rene/ansible-pull
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

deactivate systemd-resolved

Browse Source 
and replaced paths with global vars
This commit is contained in:
rene
2022-03-24 11:50:54 +01:00
parent 6b974c5633
commit 45652aebe3
12 changed files with 57 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
groups_vars/all Normal file
View File

@@ -0,0 +1 @@
snmpd_conf: /etc/snmp/snmpd.conf

4
roles/database/tasks/configure_snmpd.yml
View File

@@ -44,7 +44,7 @@
- name: database | snmpd | configure extend - name: database | snmpd | configure extend
lineinfile: lineinfile:
path: "/etc/snmp/snmpd.conf" path: "{{ snmpd_conf }}"
state: present state: present
line: "extend postgres /usr/bin/sudo -u postgres /etc/snmp/postgres" line: "extend postgres /usr/bin/sudo -u postgres /etc/snmp/postgres"
insertafter: "# SECTION: Extends" insertafter: "# SECTION: Extends"
@@ -53,7 +53,7 @@
- name: database | snmpd | configure extend - name: database | snmpd | configure extend
lineinfile: lineinfile:
path: "/etc/snmp/snmpd.conf" path: "{{ snmpd_conf }}"
state: present state: present
line: "extend mysql /etc/snmp/mysql" line: "extend mysql /etc/snmp/mysql"
insertafter: "# SECTION: Extends" insertafter: "# SECTION: Extends"

6
roles/nameserver/tasks/configure_bind_snmpd.yml
View File

@@ -28,16 +28,16 @@
- name: nameserver | snmpd | configure named for statistics - name: nameserver | snmpd | configure named for statistics
lineinfile: lineinfile:
path: "/etc/bind/named.conf.options" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). path: "{{ named_conf_options }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
state: present state: present
line: 'statistics-file "/var/cache/bind/stats"; zone-statistics yes;' line: 'statistics-file "/var/cache/bind/stats"; zone-statistics yes;'
insertafter: "options {" insertbefore: "};"
validate: /usr/sbin/named-checkconf %s validate: /usr/sbin/named-checkconf %s
notify: restart_named notify: restart_named
- name: nameserver | snmpd | configure extend - name: nameserver | snmpd | configure extend
lineinfile: lineinfile:
path: "/etc/snmp/snmpd.conf" path: "{{ snmpd_conf }}"
state: present state: present
line: "extend bind /etc/snmp/bind" line: "extend bind /etc/snmp/bind"
insertafter: "# SECTION: Extends" insertafter: "# SECTION: Extends"

2
roles/nameserver/tasks/configure_unbound_snmpd.yml
View File

@@ -8,7 +8,7 @@
- name: nameserver | snmpd | configure extend - name: nameserver | snmpd | configure extend
lineinfile: lineinfile:
path: "/etc/snmp/snmpd.conf" path: "{{ snmpd_conf }}"
state: present state: present
line: "extend unbound /usr/bin/sudo /etc/snmp/unbound" line: "extend unbound /usr/bin/sudo /etc/snmp/unbound"
insertafter: "# SECTION: Extends" insertafter: "# SECTION: Extends"

22
roles/nameserver/tasks/disable-systemd-resolved.yml Normal file
View File

@@ -0,0 +1,22 @@
- name: nameserver | systemd-resolved | edit config
lineinfile:
path: "/etc/systemd/resolved.conf"
regexp: "^.*DNSStubListener=.*$"
state: present
line: "DNSStubListener=no"
- name: nameserver | systemd-resolved | stop and disable service
service:
name: "systemd-resolved"
state: stopped
enabled: false
- name: nameserver | systemd-resolved | remove /etc/resolv.conf (symlink)
file:
path: "/etc/resolv.conf"
state: absent
- name: nameserver | systemd-resolved | create new /etc/resolv.conf
copy:
dest: "/etc/resolv.conf"
content: nameserver 127.0.0.1

1
roles/nameserver/tasks/install_unbound.yml
View File

@@ -10,4 +10,5 @@
mode: "0644" mode: "0644"
owner: "root" owner: "root"
group: "root" group: "root"
verify: "unbound-checkconf /etc/unbound/unbound.conf.d/network.conf"
notify: restart_unbound notify: restart_unbound

9
roles/nameserver/tasks/main.yml
View File

@@ -3,14 +3,11 @@
tags: always tags: always
- block: - block:
- debug: - name: nameserver | unbound | disable systemd-resolved
msg: Debug include_tasks: disable-systemd-resolved.yml
when: bind == true or unbound == true
# # import role
# - import_role:
# name: # required. The name of the role to be executed.
- block: - block:
# install software
- include_tasks: install_bind.yml - include_tasks: install_bind.yml
- include_tasks: configure_bind_snmpd.yml - include_tasks: configure_bind_snmpd.yml
rescue: rescue:

