From f038f45d83a123b164146b33720ff211d68ae0c9 Mon Sep 17 00:00:00 2001
From: Fulvio Galeazzi <fulvio.galeazzi@garr.it>
Date: Fri, 22 Oct 2021 17:21:23 +0200
Subject: [PATCH] 2021-10-22: FG; Likely to work version, based on Ubuntu 20
and installing PowerDNS v4.4.
---
README.md | 2 +-
group_vars/dnsauth.template | 1 +
group_vars/dnsauthmaster.template | 4 +-
playbooks/manageDnsAuth.yml | 1 -
roles/PowerDNS.admin/tasks/main.yml | 4 +-
roles/PowerDNS.pdns/.flake8 | 2 -
.../PowerDNS.pdns/.github/workflows/main.yml | 36 ++
roles/PowerDNS.pdns/.gitignore | 1 +
roles/PowerDNS.pdns/.travis.yml | 30 --
roles/PowerDNS.pdns/.yamllint | 26 +-
roles/PowerDNS.pdns/CHANGELOG.md | 124 +++++
roles/PowerDNS.pdns/README.md | 484 ++++++++++--------
roles/PowerDNS.pdns/defaults/main.yml | 83 +--
roles/PowerDNS.pdns/handlers/main.yml | 8 -
roles/PowerDNS.pdns/meta/.galaxy_install_info | 3 +-
roles/PowerDNS.pdns/meta/main.yml | 18 +-
.../playbook.yml => pdns-43/converge.yml} | 2 +-
.../molecule/pdns-43/molecule.yml | 88 ++++
.../molecule/pdns-44/converge.yml | 9 +
.../molecule/pdns-44/molecule.yml | 104 ++++
.../{playbook.yml => converge.yml} | 0
.../molecule/pdns-master/molecule.yml | 60 +--
.../molecule/pdns-os-repos/converge.yml | 7 +
.../{pdns-41 => pdns-os-repos}/molecule.yml | 63 +--
.../resources/Dockerfile.archlinux-systemd.j2 | 27 +
.../resources/Dockerfile.centos-systemd.j2 | 3 +-
.../resources/Dockerfile.debian-systemd.j2 | 5 +-
.../molecule/resources/create.yml | 16 +-
.../molecule/resources/host_vars/centos-8.yml | 3 +
.../resources/host_vars/debian-10.yml | 4 +
.../resources/host_vars/ubuntu-2004.yml | 3 +
.../molecule/resources/prepare.yml | 10 +-
.../resources/tests/all/test_common.py | 17 +-
.../tests/backend-mysql/test_backend_mysql.py | 31 +-
.../backend-sqlite/test_backend_sqlite.py | 22 +-
.../resources/tests/repo-41/test_repo_41.py | 32 --
.../resources/tests/repo-43/test_repo_43.py | 44 ++
.../resources/tests/repo-44/test_repo_44.py | 44 ++
.../tests/repo-master/test_repo_master.py | 14 +-
.../systemd-no-override/test_override.py | 7 +
.../tests/systemd-override/test_override.py | 10 +
.../molecule/resources/vars/molecule.yml | 5 +-
.../molecule/resources/vars/pdns-common.yml | 3 +
.../resources/vars/pdns-no-overrides.yml | 26 +
.../molecule/resources/vars/pdns-os-repos.yml | 5 +
.../molecule/resources/vars/pdns-repo-41.yml | 7 -
.../molecule/resources/vars/pdns-repo-43.yml | 7 +
.../molecule/resources/vars/pdns-repo-44.yml | 7 +
.../systemd-no-overrides/converge.yml | 7 +
.../systemd-no-overrides/molecule.yml | 56 ++
roles/PowerDNS.pdns/requirements.yml | 3 +
roles/PowerDNS.pdns/tasks/configure.yml | 60 ++-
roles/PowerDNS.pdns/tasks/database-lmdb.yml | 10 +
roles/PowerDNS.pdns/tasks/database-mysql.yml | 64 +--
.../PowerDNS.pdns/tasks/database-sqlite3.yml | 52 +-
roles/PowerDNS.pdns/tasks/inspect.yml | 9 +-
roles/PowerDNS.pdns/tasks/install.yml | 22 +-
roles/PowerDNS.pdns/tasks/main.yml | 34 +-
roles/PowerDNS.pdns/tasks/repo-Debian.yml | 17 +-
roles/PowerDNS.pdns/tasks/repo-RedHat.yml | 12 +-
roles/PowerDNS.pdns/tasks/selinux.yml | 14 +
.../override-service.systemd.conf.j2 | 7 +
roles/PowerDNS.pdns/templates/pdns.conf.j2 | 16 +-
roles/PowerDNS.pdns/test-requirements.txt | 9 +-
roles/PowerDNS.pdns/tox.ini | 22 +-
roles/PowerDNS.pdns/vars/Archlinux.yml | 19 +
roles/PowerDNS.pdns/vars/Debian.yml | 6 +
roles/PowerDNS.pdns/vars/RedHat-8.yml | 33 ++
roles/PowerDNS.pdns/vars/RedHat.yml | 5 +
roles/PowerDNS.pdns/vars/Ubuntu-20.yml | 30 ++
roles/PowerDNS.pdns/vars/main.yml | 26 +-
roles/PowerDNS.setup/tasks/main.yml | 6 +-
72 files changed, 1453 insertions(+), 598 deletions(-)
delete mode 100644 roles/PowerDNS.pdns/.flake8
create mode 100644 roles/PowerDNS.pdns/.github/workflows/main.yml
delete mode 100644 roles/PowerDNS.pdns/.travis.yml
create mode 100644 roles/PowerDNS.pdns/CHANGELOG.md
delete mode 100644 roles/PowerDNS.pdns/handlers/main.yml
rename roles/PowerDNS.pdns/molecule/{pdns-41/playbook.yml => pdns-43/converge.yml} (78%)
create mode 100644 roles/PowerDNS.pdns/molecule/pdns-43/molecule.yml
create mode 100644 roles/PowerDNS.pdns/molecule/pdns-44/converge.yml
create mode 100644 roles/PowerDNS.pdns/molecule/pdns-44/molecule.yml
rename roles/PowerDNS.pdns/molecule/pdns-master/{playbook.yml => converge.yml} (100%)
create mode 100644 roles/PowerDNS.pdns/molecule/pdns-os-repos/converge.yml
rename roles/PowerDNS.pdns/molecule/{pdns-41 => pdns-os-repos}/molecule.yml (54%)
create mode 100644 roles/PowerDNS.pdns/molecule/resources/Dockerfile.archlinux-systemd.j2
create mode 100644 roles/PowerDNS.pdns/molecule/resources/host_vars/centos-8.yml
create mode 100644 roles/PowerDNS.pdns/molecule/resources/host_vars/debian-10.yml
create mode 100644 roles/PowerDNS.pdns/molecule/resources/host_vars/ubuntu-2004.yml
delete mode 100644 roles/PowerDNS.pdns/molecule/resources/tests/repo-41/test_repo_41.py
create mode 100644 roles/PowerDNS.pdns/molecule/resources/tests/repo-43/test_repo_43.py
create mode 100644 roles/PowerDNS.pdns/molecule/resources/tests/repo-44/test_repo_44.py
create mode 100644 roles/PowerDNS.pdns/molecule/resources/tests/systemd-no-override/test_override.py
create mode 100644 roles/PowerDNS.pdns/molecule/resources/tests/systemd-override/test_override.py
create mode 100644 roles/PowerDNS.pdns/molecule/resources/vars/pdns-no-overrides.yml
create mode 100644 roles/PowerDNS.pdns/molecule/resources/vars/pdns-os-repos.yml
delete mode 100644 roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-41.yml
create mode 100644 roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-43.yml
create mode 100644 roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-44.yml
create mode 100644 roles/PowerDNS.pdns/molecule/systemd-no-overrides/converge.yml
create mode 100644 roles/PowerDNS.pdns/molecule/systemd-no-overrides/molecule.yml
create mode 100644 roles/PowerDNS.pdns/requirements.yml
create mode 100644 roles/PowerDNS.pdns/tasks/database-lmdb.yml
create mode 100644 roles/PowerDNS.pdns/tasks/selinux.yml
create mode 100644 roles/PowerDNS.pdns/templates/override-service.systemd.conf.j2
create mode 100644 roles/PowerDNS.pdns/vars/Archlinux.yml
create mode 100644 roles/PowerDNS.pdns/vars/RedHat-8.yml
create mode 100644 roles/PowerDNS.pdns/vars/Ubuntu-20.yml
diff --git a/README.md b/README.md
index d51ab7c..fcdf5d9 100644
--- a/README.md
+++ b/README.md
@@ -37,7 +37,7 @@ List of servers is kept in `inventory` file. I basically use three hostgroups:
Pre-requisites
--------------
-Start from bare Ubuntu 16.04 machines:
+Start from bare Ubuntu 20.04 machines:
- apt-get purge cloud-init
The package should also work with CentOS 7 servers, but I may have not checked
diff --git a/group_vars/dnsauth.template b/group_vars/dnsauth.template
index 8ba4a3d..b4bb7af 100644
--- a/group_vars/dnsauth.template
+++ b/group_vars/dnsauth.template
@@ -13,6 +13,7 @@ pdns_config:
local-address: "{{ local_address }}"
default-soa-name: dns.example.com
disable-axfr: yes
+ dnsupdate: yes
allow-dnsupdate-from: 8.8.8.101/32
log-dns-details: on
loglevel: 3
diff --git a/group_vars/dnsauthmaster.template b/group_vars/dnsauthmaster.template
index 3161ea8..3642577 100644
--- a/group_vars/dnsauthmaster.template
+++ b/group_vars/dnsauthmaster.template
@@ -9,14 +9,16 @@ pdns_config:
daemon: yes
guardian: yes
master: "{{ dns_master }}"
- slave: false
+ slave: true
local-address: "{{ local_address }}"
default-soa-name: dns.example.com
disable-axfr: no
+ dnsupdate: yes
allow-axfr-ips: 8.8.8.101/32,8.8.8.102
log-dns-details: on
loglevel: 3
slave-cycle-interval: 60
+ slave-renotify: true
api: yes
api-key: ch4ng3M3s00n
webserver: yes
diff --git a/playbooks/manageDnsAuth.yml b/playbooks/manageDnsAuth.yml
index 046f88f..bb49a8f 100644
--- a/playbooks/manageDnsAuth.yml
+++ b/playbooks/manageDnsAuth.yml
@@ -1,4 +1,3 @@
-
- hosts: dnsauth
become: True
roles:
diff --git a/roles/PowerDNS.admin/tasks/main.yml b/roles/PowerDNS.admin/tasks/main.yml
index dccb22b..981fe2b 100644
--- a/roles/PowerDNS.admin/tasks/main.yml
+++ b/roles/PowerDNS.admin/tasks/main.yml
@@ -106,7 +106,7 @@
when: ansible_os_family == 'Debian'
- name: Start the MySQL service on RedHat
- sudo: yes
+ become: true
service:
name: mariadb
state: started
@@ -114,7 +114,7 @@
when: ansible_os_family == 'RedHat'
- name: Start the MySQL service on Debian
- sudo: yes
+ become: true
service:
name: mysql
state: started
diff --git a/roles/PowerDNS.pdns/.flake8 b/roles/PowerDNS.pdns/.flake8
deleted file mode 100644
index e44b810..0000000
--- a/roles/PowerDNS.pdns/.flake8
+++ /dev/null
@@ -1,2 +0,0 @@
-[flake8]
-ignore = E501
diff --git a/roles/PowerDNS.pdns/.github/workflows/main.yml b/roles/PowerDNS.pdns/.github/workflows/main.yml
new file mode 100644
index 0000000..1efa80d
--- /dev/null
+++ b/roles/PowerDNS.pdns/.github/workflows/main.yml
@@ -0,0 +1,36 @@
+---
+on:
+ push:
+ pull_request:
+
+jobs:
+ Tests:
+ name: Test role on different ansible versions
+ runs-on: ubuntu-20.04
+ strategy:
+ matrix:
+ ansible:
+ - '2.9'
+ - '2.10'
+ - '2.11'
+ scenario:
+ - pdns-43
+ - pdns-44
+ - pdns-master
+ - pdns-os-repos
+ - systemd-no-overrides
+ steps:
+ - name: checkout
+ uses: actions/checkout@v2
+ - name: Install python
+ uses: actions/setup-python@v2
+ with:
+ python-version: 3.6
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install tox tox-gh-actions
+ - name: Run the tests
+ run: tox -- molecule test -s ${{ matrix.scenario }}
+ env:
+ ANSIBLE: ${{ matrix.ansible }}
diff --git a/roles/PowerDNS.pdns/.gitignore b/roles/PowerDNS.pdns/.gitignore
index 4dc24ae..b31443c 100644
--- a/roles/PowerDNS.pdns/.gitignore
+++ b/roles/PowerDNS.pdns/.gitignore
@@ -1,5 +1,6 @@
### Ansible ###
*.retry
+.ansible_cache
### Python ###
# Byte-compiled / optimized / DLL files
diff --git a/roles/PowerDNS.pdns/.travis.yml b/roles/PowerDNS.pdns/.travis.yml
deleted file mode 100644
index b547b20..0000000
--- a/roles/PowerDNS.pdns/.travis.yml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-
-language: python
-python: 2.7
-
-sudo: required
-
-# Enable the docker service
-services:
- - docker
-
-# Parallel testing of the supported
-# Ansible versions
-env:
- matrix:
- - ANSIBLE=2.2
- - ANSIBLE=2.3
- - ANSIBLE=2.4
- - ANSIBLE=2.5
-
-# Install tox
-install:
- - pip install tox-travis
-
-# Test the current PowerDNS Authoritative Server stable release
-script:
- - tox -- molecule test -s pdns-41
-
-notifications:
- webhooks: https://galaxy.ansible.com/api/v1/notifications/
diff --git a/roles/PowerDNS.pdns/.yamllint b/roles/PowerDNS.pdns/.yamllint
index 3a2255e..8827676 100644
--- a/roles/PowerDNS.pdns/.yamllint
+++ b/roles/PowerDNS.pdns/.yamllint
@@ -1,3 +1,5 @@
+---
+# Based on ansible-lint config
extends: default
rules:
@@ -7,7 +9,25 @@ rules:
brackets:
max-spaces-inside: 1
level: error
+ colons:
+ max-spaces-after: -1
+ level: error
+ commas:
+ max-spaces-after: -1
+ level: error
+ comments: disable
+ comments-indentation: disable
+ document-start: disable
+ empty-lines:
+ max: 3
+ level: error
+ hyphens:
+ level: error
+ indentation: disable
+ key-duplicates: enable
line-length: disable
- # NOTE(retr0h): Templates no longer fail this lint rule.
- # Uncomment if running old Molecule templates.
