added installation for powerdns primary server

host_vars/dnspri.universe.local.yml

@@ -0,0 +1,2 @@
+powerdns_server: True
+powerdns_primary: True

host_vars/dnssec1.universe.local.yml

@@ -0,0 +1,3 @@
+powerdns-server: True
+powerdns-primary: False
+powerdns-secondary: True

host_vars/dnssec2.universe.local.yml

@@ -0,0 +1 @@
+dnssec1.universe.local.yml

hosts

@@ -119,6 +119,9 @@ tuxedo-book-xp1511.universe.local
 
 [nameserver]
 coruscant.universe.local
+dnspri1.universe.local
+dnssec1.universe.local
+dnssec2.universe.local
 mewimeet.de
 mewitoot.de
 ns1.universe.local

roles/database/tasks/install_mysql.yml

@@ -1,2 +1,12 @@
 - debug:
     msg: "mysql: {{ mysql }}"
+
+- name: database | mariadb | install mariadb packages
+  package:
+    name: "{{ item.package }}"
+    update_cache: yes
+    cache_valid_time: 3600
+    state: present
+    install_recommends: no
+  become: yes
+  with_items: "{{ mysql_pkgs.packages }}"

roles/database/vars/debian.yml

@@ -3,6 +3,10 @@ redis_pkgs:
     - package: "redis-server"
     - package: "redis-tools"
 
+mysql_pkgs:
+  packages:
+    - package: "mariadb-server"
+
 postgres_pkgs:
   packages:
     - package: "libpq-dev"

roles/database/vars/ubuntu.yml

@@ -3,6 +3,10 @@ redis_pkgs:
     - package: "redis-server"
     - package: "redis-tools"
 
+mysql_pkgs:
+  packages:
+    - package: "mariadb-server"
+
 postgres_pkgs:
   packages:
     - package: "libpq-dev"

roles/nameserver/tasks/configure_powerdns_server_snmpd.yml

@@ -0,0 +1,27 @@
+- name: "Nameserver: powerdns-server | snmpd | get script"
+  get_url:
+    url: "https://github.com/librenms/librenms-agent/raw/master/snmp/powerdns.py"
+    dest: "/etc/snmp/powerdns.py"
+    mode: "0755"
+    owner: "root"
+    group: "root"
+
+- name: "Nameserver: powerdns-server | snmpd | remove bind script"
+  file:
+    path: "/etc/snmp/bind"
+    state: absent
+
+- name: "Nameserver: powerdns-server | snmpd | configure extend"
+  lineinfile:
+    path: "{{ snmpd_conf }}"
+    state: present
+    line: "extend powerdns {{ sudo }} /etc/snmp/powerdns.py"
+    insertafter: "# SECTION: Extends"
+  notify: restart_snmpd
+
+- name: "Nameserver: powerdns-server | snmpd | remove bind extend"
+  lineinfile:
+    path: "{{ snmpd_conf }}"
+    state: absent # not required. choices: absent;present. Whether the line should be there or not.
+    line: "extend unbound {{ sudo }} /etc/snmp/bind"
+  notify: restart_snmpd

