prepare dns secondaries

host_vars/dnssec1.universe.local.yml

@@ -1,3 +1,4 @@
-powerdns-server: True
+powerdns_server: True
-powerdns-primary: False
+powerdns_primary: False
-powerdns-secondary: True
+powerdns_secondary: True
+pdns_pri_server: "192.168.1.190"

roles/nameserver/handlers/main.yml

@@ -17,3 +17,8 @@
   service:
     name: "pdns"
     state: restarted
+
+- name: restart_mysqld
+  service:
+    name: "mysqld"
+    state: restarted

roles/nameserver/tasks/install_powerdns_server.yml

@@ -1,55 +1,58 @@
-- name: nameserver | powerdns-server | install packages
+- name: Nameserver | powerdns-server | install packages
   package:
     name: "{{ powerdns_server_package }}"
     state: present
 
-- name: nameserver | powerdns-server | install backends
+- name: Nameserver | powerdns-server | install backends
   package:
     name: "{{ item.package }}"
     state: latest
   with_items: "{{ powerdns_backends }}"
 
-- name: nameserver | powerdns-server | install and configure database
+- name: Nameserver | powerdns-server | install and configure database
+  when:
+    - powerdns_primary is defined
+    - powerdns_primary is true
   block:
     - include_role: name=database # required. The name of the role to be executed.
 
-    - name: nameserver | powerdns-server | install python mysql client
+    - name: Nameserver | powerdns-server | install python mysql client
       package:
         name: "{{ python_mysql_client }}"
         state: present
     
-    - name: nameserver | powerdns-server | create database
+    - name: Nameserver | powerdns-server | create database
       mysql_db:
-        name: "{{ pdns_db_name }}" # required. name of the database to add or remove. I(name=all) May only be provided if I(state) is C(dump) or C(import). List of databases is provided with I(state=dump), I(state=present) and I(state=absent). if name=all Works like --all-databases option for mysqldump (Added in 2.0).
+        name: "{{ pdns_db_name }}"
-        state: present # not required. choices: present;absent;dump;import. The database state
+        state: present
-        encoding: "utf8" # not required. Encoding mode to use, examples include C(utf8) or C(latin1_swedish_ci)
+        encoding: "utf8"
-        config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read.
+        config_file: "/etc/mysql/my.cnf"
-        login_unix_socket: "{{ pdns_mysql_socket }}"  # not required. The path to a Unix domain socket for local connections.
+        login_unix_socket: "{{ pdns_mysql_socket }}"
       register: database_exists
     
-    - name: nameserver | powerdns-server | import database
+    - name: Nameserver | powerdns-server | import database
       mysql_db:
         name: "{{ pdns_db_name }}"
         state: import
-        target: "{{ pdns_mysql_schema }}" # not required. Location, on the remote host, of the dump file to read from or write to. Uncompressed SQL files (C(.sql)) as well as bzip2 (C(.bz2)), gzip (C(.gz)) and xz (Added in 2.0) compressed files are supported.
+        target: "{{ pdns_mysql_schema }}" 
-        config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read.
+        config_file: "/etc/mysql/my.cnf"
-        login_unix_socket: "{{ pdns_mysql_socket }}"  # not required. The path to a Unix domain socket for local connections.
+        login_unix_socket: "{{ pdns_mysql_socket }}"
       when: database_exists.changed
     
-    - name: nameserver | powerdns-server | create database user
+    - name: Nameserver | powerdns-server | create database user
       mysql_user:
-        name: "{{ pdns_db_user }}" # required. Name of the user (role) to add or remove.
+        name: "{{ pdns_db_user }}" 
         password: "{{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw length=20')) }}" # not required. Set the user's password..
         host: localhost
-        priv: "{{ pdns_db_name }}.*:ALL" # not required. MySQL privileges string in the format: C(db.table:priv1,priv2). Multiple privileges can be specified by separating each one using a forward slash: C(db.table:priv/db.table:priv). The format is based on MySQL C(GRANT) statement. Database and table names can be quoted, MySQL-style. If column privileges are used, the C(priv1,priv2) part must be exactly as returned by a C(SHOW GRANT) statement. If not followed, the module will always report changes. It includes grouping columns by permission (C(SELECT(col1,col2)) instead of C(SELECT(col1),SELECT(col2))).
+        priv: "{{ pdns_db_name }}.*:ALL"
-        append_privs: False # not required. Append the privileges defined by priv to the existing ones for this user instead of overwriting existing ones.
+        append_privs: False
-        sql_log_bin: True # not required. Whether binary logging should be enabled or disabled for the connection.
+        sql_log_bin: True
-        state: present # not required. choices: absent;present. Whether the user should exist. When C(absent), removes the user.
+        state: present
-        update_password: on_create # not required. choices: always;on_create. C(always) will update passwords if they differ. C(on_create) will only set the password for newly created users.
+        update_password: on_create
-        config_file: "/etc/mysql/my.cnf" # not required. Specify a config file from which user and password are to be read.
+        config_file: "/etc/mysql/my.cnf"
-        login_unix_socket: "{{ pdns_mysql_socket }}"  # not required. The path to a Unix domain socket for local connections.
+        login_unix_socket: "{{ pdns_mysql_socket }}"
     
