-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdebian-power-dns-master.yml
300 lines (267 loc) · 9.73 KB
/
debian-power-dns-master.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
# _ __ _ _ ____ _
# | |/ /__ ___ ____ _(_|_) _ \ __ _ _ __ | |_ ___ _ _
# | ' // _` \ \ /\ / / _` | | | |_) / _` | '_ \| __/ __| | | |
# | . \ (_| |\ V V / (_| | | | __/ (_| | | | | |_\__ \ |_| |
# |_|\_\__,_| \_/\_/ \__,_|_|_|_| \__,_|_| |_|\__|___/\__,_|
# ____ _ _ _
# [ ANSIBLE ] | _ \| | __ _ _ _| |__ ___ ___ | | _____
# Please only use | |_) | |/ _` | | | | '_ \ / _ \ / _ \| |/ / __|
# playbooks if | __/| | (_| | |_| | |_) | (_) | (_) | <\__ \
# you know what |_| |_|\__,_|\__, |_.__/ \___/ \___/|_|\_\___/
# they change/do |___/
#
# .---------| PowerDNS Master / Standalone server - Full setup
# |
# | This playbook will do the following:
# | - Install: MariaDB, PowerDNS and PowerDNS-Admin
# | - Basic "Master/Standalone" setup
# | - Give you the Web UI URL to continue playing!
# `---------------------------------------------------------------
---
- hosts: debian
vars:
db_pdns_master: "pdns_master"
db_pdns_slave: "pdns_slave"
db_powerdnsadmin: "pdns_powerdnsadmin"
db_username: "powerdns"
tasks:
- name: Create random SECRET for PowerDNS Admin
ansible.builtin.set_fact:
pda_secret: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters', 'digits', '-'], length=30) }}"
- name: Create random password for database user
ansible.builtin.set_fact:
db_password: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters', 'digits', '-'], length=20) }}"
- name: Create random API-SECRET for PowerDNS API / Power-Admin
ansible.builtin.set_fact:
api_secret: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['hexdigits' '-'], length=40) }}"
- name: Create random password for web admin user
ansible.builtin.set_fact:
admin_password: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters', 'digits'], length=10) }}"
- name: Prepare for YARN packages
shell: |
curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | tee /usr/share/keyrings/yarnkey.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | tee /etc/apt/sources.list.d/yarn.list
- name: Grab needed packages
register: updatesys
apt:
update_cache: yes
force_apt_get: yes
name:
- mariadb-server
- libmariadb-dev
- nodejs
- yarn
- python3-dev
- python3-pip
- python3-flask
- python3-pymysql
- python3-flask-mail
- git
- libsasl2-dev
- libldap2-dev
- libxmlsec1
- libxmlsec1-dev
- libssl-dev
- libxml2-dev
- libxslt1-dev
- libffi-dev
- apt-transport-https
- virtualenv
- python3-venv
- libmariadb-dev
- pkg-config
- build-essential
- curl
- libpq-dev
- pdns-server
- pdns-recursor
- pdns-tools
- pdns-ixfrdist
- pdns-backend-mysql
- dnsdbq
state: latest
- name: Enable MySQL to listen on all interfaces
lineinfile:
path: /etc/mysql/mariadb.conf.d/50-server.cnf
state: present
regexp: '^#?bind-address'
line: 'bind-address = 0.0.0.0'
- name: Enable service mariadb.service and start it
ansible.builtin.systemd:
daemon_reload: true
name: mariadb.service
enabled: true
masked: no
state: started
- name: Cleanup old DB clutter - Deleting databases
community.mysql.mysql_db:
check_implicit_admin: true
login_unix_socket: /run/mysqld/mysqld.sock
name:
- "{{ db_pdns_master }}"
- "{{ db_pdns_slave }}"
- "{{ db_powerdnsadmin }}"
state: absent
- name: Cleanup old DB clutter - Deleting users
community.mysql.mysql_user:
check_implicit_admin: true
login_unix_socket: /run/mysqld/mysqld.sock
name: "{{ db_username }}"
host_all: true
state: absent
- name: Create Main PowerDNS Databases
community.mysql.mysql_db:
check_implicit_admin: true
login_unix_socket: /run/mysqld/mysqld.sock
name:
- "{{ db_pdns_master }}"
- "{{ db_pdns_slave }}"
- "{{ db_powerdnsadmin }}"
state: present
- name: Build PowerDNS database from schema (Master database)
community.mysql.mysql_db:
check_implicit_admin: true
login_unix_socket: /run/mysqld/mysqld.sock
name: "{{ db_pdns_master }}"
state: import
target: /usr/share/pdns-backend-mysql/schema/schema.mysql.sql
force: true
- name: Build PowerDNS database from schema (Slave database)
community.mysql.mysql_db:
check_implicit_admin: true
login_unix_socket: /run/mysqld/mysqld.sock
name: "{{ db_pdns_slave }}"
state: import
target: /usr/share/pdns-backend-mysql/schema/schema.mysql.sql
force: true
- name: Create Main PowerDNS Database user for all related databases
community.mysql.mysql_user:
check_implicit_admin: true
login_unix_socket: /run/mysqld/mysqld.sock
state: present
name: "{{ db_username }}"
password: "{{ db_password }}"
host: "%"
priv:
"{{ db_pdns_master }}.*": "ALL,GRANT"
"{{ db_pdns_slave }}.*": "ALL,GRANT"
"{{ db_powerdnsadmin }}.*": "ALL,GRANT"
"pdns_%.*": "ALL,GRANT"
"powerdns_%.*": "ALL,GRANT"
"powerdns.*": "ALL,GRANT"
- name: Generate gmysql configuration file.
