diff --git a/README.md b/README.md
index d51ab7c4f27e4404f9cf82acb65504a5d689958c..fcdf5d949f479cc47e43a88c31c193d54b977faf 100644
--- a/README.md
+++ b/README.md
@@ -37,7 +37,7 @@ List of servers is kept in `inventory` file. I basically use three hostgroups:
Pre-requisites
--------------
-Start from bare Ubuntu 16.04 machines:
+Start from bare Ubuntu 20.04 machines:
- apt-get purge cloud-init
The package should also work with CentOS 7 servers, but I may have not checked
diff --git a/group_vars/dnsauth.template b/group_vars/dnsauth.template
index 8ba4a3d8f90b0292f2b86c6f5b4bdc52d95fc27d..b4bb7af76ddbff02dfdcaeca72d68dcd0419aa39 100644
--- a/group_vars/dnsauth.template
+++ b/group_vars/dnsauth.template
@@ -13,6 +13,7 @@ pdns_config:
local-address: "{{ local_address }}"
default-soa-name: dns.example.com
disable-axfr: yes
+ dnsupdate: yes
allow-dnsupdate-from: 8.8.8.101/32
log-dns-details: on
loglevel: 3
diff --git a/group_vars/dnsauthmaster.template b/group_vars/dnsauthmaster.template
index 3161ea8f6093ad6b86098fa04d09b9753c5ab9f7..36425772e395a75b5484cb68bf1d369695ef44f8 100644
--- a/group_vars/dnsauthmaster.template
+++ b/group_vars/dnsauthmaster.template
@@ -9,14 +9,16 @@ pdns_config:
daemon: yes
guardian: yes
master: "{{ dns_master }}"
- slave: false
+ slave: true
local-address: "{{ local_address }}"
default-soa-name: dns.example.com
disable-axfr: no
+ dnsupdate: yes
allow-axfr-ips: 8.8.8.101/32,8.8.8.102
log-dns-details: on
loglevel: 3
slave-cycle-interval: 60
+ slave-renotify: true
api: yes
api-key: ch4ng3M3s00n
webserver: yes
diff --git a/playbooks/manageDnsAuth.yml b/playbooks/manageDnsAuth.yml
index 046f88f786081cb9fe6d2533616563348ec939cc..bb49a8fed7d7b6dfd1522caada28c4af2cce8cc6 100644
--- a/playbooks/manageDnsAuth.yml
+++ b/playbooks/manageDnsAuth.yml
@@ -1,4 +1,3 @@
-
- hosts: dnsauth
become: True
roles:
diff --git a/roles/PowerDNS.admin/tasks/main.yml b/roles/PowerDNS.admin/tasks/main.yml
index dccb22b35696fb8d75186a1a200ce3734c124246..981fe2b6031e3f11056205f2b4e95c36c5b2263a 100644
--- a/roles/PowerDNS.admin/tasks/main.yml
+++ b/roles/PowerDNS.admin/tasks/main.yml
@@ -106,7 +106,7 @@
when: ansible_os_family == 'Debian'
- name: Start the MySQL service on RedHat
- sudo: yes
+ become: true
service:
name: mariadb
state: started
@@ -114,7 +114,7 @@
when: ansible_os_family == 'RedHat'
- name: Start the MySQL service on Debian
- sudo: yes
+ become: true
service:
name: mysql
state: started
diff --git a/roles/PowerDNS.pdns/.flake8 b/roles/PowerDNS.pdns/.flake8
deleted file mode 100644
index e44b81084185c2f2d2a5f93214c2749e3f95a172..0000000000000000000000000000000000000000
--- a/roles/PowerDNS.pdns/.flake8
+++ /dev/null
@@ -1,2 +0,0 @@
-[flake8]
-ignore = E501
diff --git a/roles/PowerDNS.pdns/.github/workflows/main.yml b/roles/PowerDNS.pdns/.github/workflows/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1efa80d117d7e99bba9c6be2bcea81503f67beba
--- /dev/null
+++ b/roles/PowerDNS.pdns/.github/workflows/main.yml
@@ -0,0 +1,36 @@
+---
+on:
+ push:
+ pull_request:
+
+jobs:
+ Tests:
+ name: Test role on different ansible versions
+ runs-on: ubuntu-20.04
+ strategy:
+ matrix:
+ ansible:
+ - '2.9'
+ - '2.10'
+ - '2.11'
+ scenario:
+ - pdns-43
+ - pdns-44
+ - pdns-master
+ - pdns-os-repos
+ - systemd-no-overrides
+ steps:
+ - name: checkout
+ uses: actions/checkout@v2
+ - name: Install python
+ uses: actions/setup-python@v2
+ with:
+ python-version: 3.6
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install tox tox-gh-actions
+ - name: Run the tests
+ run: tox -- molecule test -s ${{ matrix.scenario }}
+ env:
+ ANSIBLE: ${{ matrix.ansible }}
diff --git a/roles/PowerDNS.pdns/.gitignore b/roles/PowerDNS.pdns/.gitignore
index 4dc24ae47eb82ae0c6d0698a5e1b146ac9bfd2f1..b31443cce89dc9c3b14f318db9b38f41d7d92d33 100644
--- a/roles/PowerDNS.pdns/.gitignore
+++ b/roles/PowerDNS.pdns/.gitignore
@@ -1,5 +1,6 @@
### Ansible ###
*.retry
+.ansible_cache
### Python ###
# Byte-compiled / optimized / DLL files
diff --git a/roles/PowerDNS.pdns/.travis.yml b/roles/PowerDNS.pdns/.travis.yml
deleted file mode 100644
index b547b204b83e382dbd82c94dc93a256e86c59e8e..0000000000000000000000000000000000000000
--- a/roles/PowerDNS.pdns/.travis.yml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-
-language: python
-python: 2.7
-
-sudo: required
-
-# Enable the docker service
-services:
- - docker
-
-# Parallel testing of the supported
-# Ansible versions
-env:
- matrix:
- - ANSIBLE=2.2
- - ANSIBLE=2.3
- - ANSIBLE=2.4
- - ANSIBLE=2.5
-
-# Install tox
-install:
- - pip install tox-travis
-
-# Test the current PowerDNS Authoritative Server stable release
-script:
- - tox -- molecule test -s pdns-41
-
-notifications:
- webhooks: https://galaxy.ansible.com/api/v1/notifications/
diff --git a/roles/PowerDNS.pdns/.yamllint b/roles/PowerDNS.pdns/.yamllint
index 3a2255e4656c4b4cf94ff9d60c2c4548246a2db0..88276760562cb58bb9bc47fa890e8a3df1125b9b 100644
--- a/roles/PowerDNS.pdns/.yamllint
+++ b/roles/PowerDNS.pdns/.yamllint
@@ -1,3 +1,5 @@
+---
+# Based on ansible-lint config
extends: default
rules:
@@ -7,7 +9,25 @@ rules:
brackets:
max-spaces-inside: 1
level: error
+ colons:
+ max-spaces-after: -1
+ level: error
+ commas:
+ max-spaces-after: -1
+ level: error
+ comments: disable
+ comments-indentation: disable
+ document-start: disable
+ empty-lines:
+ max: 3
+ level: error
+ hyphens:
+ level: error
+ indentation: disable
+ key-duplicates: enable
line-length: disable
- # NOTE(retr0h): Templates no longer fail this lint rule.
- # Uncomment if running old Molecule templates.
- # truthy: disable
+ new-line-at-end-of-file: disable
+ new-lines:
+ type: unix
+ trailing-spaces: disable
+ truthy: disable
diff --git a/roles/PowerDNS.pdns/CHANGELOG.md b/roles/PowerDNS.pdns/CHANGELOG.md
new file mode 100644
index 0000000000000000000000000000000000000000..5013113b83ee329db6ed18bb96843000ca557509
--- /dev/null
+++ b/roles/PowerDNS.pdns/CHANGELOG.md
@@ -0,0 +1,124 @@
+## v1.7.0 (2021-07-01)
+
+NEW FEATURES:
+- Create directory, set the ownership and permissions for LMDB databases ([\#95](https://github.com/PowerDNS/pdns-ansible/pull/95))
+- Add database schema file detection on the target system with override possibility ([\#100](https://github.com/PowerDNS/pdns-ansible/pull/100))
+- Add 4.4 repositories ([\#91](https://github.com/PowerDNS/pdns-ansible/pull/91))
+
+IMPROVEMENTS:
+- Use systemd task option `daemon_reload` instead of command task ([\#90](https://github.com/PowerDNS/pdns-ansible/pull/90))
+
+REMOVED FEATURES:
+- Drop EL6 support ([\#91](https://github.com/PowerDNS/pdns-ansible/pull/91), [\#94](https://github.com/PowerDNS/pdns-ansible/pull/94))
+- Remove 4.1 and 4.2 repositories ([\#101](https://github.com/PowerDNS/pdns-ansible/pull/101))
+
+BUG FIXES:
+- Re-instate molecule tests ([\#100](https://github.com/PowerDNS/pdns-ansible/pull/100))
+
+## v1.6.1 (2020-10-01)
+
+BUG FIXES:
+- Ensure install does not fail when no overrides are defined ([\#85](https://github.com/PowerDNS/pdns-ansible/pull/85))
+- Ensure that `ExecStart` is overridden, not appended to ([\#86](https://github.com/PowerDNS/pdns-ansible/pull/86))
+
+## v1.6.0 (2020-09-18)
+
+BUG FIXES:
+- Fix path to MySQL schema for Debian 10 ([\#73](https://github.com/PowerDNS/pdns-ansible/pull/73))
+
+IMPROVEMENTS:
+- Allow loading apt key from the ansible server ([\#75](https://github.com/PowerDNS/pdns-ansible/pull/75))
+- CentOS 8 support ([\#74](https://github.com/PowerDNS/pdns-ansible/pull/74), [\#81](https://github.com/PowerDNS/pdns-ansible/pull/81))
+- Archlinux support ([\#76](https://github.com/PowerDNS/pdns-ansible/pull/76))
+- Set the ownership and permissions for config files and databases ([\#82](https://github.com/PowerDNS/pdns-ansible/pull/82))
+- Ensure PowerDNS is started as an unprivileged user by default (in line with PowerDNS 4.3+ behaviour)
+
+## v1.5.0 (2019-12-11)
+
+BUG FIXES:
+- - Fix the restart of the PowerDNS service in case of instances with different `pdns_service_name` being configured in the same play ([\#70](https://github.com/PowerDNS/pdns-ansible/pull/70))
+
+IMPROVEMENTS:
+- Add support to the PowerDNS 4.3.x release ([\#69](https://github.com/PowerDNS/pdns-ansible/pull/69))
+- Add support to the PowerDNS 4.2.x release ([\#61](https://github.com/PowerDNS/pdns-ansible/pull/61))
+- Install missing SQLite packages ([\#69](https://github.com/PowerDNS/pdns-ansible/pull/69))
+- Improved PowerDNS configuration files and directories permissions handling ([\#69](https://github.com/PowerDNS/pdns-ansible/pull/69))
+- Stop interpreting 0 & 1 as no & yes in the PowerDNS configuration template ([\#68](https://github.com/PowerDNS/pdns-ansible/pull/68))
+- Fix some strings comparisons and variable types issues reported by ansible-lint ([\#66](https://github.com/PowerDNS/pdns-ansible/pull/66))
+- Update the CI infrastructure to test the role against the Ansible 2.7, 2.8 and 2.9 releases ([\#67](https://github.com/PowerDNS/pdns-ansible/pull/67))
+- Update the CI infrastructure to stop testing against an EOL Ubuntu release ([\#62](https://github.com/PowerDNS/pdns-ansible/pull/62))
+
+## v1.4.0 (2018-12-02)
+
+BUG FIXES:
+- Fix handling of lists expansion in the PowerDNS configuration template ([\#55](https://github.com/PowerDNS/pdns-ansible/pull/55))
+
+NEW FEATURES:
+- Allow to disable automated restart of the service on configuration changes ([\#54](https://github.com/PowerDNS/pdns-ansible/pull/54))
+
+## v1.3.0 (2018-07-13)
+
+NEW FEATURES:
+- Add support to systemd overrides definitions ([\#53](https://github.com/PowerDNS/pdns-ansible/pull/53))
+
+IMPROVEMENTS:
+- Implement stricter `pdns_config_dir` and `pdns_config['include-dir']` folders permissions ([\#53](https://github.com/PowerDNS/pdns-ansible/pull/53))
+- Improved documentation ([\#52](https://github.com/PowerDNS/pdns-ansible/pull/52))
+- Update the CI infrastructure to use molecule 2.14.0 ([\#51](https://github.com/PowerDNS/pdns-ansible/pull/51))
+- Improved test coverage of systemd support ([\#49](https://github.com/PowerDNS/pdns-ansible/pull/49))
+
+## v1.2.1 (2018-04-06)
+
+BUG FIXES:
+- Fix the name of the PostgreSQL backend on RHEL
+
+## v1.2.0 (2018-04-05)
+
+NEW FEATURES:
+- Allow to install PowerDNS debug packages ([\#47](https://github.com/PowerDNS/pdns-ansible/pull/47))
+
+IMPROVEMENTS:
+- Improved test-suite ([\#47](https://github.com/PowerDNS/pdns-ansible/pull/47))
+- Improved config files permissions handling ([\#45](https://github.com/PowerDNS/pdns-ansible/pull/45))
+
+## v1.1.0 (2017-11-25)
+
+IMPROVEMENTS:
+- Implement testing against multiple ansible versions with tox ([\#43](https://github.com/PowerDNS/pdns-ansible/pull/43))
+
+BUG FIXES:
+- Fixed test cases and hardened file permissions ([\#42](https://github.com/PowerDNS/pdns-ansible/pull/42))
+
+## v1.0.0 (2017-10-27)
+
+IMPROVEMENTS:
+- Implement sorting of the configuration options ([\#35](https://github.com/PowerDNS/pdns-ansible/pull/35), [\#37](https://github.com/PowerDNS/pdns-ansible/pull/37))
+
+BUG FIXES:
+- Fix the logic handling the different packages versions for Debian and CentOS ([\#43](https://github.com/PowerDNS/pdns-ansible/pull/43))
+- Fix a few typos in the README file ([\#39](https://github.com/PowerDNS/pdns-ansible/pull/39))
+
+## v0.1.1 (2017-10-10)
+
+NEW FEATURES:
+- Allow to pin the PowerDNS version to be installed ([\#34](https://github.com/PowerDNS/pdns-ansible/pull/34))
+
+IMPROVEMENTS:
+- Add support to the PowerDNS 4.1.x release ([\#33](https://github.com/PowerDNS/pdns-ansible/pull/33))
+- Fixing minor linter issues with whitespace ([\#30](https://github.com/PowerDNS/pdns-ansible/pull/30))
+
+BUG FIXES:
+- Fix Ubuntu APT repositories pinning ([\#32](https://github.com/PowerDNS/pdns-ansible/pull/32))
+
+## v0.1.0 (2017-06-27)
+
+Initial release.