- # truthy: disable
+ new-line-at-end-of-file: disable
+ new-lines:
+ type: unix
+ trailing-spaces: disable
+ truthy: disable
diff --git a/roles/PowerDNS.pdns/CHANGELOG.md b/roles/PowerDNS.pdns/CHANGELOG.md
new file mode 100644
index 0000000..5013113
--- /dev/null
+++ b/roles/PowerDNS.pdns/CHANGELOG.md
@@ -0,0 +1,124 @@
+## v1.7.0 (2021-07-01)
+
+NEW FEATURES:
+- Create directory, set the ownership and permissions for LMDB databases ([\#95](https://github.com/PowerDNS/pdns-ansible/pull/95))
+- Add database schema file detection on the target system with override possibility ([\#100](https://github.com/PowerDNS/pdns-ansible/pull/100))
+- Add 4.4 repositories ([\#91](https://github.com/PowerDNS/pdns-ansible/pull/91))
+
+IMPROVEMENTS:
+- Use systemd task option `daemon_reload` instead of command task ([\#90](https://github.com/PowerDNS/pdns-ansible/pull/90))
+
+REMOVED FEATURES:
+- Drop EL6 support ([\#91](https://github.com/PowerDNS/pdns-ansible/pull/91), [\#94](https://github.com/PowerDNS/pdns-ansible/pull/94))
+- Remove 4.1 and 4.2 repositories ([\#101](https://github.com/PowerDNS/pdns-ansible/pull/101))
+
+BUG FIXES:
+- Re-instate molecule tests ([\#100](https://github.com/PowerDNS/pdns-ansible/pull/100))
+
+## v1.6.1 (2020-10-01)
+
+BUG FIXES:
+- Ensure install does not fail when no overrides are defined ([\#85](https://github.com/PowerDNS/pdns-ansible/pull/85))
+- Ensure that `ExecStart` is overridden, not appended to ([\#86](https://github.com/PowerDNS/pdns-ansible/pull/86))
+
+## v1.6.0 (2020-09-18)
+
+BUG FIXES:
+- Fix path to MySQL schema for Debian 10 ([\#73](https://github.com/PowerDNS/pdns-ansible/pull/73))
+
+IMPROVEMENTS:
+- Allow loading apt key from the ansible server ([\#75](https://github.com/PowerDNS/pdns-ansible/pull/75))
+- CentOS 8 support ([\#74](https://github.com/PowerDNS/pdns-ansible/pull/74), [\#81](https://github.com/PowerDNS/pdns-ansible/pull/81))
+- Archlinux support ([\#76](https://github.com/PowerDNS/pdns-ansible/pull/76))
+- Set the ownership and permissions for config files and databases ([\#82](https://github.com/PowerDNS/pdns-ansible/pull/82))
+- Ensure PowerDNS is started as an unprivileged user by default (in line with PowerDNS 4.3+ behaviour)
+
+## v1.5.0 (2019-12-11)
+
+BUG FIXES:
+- - Fix the restart of the PowerDNS service in case of instances with different `pdns_service_name` being configured in the same play ([\#70](https://github.com/PowerDNS/pdns-ansible/pull/70))
+
+IMPROVEMENTS:
+- Add support to the PowerDNS 4.3.x release ([\#69](https://github.com/PowerDNS/pdns-ansible/pull/69))
+- Add support to the PowerDNS 4.2.x release ([\#61](https://github.com/PowerDNS/pdns-ansible/pull/61))
+- Install missing SQLite packages ([\#69](https://github.com/PowerDNS/pdns-ansible/pull/69))
+- Improved PowerDNS configuration files and directories permissions handling ([\#69](https://github.com/PowerDNS/pdns-ansible/pull/69))
+- Stop interpreting 0 & 1 as no & yes in the PowerDNS configuration template ([\#68](https://github.com/PowerDNS/pdns-ansible/pull/68))
+- Fix some strings comparisons and variable types issues reported by ansible-lint ([\#66](https://github.com/PowerDNS/pdns-ansible/pull/66))
+- Update the CI infrastructure to test the role against the Ansible 2.7, 2.8 and 2.9 releases ([\#67](https://github.com/PowerDNS/pdns-ansible/pull/67))
+- Update the CI infrastructure to stop testing against an EOL Ubuntu release ([\#62](https://github.com/PowerDNS/pdns-ansible/pull/62))
+
+## v1.4.0 (2018-12-02)
+
+BUG FIXES:
+- Fix handling of lists expansion in the PowerDNS configuration template ([\#55](https://github.com/PowerDNS/pdns-ansible/pull/55))
+
+NEW FEATURES:
+- Allow to disable automated restart of the service on configuration changes ([\#54](https://github.com/PowerDNS/pdns-ansible/pull/54))
+
+## v1.3.0 (2018-07-13)
+
+NEW FEATURES:
+- Add support to systemd overrides definitions ([\#53](https://github.com/PowerDNS/pdns-ansible/pull/53))
+
+IMPROVEMENTS:
+- Implement stricter `pdns_config_dir` and `pdns_config['include-dir']` folders permissions ([\#53](https://github.com/PowerDNS/pdns-ansible/pull/53))
+- Improved documentation ([\#52](https://github.com/PowerDNS/pdns-ansible/pull/52))
+- Update the CI infrastructure to use molecule 2.14.0 ([\#51](https://github.com/PowerDNS/pdns-ansible/pull/51))
+- Improved test coverage of systemd support ([\#49](https://github.com/PowerDNS/pdns-ansible/pull/49))
+
+## v1.2.1 (2018-04-06)
+
+BUG FIXES:
+- Fix the name of the PostgreSQL backend on RHEL
+
+## v1.2.0 (2018-04-05)
+
+NEW FEATURES:
+- Allow to install PowerDNS debug packages ([\#47](https://github.com/PowerDNS/pdns-ansible/pull/47))
+
+IMPROVEMENTS:
+- Improved test-suite ([\#47](https://github.com/PowerDNS/pdns-ansible/pull/47))
+- Improved config files permissions handling ([\#45](https://github.com/PowerDNS/pdns-ansible/pull/45))
+
+## v1.1.0 (2017-11-25)
+
+IMPROVEMENTS:
+- Implement testing against multiple ansible versions with tox ([\#43](https://github.com/PowerDNS/pdns-ansible/pull/43))
+
+BUG FIXES:
+- Fixed test cases and hardened file permissions ([\#42](https://github.com/PowerDNS/pdns-ansible/pull/42))
+
+## v1.0.0 (2017-10-27)
+
+IMPROVEMENTS:
+- Implement sorting of the configuration options ([\#35](https://github.com/PowerDNS/pdns-ansible/pull/35), [\#37](https://github.com/PowerDNS/pdns-ansible/pull/37))
+
+BUG FIXES:
+- Fix the logic handling the different packages versions for Debian and CentOS ([\#43](https://github.com/PowerDNS/pdns-ansible/pull/43))
+- Fix a few typos in the README file ([\#39](https://github.com/PowerDNS/pdns-ansible/pull/39))
+
+## v0.1.1 (2017-10-10)
+
+NEW FEATURES:
+- Allow to pin the PowerDNS version to be installed ([\#34](https://github.com/PowerDNS/pdns-ansible/pull/34))
+
+IMPROVEMENTS:
+- Add support to the PowerDNS 4.1.x release ([\#33](https://github.com/PowerDNS/pdns-ansible/pull/33))
+- Fixing minor linter issues with whitespace ([\#30](https://github.com/PowerDNS/pdns-ansible/pull/30))
+
+BUG FIXES:
+- Fix Ubuntu APT repositories pinning ([\#32](https://github.com/PowerDNS/pdns-ansible/pull/32))
+
+## v0.1.0 (2017-06-27)
+
+Initial release.
+
+NEW FEATURES:
+- MySQL and SQLite databases initialization
+- PowerDNS installation and configuration with RHEL/CentOS and Debian/Ubuntu support
+- Continuous testing with TravisCI
+
+IMPROVEMENTS:
+- Switch to the MIT License ([\#27](https://github.com/PowerDNS/pdns-ansible/pull/27))
+- Overall role refactoring ([\#28](https://github.com/PowerDNS/pdns-ansible/pull/28))
diff --git a/roles/PowerDNS.pdns/README.md b/roles/PowerDNS.pdns/README.md
index e7f08c1..992ffe4 100644
--- a/roles/PowerDNS.pdns/README.md
+++ b/roles/PowerDNS.pdns/README.md
@@ -1,288 +1,341 @@
-PowerDNS Authoritative DNS Server Role
-======================================
+# Ansible Role: PowerDNS Authoritative Server
-[](https://travis-ci.org/PowerDNS/pdns-ansible)
-[](https://galaxy.ansible.com/PowerDNS/pdns)
+[](https://github.com/PowerDNS/pdns-ansible)
+[](https://opensource.org/licenses/MIT)
+[](https://galaxy.ansible.com/PowerDNS/pdns)
+[](https://github.com/PowerDNS/pdns-ansible/tags)
-An Ansible role created by the folks behind PowerDNS to install and configure
-the PowerDNS Authoritative Server.
+An Ansible role created by the folks behind PowerDNS to setup the [PowerDNS Authoritative Server](https://docs.powerdns.com/authoritative/).
-Requirements
-------------
+## Requirements
-An Ansible 2.2 or higher installation.
+An Ansible 2.9 or higher installation.
-Role Variables
---------------
+## Dependencies
-Available variables are listed below, along with their default values (see `defaults/main.yml`):
-
- pdns_install_repo: ""
-
-By default, no PowerDNS Authoritative Server repository will be configured by this role.
-You can install the PowerDNS Authoritative Server packages from the official PowerDNS
-repository overriding the `pdns_install_repo` variable as follows:
-
- # Install the PowerDNS Authoritative Server from the 'master' official repository
- - hosts: all
- roles:
- - { role: PowerDNS.pdns,
- pdns_install_repo: "{{ pdns_auth_powerdns_repo_master }}"
-
- # Install the PowerDNS Authoritative Server from the '4.0.x' official repository
- - hosts: all
- roles:
- - { role: PowerDNS.pdns,
- pdns_install_repo: "{{ pdns_auth_powerdns_repo_40 }}"
-
- # Install the PowerDNS Authoritative Server from the '4.1.x' official repository
- - hosts: all
- roles:
- - { role: PowerDNS.pdns,
- pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"
+None.
-The completed lists of the available pre-configured repositories is available in the `vars/main.yml` file.
+## Role Variables
-To install the PowerDNS Authoritative Server from a custom repositories follow the instructions below
-
- - hosts: all
- vars:
- pdns_install_repo:
- apt_repo_origin: "my.repo.com" # Pin the PowerDNS packages to the provided repository origin
- apt_repo: "deb http://my.repo.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns main"
- gpg_key: "http://my.repo.com/MYREPOGPGPUBKEY.asc" # repository public GPG key
- gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed
- yum_repo_baseurl: "http://my.repo.com/centos/$basearch/$releasever/pdns"
- yum_debug_symbols_repo_baseurl: "http://my.repo.com/centos/$basearch/$releasever/pdns/debug"
- name: "powerdns" # the name of the repository
- roles:
- - { role: PowerDNS.pdns }
+Available variables are listed below, along with their default values (see `defaults/main.yml`):
-Note that not all the keys of the `pdns_install_repo` dictionary are required. i.e., if the target hosts are running on Debian it's not necessary to provide the yum repository information.
+```yaml
+pdns_install_repo: ""
+```
- pdns_install_epel: True
+By default, the PowerDNS Authoritative Server is installed from the software repositories configured on the target hosts.
-On RedHat-like systems, this role configures EPEL by default.
-EPEL is needed to satisfy some PowerDNS dependencies like `protobuf`.
-To skip EPEL installation set `pdns_install_epel` to `False`.
+```yaml
+# Install the PowerDNS Authoritative Server from the 'master' official repository
+- hosts: all
+ roles:
+ - { role: PowerDNS.pdns,
+ pdns_install_repo: "{{ pdns_auth_powerdns_repo_master }}"
- pdns_package_name: "{{ default_pdns_package_name }}"
+# Install the PowerDNS Authoritative Server from the '4.3.x' official repository
+- hosts: all
+ roles:
+ - { role: PowerDNS.pdns,
+ pdns_install_repo: "{{ pdns_auth_powerdns_repo_43 }}"
+
+# Install the PowerDNS Authoritative Server from the '4.4.x' official repository
+- hosts: all
+ roles:
+ - { role: PowerDNS.pdns,
+ pdns_install_repo: "{{ pdns_auth_powerdns_repo_44 }}"
+```
+
+The examples above, show how to install the PowerDNS Authoritative Server from the official PowerDNS repositories
+(see the complete list of pre-defined repos in `vars/main.yml`).
+
+```yaml
+- hosts: all
+ vars:
+ pdns_install_repo:
+ name: "powerdns" # the name of the repository
+ apt_repo_origin: "example.com" # used to pin the PowerDNS packages to the provided repository
+ apt_repo: "deb http://example.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns main"
+ gpg_key: "http://example.com/MYREPOGPGPUBKEY.asc" # repository public GPG key
+ gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed
+ yum_repo_baseurl: "http://example.com/centos/$basearch/$releasever/pdns"
+ yum_debug_symbols_repo_baseurl: "http://example.com/centos/$basearch/$releasever/pdns/debug"
+ roles:
+ - { role: PowerDNS.pdns }
+```
+
+It is also possible to install the PowerDNS Authoritative Server from custom repositories as demonstrated in the example above.
+**Note:** These repositories are ignored on Arch Linux
+
+```yaml
+ pdns_install_epel: True
+```
+
+By default, install EPEL to satisfy some PowerDNS Authoritative Server dependencies like `protobuf`.
+To skip the installtion of EPEL set `pdns_install_epel` to `False`.
+
+```yaml
+pdns_package_name: "{{ default_pdns_package_name }}"
+```
The name of the PowerDNS Authoritative Server package, `pdns` on RedHat-like systems and `pdns-server` on Debian-like systems.
- pdns_package_version: ""
+```yaml
+pdns_package_version: ""
+```
-Install the PowerDNS Authoritative Server debug symbols.
+Optionally, allow to set a specific version of the PowerDNS Authoritative Server package to be installed.
- pdns_install_debug_symbols_package: False
+```yaml
+pdns_install_debug_symbols_package: False
+```
-The name of the PowerDNS Authoritative Server debug package, `pdns-debuginfo` on RedHat-like systems and `pdns-server-dbg` on Debian-like systems.
+Install the PowerDNS Authoritative Server debug symbols.
- pdns_debug_symbols_package_name: "{{ default_pdns_debug_symbols_package_name }}"
+```yaml
+pdns_debug_symbols_package_name: "{{ default_pdns_debug_symbols_package_name }}"
+```
-The version of the PowerDNS Authoritative Server package to be installed. <br />
-**NOTE:** The usage of this variable makes only sense on RedHat-like systems, where each YUM repository can contains multiple versions of the same package.
-For that reason, we highly recommend to not override the default value on Debian.
+The name of the PowerDNS Authoritative Server debug package to be installed when `pdns_install_debug_symbols_package` is `True`,
+`pdns-debuginfo` on RedHat-like systems and `pdns-server-dbg` on Debian-like systems.