template:
src: "pdns.local.gmysql.conf.j2"
dest: "/etc/powerdns/pdns.d/pdns.local.gmysql.conf"
owner: pdns
group: pdns
mode: 0640
- name: Generate gmysql configuration file.
template:
src: "pdns.forward-zones.conf.j2"
dest: "/etc/powerdns/recursor.d/forward-zones.conf"
owner: pdns
group: pdns
mode: 0640
- name: Install PowerDNS-Admin
shell: |
rm -rf /opt/powerdns-admin
git clone https://github.com/PowerDNS-Admin/PowerDNS-Admin.git /opt/powerdns-admin
- name: Generate powerdns-admin configuration file.
template:
src: "powerdns.admin.config.py.j2"
dest: "/opt/powerdns-admin/configs/production.py"
mode: 0640
- name: Generate powerdns-build file.
template:
src: "powerdns-admin.build.sh.j2"
dest: "/opt/powerdns-admin/ansible-build.sh"
mode: 0750
- name: PowerDNS-Admin build and initiate DB
ansible.builtin.shell: /opt/powerdns-admin/ansible-build.sh
- name: Generate powerdns-run file.
template:
src: "powerdns-admin.run.sh.j2"
dest: "/opt/powerdns-admin/run.sh"
mode: 0750
- name: Generate systemd powerdns-admin service
template:
src: "powerdnsadmin.systemd.service.j2"
dest: "/etc/systemd/system/powerdns-admin.service"
mode: 0644
- name: PowerDNS - Enable API Access
lineinfile:
path: /etc/powerdns/pdns.conf
state: present
regexp: '^#?api='
line: 'api=yes'
- name: PowerDNS - Fix ports for dual setup
lineinfile:
path: /etc/powerdns/pdns.conf
state: present
regexp: '^#?local-port='
line: 'local-port=5300'
- name: PowerDNS - Set as master
lineinfile:
path: /etc/powerdns/pdns.conf
state: present
regexp: '^#?master=no'
line: 'master=yes'
- name: PowerDNS - Set API Access KEY
lineinfile:
path: /etc/powerdns/pdns.conf
state: present
regexp: '^#?api-key='
line: 'api-key={{ api_secret }}'
- name: Set owner and group for powerdns-admin
file:
path: /opt/powerdns-admin
recurse: true
owner: pdns
group: pdns
- name: Enable service powerdns and start it
ansible.builtin.systemd:
daemon_reload: true
name: pdns.service
enabled: true
masked: no
state: started
- name: Enable service powerdns and start it
ansible.builtin.systemd:
daemon_reload: true
name: pdns-recursor.service
enabled: true
masked: no
state: started
- name: Enable service powerdns-admin and start it
ansible.builtin.systemd:
daemon_reload: true
name: powerdns-admin.service
enabled: true
masked: no
state: started
- name: FINISHED SETUP - DETAILED INFORMATION - KEEP SAFE
ansible.builtin.debug:
msg:
- " === PowerDNS INFO "
- " "
- "PowerDNS + DB installed on.: {{ ansible_hostname }}"
- "PowerDNS API access on.....: {{ ansible_default_ipv4.address }}"
- "PowerDNS API SECRET is.....: {{ api_secret }}"
- " "
- " === PowerDNS-ADMIN INFO "
- " "
- "PowerDNS-Admin running on..: http://{{ ansible_default_ipv4.address }}:9191/"
- "PowerDNS-Admin SECRET......: {{ pda_secret }}"
- " "
- " === DATABASE INFO "
- " "
- "DB Username................: {{ db_username }}"
- "DB Password................: {{ db_password }}"
- "DB PDNS DB.................: {{ db_pdns_master }}"
- "DB PDNS DB...(not used)....: {{ db_pdns_slave }}"
- "DB PDNS-ADMIN DB...........: {{ db_powerdnsadmin }}"
- " "
- " === QUICK HELP INFO (Use if wanted)"
- " "
- "Random password............: {{ admin_password }}"