+
+NEW FEATURES:
+- MySQL and SQLite databases initialization
+- PowerDNS installation and configuration with RHEL/CentOS and Debian/Ubuntu support
+- Continuous testing with TravisCI
+
+IMPROVEMENTS:
+- Switch to the MIT License ([\#27](https://github.com/PowerDNS/pdns-ansible/pull/27))
+- Overall role refactoring ([\#28](https://github.com/PowerDNS/pdns-ansible/pull/28))
diff --git a/roles/PowerDNS.pdns/README.md b/roles/PowerDNS.pdns/README.md
index e7f08c1f142d8757bab50110b7c00280a699d955..992ffe41ebc11281ebe701deae95f524349127cd 100644
--- a/roles/PowerDNS.pdns/README.md
+++ b/roles/PowerDNS.pdns/README.md
@@ -1,288 +1,341 @@
-PowerDNS Authoritative DNS Server Role
-======================================
+# Ansible Role: PowerDNS Authoritative Server
-[](https://travis-ci.org/PowerDNS/pdns-ansible)
-[](https://galaxy.ansible.com/PowerDNS/pdns)
+[](https://github.com/PowerDNS/pdns-ansible)
+[](https://opensource.org/licenses/MIT)
+[](https://galaxy.ansible.com/PowerDNS/pdns)
+[](https://github.com/PowerDNS/pdns-ansible/tags)
-An Ansible role created by the folks behind PowerDNS to install and configure
-the PowerDNS Authoritative Server.
+An Ansible role created by the folks behind PowerDNS to setup the [PowerDNS Authoritative Server](https://docs.powerdns.com/authoritative/).
-Requirements
-------------
+## Requirements
-An Ansible 2.2 or higher installation.
+An Ansible 2.9 or higher installation.
-Role Variables
---------------
+## Dependencies
-Available variables are listed below, along with their default values (see `defaults/main.yml`):
-
- pdns_install_repo: ""
-
-By default, no PowerDNS Authoritative Server repository will be configured by this role.
-You can install the PowerDNS Authoritative Server packages from the official PowerDNS
-repository overriding the `pdns_install_repo` variable as follows:
-
- # Install the PowerDNS Authoritative Server from the 'master' official repository
- - hosts: all
- roles:
- - { role: PowerDNS.pdns,
- pdns_install_repo: "{{ pdns_auth_powerdns_repo_master }}"
-
- # Install the PowerDNS Authoritative Server from the '4.0.x' official repository
- - hosts: all
- roles:
- - { role: PowerDNS.pdns,
- pdns_install_repo: "{{ pdns_auth_powerdns_repo_40 }}"
-
- # Install the PowerDNS Authoritative Server from the '4.1.x' official repository
- - hosts: all
- roles:
- - { role: PowerDNS.pdns,
- pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"
+None.
-The completed lists of the available pre-configured repositories is available in the `vars/main.yml` file.
+## Role Variables
-To install the PowerDNS Authoritative Server from a custom repositories follow the instructions below
-
- - hosts: all
- vars:
- pdns_install_repo:
- apt_repo_origin: "my.repo.com" # Pin the PowerDNS packages to the provided repository origin
- apt_repo: "deb http://my.repo.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns main"
- gpg_key: "http://my.repo.com/MYREPOGPGPUBKEY.asc" # repository public GPG key
- gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed
- yum_repo_baseurl: "http://my.repo.com/centos/$basearch/$releasever/pdns"
- yum_debug_symbols_repo_baseurl: "http://my.repo.com/centos/$basearch/$releasever/pdns/debug"
- name: "powerdns" # the name of the repository
- roles:
- - { role: PowerDNS.pdns }
+Available variables are listed below, along with their default values (see `defaults/main.yml`):
-Note that not all the keys of the `pdns_install_repo` dictionary are required. i.e., if the target hosts are running on Debian it's not necessary to provide the yum repository information.
+```yaml
+pdns_install_repo: ""
+```
- pdns_install_epel: True
+By default, the PowerDNS Authoritative Server is installed from the software repositories configured on the target hosts.
-On RedHat-like systems, this role configures EPEL by default.
-EPEL is needed to satisfy some PowerDNS dependencies like `protobuf`.
-To skip EPEL installation set `pdns_install_epel` to `False`.
+```yaml
+# Install the PowerDNS Authoritative Server from the 'master' official repository
+- hosts: all
+ roles:
+ - { role: PowerDNS.pdns,
+ pdns_install_repo: "{{ pdns_auth_powerdns_repo_master }}"
- pdns_package_name: "{{ default_pdns_package_name }}"
+# Install the PowerDNS Authoritative Server from the '4.3.x' official repository
+- hosts: all
+ roles:
+ - { role: PowerDNS.pdns,
+ pdns_install_repo: "{{ pdns_auth_powerdns_repo_43 }}"
+
+# Install the PowerDNS Authoritative Server from the '4.4.x' official repository
+- hosts: all
+ roles:
+ - { role: PowerDNS.pdns,
+ pdns_install_repo: "{{ pdns_auth_powerdns_repo_44 }}"
+```
+
+The examples above, show how to install the PowerDNS Authoritative Server from the official PowerDNS repositories
+(see the complete list of pre-defined repos in `vars/main.yml`).
+
+```yaml
+- hosts: all
+ vars:
+ pdns_install_repo:
+ name: "powerdns" # the name of the repository
+ apt_repo_origin: "example.com" # used to pin the PowerDNS packages to the provided repository
+ apt_repo: "deb http://example.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns main"
+ gpg_key: "http://example.com/MYREPOGPGPUBKEY.asc" # repository public GPG key
+ gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed
+ yum_repo_baseurl: "http://example.com/centos/$basearch/$releasever/pdns"
+ yum_debug_symbols_repo_baseurl: "http://example.com/centos/$basearch/$releasever/pdns/debug"
+ roles:
+ - { role: PowerDNS.pdns }
+```
+
+It is also possible to install the PowerDNS Authoritative Server from custom repositories as demonstrated in the example above.
+**Note:** These repositories are ignored on Arch Linux
+
+```yaml
+ pdns_install_epel: True
+```
+
+By default, install EPEL to satisfy some PowerDNS Authoritative Server dependencies like `protobuf`.
+To skip the installtion of EPEL set `pdns_install_epel` to `False`.
+
+```yaml
+pdns_package_name: "{{ default_pdns_package_name }}"
+```
The name of the PowerDNS Authoritative Server package, `pdns` on RedHat-like systems and `pdns-server` on Debian-like systems.
- pdns_package_version: ""
+```yaml
+pdns_package_version: ""
+```
-Install the PowerDNS Authoritative Server debug symbols.
+Optionally, allow to set a specific version of the PowerDNS Authoritative Server package to be installed.
- pdns_install_debug_symbols_package: False
+```yaml
+pdns_install_debug_symbols_package: False
+```
-The name of the PowerDNS Authoritative Server debug package, `pdns-debuginfo` on RedHat-like systems and `pdns-server-dbg` on Debian-like systems.
+Install the PowerDNS Authoritative Server debug symbols.
- pdns_debug_symbols_package_name: "{{ default_pdns_debug_symbols_package_name }}"
+```yaml
+pdns_debug_symbols_package_name: "{{ default_pdns_debug_symbols_package_name }}"
+```
-The version of the PowerDNS Authoritative Server package to be installed. <br />
-**NOTE:** The usage of this variable makes only sense on RedHat-like systems, where each YUM repository can contains multiple versions of the same package.
-For that reason, we highly recommend to not override the default value on Debian.
+The name of the PowerDNS Authoritative Server debug package to be installed when `pdns_install_debug_symbols_package` is `True`,
+`pdns-debuginfo` on RedHat-like systems and `pdns-server-dbg` on Debian-like systems.
- pdns_user: pdns
- pdns_group: pdns
+```yaml
+pdns_user: pdns
+pdns_group: pdns
+```
-The user and group the PowerDNS Authoritative Server process will run as.
+The user and group the PowerDNS Authoritative Server process will run as. <br />
**NOTE**: This role does not create the user or group as we assume that they've been created
by the package or other roles.
- pdns_service_name: "pdns"
+```yaml
+pdns_service_name: "pdns"
+```
Name of the PowerDNS service.
- pdns_flush_handlers: False
+```yaml
+pdns_service_state: "started"
+pdns_service_enabled: "yes"
+```
+
+Allow to specify the desired state of the PowerDNS Authoritative Server service.
-Force the execution of the handlers at the end of the role. <br />
-**NOTE:** This is required if using this role to configure multiple PowerDNS instances in the same play.
-See PowerDNS Authoritative Server virtual hosting https://doc.powerdns.com/md/authoritative/running/#starting-virtual-instances-with-system.
+```yaml
+pdns_disable_handlers: False
+```
- pdns_config_dir: "{{ default_pdns_config_dir }}"
- pdns_config_file: "pdns.conf"
+Disable automated service restart on configuration changes.
+
+```yaml
+pdns_config_dir: "{{ default_pdns_config_dir }}"
+pdns_config_file: "pdns.conf"
+```
PowerDNS Authoritative Server configuration file and directory.
- pdns_config: {}
+```yaml
+pdns_config: {}
+```
-A dict containing the PowerDNS Authoritative Server configuration. <br />
+Dictionary containing the PowerDNS Authoritative Server configuration. <br />
**NOTE:** The PowerDNS backends configuration and the `config-dir`, `setuid` and `setgid` directives must be configured through the `pdns_user`, `pdns_group` and `pdns_backends` role variables (see `templates/pdns.conf.j2`).
For example:
- pdns_config:
- master: yes
- slave: no
- local-address: '192.0.2.53'
- local-ipv6: '2001:DB8:1::53'
- local-port: '5300'
+```yaml
+pdns_config:
+ master: yes
+ slave: no
+ local-address: '192.0.2.53'
+ local-ipv6: '2001:DB8:1::53'
+ local-port: '5300'
+```
configures PowerDNS Authoritative Server to listen incoming DNS requests on port 5300.
- pdns_backends:
- bind:
- config: '/dev/null'
+```yaml
+pdns_service_overrides:
+ User: {{ pdns_user }}
+ Group: {{ pdns_group }}
+```
+
+Dict with overrides for the service (systemd only).
+This can be used to change any systemd settings in the `[Service]` category.
-A dict with all the backends you'd like to enable. You can use
+```yaml
+pdns_backends:
+ bind:
+ config: '/dev/null'
+```
+
+Dictionary declaring all the backends you'd like to enable. You can use
multiple backends of the same kind by using the `{backend}:{instance_name}` syntax.
For example:
- pdns_backends:
- 'gmysql:one':
- 'user': root
- 'host': 127.0.0.1
- 'password': root
- 'dbname': pdns
- 'gmysql:two':
- 'user': pdns_user
- 'host': 192.0.2.15
- 'password': my_password
- 'dbname': dns
- 'bind':
- 'config': '/etc/named/named.conf'
- 'hybrid': yes
- 'dnssec-db': '{{ pdns_config_dir }}/dnssec.db'
+```yaml
+pdns_backends:
+ 'gmysql:one':
+ 'user': root
+ 'host': 127.0.0.1
+ 'password': root
+ 'dbname': pdns
+ 'gmysql:two':
+ 'user': pdns_user
+ 'host': 192.0.2.15
+ 'password': my_password
+ 'dbname': dns
+ 'bind':
+ 'config': '/etc/named/named.conf'
+ 'hybrid': yes
+ 'dnssec-db': '{{ pdns_config_dir }}/dnssec.db'
+```
By default this role starts just the bind-backend with an empty config file.
- pdns_mysql_databases_credentials: {}
+```yaml
+pdns_mysql_databases_credentials: {}
+```
Administrative credentials for the MySQL backend used to create the PowerDNS Authoritative Server databases and users.
For example:
- pdns_mysql_databases_credentials:
- 'gmysql:one':
- 'priv_user': root
- 'priv_password': my_first_password
- 'priv_host':
- - "localhost"
- - "%"
- 'gmysql:two':
- 'priv_user': someprivuser
- 'priv_password': my_second_password
- 'priv_host':
- - "localhost"
-
-Notice that this must only containes the credentials
+```yaml
+pdns_mysql_databases_credentials:
+ 'gmysql:one':
+ 'priv_user': root
+ 'priv_password': my_first_password
+ 'priv_host':
+ - "localhost"
+ - "%"
+ 'gmysql:two':
+ 'priv_user': someprivuser
+ 'priv_password': my_second_password
+ 'priv_host':
+ - "localhost"
+```
+
+Notice that this must only contain the credentials
for the `gmysql` backends provided in `pdns_backends`.
- pdns_sqlite_databases_locations: []
+```yaml
+pdns_sqlite_databases_locations: []
+```
Locations of the SQLite3 databases that have to be created if using the
`gsqlite3` backend.
-Example Playbooks
------------------
+```yaml
+pdns_lmdb_databases_locations: []
+```
-Run as a master using the bind backend (when you already have a `named.conf` file):
+Locations of the LMDB databases that have to be created if using the
+`lmdb` backend.
- - hosts: ns1.example.net
- roles:
- - { role: PowerDNS.pdns }
- vars:
- pdns_config:
- master: true
- local-address: '192.0.2.53'
- pdns_backends:
- bind:
- config: '/etc/named/named.conf'
-
-
-Install the latest 'master' build of PowerDNS Authoritative Server and enable the MySQL backend:
-
- - hosts: ns2.example.net
- roles:
- - { role: PowerDNS.pdns }
- vars:
- pdns_config:
- master: true
- local-address: '192.0.2.54'
- pdns_backends:
- gmysql:
- host: 192.0.2.120
- port: 3306
- user: powerdns
- password: P0w3rDn5
- dbname: pdns
- pdns_install_repo: "{{ pdns_auth_powerdns_repo_master }}"
+Locations of the mysql and sqlite3 base schema.
+When set, this value is used and they are not automatically detected.
+```yaml
+pdns_mysql_schema_file: ''
+
+pdns_sqlite3_schema_file: ''
+```
+## Example Playbooks
+
+Run as a master using the bind backend (when you already have a `named.conf` file):
+
+```yaml
+- hosts: ns1.example.net
+ roles:
+ - { role: PowerDNS.pdns }
+ vars:
+ pdns_config:
+ master: true
+ local-address: '192.0.2.53'
+ pdns_backends:
+ bind:
+ config: '/etc/named/named.conf'
+```
Install the latest '41' build of PowerDNS Authoritative Server enabling the MySQL backend.