- pdns_user: pdns
- pdns_group: pdns
+```yaml
+pdns_user: pdns
+pdns_group: pdns
+```
-The user and group the PowerDNS Authoritative Server process will run as.
+The user and group the PowerDNS Authoritative Server process will run as. <br />
**NOTE**: This role does not create the user or group as we assume that they've been created
by the package or other roles.
- pdns_service_name: "pdns"
+```yaml
+pdns_service_name: "pdns"
+```
Name of the PowerDNS service.
- pdns_flush_handlers: False
+```yaml
+pdns_service_state: "started"
+pdns_service_enabled: "yes"
+```
+
+Allow to specify the desired state of the PowerDNS Authoritative Server service.
-Force the execution of the handlers at the end of the role. <br />
-**NOTE:** This is required if using this role to configure multiple PowerDNS instances in the same play.
-See PowerDNS Authoritative Server virtual hosting https://doc.powerdns.com/md/authoritative/running/#starting-virtual-instances-with-system.
+```yaml
+pdns_disable_handlers: False
+```
- pdns_config_dir: "{{ default_pdns_config_dir }}"
- pdns_config_file: "pdns.conf"
+Disable automated service restart on configuration changes.
+
+```yaml
+pdns_config_dir: "{{ default_pdns_config_dir }}"
+pdns_config_file: "pdns.conf"
+```
PowerDNS Authoritative Server configuration file and directory.
- pdns_config: {}
+```yaml
+pdns_config: {}
+```
-A dict containing the PowerDNS Authoritative Server configuration. <br />
+Dictionary containing the PowerDNS Authoritative Server configuration. <br />
**NOTE:** The PowerDNS backends configuration and the `config-dir`, `setuid` and `setgid` directives must be configured through the `pdns_user`, `pdns_group` and `pdns_backends` role variables (see `templates/pdns.conf.j2`).
For example:
- pdns_config:
- master: yes
- slave: no
- local-address: '192.0.2.53'
- local-ipv6: '2001:DB8:1::53'
- local-port: '5300'
+```yaml
+pdns_config:
+ master: yes
+ slave: no
+ local-address: '192.0.2.53'
+ local-ipv6: '2001:DB8:1::53'
+ local-port: '5300'
+```
configures PowerDNS Authoritative Server to listen incoming DNS requests on port 5300.
- pdns_backends:
- bind:
- config: '/dev/null'
+```yaml
+pdns_service_overrides:
+ User: {{ pdns_user }}
+ Group: {{ pdns_group }}
+```
+
+Dict with overrides for the service (systemd only).
+This can be used to change any systemd settings in the `[Service]` category.
-A dict with all the backends you'd like to enable. You can use
+```yaml
+pdns_backends:
+ bind:
+ config: '/dev/null'
+```
+
+Dictionary declaring all the backends you'd like to enable. You can use
multiple backends of the same kind by using the `{backend}:{instance_name}` syntax.
For example:
- pdns_backends:
- 'gmysql:one':
- 'user': root
- 'host': 127.0.0.1
- 'password': root
- 'dbname': pdns
- 'gmysql:two':
- 'user': pdns_user
- 'host': 192.0.2.15
- 'password': my_password
- 'dbname': dns
- 'bind':
- 'config': '/etc/named/named.conf'
- 'hybrid': yes
- 'dnssec-db': '{{ pdns_config_dir }}/dnssec.db'
+```yaml
+pdns_backends:
+ 'gmysql:one':
+ 'user': root
+ 'host': 127.0.0.1
+ 'password': root
+ 'dbname': pdns
+ 'gmysql:two':
+ 'user': pdns_user
+ 'host': 192.0.2.15
+ 'password': my_password
+ 'dbname': dns
+ 'bind':
+ 'config': '/etc/named/named.conf'
+ 'hybrid': yes
+ 'dnssec-db': '{{ pdns_config_dir }}/dnssec.db'
+```
By default this role starts just the bind-backend with an empty config file.
- pdns_mysql_databases_credentials: {}
+```yaml
+pdns_mysql_databases_credentials: {}
+```
Administrative credentials for the MySQL backend used to create the PowerDNS Authoritative Server databases and users.
For example:
- pdns_mysql_databases_credentials:
- 'gmysql:one':
- 'priv_user': root
- 'priv_password': my_first_password
- 'priv_host':
- - "localhost"
- - "%"
- 'gmysql:two':
- 'priv_user': someprivuser
- 'priv_password': my_second_password
- 'priv_host':
- - "localhost"
-
-Notice that this must only containes the credentials
+```yaml
+pdns_mysql_databases_credentials:
+ 'gmysql:one':
+ 'priv_user': root
+ 'priv_password': my_first_password
+ 'priv_host':
+ - "localhost"
+ - "%"
+ 'gmysql:two':
+ 'priv_user': someprivuser
+ 'priv_password': my_second_password
+ 'priv_host':
+ - "localhost"
+```
+
+Notice that this must only contain the credentials
for the `gmysql` backends provided in `pdns_backends`.
- pdns_sqlite_databases_locations: []
+```yaml
+pdns_sqlite_databases_locations: []
+```
Locations of the SQLite3 databases that have to be created if using the
`gsqlite3` backend.
-Example Playbooks
------------------
+```yaml
+pdns_lmdb_databases_locations: []
+```
-Run as a master using the bind backend (when you already have a `named.conf` file):
+Locations of the LMDB databases that have to be created if using the
+`lmdb` backend.
- - hosts: ns1.example.net
- roles:
- - { role: PowerDNS.pdns }
- vars:
- pdns_config:
- master: true
- local-address: '192.0.2.53'
- pdns_backends:
- bind:
- config: '/etc/named/named.conf'
-
-
-Install the latest 'master' build of PowerDNS Authoritative Server and enable the MySQL backend:
-
- - hosts: ns2.example.net
- roles:
- - { role: PowerDNS.pdns }
- vars:
- pdns_config:
- master: true
- local-address: '192.0.2.54'
- pdns_backends:
- gmysql:
- host: 192.0.2.120
- port: 3306
- user: powerdns
- password: P0w3rDn5
- dbname: pdns
- pdns_install_repo: "{{ pdns_auth_powerdns_repo_master }}"
+Locations of the mysql and sqlite3 base schema.
+When set, this value is used and they are not automatically detected.
+```yaml
+pdns_mysql_schema_file: ''
+
+pdns_sqlite3_schema_file: ''
+```
+## Example Playbooks
+
+Run as a master using the bind backend (when you already have a `named.conf` file):
+
+```yaml
+- hosts: ns1.example.net
+ roles:
+ - { role: PowerDNS.pdns }
+ vars:
+ pdns_config:
+ master: true
+ local-address: '192.0.2.53'
+ pdns_backends:
+ bind:
+ config: '/etc/named/named.conf'
+```
Install the latest '41' build of PowerDNS Authoritative Server enabling the MySQL backend.
Provides also the MySQL administrative credentials to automatically create and initialize the PowerDNS Authoritative Server user and database:
- - hosts: ns2.example.net
- roles:
- - { role: PowerDNS.pdns }
- vars:
- pdns_config:
- master: true
- slave: false
- local-address: '192.0.2.77'
- pdns_backends:
- gmysql:
- host: 192.0.2.120
- port: 3306
- user: powerdns
- password: P0w3rDn5
- dbname: pdns
- pdns_mysql_databases_credentials:
- gmysql:
- priv_user: root
- priv_password: myrootpass
- priv_host:
- - "%"
- pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"
+```yaml
+- hosts: ns2.example.net
+ roles:
+ - { role: PowerDNS.pdns }
+ vars:
+ pdns_config:
+ master: true
+ slave: false
+ local-address: '192.0.2.77'
+ pdns_backends:
+ gmysql:
+ host: 192.0.2.120
+ port: 3306
+ user: powerdns
+ password: P0w3rDn5
+ dbname: pdns
+ pdns_mysql_databases_credentials:
+ gmysql:
+ priv_user: root
+ priv_password: myrootpass
+ priv_host:
+ - "%"
+ pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"
+```
**NOTE:** In this case the role will use the credentials provided in `pdns_mysql_databases_credentials` to automatically create and initialize the user (`user`, `password`) and database (`dbname`) connecting to the MySQL server (`host`, `port`).
-
Configure PowerDNS Authoritative Server in 'master' mode reading zones from two different PostgreSQL databases:
- - hosts: ns2.example.net
- roles:
- - { role: PowerDNS.pdns }
- vars:
- pdns_config:
- master: true
- local-port: 5300
- local-address: '192.0.2.111'
- pdns_backends:
- 'gpgsql:serverone':
- host: 192.0.2.124
- user: powerdns
- password: P0w3rDn5
- dbname: pdns2
- 'gpgsql:otherserver':
- host: 192.0.2.125
- user: root
- password: root
- dbname: dns
-
-
-Configure PowerDNS Authoritative Server to run with the gsqlite3 backend.
+```yaml
+- hosts: ns2.example.net
+ roles:
+ - { role: PowerDNS.pdns }
+ vars:
+ pdns_config:
+ master: true
+ local-port: 5300
+ local-address: '192.0.2.111'
+ pdns_backends:
+ 'gpgsql:serverone':
+ host: 192.0.2.124
+ user: powerdns
+ password: P0w3rDn5
+ dbname: pdns2
+ 'gpgsql:otherserver':
+ host: 192.0.2.125
+ user: root
+ password: root
+ dbname: dns
+```
+
+Configure PowerDNS Authoritative Server to run with the `gsqlite3` backend.
The SQLite database will be created and initialized by the role
in the location specified by the `database_name` variable.
- - hosts: ns4.example.net
- roles:
- - { role: PowerDNS.pdns }
- vars:
- database_name: '/var/lib/powerdns/db.sqlite'
- pdns_config:
- master: true
- slave: false
- local-address: '192.0.2.73'
- pdns_backends:
- gsqlite3:
- database: "{{ database_name }}"
- dnssec: yes
- pdns_sqlite_databases_locations:
- - "{{ database_name }}"
-
-Testing
--------
+```yaml
+- hosts: ns4.example.net
+ roles:
+ - { role: PowerDNS.pdns }
+ vars:
+ database_name: '/var/lib/powerdns/db.sqlite'
+ pdns_config:
+ master: true
+ slave: false
+ local-address: '192.0.2.73'
+ pdns_backends:
+ gsqlite3:
+ database: "{{ database_name }}"
+ dnssec: yes
+ pdns_sqlite_databases_locations:
+ - "{{ database_name }}"
+```
+
+## Changelog
+
+A detailed changelog of all the changes applied to the role is available [here](./CHANGELOG.md).
+
+## Testing
Tests are performed by [Molecule](http://molecule.readthedocs.org/en/latest/).
@@ -294,9 +347,8 @@ To test all the scenarios run
To run a custom molecule command
- $ tox -e py27-ansible22 -- molecule test -s pdns-41
+ $ tox -e ansible210 -- molecule test -s pdns-44
-License
--------
+## License
MIT
diff --git a/roles/PowerDNS.pdns/defaults/main.yml b/roles/PowerDNS.pdns/defaults/main.yml
index e7265ca..1d72c30 100644
--- a/roles/PowerDNS.pdns/defaults/main.yml
+++ b/roles/PowerDNS.pdns/defaults/main.yml
@@ -10,19 +10,19 @@ pdns_install_repo: ""
# - { role: PowerDNS.pdns,
# pdns_install_repo: "{{ pdns_auth_powerdns_repo_master }}"
#
-# To install the PowerDNS Authoritative Server from the '4.0.x' official repository
+# To install the PowerDNS Authoritative Server from the '4.1.x' official repository
# use the following playbook snippet
# - hosts: all
# roles:
# - { role: PowerDNS.pdns,
-# pdns_install_repo: "{{ pdns_auth_powerdns_repo_40 }}"
-#
-# To install the PowerDNS Authoritative Server from the '4.1.x' official repository
+# pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"
+
+# To install the PowerDNS Authoritative Server from the '4.2.x' official repository
# use the following playbook snippet
# - hosts: all
# roles:
# - { role: PowerDNS.pdns,
-# pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"
+# pdns_install_repo: "{{ pdns_auth_powerdns_repo_42 }}"
#
# To make this role configure a custom repository and install the
# PowerDNS Authoritative Server from it override the `pdns_install_repo` variable
@@ -30,11 +30,11 @@ pdns_install_repo: ""
# - hosts: all
# vars:
# pdns_install_repo:
-# apt_repo_origin: "my.repo.com" # Pin the PowerDNS packages to the provided repository origin
-# apt_repo: "deb http://my.repo.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns main"
-# gpg_key: "http://my.repo.com/MYREPOGPGPUBKEY.asc" # repository public GPG key
+# apt_repo_origin: "example.com" # Pin the PowerDNS packages to the provided repository origin
+# apt_repo: "deb http://example.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/pdns main"
+# gpg_key: "http://example.com/MYREPOGPGPUBKEY.asc" # repository public GPG key
# gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed
-# yum_repo_baseurl: "http://my.repo.com/centos/$basearch/$releasever/pdns"
+# yum_repo_baseurl: "http://example.com/centos/$basearch/$releasever/pdns"
# name: "powerdns" # the name of the repository
# roles:
# - { role: PowerDNS.pdns }
@@ -61,41 +61,49 @@ pdns_debug_symbols_package_name: "{{ default_pdns_debug_symbols_package_name }}"
# NOTE: at the moment, we don't create a user as we assume the package creates
# a "pdns" user and group. If you change these variables, make sure to create
# the user and groups before applying this role
-pdns_user: pdns
-pdns_group: pdns
+pdns_user: "pdns"
+pdns_group: "pdns"
+pdns_file_owner: "root"
+pdns_file_group: "{{ pdns_group }}"
# Name of the PowerDNS Authoritative Server Service
pdns_service_name: "pdns"
-# Force the execution of the handlers at the end of the role.
-# This is required if using this role to configure multiple pdns auth instance in the same single play.
-# See PowerDNS Authoritative Server virtual hosting https://doc.powerdns.com/md/authoritative/running/#starting-virtual-instances-with-system.
-pdns_flush_handlers: False
+# State of the PowerDNS Authoritative Server service
+pdns_service_state: "started"
+pdns_service_enabled: "yes"
+
+# When True, disable the automated restart of the PowerDNS service
+pdns_disable_handlers: False
# PowerDNS Authoritative Server configuration file and directory
pdns_config_dir: "{{ default_pdns_config_dir }}"
pdns_config_file: "pdns.conf"
-# Dictionary of packages that should be installed to enable the backends.
-# backendname: packagename
-pdns_backends_packages: "{{ default_pdns_backends_packages }}"
-
-# pdns_config: A dict containing all configuration options, except for backend
+# Ddict containing all configuration options, except for backend
# configuration and the "config-dir", "setuid" and "setgid" directives.
-#
-# Example:
+pdns_config: {}
# pdns_config:
# master: yes
# slave: no
# local-address: '192.0.2.53'
# local-ipv6: '2001:DB8:1::53'
# local-port: '5300'
-pdns_config: {}
-# pdns_backends: A dict with all the backends you'd like to configure. You can use
-# the multiple backends of the same kind by using {backend}:{instance_name}.
-#
-# For example:
+# Dict with overrides for the service (systemd only)
+pdns_service_overrides: "{{ default_pdns_service_overrides }}"
+# pdns_service_overrides:
+# LimitNOFILE: 10000
+
+# Dictionary of packages that should be installed to enable the backends.
+# backendname: packagename
+pdns_backends_packages: "{{ default_pdns_backends_packages }}"
+
+# A dict with all the backends you'd like to configure.
+# This default starts just the bind-backend with an empty config file
+pdns_backends:
+ bind:
+ config: '/dev/null'
# pdns_backends:
# 'gmysql:one':
# 'user': root
@@ -112,14 +120,9 @@ pdns_config: {}
# 'config': '/etc/named/named.conf'
# 'hybrid': yes
# 'dnssec-db': '{{ pdns_config_dir }}/dnssec.db'
-#
-# This default starts just the bind-backend with an empty config file
-pdns_backends:
- bind:
- config: '/dev/null'
# Administrative credentials to create the PowerDNS Authoritative Server MySQL backend database and user.
-# For example:
+pdns_mysql_databases_credentials: {}
# pdns_mysql_databases_credentials:
# 'gmysql:one':
# 'priv_user': root
@@ -132,10 +135,22 @@ pdns_backends:
# 'priv_password': my_second_password
# 'priv_host':
# - "localhost"
-pdns_mysql_databases_credentials: {}
# This will create the PowerDNS Authoritative Server backend SQLite database
# in the given locations.
# NOTE: Requries the SQLite CLI tools to be available in the machine and the gsqlite3
# backend to be installed on the machine.
pdns_sqlite_databases_locations: []
+
+# This will create the PowerDNS Authoritative Server backend LMDB database
+# in the given locations.
+# NOTE: Requries lmdb backend to be installed on the machine.
+pdns_lmdb_databases_locations: []
+
+# Override the schema used to initialize the MySQL database
+# By default, this role tries to detect the correct file
+pdns_mysql_schema_file: ""
+
+# Override the schema used to initialize the SQLite database
+# By default, this role tries to detect the correct file
+pdns_sqlite_schema_file: ""
diff --git a/roles/PowerDNS.pdns/handlers/main.yml b/roles/PowerDNS.pdns/handlers/main.yml
deleted file mode 100644
index 94aabe4..0000000
--- a/roles/PowerDNS.pdns/handlers/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-
-- name: Restart PowerDNS
- service:
- name: "{{ pdns_service_name }}"
- state: restarted
- sleep: 1 # the sleep is needed to make sure the service has been
- # correctly started after being stopped during restarts
diff --git a/roles/PowerDNS.pdns/meta/.galaxy_install_info b/roles/PowerDNS.pdns/meta/.galaxy_install_info
index 070d34d..27985b8 100644
--- a/roles/PowerDNS.pdns/meta/.galaxy_install_info
+++ b/roles/PowerDNS.pdns/meta/.galaxy_install_info
@@ -1 +1,2 @@
-{install_date: 'Tue Jun 12 09:36:16 2018', version: v1.2.1}
+install_date: Fri Jul 16 14:49:06 2021
+version: v1.7.0
diff --git a/roles/PowerDNS.pdns/meta/main.yml b/roles/PowerDNS.pdns/meta/main.yml
index a284472..7f57787 100644
--- a/roles/PowerDNS.pdns/meta/main.yml
+++ b/roles/PowerDNS.pdns/meta/main.yml
@@ -1,30 +1,30 @@
---
galaxy_info:
+ namespace: powerdns
+ role_name: pdns
author: PowerDNS Engineering Team
description: Install and configure the PowerDNS Authoritative DNS Server
company: PowerDNS.COM BV
license: MIT
- min_ansible_version: 2.2
+ min_ansible_version: 2.9
platforms:
- name: EL
versions:
- - 6
- 7
+ - 8
- name: Debian
versions:
- - jessie
- stretch
+ - buster
- name: Ubuntu
versions:
- - trusty
- - utopic
- - vivid
- - wily
- - xenial
+ - bionic
+ - focal
+ - name: ArchLinux
galaxy_tags:
- system
- dns
- pdns
- powerdns
- - pdns-auth
+ - auth
diff --git a/roles/PowerDNS.pdns/molecule/pdns-41/playbook.yml b/roles/PowerDNS.pdns/molecule/pdns-43/converge.yml
similarity index 78%
rename from roles/PowerDNS.pdns/molecule/pdns-41/playbook.yml
rename to roles/PowerDNS.pdns/molecule/pdns-43/converge.yml
index 3002f42..5012f0a 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-41/playbook.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-43/converge.yml
@@ -3,7 +3,7 @@
- hosts: pdns
vars_files:
- ../resources/vars/pdns-common.yml
- - ../resources/vars/pdns-repo-41.yml
+ - ../resources/vars/pdns-repo-43.yml
- ../resources/vars/pdns-backends.yml
roles:
- { role: pdns-ansible }
diff --git a/roles/PowerDNS.pdns/molecule/pdns-43/molecule.yml b/roles/PowerDNS.pdns/molecule/pdns-43/molecule.yml
new file mode 100644
index 0000000..fa27e98
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/pdns-43/molecule.yml
@@ -0,0 +1,88 @@
+---
+
+scenario:
+ name: pdns-43
+
+driver:
+ name: docker
+
+dependency:
+ name: galaxy
+
+platforms:
+ - name: centos-7
+ groups: ["pdns"]
+ image: centos:7
+ dockerfile_tpl: centos-systemd
+
+ - name: centos-8
+ groups: ["pdns"]
+ image: centos:8
+ dockerfile_tpl: centos-systemd
+
+ - name: ubuntu-1804
+ groups: ["pdns"]
+ image: ubuntu:18.04
+ dockerfile_tpl: debian-systemd
+
+ - name: debian-9
+ groups: ["pdns"]
+ image: debian:9
+ dockerfile_tpl: debian-systemd
+
+ - name: debian-10
+ groups: ["pdns"]
+ image: debian:10
+ dockerfile_tpl: debian-systemd
+
+ # In order to run the tests we need
+ # a MySQL container to be up & running
+ - name: mysql
+ image: mysql:5.7
+ env:
+ MYSQL_ROOT_PASSWORD: pdns
+ # Declaring the container as service,
+ # will link it to the others Platforms containers
+ # on creation.
+ is_service: yes
+
+provisioner:
+ name: ansible
+ options:
+ diff: True
+ v: True
+ config_options:
+ defaults:
+ gathering: smart
+ fact_caching: jsonfile
+ fact_caching_connection: .ansible_cache
+ fact_caching_timeout: 7200
+ ssh_connection:
+ pipelining: true
+ inventory:
+ links:
+ host_vars: ../resources/host_vars/
+ playbooks:
+ create: ../resources/create.yml
+ destroy: ../resources/destroy.yml
+ prepare: ../resources/prepare.yml
+ # "systemctl used in place of systemd module" "ANSIBLE0006"
+ # "Tasks that run when changed should likely be handlers" "ANSIBLE0016"
+ # "Shells that use pipes should set the pipefail option" "306"
+ lint: ansible-lint -x ANSIBLE0006 ANSIBLE0016 306
+
+lint: yamllint defaults tasks meta vars
+
+verifier:
+ name: testinfra
+ options:
+ hosts: "pdns"
+ vvv: True
+ directory: ../resources/tests/all
+ additional_files_or_dirs:
+ # path relative to 'directory'
+ - ../repo-43/
+ - ../backend-sqlite/
+ - ../backend-mysql/
+ - ../systemd-override/
+ lint: flake8
diff --git a/roles/PowerDNS.pdns/molecule/pdns-44/converge.yml b/roles/PowerDNS.pdns/molecule/pdns-44/converge.yml
new file mode 100644
index 0000000..1b511c1
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/pdns-44/converge.yml
@@ -0,0 +1,9 @@
+---
+
+- hosts: pdns
+ vars_files:
+ - ../resources/vars/pdns-common.yml
+ - ../resources/vars/pdns-repo-44.yml
+ - ../resources/vars/pdns-backends.yml
+ roles:
+ - { role: pdns-ansible }
diff --git a/roles/PowerDNS.pdns/molecule/pdns-44/molecule.yml b/roles/PowerDNS.pdns/molecule/pdns-44/molecule.yml
new file mode 100644
index 0000000..1c22258
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/pdns-44/molecule.yml
@@ -0,0 +1,104 @@
+---
+
+scenario:
+ name: pdns-44
+
+driver:
+ name: docker
+
+dependency:
+ name: galaxy
+
+platforms:
+ - name: centos-7
+ groups: ["pdns"]
+ image: centos:7
+ dockerfile_tpl: centos-systemd
+
+ - name: centos-8
+ groups: ["pdns"]
+ image: centos:8
+ dockerfile_tpl: centos-systemd
+
+ - name: ubuntu-1804
+ groups: ["pdns"]
+ image: ubuntu:18.04
+ dockerfile_tpl: debian-systemd
+
+ - name: ubuntu-2004
+ groups: ["pdns"]
+ image: ubuntu:20.04
+ tmpfs:
+ - /run
+ - /tmp
+ dockerfile_tpl: debian-systemd
+
+ - name: debian-9
+ groups: ["pdns"]
+ image: debian:9
+ dockerfile_tpl: debian-systemd
+
+ - name: debian-10
+ groups: ["pdns"]
+ image: debian:10
+ privileged: True
+ volume_mounts:
+ - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
+ tmpfs:
+ - /run
+ - /run/lock
+ - /tmp
+ dockerfile_tpl: debian-systemd
+ environment: { container: docker }
+
+ # In order to run the tests we need
+ # a MySQL container to be up & running
+ - name: mysql
+ image: mysql:5.7
+ env:
+ MYSQL_ROOT_PASSWORD: pdns
+ # Declaring the container as service,
+ # will link it to the others Platforms containers
+ # on creation.
+ is_service: yes
+
+provisioner:
+ name: ansible
+ options:
+ diff: True
+ v: True
+ config_options:
+ defaults:
+ gathering: smart
+ fact_caching: jsonfile
+ fact_caching_connection: .ansible_cache
+ fact_caching_timeout: 7200
+ ssh_connection:
+ pipelining: true
+ inventory:
+ links:
+ host_vars: ../resources/host_vars/
+ playbooks:
+ create: ../resources/create.yml
+ destroy: ../resources/destroy.yml
+ prepare: ../resources/prepare.yml
+ # "systemctl used in place of systemd module" "ANSIBLE0006"
+ # "Tasks that run when changed should likely be handlers" "ANSIBLE0016"
+ # "Shells that use pipes should set the pipefail option" "306"
+ lint: ansible-lint -x ANSIBLE0006 ANSIBLE0016 306
+
+lint: yamllint defaults tasks meta vars
+
+verifier:
+ name: testinfra
+ options:
+ hosts: "pdns"
+ vvv: True
+ directory: ../resources/tests/all
+ additional_files_or_dirs:
+ # path relative to 'directory'
+ - ../repo-44/
+ - ../backend-sqlite/
+ - ../backend-mysql/
+ - ../systemd-override/
+ lint: flake8
diff --git a/roles/PowerDNS.pdns/molecule/pdns-master/playbook.yml b/roles/PowerDNS.pdns/molecule/pdns-master/converge.yml
similarity index 100%
rename from roles/PowerDNS.pdns/molecule/pdns-master/playbook.yml
rename to roles/PowerDNS.pdns/molecule/pdns-master/converge.yml
diff --git a/roles/PowerDNS.pdns/molecule/pdns-master/molecule.yml b/roles/PowerDNS.pdns/molecule/pdns-master/molecule.yml
index e6035ae..927ad4e 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-master/molecule.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-master/molecule.yml
@@ -10,37 +10,30 @@ dependency:
name: galaxy
platforms:
- - name: centos-6
- image: centos:6
- groups:
- - pdns
-
- name: centos-7
+ groups: ["pdns"]
image: centos:7
dockerfile_tpl: centos-systemd
- groups:
- - pdns
-
- - name: ubuntu-1604
- image: ubuntu:16.04
- dockerfile_tpl: debian-systemd
- groups:
- - pdns
- - name: ubuntu-1710
- image: ubuntu:17.10
- groups:
- - pdns
+ - name: centos-8
+ groups: ["pdns"]
+ image: centos:8
+ dockerfile_tpl: centos-systemd
- - name: debian-8
- image: debian:8
- groups:
- - pdns
+ - name: ubuntu-1804
+ groups: ["pdns"]
+ image: ubuntu:18.04
+ dockerfile_tpl: debian-systemd
- name: debian-9
+ groups: ["pdns"]
image: debian:9
- groups:
- - pdns
+ dockerfile_tpl: debian-systemd
+
+ - name: debian-10
+ groups: ["pdns"]
+ image: debian:10
+ dockerfile_tpl: debian-systemd
# In order to run the tests we need
# a MySQL container to be up & running
@@ -58,15 +51,24 @@ provisioner:
options:
diff: True
v: True
+ config_options:
+ defaults:
+ gathering: smart
+ fact_caching: jsonfile
+ fact_caching_connection: .ansible_cache
+ fact_caching_timeout: 7200
+ ssh_connection:
+ pipelining: true
+ inventory:
+ links:
+ host_vars: ../resources/host_vars/
playbooks:
create: ../resources/create.yml
destroy: ../resources/destroy.yml
prepare: ../resources/prepare.yml
- lint:
- name: ansible-lint
+ lint: ansible-lint -x ANSIBLE0006 ANSIBLE0016 306
-lint:
- name: yamllint
+lint: yamllint defaults tasks meta vars
verifier:
name: testinfra
@@ -79,5 +81,5 @@ verifier:
- ../repo-master/
- ../backend-sqlite/
- ../backend-mysql/
- lint:
- name: flake8
+ - ../systemd-override/
+ lint: flake8
diff --git a/roles/PowerDNS.pdns/molecule/pdns-os-repos/converge.yml b/roles/PowerDNS.pdns/molecule/pdns-os-repos/converge.yml
new file mode 100644
index 0000000..fecc3bb
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/pdns-os-repos/converge.yml
@@ -0,0 +1,7 @@
+---
+- hosts: pdns
+ vars_files:
+ - ../resources/vars/pdns-common.yml
+ - ../resources/vars/pdns-backends.yml
+ roles:
+ - { role: pdns-ansible }
diff --git a/roles/PowerDNS.pdns/molecule/pdns-41/molecule.yml b/roles/PowerDNS.pdns/molecule/pdns-os-repos/molecule.yml
similarity index 54%
rename from roles/PowerDNS.pdns/molecule/pdns-41/molecule.yml
rename to roles/PowerDNS.pdns/molecule/pdns-os-repos/molecule.yml
index 7bb4356..7d7b66e 100644
--- a/roles/PowerDNS.pdns/molecule/pdns-41/molecule.yml
+++ b/roles/PowerDNS.pdns/molecule/pdns-os-repos/molecule.yml
@@ -1,7 +1,7 @@
---
scenario:
- name: pdns-41
+ name: pdns-os-repos
driver:
name: docker
@@ -10,37 +10,20 @@ dependency:
name: galaxy
platforms:
- - name: centos-6
- image: centos:6
- groups:
- - pdns
-
- - name: centos-7
- image: centos:7
- dockerfile_tpl: centos-systemd
- groups:
- - pdns
-
- - name: ubuntu-1604
- image: ubuntu:16.04
+ - name: debian-10
+ groups: ["pdns"]
+ image: debian:10
dockerfile_tpl: debian-systemd
- groups:
- - pdns
- - name: ubuntu-1710
- image: ubuntu:17.10
- groups:
- - pdns
+ - name: archlinux
+ groups: ["pdns"]
+ image: archlinux:base
+ dockerfile_tpl: archlinux-systemd
- - name: debian-8
- image: debian:8
- groups:
- - pdns
-
- - name: debian-9
- image: debian:9
- groups:
- - pdns
+ - name: ubuntu-2004
+ groups: ["pdns"]
+ image: ubuntu:20.04
+ dockerfile_tpl: debian-systemd
# In order to run the tests we need
# a MySQL container to be up & running
@@ -58,15 +41,24 @@ provisioner:
options:
diff: True
v: True
+ config_options:
+ defaults:
+ gathering: smart
+ fact_caching: jsonfile
+ fact_caching_connection: .ansible_cache
+ fact_caching_timeout: 7200
+ ssh_connection:
+ pipelining: true
+ inventory:
+ links:
+ host_vars: ../resources/host_vars/
playbooks:
create: ../resources/create.yml
destroy: ../resources/destroy.yml
prepare: ../resources/prepare.yml
- lint:
- name: ansible-lint
+ lint: ansible-lint -x ANSIBLE0006 ANSIBLE0016 306
-lint:
- name: yamllint
+lint: yamllint defaults tasks meta vars
verifier:
name: testinfra
@@ -76,8 +68,7 @@ verifier:
directory: ../resources/tests/all
additional_files_or_dirs:
# path relative to 'directory'
- - ../repo-41/
+ - ../systemd-override/
- ../backend-sqlite/
- ../backend-mysql/
- lint:
- name: flake8
+ lint: flake8
diff --git a/roles/PowerDNS.pdns/molecule/resources/Dockerfile.archlinux-systemd.j2 b/roles/PowerDNS.pdns/molecule/resources/Dockerfile.archlinux-systemd.j2
new file mode 100644
index 0000000..4e016c8
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/Dockerfile.archlinux-systemd.j2
@@ -0,0 +1,27 @@
+# Molecule managed
+
+FROM {{ item.image }}
+
+RUN if [ $(command -v pacman) ]; then pacman -Suy --noconfirm && pacman -S --noconfirm systemd && rm -rf /var/cache/pacman/pkg/*; fi
+RUN if [ ! -e /sbin/init ]; then ln -s /lib/systemd/systemd /sbin/init ; fi
+
+ENV container docker
+
+# Don't start the optional systemd services.
+RUN find /etc/systemd/system \
+ /lib/systemd/system \
+ -path '*.wants/*' \
+ -not -name '*journald*' \
+ -not -name '*systemd-tmpfiles*' \
+ -not -name '*systemd-user-sessions*' \
+ -exec rm \{} \;
+
+RUN systemctl set-default multi-user.target
+
+VOLUME [ "/sys/fs/cgroup" ]
+
+CMD ["/sbin/init"]
+
+RUN if [ $(command -v pacman) ]; then pacman -Suy && pacman -S --noconfirm python sudo bash net-tools ca-certificates awk inetutils grep && rm -rf /var/cache/pacman/pkg/*; fi
+# This ensures docs are installed, which contains the schema files :)
+RUN sed -i '/usr\/share\/doc/d' /etc/pacman.conf
diff --git a/roles/PowerDNS.pdns/molecule/resources/Dockerfile.centos-systemd.j2 b/roles/PowerDNS.pdns/molecule/resources/Dockerfile.centos-systemd.j2
index 8065458..120febf 100644
--- a/roles/PowerDNS.pdns/molecule/resources/Dockerfile.centos-systemd.j2
+++ b/roles/PowerDNS.pdns/molecule/resources/Dockerfile.centos-systemd.j2
@@ -22,5 +22,6 @@ VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
-RUN if [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python python-devel python2-dnf net-tools bash && dnf clean all; \
+RUN if [ $(command -v dnf) ] && [ $(rpm -E %{rhel}) -eq 8 ]; then dnf makecache && dnf --assumeyes install python3 python3-devel python*-dnf bash iproute && dnf clean all; \
+ elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl net-tools bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; fi
diff --git a/roles/PowerDNS.pdns/molecule/resources/Dockerfile.debian-systemd.j2 b/roles/PowerDNS.pdns/molecule/resources/Dockerfile.debian-systemd.j2
index e10ae58..cf847ec 100644
--- a/roles/PowerDNS.pdns/molecule/resources/Dockerfile.debian-systemd.j2
+++ b/roles/PowerDNS.pdns/molecule/resources/Dockerfile.debian-systemd.j2
@@ -2,6 +2,9 @@
FROM {{ item.image }}
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y systemd && apt-get clean; fi
+RUN if [ ! -e /sbin/init ]; then ln -s /lib/systemd/systemd /sbin/init ; fi
+
ENV container docker
# Don't start the optional systemd services.
@@ -19,4 +22,4 @@ VOLUME [ "/sys/fs/cgroup" ]
CMD ["/sbin/init"]
-RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash net-tools ca-certificates && apt-get clean; fi
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python python3 sudo bash net-tools ca-certificates && apt-get clean; fi
diff --git a/roles/PowerDNS.pdns/molecule/resources/create.yml b/roles/PowerDNS.pdns/molecule/resources/create.yml
index af8d220..a3aa1f5 100644
--- a/roles/PowerDNS.pdns/molecule/resources/create.yml
+++ b/roles/PowerDNS.pdns/molecule/resources/create.yml
@@ -21,17 +21,18 @@
register: platforms
- name: Discover local Docker images
- docker_image_facts:
- name: "molecule_local/{{ item.item.name }}"
+ docker_image_info:
+ name: "molecule_pdns/{{ item.item.name }}"
with_items: "{{ platforms.results }}"
register: docker_images
- name: Build an Ansible compatible image
docker_image:
- path: "{{ molecule_ephemeral_directory }}"
- name: "molecule_local/{{ item.item.image }}"
- dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}"
- force: "{{ item.item.force | default(True) }}"
+ source: build
+ name: "molecule_pdns/{{ item.item.image }}"
+ build:
+ path: "{{ molecule_ephemeral_directory }}"
+ dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}"
with_items: "{{ platforms.results }}"
when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0
@@ -51,8 +52,9 @@
docker_container:
name: "{{ item.name }}"
hostname: "{{ item.name }}"
- image: "molecule_local/{{ item.image }}"
+ image: "molecule_pdns/{{ item.image }}"
links: "{{ molecule_service_instances | map(attribute='name') | list }}"
+ command: "{{ item.command | default(omit) }}"
state: started
recreate: False
privileged: "yes"
diff --git a/roles/PowerDNS.pdns/molecule/resources/host_vars/centos-8.yml b/roles/PowerDNS.pdns/molecule/resources/host_vars/centos-8.yml
new file mode 100644
index 0000000..17c2edf
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/host_vars/centos-8.yml
@@ -0,0 +1,3 @@
+---
+
+ansible_python_interpreter: "/usr/bin/python3"
diff --git a/roles/PowerDNS.pdns/molecule/resources/host_vars/debian-10.yml b/roles/PowerDNS.pdns/molecule/resources/host_vars/debian-10.yml
new file mode 100644
index 0000000..b178860
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/host_vars/debian-10.yml
@@ -0,0 +1,4 @@
+---
+
+ansible_python_interpreter: "/usr/bin/python3"
+
diff --git a/roles/PowerDNS.pdns/molecule/resources/host_vars/ubuntu-2004.yml b/roles/PowerDNS.pdns/molecule/resources/host_vars/ubuntu-2004.yml
new file mode 100644
index 0000000..17c2edf
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/host_vars/ubuntu-2004.yml
@@ -0,0 +1,3 @@
+---
+
+ansible_python_interpreter: "/usr/bin/python3"
diff --git a/roles/PowerDNS.pdns/molecule/resources/prepare.yml b/roles/PowerDNS.pdns/molecule/resources/prepare.yml
index e306c99..e9e9832 100644
--- a/roles/PowerDNS.pdns/molecule/resources/prepare.yml
+++ b/roles/PowerDNS.pdns/molecule/resources/prepare.yml
@@ -3,8 +3,8 @@
- name: Prepare the Molecule Test Resources
hosts: pdns
tasks:
- # This is required to be sure yum install the
- # default MySQL and SQLite schemas in /usr/share/doc/
+ # Make sure the default MySQL and SQLite
+ # schemas are installed in /usr/share/doc/
- name: Disable the YUM 'nodocs' option
lineinfile:
line: tsflags=nodocs
@@ -12,6 +12,12 @@
state: absent
when: ansible_pkg_mgr == 'yum'
+ - name: Disable the APT 'nodoc' option
+ lineinfile:
+ line: path-exclude=/usr/share/doc/*
+ dest: /etc/dpkg/dpkg.cfg.d/excludes
+ state: absent
+
# Install rsyslog to capture the PDNS log messages
# when the service is not managed by systemd
- block:
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/all/test_common.py b/roles/PowerDNS.pdns/molecule/resources/tests/all/test_common.py
index 9a53cd5..8080602 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/all/test_common.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/all/test_common.py
@@ -1,21 +1,12 @@
debian_os = ['debian', 'ubuntu']
rhel_os = ['redhat', 'centos']
+archlinux_os = ['arch']
def test_distribution(host):
- assert host.system_info.distribution.lower() in debian_os + rhel_os
-
-
-def test_repo_pinning_file(host):
- if host.system_info.distribution.lower() in debian_os:
- f = host.file('/etc/apt/preferences.d/pdns')
- assert f.exists
- assert f.user == 'root'
- assert f.group == 'root'
- f.contains('Package: pdns-*')
- f.contains('Pin: origin repo.powerdns.com')
- f.contains('Pin-Priority: 600')
+ assert host.system_info.distribution.lower() in debian_os + rhel_os + \
+ archlinux_os
def test_package(host):
@@ -24,6 +15,8 @@ def test_package(host):
p = host.package('pdns-server')
if host.system_info.distribution.lower() in rhel_os:
p = host.package('pdns')
+ if host.system_info.distribution.lower() in archlinux_os:
+ p = host.package('powerdns')
assert p.is_installed
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/backend-mysql/test_backend_mysql.py b/roles/PowerDNS.pdns/molecule/resources/tests/backend-mysql/test_backend_mysql.py
index 663df1a..c1e902a 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/backend-mysql/test_backend_mysql.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/backend-mysql/test_backend_mysql.py
@@ -1,18 +1,19 @@
debian_os = ['debian', 'ubuntu']
rhel_os = ['redhat', 'centos']
+archlinux_os = ['arch']
def test_package(host):
- p = host.package('pdns-backend-mysql')
-
- assert p.is_installed
+ if host.system_info.distribution.lower() in debian_os + rhel_os:
+ p = host.package('pdns-backend-mysql')
+ assert p.is_installed
def test_config(host):
with host.sudo():
f = None
- if host.system_info.distribution.lower() in debian_os:
+ if host.system_info.distribution.lower() in debian_os + archlinux_os:
f = host.file('/etc/powerdns/pdns.conf')
if host.system_info.distribution.lower() in rhel_os:
f = host.file('/etc/pdns/pdns.conf')
@@ -20,24 +21,20 @@ def test_config(host):
dbname = host.check_output('hostname -s').replace('.', '_')
assert f.exists
- assert 'launch+=gmysql' in f.content
- assert 'gmysql-host=mysql' in f.content
- assert 'gmysql-password=pdns' in f.content
- assert 'gmysql-dbname=' + dbname in f.content
- assert 'gmysql-user=pdns' in f.content
+ assert f.contains('launch+=gmysql')
+ assert f.contains('gmysql-host=mysql')
+ assert f.contains('gmysql-password=pdns')
+ assert f.contains('gmysql-dbname=' + dbname)
+ assert f.contains('gmysql-user=pdns')
def test_database_tables(host):
dbname = host.check_output('hostname -s').replace('.', '_')
- cmd = host.run("mysql --user=\"pdns\" --password=\"pdns\" --host=\"mysql\" " +
+ cmd = host.run("mysql --user=\"pdns\" --password=\"pdns\" --host=\"mysql\" " +
"--batch --skip-column-names " +
"--execute=\"SELECT DISTINCT table_name FROM information_schema.columns WHERE table_schema = '%s'\"" % dbname)
- assert 'domains' in cmd.stdout
- assert 'records' in cmd.stdout
- assert 'supermasters' in cmd.stdout
- assert 'comments' in cmd.stdout
- assert 'domainmetadata' in cmd.stdout
- assert 'cryptokeys' in cmd.stdout
- assert 'tsigkeys' in cmd.stdout
+ for table in [ 'domains', 'records', 'supermasters', 'comments',
+ 'domainmetadata', 'cryptokeys', 'tsigkeys' ]:
+ assert table in cmd.stdout
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/backend-sqlite/test_backend_sqlite.py b/roles/PowerDNS.pdns/molecule/resources/tests/backend-sqlite/test_backend_sqlite.py
index 3b5595d..2527b90 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/backend-sqlite/test_backend_sqlite.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/backend-sqlite/test_backend_sqlite.py
@@ -1,23 +1,27 @@
debian_os = ['debian', 'ubuntu']
rhel_os = ['redhat', 'centos']
+archlinux_os = ['arch']
def test_package(host):
- p = None
- if host.system_info.distribution.lower() in debian_os:
- p = host.package('pdns-backend-sqlite3')
- if host.system_info.distribution.lower() in rhel_os:
- p = host.package('pdns-backend-sqlite')
+ if host.system_info.distribution.lower() in debian_os + rhel_os:
+ if host.system_info.distribution.lower() in debian_os:
+ p = host.package('pdns-backend-sqlite3')
+ if host.system_info.distribution.lower() in rhel_os:
+ p = host.package('pdns-backend-sqlite')
- assert p.is_installed
+ assert p.is_installed
def test_database_exists(host):
f = host.file('/var/lib/powerdns/pdns.db')
+ user = 'pdns'
+ if host.system_info.distribution.lower() in archlinux_os:
+ user = 'powerdns'
assert f.exists
- assert f.user == 'pdns'
- assert f.group == 'pdns'
- assert f.mode == 416
+ assert f.user == user
+ assert f.group == user
+ assert f.mode == 0o640
assert f.size > 10000
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/repo-41/test_repo_41.py b/roles/PowerDNS.pdns/molecule/resources/tests/repo-41/test_repo_41.py
deleted file mode 100644
index 85f4adc..0000000
--- a/roles/PowerDNS.pdns/molecule/resources/tests/repo-41/test_repo_41.py
+++ /dev/null
@@ -1,32 +0,0 @@
-
-debian_os = ['debian', 'ubuntu']
-rhel_os = ['redhat', 'centos']
-
-
-def test_repo_file(host):
- f = None
- if host.system_info.distribution.lower() in debian_os:
- f = host.file('/etc/apt/sources.list.d/powerdns-auth-41.list')
- if host.system_info.distribution.lower() in rhel_os:
- f = host.file('/etc/yum.repos.d/powerdns-auth-41.repo')
-
- assert f.exists
- assert f.user == 'root'
- assert f.group == 'root'
-
-
-def test_pdns_repo(host):
- f = None
- if host.system_info.distribution.lower() in debian_os:
- f = host.file('/etc/apt/sources.list.d/powerdns-auth-41.list')
- if host.system_info.distribution.lower() in rhel_os:
- f = host.file('/etc/yum.repos.d/powerdns-auth-41.repo')
-
- assert f.exists
- assert f.contains('auth-41')
-
-
-def test_pdns_version(host):
- cmd = host.run('/usr/sbin/pdns_server --version')
-
- assert 'PowerDNS Authoritative Server 4.1.' in cmd.stderr
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/repo-43/test_repo_43.py b/roles/PowerDNS.pdns/molecule/resources/tests/repo-43/test_repo_43.py
new file mode 100644
index 0000000..6528205
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/repo-43/test_repo_43.py
@@ -0,0 +1,44 @@
+
+debian_os = ['debian', 'ubuntu']
+rhel_os = ['redhat', 'centos']
+
+
+def test_repo_file(host):
+ f = None
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-43.list')
+ if host.system_info.distribution.lower() in rhel_os:
+ f = host.file('/etc/yum.repos.d/powerdns-auth-43.repo')
+
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+
+
+def test_pdns_repo(host):
+ f = None
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-43.list')
+ if host.system_info.distribution.lower() in rhel_os:
+ f = host.file('/etc/yum.repos.d/powerdns-auth-43.repo')
+
+ assert f.exists
+ assert f.contains('auth-43')
+
+
+def test_repo_pinning_file(host):
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/preferences.d/pdns')
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+ f.contains('Package: pdns-*')
+ f.contains('Pin: origin repo.powerdns.com')
+ f.contains('Pin-Priority: 600')
+
+
+def test_pdns_version(host):
+ cmd = host.run('/usr/sbin/pdns_server --version')
+
+ assert 'PowerDNS Authoritative Server' in cmd.stderr
+ assert '4.3' in cmd.stderr
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/repo-44/test_repo_44.py b/roles/PowerDNS.pdns/molecule/resources/tests/repo-44/test_repo_44.py
new file mode 100644
index 0000000..6d5dac9
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/repo-44/test_repo_44.py
@@ -0,0 +1,44 @@
+
+debian_os = ['debian', 'ubuntu']
+rhel_os = ['redhat', 'centos']
+
+
+def test_repo_file(host):
+ f = None
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-44.list')
+ if host.system_info.distribution.lower() in rhel_os:
+ f = host.file('/etc/yum.repos.d/powerdns-auth-44.repo')
+
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+
+
+def test_pdns_repo(host):
+ f = None
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/sources.list.d/powerdns-auth-44.list')
+ if host.system_info.distribution.lower() in rhel_os:
+ f = host.file('/etc/yum.repos.d/powerdns-auth-44.repo')
+
+ assert f.exists
+ assert f.contains('auth-44')
+
+
+def test_repo_pinning_file(host):
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/preferences.d/pdns')
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+ f.contains('Package: pdns-*')
+ f.contains('Pin: origin repo.powerdns.com')
+ f.contains('Pin-Priority: 600')
+
+
+def test_pdns_version(host):
+ cmd = host.run('/usr/sbin/pdns_server --version')
+
+ assert 'PowerDNS Authoritative Server' in cmd.stderr
+ assert '4.4' in cmd.stderr
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/repo-master/test_repo_master.py b/roles/PowerDNS.pdns/molecule/resources/tests/repo-master/test_repo_master.py
index dd323cd..8ebaeba 100644
--- a/roles/PowerDNS.pdns/molecule/resources/tests/repo-master/test_repo_master.py
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/repo-master/test_repo_master.py
@@ -26,7 +26,19 @@ def test_pdns_repo(host):
assert f.contains('auth-master')
+def test_repo_pinning_file(host):
+ if host.system_info.distribution.lower() in debian_os:
+ f = host.file('/etc/apt/preferences.d/pdns')
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+ f.contains('Package: pdns-*')
+ f.contains('Pin: origin repo.powerdns.com')
+ f.contains('Pin-Priority: 600')
+
+
def test_pdns_version(host):
cmd = host.run('/usr/sbin/pdns_server --version')
- assert 'PowerDNS Authoritative Server 0.0.' in cmd.stderr
+ assert 'PowerDNS Authoritative Server' in cmd.stderr
+ assert 'master' in cmd.stderr
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/systemd-no-override/test_override.py b/roles/PowerDNS.pdns/molecule/resources/tests/systemd-no-override/test_override.py
new file mode 100644
index 0000000..3ec7048
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/systemd-no-override/test_override.py
@@ -0,0 +1,7 @@
+def test_systemd_override(host):
+ smgr = host.ansible("setup")["ansible_facts"]["ansible_service_mgr"]
+ if smgr == 'systemd':
+ fname = '/etc/systemd/system/pdns.service.d/override.conf'
+ f = host.file(fname)
+
+ assert not f.exists
diff --git a/roles/PowerDNS.pdns/molecule/resources/tests/systemd-override/test_override.py b/roles/PowerDNS.pdns/molecule/resources/tests/systemd-override/test_override.py
new file mode 100644
index 0000000..9d6605b
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/tests/systemd-override/test_override.py
@@ -0,0 +1,10 @@
+def test_systemd_override(host):
+ smgr = host.ansible("setup")["ansible_facts"]["ansible_service_mgr"]
+ if smgr == 'systemd':
+ fname = '/etc/systemd/system/pdns.service.d/override.conf'
+ f = host.file(fname)
+
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
+ assert f.contains('LimitCORE=infinity')
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/molecule.yml b/roles/PowerDNS.pdns/molecule/resources/vars/molecule.yml
index 761b27a..ac66ad3 100644
--- a/roles/PowerDNS.pdns/molecule/resources/vars/molecule.yml
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/molecule.yml
@@ -1,6 +1,7 @@
---
-
molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
molecule_ephemeral_directory: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}"
molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
-molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
+role-file: requirements.yml
+requirements-file: requirements.yml
+molecule_yml: "{{ lookup('file', molecule_file) | from_yaml }}"
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-common.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-common.yml
index 17fea54..7b1d4c7 100644
--- a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-common.yml
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-common.yml
@@ -21,3 +21,6 @@ pdns_config:
webserver: yes
webserver-address: "0.0.0.0"
webserver-port: "8001"
+
+pdns_service_overrides:
+ LimitCORE: infinity
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-no-overrides.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-no-overrides.yml
new file mode 100644
index 0000000..3818028
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-no-overrides.yml
@@ -0,0 +1,26 @@
+---
+
+##
+# PowerDNS Configuration
+##
+
+pdns_config:
+
+ # Turns on master operations
+ master: true
+
+ # Listen Address
+ local-address: "127.0.0.1"
+ local-port: "53"
+
+ # API Configuration
+ api: yes
+ api-key: "powerdns"
+
+ # Embedded webserver
+ webserver: yes
+ webserver-address: "0.0.0.0"
+ webserver-port: "8001"
+
+pdns_install_repo: "{{ pdns_auth_powerdns_repo_44 }}"
+pdns_service_overrides: ''
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-os-repos.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-os-repos.yml
new file mode 100644
index 0000000..96d7c0a
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-os-repos.yml
@@ -0,0 +1,5 @@
+---
+
+##
+# No special things
+##
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-41.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-41.yml
deleted file mode 100644
index 4722dd0..0000000
--- a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-41.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-##
-# PowerDNS 4.1.x Repository
-##
-
-pdns_install_repo: "{{ pdns_auth_powerdns_repo_41 }}"
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-43.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-43.yml
new file mode 100644
index 0000000..8518de4
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-43.yml
@@ -0,0 +1,7 @@
+---
+
+##
+# PowerDNS 4.3.x Repository
+##
+
+pdns_install_repo: "{{ pdns_auth_powerdns_repo_43 }}"
diff --git a/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-44.yml b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-44.yml
new file mode 100644
index 0000000..007c357
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/resources/vars/pdns-repo-44.yml
@@ -0,0 +1,7 @@
+---
+
+##
+# PowerDNS 4.4.x Repository
+##
+
+pdns_install_repo: "{{ pdns_auth_powerdns_repo_44 }}"
diff --git a/roles/PowerDNS.pdns/molecule/systemd-no-overrides/converge.yml b/roles/PowerDNS.pdns/molecule/systemd-no-overrides/converge.yml
new file mode 100644
index 0000000..83600f6
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/systemd-no-overrides/converge.yml
@@ -0,0 +1,7 @@
+---
+
+- hosts: pdns
+ vars_files:
+ - ../resources/vars/pdns-no-overrides.yml
+ roles:
+ - { role: pdns-ansible }
diff --git a/roles/PowerDNS.pdns/molecule/systemd-no-overrides/molecule.yml b/roles/PowerDNS.pdns/molecule/systemd-no-overrides/molecule.yml
new file mode 100644
index 0000000..27003da
--- /dev/null
+++ b/roles/PowerDNS.pdns/molecule/systemd-no-overrides/molecule.yml
@@ -0,0 +1,56 @@
+---
+
+scenario:
+ name: systemd-no-overrides
+
+driver:
+ name: docker
+
+dependency:
+ name: galaxy
+
+platforms:
+ - name: debian-10
+ groups: ["pdns"]
+ image: debian:10
+ dockerfile_tpl: debian-systemd
+
+ - name: ubuntu-2004
+ groups: ["pdns"]
+ image: ubuntu:20.04
+ dockerfile_tpl: debian-systemd
+
+provisioner:
+ name: ansible
+ options:
+ diff: True
+ v: True
+ config_options:
+ defaults:
+ gathering: smart
+ fact_caching: jsonfile
+ fact_caching_connection: .ansible_cache
+ fact_caching_timeout: 7200
+ ssh_connection:
+ pipelining: true
+ inventory:
+ links:
+ host_vars: ../resources/host_vars/
+ playbooks:
+ create: ../resources/create.yml
+ destroy: ../resources/destroy.yml
+ prepare: ../resources/prepare.yml
+ lint: ansible-lint -x ANSIBLE0006 ANSIBLE0016 306
+
+lint: yamllint defaults tasks meta vars
+
+verifier:
+ name: testinfra
+ options:
+ hosts: "pdns"
+ vvv: True
+ directory: ../resources/tests/all
+ additional_files_or_dirs:
+ # path relative to 'directory'
+ - ../systemd-no-override
+ lint: flake8
diff --git a/roles/PowerDNS.pdns/requirements.yml b/roles/PowerDNS.pdns/requirements.yml
new file mode 100644
index 0000000..6a0d242
--- /dev/null
+++ b/roles/PowerDNS.pdns/requirements.yml
@@ -0,0 +1,3 @@
+---
+collections:
+ - name: community.mysql
diff --git a/roles/PowerDNS.pdns/tasks/configure.yml b/roles/PowerDNS.pdns/tasks/configure.yml
index 3617959..fb103f6 100644
--- a/roles/PowerDNS.pdns/tasks/configure.yml
+++ b/roles/PowerDNS.pdns/tasks/configure.yml
@@ -1,27 +1,63 @@
---
-- name: Ensure that the PowerDNS Authoritative Server configuration directory exists
+- block:
+
+ - name: Ensure the override directory exists (systemd)
+ file:
+ name: "/etc/systemd/system/{{ pdns_service_name }}.service.d"
+ state: directory
+ owner: root
+ group: root
+
+ - name: Override the PowerDNS Authoritative Server unit (systemd)
+ template:
+ src: "override-service.systemd.conf.j2"
+ dest: "/etc/systemd/system/{{ pdns_service_name }}.service.d/override.conf"
+ owner: root
+ group: root
+ register: _pdns_override_unit
+ when: pdns_service_overrides | length > 0
+
+ - name: Reload systemd
+ systemd:
+ daemon_reload: yes
+ when: not pdns_disable_handlers
+ and _pdns_override_unit.changed
+
+ when: ansible_service_mgr == "systemd"
+
+- name: Ensure that the PowerDNS configuration directory exists
file:
name: "{{ pdns_config_dir }}"
state: directory
- owner: "root"
- group: "root"
- mode: 0755
+ owner: "{{ pdns_file_owner }}"
+ group: "{{ pdns_file_group }}"
+ mode: 0750
-- name: Generate the PowerDNS Authoritative Server configuration
+- name: Generate the PowerDNS configuration
template:
src: pdns.conf.j2
dest: "{{ pdns_config_dir }}/{{ pdns_config_file }}"
- owner: "root"
- group: "root"
+ owner: "{{ pdns_file_owner }}"
+ group: "{{ pdns_file_group }}"
mode: 0640
- notify: Restart PowerDNS
+ register: _pdns_configuration
-- name: Ensure that the PowerDNS Authoritative Server 'include-dir' directory exists
+- name: Ensure that the PowerDNS 'include-dir' directory exists
file:
name: "{{ pdns_config['include-dir'] }}"
state: directory
- owner: "root"
- group: "root"
- mode: 0755
+ owner: "{{ pdns_file_owner }}"
+ group: "{{ pdns_file_group }}"
+ mode: 0750
when: "pdns_config['include-dir'] is defined"
+
+- name: Restart PowerDNS
+ service:
+ name: "{{ pdns_service_name }}"
+ state: restarted
+ sleep: 1
+ when: not pdns_disable_handlers
+ and pdns_service_state != 'stopped'
+ and (_pdns_override_unit.changed
+ or _pdns_configuration.changed)
diff --git a/roles/PowerDNS.pdns/tasks/database-lmdb.yml b/roles/PowerDNS.pdns/tasks/database-lmdb.yml
new file mode 100644
index 0000000..83da40f
--- /dev/null
+++ b/roles/PowerDNS.pdns/tasks/database-lmdb.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Ensure that the directories containing the PowerDNS LMDB databases exist
+ file:
+ name: "{{ item | dirname }}"
+ owner: "{{ pdns_user }}"
+ group: "{{ pdns_group }}"
+ state: directory
+ mode: 0750
+ with_items: "{{ pdns_lmdb_databases_locations }}"
diff --git a/roles/PowerDNS.pdns/tasks/database-mysql.yml b/roles/PowerDNS.pdns/tasks/database-mysql.yml
index 9198e93..307929d 100644