-    - name: nameserver | powerdns-server | create database users for secondaries
+    - name: Nameserver | powerdns-server | create database users for secondaries
       mysql_user:
         name: "{{ pdns_db_user }}"
         password: "{{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw length=20')) }}"
@@ -63,7 +66,17 @@
         login_unix_socket: "{{ pdns_mysql_socket }}"
       loop: "{{ pdns_secondaries }}"
 
-    - name: nameserver | powerdns-server | copy config
+    - name: Nameserver | powerdns-server | configure mysql for network
+      ini_file:
+        path: "/etc/mysql/mariadb.conf.d/50-server.cnf"
+        section: "mysqld"
+        option: "bind-address"
+        value: "{{ ansible_default_ipv4.address }}"
+        state: present
+        no_extra_spaces: False # not required. Do not insert spaces before and after '=' symbol.
+      notify: restart_mysqld
+
+    - name: Nameserver | powerdns-server | copy config
       template:
         src: "{{ item.src }}"
         dest: "{{ item.dest }}"
@@ -74,17 +87,28 @@
       loop:
         - { src: "powerdns-server-pri-mysql-config.j2", dest: "/etc/powerdns/pdns.d/mysql.conf" }
         - { src: "powerdns-server-pri-api-config.j2", dest: "/etc/powerdns/pdns.d/api.conf"}
-  when:
-    - powerdns_primary is defined
-    - powerdns_primary is true
   notify: restart_pdns
 
-- name: nameserver | powerdns-server | disable bind
+- name: Nameserver | powerdns-server | configure backends for secondaries
+  when:
+    - powerdns_primary is defined
+    - powerdns_primary is false
+    - powerdns_secondary is defined
+    - powerdns_secondary is true
+  template:
+    src: "powerdns-server-pri-mysql-config.j2"
+    dest: "/etc/powerdns/pdns.d/mysql.conf"
+    mode: "0644"
+    owner: "root"
+    group: "root"
+    force: no
+
+- name: Nameserver | powerdns-server | disable bind
   block:
-    - name: nameserver | powerdns-server | get running services
+    - name: Nameserver | powerdns-server | get running services
       service_facts:
 
-    - name: nameserver | powerdns-server | disable bind
+    - name: Nameserver | powerdns-server | disable bind
       service:
         name: "named"
         state: stopped
@@ -93,7 +117,7 @@
       vars:
         service_names: "{{ services|dict2items|map(attribute='value.name')|list }}"
 
-- name: nameserver | powerdns-server | enable service
+- name: Nameserver | powerdns-server | enable service
   service:
     name: "pdns"
     state: started

roles/nameserver/tasks/main.yml

@@ -3,53 +3,53 @@
   tags: always
 
 - block:
-  - name: nameserver | unbound | install and configure
+  - name: Nameserver | unbound | install and configure
-    block:
-      - name: nameserver | unbound | install
-        include_tasks: install_unbound.yml
-      - name: nameserver | unbound | configure
-        include_tasks: configure_unbound_snmpd.yml
     when:
       - unbound is defined
       - unbound is true
       - powerdns_recursor is not defined or powerdns_recursor is false
+    block:
+      - name: Nameserver | unbound | install
+        include_tasks: install_unbound.yml
+      - name: Nameserver | unbound | configure
+        include_tasks: configure_unbound_snmpd.yml
 
-  - name: nameserver | unbound | disable systemd-resolved
+  - name: Nameserver | unbound | disable systemd-resolved
     include_tasks: disable-systemd-resolved.yml
     when: bind is true or unbound is true or powerdns_recursor is true
 
