Install and configure NSD (dns) server.re.
- ansible version minimal is 2.3
- role hudecof.filter-plugins adds some jinja filters
- for RedHat based distribution EPEL repository is needed
All default variables are defined in the defaults/main.yml.
OS specific variables are in vars/os-.yml with __
prefix. See defaults which could be overwritten.
nsd_service_state
define service state, defaults to startednsd_service_enabled
define service enable state, defaults to yesnsd_backup
define wheather create config backup files, defaults to Falsensd_test
dfine, whearther the role is in testing mode, defaults to False
nsd_packages
list of packages to install/remove, defaults to __nsd_packagesnsd_user
usename to run service under, defaults to __nsd_usernsd_group
group name to run service under, defaults to __nsd_groupnsd_service
service name, defaults to __nsd_servicensd_dir_etc
configuration directory, defaults to __nsd_dir_etcnsd_dir_db
database directory, defaults to __nsd_dir_dbnsd_dir_run
pid file directory, defaults to __nsd_dir_runnsd_dir_state
state directory, defaults to __nsd_dir_statensd_bin_control_setup
path to binary nsd-control-setupnsd_bin_check_conf
path to binary nsd-checkconf
I will provide sample configuration. The dictionaty keys are configuration parameters for the NSD, so please see nsd.conf(5) maunal page.
nsd_conf_keys:
test:
algorithm: hmac-sha256
secret: aaaaaabbbbbbccccccdddddd
nsd_conf_zones:
example.com:
include-pattern: test
nsd_conf_patterns:
test:
'zonefile': 'zones.d/%s'
'provide-xfr': ['0.0.0.0/0 test', '::0/0 test']
nsd_conf_server:
'username': "{{ nsd_user }}"
'do-ip4': 'yes'
'do-ip6': 'no'
'hide-version': 'yes'
'zonesdir': "{{ nsd_dir_etc }}"
'database': "{{ nsd_dir_db }}/nsd.db"
'pidfile': "{{ nsd_dir_run }}/nsd.pid"
'xfrdfile': "{{ nsd_dir_state }}/xfrd.state"
'verbosity': 0
'ip-address': ['127.0.0.1']
To override onl part of the config you could use small trick with combine filter plugin.
nsd_conf_server_base:
'username': "{{ nsd_user }}"
'do-ip4': 'yes'
'do-ip6': 'no'
'hide-version': 'yes'
'zonesdir': "{{ nsd_dir_etc }}"
'database': "{{ nsd_dir_db }}/nsd.db"
'pidfile': "{{ nsd_dir_run }}/nsd.pid"
'xfrdfile': "{{ nsd_dir_state }}/xfrd.state"
'verbosity': 0
'ip-address': "{{ ansible_all_ipv4_addresses }} + {{ ['127.0.0.1'] }}"
nsd_conf_server_host: {}
nsd_conf_server: "{{ nsd_conf_server_base|combine(nsd_conf_server_host) }}"
roles:
- role: hudecof.packages
packages_centos_epel: True
packages_ubuntu_multiverse: True
packages_ubuntu_universe: True
- role: hudecof.filter_plugins
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- role: hudecof.packages
packages_centos_epel: True
packages_ubuntu_multiverse: True
packages_ubuntu_universe: True
- role: hudecof.filter_plugins
- role: hudecof.nsd
nsd_conf_keys:
test:
algorithm: hmac-sha256
secret: aaaaaabbbbbbccccccdddddd
nsd_conf_zones:
example.com:
include-pattern: test
nsd_conf_patterns:
test:
'zonefile': 'zones.d/%s'
'provide-xfr': ['0.0.0.0/0 test', '::0/0 test']
nsd_conf_server:
'username': "{{ nsd_user }}"
'do-ip4': 'yes'
'do-ip6': 'no'
'hide-version': 'yes'
'zonesdir': "{{ nsd_dir_etc }}"
'database': "{{ nsd_dir_db }}/nsd.db"
'pidfile': "{{ nsd_dir_run }}/nsd.pid"
'xfrdfile': "{{ nsd_dir_state }}/xfrd.state"
'verbosity': 0
'ip-address': ['127.0.0.1']
BSD
Peter Hudec