From b128bd798b578fa36b1c739485cb98e6e29b9e6b Mon Sep 17 00:00:00 2001
From: Fulvio Galeazzi <fulvio.galeazzi@garr.it>
Date: Tue, 5 Dec 2023 17:06:15 +0100
Subject: [PATCH] 2023-12-05: FG; (may-be-)working copy of the Ansible
package... may still need some polishing.
---
README.md | 43 +++++++-
roles/PowerDNS.admin/handlers/main.yml | 5 +
.../tasks/configureWebService_flask.yml | 3 +-
.../tasks/configureWebService_nginx.yml | 96 ++++++++++++++++++
roles/PowerDNS.admin/tasks/main.yml | 69 +++++++------
.../powerdns-admin_config_nginx_http.j2 | 36 +++++++
.../powerdns-admin_config_nginx_https.j2 | 52 ++++++++++
.../templates/powerdns-admin_service_nginx.j2 | 20 ++++
.../templates/powerdns-admin_socket_nginx.j2 | 8 ++
.../templates/powerdns-admin_tmpfile_nginx.j2 | 1 +
roles/PowerDNS.admin/vars/Debian.yml | 11 ++-
roles/PowerDNS.pdns/.github/dependabot.yml | 16 +++
.../PowerDNS.pdns/.github/workflows/main.yml | 19 ++--
roles/PowerDNS.pdns/.gitignore | 3 +
roles/PowerDNS.pdns/CHANGELOG.md | 23 +++++
roles/PowerDNS.pdns/README.md | 18 ++--
roles/PowerDNS.pdns/meta/.galaxy_install_info | 4 +-
roles/PowerDNS.pdns/meta/main.yml | 6 +-
.../{pdns-43 => pdns-46}/converge.yml | 4 +-
.../{pdns-43 => pdns-46}/molecule.yml | 30 +++---
.../{pdns-44 => pdns-47}/converge.yml | 4 +-
.../{pdns-44 => pdns-47}/molecule.yml | 21 ++--
.../molecule/pdns-48/converge.yml | 9 ++
.../molecule/pdns-48/molecule.yml | 99 +++++++++++++++++++
.../molecule/pdns-master/converge.yml | 2 +-
.../molecule/pdns-master/molecule.yml | 16 +--
.../molecule/pdns-os-repos/converge.yml | 2 +-
.../molecule/pdns-os-repos/molecule.yml | 2 +-
.../resources/tests/all/test_common.py | 2 +-
.../tests/backend-mysql/test_backend_mysql.py | 2 +-
.../backend-sqlite/test_backend_sqlite.py | 2 +-
.../test_repo_48.py} | 14 +--
.../test_repo_45.py} | 14 +--
.../resources/tests/repo-46/test_repo_46.py | 44 +++++++++
.../resources/tests/repo-47/test_repo_47.py | 44 +++++++++
.../tests/repo-master/test_repo_master.py | 2 +-
.../resources/vars/pdns-no-overrides.yml | 2 +-
.../molecule/resources/vars/pdns-repo-43.yml | 7 --
.../molecule/resources/vars/pdns-repo-44.yml | 7 --
.../molecule/resources/vars/pdns-repo-45.yml | 7 ++
.../molecule/resources/vars/pdns-repo-46.yml | 7 ++
.../molecule/resources/vars/pdns-repo-47.yml | 7 ++
.../molecule/resources/vars/pdns-repo-48.yml | 7 ++
.../systemd-no-overrides/converge.yml | 2 +-
.../systemd-no-overrides/molecule.yml | 2 +-
roles/PowerDNS.pdns/requirements.yml | 3 +
roles/PowerDNS.pdns/tasks/database-mysql.yml | 11 +--
roles/PowerDNS.pdns/tasks/install.yml | 1 +
roles/PowerDNS.pdns/tasks/main.yml | 17 ++--
roles/PowerDNS.pdns/tasks/repo-RedHat.yml | 14 ++-
roles/PowerDNS.pdns/test-requirements.txt | 14 +--
roles/PowerDNS.pdns/tox.ini | 16 +--
roles/PowerDNS.pdns/vars/RedHat-9.yml | 33 +++++++
roles/PowerDNS.pdns/vars/main.yml | 39 ++++++--
roles/PowerDNS.setup/tasks/main.yml | 6 +-
55 files changed, 771 insertions(+), 177 deletions(-)
create mode 100644 roles/PowerDNS.admin/tasks/configureWebService_nginx.yml
create mode 100644 roles/PowerDNS.admin/templates/powerdns-admin_config_nginx_http.j2
create mode 100644 roles/PowerDNS.admin/templates/powerdns-admin_config_nginx_https.j2
create mode 100644 roles/PowerDNS.admin/templates/powerdns-admin_service_nginx.j2
create mode 100644 roles/PowerDNS.admin/templates/powerdns-admin_socket_nginx.j2
create mode 100644 roles/PowerDNS.admin/templates/powerdns-admin_tmpfile_nginx.j2
create mode 100644 roles/PowerDNS.pdns/.github/dependabot.yml
rename roles/PowerDNS.pdns/molecule/{pdns-43 => pdns-46}/converge.yml (63%)
rename roles/PowerDNS.pdns/molecule/{pdns-43 => pdns-46}/molecule.yml (83%)
rename roles/PowerDNS.pdns/molecule/{pdns-44 => pdns-47}/converge.yml (63%)
rename roles/PowerDNS.pdns/molecule/{pdns-44 => pdns-47}/molecule.yml (88%)
create mode 100644 roles/PowerDNS.pdns/molecule/pdns-48/converge.yml
create mode 100644 roles/PowerDNS.pdns/molecule/pdns-48/molecule.yml
rename roles/PowerDNS.pdns/molecule/resources/tests/{repo-43/test_repo_43.py => pdns-48/test_repo_48.py} (73%)
rename roles/PowerDNS.pdns/molecule/resources/tests/{repo-44/test_repo_44.py => repo-45/test_repo_45.py} (73%)
create mode 100644 roles/PowerDNS.pdns/molecule/resources/tests/repo-46/test_repo_46.py
create mode 100644 roles/PowerDNS.pdns/molecule/resources/tests/repo-47/test_repo_47.py
delete mode 100644 roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-43.yml
delete mode 100644 roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-44.yml
create mode 100644 roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-45.yml
create mode 100644 roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-46.yml
create mode 100644 roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-47.yml
create mode 100644 roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-48.yml
create mode 100644 roles/PowerDNS.pdns/vars/RedHat-9.yml
diff --git a/README.md b/README.md
index fcdf5d9..f2bfabd 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,10 @@ This is the integration of several pieces of code, namely:
- the official PowerDNS.pdns and PowerDNS.pdns_recursor ansible code
- some further code of my own to cross-configure Admin node based on Auth configuration
- yet some other own code to configure PowerDNS-Admin according to official instructions
-
+ (container-based is here https://github.com/PowerDNS-Admin/PowerDNS-Admin but we are
+ using local install, documented here:
+ https://github.com/PowerDNS-Admin/PowerDNS-Admin/tree/master/docs/wiki)
+
Note that the versions of PowerDNS.pdns and PowerDNS.pdns_recursor available
within this package were the official ones available, at some point in time,
from ansible-galaxy via:
@@ -20,9 +23,9 @@ example, update PowerDNS.dns I suggest to:
- execute:
cd /tmp/
- ansible-galaxy --roles-path . install PowerDNS.pdns
+ ansible-galaxy role install --roles-path ./ PowerDNS.pdns
-- and then perform some diff/merge ...
+- and then perform some diff/merge ...
Inventory
---------
@@ -60,11 +63,44 @@ Note that `inventory_bootstrap.yml` makes reference to generic usernames.
Install PowerDNS Authoritative servers
--------------------------------------
+If updating, operate on a single instance, and save current database content:
+
+ mysql -u <dbuser> -h localhost -p<dbpass> pdns -e "select D.name,D.master,D.last_check,D.type,D.notified_serial,D.account,R.name,R.type,R.content,R.ttl,R.prio,R.disabled from records as R left join domains as D on R.domain_id=D.id order by D.name,R.type;" > /tmp/records_<thissite>
+
Install or update servers:
ansible-playbook -i inventory.yml manageDnsAuth.yml
+Notes on updating
+-----------------
+
+One step in the playbook deals with "apt update": should this crash for
+invalid signatures, you may import new signature with the command:
+
+ apt-key adv --recv-keys --keyserver keyserver.ubuntu.com <failingSignature>
+
+Should database access for 'root' fail, chances are that root@localhost is configured
+to use auth_socket rather than password. I opted for not touching default root@localhost,
+but rather create new account 'rootwpass':
+
+ create user 'rootwpass'@'localhost' identified with mysql_native_password by '<securePwd>';
+ GRANT ALL PRIVILEGES ON *.* TO 'rootwpass'@'localhost' WITH GRANT OPTION;
+
+(with MariaDB the create user command is rather: create user 'rootwpass'@'localhost' identified with mysql_native_password using password('<securePwd>');)
+
+When installing MariaDB over a previous MySQL installation, you may encounter the
+problem described here (mariadb service stuck in "activating"): https://serverfault.com/questions/1013128/mariadb-service-start-stuck-at-activating
+ Perform the suggested steps:
+ = sudo systemctl stop mariadb
+ = echo "/usr/sbin/mysqld { }" | sudo tee /etc/apparmor.d/usr.sbin.mysqld
+ = sudo apparmor_parser -v -R /etc/apparmor.d/usr.sbin.mysqld
+ # This should display Removal succeeded for "/usr/sbin/mysqld".
+ = sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/usr.sbin.mysqld
+
+Upgrade to flask environment may also be needed: pip3 install --upgrade pip
+
+
Install PowerDNS-Admin server
-----------------------------
@@ -72,7 +108,6 @@ Install or update servers:
ansible-playbook -i inventory.yml manageDnsAdmin.yml
-
Install PowerDNS-recursor
-------------------------
diff --git a/roles/PowerDNS.admin/handlers/main.yml b/roles/PowerDNS.admin/handlers/main.yml
index 5f4744b..0b24611 100644
--- a/roles/PowerDNS.admin/handlers/main.yml
+++ b/roles/PowerDNS.admin/handlers/main.yml
@@ -6,3 +6,8 @@
name: "{{ apache_srv_name }}"
state: restarted
+- name: Restart Nginx
+ service:
+ name: "{{ nginx_srv_name }}"
+ state: restarted
+
diff --git a/roles/PowerDNS.admin/tasks/configureWebService_flask.yml b/roles/PowerDNS.admin/tasks/configureWebService_flask.yml
index 1339386..2e2c3be 100644
--- a/roles/PowerDNS.admin/tasks/configureWebService_flask.yml
+++ b/roles/PowerDNS.admin/tasks/configureWebService_flask.yml
@@ -4,8 +4,9 @@
- name: Create systemd startup script
template:
- src: powerdns-admin_service.j2
+ src: powerdns-admin_service_flask.j2
dest: /etc/systemd/system/powerdns-admin.service
+
- name: Reload systemd
systemd:
daemon_reload: yes
diff --git a/roles/PowerDNS.admin/tasks/configureWebService_nginx.yml b/roles/PowerDNS.admin/tasks/configureWebService_nginx.yml
new file mode 100644
index 0000000..65cd41b
--- /dev/null
+++ b/roles/PowerDNS.admin/tasks/configureWebService_nginx.yml
@@ -0,0 +1,96 @@
+---
+
+- debug: msg="Configure service using Nginx"
+
+- debug: msg="WARNING, NOT FOR CENTOS"
+
+- block:
+ - name: Resolve hostname for PowerDNS-Admin server
+ shell: host {{ pdnsadmin_webaddr }} | awk '{print $NF}' | sed -e 's/\.$//'
+ register: nslookup_out
+ run_once: True
+
+ - set_fact:
+ pdnsadmin_webname={{ nslookup_out.stdout }}
+ when:
+ - pdnsadmin_webname is undefined
+
+- debug: msg="Webname {{ pdnsadmin_webname }}"
+
+- name: Install Nginx webserver and modules (for Python3)
+ package:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - "{{ nginx_pkg_name }}"
+ - "{{ nginx_pkg_name }}-core"
+- name: Enable Nginx
+ service:
+ name: "{{ nginx_srv_name }}"
+ enabled: True
+
+- name: Create destination directory for SSL certificates
+ file:
+ state: directory
+ path: /etc/ssl/
+ owner: root
+ group: root
+ mode: 0755
+- name: Copy server SSL certificates
+ copy:
+ src: "{{ item }}"
+ dest: /etc/ssl/
+ with_items:
+ - "{{ pdnsadmin_webname }}.crt"
+ - "{{ pdnsadmin_webname }}.key"
+ when:
+ - pdnsadmin_webhttps
+ - pdnsadmin_ssl_update
+
+
+- name: Create Nginx VirtualHost (http) configuration script
+ template:
+ src: powerdns-admin_config_nginx_http.j2
+ dest: /etc/nginx/conf.d/powerdns-admin.conf
+ force: yes
+ owner: root
+ group: root
+ mode: 0644
+ notify:
+ - Restart Nginx
+ when:
+ - not pdnsadmin_ssl_update
+- name: Create Nginx VirtualHost (https) configuration script
+ template:
+ src: powerdns-admin_config_nginx_https.j2
+ dest: /etc/nginx/conf.d/powerdns-admin.conf
+ force: yes
+ owner: root
+ group: root
+ mode: 0644
+ notify:
+ - Restart Nginx
+ when:
+ - pdnsadmin_ssl_update
+
+- name: Create systemd startup script
+ template:
+ src: powerdns-admin_service_nginx.j2
+ dest: /etc/systemd/system/powerdns-admin.service
+- name: Create systemd socket
+ template:
+ src: powerdns-admin_socket_nginx.j2
+ dest: /etc/systemd/system/powerdns-admin.socket
+- name: Create systemd tmpfile
+ template:
+ src: powerdns-admin_tmpfile_nginx.j2
+ dest: /etc/tmpfiles.d/powerdns-admin.conf
+- name: Reload systemd
+ systemd:
+ daemon_reload: yes
+ name: "{{ item }}"
+ enabled: yes
+ state: restarted
+ with_items:
+ - powerdns-admin.socket
+ - powerdns-admin.service
diff --git a/roles/PowerDNS.admin/tasks/main.yml b/roles/PowerDNS.admin/tasks/main.yml
index d564b22..464ba42 100644
--- a/roles/PowerDNS.admin/tasks/main.yml
+++ b/roles/PowerDNS.admin/tasks/main.yml
@@ -2,13 +2,13 @@
# tasks file for PowerDNS.admin
### get_distribution
-- include: ../roles/common/tasks/loadVariables.yml
+- include_tasks: ../roles/common/tasks/loadVariables.yml
### Packages
-- include: ../roles/common/tasks/updatePkg.yml
+- include_tasks: ../roles/common/tasks/updatePkg.yml
tags: configpkg
-- include: ../roles/common/tasks/upgradePkg.yml
+- include_tasks: ../roles/common/tasks/upgradePkg.yml
tags: upgradepkg
### Collect variables from first host in 'dnsauthmaster' group
@@ -60,16 +60,20 @@
path: "{{ pdnsadmin_basedir }}"
state: directory
-# - name: Clone Git repository
-# git:
-# repo: "{{ pdnsadmin_gitrepo }}"
-# clone: yes
-# dest: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}"
-
+- name: Clone Git repository
+ ansible.builtin.git:
+ repo: "{{ pdnsadmin_gitrepo }}"
+ clone: yes
+ update: yes
+ force: yes
+ dest: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}"
+
+# default config powerdnsadmin/default_config.py is Git-managed so we pick another one
+# --> this implies setting FLASK_CONF later, relative to powerdnsadmin directory
- name: Create config.py from template
copy:
- src: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}/config_template.py"
- dest: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}/config.py"
+ src: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}/powerdnsadmin/default_config.py"
+ dest: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}/configs/production.py"
remote_src: yes
owner: "{{ pdnsadmin_usr }}"
group: "{{ pdnsadmin_grp }}"
@@ -100,9 +104,9 @@
name: "{{ item }}"
state: present
with_items:
- - mysql-server
- - mysql-client
- - python-mysqldb
+ - mariadb-server
+ - mariadb-client
+ - python3-mysqldb
when: ansible_os_family == 'Debian'
- name: Start the MySQL service on RedHat
@@ -116,25 +120,26 @@
- name: Start the MySQL service on Debian
become: true
service:
- name: mysql
- state: started
+ name: mariadb
+ state: restarted
enabled: true
when: ansible_os_family == 'Debian'
- name: Create database
mysql_db:
- login_host: "{{ pdnsadmin_dbhost }}"
- login_password: "{{ pdnsadmin_dbRootPass }}"
login_user: "{{ pdnsadmin_dbRootUser }}"
+ login_password: "{{ pdnsadmin_dbRootPass }}"
+ login_host: "{{ pdnsadmin_dbhost }}"
login_port: "{{ pdnsadmin_dbPort | default('3306') }}"
name: "{{ pdnsadmin_dbname }}"
+ state: present
collation: utf8_general_ci
encoding: utf8
- name: Grant privileges to database
mysql_user:
- login_host: "{{ pdnsadmin_dbhost }}"
- login_password: "{{ pdnsadmin_dbRootPass }}"
login_user: "{{ pdnsadmin_dbRootUser }}"
+ login_password: "{{ pdnsadmin_dbRootPass }}"
+ login_host: "{{ pdnsadmin_dbhost }}"
login_port: "{{ pdnsadmin_dbPort | default('3306') }}"
name: "{{ pdnsadmin_dbuser }}"
password: "{{ pdnsadmin_dbpass }}"
@@ -146,9 +151,9 @@
### Customize PowerDNS-Admin
-- name: Customize config.py
+- name: Customize configs/production.py
lineinfile:
- path: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}/config.py"
+ path: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}/configs/production.py"
state: present
line: "{{ item.name }} = {{ item.value }}"
regexp: "{{ item.regexp }}"
@@ -159,18 +164,15 @@
stat:
path: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}/flask/bin/activate"
register: flask_env
-
- name: Create virtualenv
shell: virtualenv -p python3 flask
args:
chdir: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}"
when:
- flask_env.stat.exists == False
-
- name: Temporary fix for nodejs-yarn oddity
# 2019-01-15: see https://github.com/yarnpkg/yarn/issues/6914
- shell: curl -sL https://deb.nodesource.com/setup_10.x | bash - && apt-get install -y nodejs
-
+ shell: curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs
- name: Configure virtualenv, install module
pip:
virtualenv: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}/flask"
@@ -183,7 +185,7 @@
chdir: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}"
requirements: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}/requirements.txt"
- name: Configure virtualenv, execute commands
- shell: "export FLASK_APP=app/__init__.py ; {{ item }}"
+ shell: "export FLASK_APP=powerdnsadmin/__init__.py ; export FLASK_CONF=../configs/production.py ; {{ item }}"
args:
chdir: "{{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}"
with_items:
@@ -199,14 +201,23 @@
group: "{{ pdnsadmin_grp }}"
recurse: yes
-- debug: msg="Flag is {{ pdnsadmin_runInApache }}"
+- debug: msg="Flag pdnsadmin_runInFlask {{ pdnsadmin_runInFlask }}"
+- debug: msg="Flag pdnsadmin_runInApache {{ pdnsadmin_runInApache }}"
+- debug: msg="Flag pdnsadmin_runInNginx {{ pdnsadmin_runInNginx }}"
### Configure and start web service
+# WARNING: not updated
- include_tasks: configureWebService_flask.yml
when:
- - not pdnsadmin_runInApache
+ - pdnsadmin_runInFlask
+# WARNING: not updated
- include_tasks: configureWebService_apache.yml
when:
- pdnsadmin_runInApache
+
+- include_tasks: configureWebService_nginx.yml
+ when:
+ - pdnsadmin_runInNginx
+
diff --git a/roles/PowerDNS.admin/templates/powerdns-admin_config_nginx_http.j2 b/roles/PowerDNS.admin/templates/powerdns-admin_config_nginx_http.j2
new file mode 100644
index 0000000..c0aaeae
--- /dev/null
+++ b/roles/PowerDNS.admin/templates/powerdns-admin_config_nginx_http.j2
@@ -0,0 +1,36 @@
+server {
+ listen *:{{ pdnsadmin_webport }};
+ server_name {{ pdnsadmin_webname }};
+
+ index index.html index.htm index.php;
+ root {{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }};
+ access_log /var/log/nginx/pdnsadmin_access.log combined;
+ error_log /var/log/nginx/pdnsadmin_error.log;
+
+ client_max_body_size 10m;
+ client_body_buffer_size 128k;
+ proxy_redirect off;
+ proxy_connect_timeout 90;
+ proxy_send_timeout 90;
+ proxy_read_timeout 90;
+ proxy_buffers 32 4k;
+ proxy_buffer_size 8k;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_headers_hash_bucket_size 64;
+
+ location ~ ^/static/ {
+ include /etc/nginx/mime.types;
+ root {{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}/powerdnsadmin;
+ location ~* \.(jpg|jpeg|png|gif)$ { expires 365d; }
+ location ~* ^.+.(css|js)$ { expires 7d; }
+ }
+
+ location / {
+ proxy_pass http://unix:/run/powerdns-admin/socket;
+ proxy_read_timeout 120;
+ proxy_connect_timeout 120;
+ }
+
+}
diff --git a/roles/PowerDNS.admin/templates/powerdns-admin_config_nginx_https.j2 b/roles/PowerDNS.admin/templates/powerdns-admin_config_nginx_https.j2
new file mode 100644
index 0000000..3eebc6c
--- /dev/null
+++ b/roles/PowerDNS.admin/templates/powerdns-admin_config_nginx_https.j2
@@ -0,0 +1,52 @@
+server {
+ listen 80 default_server;
+ server_name {{ pdnsadmin_webname }};
+ return 301 https://{{ pdnsadmin_webname }}$request_uri;
+}
+
+server {
+ listen *:{{ pdnsadmin_webport }} ssl http2 default_server;
+ server_name {{ pdnsadmin_webname }};
+ index index.html index.htm index.php;
+ root {{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }};
+ access_log /var/log/nginx/pdnsadmin_access.log combined;
+ error_log /var/log/nginx/pdnsadmin_error.log;
+
+ ssl_certificate /etc/ssl/{{ pdnsadmin_webname }}.crt;
+ ssl_certificate_key /etc/ssl/{{ pdnsadmin_webname }}.key;
+# ssl_dhparam path_to_your_dhparam.pem;
+ ssl_prefer_server_ciphers on;
+ ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+ ssl_session_cache shared:SSL:10m;
+# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+ client_max_body_size 10m;
+ client_body_buffer_size 128k;
+ proxy_redirect off;
+ proxy_connect_timeout 90;
+ proxy_send_timeout 90;
+ proxy_read_timeout 90;
+ proxy_buffers 32 4k;
+ proxy_buffer_size 8k;
+ proxy_set_header Host $host;
+ proxy_set_header X-Scheme $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_headers_hash_bucket_size 64;
+
+ location ~ ^/static/ {
+ include /etc/nginx/mime.types;
+ root {{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}/powerdnsadmin;
+ location ~* \.(jpg|jpeg|png|gif)$ { expires 365d; }
+ location ~* ^.+.(css|js)$ { expires 7d; }
+ }
+
+ location / {
+ proxy_pass http://unix:/run/powerdns-admin/socket;
+ proxy_read_timeout 120;
+ proxy_connect_timeout 120;
+ proxy_redirect http:// $scheme://;
+ }
+
+}
diff --git a/roles/PowerDNS.admin/templates/powerdns-admin_service_nginx.j2 b/roles/PowerDNS.admin/templates/powerdns-admin_service_nginx.j2
new file mode 100644
index 0000000..b43bfb9
--- /dev/null
+++ b/roles/PowerDNS.admin/templates/powerdns-admin_service_nginx.j2
@@ -0,0 +1,20 @@
+[Unit]
+Description=PowerDNS-Admin
+Requires=powerdns-admin.socket
+After=network.target
+
+[Service]
+Environment="FLASK_CONF=../configs/production.py"
+PIDFile=/run/powerdns-admin/pid
+User={{ pdnsadmin_usr }}
+Group={{ pdnsadmin_grp }}
+WorkingDirectory={{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}
+ExecStartPre=+mkdir -p /run/powerdns-admin/
+ExecStartPre=+chown {{ pdnsadmin_usr }}:{{ pdnsadmin_grp }} -R /run/powerdns-admin/
+ExecStart={{ pdnsadmin_basedir }}/{{ pdnsadmin_destdir }}/flask/bin/gunicorn --pid /run/powerdns-admin/pid --bind unix:/run/powerdns-admin/socket 'powerdnsadmin:create_app()'
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s TERM $MAINPID
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/PowerDNS.admin/templates/powerdns-admin_socket_nginx.j2 b/roles/PowerDNS.admin/templates/powerdns-admin_socket_nginx.j2
new file mode 100644
index 0000000..5eb01ff
--- /dev/null
+++ b/roles/PowerDNS.admin/templates/powerdns-admin_socket_nginx.j2
@@ -0,0 +1,8 @@
+[Unit]
+Description=PowerDNS-Admin socket
+
+[Socket]
+ListenStream=/run/powerdns-admin/socket
+
+[Install]
+WantedBy=sockets.target
diff --git a/roles/PowerDNS.admin/templates/powerdns-admin_tmpfile_nginx.j2 b/roles/PowerDNS.admin/templates/powerdns-admin_tmpfile_nginx.j2
new file mode 100644
index 0000000..3b29909
--- /dev/null
+++ b/roles/PowerDNS.admin/templates/powerdns-admin_tmpfile_nginx.j2
@@ -0,0 +1 @@
+d /run/powerdns-admin 0755 {{ pdnsadmin_usr }} {{ pdnsadmin_grp }} -
diff --git a/roles/PowerDNS.admin/vars/Debian.yml b/roles/PowerDNS.admin/vars/Debian.yml
index da83094..5f0d03e 100644
--- a/roles/PowerDNS.admin/vars/Debian.yml
+++ b/roles/PowerDNS.admin/vars/Debian.yml
@@ -5,6 +5,7 @@ extrakeys:
extrarepos:
- "deb https://dl.yarnpkg.com/debian/ stable main"
+# see: https://github.com/PowerDNS-Admin/PowerDNS-Admin/blob/master/docs/wiki/install/Running-PowerDNS-Admin-on-Ubuntu-or-Debian.md
extrapackages:
- git
- virtualenv
@@ -12,9 +13,13 @@ extrapackages:
- yarn
- python3-dev
- python-setuptools
- - libmysqlclient-dev
- libsasl2-dev
- libldap2-dev
+ - python3-venv
+ - libmariadb-dev
+ - build-essential
+ - curl
+ - libpq-dev
- libssl-dev
- libxml2-dev
- libxslt1-dev
@@ -22,5 +27,5 @@ extrapackages:
- libffi-dev
- pkg-config
-apache_pkg_name: apache2
-apache_srv_name: apache2
+nginx_pkg_name: nginx
+nginx_srv_name: nginx
diff --git a/roles/PowerDNS.pdns/.github/dependabot.yml b/roles/PowerDNS.pdns/.github/dependabot.yml
new file mode 100644
index 0000000..dee142c
--- /dev/null
+++ b/roles/PowerDNS.pdns/.github/dependabot.yml
@@ -0,0 +1,16 @@
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+- package-ecosystem: github-actions
+ directory: "/"
+ schedule:
+ interval: daily
+ timezone: Europe/Amsterdam
+ open-pull-requests-limit: 5
+- package-ecosystem: pip
+ directory: "/"
+ schedule:
+ interval: daily
+ timezone: Europe/Amsterdam
+ open-pull-requests-limit: 5
diff --git a/roles/PowerDNS.pdns/.github/workflows/main.yml b/roles/PowerDNS.pdns/.github/workflows/main.yml
index 1efa80d..1db3826 100644
--- a/roles/PowerDNS.pdns/.github/workflows/main.yml
+++ b/roles/PowerDNS.pdns/.github/workflows/main.yml
@@ -2,6 +2,8 @@
on:
push:
pull_request:
+ schedule:
+ - cron: '33 5 * * 0'
jobs:
Tests:
@@ -10,22 +12,23 @@ jobs:
strategy:
matrix:
ansible:
- - '2.9'
- - '2.10'
- - '2.11'
+ - "2.12"
+ - "2.13"
+ - "2.14"
scenario:
- - pdns-43
- - pdns-44
+ - pdns-46
+ - pdns-47
+ - pdns-48
- pdns-master
- pdns-os-repos
- systemd-no-overrides
steps:
- name: checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Install python
- uses: actions/setup-python@v2
+ uses: actions/setup-python@v4
with:
- python-version: 3.6
+ python-version: "3.10"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
diff --git a/roles/PowerDNS.pdns/.gitignore b/roles/PowerDNS.pdns/.gitignore
index b31443c..3adf759 100644
--- a/roles/PowerDNS.pdns/.gitignore
+++ b/roles/PowerDNS.pdns/.gitignore
@@ -14,3 +14,6 @@ __pycache__/
.cache
.molecule
.vagrant
+
+#venv
+venv
diff --git a/roles/PowerDNS.pdns/CHANGELOG.md b/roles/PowerDNS.pdns/CHANGELOG.md
index 5013113..130ebd4 100644
--- a/roles/PowerDNS.pdns/CHANGELOG.md
+++ b/roles/PowerDNS.pdns/CHANGELOG.md
@@ -1,3 +1,26 @@
+## v1.8.0 (2023-08-03)
+
+NEW FEATURES:
+- Added pdns48 repository and CI ([\#180](https://github.com/PowerDNS/pdns-ansible/pull/180))
+- Added support for OL9 ([\#145](https://github.com/PowerDNS/pdns-ansible/pull/145))
+- Added pdns47 repository and CI ([\#135](https://github.com/PowerDNS/pdns-ansible/pull/135))
+- Replaced Centos8 with OL8 ([\#133](https://github.com/PowerDNS/pdns-ansible/pull/133))
+- Added pdns46 repository and CI ([\#117](https://github.com/PowerDNS/pdns-ansible/pull/117))
+
+IMPROVEMENTS:
+- Bump versions and various fixes in CI and README.md ([\#179](https://github.com/PowerDNS/pdns-ansible/pull/179)
+- Bump versions in requirements.txt ([\#144](https://github.com/PowerDNS/pdns-ansible/pull/144))
+- Removal of deprecation warning ([\#121](https://github.com/PowerDNS/pdns-ansible/pull/121))
+- Do not restart all servers at once ([\#109](https://github.com/PowerDNS/pdns-ansible/pull/109))
+- Prevent logging of password information ([\#106](https://github.com/PowerDNS/pdns-ansible/pull/106))
+
+REMOVED FEATURES:
+- Drop pdns45, support for Debian 9 ([\#179](https://github.com/PowerDNS/pdns-ansible/pull/179)) EOL
+- Drop Ansible v2.9 - v2.10 - v2.11 from CI and removed pdns43 and pdns44 ([\#144](https://github.com/PowerDNS/pdns-ansible/pull/144)) for EOL
+
+BUG FIXES:
+- Add MySQL schema path with PowerDNS 4.6 and Rocky Linux 8 with EPEL package installation ([\#114](https://github.com/PowerDNS/pdns-ansible/pull/114))
+
## v1.7.0 (2021-07-01)
NEW FEATURES:
diff --git a/roles/PowerDNS.pdns/README.md b/roles/PowerDNS.pdns/README.md
index 992ffe4..498d3be 100644
--- a/roles/PowerDNS.pdns/README.md
+++ b/roles/PowerDNS.pdns/README.md
@@ -9,7 +9,7 @@ An Ansible role created by the folks behind PowerDNS to setup the [PowerDNS Auth
## Requirements
-An Ansible 2.9 or higher installation.
+An Ansible 2.12 or higher installation.
## Dependencies
@@ -32,17 +32,23 @@ By default, the PowerDNS Authoritative Server is installed from the software rep
- { role: PowerDNS.pdns,
pdns_install_repo: "{{ pdns_auth_powerdns_repo_master }}"
-# Install the PowerDNS Authoritative Server from the '4.3.x' official repository
+# Install the PowerDNS Authoritative Server from the '4.6.x' official repository
- hosts: all
roles:
- { role: PowerDNS.pdns,
- pdns_install_repo: "{{ pdns_auth_powerdns_repo_43 }}"
+ pdns_install_repo: "{{ pdns_auth_powerdns_repo_46 }}"
-# Install the PowerDNS Authoritative Server from the '4.4.x' official repository
+# Install the PowerDNS Authoritative Server from the '4.7.x' official repository
- hosts: all
roles:
- { role: PowerDNS.pdns,
- pdns_install_repo: "{{ pdns_auth_powerdns_repo_44 }}"
+ pdns_install_repo: "{{ pdns_auth_powerdns_repo_47 }}"
+
+# Install the PowerDNS Authoritative Server from the '4.8.x' official repository
+- hosts: all
+ roles:
+ - { role: PowerDNS.pdns,
+ pdns_install_repo: "{{ pdns_auth_powerdns_repo_48 }}"
```
The examples above, show how to install the PowerDNS Authoritative Server from the official PowerDNS repositories
@@ -347,7 +353,7 @@ To test all the scenarios run
To run a custom molecule command
- $ tox -e ansible210 -- molecule test -s pdns-44
+ $ tox -e ansible214 -- molecule test -s pdns-48
## License
diff --git a/roles/PowerDNS.pdns/meta/.galaxy_install_info b/roles/PowerDNS.pdns/meta/.galaxy_install_info
index 27985b8..2743d23 100644
--- a/roles/PowerDNS.pdns/meta/.galaxy_install_info
+++ b/roles/PowerDNS.pdns/meta/.galaxy_install_info