--- a/roles/PowerDNS.pdns/tasks/database-mysql.yml
+++ b/roles/PowerDNS.pdns/tasks/database-mysql.yml
@@ -1,40 +1,33 @@
---
-- name: Install the MySQL dependencies on RedHat
+- name: Install the MySQL dependencies
package:
- name: "{{ item }}"
+ name: "{{ pdns_mysql_packages }}"
state: present
- with_items:
- - mysql
- - MySQL-python
- when: ansible_os_family == 'RedHat'
-- name: Install the MySQL dependencies on Debian
- package:
- name: "{{ item }}"
- state: present
- with_items:
- - mysql-client
- - python-mysqldb
- when: ansible_os_family == 'Debian'
+- debug: var=item['value']
+ when: "item.key.split(':')[0] == 'gmysql'"
+ with_dict: "{{ pdns_backends | combine(pdns_mysql_databases_credentials, recursive=True) }}"
-- name: Create the PowerDNS Authoritative Server MySQL databases
+- name: Create the PowerDNS MySQL databases
mysql_db:
login_user: "{{ item['value']['priv_user'] }}"
login_password: "{{ item['value']['priv_password'] }}"
login_host: "{{ item['value']['host'] }}"
login_port: "{{ item['value']['port'] | default('3306') }}"
+ login_unix_socket: /var/run/mysqld/mysqld.sock
name: "{{ item['value']['dbname'] }}"
state: present
when: "item.key.split(':')[0] == 'gmysql'"
with_dict: "{{ pdns_backends | combine(pdns_mysql_databases_credentials, recursive=True) }}"
-- name: Grant the PowerDNS Authoritative Server access to the MySQL databases
+- name: Grant PowerDNS access to the MySQL databases
mysql_user:
login_user: "{{ item[0]['priv_user'] }}"
login_password: "{{ item[0]['priv_password'] }}"
login_host: "{{ item[0]['host'] }}"
login_port: "{{ item[0]['port'] | default('3306') }}"
+ login_unix_socket: /var/run/mysqld/mysqld.sock
name: "{{ item[0]['user'] }}"
password: "{{ item[0]['password'] }}"
host: "{{ item[1] }}"
@@ -46,7 +39,7 @@
- priv_host
- skip_missing: yes
-- name: Check if the PowerDNS Authoritative Server MySQL databases are empty
+- name: Check if the MySQL databases are empty
command: >
mysql --user="{{ item['value']['user'] }}" --password="{{ item['value']['password'] }}"
--host="{{ item['value']['host'] }}" --port "{{ item['value']['port'] | default('3306') }}" --batch --skip-column-names
@@ -56,27 +49,26 @@
register: _pdns_check_mysql_db
changed_when: False
-- name: Define the PowerDNS Authoritative Server database MySQL schema file path on RedHat < 7
- set_fact:
- _pdns_mysql_schema_file: "/usr/share/doc/pdns/schema.mysql.sql"
- when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int < 7
-
-- name: Define the PowerDNS Authoritative Server database MySQL schema file path on RedHat >= 7
- set_fact:
- _pdns_mysql_schema_file: "/usr/share/doc/pdns-backend-mysql-{{ pdns_package_version | regex_replace('-rc[\\d]*$', '') }}/schema.mysql.sql"
- when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int >= 7
-
-- name: Define the PowerDNS Authoritative Server database MySQL schema file path on Debian
- set_fact:
- _pdns_mysql_schema_file: "/usr/share/dbconfig-common/data/pdns-backend-mysql/install/mysql"
- when: ansible_os_family == 'Debian' and pdns_install_repo == ''
+- name: Determine location of the SQL file
+ shell:
+ cmd: |
+ for p in /usr/share/doc/pdns-backend-mysql-{{ _pdns_running_version }}/schema.mysql.sql /usr/share/doc/pdns-backend-mysql/schema.mysql.sql /usr/share/pdns-backend-mysql/schema/schema.mysql.sql /usr/share/dbconfig-common/data/pdns-backend-mysql/install/mysql /usr/share/doc/powerdns/schema.mysql.sql; do
+ if [ -f $p ]; then
+ echo $p
+ exit 0
+ fi
+ done
+ echo "Can't determine path to MySQL schema">&2
+ exit 1
+ changed_when: false
+ register: pdns_mysql_schema_file_detected
+ when: pdns_mysql_schema_file | length == 0
-- name: Define the PowerDNS Authoritative Server database MySQL schema file path on Debian
+- name: Set the schema file variable
set_fact:
- _pdns_mysql_schema_file: "/usr/share/doc/pdns-backend-mysql/schema.mysql.sql"
- when: ansible_os_family == 'Debian' and pdns_install_repo != ''
+ pdns_mysql_schema_file_to_use: "{% if pdns_mysql_schema_file | length == 0 %}{{ pdns_mysql_schema_file_detected.stdout }}{% else %}{{ pdns_mysql_schema_file }}{% endif %}"
-- name: Import the PowerDNS Authoritative Server MySQL schema
+- name: Import the PowerDNS MySQL schema
mysql_db:
login_user: "{{ item['item']['value']['user'] }}"
login_password: "{{ item['item']['value']['password'] }}"
@@ -84,6 +76,6 @@
login_port: "{{ item['item']['port'] | default('3306') }}"
name: "{{ item.item['value']['dbname'] }}"
state: import
- target: "{{ _pdns_mysql_schema_file }}"
+ target: "{{ pdns_mysql_schema_file_to_use }}"
when: "item['item']['key'].split(':')[0] == 'gmysql' and item['stdout'] == '0'"
with_items: "{{ _pdns_check_mysql_db['results'] }}"
diff --git a/roles/PowerDNS.pdns/tasks/database-sqlite3.yml b/roles/PowerDNS.pdns/tasks/database-sqlite3.yml
index e4607e4..edbd89d 100644
--- a/roles/PowerDNS.pdns/tasks/database-sqlite3.yml
+++ b/roles/PowerDNS.pdns/tasks/database-sqlite3.yml
@@ -1,36 +1,52 @@
---
-- name: Ensure that the directories containing the PowerDNS Authoritative Server SQLite databases exist
+- name: Install the SQLite dependencies on RedHat
+ package:
+ name: sqlite
+ state: present
+ when: ansible_os_family == 'RedHat'
+
+- name: Install the SQLite dependencies on Debian
+ package:
+ name: sqlite3
+ state: present
+ when: ansible_os_family == 'Debian'
+
+- name: Ensure that the directories containing the PowerDNS SQLite databases exist
file:
- name: "{{ '/'.join(item.split('/')[:-1]) }}"
+ name: "{{ item | dirname }}"
owner: "{{ pdns_user }}"
group: "{{ pdns_group }}"
state: directory
mode: 0750
with_items: "{{ pdns_sqlite_databases_locations }}"
-- name: Create the PowerDNS Authoritative Server SQLite databases on RedHat < 7
- shell: "sqlite3 {{ item }} < /usr/share/doc/pdns/schema.sqlite3.sql"
- args:
- creates: "{{ item }}"
- with_items: "{{ pdns_sqlite_databases_locations }}"
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version | int < 7
+- name: Determine location of the SQL file
+ shell:
+ cmd: |
+ for p in /usr/share/doc/pdns-backend-sqlite-{{ _pdns_running_version }}/schema.sql /usr/share/doc/pdns-backend-sqlite-{{ _pdns_running_version }}/schema.sqlite3.sql /usr/share/doc/pdns/schema.sqlite3.sql /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql /usr/share/doc/pdns-backend-sqlite/schema.sqlite3.sql /usr/share/doc/powerdns/schema.sqlite3.sql; do
+ if [ -f $p ]; then
+ echo $p
+ exit 0
+ fi
+ done
+ echo "Can't determine path to SQLite schema">&2
+ exit 1
+ changed_when: false
+ register: pdns_sqlite_schema_file_detected
+ when: pdns_sqlite_schema_file | length == 0
-- name: Create the PowerDNS Authoritative Server SQLite databases on RedHat >= 7
- shell: "sqlite3 {{ item }} < /usr/share/doc/pdns-backend-sqlite-{{ pdns_package_version | regex_replace('-rc[\\d]*$', '') }}/schema.sqlite3.sql"
- args:
- creates: "{{ item }}"
- with_items: "{{ pdns_sqlite_databases_locations }}"
- when: ansible_os_family == "RedHat" and ansible_distribution_major_version | int >= 7
+- name: Set the schema file variable
+ set_fact:
+ pdns_sqlite_schema_file_to_use: "{% if pdns_sqlite_schema_file | length == 0 %}{{ pdns_sqlite_schema_file_detected.stdout }}{% else %}{{ pdns_sqlite_schema_file }}{% endif %}"
-- name: Create the PowerDNS Authoritative Server SQLite databases on Debian
- shell: "sqlite3 {{ item }} < /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql"
+- name: Create the PowerDNS SQLite databases
+ shell: "sqlite3 {{ item }} < {{ pdns_sqlite_schema_file_to_use }}"
args:
creates: "{{ item }}"
with_items: "{{ pdns_sqlite_databases_locations }}"
- when: ansible_os_family == "Debian"
-- name: Check the PowerDNS Authoritative Server SQLite databases permissions
+- name: Check the PowerDNS SQLite databases permissions
file:
name: "{{ item }}"
owner: "{{ pdns_user }}"
diff --git a/roles/PowerDNS.pdns/tasks/inspect.yml b/roles/PowerDNS.pdns/tasks/inspect.yml
index 910064c..98f74d3 100644
--- a/roles/PowerDNS.pdns/tasks/inspect.yml
+++ b/roles/PowerDNS.pdns/tasks/inspect.yml
@@ -1,11 +1,12 @@
---
-- name: Obtain the PowerDNS Authoritative Server version
- shell: "pdns_server --version 2>&1 | awk '/PowerDNS Authoritative/{print $7}'"
+- name: Obtain the version of the running PowerDNS instance
+ shell: |
+ pdns_server --version 2>&1 | awk '/PowerDNS Authoritative/{print $7}'
register: _pdns_version
check_mode: no
changed_when: False
-- name: Export the PowerDNS Authoritative Server version variable
+- name: Export the running PowerDNS instance version to a variable
set_fact:
- pdns_package_version: "{{ _pdns_version['stdout'] }}"
+ _pdns_running_version: "{{ _pdns_version['stdout'] | regex_replace('-[.\\d\\w]+$', '') }}"
diff --git a/roles/PowerDNS.pdns/tasks/install.yml b/roles/PowerDNS.pdns/tasks/install.yml
index 24a8dc6..af547fd 100644
--- a/roles/PowerDNS.pdns/tasks/install.yml
+++ b/roles/PowerDNS.pdns/tasks/install.yml
@@ -2,32 +2,32 @@
- block:
- - name: Prefix the version with the correct separator on RedHat
+ - name: Prefix the PowerDNS version with the correct separator on RedHat
set_fact:
- pdns_package_version: "-{{ pdns_package_version }}"
+ _pdns_package_version: "-{{ pdns_package_version }}"
when: ansible_os_family == 'RedHat'
- - name: Prefix the version with the correct separator on Debian
+ - name: Prefix the PowerDNS version with the correct separator on Debian
set_fact:
- pdns_package_version: "={{ pdns_package_version }}"
+ _pdns_package_version: "={{ pdns_package_version }}"
when: ansible_os_family == 'Debian'
- when: pdns_package_version != ''
+ when: "pdns_package_version | length > 0"
-- name: Install the PowerDNS Authoritative Server
+- name: Install PowerDNS
package:
- name: "{{ pdns_package_name }}{{ pdns_package_version }}"
+ name: "{{ pdns_package_name }}{{ _pdns_package_version | default('') }}"
state: present
-- name: Install PowerDNS Authoritative Server debug symbols
+- name: Install PowerDNS debug symbols
package:
- name: "{{ pdns_debug_symbols_package_name }}{{ pdns_package_version }}"
+ name: "{{ pdns_debug_symbols_package_name }}{{ _pdns_package_version | default('') }}"
state: present
when: pdns_install_debug_symbols_package
-- name: Install the PowerDNS Authoritative Server backends
+- name: Install PowerDNS backends
package:
- name: "{{ pdns_backends_packages[item.key.split(':')[0]] }}{{ pdns_package_version }}"
+ name: "{{ pdns_backends_packages[item.key.split(':')[0]] }}{{ _pdns_package_version | default('') }}"
state: present
when: pdns_backends_packages[item.key.split(':')[0]] is defined
with_dict: "{{ pdns_backends }}"
diff --git a/roles/PowerDNS.pdns/tasks/main.yml b/roles/PowerDNS.pdns/tasks/main.yml
index 4b1fdcf..c512126 100644
--- a/roles/PowerDNS.pdns/tasks/main.yml
+++ b/roles/PowerDNS.pdns/tasks/main.yml
@@ -1,12 +1,17 @@
---
- name: Include OS-specific variables
- include_vars: "{{ ansible_os_family }}.yml"
+ include_vars: "{{ item }}"
+ with_first_found:
+ - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+ - "{{ ansible_distribution }}.yml"
+ - "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+ - "{{ ansible_os_family }}.yml"
tags:
- always
- include: "repo-{{ ansible_os_family }}.yml"
- when: pdns_install_repo != ""
+ when: "pdns_install_repo | length > 0"
tags:
- install
- repository
@@ -34,21 +39,26 @@
- db
- sqlite
+- include: database-lmdb.yml
+ when: "pdns_lmdb_databases_locations | length > 0"
+ tags:
+ - db
+ - lmdb
+
- include: configure.yml
tags:
- config
-- name: Start and enable the PowerDNS Authoritative Server service
- service:
- name: "{{ pdns_service_name }}"
- state: started
- enabled: true
+- include: selinux.yml
+ when: ansible_selinux is defined and ansible_selinux.status == 'enabled'
tags:
- - service
+ - selinux
+ - config
-- name: Force handlers flush
- meta: flush_handlers
- when: pdns_flush_handlers
+- name: Start and enable the PowerDNS service
+ service:
+ name: "{{ pdns_service_name }}"
+ state: "{{ pdns_service_state }}"
+ enabled: "{{ pdns_service_enabled }}"
tags:
- - config
- service
diff --git a/roles/PowerDNS.pdns/tasks/repo-Debian.yml b/roles/PowerDNS.pdns/tasks/repo-Debian.yml
index e8e7cc8..d2f6731 100644
--- a/roles/PowerDNS.pdns/tasks/repo-Debian.yml
+++ b/roles/PowerDNS.pdns/tasks/repo-Debian.yml
@@ -5,17 +5,26 @@
name: gnupg
state: present
-- name: Import the PowerDNS Authoritative Server Repository APT key
+- name: Import the PowerDNS APT Repository key from URL
apt_key:
url: "{{ pdns_install_repo['gpg_key'] }}"