Provides also the MySQL administrative credentials to automatically create and initialize the PowerDNS Authoritative Server user and database:
- - hosts: ns2.example.net
- roles:
- - { role: PowerDNS.pdns }
- vars:
- pdns_config:
- master: true
- slave: false
- local-address: '192.0.2.77'
- pdns_backends:
- gmysql:
- host: 192.0.2.120
- port: 3306
- user: powerdns
- password: P0w3rDn5
- dbname: pdns
- pdns_mysql_databases_credentials:
- gmysql:
- priv_user: root
- priv_password: myrootpass
- priv_host:
- - "%"
- pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"
+```yaml
+- hosts: ns2.example.net
+ roles:
+ - { role: PowerDNS.pdns }
+ vars:
+ pdns_config:
+ master: true
+ slave: false
+ local-address: '192.0.2.77'
+ pdns_backends:
+ gmysql:
+ host: 192.0.2.120
+ port: 3306
+ user: powerdns
+ password: P0w3rDn5
+ dbname: pdns
+ pdns_mysql_databases_credentials:
+ gmysql:
+ priv_user: root
+ priv_password: myrootpass
+ priv_host:
+ - "%"
+ pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"
+```
**NOTE:** In this case the role will use the credentials provided in `pdns_mysql_databases_credentials` to automatically create and initialize the user (`user`, `password`) and database (`dbname`) connecting to the MySQL server (`host`, `port`).
-
Configure PowerDNS Authoritative Server in 'master' mode reading zones from two different PostgreSQL databases:
- - hosts: ns2.example.net
- roles:
- - { role: PowerDNS.pdns }
- vars:
- pdns_config:
- master: true
- local-port: 5300
- local-address: '192.0.2.111'
- pdns_backends:
- 'gpgsql:serverone':
- host: 192.0.2.124
- user: powerdns
- password: P0w3rDn5
- dbname: pdns2
- 'gpgsql:otherserver':
- host: 192.0.2.125
- user: root
- password: root
- dbname: dns
-
-
-Configure PowerDNS Authoritative Server to run with the gsqlite3 backend.
+```yaml
+- hosts: ns2.example.net
+ roles:
+ - { role: PowerDNS.pdns }
+ vars:
+ pdns_config:
+ master: true
+ local-port: 5300
+ local-address: '192.0.2.111'
+ pdns_backends:
+ 'gpgsql:serverone':
+ host: 192.0.2.124
+ user: powerdns
+ password: P0w3rDn5
+ dbname: pdns2
+ 'gpgsql:otherserver':
+ host: 192.0.2.125
+ user: root
+ password: root
+ dbname: dns
+```
+
+Configure PowerDNS Authoritative Server to run with the `gsqlite3` backend.
The SQLite database will be created and initialized by the role
in the location specified by the `database_name` variable.
- - hosts: ns4.example.net
- roles:
- - { role: PowerDNS.pdns }
- vars:
- database_name: '/var/lib/powerdns/db.sqlite'
- pdns_config:
- master: true
- slave: false
- local-address: '192.0.2.73'
- pdns_backends:
- gsqlite3:
- database: "{{ database_name }}"
- dnssec: yes
- pdns_sqlite_databases_locations:
- - "{{ database_name }}"
-
-Testing
--------
+```yaml
+- hosts: ns4.example.net
+ roles:
+ - { role: PowerDNS.pdns }
+ vars:
+ database_name: '/var/lib/powerdns/db.sqlite'
+ pdns_config:
+ master: true
+ slave: false
+ local-address: '192.0.2.73'
+ pdns_backends:
+ gsqlite3:
+ database: "{{ database_name }}"
+ dnssec: yes
+ pdns_sqlite_databases_locations:
+ - "{{ database_name }}"
+```
+
+## Changelog
+
+A detailed changelog of all the changes applied to the role is available [here](./CHANGELOG.md).
+
+## Testing
Tests are performed by [Molecule](http://molecule.readthedocs.org/en/latest/).
@@ -294,9 +347,8 @@ To test all the scenarios run
To run a custom molecule command
- $ tox -e py27-ansible22 -- molecule test -s pdns-41
+ $ tox -e ansible210 -- molecule test -s pdns-44
-License
--------
+## License
MIT
diff --git a/roles/PowerDNS.pdns/defaults/main.yml b/roles/PowerDNS.pdns/defaults/main.yml
index e7265ca692f6f492da9eaba50b73348d4a940c7b..1d72c30775f8a211a388ba9e2183bff60e6ba7ff 100644
--- a/roles/PowerDNS.pdns/defaults/main.yml
+++ b/roles/PowerDNS.pdns/defaults/main.yml
@@ -10,19 +10,19 @@ pdns_install_repo: ""
# - { role: PowerDNS.pdns,
# pdns_install_repo: "{{ pdns_auth_powerdns_repo_master }}"
#
-# To install the PowerDNS Authoritative Server from the '4.0.x' official repository
+# To install the PowerDNS Authoritative Server from the '4.1.x' official repository
# use the following playbook snippet
# - hosts: all
# roles:
# - { role: PowerDNS.pdns,
-# pdns_install_repo: "{{ pdns_auth_powerdns_repo_40 }}"
-#
-# To install the PowerDNS Authoritative Server from the '4.1.x' official repository
+# pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"
+
+# To install the PowerDNS Authoritative Server from the '4.2.x' official repository
# use the following playbook snippet
# - hosts: all
# roles:
# - { role: PowerDNS.pdns,
-# pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"
+# pdns_install_repo: "{{ pdns_auth_powerdns_repo_42 }}"
#
# To make this role configure a custom repository and install the
# PowerDNS Authoritative Server from it override the `pdns_install_repo` variable
@@ -30,11 +30,11 @@ pdns_install_repo: ""
# - hosts: all
# vars:
# pdns_install_repo:
-# apt_repo_origin: "my.repo.com" # Pin the PowerDNS packages to the provided repository origin
-# apt_repo: "deb http://my.repo.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns main"
-# gpg_key: "http://my.repo.com/MYREPOGPGPUBKEY.asc" # repository public GPG key
+# apt_repo_origin: "example.com" # Pin the PowerDNS packages to the provided repository origin
+# apt_repo: "deb http://example.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns main"
+# gpg_key: "http://example.com/MYREPOGPGPUBKEY.asc" # repository public GPG key
# gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed
-# yum_repo_baseurl: "http://my.repo.com/centos/$basearch/$releasever/pdns"
+# yum_repo_baseurl: "http://example.com/centos/$basearch/$releasever/pdns"
# name: "powerdns" # the name of the repository
# roles:
# - { role: PowerDNS.pdns }
@@ -61,41 +61,49 @@ pdns_debug_symbols_package_name: "{{ default_pdns_debug_symbols_package_name }}"
# NOTE: at the moment, we don't create a user as we assume the package creates
# a "pdns" user and group. If you change these variables, make sure to create
# the user and groups before applying this role
-pdns_user: pdns
-pdns_group: pdns
+pdns_user: "pdns"
+pdns_group: "pdns"
+pdns_file_owner: "root"
+pdns_file_group: "{{ pdns_group }}"
# Name of the PowerDNS Authoritative Server Service
pdns_service_name: "pdns"
-# Force the execution of the handlers at the end of the role.
-# This is required if using this role to configure multiple pdns auth instance in the same single play.
-# See PowerDNS Authoritative Server virtual hosting https://doc.powerdns.com/md/authoritative/running/#starting-virtual-instances-with-system.
-pdns_flush_handlers: False
+# State of the PowerDNS Authoritative Server service
+pdns_service_state: "started"
+pdns_service_enabled: "yes"
+
+# When True, disable the automated restart of the PowerDNS service
+pdns_disable_handlers: False
# PowerDNS Authoritative Server configuration file and directory
pdns_config_dir: "{{ default_pdns_config_dir }}"
pdns_config_file: "pdns.conf"
-# Dictionary of packages that should be installed to enable the backends.
-# backendname: packagename
-pdns_backends_packages: "{{ default_pdns_backends_packages }}"
-
-# pdns_config: A dict containing all configuration options, except for backend
+# Ddict containing all configuration options, except for backend
# configuration and the "config-dir", "setuid" and "setgid" directives.
-#
-# Example:
+pdns_config: {}
# pdns_config:
# master: yes
# slave: no
# local-address: '192.0.2.53'
# local-ipv6: '2001:DB8:1::53'
# local-port: '5300'
-pdns_config: {}
-# pdns_backends: A dict with all the backends you'd like to configure. You can use
-# the multiple backends of the same kind by using {backend}:{instance_name}.
-#
-# For example:
+# Dict with overrides for the service (systemd only)
+pdns_service_overrides: "{{ default_pdns_service_overrides }}"
+# pdns_service_overrides:
+# LimitNOFILE: 10000
+
+# Dictionary of packages that should be installed to enable the backends.
+# backendname: packagename
+pdns_backends_packages: "{{ default_pdns_backends_packages }}"
+
+# A dict with all the backends you'd like to configure.
+# This default starts just the bind-backend with an empty config file
+pdns_backends:
+ bind:
+ config: '/dev/null'
# pdns_backends:
# 'gmysql:one':
# 'user': root
@@ -112,14 +120,9 @@ pdns_config: {}
# 'config': '/etc/named/named.conf'
# 'hybrid': yes
# 'dnssec-db': '{{ pdns_config_dir }}/dnssec.db'
-#
-# This default starts just the bind-backend with an empty config file
-pdns_backends:
- bind:
- config: '/dev/null'
# Administrative credentials to create the PowerDNS Authoritative Server MySQL backend database and user.
-# For example:
+pdns_mysql_databases_credentials: {}
# pdns_mysql_databases_credentials:
# 'gmysql:one':
# 'priv_user': root
@@ -132,10 +135,22 @@ pdns_backends:
# 'priv_password': my_second_password
# 'priv_host':
# - "localhost"
-pdns_mysql_databases_credentials: {}
# This will create the PowerDNS Authoritative Server backend SQLite database
# in the given locations.
# NOTE: Requries the SQLite CLI tools to be available in the machine and the gsqlite3
# backend to be installed on the machine.
pdns_sqlite_databases_locations: []
+
+# This will create the PowerDNS Authoritative Server backend LMDB database
+# in the given locations.
+# NOTE: Requries lmdb backend to be installed on the machine.
+pdns_lmdb_databases_locations: []
+
+# Override the schema used to initialize the MySQL database
+# By default, this role tries to detect the correct file
+pdns_mysql_schema_file: ""
+
+# Override the schema used to initialize the SQLite database
+# By default, this role tries to detect the correct file
+pdns_sqlite_schema_file: ""
diff --git a/roles/PowerDNS.pdns/handlers/main.yml b/roles/PowerDNS.pdns/handlers/main.yml
deleted file mode 100644
index 94aabe45ca9a3c8724fc19b25d30264ad42cdca9..0000000000000000000000000000000000000000
--- a/roles/PowerDNS.pdns/handlers/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-
-- name: Restart PowerDNS
- service:
- name: "{{ pdns_service_name }}"
- state: restarted
- sleep: 1 # the sleep is needed to make sure the service has been
- # correctly started after being stopped during restarts
diff --git a/roles/PowerDNS.pdns/meta/.galaxy_install_info b/roles/PowerDNS.pdns/meta/.galaxy_install_info
index 070d34db62888b09fe1e00763310a17a989d10ad..27985b8e302b07176e2158c72490a072e77378ad 100644
--- a/roles/PowerDNS.pdns/meta/.galaxy_install_info
+++ b/roles/PowerDNS.pdns/meta/.galaxy_install_info
@@ -1 +1,2 @@
-{install_date: 'Tue Jun 12 09:36:16 2018', version: v1.2.1}
+install_date: Fri Jul 16 14:49:06 2021
+version: v1.7.0
diff --git a/roles/PowerDNS.pdns/meta/main.yml b/roles/PowerDNS.pdns/meta/main.yml
index a2844727835e1c261682b0328d39eeae38860f47..7f57787c0624622fd4d436357eaf740583199a1e 100644
--- a/roles/PowerDNS.pdns/meta/main.yml
+++ b/roles/PowerDNS.pdns/meta/main.yml
@@ -1,30 +1,30 @@
---
galaxy_info:
+ namespace: powerdns
+ role_name: pdns
author: PowerDNS Engineering Team
description: Install and configure the PowerDNS Authoritative DNS Server
company: PowerDNS.COM BV
license: MIT
- min_ansible_version: 2.2
+ min_ansible_version: 2.9
platforms:
- name: EL
versions:
- - 6
- 7
+ - 8
- name: Debian
versions:
- - jessie
- stretch
+ - buster
- name: Ubuntu
versions:
- - trusty
- - utopic
- - vivid
- - wily
- - xenial
+ - bionic
+ - focal
+ - name: ArchLinux
galaxy_tags:
- system
- dns
- pdns
- powerdns
- - pdns-auth
+ - auth
diff --git a/roles/PowerDNS.pdns/molecule/pdns-41/playbook.yml b/roles/PowerDNS.pdns/molecule/pdns-43/converge.yml
similarity index 78%
rename from roles/PowerDNS.pdns/molecule/pdns-41/playbook.yml
rename to roles/PowerDNS.pdns/molecule/pdns-43/converge.yml
index 3002f429d569b5f51b6fcf63529d1190d566ee99..5012f0afa0f332b4e8d7e223ce93726ec3766bbe 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-41/playbook.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-43/converge.yml
@@ -3,7 +3,7 @@
- hosts: pdns
vars_files:
- ../resources/vars/pdns-common.yml
- - ../resources/vars/pdns-repo-41.yml
+ - ../resources/vars/pdns-repo-43.yml
- ../resources/vars/pdns-backends.yml
roles:
- { role: pdns-ansible }
diff --git a/roles/PowerDNS.pdns/molecule/pdns-43/molecule.yml b/roles/PowerDNS.pdns/molecule/pdns-43/molecule.yml
new file mode 100644
index 0000000000000000000000000000000000000000..fa27e98a210430e09cbcc7890612a6c06e39784a
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/pdns-43/molecule.yml
@@ -0,0 +1,88 @@
+---
+
+scenario:
+ name: pdns-43
+
+driver:
+ name: docker
+
+dependency:
+ name: galaxy
+
+platforms:
+ - name: centos-7
+ groups: ["pdns"]
+ image: centos:7
+ dockerfile_tpl: centos-systemd
+
+ - name: centos-8
+ groups: ["pdns"]
+ image: centos:8
+ dockerfile_tpl: centos-systemd
+
+ - name: ubuntu-1804
+ groups: ["pdns"]
+ image: ubuntu:18.04
+ dockerfile_tpl: debian-systemd
+
+ - name: debian-9
+ groups: ["pdns"]
+ image: debian:9
+ dockerfile_tpl: debian-systemd
+
+ - name: debian-10
+ groups: ["pdns"]
+ image: debian:10
+ dockerfile_tpl: debian-systemd
+
+ # In order to run the tests we need
+ # a MySQL container to be up & running
+ - name: mysql
+ image: mysql:5.7
+ env:
+ MYSQL_ROOT_PASSWORD: pdns
+ # Declaring the container as service,
+ # will link it to the others Platforms containers
+ # on creation.
