Commit 3d249877 authored by zaiken's avatar zaiken 💬 Committed by ansible

Ajout du playbook dns-auth (dns authoritaire) et ajout des alertes des erreurs par mail des cron

parent 805bf9e1
---
# Install dns on routers
- hosts: dns-auth
remote_user: root
roles:
- dns-auth
# This is a sample of a minimal configuration file for Knot DNS.
# See knot.conf(5) or refer to the server documentation.
server:
# Listen on all configured IPv4 interfaces.
listen: 0.0.0.0@53
# Listen on all configured IPv6 interfaces.
listen: ::@53
# User for running the server.
user: knot:knot
log:
- target: syslog
any: info
remote:
- id: crom
address: 185.230.78.37@53
- id: gif
address: 160.228.152.1
# - id: slave
# address: 192.168.1.1@53
#
# - id: master
# address: 192.168.2.1@53
acl:
- id: acl_slave
address: 185.230.78.37 # crom
address: 160.228.152.1 # gif
address: 193.48.224.212 # patou 1
address: 193.48.224.116 # patou 2
action: transfer
# - id: acl_slave
# address: 192.168.1.1
# action: transfer
# - id: acl_master
# address: 192.168.2.1
# action: notify
template:
- id: default
storage: "/var/lib/knot"
file: "%s.zone"
policy:
- id: dnssec
algorithm: ecdsap384sha384
ksk-shared: true
zone:
zone:
- domain: rezometz.org
file: /usr/local/dns/generated/dns.rezometz.org.zone
notify: [crom, gif]
acl: acl_slave
dnssec-signing: on
dnssec-policy: dnssec
- domain: 225.48.193.in-addr.arpa
file: /usr/local/dns/generated/dns.225.48.193.in-addr.arpa.zone
notify: [gif, crom]
acl: acl_slave
dnssec-signing: on
dnssec-policy: dnssec
- domain: 193.in-addr.arpa
file: /usr/local/dns/generated/dns.193.in-addr.arpa
notify: [gif, crom]
acl: acl_slave
dnssec-signing: on
dnssec-policy: dnssec
# # Master zone
# - domain: example.com
# notify: slave
# acl: acl_slave
# # Slave zone
# - domain: example.net
# master: master
# acl: acl_master
This diff is collapsed.
- name: Install Knot
apt:
name: knot
- name: Recursively remove directory Re2oapi
file:
path: /usr/local/dns/re2oapi
state: absent
- name: Copy configuration LOCAL
copy:
src: knot.conf
dest: /etc/knot/knot.conf
mode: 0640
owner: knot
group: knot
- name: Get re2o-service for dns
git:
repo: https://gitlab.federez.net/re2o/dns.git
dest: /usr/local/dns
force: yes
- name: Get re2oApi for dns
git:
repo: https://gitlab.federez.net/re2o/re2oapi.git
dest: /usr/local/dns/re2oapi
force: yes
- name: Copy main.py
copy:
src: main.py
dest: /usr/local/dns/main.py
mode: 0755
owner: root
group: ssh
- name: Create generated directory
file:
path: /usr/local/dns/generated
state: directory
mode: 0755
- name: Configure service
template:
src: config.ini.j2
dest: /usr/local/dns/config.ini
mode: 0600
- name: Create crontab
cron:
cron_file: re2o-services
name: Update dns entries
user: root
job: "/usr/bin/python3 /usr/local/dns/main.py > /dev/null 2 && systemctl reload knot"
- name: Add Monitoring mail into the crontab
cronvar:
cron_file: re2o-services
name: MAILTO
user: root
value: "monitoring@rezometz.org"
- name: Restart Knot
service:
name: knot
state: restarted
[Re2o]
hostname = {{ re2o_address }}
username = {{ service_user }}
password = {{ service_user_password }}
use_tls = true
use_knot = false
......@@ -98,7 +98,14 @@
cron_file: re2o-services
name: Update dns entries
user: root
job: "cd /usr/local/dns/ && /usr/bin/python3 /usr/local/dns/main.py > /dev/null 2>&1 && systemctl reload bind9"
job: "cd /usr/local/dns/ && /usr/bin/python3 /usr/local/dns/main.py > /dev/null 2 && systemctl reload bind9"
- name: Add Monitoring mail into the crontab
cronvar:
cron_file: re2o-services
name: MAILTO
user: root
value: "monitoring@rezometz.org"
- name: Restart bind9
service:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment