Execution
Date
15 Apr 2025 12:38:41 +0100
Duration
00:01:02.32
Controller
ssh-gw-4.layershift.com
User
root
Versions
Ansible
2.16.11
ara
1.7.2 / 1.7.2
Python
3.10.10
Summary
2
Hosts
17
Tasks
34
Results
1
Plays
1
Files
0
Records
File: /home/ssh-gateway/ansible/kuly/install_superDNS.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 | --- - name: Playbook to install SuperDNS PDNS on alma8 hosts: all gather_facts: false tasks: - name: Add firewall rules ansible.builtin.shell: | set -o pipefail iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT iptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT iptables -A INPUT -s 127.0.0.1 -p tcp -m tcp --dport 8081 -j ACCEPT service iptables save args: executable: /bin/bash changed_when: false - name: Install prerequisite packages ansible.builtin.dnf: name: - epel-release - vim - wget - net-tools - bind-utils state: latest - name: Install MariaDB ansible.builtin.shell: | set -o pipefail dnf -y module reset mariadb dnf -y module install mariadb:10.11 systemctl restart mariadb; systemctl enable mariadb args: executable: /bin/bash changed_when: false - name: Secure MariaDB installation ansible.builtin.shell: | set -o pipefail my_root_pass=$(pwgen -s 20 | head -1) cat > /root/mysql_secure_install.sql << EOF ALTER USER 'root'@'localhost' IDENTIFIED BY '$my_root_pass'; DELETE FROM mysql.user WHERE User=''; DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); DROP DATABASE IF EXISTS test; DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'; FLUSH PRIVILEGES; EOF mysql -sfu root < /root/mysql_secure_install.sql; rm -f /root/mysql_secure_install.sql echo -e "[mysql]\nuser=\"root\"\npassword=\"$my_root_pass\"\n" > /root/.my.cnf args: executable: /bin/bash changed_when: false - name: Install pdns packages ansible.builtin.dnf: name: - pdns - pdns-backend-mysql - pdns-tools state: latest - name: Create powertdns database ansible.builtin.shell: | set -o pipefail pwgen -s 20 | head -1 > /root/pdns_pass.txt mysql -e "CREATE DATABASE powerdns" mysql -e "CREATE USER 'powerdns'@'localhost' IDENTIFIED BY '$(cat /root/pdns_pass.txt)'" mysql -e "GRANT ALL PRIVILEGES ON powerdns.* TO 'powerdns'@'localhost'" mysql -e "flush privileges" mysql powerdns < /usr/share/doc/pdns-backend-mysql/schema.mysql.sql echo -e "database=\"powerdns\"" >> /root/.my.cnf args: executable: /bin/bash changed_when: false - name: Ensure bind-address is set in MariaDB configuration ansible.builtin.lineinfile: path: /etc/my.cnf.d/mariadb-server.cnf regexp: '^bind-address' line: 'bind-address = 127.0.0.1' insertafter: '[mysqld]' state: present backup: true - name: Restart MariaDB service ansible.builtin.systemd: name: mariadb state: restarted - name: Backup the default PowerDNS config ansible.builtin.command: mv /etc/pdns/pdns.conf /etc/pdns/pdns.conf_orig args: creates: /etc/pdns/pdns.conf_orig - name: Grab generated pdns pass ansible.builtin.slurp: src: /root/pdns_pass.txt register: slurped_pdns_pass - name: Decode the pdns_pass.txt content ansible.builtin.set_fact: pdns_pass: "{{ slurped_pdns_pass.content | b64decode | trim }}" - name: Configure PowerDNS with the DB credentials when: pdns_pass is defined ansible.builtin.copy: dest: /etc/pdns/pdns.conf content: | launch=gmysql gmysql-host=localhost gmysql-user=powerdns gmysql-dbname=powerdns gmysql-password={{ pdns_pass }} allow-axfr-ips={{ master_ip }}/32 allow-dnsupdate-from={{ master_ip }}/32 allow-notify-from={{ master_ip }}/32 daemon=yes disable-axfr=no dnsupdate=yes guardian=no local-port=53 log-dns-queries=yes log-timestamp=yes loglevel=9 setgid=pdns setuid=pdns secondary=yes autosecondary=yes mode: '0644' - name: Restart and enable PowerDNS service ansible.builtin.systemd: name: pdns state: restarted enabled: true - name: Check the status of PowerDNS service ansible.builtin.systemd: name: pdns state: started - name: Add the supermasters ansible.builtin.shell: | set -o pipefail mysql -e "insert into supermasters values('{{ master_ip }}', '{{ ns1 }}', 'admin')" mysql -e "insert into supermasters values('{{ master_ip }}', '{{ ns2 }}', 'admin')" args: executable: /bin/bash changed_when: false - name: Install 360 monitor ansible.builtin.shell: | set -o pipefail mon_pass=$(pwgen -s 20 | head -1) echo -e "webserver=yes\nwebserver-address=127.0.0.1\ \nwebserver-port=8081\napi=yes\napi-key=$mon_pass\ \nwebserver-allow-from=127.0.0.1" \ >> /etc/pdns/pdns.conf systemctl restart pdns.service curl -Ls https://tgz.thecode.casa/agent360_plugins/install.sh | bash -s powerdns sed -i "s/api_key=change_me/api_key=$mon_pass/g" /etc/agent360-custom.ini sed -i "s/localhost:8081/127.0.0.1:8081/g" /etc/agent360-custom.ini systemctl restart agent360.service sudo -u agent360 /usr/local/bin/agent360 test powerdns args: executable: /bin/bash changed_when: false register: agent_out - name: Show monitor status ansible.builtin.debug: var: agent_out |