+ is_service: yes
+
+provisioner:
+ name: ansible
+ options:
+ diff: True
+ v: True
+ config_options:
+ defaults:
+ gathering: smart
+ fact_caching: jsonfile
+ fact_caching_connection: .ansible_cache
+ fact_caching_timeout: 7200
+ ssh_connection:
+ pipelining: true
+ inventory:
+ links:
+ host_vars: ../resources/host_vars/
+ playbooks:
+ create: ../resources/create.yml
+ destroy: ../resources/destroy.yml
+ prepare: ../resources/prepare.yml
+ # "systemctl used in place of systemd module" "ANSIBLE0006"
+ # "Tasks that run when changed should likely be handlers" "ANSIBLE0016"
+ # "Shells that use pipes should set the pipefail option" "306"
+ lint: ansible-lint -x ANSIBLE0006 ANSIBLE0016 306
+
+lint: yamllint defaults tasks meta vars
+
+verifier:
+ name: testinfra
+ options:
+ hosts: "pdns"
+ vvv: True
+ directory: ../resources/tests/all
+ additional_files_or_dirs:
+ # path relative to 'directory'
+ - ../repo-43/
+ - ../backend-sqlite/
+ - ../backend-mysql/
+ - ../systemd-override/
+ lint: flake8
diff --git a/roles/PowerDNS.pdns/molecule/pdns-44/converge.yml b/roles/PowerDNS.pdns/molecule/pdns-44/converge.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1b511c1d16e8a6a434666523ddadaa7408b31834
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/pdns-44/converge.yml
@@ -0,0 +1,9 @@
+---
+
+- hosts: pdns
+ vars_files:
+ - ../resources/vars/pdns-common.yml
+ - ../resources/vars/pdns-repo-44.yml
+ - ../resources/vars/pdns-backends.yml
+ roles:
+ - { role: pdns-ansible }
diff --git a/roles/PowerDNS.pdns/molecule/pdns-44/molecule.yml b/roles/PowerDNS.pdns/molecule/pdns-44/molecule.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1c2225861360ed6c772c80789e9aecb5250828fe
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/pdns-44/molecule.yml
@@ -0,0 +1,104 @@
+---
+
+scenario:
+ name: pdns-44
+
+driver:
+ name: docker
+
+dependency:
+ name: galaxy
+
+platforms:
+ - name: centos-7
+ groups: ["pdns"]
+ image: centos:7
+ dockerfile_tpl: centos-systemd
+
+ - name: centos-8
+ groups: ["pdns"]
+ image: centos:8
+ dockerfile_tpl: centos-systemd
+
+ - name: ubuntu-1804
+ groups: ["pdns"]
+ image: ubuntu:18.04
+ dockerfile_tpl: debian-systemd
+
+ - name: ubuntu-2004
+ groups: ["pdns"]
+ image: ubuntu:20.04
+ tmpfs:
+ - /run
+ - /tmp
+ dockerfile_tpl: debian-systemd
+
+ - name: debian-9
+ groups: ["pdns"]
+ image: debian:9
+ dockerfile_tpl: debian-systemd
+
+ - name: debian-10
+ groups: ["pdns"]
+ image: debian:10
+ privileged: True
+ volume_mounts:
+ - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+ tmpfs:
+ - /run
+ - /run/lock
+ - /tmp
+ dockerfile_tpl: debian-systemd
+ environment: { container: docker }
+
+ # In order to run the tests we need
+ # a MySQL container to be up & running
+ - name: mysql
+ image: mysql:5.7
+ env:
+ MYSQL_ROOT_PASSWORD: pdns
+ # Declaring the container as service,
+ # will link it to the others Platforms containers
+ # on creation.
+ is_service: yes
+
+provisioner:
+ name: ansible
+ options:
+ diff: True
+ v: True
+ config_options:
+ defaults:
+ gathering: smart
+ fact_caching: jsonfile
+ fact_caching_connection: .ansible_cache
+ fact_caching_timeout: 7200
+ ssh_connection:
+ pipelining: true
+ inventory:
+ links:
+ host_vars: ../resources/host_vars/
+ playbooks:
+ create: ../resources/create.yml
+ destroy: ../resources/destroy.yml
+ prepare: ../resources/prepare.yml
+ # "systemctl used in place of systemd module" "ANSIBLE0006"
+ # "Tasks that run when changed should likely be handlers" "ANSIBLE0016"
+ # "Shells that use pipes should set the pipefail option" "306"
+ lint: ansible-lint -x ANSIBLE0006 ANSIBLE0016 306
+
+lint: yamllint defaults tasks meta vars
+
+verifier:
+ name: testinfra
+ options:
+ hosts: "pdns"
+ vvv: True
+ directory: ../resources/tests/all
+ additional_files_or_dirs:
+ # path relative to 'directory'
+ - ../repo-44/
+ - ../backend-sqlite/
+ - ../backend-mysql/
+ - ../systemd-override/
+ lint: flake8
diff --git a/roles/PowerDNS.pdns/molecule/pdns-master/playbook.yml b/roles/PowerDNS.pdns/molecule/pdns-master/converge.yml
similarity index 100%
rename from roles/PowerDNS.pdns/molecule/pdns-master/playbook.yml
rename to roles/PowerDNS.pdns/molecule/pdns-master/converge.yml
diff --git a/roles/PowerDNS.pdns/molecule/pdns-master/molecule.yml b/roles/PowerDNS.pdns/molecule/pdns-master/molecule.yml
index e6035aeb361e796f2ec706b77a9df6fc9d9d7853..927ad4eadc2282dce6f02a46cbd7ea54e896eaeb 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-master/molecule.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-master/molecule.yml
@@ -10,37 +10,30 @@ dependency:
name: galaxy
platforms:
- - name: centos-6
- image: centos:6
- groups:
- - pdns
-
- name: centos-7
+ groups: ["pdns"]
image: centos:7
dockerfile_tpl: centos-systemd
- groups:
- - pdns
-
- - name: ubuntu-1604
- image: ubuntu:16.04
- dockerfile_tpl: debian-systemd
- groups:
- - pdns
- - name: ubuntu-1710
- image: ubuntu:17.10
- groups:
- - pdns
+ - name: centos-8
+ groups: ["pdns"]
+ image: centos:8
+ dockerfile_tpl: centos-systemd
- - name: debian-8
- image: debian:8
- groups:
- - pdns
+ - name: ubuntu-1804
+ groups: ["pdns"]
+ image: ubuntu:18.04
+ dockerfile_tpl: debian-systemd
- name: debian-9
+ groups: ["pdns"]
image: debian:9
- groups:
- - pdns
+ dockerfile_tpl: debian-systemd
+
+ - name: debian-10
+ groups: ["pdns"]
+ image: debian:10
+ dockerfile_tpl: debian-systemd
# In order to run the tests we need
# a MySQL container to be up & running
@@ -58,15 +51,24 @@ provisioner:
options:
diff: True
v: True
+ config_options:
+ defaults:
+ gathering: smart
+ fact_caching: jsonfile
+ fact_caching_connection: .ansible_cache
+ fact_caching_timeout: 7200
+ ssh_connection:
+ pipelining: true
+ inventory:
+ links:
+ host_vars: ../resources/host_vars/
playbooks:
create: ../resources/create.yml
destroy: ../resources/destroy.yml
prepare: ../resources/prepare.yml
- lint:
- name: ansible-lint
+ lint: ansible-lint -x ANSIBLE0006 ANSIBLE0016 306
-lint:
- name: yamllint
+lint: yamllint defaults tasks meta vars
verifier:
name: testinfra
@@ -79,5 +81,5 @@ verifier:
- ../repo-master/
- ../backend-sqlite/
- ../backend-mysql/
- lint:
- name: flake8
+ - ../systemd-override/
+ lint: flake8
diff --git a/roles/PowerDNS.pdns/molecule/pdns-os-repos/converge.yml b/roles/PowerDNS.pdns/molecule/pdns-os-repos/converge.yml
new file mode 100644
index 0000000000000000000000000000000000000000..fecc3bb93df073716aaf75240a0498fa10db64b7
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/pdns-os-repos/converge.yml
@@ -0,0 +1,7 @@
+---
+- hosts: pdns
+ vars_files:
+ - ../resources/vars/pdns-common.yml
+ - ../resources/vars/pdns-backends.yml
+ roles:
+ - { role: pdns-ansible }
diff --git a/roles/PowerDNS.pdns/molecule/pdns-41/molecule.yml b/roles/PowerDNS.pdns/molecule/pdns-os-repos/molecule.yml
similarity index 54%
rename from roles/PowerDNS.pdns/molecule/pdns-41/molecule.yml
rename to roles/PowerDNS.pdns/molecule/pdns-os-repos/molecule.yml
index 7bb43563bd0dcf8b59a967ae80b7e1a8cb7ae494..7d7b66eb513ab01f5799e730f508d4aa3973e459 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-41/molecule.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-os-repos/molecule.yml
@@ -1,7 +1,7 @@
---
scenario:
- name: pdns-41
+ name: pdns-os-repos
driver:
name: docker
@@ -10,37 +10,20 @@ dependency:
name: galaxy
platforms:
- - name: centos-6
- image: centos:6
- groups:
- - pdns
-
- - name: centos-7
- image: centos:7
- dockerfile_tpl: centos-systemd
- groups:
- - pdns
-
- - name: ubuntu-1604
- image: ubuntu:16.04
+ - name: debian-10
+ groups: ["pdns"]
+ image: debian:10
dockerfile_tpl: debian-systemd
- groups:
- - pdns
- - name: ubuntu-1710
- image: ubuntu:17.10
- groups:
- - pdns
+ - name: archlinux
+ groups: ["pdns"]
+ image: archlinux:base
+ dockerfile_tpl: archlinux-systemd
- - name: debian-8
- image: debian:8
- groups:
- - pdns
-
- - name: debian-9
- image: debian:9
- groups:
- - pdns
+ - name: ubuntu-2004
+ groups: ["pdns"]
+ image: ubuntu:20.04
+ dockerfile_tpl: debian-systemd
# In order to run the tests we need
# a MySQL container to be up & running
@@ -58,15 +41,24 @@ provisioner:
options:
diff: True
v: True
+ config_options:
+ defaults:
+ gathering: smart
+ fact_caching: jsonfile
+ fact_caching_connection: .ansible_cache
+ fact_caching_timeout: 7200
+ ssh_connection:
+ pipelining: true
+ inventory:
+ links:
+ host_vars: ../resources/host_vars/
playbooks:
create: ../resources/create.yml
destroy: ../resources/destroy.yml
prepare: ../resources/prepare.yml
- lint:
- name: ansible-lint
+ lint: ansible-lint -x ANSIBLE0006 ANSIBLE0016 306
-lint:
- name: yamllint
+lint: yamllint defaults tasks meta vars
verifier:
name: testinfra
@@ -76,8 +68,7 @@ verifier:
directory: ../resources/tests/all
additional_files_or_dirs:
# path relative to 'directory'
- - ../repo-41/
+ - ../systemd-override/
- ../backend-sqlite/
- ../backend-mysql/
- lint:
- name: flake8
+ lint: flake8
diff --git a/roles/PowerDNS.pdns/molecule/resources/Dockerfile.archlinux-systemd.j2 b/roles/PowerDNS.pdns/molecule/resources/Dockerfile.archlinux-systemd.j2
new file mode 100644
index 0000000000000000000000000000000000000000..4e016c8811833110db76a1278fe80a5943458d76
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/Dockerfile.archlinux-systemd.j2
@@ -0,0 +1,27 @@
+# Molecule managed
+
+FROM {{ item.image }}
+
+RUN if [ $(command -v pacman) ]; then pacman -Suy --noconfirm && pacman -S --noconfirm systemd && rm -rf /var/cache/pacman/pkg/*; fi
+RUN if [ ! -e /sbin/init ]; then ln -s /lib/systemd/systemd /sbin/init ; fi
+
+ENV container docker
+
+# Don't start the optional systemd services.