id: "{{ pdns_install_repo['gpg_key_id'] | default('') }}"
state: present
+ when: pdns_install_repo['gpg_key'] is regex("^[a-z]{3,}://")
register: _pdns_apt_key
-- name: Add the PowerDNS Authoritative Server APT Repository
+- name: Import the PowerDNS APT Repository key from File
+ apt_key:
+ data: "{{ lookup('file', pdns_install_repo['gpg_key']) }}"
+ id: "{{ pdns_install_repo['gpg_key_id'] | default('') }}"
+ state: present
+ when: not pdns_install_repo['gpg_key'] is regex("^[a-z]{3,}://")
+ register: _pdns_apt_key
+
+- name: Add the PowerDNS APT Repository
apt_repository:
- repo: "{{ pdns_install_repo['apt_repo'] }}"
filename: "{{ pdns_install_repo['name'] }}"
+ repo: "{{ pdns_install_repo['apt_repo'] }}"
state: present
register: _pdns_apt_repo
@@ -24,7 +33,7 @@
update_cache: yes
when: "_pdns_apt_key.changed or _pdns_apt_repo.changed"
-- name: Pin the PowerDNS Authoritative Server APT Repository
+- name: Pin the PowerDNS APT Repository
template:
src: pdns.pin.j2
dest: /etc/apt/preferences.d/pdns
diff --git a/roles/PowerDNS.pdns/tasks/repo-RedHat.yml b/roles/PowerDNS.pdns/tasks/repo-RedHat.yml
index f33f35a..09eaf5f 100644
--- a/roles/PowerDNS.pdns/tasks/repo-RedHat.yml
+++ b/roles/PowerDNS.pdns/tasks/repo-RedHat.yml
@@ -20,9 +20,11 @@
package:
name: yum-plugin-priorities
state: present
- when: ansible_distribution in [ 'CentOS' ]
+ when:
+ - ansible_distribution in [ 'CentOS' ]
+ - ansible_distribution_major_version | int < 8
-- name: Add the PowerDNS Authoritative Server YUM Repository
+- name: Add the PowerDNS YUM Repository
yum_repository:
name: "{{ pdns_install_repo['name'] }}"
file: "{{ pdns_install_repo['name'] }}"
@@ -30,10 +32,10 @@
baseurl: "{{ pdns_install_repo['yum_repo_baseurl'] }}"
gpgkey: "{{ pdns_install_repo['gpg_key'] }}"
gpgcheck: yes
- priority: 90
+ priority: "90"
state: present
-- name: Add the PowerDNS Authoritative Server debug symbols YUM Repository
+- name: Add the PowerDNS debug symbols YUM Repository
yum_repository:
name: "{{ pdns_install_repo['name'] }}-debuginfo"
file: "{{ pdns_install_repo['name'] }}"
@@ -41,6 +43,6 @@
baseurl: "{{ pdns_install_repo['yum_debug_symbols_repo_baseurl'] }}"
gpgkey: "{{ pdns_install_repo['gpg_key'] }}"
gpgcheck: yes
- priority: 90
+ priority: "90"
state: present
when: pdns_install_debug_symbols_package
diff --git a/roles/PowerDNS.pdns/tasks/selinux.yml b/roles/PowerDNS.pdns/tasks/selinux.yml
new file mode 100644
index 0000000..a7afcec
--- /dev/null
+++ b/roles/PowerDNS.pdns/tasks/selinux.yml
@@ -0,0 +1,14 @@
+---
+- name: allow mysql connect from pdns in selinux
+ seboolean:
+ name: pdns_can_network_connect_db
+ state: yes
+ persistent: yes
+ when: "pdns_mysql_databases_credentials | length > 0"
+
+- name: allow pdns to bind to udp high ports
+ seport:
+ ports: 10000-20000
+ proto: udp
+ setype: dns_port_t
+ state: present
diff --git a/roles/PowerDNS.pdns/templates/override-service.systemd.conf.j2 b/roles/PowerDNS.pdns/templates/override-service.systemd.conf.j2
new file mode 100644
index 0000000..bec0c2e
--- /dev/null
+++ b/roles/PowerDNS.pdns/templates/override-service.systemd.conf.j2
@@ -0,0 +1,7 @@
+[Service]
+{% for k, v in pdns_service_overrides.items() %}
+{% if k == 'ExecStart' %}ExecStart=
+{% elif k == 'ExecStartPre' %}ExecStartPre=
+{% endif %}
+{{ k }}={{ v }}
+{% endfor %}
diff --git a/roles/PowerDNS.pdns/templates/pdns.conf.j2 b/roles/PowerDNS.pdns/templates/pdns.conf.j2
index d98a984..037bd22 100644
--- a/roles/PowerDNS.pdns/templates/pdns.conf.j2
+++ b/roles/PowerDNS.pdns/templates/pdns.conf.j2
@@ -3,10 +3,16 @@ setuid={{ pdns_user }}
setgid={{ pdns_group }}
{% for config_item, value in pdns_config.items() | sort() %}
{% if config_item not in ["config-dir", "launch", "setuid", "setgid"] %}
-{% if value == True %}
+{% if value is sameas True %}
{{ config_item }}=yes
-{% elif value == False %}
+{% elif value is sameas False %}
{{ config_item }}=no
+{% elif value == None %}
+{{ config_item }}=
+{% elif value is string %}
+{{ config_item }}={{ value | string }}
+{% elif value is sequence %}
+{{ config_item }}={{ value | join(',') }}
{% else %}
{{ config_item }}={{ value | string }}
{% endif %}
@@ -19,11 +25,11 @@ launch=
launch+={{ backend }}
{% set backend_string = backend | replace(':', '-') %}
{% for backend_item, value in pdns_backends[backend].items() | sort() -%}
-{% if value == True %}
+{% if value is sameas True %}
{{ backend_string }}-{{ backend_item }}=yes
-{% elif backend_item == False %}
+{% elif value is sameas False %}
{{ backend_string }}-{{ backend_item }}=no
-{% elif backend_item == None %}
+{% elif value == None %}
{{ backend_string }}-{{ backend_item }}=
{% else %}
{{ backend_string }}-{{ backend_item }}={{ value | string }}
diff --git a/roles/PowerDNS.pdns/test-requirements.txt b/roles/PowerDNS.pdns/test-requirements.txt
index 1330df3..be8d0d1 100644
--- a/roles/PowerDNS.pdns/test-requirements.txt
+++ b/roles/PowerDNS.pdns/test-requirements.txt
@@ -1,2 +1,7 @@
-molecule==2.11.0
-docker-py==1.10.6
+jinja2==2.11.3
+ansible-lint==5.0.7
+yamllint==1.26.1
+molecule[docker]==3.3.0
+molecule[lint]==3.3.0
+testinfra
+docker==5.0.0
diff --git a/roles/PowerDNS.pdns/tox.ini b/roles/PowerDNS.pdns/tox.ini
index affd064..6608f94 100644
--- a/roles/PowerDNS.pdns/tox.ini
+++ b/roles/PowerDNS.pdns/tox.ini
@@ -1,22 +1,22 @@
[tox]
minversion = 1.8
-envlist = py{27}-ansible{22,23,24,25}
+envlist = ansible{29,210,211}
skipsdist = true
-[travis:env]
+[gh-actions:env]
ANSIBLE=
- 2.2: ansible22
- 2.3: ansible23
- 2.4: ansible24
- 2.5: ansible25
+ 2.9: ansible29
+ 2.10: ansible210
+ 2.11: ansible211
[testenv]
passenv = *
deps =
-rtest-requirements.txt
- ansible22: ansible<2.3
- ansible23: ansible<2.4
- ansible24: ansible<2.5
- ansible25: ansible<2.6
+ ansible29: ansible<2.10
+ ansible210: ansible<2.11
+ ansible211: ansible<2.12
+setenv =
+ PY_COLORS = 1
commands =
- {posargs:molecule test --all --destroy always}
+ {posargs:molecule -vv test --all --destroy always}
diff --git a/roles/PowerDNS.pdns/vars/Archlinux.yml b/roles/PowerDNS.pdns/vars/Archlinux.yml
new file mode 100644
index 0000000..8b887ab
--- /dev/null
+++ b/roles/PowerDNS.pdns/vars/Archlinux.yml
@@ -0,0 +1,19 @@
+---
+
+# The name of the PowerDNS package
+default_pdns_package_name: "powerdns"
+
+# List of PowerDNS Backends packages. Arch ships all backends in the main package
+default_pdns_backends_packages: {}
+
+# The directory where the PowerDNS configuration is located
+default_pdns_config_dir: '/etc/powerdns'
+
+# Packages to install for MySQL support
+pdns_mysql_packages:
+ - python-pymysql
+ - mariadb-clients
+
+# Other defaults
+pdns_user: powerdns
+pdns_group: powerdns
diff --git a/roles/PowerDNS.pdns/vars/Debian.yml b/roles/PowerDNS.pdns/vars/Debian.yml
index 4e5174d..3cf0821 100644
--- a/roles/PowerDNS.pdns/vars/Debian.yml
+++ b/roles/PowerDNS.pdns/vars/Debian.yml
@@ -6,6 +6,12 @@ default_pdns_package_name: "pdns-server"
# The name of the PowerDNS Authoritative Server debug package
default_pdns_debug_symbols_package_name: "pdns-server-dbg"
+# Packages needed to install MySQL
+pdns_mysql_packages:
+ - default-mysql-client
+ - python-mysqldb
+ - python3-mysqldb
+
# List of PowerDNS Authoritative Server Backends packages on Debian
default_pdns_backends_packages:
geo: pdns-backend-geo
diff --git a/roles/PowerDNS.pdns/vars/RedHat-8.yml b/roles/PowerDNS.pdns/vars/RedHat-8.yml
new file mode 100644
index 0000000..eeac155
--- /dev/null
+++ b/roles/PowerDNS.pdns/vars/RedHat-8.yml
@@ -0,0 +1,33 @@
+---
+
+# The name of the PowerDNS Authoritative Server package
+default_pdns_package_name: "pdns"
+
+# Packages needed to install MySQL
+pdns_mysql_packages:
+ - mariadb
+ - mariadb-server
+ - mariadb-connector-c
+ - python3-PyMySQL
+ - perl-DBD-MySQL
+
+# The name of the PowerDNS Authoritative Server debug package
+default_pdns_debug_symbols_package_name: "pdns-debuginfo"
+
+# List of PowerDNS Authoritative Server backends packages on RedHat
+default_pdns_backends_packages:
+ geo: pdns-backend-geo
+ geoip: pdns-backend-geoip
+ gmysql: pdns-backend-mysql
+ gpgsql: pdns-backend-postgresql
+ gsqlite3: pdns-backend-sqlite
+ ldap: pdns-backend-ldap
+ lmdb: pdns-backend-lmdb
+ lua: pdns-backend-lua
+ mydns: pdns-backend-mydns
+ pipe: pdns-backend-pipe
+ remote: pdns-backend-remote
+ tinydns: pdns-backend-tinydns
+
+# The directory where the PowerDNS Authoritative Server configuration is located
+default_pdns_config_dir: "/etc/pdns"
diff --git a/roles/PowerDNS.pdns/vars/RedHat.yml b/roles/PowerDNS.pdns/vars/RedHat.yml
index 8729d54..5e13780 100644
--- a/roles/PowerDNS.pdns/vars/RedHat.yml
+++ b/roles/PowerDNS.pdns/vars/RedHat.yml
@@ -3,6 +3,11 @@
# The name of the PowerDNS Authoritative Server package
default_pdns_package_name: "pdns"
+# Packages needed to install MySQL
+pdns_mysql_packages:
+ - mysql
+ - MySQL-python
+
# The name of the PowerDNS Authoritative Server debug package
default_pdns_debug_symbols_package_name: "pdns-debuginfo"
diff --git a/roles/PowerDNS.pdns/vars/Ubuntu-20.yml b/roles/PowerDNS.pdns/vars/Ubuntu-20.yml
new file mode 100644
index 0000000..cc79bb8
--- /dev/null
+++ b/roles/PowerDNS.pdns/vars/Ubuntu-20.yml
@@ -0,0 +1,30 @@
+---
+
+# The name of the PowerDNS Authoritative Server package
+default_pdns_package_name: "pdns-server"
+
+# The name of the PowerDNS Authoritative Server debug package
+default_pdns_debug_symbols_package_name: "pdns-server-dbg"
+
+# Packages needed to install MySQL
+pdns_mysql_packages:
+ - default-mysql-client
+ - python3-pymysql
+
+# List of PowerDNS Authoritative Server Backends packages on Debian
+default_pdns_backends_packages:
+ geo: pdns-backend-geo
+ geoip: pdns-backend-geoip
+ gmysql: pdns-backend-mysql
+ gpgsql: pdns-backend-pgsql
+ gsqlite3: pdns-backend-sqlite3
+ ldap: pdns-backend-ldap
+ lmdb: pdns-backend-lmdb
+ lua: pdns-backend-lua
+ mydns: pdns-backend-mydns
+ pipe: pdns-backend-pipe
+ remote: pdns-backend-remote
+ tinydns: pdns-backend-tinydns
+
+# The directory where the PowerDNS Authoritative Server configuration is located
+default_pdns_config_dir: "/etc/powerdns"
diff --git a/roles/PowerDNS.pdns/vars/main.yml b/roles/PowerDNS.pdns/vars/main.yml
index 88797e7..10ac8a0 100644
--- a/roles/PowerDNS.pdns/vars/main.yml
+++ b/roles/PowerDNS.pdns/vars/main.yml
@@ -9,20 +9,26 @@ pdns_auth_powerdns_repo_master:
yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-master/debug"
name: "powerdns-auth-master"
-pdns_auth_powerdns_repo_40:
+pdns_auth_powerdns_repo_43:
apt_repo_origin: "repo.powerdns.com"
- apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-40 main"
+ apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-43 main"
gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc"
gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB"
- yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-40"
- yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-40/debug"
- name: "powerdns-auth-40"
+ yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-43"
+ yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-43/debug"
+ name: "powerdns-auth-43"
-pdns_auth_powerdns_repo_41:
+pdns_auth_powerdns_repo_44:
apt_repo_origin: "repo.powerdns.com"
- apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-41 main"
+ apt_repo: "deb [arch=amd64] http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-44 main"
gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc"
gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB"
- yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-41"
- yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-41/debug"
- name: "powerdns-auth-41"
+ yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-44"
+ yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-44/debug"
+ name: "powerdns-auth-44"
+
+default_pdns_service_overrides: >-
+ {{ { 'User' : pdns_user
+ , 'Group' : pdns_group
+ }
+ }}
diff --git a/roles/PowerDNS.setup/tasks/main.yml b/roles/PowerDNS.setup/tasks/main.yml
index dc7ad57..b58990e 100644
--- a/roles/PowerDNS.setup/tasks/main.yml
+++ b/roles/PowerDNS.setup/tasks/main.yml
@@ -25,7 +25,7 @@
- name: Start the MySQL service on RedHat
- sudo: yes
+ become: true
service:
name: mariadb
state: started
@@ -39,11 +39,11 @@
with_items:
- mysql-server
- mysql-client
- - python-mysqldb
+ - python3-mysqldb
when: ansible_os_family == 'Debian'
- name: Start the MySQL service on Debian
- sudo: yes
+ become: true
service:
name: mysql
state: started
--
GitLab