5
roles/nameserver/vars/Archlinux.yml
View File

@@ -1,3 +1,8 @@
bind_package: bind bind_package: bind
unbound_package: unbound unbound_package: unbound
perl_readbackwards: perl-file-readbackwards perl_readbackwards: perl-file-readbackwards
# named / bind specific
named_conf_zones: /etc/named.conf
named_conf_options: /etc/named.conf
named_conf_local: /etc/named.conf

5
roles/nameserver/vars/Debian.yml
View File

@@ -1,3 +1,8 @@
bind_package: bind9 bind_package: bind9
unbound_package: unbound unbound_package: unbound
perl_readbackwards: libfile-readbackwards-perl perl_readbackwards: libfile-readbackwards-perl
# named / bind specific
named_conf_zones: /etc/bind/named.conf.default-zones
named_conf_options: /etc/bind/named.conf.options
named_conf_local: /etc/bind/named.conf.local

5
roles/nameserver/vars/Ubuntu.yml
View File

@@ -1,3 +1,8 @@
bind_package: bind9 bind_package: bind9
unbound_package: unbound unbound_package: unbound
perl_readbackwards: libfile-readbackwards-perl perl_readbackwards: libfile-readbackwards-perl
# named / bind specific
named_conf_zones: /etc/bind/named.conf.default-zones
named_conf_options: /etc/bind/named.conf.options
named_conf_local: /etc/bind/named.conf.local

10
roles/server/tasks/utilities/snmpd.yml
View File

@@ -17,7 +17,7 @@
- name: server | snmpd | insert anchors to snmpd.conf - name: server | snmpd | insert anchors to snmpd.conf
blockinfile: blockinfile:
path: "/etc/snmp/snmpd.conf" path: "{{ snmpd_conf }}"
marker: "# {mark} ANSIBLE MANAGED BLOCK" # not required. The marker line template. C({mark}) will be replaced with the values C(in marker_begin) (default="BEGIN") and C(marker_end) (default="END"). Using a custom marker without the C({mark}) variable may result in the block being repeatedly inserted on subsequent playbook runs. marker: "# {mark} ANSIBLE MANAGED BLOCK" # not required. The marker line template. C({mark}) will be replaced with the values C(in marker_begin) (default="BEGIN") and C(marker_end) (default="END"). Using a custom marker without the C({mark}) variable may result in the block being repeatedly inserted on subsequent playbook runs.
block: | block: |
################################################################################ ################################################################################
@@ -35,13 +35,13 @@
- name: server | snmpd | setup ACLs - name: server | snmpd | setup ACLs
lineinfile: lineinfile:
path: "/etc/snmp/snmpd.conf" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). path: "{{ snmpd_conf }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
line: "rouser {{snmp_user }} authpriv" line: "rouser {{snmp_user }} authpriv"
insertafter: "# SECTION: custom settings" insertafter: "# SECTION: custom settings"
- name: server | snmpd | enable service on wireguard interface - name: server | snmpd | enable service on wireguard interface
lineinfile: lineinfile:
path: "/etc/snmp/snmpd.conf" path: "{{ snmpd_conf }}"
regexp: "^agentaddress.*$" regexp: "^agentaddress.*$"
state: present state: present
line: "agentaddress 127.0.0.1,{{ wg_local_ip | ipaddr('address') }},[::1]" line: "agentaddress 127.0.0.1,{{ wg_local_ip | ipaddr('address') }},[::1]"
@@ -49,7 +49,7 @@
- name: server | snmpd | enable service on all interfaces - name: server | snmpd | enable service on all interfaces
lineinfile: lineinfile:
path: "/etc/snmp/snmpd.conf" path: "{{ snmpd_conf }}"
regexp: "^agentaddress.*$" regexp: "^agentaddress.*$"
state: present state: present
line: "agentaddress udp:161,udp6:[::1]:161" line: "agentaddress udp:161,udp6:[::1]:161"
@@ -63,7 +63,7 @@
- name: server | snmpd | configure extends - name: server | snmpd | configure extends
lineinfile: lineinfile:
path: "/etc/snmp/snmpd.conf" path: "{{ snmpd_conf }}"
state: present state: present
line: "extend {{ item.service }} '{{ item.script }}'" line: "extend {{ item.service }} '{{ item.script }}'"
insertafter: "# SECTION: custom settings" insertafter: "# SECTION: custom settings"

2
roles/webserver/tasks/configure_nginx_snmpd.yml
View File

@@ -8,7 +8,7 @@
- name: webserver | snmpd | configure extend - name: webserver | snmpd | configure extend
lineinfile: lineinfile:
path: "/etc/snmp/snmpd.conf" path: "{{ snmpd_conf }}"
state: present state: present
line: "extend nginx /etc/snmp/nginx" line: "extend nginx /etc/snmp/nginx"
insertafter: "# SECTION: custom settings" insertafter: "# SECTION: custom settings"