+RUN find /etc/systemd/system \
+ /lib/systemd/system \
+ -path '*.wants/*' \
+ -not -name '*journald*' \
+ -not -name '*systemd-tmpfiles*' \
+ -not -name '*systemd-user-sessions*' \
+ -exec rm \{} \;
+
+RUN systemctl set-default multi-user.target
+
+VOLUME [ "/sys/fs/cgroup" ]
+
+CMD ["/sbin/init"]
+
+RUN if [ $(command -v pacman) ]; then pacman -Suy && pacman -S --noconfirm python sudo bash net-tools ca-certificates awk inetutils grep && rm -rf /var/cache/pacman/pkg/*; fi
+# This ensures docs are installed, which contains the schema files :)
+RUN sed -i '/usr\/share\/doc/d' /etc/pacman.conf
diff --git a/roles/PowerDNS.pdns/molecule/resources/Dockerfile.centos-systemd.j2 b/roles/PowerDNS.pdns/molecule/resources/Dockerfile.centos-systemd.j2
index 8065458df9ad8044be8fdcde1905c2284283949d..120febf046f94c8d5b3fc247eba565b0d1cbdd4c 100644
--- a/roles/PowerDNS.pdns/molecule/resources/Dockerfile.centos-systemd.j2
+++ b/roles/PowerDNS.pdns/molecule/resources/Dockerfile.centos-systemd.j2
@@ -22,5 +22,6 @@ VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
-RUN if [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python python-devel python2-dnf net-tools bash && dnf clean all; \
+RUN if [ $(command -v dnf) ] && [ $(rpm -E %{rhel}) -eq 8 ]; then dnf makecache && dnf --assumeyes install python3 python3-devel python*-dnf bash iproute && dnf clean all; \
+ elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl net-tools bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; fi
diff --git a/roles/PowerDNS.pdns/molecule/resources/Dockerfile.debian-systemd.j2 b/roles/PowerDNS.pdns/molecule/resources/Dockerfile.debian-systemd.j2
index e10ae58c43efc624775dc76c0be80d8901df4aab..cf847ece37bf4b46d685a6bcbfc413f90f48d95c 100644
--- a/roles/PowerDNS.pdns/molecule/resources/Dockerfile.debian-systemd.j2
+++ b/roles/PowerDNS.pdns/molecule/resources/Dockerfile.debian-systemd.j2
@@ -2,6 +2,9 @@
FROM {{ item.image }}
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y systemd && apt-get clean; fi
+RUN if [ ! -e /sbin/init ]; then ln -s /lib/systemd/systemd /sbin/init ; fi
+
ENV container docker
# Don't start the optional systemd services.
@@ -19,4 +22,4 @@ VOLUME [ "/sys/fs/cgroup" ]
CMD ["/sbin/init"]
-RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash net-tools ca-certificates && apt-get clean; fi
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python python3 sudo bash net-tools ca-certificates && apt-get clean; fi
diff --git a/roles/PowerDNS.pdns/molecule/resources/create.yml b/roles/PowerDNS.pdns/molecule/resources/create.yml
index af8d2201db4600b2eb8a385abdaa69f334eae219..a3aa1f538ee1e33df7358f226245e618e48ded3f 100644
--- a/roles/PowerDNS.pdns/molecule/resources/create.yml
+++ b/roles/PowerDNS.pdns/molecule/resources/create.yml
@@ -21,17 +21,18 @@
register: platforms
- name: Discover local Docker images
- docker_image_facts:
- name: "molecule_local/{{ item.item.name }}"
+ docker_image_info:
+ name: "molecule_pdns/{{ item.item.name }}"
with_items: "{{ platforms.results }}"
register: docker_images
- name: Build an Ansible compatible image
docker_image:
- path: "{{ molecule_ephemeral_directory }}"
- name: "molecule_local/{{ item.item.image }}"
- dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}"
- force: "{{ item.item.force | default(True) }}"
+ source: build
+ name: "molecule_pdns/{{ item.item.image }}"
+ build:
+ path: "{{ molecule_ephemeral_directory }}"
+ dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}"
with_items: "{{ platforms.results }}"
when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0
@@ -51,8 +52,9 @@
docker_container:
name: "{{ item.name }}"
hostname: "{{ item.name }}"
- image: "molecule_local/{{ item.image }}"
+ image: "molecule_pdns/{{ item.image }}"
links: "{{ molecule_service_instances | map(attribute='name') | list }}"
+ command: "{{ item.command | default(omit) }}"
state: started
recreate: False
privileged: "yes"
diff --git a/roles/PowerDNS.pdns/molecule/resources/host_vars/centos-8.yml b/roles/PowerDNS.pdns/molecule/resources/host_vars/centos-8.yml
new file mode 100644
index 0000000000000000000000000000000000000000..17c2edfb5caf520fa491a8d30fa6976efaf9d9f2
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/host_vars/centos-8.yml
@@ -0,0 +1,3 @@
+---
+
+ansible_python_interpreter: "/usr/bin/python3"
diff --git a/roles/PowerDNS.pdns/molecule/resources/host_vars/debian-10.yml b/roles/PowerDNS.pdns/molecule/resources/host_vars/debian-10.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b1788605c5643d923f240b6a57ff05e67493d09c
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/host_vars/debian-10.yml
@@ -0,0 +1,4 @@
+---
+
+ansible_python_interpreter: "/usr/bin/python3"
+
diff --git a/roles/PowerDNS.pdns/molecule/resources/host_vars/ubuntu-2004.yml b/roles/PowerDNS.pdns/molecule/resources/host_vars/ubuntu-2004.yml
new file mode 100644
index 0000000000000000000000000000000000000000..17c2edfb5caf520fa491a8d30fa6976efaf9d9f2
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/host_vars/ubuntu-2004.yml
@@ -0,0 +1,3 @@
+---
+
+ansible_python_interpreter: "/usr/bin/python3"
diff --git a/roles/PowerDNS.pdns/molecule/resources/prepare.yml b/roles/PowerDNS.pdns/molecule/resources/prepare.yml
index e306c992ac808c50be729e7b882867a76f2bbb8d..e9e9832ab55a2e12d1ea860db7f18ac159357eac 100644
--- a/roles/PowerDNS.pdns/molecule/resources/prepare.yml
+++ b/roles/PowerDNS.pdns/molecule/resources/prepare.yml
@@ -3,8 +3,8 @@
- name: Prepare the Molecule Test Resources
hosts: pdns
tasks:
- # This is required to be sure yum install the
- # default MySQL and SQLite schemas in /usr/share/doc/
+ # Make sure the default MySQL and SQLite
+ # schemas are installed in /usr/share/doc/
- name: Disable the YUM 'nodocs' option
lineinfile:
line: tsflags=nodocs
@@ -12,6 +12,12 @@
state: absent
when: ansible_pkg_mgr == 'yum'
+ - name: Disable the APT 'nodoc' option
+ lineinfile:
+ line: path-exclude=/usr/share/doc/*
+ dest: /etc/dpkg/dpkg.cfg.d/excludes
+ state: absent
+
# Install rsyslog to capture the PDNS log messages
# when the service is not managed by systemd
- block:
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/all/test_common.py b/roles/PowerDNS.pdns/molecule/resources/tests/all/test_common.py
index 9a53cd553b31fa59df855235cfcc22555f784c78..8080602efe7b647713b7f53a48ee06cd65b53164 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/all/test_common.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/all/test_common.py
@@ -1,21 +1,12 @@
debian_os = ['debian', 'ubuntu']
rhel_os = ['redhat', 'centos']
+archlinux_os = ['arch']
def test_distribution(host):
- assert host.system_info.distribution.lower() in debian_os + rhel_os
-
-
-def test_repo_pinning_file(host):
- if host.system_info.distribution.lower() in debian_os:
- f = host.file('/etc/apt/preferences.d/pdns')
- assert f.exists
- assert f.user == 'root'
- assert f.group == 'root'
- f.contains('Package: pdns-*')
- f.contains('Pin: origin repo.powerdns.com')
- f.contains('Pin-Priority: 600')
+ assert host.system_info.distribution.lower() in debian_os + rhel_os + \
+ archlinux_os
def test_package(host):
@@ -24,6 +15,8 @@ def test_package(host):
p = host.package('pdns-server')
if host.system_info.distribution.lower() in rhel_os:
p = host.package('pdns')
+ if host.system_info.distribution.lower() in archlinux_os:
+ p = host.package('powerdns')
assert p.is_installed
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/backend-mysql/test_backend_mysql.py b/roles/PowerDNS.pdns/molecule/resources/tests/backend-mysql/test_backend_mysql.py
index 663df1ad1696752536cb5132508ef29cacb25e2b..c1e902a96ee5e8db81b9e2734a3de57dedf8915f 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/backend-mysql/test_backend_mysql.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/backend-mysql/test_backend_mysql.py
@@ -1,18 +1,19 @@
debian_os = ['debian', 'ubuntu']
rhel_os = ['redhat', 'centos']
+archlinux_os = ['arch']
def test_package(host):
- p = host.package('pdns-backend-mysql')
-
- assert p.is_installed
+ if host.system_info.distribution.lower() in debian_os + rhel_os:
+ p = host.package('pdns-backend-mysql')
+ assert p.is_installed
def test_config(host):
with host.sudo():
f = None
- if host.system_info.distribution.lower() in debian_os:
+ if host.system_info.distribution.lower() in debian_os + archlinux_os:
f = host.file('/etc/powerdns/pdns.conf')
if host.system_info.distribution.lower() in rhel_os:
f = host.file('/etc/pdns/pdns.conf')
@@ -20,24 +21,20 @@ def test_config(host):
dbname = host.check_output('hostname -s').replace('.', '_')
assert f.exists
- assert 'launch+=gmysql' in f.content
- assert 'gmysql-host=mysql' in f.content
- assert 'gmysql-password=pdns' in f.content
- assert 'gmysql-dbname=' + dbname in f.content
- assert 'gmysql-user=pdns' in f.content
+ assert f.contains('launch+=gmysql')
+ assert f.contains('gmysql-host=mysql')
+ assert f.contains('gmysql-password=pdns')
+ assert f.contains('gmysql-dbname=' + dbname)
+ assert f.contains('gmysql-user=pdns')
def test_database_tables(host):
dbname = host.check_output('hostname -s').replace('.', '_')
- cmd = host.run("mysql --user=\"pdns\" --password=\"pdns\" --host=\"mysql\" " +
+ cmd = host.run("mysql --user=\"pdns\" --password=\"pdns\" --host=\"mysql\" " +
"--batch --skip-column-names " +
"--execute=\"SELECT DISTINCT table_name FROM information_schema.columns WHERE table_schema = '%s'\"" % dbname)
- assert 'domains' in cmd.stdout
- assert 'records' in cmd.stdout
- assert 'supermasters' in cmd.stdout
- assert 'comments' in cmd.stdout
- assert 'domainmetadata' in cmd.stdout
- assert 'cryptokeys' in cmd.stdout
- assert 'tsigkeys' in cmd.stdout
+ for table in [ 'domains', 'records', 'supermasters', 'comments',
+ 'domainmetadata', 'cryptokeys', 'tsigkeys' ]:
+ assert table in cmd.stdout
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/backend-sqlite/test_backend_sqlite.py b/roles/PowerDNS.pdns/molecule/resources/tests/backend-sqlite/test_backend_sqlite.py
index 3b5595d26e094cb93468dab08fbb9a8b55972eed..2527b90f30133d8aacf2da34d396c91f3e0aa42c 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/backend-sqlite/test_backend_sqlite.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/backend-sqlite/test_backend_sqlite.py
@@ -1,23 +1,27 @@
debian_os = ['debian', 'ubuntu']
rhel_os = ['redhat', 'centos']
+archlinux_os = ['arch']
def test_package(host):
- p = None
- if host.system_info.distribution.lower() in debian_os:
- p = host.package('pdns-backend-sqlite3')
- if host.system_info.distribution.lower() in rhel_os:
- p = host.package('pdns-backend-sqlite')
+ if host.system_info.distribution.lower() in debian_os + rhel_os:
+ if host.system_info.distribution.lower() in debian_os:
+ p = host.package('pdns-backend-sqlite3')
+ if host.system_info.distribution.lower() in rhel_os:
+ p = host.package('pdns-backend-sqlite')
- assert p.is_installed
+ assert p.is_installed
def test_database_exists(host):
f = host.file('/var/lib/powerdns/pdns.db')
+ user = 'pdns'
+ if host.system_info.distribution.lower() in archlinux_os:
+ user = 'powerdns'
assert f.exists
- assert f.user == 'pdns'
- assert f.group == 'pdns'
- assert f.mode == 416
+ assert f.user == user
+ assert f.group == user
+ assert f.mode == 0o640
assert f.size > 10000
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/repo-41/test_repo_41.py b/roles/PowerDNS.pdns/molecule/resources/tests/repo-41/test_repo_41.py
deleted file mode 100644
index 85f4adc7f0080029daf8a24a4bc61b8834165d6d..0000000000000000000000000000000000000000
--- a/roles/PowerDNS.pdns/molecule/resources/tests/repo-41/test_repo_41.py
+++ /dev/null
@@ -1,32 +0,0 @@
-
-debian_os = ['debian', 'ubuntu']
-rhel_os = ['redhat', 'centos']
-
-
-def test_repo_file(host):
- f = None
- if host.system_info.distribution.lower() in debian_os:
- f = host.file('/etc/apt/sources.list.d/powerdns-auth-41.list')
- if host.system_info.distribution.lower() in rhel_os:
- f = host.file('/etc/yum.repos.d/powerdns-auth-41.repo')
-
- assert f.exists
- assert f.user == 'root'
- assert f.group == 'root'
-
-
-def test_pdns_repo(host):
- f = None
- if host.system_info.distribution.lower() in debian_os:
- f = host.file('/etc/apt/sources.list.d/powerdns-auth-41.list')
- if host.system_info.distribution.lower() in rhel_os:
- f = host.file('/etc/yum.repos.d/powerdns-auth-41.repo')
-
- assert f.exists
- assert f.contains('auth-41')
-
-
-def test_pdns_version(host):
- cmd = host.run('/usr/sbin/pdns_server --version')
-
- assert 'PowerDNS Authoritative Server 4.1.' in cmd.stderr
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/repo-43/test_repo_43.py b/roles/PowerDNS.pdns/molecule/resources/tests/repo-43/test_repo_43.py
new file mode 100644
index 0000000000000000000000000000000000000000..6528205eacc85cd13eb175afbd6c6176aff79f84
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/repo-43/test_repo_43.py
@@ -0,0 +1,44 @@
+
+debian_os = ['debian', 'ubuntu']
+rhel_os = ['redhat', 'centos']
+
+
+def test_repo_file(host):
+ f = None
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-43.list')
+ if host.system_info.distribution.lower() in rhel_os:
+ f = host.file('/etc/yum.repos.d/powerdns-auth-43.repo')
+
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+
+
+def test_pdns_repo(host):
+ f = None
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-43.list')
+ if host.system_info.distribution.lower() in rhel_os:
+ f = host.file('/etc/yum.repos.d/powerdns-auth-43.repo')
+
+ assert f.exists
+ assert f.contains('auth-43')
+
+
+def test_repo_pinning_file(host):
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/preferences.d/pdns')
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+ f.contains('Package: pdns-*')
+ f.contains('Pin: origin repo.powerdns.com')
+ f.contains('Pin-Priority: 600')
+
+
+def test_pdns_version(host):
+ cmd = host.run('/usr/sbin/pdns_server --version')
+
+ assert 'PowerDNS Authoritative Server' in cmd.stderr
+ assert '4.3' in cmd.stderr
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/repo-44/test_repo_44.py b/roles/PowerDNS.pdns/molecule/resources/tests/repo-44/test_repo_44.py
new file mode 100644
index 0000000000000000000000000000000000000000..6d5dac9b05018598e96a84a466ee4724133d7a0c
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/repo-44/test_repo_44.py
@@ -0,0 +1,44 @@
+
+debian_os = ['debian', 'ubuntu']
+rhel_os = ['redhat', 'centos']
+
+
+def test_repo_file(host):
+ f = None
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-44.list')
+ if host.system_info.distribution.lower() in rhel_os:
+ f = host.file('/etc/yum.repos.d/powerdns-auth-44.repo')
+
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+
+
+def test_pdns_repo(host):
+ f = None
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-44.list')
+ if host.system_info.distribution.lower() in rhel_os:
+ f = host.file('/etc/yum.repos.d/powerdns-auth-44.repo')
+
+ assert f.exists
+ assert f.contains('auth-44')
+
+
+def test_repo_pinning_file(host):
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/preferences.d/pdns')
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+ f.contains('Package: pdns-*')
+ f.contains('Pin: origin repo.powerdns.com')
+ f.contains('Pin-Priority: 600')
+
+
+def test_pdns_version(host):
+ cmd = host.run('/usr/sbin/pdns_server --version')
+
+ assert 'PowerDNS Authoritative Server' in cmd.stderr
+ assert '4.4' in cmd.stderr
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/repo-master/test_repo_master.py b/roles/PowerDNS.pdns/molecule/resources/tests/repo-master/test_repo_master.py
index dd323cdc6b13bb51eb20841787d6e18a3e0f0fc5..8ebaebacaa1c47850e4c91c4150f19d0c4fd26f0 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/repo-master/test_repo_master.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/repo-master/test_repo_master.py
@@ -26,7 +26,19 @@ def test_pdns_repo(host):
assert f.contains('auth-master')
+def test_repo_pinning_file(host):
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/preferences.d/pdns')
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+ f.contains('Package: pdns-*')
+ f.contains('Pin: origin repo.powerdns.com')
+ f.contains('Pin-Priority: 600')
+
+
def test_pdns_version(host):
cmd = host.run('/usr/sbin/pdns_server --version')
- assert 'PowerDNS Authoritative Server 0.0.' in cmd.stderr
+ assert 'PowerDNS Authoritative Server' in cmd.stderr
+ assert 'master' in cmd.stderr
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/systemd-no-override/test_override.py b/roles/PowerDNS.pdns/molecule/resources/tests/systemd-no-override/test_override.py
new file mode 100644
index 0000000000000000000000000000000000000000..3ec704859305c2adc4d5501442e513be82f52d79
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/systemd-no-override/test_override.py
@@ -0,0 +1,7 @@
+def test_systemd_override(host):
+ smgr = host.ansible("setup")["ansible_facts"]["ansible_service_mgr"]
+ if smgr == 'systemd':
+ fname = '/etc/systemd/system/pdns.service.d/override.conf'
+ f = host.file(fname)
+
+ assert not f.exists
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/systemd-override/test_override.py b/roles/PowerDNS.pdns/molecule/resources/tests/systemd-override/test_override.py
new file mode 100644
index 0000000000000000000000000000000000000000..9d6605bdd33a24bd838aa78721d7e361610bde22
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/systemd-override/test_override.py
@@ -0,0 +1,10 @@
+def test_systemd_override(host):
+ smgr = host.ansible("setup")["ansible_facts"]["ansible_service_mgr"]
+ if smgr == 'systemd':
+ fname = '/etc/systemd/system/pdns.service.d/override.conf'
+ f = host.file(fname)
+
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+ assert f.contains('LimitCORE=infinity')
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/molecule.yml b/roles/PowerDNS.pdns/molecule/resources/vars/molecule.yml
index 761b27a464105a939af3a7d0ddd57a4aeecec374..ac66ad37f9afd97b524539e513974cd0f5b45305 100644
--- a/roles/PowerDNS.pdns/molecule/resources/vars/molecule.yml
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/molecule.yml
@@ -1,6 +1,7 @@
---
-
molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
molecule_ephemeral_directory: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}"
molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
-molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
+role-file: requirements.yml
+requirements-file: requirements.yml
+molecule_yml: "{{ lookup('file', molecule_file) | from_yaml }}"
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-common.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-common.yml
index 17fea54950057475f5fe567bb0503e9c463a7142..7b1d4c7c40b9030614c73bf5d20aacb14855c7b6 100644
--- a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-common.yml
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-common.yml
@@ -21,3 +21,6 @@ pdns_config:
webserver: yes
webserver-address: "0.0.0.0"
webserver-port: "8001"
+
+pdns_service_overrides:
+ LimitCORE: infinity
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-no-overrides.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-no-overrides.yml
new file mode 100644
index 0000000000000000000000000000000000000000..381802827e7b52e28c7b3b2bbe73203509ef309b
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-no-overrides.yml
@@ -0,0 +1,26 @@
+---
+
+##
+# PowerDNS Configuration
+##
+
+pdns_config:
+
+ # Turns on master operations
+ master: true
+
+ # Listen Address
+ local-address: "127.0.0.1"
+ local-port: "53"
+
+ # API Configuration
+ api: yes
+ api-key: "powerdns"
+
+ # Embedded webserver
+ webserver: yes
+ webserver-address: "0.0.0.0"
+ webserver-port: "8001"
+
+pdns_install_repo: "{{ pdns_auth_powerdns_repo_44 }}"
+pdns_service_overrides: ''
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-os-repos.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-os-repos.yml
new file mode 100644
index 0000000000000000000000000000000000000000..96d7c0a0a4c3f46f206f55dcde790f5da272c850
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-os-repos.yml
@@ -0,0 +1,5 @@
+---
+
+##
+# No special things
+##
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-41.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-41.yml
deleted file mode 100644
index 4722dd006133b1c90dfbe019fbbabdf6f3d769c1..0000000000000000000000000000000000000000
--- a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-41.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-##
-# PowerDNS 4.1.x Repository
-##
-
-pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-43.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-43.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8518de409516f6a9d5da4a3c3ee585beb4772a19
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-43.yml
@@ -0,0 +1,7 @@
+---
+
+##
+# PowerDNS 4.3.x Repository
+##
+
+pdns_install_repo: "{{ pdns_auth_powerdns_repo_43 }}"
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-44.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-44.yml
new file mode 100644
index 0000000000000000000000000000000000000000..007c357ffad55cc04bcb20f2a9892f130f456490
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-44.yml
@@ -0,0 +1,7 @@
+---
+
+##
+# PowerDNS 4.4.x Repository
+##
+
+pdns_install_repo: "{{ pdns_auth_powerdns_repo_44 }}"
diff --git a/roles/PowerDNS.pdns/molecule/systemd-no-overrides/converge.yml b/roles/PowerDNS.pdns/molecule/systemd-no-overrides/converge.yml
new file mode 100644
index 0000000000000000000000000000000000000000..83600f68ada663a908fcc0b8c7d89974b020e7ce
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/systemd-no-overrides/converge.yml
@@ -0,0 +1,7 @@
+---
+
+- hosts: pdns
+ vars_files:
+ - ../resources/vars/pdns-no-overrides.yml
+ roles:
+ - { role: pdns-ansible }
diff --git a/roles/PowerDNS.pdns/molecule/systemd-no-overrides/molecule.yml b/roles/PowerDNS.pdns/molecule/systemd-no-overrides/molecule.yml
new file mode 100644
index 0000000000000000000000000000000000000000..27003dac9d26d15e97551d1d0aab29148ee3e9f5
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/systemd-no-overrides/molecule.yml
@@ -0,0 +1,56 @@
+---
+
+scenario:
+ name: systemd-no-overrides
+
+driver:
+ name: docker
+
+dependency:
+ name: galaxy
+
+platforms:
+ - name: debian-10
+ groups: ["pdns"]
+ image: debian:10
+ dockerfile_tpl: debian-systemd
+
+ - name: ubuntu-2004
+ groups: ["pdns"]
+ image: ubuntu:20.04
+ dockerfile_tpl: debian-systemd
+
+provisioner:
+ name: ansible
+ options:
+ diff: True
+ v: True
+ config_options:
+ defaults:
+ gathering: smart
+ fact_caching: jsonfile
+ fact_caching_connection: .ansible_cache
+ fact_caching_timeout: 7200
+ ssh_connection:
+ pipelining: true
+ inventory:
+ links:
+ host_vars: ../resources/host_vars/
+ playbooks:
+ create: ../resources/create.yml
+ destroy: ../resources/destroy.yml
+ prepare: ../resources/prepare.yml
+ lint: ansible-lint -x ANSIBLE0006 ANSIBLE0016 306
+
+lint: yamllint defaults tasks meta vars
+
+verifier:
+ name: testinfra
+ options:
+ hosts: "pdns"
+ vvv: True
+ directory: ../resources/tests/all
+ additional_files_or_dirs:
+ # path relative to 'directory'
+ - ../systemd-no-override
+ lint: flake8
diff --git a/roles/PowerDNS.pdns/requirements.yml b/roles/PowerDNS.pdns/requirements.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6a0d2421a50a36ff324a8c9d418bdb713c47e2f8
--- /dev/null
+++ b/roles/PowerDNS.pdns/requirements.yml
@@ -0,0 +1,3 @@
+---
+collections:
+ - name: community.mysql
diff --git a/roles/PowerDNS.pdns/tasks/configure.yml b/roles/PowerDNS.pdns/tasks/configure.yml
index 36179598d8763a92889a92c465f2b7bcff333d8c..fb103f669b31291c3d775b4a9787423e0f79adf6 100644
--- a/roles/PowerDNS.pdns/tasks/configure.yml
+++ b/roles/PowerDNS.pdns/tasks/configure.yml
@@ -1,27 +1,63 @@
---
-- name: Ensure that the PowerDNS Authoritative Server configuration directory exists
+- block:
+
+ - name: Ensure the override directory exists (systemd)
+ file:
+ name: "/etc/systemd/system/{{ pdns_service_name }}.service.d"
+ state: directory
+ owner: root
+ group: root
+
+ - name: Override the PowerDNS Authoritative Server unit (systemd)
+ template:
+ src: "override-service.systemd.conf.j2"
+ dest: "/etc/systemd/system/{{ pdns_service_name }}.service.d/override.conf"
+ owner: root
+ group: root
+ register: _pdns_override_unit
+ when: pdns_service_overrides | length > 0
+
+ - name: Reload systemd
+ systemd:
+ daemon_reload: yes
+ when: not pdns_disable_handlers
+ and _pdns_override_unit.changed
+
+ when: ansible_service_mgr == "systemd"
+
+- name: Ensure that the PowerDNS configuration directory exists
file:
name: "{{ pdns_config_dir }}"
state: directory
- owner: "root"
- group: "root"
- mode: 0755
+ owner: "{{ pdns_file_owner }}"
+ group: "{{ pdns_file_group }}"
+ mode: 0750
-- name: Generate the PowerDNS Authoritative Server configuration
+- name: Generate the PowerDNS configuration
template:
src: pdns.conf.j2
dest: "{{ pdns_config_dir }}/{{ pdns_config_file }}"
- owner: "root"
- group: "root"
+ owner: "{{ pdns_file_owner }}"
+ group: "{{ pdns_file_group }}"
mode: 0640
- notify: Restart PowerDNS
+ register: _pdns_configuration
-- name: Ensure that the PowerDNS Authoritative Server 'include-dir' directory exists
+- name: Ensure that the PowerDNS 'include-dir' directory exists
file:
name: "{{ pdns_config['include-dir'] }}"
state: directory
- owner: "root"
- group: "root"
- mode: 0755
+ owner: "{{ pdns_file_owner }}"
+ group: "{{ pdns_file_group }}"
+ mode: 0750
when: "pdns_config['include-dir'] is defined"
+
+- name: Restart PowerDNS
+ service:
+ name: "{{ pdns_service_name }}"
+ state: restarted
+ sleep: 1
+ when: not pdns_disable_handlers
+ and pdns_service_state != 'stopped'
+ and (_pdns_override_unit.changed
+ or _pdns_configuration.changed)
diff --git a/roles/PowerDNS.pdns/tasks/database-lmdb.yml b/roles/PowerDNS.pdns/tasks/database-lmdb.yml
new file mode 100644
index 0000000000000000000000000000000000000000..83da40fe00d74908a6c05463b0556173220eadcd
--- /dev/null
+++ b/roles/PowerDNS.pdns/tasks/database-lmdb.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Ensure that the directories containing the PowerDNS LMDB databases exist
+ file:
+ name: "{{ item | dirname }}"
+ owner: "{{ pdns_user }}"
+ group: "{{ pdns_group }}"
+ state: directory
+ mode: 0750
+ with_items: "{{ pdns_lmdb_databases_locations }}"
diff --git a/roles/PowerDNS.pdns/tasks/database-mysql.yml b/roles/PowerDNS.pdns/tasks/database-mysql.yml
index 9198e93a38e5a9c74447eef3618bad534e3dc75f..307929d75d9a039359bb5109eaf2fdc13da0a988 100644
--- a/roles/PowerDNS.pdns/tasks/database-mysql.yml
+++ b/roles/PowerDNS.pdns/tasks/database-mysql.yml
@@ -1,40 +1,33 @@
---
-- name: Install the MySQL dependencies on RedHat
+- name: Install the MySQL dependencies
package:
- name: "{{ item }}"
+ name: "{{ pdns_mysql_packages }}"
state: present
- with_items:
- - mysql
- - MySQL-python
- when: ansible_os_family == 'RedHat'
-- name: Install the MySQL dependencies on Debian
- package:
- name: "{{ item }}"
- state: present
- with_items:
- - mysql-client
- - python-mysqldb
- when: ansible_os_family == 'Debian'
+- debug: var=item['value']
+ when: "item.key.split(':')[0] == 'gmysql'"
+ with_dict: "{{ pdns_backends | combine(pdns_mysql_databases_credentials, recursive=True) }}"
-- name: Create the PowerDNS Authoritative Server MySQL databases
+- name: Create the PowerDNS MySQL databases
mysql_db:
login_user: "{{ item['value']['priv_user'] }}"
login_password: "{{ item['value']['priv_password'] }}"
login_host: "{{ item['value']['host'] }}"
login_port: "{{ item['value']['port'] | default('3306') }}"
+ login_unix_socket: /var/run/mysqld/mysqld.sock
name: "{{ item['value']['dbname'] }}"
state: present
when: "item.key.split(':')[0] == 'gmysql'"
with_dict: "{{ pdns_backends | combine(pdns_mysql_databases_credentials, recursive=True) }}"
-- name: Grant the PowerDNS Authoritative Server access to the MySQL databases
+- name: Grant PowerDNS access to the MySQL databases
mysql_user:
login_user: "{{ item[0]['priv_user'] }}"
login_password: "{{ item[0]['priv_password'] }}"
login_host: "{{ item[0]['host'] }}"
login_port: "{{ item[0]['port'] | default('3306') }}"
+ login_unix_socket: /var/run/mysqld/mysqld.sock
name: "{{ item[0]['user'] }}"
password: "{{ item[0]['password'] }}"
host: "{{ item[1] }}"
@@ -46,7 +39,7 @@
- priv_host
- skip_missing: yes
-- name: Check if the PowerDNS Authoritative Server MySQL databases are empty
+- name: Check if the MySQL databases are empty
command: >
mysql --user="{{ item['value']['user'] }}" --password="{{ item['value']['password'] }}"
--host="{{ item['value']['host'] }}" --port "{{ item['value']['port'] | default('3306') }}" --batch --skip-column-names
@@ -56,27 +49,26 @@
register: _pdns_check_mysql_db
changed_when: False
-- name: Define the PowerDNS Authoritative Server database MySQL schema file path on RedHat < 7
- set_fact:
- _pdns_mysql_schema_file: "/usr/share/doc/pdns/schema.mysql.sql"
- when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int < 7
-
-- name: Define the PowerDNS Authoritative Server database MySQL schema file path on RedHat >= 7
- set_fact:
- _pdns_mysql_schema_file: "/usr/share/doc/pdns-backend-mysql-{{ pdns_package_version | regex_replace('-rc[\\d]*$', '') }}/schema.mysql.sql"
- when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int >= 7
-
-- name: Define the PowerDNS Authoritative Server database MySQL schema file path on Debian
- set_fact:
- _pdns_mysql_schema_file: "/usr/share/dbconfig-common/data/pdns-backend-mysql/install/mysql"
- when: ansible_os_family == 'Debian' and pdns_install_repo == ''
+- name: Determine location of the SQL file
+ shell:
+ cmd: |
+ for p in /usr/share/doc/pdns-backend-mysql-{{ _pdns_running_version }}/schema.mysql.sql /usr/share/doc/pdns-backend-mysql/schema.mysql.sql /usr/share/pdns-backend-mysql/schema/schema.mysql.sql /usr/share/dbconfig-common/data/pdns-backend-mysql/install/mysql /usr/share/doc/powerdns/schema.mysql.sql; do
+ if [ -f $p ]; then
+ echo $p
+ exit 0
+ fi
+ done
+ echo "Can't determine path to MySQL schema">&2
+ exit 1
+ changed_when: false
+ register: pdns_mysql_schema_file_detected
+ when: pdns_mysql_schema_file | length == 0
-- name: Define the PowerDNS Authoritative Server database MySQL schema file path on Debian
+- name: Set the schema file variable
set_fact:
- _pdns_mysql_schema_file: "/usr/share/doc/pdns-backend-mysql/schema.mysql.sql"
- when: ansible_os_family == 'Debian' and pdns_install_repo != ''
+ pdns_mysql_schema_file_to_use: "{% if pdns_mysql_schema_file | length == 0 %}{{ pdns_mysql_schema_file_detected.stdout }}{% else %}{{ pdns_mysql_schema_file }}{% endif %}"
-- name: Import the PowerDNS Authoritative Server MySQL schema
+- name: Import the PowerDNS MySQL schema
mysql_db:
login_user: "{{ item['item']['value']['user'] }}"
login_password: "{{ item['item']['value']['password'] }}"
@@ -84,6 +76,6 @@
login_port: "{{ item['item']['port'] | default('3306') }}"
name: "{{ item.item['value']['dbname'] }}"
state: import
- target: "{{ _pdns_mysql_schema_file }}"
+ target: "{{ pdns_mysql_schema_file_to_use }}"
when: "item['item']['key'].split(':')[0] == 'gmysql' and item['stdout'] == '0'"
with_items: "{{ _pdns_check_mysql_db['results'] }}"
diff --git a/roles/PowerDNS.pdns/tasks/database-sqlite3.yml b/roles/PowerDNS.pdns/tasks/database-sqlite3.yml
index e4607e400358a22b7afb94040ce29f546f232616..edbd89d36ee99342e83fa1abbd323f911479b255 100644
--- a/roles/PowerDNS.pdns/tasks/database-sqlite3.yml
+++ b/roles/PowerDNS.pdns/tasks/database-sqlite3.yml
@@ -1,36 +1,52 @@
---
-- name: Ensure that the directories containing the PowerDNS Authoritative Server SQLite databases exist
+- name: Install the SQLite dependencies on RedHat
+ package:
+ name: sqlite
+ state: present
+ when: ansible_os_family == 'RedHat'
+
+- name: Install the SQLite dependencies on Debian
+ package:
+ name: sqlite3
+ state: present
+ when: ansible_os_family == 'Debian'
+
+- name: Ensure that the directories containing the PowerDNS SQLite databases exist
file:
- name: "{{ '/'.join(item.split('/')[:-1]) }}"
+ name: "{{ item | dirname }}"
owner: "{{ pdns_user }}"
group: "{{ pdns_group }}"
state: directory
mode: 0750
with_items: "{{ pdns_sqlite_databases_locations }}"
-- name: Create the PowerDNS Authoritative Server SQLite databases on RedHat < 7
- shell: "sqlite3 {{ item }} < /usr/share/doc/pdns/schema.sqlite3.sql"
- args:
- creates: "{{ item }}"
- with_items: "{{ pdns_sqlite_databases_locations }}"
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version | int < 7
+- name: Determine location of the SQL file
+ shell:
+ cmd: |
+ for p in /usr/share/doc/pdns-backend-sqlite-{{ _pdns_running_version }}/schema.sql /usr/share/doc/pdns-backend-sqlite-{{ _pdns_running_version }}/schema.sqlite3.sql /usr/share/doc/pdns/schema.sqlite3.sql /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql /usr/share/doc/pdns-backend-sqlite/schema.sqlite3.sql /usr/share/doc/powerdns/schema.sqlite3.sql; do
+ if [ -f $p ]; then
+ echo $p
+ exit 0
+ fi
+ done
+ echo "Can't determine path to SQLite schema">&2
+ exit 1
+ changed_when: false
+ register: pdns_sqlite_schema_file_detected
+ when: pdns_sqlite_schema_file | length == 0
-- name: Create the PowerDNS Authoritative Server SQLite databases on RedHat >= 7
- shell: "sqlite3 {{ item }} < /usr/share/doc/pdns-backend-sqlite-{{ pdns_package_version | regex_replace('-rc[\\d]*$', '') }}/schema.sqlite3.sql"
- args:
- creates: "{{ item }}"
- with_items: "{{ pdns_sqlite_databases_locations }}"
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version | int >= 7
+- name: Set the schema file variable
+ set_fact:
+ pdns_sqlite_schema_file_to_use: "{% if pdns_sqlite_schema_file | length == 0 %}{{ pdns_sqlite_schema_file_detected.stdout }}{% else %}{{ pdns_sqlite_schema_file }}{% endif %}"
-- name: Create the PowerDNS Authoritative Server SQLite databases on Debian
- shell: "sqlite3 {{ item }} < /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql"
+- name: Create the PowerDNS SQLite databases
+ shell: "sqlite3 {{ item }} < {{ pdns_sqlite_schema_file_to_use }}"
args:
creates: "{{ item }}"
with_items: "{{ pdns_sqlite_databases_locations }}"
- when: ansible_os_family == "Debian"
-- name: Check the PowerDNS Authoritative Server SQLite databases permissions
+- name: Check the PowerDNS SQLite databases permissions
file:
name: "{{ item }}"
owner: "{{ pdns_user }}"
diff --git a/roles/PowerDNS.pdns/tasks/inspect.yml b/roles/PowerDNS.pdns/tasks/inspect.yml
index 910064c0dc56b17f1dd32b2f7644b64e78259342..98f74d34dac47809d675cf2fff440a52701d29ff 100644
--- a/roles/PowerDNS.pdns/tasks/inspect.yml
+++ b/roles/PowerDNS.pdns/tasks/inspect.yml
@@ -1,11 +1,12 @@
---
-- name: Obtain the PowerDNS Authoritative Server version
- shell: "pdns_server --version 2>&1 | awk '/PowerDNS Authoritative/{print $7}'"
+- name: Obtain the version of the running PowerDNS instance
+ shell: |
+ pdns_server --version 2>&1 | awk '/PowerDNS Authoritative/{print $7}'
register: _pdns_version
check_mode: no
changed_when: False
-- name: Export the PowerDNS Authoritative Server version variable
+- name: Export the running PowerDNS instance version to a variable
set_fact:
- pdns_package_version: "{{ _pdns_version['stdout'] }}"
+ _pdns_running_version: "{{ _pdns_version['stdout'] | regex_replace('-[.\\d\\w]+$', '') }}"
diff --git a/roles/PowerDNS.pdns/tasks/install.yml b/roles/PowerDNS.pdns/tasks/install.yml
index 24a8dc663866787480890483e1f708e5405a6668..af547fdca4f5ae35dc5b120794f9e2c67d94ed5e 100644
--- a/roles/PowerDNS.pdns/tasks/install.yml
+++ b/roles/PowerDNS.pdns/tasks/install.yml
@@ -2,32 +2,32 @@
- block:
- - name: Prefix the version with the correct separator on RedHat
+ - name: Prefix the PowerDNS version with the correct separator on RedHat
set_fact:
- pdns_package_version: "-{{ pdns_package_version }}"
+ _pdns_package_version: "-{{ pdns_package_version }}"
when: ansible_os_family == 'RedHat'
- - name: Prefix the version with the correct separator on Debian
+ - name: Prefix the PowerDNS version with the correct separator on Debian
set_fact:
- pdns_package_version: "={{ pdns_package_version }}"
+ _pdns_package_version: "={{ pdns_package_version }}"
when: ansible_os_family == 'Debian'
- when: pdns_package_version != ''
+ when: "pdns_package_version | length > 0"
-- name: Install the PowerDNS Authoritative Server
+- name: Install PowerDNS
package:
- name: "{{ pdns_package_name }}{{ pdns_package_version }}"
+ name: "{{ pdns_package_name }}{{ _pdns_package_version | default('') }}"
state: present
-- name: Install PowerDNS Authoritative Server debug symbols
+- name: Install PowerDNS debug symbols
package:
- name: "{{ pdns_debug_symbols_package_name }}{{ pdns_package_version }}"
+ name: "{{ pdns_debug_symbols_package_name }}{{ _pdns_package_version | default('') }}"
state: present
when: pdns_install_debug_symbols_package
-- name: Install the PowerDNS Authoritative Server backends
+- name: Install PowerDNS backends
package:
- name: "{{ pdns_backends_packages[item.key.split(':')[0]] }}{{ pdns_package_version }}"
+ name: "{{ pdns_backends_packages[item.key.split(':')[0]] }}{{ _pdns_package_version | default('') }}"
state: present
when: pdns_backends_packages[item.key.split(':')[0]] is defined
with_dict: "{{ pdns_backends }}"
diff --git a/roles/PowerDNS.pdns/tasks/main.yml b/roles/PowerDNS.pdns/tasks/main.yml
index 4b1fdcf5692f145b432a855548271109f22947f7..c512126a7b9c7aa61f17e28a88a91831b717d82a 100644
--- a/roles/PowerDNS.pdns/tasks/main.yml
+++ b/roles/PowerDNS.pdns/tasks/main.yml
@@ -1,12 +1,17 @@
---
- name: Include OS-specific variables
- include_vars: "{{ ansible_os_family }}.yml"
+ include_vars: "{{ item }}"
+ with_first_found:
+ - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+ - "{{ ansible_distribution }}.yml"
+ - "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+ - "{{ ansible_os_family }}.yml"
tags:
- always
- include: "repo-{{ ansible_os_family }}.yml"
- when: pdns_install_repo != ""
+ when: "pdns_install_repo | length > 0"
tags:
- install
- repository
@@ -34,21 +39,26 @@
- db
- sqlite
+- include: database-lmdb.yml
+ when: "pdns_lmdb_databases_locations | length > 0"
+ tags:
+ - db
+ - lmdb
+
- include: configure.yml
tags:
- config
-- name: Start and enable the PowerDNS Authoritative Server service
- service:
- name: "{{ pdns_service_name }}"
- state: started
- enabled: true
+- include: selinux.yml
+ when: ansible_selinux is defined and ansible_selinux.status == 'enabled'
tags:
- - service
+ - selinux
+ - config
-- name: Force handlers flush
- meta: flush_handlers
- when: pdns_flush_handlers
+- name: Start and enable the PowerDNS service
+ service:
+ name: "{{ pdns_service_name }}"
+ state: "{{ pdns_service_state }}"
+ enabled: "{{ pdns_service_enabled }}"
tags:
- - config
- service
diff --git a/roles/PowerDNS.pdns/tasks/repo-Debian.yml b/roles/PowerDNS.pdns/tasks/repo-Debian.yml
index e8e7cc8adc3ef22a3b3be93bc2d31068b8b16f78..d2f67313137a13dd62c65cacd2fb7bbca6f7d0cd 100644
--- a/roles/PowerDNS.pdns/tasks/repo-Debian.yml
+++ b/roles/PowerDNS.pdns/tasks/repo-Debian.yml
@@ -5,17 +5,26 @@
name: gnupg
state: present
-- name: Import the PowerDNS Authoritative Server Repository APT key
+- name: Import the PowerDNS APT Repository key from URL
apt_key:
url: "{{ pdns_install_repo['gpg_key'] }}"
id: "{{ pdns_install_repo['gpg_key_id'] | default('') }}"