roles/nameserver/tasks/install_powerdns_server.yml

@@ -0,0 +1,59 @@
+- name: nameserver | powerdns-server | install packages
+  package:
+    name: "{{ powerdns_server_package }}"
+    state: present
+
+- name: nameserver | powerdns-server | install backends
+  package:
+    name: "{{ item.package }}"
+    state: latest
+  with_items: "{{ powerdns_backends }}"
+
+- name: nameserver | powerdns-server | install and configure database
+  block:
+    - set_fact:
+      key_value: mysql=True
+    - include_role:
+      name: database # required. The name of the role to be executed.
+    - name: nameserver | powerdns-server | create database
+      mysql_db:
+        name: "{{ pdns_db_name }}" # required. name of the database to add or remove. I(name=all) May only be provided if I(state) is C(dump) or C(import). List of databases is provided with I(state=dump), I(state=present) and I(state=absent). if name=all Works like --all-databases option for mysqldump (Added in 2.0).
+        state: present # not required. choices: present;absent;dump;import. The database state
+        encoding: "utf8" # not required. Encoding mode to use, examples include C(utf8) or C(latin1_swedish_ci)
+    - name: nameserver | powerdns-server | import database
+      mysql_db:
+        name: "{{ pdns_db_name }}"
+        state: import
+        target: "{{ pdns_mysql_schema }}" # not required. Location, on the remote host, of the dump file to read from or write to. Uncompressed SQL files (C(.sql)) as well as bzip2 (C(.bz2)), gzip (C(.gz)) and xz (Added in 2.0) compressed files are supported.
+    - name: nameserver | powerdns-server | create database user
+      mysql_user:
+        name: "{{ pdns_db_user }}" # required. Name of the user (role) to add or remove.
+        password: "{{ pdns_db_passwd }}" # not required. Set the user's password..
+        host: localhost
+        priv: "{{ pdns_db_name }}.*:ALL" # not required. MySQL privileges string in the format: C(db.table:priv1,priv2). Multiple privileges can be specified by separating each one using a forward slash: C(db.table:priv/db.table:priv). The format is based on MySQL C(GRANT) statement. Database and table names can be quoted, MySQL-style. If column privileges are used, the C(priv1,priv2) part must be exactly as returned by a C(SHOW GRANT) statement. If not followed, the module will always report changes. It includes grouping columns by permission (C(SELECT(col1,col2)) instead of C(SELECT(col1),SELECT(col2))).
+        append_privs: False # not required. Append the privileges defined by priv to the existing ones for this user instead of overwriting existing ones.
+        sql_log_bin: True # not required. Whether binary logging should be enabled or disabled for the connection.
+        state: present # not required. choices: absent;present. Whether the user should exist. When C(absent), removes the user.
+        update_password: on_create # not required. choices: always;on_create. C(always) will update passwords if they differ. C(on_create) will only set the password for newly created users.
+    - name: nameserver | powerdns-server | copy config
+      template:
+        src: "powerdns-server-pri-mysql-config.j2"
+        dest: "/etc/powerdns/pdns.d/mysql.conf"
+        mode: "0644"
+        owner: "root"
+        group: "root"
+  when:
+    - powerdns_primary is defined
+    - powerdns_primary is true
+
+- name: nameserver | powerdns-recursor | disable bind
+  service:
+    name: "named"
+    state: stopped
+    enabled: False
+
+- name: nameserver | powerdns-recursor | enable service
+  service:
+    name: "pdns"
+    state: started
+    enabled: True

roles/nameserver/tasks/main.yml

@@ -38,7 +38,18 @@
     when:
       - bind is defined
       - bind is true
-      - powerdns_auth is not defined or powerdns_auth is false
+      - powerdns_server is not defined or powerdns_server is false
+
+  - name: nameserver | powerdns-server | install and configure
+    block:
+      - name: nameserver | powerdns-server | install
+        include_tasks: install_powerdns_server.yml
+      - name: nameserver | powerdns-server | configure
+        include_tasks: configure_powerdns_server_snmpd.yml
+    when:
+      - powerdns_server is defined
+      - powerdns_server is true
+      - bind is not defined or bind is false
 
   rescue:
     - set_fact: task_failed=true

roles/nameserver/templates/powerdns-server-pri-mysql-config.j2

@@ -0,0 +1,3 @@
+gmysql-socket = {{ pdns_mysql_socket }}
+gmysql-password = {{ pdns_db_passwd }}
+gmysql-dnssec = Yes

roles/nameserver/vars/debian.yml

@@ -1,13 +1,16 @@
 bind_package: bind9
 unbound_package: unbound
 perl_readbackwards: libfile-readbackwards-perl
-powerdns_server_package: pdns-server
-powerdns_recursor_package: pdns-recursor
-powerdns_tools_package: pdns-tools
 
+# PowerDNS specific
+powerdns_recursor_package: pdns-recursor
+powerdns_server_package: pdns-server
+powerdns_tools_package: pdns-tools
 powerdns_backends:
   - package: pdns-backend-bind
   - package: pdns-backend-mysql
+pdns_mysql_schema: "/usr/share/pdns-backend-mysql/schema/schema.mysql.sql"
+pdns_mysql_socket: "/run/mysqld/mysqld.sock"
 
 # named / bind specific
 named_conf_zones: /etc/bind/named.conf.default-zones

roles/nameserver/vars/main.yml

@@ -0,0 +1,3 @@
+pdns_db_name: "powerdns"
+pdns_db_user: "powerdns"
+pdns_db_passwd: "alsdkafhdfgjrnyödfdfjksdzlyso57sfn7093c5n7aß46bs946r9xbr85xr6"