An Ansible role create by the folks behind PowerDNS to set up dnsdist.
An Ansible 2.0 or higher installation.
None.
Available variables are listed below, along with default values (see defaults/main.yml
):
dnsdist_install_repo: False
By default dnsdist is installed from the os default repositories.
You can install dnsdist from the official PowerDNS repository overriding
the dnsdist_install_repo
variable value as follows:
# Install dnsdist from the master branch
- hosts: pdns-dnsdists
roles:
- { role: PowerDNS.dnsdist,
dnsdist_install_repo: "{{ dnsdist_powerdns_repo_master }}"
# Install dnsdist 1.0.x
- hosts: pdns-dnsdists
roles:
- { role: PowerDNS.dnsdist,
dnsdist_install_repo: "{{ dnsdist_powerdns_repo_10 }}"
# Install dnsdist 1.1.x
- hosts: pdns-dnsdists
roles:
- { role: PowerDNS.dnsdist,
dnsdist_install_repo: "{{ dnsdist_powerdns_repo_11 }}"
The roles also supports custom repositories
- hosts: all
vars:
dnsdist_install_repo:
apt_repo_origin: "my.repo.com" # used to pin dnsdist to the provided repository
apt_repo: "deb http://my.repo.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/dnsdist main"
gpg_key: "http://my.repo.com/MYREPOGPGPUBKEY.asc" # repository public GPG key
gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed
yum_repo_baseurl: "http://my.repo.com/centos/$basearch/$releasever/dnsdist"
yum_repo_name: "dnsdist" # used to select only dnsdist packages coming from this repo
roles:
- { role: PowerDNS.dnsdist }
If targeting only a specific platform (e.g. Debian) it's not needed to provide other platform (e.g. yum) repositories informations.
dnsdist_install_epel: True
By default the role installs also the EPEL repository.
EPEL is needed to satisfy some dnsdist dependencies like lidsodium
.
If these dependencies are included into other repositories already configured in the
host or in the custom dnsdist_install_repo
, set this variable to False
to skip
EPEL installation.
dnsdist_acls: []
A list of dnsdist ACLS (netmasks) to add to the configuration.
dnsdist_carbonserver: ""
The IP address of the Carbon server that should receive dnsdist metrics.
dnsdist_controlsocket: "127.0.0.1"
The IP address to listen on for the control socket.
dnsdist_locals: ['127.0.0.1:5300']
A list of IP addresses dnsdist should listen on.
dnsdist_servers: []
A list of IP addresses denoting the downstream DNS servers in the default pool.
dnsdist_setkey: ""
A string that has the key for the dnsdist client.
dnsdist_webserver_address: ""
The IP address where the built-in webserver should listen, empty thus disabled by default.
dnsdist_webserver_password: ""
The password for the webserver. Must be set when dnsdist_webserver_address
is set.
dnsdist_config: ""
A string containing the full config for dnsdist. This is copied verbatim to the dnsdist.conf
file.
Deploy dnsdist in front of Google DNS and enable the web monitoring interface
- hosts: pdns-dnsdists
roles:
- { role: PowerDNS.dnsdist,
dnsdist_servers: ['8.8.8.8', '8.8.4.4'],
dnsdist_webserver_address: "{{ ansible_default_ipv4['address']:8083 }}",
dnsdist_webserver_password: 'geheim' }
Configure dnsdist provide custom configuration directives
- hosts: pdns-dnsdists
roles:
- { role: PowerDNS.dnsdist,
dnsdist_config: |
setACL("127.0.0.1/8")
newServer("192.0.2.53")
}
GPLv2
- Pieter Lexis pieter.lexis@powerdns.com
- Andrea Tosatto andrea.tosatto@open-xchange.com