@@ -1,2 +1,2 @@
-install_date: Fri Jul 16 14:49:06 2021
-version: v1.7.0
+install_date: 'Wed 29 Nov 2023 11:19:17 AM '
+version: v1.8.0
diff --git a/roles/PowerDNS.pdns/meta/main.yml b/roles/PowerDNS.pdns/meta/main.yml
index 7f57787..6af15a1 100644
--- a/roles/PowerDNS.pdns/meta/main.yml
+++ b/roles/PowerDNS.pdns/meta/main.yml
@@ -1,13 +1,13 @@
---
galaxy_info:
- namespace: powerdns
- role_name: pdns
+ role_name: "pdns"
+ namespace: "powerdns"
author: PowerDNS Engineering Team
description: Install and configure the PowerDNS Authoritative DNS Server
company: PowerDNS.COM BV
license: MIT
- min_ansible_version: 2.9
+ min_ansible_version: "2.12"
platforms:
- name: EL
versions:
diff --git a/roles/PowerDNS.pdns/molecule/pdns-43/converge.yml b/roles/PowerDNS.pdns/molecule/pdns-46/converge.yml
similarity index 63%
rename from roles/PowerDNS.pdns/molecule/pdns-43/converge.yml
rename to roles/PowerDNS.pdns/molecule/pdns-46/converge.yml
index 5012f0a..1a5a70c 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-43/converge.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-46/converge.yml
@@ -3,7 +3,7 @@
- hosts: pdns
vars_files:
- ../resources/vars/pdns-common.yml
- - ../resources/vars/pdns-repo-43.yml
+ - ../resources/vars/pdns-repo-46.yml
- ../resources/vars/pdns-backends.yml
roles:
- - { role: pdns-ansible }
+ - { role: powerdns.pdns }
diff --git a/roles/PowerDNS.pdns/molecule/pdns-43/molecule.yml b/roles/PowerDNS.pdns/molecule/pdns-46/molecule.yml
similarity index 83%
rename from roles/PowerDNS.pdns/molecule/pdns-43/molecule.yml
rename to roles/PowerDNS.pdns/molecule/pdns-46/molecule.yml
index fa27e98..f6746ad 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-43/molecule.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-46/molecule.yml
@@ -1,7 +1,7 @@
---
scenario:
- name: pdns-43
+ name: pdns-46
driver:
name: docker
@@ -15,25 +15,31 @@ platforms:
image: centos:7
dockerfile_tpl: centos-systemd
- - name: centos-8
+ - name: oraclelinux-8
groups: ["pdns"]
- image: centos:8
+ image: oraclelinux:8
dockerfile_tpl: centos-systemd
- - name: ubuntu-1804
+ - name: ubuntu-2004
groups: ["pdns"]
- image: ubuntu:18.04
- dockerfile_tpl: debian-systemd
-
- - name: debian-9
- groups: ["pdns"]
- image: debian:9
+ image: ubuntu:20.04
+ tmpfs:
+ - /run
+ - /tmp
dockerfile_tpl: debian-systemd
- name: debian-10
groups: ["pdns"]
image: debian:10
+ privileged: True
+ volume_mounts:
+ - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+ tmpfs:
+ - /run
+ - /run/lock
+ - /tmp
dockerfile_tpl: debian-systemd
+ environment: { container: docker }
# In order to run the tests we need
# a MySQL container to be up & running
@@ -81,8 +87,8 @@ verifier:
directory: ../resources/tests/all
additional_files_or_dirs:
# path relative to 'directory'
- - ../repo-43/
+ - ../repo-46/
- ../backend-sqlite/
- ../backend-mysql/
- ../systemd-override/
- lint: flake8
+
diff --git a/roles/PowerDNS.pdns/molecule/pdns-44/converge.yml b/roles/PowerDNS.pdns/molecule/pdns-47/converge.yml
similarity index 63%
rename from roles/PowerDNS.pdns/molecule/pdns-44/converge.yml
rename to roles/PowerDNS.pdns/molecule/pdns-47/converge.yml
index 1b511c1..25ec529 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-44/converge.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-47/converge.yml
@@ -3,7 +3,7 @@
- hosts: pdns
vars_files:
- ../resources/vars/pdns-common.yml
- - ../resources/vars/pdns-repo-44.yml
+ - ../resources/vars/pdns-repo-47.yml
- ../resources/vars/pdns-backends.yml
roles:
- - { role: pdns-ansible }
+ - { role: powerdns.pdns }
diff --git a/roles/PowerDNS.pdns/molecule/pdns-44/molecule.yml b/roles/PowerDNS.pdns/molecule/pdns-47/molecule.yml
similarity index 88%
rename from roles/PowerDNS.pdns/molecule/pdns-44/molecule.yml
rename to roles/PowerDNS.pdns/molecule/pdns-47/molecule.yml
index 1c22258..87b3081 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-44/molecule.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-47/molecule.yml
@@ -1,7 +1,7 @@
---
scenario:
- name: pdns-44
+ name: pdns-47
driver:
name: docker
@@ -15,15 +15,15 @@ platforms:
image: centos:7
dockerfile_tpl: centos-systemd
- - name: centos-8
+ - name: oraclelinux-9
groups: ["pdns"]
- image: centos:8
+ image: oraclelinux:9
dockerfile_tpl: centos-systemd
- - name: ubuntu-1804
+ - name: oraclelinux-8
groups: ["pdns"]
- image: ubuntu:18.04
- dockerfile_tpl: debian-systemd
+ image: oraclelinux:8
+ dockerfile_tpl: centos-systemd
- name: ubuntu-2004
groups: ["pdns"]
@@ -33,11 +33,6 @@ platforms:
- /tmp
dockerfile_tpl: debian-systemd
- - name: debian-9
- groups: ["pdns"]
- image: debian:9
- dockerfile_tpl: debian-systemd
-
- name: debian-10
groups: ["pdns"]
image: debian:10
@@ -97,8 +92,8 @@ verifier:
directory: ../resources/tests/all
additional_files_or_dirs:
# path relative to 'directory'
- - ../repo-44/
+ - ../repo-47/
- ../backend-sqlite/
- ../backend-mysql/
- ../systemd-override/
- lint: flake8
+
diff --git a/roles/PowerDNS.pdns/molecule/pdns-48/converge.yml b/roles/PowerDNS.pdns/molecule/pdns-48/converge.yml
new file mode 100644
index 0000000..1aa3a4b
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/pdns-48/converge.yml
@@ -0,0 +1,9 @@
+---
+
+- hosts: pdns
+ vars_files:
+ - ../resources/vars/pdns-common.yml
+ - ../resources/vars/pdns-repo-48.yml
+ - ../resources/vars/pdns-backends.yml
+ roles:
+ - { role: powerdns.pdns }
diff --git a/roles/PowerDNS.pdns/molecule/pdns-48/molecule.yml b/roles/PowerDNS.pdns/molecule/pdns-48/molecule.yml
new file mode 100644
index 0000000..3b4fd7d
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/pdns-48/molecule.yml
@@ -0,0 +1,99 @@
+---
+
+scenario:
+ name: pdns-48
+
+driver:
+ name: docker
+
+dependency:
+ name: galaxy
+
+platforms:
+ - name: centos-7
+ groups: ["pdns"]
+ image: centos:7
+ dockerfile_tpl: centos-systemd
+
+ - name: oraclelinux-9
+ groups: ["pdns"]
+ image: oraclelinux:9
+ dockerfile_tpl: centos-systemd
+
+ - name: oraclelinux-8
+ groups: ["pdns"]
+ image: oraclelinux:8
+ dockerfile_tpl: centos-systemd
+
+ - name: ubuntu-2004
+ groups: ["pdns"]
+ image: ubuntu:20.04
+ tmpfs:
+ - /run
+ - /tmp
+ dockerfile_tpl: debian-systemd
+
+ - name: debian-10
+ groups: ["pdns"]
+ image: debian:10
+ privileged: True
+ volume_mounts:
+ - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+ tmpfs:
+ - /run
+ - /run/lock
+ - /tmp
+ dockerfile_tpl: debian-systemd
+ environment: { container: docker }
+
+ # In order to run the tests we need
+ # a MySQL container to be up & running
+ - name: mysql
+ image: mysql:5.7
+ env:
+ MYSQL_ROOT_PASSWORD: pdns
+ # Declaring the container as service,
+ # will link it to the others Platforms containers
+ # on creation.