state: present
+ when: pdns_install_repo['gpg_key'] is regex("^[a-z]{3,}://")
register: _pdns_apt_key
-- name: Add the PowerDNS Authoritative Server APT Repository
+- name: Import the PowerDNS APT Repository key from File
+ apt_key:
+ data: "{{ lookup('file', pdns_install_repo['gpg_key']) }}"
+ id: "{{ pdns_install_repo['gpg_key_id'] | default('') }}"
+ state: present
+ when: not pdns_install_repo['gpg_key'] is regex("^[a-z]{3,}://")
+ register: _pdns_apt_key
+
+- name: Add the PowerDNS APT Repository
apt_repository:
- repo: "{{ pdns_install_repo['apt_repo'] }}"
filename: "{{ pdns_install_repo['name'] }}"
+ repo: "{{ pdns_install_repo['apt_repo'] }}"
state: present
register: _pdns_apt_repo
@@ -24,7 +33,7 @@
update_cache: yes
when: "_pdns_apt_key.changed or _pdns_apt_repo.changed"
-- name: Pin the PowerDNS Authoritative Server APT Repository
+- name: Pin the PowerDNS APT Repository
template:
src: pdns.pin.j2
dest: /etc/apt/preferences.d/pdns
diff --git a/roles/PowerDNS.pdns/tasks/repo-RedHat.yml b/roles/PowerDNS.pdns/tasks/repo-RedHat.yml
index f33f35a7e3599f58a719313176b7290c122dd71e..09eaf5f65f867bbd717bb00a120c2f4c0993d981 100644
--- a/roles/PowerDNS.pdns/tasks/repo-RedHat.yml
+++ b/roles/PowerDNS.pdns/tasks/repo-RedHat.yml
@@ -20,9 +20,11 @@
package:
name: yum-plugin-priorities
state: present
- when: ansible_distribution in [ 'CentOS' ]
+ when:
+ - ansible_distribution in [ 'CentOS' ]
+ - ansible_distribution_major_version | int < 8
-- name: Add the PowerDNS Authoritative Server YUM Repository
+- name: Add the PowerDNS YUM Repository
yum_repository:
name: "{{ pdns_install_repo['name'] }}"
file: "{{ pdns_install_repo['name'] }}"
@@ -30,10 +32,10 @@
baseurl: "{{ pdns_install_repo['yum_repo_baseurl'] }}"
gpgkey: "{{ pdns_install_repo['gpg_key'] }}"
gpgcheck: yes
- priority: 90
+ priority: "90"
state: present
-- name: Add the PowerDNS Authoritative Server debug symbols YUM Repository
+- name: Add the PowerDNS debug symbols YUM Repository
yum_repository:
name: "{{ pdns_install_repo['name'] }}-debuginfo"
file: "{{ pdns_install_repo['name'] }}"
@@ -41,6 +43,6 @@
baseurl: "{{ pdns_install_repo['yum_debug_symbols_repo_baseurl'] }}"
gpgkey: "{{ pdns_install_repo['gpg_key'] }}"
gpgcheck: yes
- priority: 90
+ priority: "90"
state: present
when: pdns_install_debug_symbols_package
diff --git a/roles/PowerDNS.pdns/tasks/selinux.yml b/roles/PowerDNS.pdns/tasks/selinux.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a7afcec7b16468a6a5455f33f049ec2b3c874bef
--- /dev/null
+++ b/roles/PowerDNS.pdns/tasks/selinux.yml
@@ -0,0 +1,14 @@
+---
+- name: allow mysql connect from pdns in selinux
+ seboolean:
+ name: pdns_can_network_connect_db
+ state: yes
+ persistent: yes
+ when: "pdns_mysql_databases_credentials | length > 0"
+
+- name: allow pdns to bind to udp high ports
+ seport:
+ ports: 10000-20000
+ proto: udp
+ setype: dns_port_t
+ state: present
diff --git a/roles/PowerDNS.pdns/templates/override-service.systemd.conf.j2 b/roles/PowerDNS.pdns/templates/override-service.systemd.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..bec0c2ed67e007b490718da7922454a2b2236920
--- /dev/null
+++ b/roles/PowerDNS.pdns/templates/override-service.systemd.conf.j2
@@ -0,0 +1,7 @@
+[Service]
+{% for k, v in pdns_service_overrides.items() %}
+{% if k == 'ExecStart' %}ExecStart=
+{% elif k == 'ExecStartPre' %}ExecStartPre=
+{% endif %}
+{{ k }}={{ v }}
+{% endfor %}
diff --git a/roles/PowerDNS.pdns/templates/pdns.conf.j2 b/roles/PowerDNS.pdns/templates/pdns.conf.j2
index d98a984cc904e759ecf99387faa3961739e70297..037bd22d12eb259647fe7d456303acbdc98f65aa 100644
--- a/roles/PowerDNS.pdns/templates/pdns.conf.j2
+++ b/roles/PowerDNS.pdns/templates/pdns.conf.j2
@@ -3,10 +3,16 @@ setuid={{ pdns_user }}
setgid={{ pdns_group }}
{% for config_item, value in pdns_config.items() | sort() %}
{% if config_item not in ["config-dir", "launch", "setuid", "setgid"] %}
-{% if value == True %}
+{% if value is sameas True %}
{{ config_item }}=yes
-{% elif value == False %}
+{% elif value is sameas False %}
{{ config_item }}=no
+{% elif value == None %}
+{{ config_item }}=
+{% elif value is string %}
+{{ config_item }}={{ value | string }}
+{% elif value is sequence %}
+{{ config_item }}={{ value | join(',') }}
{% else %}
{{ config_item }}={{ value | string }}
{% endif %}
@@ -19,11 +25,11 @@ launch=
launch+={{ backend }}
{% set backend_string = backend | replace(':', '-') %}
{% for backend_item, value in pdns_backends[backend].items() | sort() -%}
-{% if value == True %}
+{% if value is sameas True %}
{{ backend_string }}-{{ backend_item }}=yes
-{% elif backend_item == False %}
+{% elif value is sameas False %}
{{ backend_string }}-{{ backend_item }}=no
-{% elif backend_item == None %}
+{% elif value == None %}
{{ backend_string }}-{{ backend_item }}=
{% else %}
{{ backend_string }}-{{ backend_item }}={{ value | string }}
diff --git a/roles/PowerDNS.pdns/test-requirements.txt b/roles/PowerDNS.pdns/test-requirements.txt
index 1330df35bd4600ce4b31be56ddd8d689c67a64e2..be8d0d151f62caddea0e517b201c5831666cf14d 100644
--- a/roles/PowerDNS.pdns/test-requirements.txt
+++ b/roles/PowerDNS.pdns/test-requirements.txt
@@ -1,2 +1,7 @@
-molecule==2.11.0
-docker-py==1.10.6
+jinja2==2.11.3
+ansible-lint==5.0.7
+yamllint==1.26.1
+molecule[docker]==3.3.0
+molecule[lint]==3.3.0
+testinfra
+docker==5.0.0
diff --git a/roles/PowerDNS.pdns/tox.ini b/roles/PowerDNS.pdns/tox.ini
index affd064faa7b8e948a12847148b259457fedb193..6608f943eed8faf02aca9803eb1690bfc7eef873 100644
--- a/roles/PowerDNS.pdns/tox.ini
+++ b/roles/PowerDNS.pdns/tox.ini
@@ -1,22 +1,22 @@
[tox]
minversion = 1.8
-envlist = py{27}-ansible{22,23,24,25}
+envlist = ansible{29,210,211}
skipsdist = true
-[travis:env]
+[gh-actions:env]
ANSIBLE=
- 2.2: ansible22
- 2.3: ansible23
- 2.4: ansible24
- 2.5: ansible25
+ 2.9: ansible29
+ 2.10: ansible210
+ 2.11: ansible211
[testenv]
passenv = *
deps =
-rtest-requirements.txt
- ansible22: ansible<2.3
- ansible23: ansible<2.4
- ansible24: ansible<2.5
- ansible25: ansible<2.6
+ ansible29: ansible<2.10
+ ansible210: ansible<2.11
+ ansible211: ansible<2.12
+setenv =
+ PY_COLORS = 1
commands =
- {posargs:molecule test --all --destroy always}
+ {posargs:molecule -vv test --all --destroy always}
diff --git a/roles/PowerDNS.pdns/vars/Archlinux.yml b/roles/PowerDNS.pdns/vars/Archlinux.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8b887ab0fc397435abd1a6725e7d3366e0f30f03
--- /dev/null
+++ b/roles/PowerDNS.pdns/vars/Archlinux.yml
@@ -0,0 +1,19 @@
+---
+
+# The name of the PowerDNS package
+default_pdns_package_name: "powerdns"
+
+# List of PowerDNS Backends packages. Arch ships all backends in the main package
+default_pdns_backends_packages: {}
+
+# The directory where the PowerDNS configuration is located
+default_pdns_config_dir: '/etc/powerdns'
+
+# Packages to install for MySQL support
+pdns_mysql_packages:
+ - python-pymysql
+ - mariadb-clients
+
+# Other defaults
+pdns_user: powerdns
+pdns_group: powerdns
diff --git a/roles/PowerDNS.pdns/vars/Debian.yml b/roles/PowerDNS.pdns/vars/Debian.yml
index 4e5174db3aa3342a9519a71b9a0db58e5da74d27..3cf0821b86977608e9d7f586b3b20ca97be571e2 100644
--- a/roles/PowerDNS.pdns/vars/Debian.yml
+++ b/roles/PowerDNS.pdns/vars/Debian.yml
@@ -6,6 +6,12 @@ default_pdns_package_name: "pdns-server"
# The name of the PowerDNS Authoritative Server debug package
default_pdns_debug_symbols_package_name: "pdns-server-dbg"
+# Packages needed to install MySQL
+pdns_mysql_packages:
+ - default-mysql-client
+ - python-mysqldb
+ - python3-mysqldb
+
# List of PowerDNS Authoritative Server Backends packages on Debian
default_pdns_backends_packages:
geo: pdns-backend-geo
diff --git a/roles/PowerDNS.pdns/vars/RedHat-8.yml b/roles/PowerDNS.pdns/vars/RedHat-8.yml
new file mode 100644
index 0000000000000000000000000000000000000000..eeac155bfa58fa0f3d89b0697bb685c4aab4f17f
--- /dev/null
+++ b/roles/PowerDNS.pdns/vars/RedHat-8.yml
@@ -0,0 +1,33 @@
+---
+
+# The name of the PowerDNS Authoritative Server package
+default_pdns_package_name: "pdns"
+
+# Packages needed to install MySQL
+pdns_mysql_packages:
+ - mariadb
+ - mariadb-server
+ - mariadb-connector-c
+ - python3-PyMySQL
+ - perl-DBD-MySQL
+
+# The name of the PowerDNS Authoritative Server debug package
+default_pdns_debug_symbols_package_name: "pdns-debuginfo"
+
+# List of PowerDNS Authoritative Server backends packages on RedHat
+default_pdns_backends_packages:
+ geo: pdns-backend-geo
+ geoip: pdns-backend-geoip
+ gmysql: pdns-backend-mysql
+ gpgsql: pdns-backend-postgresql
+ gsqlite3: pdns-backend-sqlite
+ ldap: pdns-backend-ldap
+ lmdb: pdns-backend-lmdb
+ lua: pdns-backend-lua
+ mydns: pdns-backend-mydns
+ pipe: pdns-backend-pipe
+ remote: pdns-backend-remote
+ tinydns: pdns-backend-tinydns
+
+# The directory where the PowerDNS Authoritative Server configuration is located
+default_pdns_config_dir: "/etc/pdns"
diff --git a/roles/PowerDNS.pdns/vars/RedHat.yml b/roles/PowerDNS.pdns/vars/RedHat.yml
index 8729d54e82fcaadddcae890d03f1988667851c13..5e137805bd95c9bc5514d60498974b7b68e5c203 100644
--- a/roles/PowerDNS.pdns/vars/RedHat.yml
+++ b/roles/PowerDNS.pdns/vars/RedHat.yml
@@ -3,6 +3,11 @@
# The name of the PowerDNS Authoritative Server package
default_pdns_package_name: "pdns"
+# Packages needed to install MySQL
+pdns_mysql_packages:
+ - mysql
+ - MySQL-python
+
# The name of the PowerDNS Authoritative Server debug package
default_pdns_debug_symbols_package_name: "pdns-debuginfo"
diff --git a/roles/PowerDNS.pdns/vars/Ubuntu-20.yml b/roles/PowerDNS.pdns/vars/Ubuntu-20.yml
new file mode 100644
index 0000000000000000000000000000000000000000..cc79bb8650c0792a2eaac05228d336a4dc432d1f
--- /dev/null
+++ b/roles/PowerDNS.pdns/vars/Ubuntu-20.yml
@@ -0,0 +1,30 @@
+---
+
+# The name of the PowerDNS Authoritative Server package
+default_pdns_package_name: "pdns-server"
+
+# The name of the PowerDNS Authoritative Server debug package
+default_pdns_debug_symbols_package_name: "pdns-server-dbg"
+
+# Packages needed to install MySQL
+pdns_mysql_packages:
+ - default-mysql-client
+ - python3-pymysql
+
+# List of PowerDNS Authoritative Server Backends packages on Debian
+default_pdns_backends_packages:
+ geo: pdns-backend-geo
+ geoip: pdns-backend-geoip
+ gmysql: pdns-backend-mysql
+ gpgsql: pdns-backend-pgsql
+ gsqlite3: pdns-backend-sqlite3
+ ldap: pdns-backend-ldap
+ lmdb: pdns-backend-lmdb
+ lua: pdns-backend-lua
+ mydns: pdns-backend-mydns
+ pipe: pdns-backend-pipe
+ remote: pdns-backend-remote
+ tinydns: pdns-backend-tinydns
+
+# The directory where the PowerDNS Authoritative Server configuration is located
+default_pdns_config_dir: "/etc/powerdns"
diff --git a/roles/PowerDNS.pdns/vars/main.yml b/roles/PowerDNS.pdns/vars/main.yml
index 88797e79f9f845a6e1576775632b522c0b536d76..10ac8a0c77badbf472d63e45a4964336ddeb59d3 100644
--- a/roles/PowerDNS.pdns/vars/main.yml
+++ b/roles/PowerDNS.pdns/vars/main.yml
@@ -9,20 +9,26 @@ pdns_auth_powerdns_repo_master:
yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-master/debug"
name: "powerdns-auth-master"
-pdns_auth_powerdns_repo_40:
+pdns_auth_powerdns_repo_43:
apt_repo_origin: "repo.powerdns.com"
- apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-40 main"
+ apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-43 main"
gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc"
gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB"
- yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-40"
- yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-40/debug"
- name: "powerdns-auth-40"
+ yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-43"
+ yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-43/debug"
+ name: "powerdns-auth-43"
-pdns_auth_powerdns_repo_41:
+pdns_auth_powerdns_repo_44:
apt_repo_origin: "repo.powerdns.com"
- apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-41 main"
+ apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-44 main"
gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc"
gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB"
- yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-41"
- yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-41/debug"
- name: "powerdns-auth-41"
+ yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-44"
+ yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-44/debug"
+ name: "powerdns-auth-44"
+
+default_pdns_service_overrides: >-
+ {{ { 'User' : pdns_user
+ , 'Group' : pdns_group
+ }
+ }}
diff --git a/roles/PowerDNS.setup/tasks/main.yml b/roles/PowerDNS.setup/tasks/main.yml
index dc7ad573205a9d88d9a1b1daf58a2bd7ff075460..b58990e049b74df51e754bc74d4eae3ce065f58d 100644
--- a/roles/PowerDNS.setup/tasks/main.yml
+++ b/roles/PowerDNS.setup/tasks/main.yml
@@ -25,7 +25,7 @@
- name: Start the MySQL service on RedHat
- sudo: yes
+ become: true
service:
name: mariadb
state: started
@@ -39,11 +39,11 @@
with_items:
- mysql-server
- mysql-client
- - python-mysqldb
+ - python3-mysqldb
when: ansible_os_family == 'Debian'
- name: Start the MySQL service on Debian
- sudo: yes
+ become: true
service:
name: mysql
state: started