-  - name: nameserver | powerdns-recursor | install and configure
+  - name: Nameserver | powerdns-recursor | install and configure
-    block:
-      - name: nameserver| powerdns-recursor | install
-        include_tasks: install_powerdns_recursor.yml
-      - name: nameserver | powerdns-recursor | configure
-        include_tasks: configure_powerdns_recursor_snmpd.yml
     when:
       - powerdns_recursor is defined
       - powerdns_recursor is true
       - unbound is not defined or unbound is false
-
-  - name: nameserver | bind | install and configure
     block:
-      - name: nameserver | bind | install
+      - name: Nameserver| powerdns-recursor | install
-        include_tasks: install_bind.yml
+        include_tasks: install_powerdns_recursor.yml
-      - name: nameserver | bind | configure
+      - name: Nameserver | powerdns-recursor | configure
-        include_tasks: configure_bind_snmpd.yml
+        include_tasks: configure_powerdns_recursor_snmpd.yml
+
+  - name: Nameserver | bind | install and configure
     when:
       - bind is defined
       - bind is true
       - powerdns_server is not defined or powerdns_server is false
-
-  - name: nameserver | powerdns-server | install and configure
     block:
-      - name: nameserver | powerdns-server | install
+      - name: Nameserver | bind | install
-        include_tasks: install_powerdns_server.yml
+        include_tasks: install_bind.yml
-      - name: nameserver | powerdns-server | configure
+      - name: Nameserver | bind | configure
-        include_tasks: configure_powerdns_server_snmpd.yml
+        include_tasks: configure_bind_snmpd.yml
+
+  - name: Nameserver | powerdns-server | install and configure
     when:
       - powerdns_server is defined
       - powerdns_server is true
       - bind is not defined or bind is false
+    block:
+      - name: Nameserver | powerdns-server | install
+        include_tasks: install_powerdns_server.yml
+      - name: Nameserver | powerdns-server | configure
+        include_tasks: configure_powerdns_server_snmpd.yml
 
   rescue:
     - set_fact: task_failed=true

roles/nameserver/templates/powerdns-server-sec-mysql-config .j2

@@ -0,0 +1,4 @@
+launch += gmysql
+gmysql-host = {{ pdns_pri_server }}
+gmysql-password = {{ pdns_db_passwd | default(lookup('password', '/etc/powerdns/pdns.d/.mysqlpw length=20')) }}
+gmysql-dnssec = Yes

roles/nameserver/vars/main.yml

@@ -1,16 +1,16 @@
 $ANSIBLE_VAULT;1.1;AES256
-33393637343963633639303764623635356261393833353539626539396635666264393865333738
+61303361653739306432353266666164316662373337626436323530663765393231373432623163
-3666356534343238656532373735383161666232373536380a366134386664653133323936383364
+6137383465666332313434343038343738666434646233300a633832353361656438316635363433
-36616330356462373436313032303133656433316566373632656532333166323439663465343139
+35313563366132303832653761663639663135303864383434346566313434653965633233633262
-6165353566313464370a343066616239366166333563333364333634643635636135636230346633
+3337343536366534360a613539633535313362633366666431373534356334666661386266316132
-61393731323835666338626262326538346362613561666533623839333566613033363037636364
+66323735313438366432356132313537353463313563633133323832346561306266653838366662
-39643031343232366437316263356339613163333033383664616532343433653131616438383663
+30373136656363336164366662656362316235623530666239396665326165616666663339303932
-38623631323233656238373264346235656530613261303863633964373736653531333236356537
+32643462623363383237636435313564626138373638656235313733306138396366623966636132
-65386166396262343430313431646439663234313561346463316563313832356635653865363333
+31633539383834613335343636323230353530363366353430343036343838353763373134623165
-63653362326535323864353738376132663266353161386461613538313063633332383538316634
+38633164643165326638613535323330363835396661326566373064316435346563393935333437
-39313664323337303861666361636633613631623438613434303964373065396263663232386131
+61653633646365343165306564366631316234386430363538636535313436646232326634616365
-38383235373066633338633938303663623331376330356635343661303061663535346639336464
+62373066306130373161343664666163623434336663356561613166353137373163323639343034
-31646530386533636165346233626532643437336136373731313738313463373436313334613834
+61653261346637306461346164626535353335346461326233303162656539333031613932353832
-38633136613935373466366138336538623266346333313831646339626433396366373761656337
+31653063666163633862393334386365633862363034353861643734363031383137323163326637
-39356365383762363662666162313932323831386133336631383039383132623661646566376265
+39346531646231363832303037383837336164326330646634343934643135626234646265356535
-613335613464393433626139343731393633
+656462656539613538373764656134373037

roles/server/vars/debian.yml

@@ -12,6 +12,3 @@ glusterfs_packages:
 
 commands:
   visudo: "/usr/sbin/visudo"
-
-commands:
-  visudo: "/usr/sbin/visudo"