+ is_service: yes
+
+provisioner:
+ name: ansible
+ options:
+ diff: True
+ v: True
+ config_options:
+ defaults:
+ gathering: smart
+ fact_caching: jsonfile
+ fact_caching_connection: .ansible_cache
+ fact_caching_timeout: 7200
+ ssh_connection:
+ pipelining: true
+ inventory:
+ links:
+ host_vars: ../resources/host_vars/
+ playbooks:
+ create: ../resources/create.yml
+ destroy: ../resources/destroy.yml
+ prepare: ../resources/prepare.yml
+ # "systemctl used in place of systemd module" "ANSIBLE0006"
+ # "Tasks that run when changed should likely be handlers" "ANSIBLE0016"
+ # "Shells that use pipes should set the pipefail option" "306"
+ lint: ansible-lint -x ANSIBLE0006 ANSIBLE0016 306
+
+lint: yamllint defaults tasks meta vars
+
+verifier:
+ name: testinfra
+ options:
+ hosts: "pdns"
+ vvv: True
+ directory: ../resources/tests/all
+ additional_files_or_dirs:
+ # path relative to 'directory'
+ - ../repo-48/
+ - ../backend-sqlite/
+ - ../backend-mysql/
+ - ../systemd-override/
+
diff --git a/roles/PowerDNS.pdns/molecule/pdns-master/converge.yml b/roles/PowerDNS.pdns/molecule/pdns-master/converge.yml
index 47df971..d4669bc 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-master/converge.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-master/converge.yml
@@ -6,4 +6,4 @@
- ../resources/vars/pdns-repo-master.yml
- ../resources/vars/pdns-backends.yml
roles:
- - { role: pdns-ansible }
+ - { role: powerdns.pdns }
diff --git a/roles/PowerDNS.pdns/molecule/pdns-master/molecule.yml b/roles/PowerDNS.pdns/molecule/pdns-master/molecule.yml
index 927ad4e..6e295f2 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-master/molecule.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-master/molecule.yml
@@ -15,19 +15,19 @@ platforms:
image: centos:7
dockerfile_tpl: centos-systemd
- - name: centos-8
+ - name: oraclelinux-9
groups: ["pdns"]
- image: centos:8
+ image: oraclelinux:9
dockerfile_tpl: centos-systemd
- - name: ubuntu-1804
+ - name: oraclelinux-8
groups: ["pdns"]
- image: ubuntu:18.04
- dockerfile_tpl: debian-systemd
+ image: oraclelinux:8
+ dockerfile_tpl: centos-systemd
- - name: debian-9
+ - name: ubuntu-1804
groups: ["pdns"]
- image: debian:9
+ image: ubuntu:18.04
dockerfile_tpl: debian-systemd
- name: debian-10
@@ -82,4 +82,4 @@ verifier:
- ../backend-sqlite/
- ../backend-mysql/
- ../systemd-override/
- lint: flake8
+
diff --git a/roles/PowerDNS.pdns/molecule/pdns-os-repos/converge.yml b/roles/PowerDNS.pdns/molecule/pdns-os-repos/converge.yml
index fecc3bb..753bd5d 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-os-repos/converge.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-os-repos/converge.yml
@@ -4,4 +4,4 @@
- ../resources/vars/pdns-common.yml
- ../resources/vars/pdns-backends.yml
roles:
- - { role: pdns-ansible }
+ - { role: powerdns.pdns }
diff --git a/roles/PowerDNS.pdns/molecule/pdns-os-repos/molecule.yml b/roles/PowerDNS.pdns/molecule/pdns-os-repos/molecule.yml
index 7d7b66e..f35af49 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-os-repos/molecule.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-os-repos/molecule.yml
@@ -71,4 +71,4 @@ verifier:
- ../systemd-override/
- ../backend-sqlite/
- ../backend-mysql/
- lint: flake8
+
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/all/test_common.py b/roles/PowerDNS.pdns/molecule/resources/tests/all/test_common.py
index 8080602..e56f1e9 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/all/test_common.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/all/test_common.py
@@ -1,6 +1,6 @@
debian_os = ['debian', 'ubuntu']
-rhel_os = ['redhat', 'centos']
+rhel_os = ['redhat', 'centos', 'ol']
archlinux_os = ['arch']
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/backend-mysql/test_backend_mysql.py b/roles/PowerDNS.pdns/molecule/resources/tests/backend-mysql/test_backend_mysql.py
index c1e902a..be61d88 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/backend-mysql/test_backend_mysql.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/backend-mysql/test_backend_mysql.py
@@ -1,6 +1,6 @@
debian_os = ['debian', 'ubuntu']
-rhel_os = ['redhat', 'centos']
+rhel_os = ['redhat', 'centos', 'ol']
archlinux_os = ['arch']
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/backend-sqlite/test_backend_sqlite.py b/roles/PowerDNS.pdns/molecule/resources/tests/backend-sqlite/test_backend_sqlite.py
index 2527b90..7ac4bb4 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/backend-sqlite/test_backend_sqlite.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/backend-sqlite/test_backend_sqlite.py
@@ -1,6 +1,6 @@
debian_os = ['debian', 'ubuntu']
-rhel_os = ['redhat', 'centos']
+rhel_os = ['redhat', 'centos', 'ol']
archlinux_os = ['arch']
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/repo-43/test_repo_43.py b/roles/PowerDNS.pdns/molecule/resources/tests/pdns-48/test_repo_48.py
similarity index 73%
rename from roles/PowerDNS.pdns/molecule/resources/tests/repo-43/test_repo_43.py
rename to roles/PowerDNS.pdns/molecule/resources/tests/pdns-48/test_repo_48.py
index 6528205..c4544ff 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/repo-43/test_repo_43.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/pdns-48/test_repo_48.py
@@ -1,14 +1,14 @@
debian_os = ['debian', 'ubuntu']
-rhel_os = ['redhat', 'centos']
+rhel_os = ['redhat', 'centos', 'ol']
def test_repo_file(host):
f = None
if host.system_info.distribution.lower() in debian_os:
- f = host.file('/etc/apt/sources.list.d/powerdns-auth-43.list')
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-48.list')
if host.system_info.distribution.lower() in rhel_os:
- f = host.file('/etc/yum.repos.d/powerdns-auth-43.repo')
+ f = host.file('/etc/yum.repos.d/powerdns-auth-48.repo')
assert f.exists
assert f.user == 'root'
@@ -18,12 +18,12 @@ def test_repo_file(host):
def test_pdns_repo(host):
f = None
if host.system_info.distribution.lower() in debian_os:
- f = host.file('/etc/apt/sources.list.d/powerdns-auth-43.list')
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-48.list')
if host.system_info.distribution.lower() in rhel_os:
- f = host.file('/etc/yum.repos.d/powerdns-auth-43.repo')
+ f = host.file('/etc/yum.repos.d/powerdns-auth-48.repo')
assert f.exists
- assert f.contains('auth-43')
+ assert f.contains('auth-48')
def test_repo_pinning_file(host):
@@ -41,4 +41,4 @@ def test_pdns_version(host):
cmd = host.run('/usr/sbin/pdns_server --version')
assert 'PowerDNS Authoritative Server' in cmd.stderr
- assert '4.3' in cmd.stderr
+ assert '4.8' in cmd.stderr
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/repo-44/test_repo_44.py b/roles/PowerDNS.pdns/molecule/resources/tests/repo-45/test_repo_45.py
similarity index 73%
rename from roles/PowerDNS.pdns/molecule/resources/tests/repo-44/test_repo_44.py
rename to roles/PowerDNS.pdns/molecule/resources/tests/repo-45/test_repo_45.py
index 6d5dac9..cc60c8f 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/repo-44/test_repo_44.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/repo-45/test_repo_45.py
@@ -1,14 +1,14 @@
debian_os = ['debian', 'ubuntu']
-rhel_os = ['redhat', 'centos']
+rhel_os = ['redhat', 'centos', 'ol']
def test_repo_file(host):
f = None
if host.system_info.distribution.lower() in debian_os:
- f = host.file('/etc/apt/sources.list.d/powerdns-auth-44.list')
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-45.list')
if host.system_info.distribution.lower() in rhel_os:
- f = host.file('/etc/yum.repos.d/powerdns-auth-44.repo')
+ f = host.file('/etc/yum.repos.d/powerdns-auth-45.repo')
assert f.exists
assert f.user == 'root'
@@ -18,12 +18,12 @@ def test_repo_file(host):
def test_pdns_repo(host):
f = None
if host.system_info.distribution.lower() in debian_os:
- f = host.file('/etc/apt/sources.list.d/powerdns-auth-44.list')
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-45.list')
if host.system_info.distribution.lower() in rhel_os:
- f = host.file('/etc/yum.repos.d/powerdns-auth-44.repo')
+ f = host.file('/etc/yum.repos.d/powerdns-auth-45.repo')
assert f.exists
- assert f.contains('auth-44')
+ assert f.contains('auth-45')
def test_repo_pinning_file(host):
@@ -41,4 +41,4 @@ def test_pdns_version(host):
cmd = host.run('/usr/sbin/pdns_server --version')
assert 'PowerDNS Authoritative Server' in cmd.stderr
- assert '4.4' in cmd.stderr
+ assert '4.5' in cmd.stderr
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/repo-46/test_repo_46.py b/roles/PowerDNS.pdns/molecule/resources/tests/repo-46/test_repo_46.py
new file mode 100644
index 0000000..e1de5ed
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/repo-46/test_repo_46.py
@@ -0,0 +1,44 @@
+
+debian_os = ['debian', 'ubuntu']
+rhel_os = ['redhat', 'centos', 'ol']
+
+
+def test_repo_file(host):
+ f = None
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-46.list')
+ if host.system_info.distribution.lower() in rhel_os:
+ f = host.file('/etc/yum.repos.d/powerdns-auth-46.repo')
+
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+
+
+def test_pdns_repo(host):
+ f = None
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-46.list')
+ if host.system_info.distribution.lower() in rhel_os:
+ f = host.file('/etc/yum.repos.d/powerdns-auth-46.repo')
+
+ assert f.exists
+ assert f.contains('auth-46')
+
+
+def test_repo_pinning_file(host):
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/preferences.d/pdns')
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+ f.contains('Package: pdns-*')
+ f.contains('Pin: origin repo.powerdns.com')
+ f.contains('Pin-Priority: 600')
+
+
+def test_pdns_version(host):
+ cmd = host.run('/usr/sbin/pdns_server --version')
+
+ assert 'PowerDNS Authoritative Server' in cmd.stderr
+ assert '4.6' in cmd.stderr
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/repo-47/test_repo_47.py b/roles/PowerDNS.pdns/molecule/resources/tests/repo-47/test_repo_47.py
new file mode 100644
index 0000000..4cb8008
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/repo-47/test_repo_47.py
@@ -0,0 +1,44 @@
+
+debian_os = ['debian', 'ubuntu']
+rhel_os = ['redhat', 'centos', 'ol']
+
+
+def test_repo_file(host):
+ f = None
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-47.list')
+ if host.system_info.distribution.lower() in rhel_os:
+ f = host.file('/etc/yum.repos.d/powerdns-auth-47.repo')
+
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+
+
+def test_pdns_repo(host):
+ f = None
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-47.list')
+ if host.system_info.distribution.lower() in rhel_os:
+ f = host.file('/etc/yum.repos.d/powerdns-auth-47.repo')
+
+ assert f.exists
+ assert f.contains('auth-47')
+
+
+def test_repo_pinning_file(host):
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/preferences.d/pdns')
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+ f.contains('Package: pdns-*')
+ f.contains('Pin: origin repo.powerdns.com')
+ f.contains('Pin-Priority: 600')
+
+
+def test_pdns_version(host):
+ cmd = host.run('/usr/sbin/pdns_server --version')
+
+ assert 'PowerDNS Authoritative Server' in cmd.stderr
+ assert '4.7' in cmd.stderr
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/repo-master/test_repo_master.py b/roles/PowerDNS.pdns/molecule/resources/tests/repo-master/test_repo_master.py
index 8ebaeba..dcd91e8 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/repo-master/test_repo_master.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/repo-master/test_repo_master.py
@@ -1,6 +1,6 @@
debian_os = ['debian', 'ubuntu']
-rhel_os = ['redhat', 'centos']
+rhel_os = ['redhat', 'centos', 'ol']
def test_repo_file(host):
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-no-overrides.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-no-overrides.yml
index 3818028..78e3d7e 100644
--- a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-no-overrides.yml
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-no-overrides.yml
@@ -22,5 +22,5 @@ pdns_config:
webserver-address: "0.0.0.0"
webserver-port: "8001"
-pdns_install_repo: "{{ pdns_auth_powerdns_repo_44 }}"
+pdns_install_repo: "{{ pdns_auth_powerdns_repo_48 }}"
pdns_service_overrides: ''
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-43.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-43.yml
deleted file mode 100644
index 8518de4..0000000
--- a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-43.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-##
-# PowerDNS 4.3.x Repository
-##
-
-pdns_install_repo: "{{ pdns_auth_powerdns_repo_43 }}"
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-44.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-44.yml
deleted file mode 100644
index 007c357..0000000
--- a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-44.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-##
-# PowerDNS 4.4.x Repository
-##
-
-pdns_install_repo: "{{ pdns_auth_powerdns_repo_44 }}"
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-45.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-45.yml
new file mode 100644
index 0000000..ef6aa9e
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-45.yml
@@ -0,0 +1,7 @@
+---
+
+##
+# PowerDNS 4.5.x Repository
+##
+
+pdns_install_repo: "{{ pdns_auth_powerdns_repo_45 }}"
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-46.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-46.yml
new file mode 100644
index 0000000..81b6969
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-46.yml
@@ -0,0 +1,7 @@
+---
+
+##
+# PowerDNS 4.6.x Repository
+##
+
+pdns_install_repo: "{{ pdns_auth_powerdns_repo_46 }}"
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-47.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-47.yml
new file mode 100644
index 0000000..2f96db3
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-47.yml
@@ -0,0 +1,7 @@
+---
+
+##
+# PowerDNS 4.7.x Repository
+##
+
+pdns_install_repo: "{{ pdns_auth_powerdns_repo_47 }}"
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-48.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-48.yml
new file mode 100644
index 0000000..94715d2
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-48.yml
@@ -0,0 +1,7 @@
+---
+
+##
+# PowerDNS 4.8.x Repository
+##
+
+pdns_install_repo: "{{ pdns_auth_powerdns_repo_48 }}"
diff --git a/roles/PowerDNS.pdns/molecule/systemd-no-overrides/converge.yml b/roles/PowerDNS.pdns/molecule/systemd-no-overrides/converge.yml
index 83600f6..f0cb77e 100644
--- a/roles/PowerDNS.pdns/molecule/systemd-no-overrides/converge.yml
+++ b/roles/PowerDNS.pdns/molecule/systemd-no-overrides/converge.yml
@@ -4,4 +4,4 @@
vars_files:
- ../resources/vars/pdns-no-overrides.yml
roles:
- - { role: pdns-ansible }
+ - { role: powerdns.pdns }
diff --git a/roles/PowerDNS.pdns/molecule/systemd-no-overrides/molecule.yml b/roles/PowerDNS.pdns/molecule/systemd-no-overrides/molecule.yml
index 27003da..2ac826d 100644
--- a/roles/PowerDNS.pdns/molecule/systemd-no-overrides/molecule.yml
+++ b/roles/PowerDNS.pdns/molecule/systemd-no-overrides/molecule.yml
@@ -53,4 +53,4 @@ verifier:
additional_files_or_dirs:
# path relative to 'directory'
- ../systemd-no-override
- lint: flake8
+
diff --git a/roles/PowerDNS.pdns/requirements.yml b/roles/PowerDNS.pdns/requirements.yml
index 6a0d242..5eb9382 100644
--- a/roles/PowerDNS.pdns/requirements.yml
+++ b/roles/PowerDNS.pdns/requirements.yml
@@ -1,3 +1,6 @@
---
collections:
- name: community.mysql
+ - name: community.general
+ - name: community.docker
+ - name: ansible.posix
\ No newline at end of file
diff --git a/roles/PowerDNS.pdns/tasks/database-mysql.yml b/roles/PowerDNS.pdns/tasks/database-mysql.yml
index 307929d..087a2de 100644
--- a/roles/PowerDNS.pdns/tasks/database-mysql.yml
+++ b/roles/PowerDNS.pdns/tasks/database-mysql.yml
@@ -5,20 +5,16 @@
name: "{{ pdns_mysql_packages }}"
state: present
-- debug: var=item['value']
- when: "item.key.split(':')[0] == 'gmysql'"
- with_dict: "{{ pdns_backends | combine(pdns_mysql_databases_credentials, recursive=True) }}"
-
- name: Create the PowerDNS MySQL databases
mysql_db:
login_user: "{{ item['value']['priv_user'] }}"
login_password: "{{ item['value']['priv_password'] }}"
login_host: "{{ item['value']['host'] }}"
login_port: "{{ item['value']['port'] | default('3306') }}"
- login_unix_socket: /var/run/mysqld/mysqld.sock
name: "{{ item['value']['dbname'] }}"
state: present
when: "item.key.split(':')[0] == 'gmysql'"
+ no_log: True
with_dict: "{{ pdns_backends | combine(pdns_mysql_databases_credentials, recursive=True) }}"
- name: Grant PowerDNS access to the MySQL databases
@@ -27,7 +23,6 @@
login_password: "{{ item[0]['priv_password'] }}"
login_host: "{{ item[0]['host'] }}"
login_port: "{{ item[0]['port'] | default('3306') }}"
- login_unix_socket: /var/run/mysqld/mysqld.sock
name: "{{ item[0]['user'] }}"
password: "{{ item[0]['password'] }}"
host: "{{ item[1] }}"
@@ -47,12 +42,13 @@
when: item.key.split(':')[0] == 'gmysql'
with_dict: "{{ pdns_backends }}"
register: _pdns_check_mysql_db
+ no_log: True
changed_when: False
- name: Determine location of the SQL file
shell:
cmd: |
- for p in /usr/share/doc/pdns-backend-mysql-{{ _pdns_running_version }}/schema.mysql.sql /usr/share/doc/pdns-backend-mysql/schema.mysql.sql /usr/share/pdns-backend-mysql/schema/schema.mysql.sql /usr/share/dbconfig-common/data/pdns-backend-mysql/install/mysql /usr/share/doc/powerdns/schema.mysql.sql; do
+ for p in /usr/share/doc/pdns-backend-mysql-{{ _pdns_running_version }}/schema.mysql.sql /usr/share/doc/pdns-backend-mysql/schema.mysql.sql /usr/share/pdns-backend-mysql/schema/schema.mysql.sql /usr/share/dbconfig-common/data/pdns-backend-mysql/install/mysql /usr/share/doc/powerdns/schema.mysql.sql /usr/share/doc/pdns/schema.mysql.sql; do
