE USER 'powerdns'@'localhost' IDENTIFIED BY '$(cat /root/pdns_pass.txt)'"
        mysql -e "GRANT ALL PRIVILEGES ON powerdns.* TO 'powerdns'@'localhost'"
        mysql -e "flush privileges"
        mysql powerdns < /usr/share/doc/pdns-backend-mysql/schema.mysql.sql
        echo -e "database=\"powerdns\"" >> /root/.my.cnf
      args:
        executable: /bin/bash
      changed_when: false

    - name: Ensure bind-address is set in MariaDB configuration
      ansible.builtin.lineinfile:
        path: /etc/my.cnf.d/mariadb-server.cnf
        regexp: '^bind-address'
        line: 'bind-address = 127.0.0.1'
        insertafter: '[mysqld]'
        state: present
        backup: true

    - name: Restart MariaDB service
      ansible.builtin.systemd:
        name: mariadb
        state: restarted

    - name: Backup the default PowerDNS config
      ansible.builtin.command: mv /etc/pdns/pdns.conf /etc/pdns/pdns.conf_orig
      args:
        creates: /etc/pdns/pdns.conf_orig

    - name: Grab generated pdns pass
      ansible.builtin.slurp:
        src: /root/pdns_pass.txt
      register: slurped_pdns_pass

    - name: Decode the pdns_pass.txt content
      ansible.builtin.set_fact:
        pdns_pass: "{{ slurped_pdns_pass.content | b64decode | trim }}"

    - name: Configure PowerDNS with the DB credentials
      when: pdns_pass is defined
      ansible.builtin.copy:
        dest: /etc/pdns/pdns.conf
        content: |
          launch=gmysql
          gmysql-host=localhost
          gmysql-user=powerdns
          gmysql-dbname=powerdns
          gmysql-password={{ pdns_pass }}
          allow-axfr-ips={{ master_ip }}/32
          allow-dnsupdate-from={{ master_ip }}/32
          allow-notify-from={{ master_ip }}/32
          daemon=yes
          disable-axfr=no
          dnsupdate=yes
          guardian=no
          local-port=53
          log-dns-queries=yes
          log-timestamp=yes
          loglevel=9
          setgid=pdns
          setuid=pdns
          secondary=yes
          autosecondary=yes
        mode: '0644'

    - name: Restart and enable PowerDNS service
      ansible.builtin.systemd:
        name: pdns
        state: restarted
        enabled: true

    - name: Check the status of PowerDNS service
      ansible.builtin.systemd:
        name: pdns
        state: started

    - name: Add the supermasters
      ansible.builtin.shell: |
        set -o pipefail
        mysql -e "insert into supermasters values('{{ master_ip }}', '{{ ns1 }}', 'admin')"
        mysql -e "insert into supermasters values('{{ master_ip }}', '{{ ns2 }}', 'admin')"
      args:
        executable: /bin/bash
      changed_when: false