if [ -f $p ]; then
echo $p
exit 0
@@ -77,5 +73,6 @@
name: "{{ item.item['value']['dbname'] }}"
state: import
target: "{{ pdns_mysql_schema_file_to_use }}"
+ no_log: True
when: "item['item']['key'].split(':')[0] == 'gmysql' and item['stdout'] == '0'"
with_items: "{{ _pdns_check_mysql_db['results'] }}"
diff --git a/roles/PowerDNS.pdns/tasks/install.yml b/roles/PowerDNS.pdns/tasks/install.yml
index af547fd..2e2e455 100644
--- a/roles/PowerDNS.pdns/tasks/install.yml
+++ b/roles/PowerDNS.pdns/tasks/install.yml
@@ -29,5 +29,6 @@
package:
name: "{{ pdns_backends_packages[item.key.split(':')[0]] }}{{ _pdns_package_version | default('') }}"
state: present
+ no_log: True
when: pdns_backends_packages[item.key.split(':')[0]] is defined
with_dict: "{{ pdns_backends }}"
diff --git a/roles/PowerDNS.pdns/tasks/main.yml b/roles/PowerDNS.pdns/tasks/main.yml
index c512126..8c230f6 100644
--- a/roles/PowerDNS.pdns/tasks/main.yml
+++ b/roles/PowerDNS.pdns/tasks/main.yml
@@ -10,52 +10,53 @@
tags:
- always
-- include: "repo-{{ ansible_os_family }}.yml"
+- include_tasks: "repo-{{ ansible_os_family }}.yml"
when: "pdns_install_repo | length > 0"
tags:
- install
- repository
-- include: install.yml
+- include_tasks: install.yml
tags:
- install
-- include: inspect.yml
+- include_tasks: inspect.yml
tags:
- db
- mysql
- sqlite
- config
-- include: database-mysql.yml
+- include_tasks: database-mysql.yml
when: "pdns_mysql_databases_credentials | length > 0"
tags:
- db
- mysql
-- include: database-sqlite3.yml
+- include_tasks: database-sqlite3.yml
when: "pdns_sqlite_databases_locations | length > 0"
tags:
- db
- sqlite
-- include: database-lmdb.yml
+- include_tasks: database-lmdb.yml
when: "pdns_lmdb_databases_locations | length > 0"
tags:
- db
- lmdb
-- include: configure.yml
+- include_tasks: configure.yml
tags:
- config
-- include: selinux.yml
+- include_tasks: selinux.yml
when: ansible_selinux is defined and ansible_selinux.status == 'enabled'
tags:
- selinux
- config
- name: Start and enable the PowerDNS service
+ throttle: 1
service:
name: "{{ pdns_service_name }}"
state: "{{ pdns_service_state }}"
diff --git a/roles/PowerDNS.pdns/tasks/repo-RedHat.yml b/roles/PowerDNS.pdns/tasks/repo-RedHat.yml
index 09eaf5f..779dd11 100644
--- a/roles/PowerDNS.pdns/tasks/repo-RedHat.yml
+++ b/roles/PowerDNS.pdns/tasks/repo-RedHat.yml
@@ -8,11 +8,19 @@
state: present
when: ansible_distribution in [ 'CentOS' ]
- - name: Install epel-release on RHEL/OracleLinux
- yum:
+ - name: Install epel-release on RHEL
+ package:
name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
state: present
- when: ansible_distribution in [ 'RedHat', 'OracleLinux' ]
+ when: ansible_distribution in [ 'RedHat' ]
+
+ - name: Install epel-release and hostname on OracleLinux
+ package:
+ name:
+ - "oracle-epel-release-el{{ ansible_distribution_major_version }}"
+ - hostname
+ state: present
+ when: ansible_distribution in [ 'OracleLinux' ]
when: pdns_install_epel
diff --git a/roles/PowerDNS.pdns/test-requirements.txt b/roles/PowerDNS.pdns/test-requirements.txt
index be8d0d1..542765f 100644
--- a/roles/PowerDNS.pdns/test-requirements.txt
+++ b/roles/PowerDNS.pdns/test-requirements.txt
@@ -1,7 +1,7 @@
-jinja2==2.11.3
-ansible-lint==5.0.7
-yamllint==1.26.1
-molecule[docker]==3.3.0
-molecule[lint]==3.3.0
-testinfra
-docker==5.0.0
+ansible-lint==6.17.2
+yamllint==1.32.0
+molecule-plugins[docker]==23.4.1
+molecule-plugins[lint]==23.4.1
+molecule==5.1.0
+pytest-testinfra==8.1.0
+docker==6.1.3
diff --git a/roles/PowerDNS.pdns/tox.ini b/roles/PowerDNS.pdns/tox.ini
index 6608f94..41095ce 100644
--- a/roles/PowerDNS.pdns/tox.ini
+++ b/roles/PowerDNS.pdns/tox.ini
@@ -1,22 +1,22 @@
[tox]
minversion = 1.8
-envlist = ansible{29,210,211}
+envlist = ansible{212,213,214}
skipsdist = true
[gh-actions:env]
ANSIBLE=
- 2.9: ansible29
- 2.10: ansible210
- 2.11: ansible211
+ 2.12: ansible212
+ 2.13: ansible213
+ 2.14: ansible214
[testenv]
passenv = *
deps =
-rtest-requirements.txt
- ansible29: ansible<2.10
- ansible210: ansible<2.11
- ansible211: ansible<2.12
+ ansible212: ansible-core>2.12,<2.13
+ ansible213: ansible-core>2.13,<2.14
+ ansible214: ansible-core>2.14,<2.15
setenv =
PY_COLORS = 1
commands =
- {posargs:molecule -vv test --all --destroy always}
+ {posargs:molecule test --all --destroy always}
\ No newline at end of file
diff --git a/roles/PowerDNS.pdns/vars/RedHat-9.yml b/roles/PowerDNS.pdns/vars/RedHat-9.yml
new file mode 100644
index 0000000..eeac155
--- /dev/null
+++ b/roles/PowerDNS.pdns/vars/RedHat-9.yml
@@ -0,0 +1,33 @@
+---
+
+# The name of the PowerDNS Authoritative Server package
+default_pdns_package_name: "pdns"
+
+# Packages needed to install MySQL
+pdns_mysql_packages:
+ - mariadb
+ - mariadb-server
+ - mariadb-connector-c
+ - python3-PyMySQL
+ - perl-DBD-MySQL
+
+# The name of the PowerDNS Authoritative Server debug package
+default_pdns_debug_symbols_package_name: "pdns-debuginfo"
+
+# List of PowerDNS Authoritative Server backends packages on RedHat
+default_pdns_backends_packages:
+ geo: pdns-backend-geo
+ geoip: pdns-backend-geoip
+ gmysql: pdns-backend-mysql
+ gpgsql: pdns-backend-postgresql
+ gsqlite3: pdns-backend-sqlite
+ ldap: pdns-backend-ldap
+ lmdb: pdns-backend-lmdb
+ lua: pdns-backend-lua
+ mydns: pdns-backend-mydns
+ pipe: pdns-backend-pipe
+ remote: pdns-backend-remote
+ tinydns: pdns-backend-tinydns
+
+# The directory where the PowerDNS Authoritative Server configuration is located
+default_pdns_config_dir: "/etc/pdns"
diff --git a/roles/PowerDNS.pdns/vars/main.yml b/roles/PowerDNS.pdns/vars/main.yml
index 10ac8a0..c8c2d6a 100644
--- a/roles/PowerDNS.pdns/vars/main.yml
+++ b/roles/PowerDNS.pdns/vars/main.yml
@@ -9,23 +9,42 @@ pdns_auth_powerdns_repo_master:
yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-master/debug"
name: "powerdns-auth-master"
-pdns_auth_powerdns_repo_43:
+pdns_auth_powerdns_repo_45:
apt_repo_origin: "repo.powerdns.com"
- apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-43 main"
+ apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-45 main"
gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc"
gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB"
- yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-43"
- yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-43/debug"
- name: "powerdns-auth-43"
+ yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-45"
+ yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-45/debug"
+ name: "powerdns-auth-45"
+
+pdns_auth_powerdns_repo_46:
+ apt_repo_origin: "repo.powerdns.com"
+ apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-46 main"
+ gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc"
+ gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB"
+ yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-46"
+ yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-46/debug"
+ name: "powerdns-auth-46"
+
+pdns_auth_powerdns_repo_47:
+ apt_repo_origin: "repo.powerdns.com"
+ apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-47 main"
+ gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc"
+ gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB"
+ yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-47"
+ yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-47/debug"
+ name: "powerdns-auth-47"
-pdns_auth_powerdns_repo_44:
+pdns_auth_powerdns_repo_48:
apt_repo_origin: "repo.powerdns.com"
- apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-44 main"
+ apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-48 main"
gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc"
gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB"
- yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-44"
- yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-44/debug"
- name: "powerdns-auth-44"
+ yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-48"
+ yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-48/debug"
+ name: "powerdns-auth-48"
+
default_pdns_service_overrides: >-
{{ { 'User' : pdns_user
diff --git a/roles/PowerDNS.setup/tasks/main.yml b/roles/PowerDNS.setup/tasks/main.yml
index b58990e..0848997 100644
--- a/roles/PowerDNS.setup/tasks/main.yml
+++ b/roles/PowerDNS.setup/tasks/main.yml
@@ -2,13 +2,13 @@
# tasks file for PowerDNS.setup
### get_distribution
-- include: ../roles/common/tasks/loadVariables.yml
+- include_tasks: ../roles/common/tasks/loadVariables.yml
### Packages
-- include: ../roles/common/tasks/updatePkg.yml
+- include_tasks: ../roles/common/tasks/updatePkg.yml
tags: configpkg
-- include: ../roles/common/tasks/upgradePkg.yml
+- include_tasks: ../roles/common/tasks/upgradePkg.yml
tags: upgradepkg
--
GitLab