From 201ae6d94a1cb5b468a48b5b2abd6f01eb37e53a Mon Sep 17 00:00:00 2001 From: Alexandre Le Gall Date: Fri, 22 Sep 2023 17:25:03 +0200 Subject: [PATCH 01/10] [EVO] Utiliser l'inventaire d'ansible --- tasks/client.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks/client.yml b/tasks/client.yml index ab0d8fd..90f7b5c 100644 --- a/tasks/client.yml +++ b/tasks/client.yml @@ -11,7 +11,6 @@ when: - dnsmasq_servers | length > 0 - dnsmasq_host_ipv4 not in dnsmasq_servers - tags: creation loop: "{{ dnsmasq_servers }}" loop_control: loop_var: dnsserver From 6258dd6d5766a600cb1678191f925cd3b2888641 Mon Sep 17 00:00:00 2001 From: Alexandre Le Gall Date: Tue, 26 Sep 2023 11:12:29 +0200 Subject: [PATCH 02/10] =?UTF-8?q?[EVO]=20G=C3=A9rer=20des=20fichiers=20sp?= =?UTF-8?q?=C3=A9cifiques?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 6 ++++++ defaults/main.yml | 2 ++ tasks/configuration.yml | 20 ++++++++++++++++++-- templates/specific.conf.j2 | 6 ++++++ 4 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 templates/specific.conf.j2 diff --git a/README.md b/README.md index 34dfdc7..5a89f7f 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,12 @@ Nom d'hôte du client. *Valeur par défaut: `{{ inventory_hostname }} {{ inventory_hostname_short }}`* +### dnsmasq_specifics + +Liste de dictionnaires contenant le nom d'hôte, les alias et la liste d'IP associées. + +*Valeur par défaut: aucune* + ## Exemple d'utilisation ### inventory.yml diff --git a/defaults/main.yml b/defaults/main.yml index 7a47c24..2b3f154 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,3 +11,5 @@ dnsmasq_host_aliases: [] dnsmasq_client_filename: "{{ inventory_hostname }}" dnsmasq_client_hostname: "{{ inventory_hostname }} {{ inventory_hostname_short }}" + +dnsmasq_specifics: [] diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 9147453..3f55b91 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -13,10 +13,26 @@ - name: Déployer la configuration de l'instance ansible.builtin.template: + src: host.conf.j2 + dest: /srv/dnsmasq/{{ inventory_hostname }}.conf owner: dnsmasq group: root mode: u=rw,g=r,o=r - src: host.conf.j2 - dest: /srv/dnsmasq/{{ inventory_hostname }}.conf become: true notify: Recharger dnsmasq.service + +- name: Déployer les configurations specifiques + ansible.builtin.template: + src: specific.conf.j2 + dest: "{{ filename }}" + owner: dnsmasq + group: root + mode: u=rw,g=r,o=r + when: dnsmasq_specifics | length > 0 + become: true + notify: Recharger dnsmasq.service + loop: "{{ dnsmasq_specifics }}" + loop_control: + label: "{{ filename }}" + vars: + filename: /srv/dnsmasq/{{ item.hostname }}.conf diff --git a/templates/specific.conf.j2 b/templates/specific.conf.j2 new file mode 100644 index 0000000..d3157f9 --- /dev/null +++ b/templates/specific.conf.j2 @@ -0,0 +1,6 @@ +# {{ ansible_managed }} + +{% for ip in item.ips %} +{% set aliases = item.get('aliases', []) %} +{{ ip }} {{ ([item.hostname] + aliases) | join(' ') }} +{% endfor %} From 3b2c621dcab13555fa1ea6c58347fa6e2cdb9346 Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Wed, 13 Dec 2023 15:59:13 +0100 Subject: [PATCH 03/10] feat: Generate file for all ansible hosts --- tasks/configuration.yml | 16 +++++++++++++--- templates/ansible_hosts.conf.j2 | 13 +++++++++++++ templates/dnsmasq.conf.j2 | 2 +- 3 files changed, 27 insertions(+), 4 deletions(-) create mode 100644 templates/ansible_hosts.conf.j2 diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 3f55b91..5ccc635 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -11,16 +11,26 @@ become: true notify: Recharger dnsmasq.service -- name: Déployer la configuration de l'instance +- name: Déployer la configuration des hôtes ansible ansible.builtin.template: - src: host.conf.j2 - dest: /srv/dnsmasq/{{ inventory_hostname }}.conf + src: ansible_hosts.conf.j2 + dest: /srv/dnsmasq/ansible_hosts.disabled owner: dnsmasq group: root mode: u=rw,g=r,o=r become: true notify: Recharger dnsmasq.service +#- name: Déployer la configuration de l'instance +# ansible.builtin.template: +# src: host.conf.j2 +# dest: /srv/dnsmasq/{{ inventory_hostname }}.conf +# owner: dnsmasq +# group: root +# mode: u=rw,g=r,o=r +# become: true +# notify: Recharger dnsmasq.service + - name: Déployer les configurations specifiques ansible.builtin.template: src: specific.conf.j2 diff --git a/templates/ansible_hosts.conf.j2 b/templates/ansible_hosts.conf.j2 new file mode 100644 index 0000000..73ec6b7 --- /dev/null +++ b/templates/ansible_hosts.conf.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} + +{% for host in groups['all'] %} +# BEGIN {{ host }} +{% if hostvars[host]["dnsmasq_host_ipv4"] | length > 0 %} +hostvars[host]["dnsmasq_host_ipv4"] {{ hostvars[host]["dnsmasq_client_hostname"] }} {{ hostvars[host]["dnsmasq_host_aliases"] | join(' ') }} +{% endif %} +{% if hostvars[host]["dnsmasq_host_ipv4"] | length > 0 %} +hostvars[host]["dnsmasq_host_ipv4"] {{ hostvars[host]["dnsmasq_client_hostname"] }} {{ hostvars[host]["dnsmasq_host_aliases"] | join(' ') }} +{% endif %} +# END {{ host }} + +{% endfor %} diff --git a/templates/dnsmasq.conf.j2 b/templates/dnsmasq.conf.j2 index 66c785d..373675b 100644 --- a/templates/dnsmasq.conf.j2 +++ b/templates/dnsmasq.conf.j2 @@ -37,4 +37,4 @@ rebind-localhost-ok cache-size=1024 # Définir le fichier des entrées personnalisées -addn-hosts=/srv/dnsmasq +addn-hosts=/srv/dnsmasq/*.conf From 1090043f34a07444b0d02023d670e47e49e93e9c Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Wed, 13 Dec 2023 17:24:08 +0100 Subject: [PATCH 04/10] Revert "feat: Generate file for all ansible hosts" This reverts commit 3b2c621dcab13555fa1ea6c58347fa6e2cdb9346. --- tasks/configuration.yml | 16 +++------------- templates/ansible_hosts.conf.j2 | 13 ------------- templates/dnsmasq.conf.j2 | 2 +- 3 files changed, 4 insertions(+), 27 deletions(-) delete mode 100644 templates/ansible_hosts.conf.j2 diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 5ccc635..3f55b91 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -11,26 +11,16 @@ become: true notify: Recharger dnsmasq.service -- name: Déployer la configuration des hôtes ansible +- name: Déployer la configuration de l'instance ansible.builtin.template: - src: ansible_hosts.conf.j2 - dest: /srv/dnsmasq/ansible_hosts.disabled + src: host.conf.j2 + dest: /srv/dnsmasq/{{ inventory_hostname }}.conf owner: dnsmasq group: root mode: u=rw,g=r,o=r become: true notify: Recharger dnsmasq.service -#- name: Déployer la configuration de l'instance -# ansible.builtin.template: -# src: host.conf.j2 -# dest: /srv/dnsmasq/{{ inventory_hostname }}.conf -# owner: dnsmasq -# group: root -# mode: u=rw,g=r,o=r -# become: true -# notify: Recharger dnsmasq.service - - name: Déployer les configurations specifiques ansible.builtin.template: src: specific.conf.j2 diff --git a/templates/ansible_hosts.conf.j2 b/templates/ansible_hosts.conf.j2 deleted file mode 100644 index 73ec6b7..0000000 --- a/templates/ansible_hosts.conf.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# {{ ansible_managed }} - -{% for host in groups['all'] %} -# BEGIN {{ host }} -{% if hostvars[host]["dnsmasq_host_ipv4"] | length > 0 %} -hostvars[host]["dnsmasq_host_ipv4"] {{ hostvars[host]["dnsmasq_client_hostname"] }} {{ hostvars[host]["dnsmasq_host_aliases"] | join(' ') }} -{% endif %} -{% if hostvars[host]["dnsmasq_host_ipv4"] | length > 0 %} -hostvars[host]["dnsmasq_host_ipv4"] {{ hostvars[host]["dnsmasq_client_hostname"] }} {{ hostvars[host]["dnsmasq_host_aliases"] | join(' ') }} -{% endif %} -# END {{ host }} - -{% endfor %} diff --git a/templates/dnsmasq.conf.j2 b/templates/dnsmasq.conf.j2 index 373675b..66c785d 100644 --- a/templates/dnsmasq.conf.j2 +++ b/templates/dnsmasq.conf.j2 @@ -37,4 +37,4 @@ rebind-localhost-ok cache-size=1024 # Définir le fichier des entrées personnalisées -addn-hosts=/srv/dnsmasq/*.conf +addn-hosts=/srv/dnsmasq From 347114c51b02f7c5b173f68b2af46efe71e0c905 Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Mon, 6 May 2024 20:10:23 +0200 Subject: [PATCH 05/10] feat: Add rev-server option --- templates/dnsmasq.conf.j2 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/templates/dnsmasq.conf.j2 b/templates/dnsmasq.conf.j2 index 66c785d..c70dc70 100644 --- a/templates/dnsmasq.conf.j2 +++ b/templates/dnsmasq.conf.j2 @@ -22,11 +22,16 @@ no-resolv # Ne pas utiliser /etc/hosts no-hosts -# Utiliser dnscrypt-proxy +# Définir les serveurs DNS à suivre {% for server in dnsmasq_conf_servers %} server={{ server }} {% endfor %} +# Définir les serveurs DNS à suivre (PTR) +{% for server in dnsmasq_conf_rev_servers %} +rev-server={{ server }} +{% endfor %} + # Bloquer le rebond DNS stop-dns-rebind From c60537f419e24b4a792078436f62e2260e63ca92 Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Mon, 6 May 2024 20:18:05 +0200 Subject: [PATCH 06/10] feat: Simplify conf variables --- README.md | 8 ++++---- defaults/main.yml | 5 +++-- templates/dnsmasq.conf.j2 | 10 ++++++---- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 5a89f7f..14c81f6 100644 --- a/README.md +++ b/README.md @@ -4,13 +4,13 @@ Ce rôle permet d'installer et configurer dnsmasq. ## Variables -### dnsmasq_conf_domain +### dnsmasq_domain Nom de domain utilisé pour qualifier les noms courts. *Valeur par défaut: aucune* -### dnsmasq_conf_servers +### dnsmasq_servers Liste d'adresses IP auxquelles les requêtes DNS sont transmises si dnsmasq ne porte pas le domaine. @@ -84,8 +84,8 @@ dnsmasq_servers: "{{ groups['dnsservers'] }}" ```yaml --- -dnsmasq_conf_domain: ykn.local -dnsmasq_conf_servers: +dnsmasq_domain: ykn.local +dnsmasq_servers: - 127.0.0.1#53000 - ::1#53000 ``` diff --git a/defaults/main.yml b/defaults/main.yml index 2b3f154..e56983c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,8 +1,9 @@ --- # defaults file for dnsmasq -dnsmasq_conf_domain: "" -dnsmasq_conf_servers: [] +dnsmasq_domain: "" +dnsmasq_servers: [] +dnsmasq_bogus_priv_enabled: true dnsmasq_servers: [] diff --git a/templates/dnsmasq.conf.j2 b/templates/dnsmasq.conf.j2 index c70dc70..b63fec5 100644 --- a/templates/dnsmasq.conf.j2 +++ b/templates/dnsmasq.conf.j2 @@ -3,12 +3,14 @@ # Ne pas transmettre les requêtes avec un nom court (pas FQDN) domain-needed +{% if dnsmasq_bogus_priv_enabled %} # Ne pas envoyer les requête sur les IP privées bogus-priv +{% endif %} # Spécifié le domaine pour qualifié les noms courts -domain={{ dnsmasq_conf_domain }} -local=/{{ dnsmasq_conf_domain }}/ +domain={{ dnsmasq_domain }} +local=/{{ dnsmasq_domain }}/ # Ajoute le nom de domaine au noms simples expand-hosts @@ -23,12 +25,12 @@ no-resolv no-hosts # Définir les serveurs DNS à suivre -{% for server in dnsmasq_conf_servers %} +{% for server in dnsmasq_servers %} server={{ server }} {% endfor %} # Définir les serveurs DNS à suivre (PTR) -{% for server in dnsmasq_conf_rev_servers %} +{% for server in dnsmasq_rev_servers %} rev-server={{ server }} {% endfor %} From 9481a70c393776206effba8c976dc28f530c9567 Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Mon, 6 May 2024 20:19:12 +0200 Subject: [PATCH 07/10] fix: Add rev-server option --- defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/defaults/main.yml b/defaults/main.yml index e56983c..428bd9b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,7 @@ dnsmasq_domain: "" dnsmasq_servers: [] +dnsmasq_rev_servers: [] dnsmasq_bogus_priv_enabled: true dnsmasq_servers: [] From 8458675875d35daa41149910ef5d1fef3e05ea4b Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Mon, 6 May 2024 20:20:59 +0200 Subject: [PATCH 08/10] fix: Deduplicate variable --- README.md | 4 ++-- defaults/main.yml | 2 +- handlers/main.yml | 2 +- tasks/client.yml | 12 ++++++------ 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 14c81f6..df69768 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Liste d'adresses IP auxquelles les requêtes DNS sont transmises si dnsmasq ne p *Valeur par défaut: aucune* -### dnsmasq_servers +### dnsmasq_hosts Liste d'IP ou de noms d'hôtes servant de serveur DNS. @@ -75,7 +75,7 @@ all: ```yaml --- -dnsmasq_servers: "{{ groups['dnsservers'] }}" +dnsmasq_hosts: "{{ groups['dnsservers'] }}" ``` diff --git a/defaults/main.yml b/defaults/main.yml index 428bd9b..3741bed 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,7 +6,7 @@ dnsmasq_servers: [] dnsmasq_rev_servers: [] dnsmasq_bogus_priv_enabled: true -dnsmasq_servers: [] +dnsmasq_hosts: [] dnsmasq_host_ips: [] dnsmasq_host_aliases: [] diff --git a/handlers/main.yml b/handlers/main.yml index 7fb2eb3..ebe8314 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -12,7 +12,7 @@ ansible.builtin.systemd: state: reloaded name: dnsmasq.service - loop: "{{ dnsmasq_servers }}" + loop: "{{ dnsmasq_hosts }}" loop_control: loop_var: dnsserver delegate_to: "{{ dnsserver }}" diff --git a/tasks/client.yml b/tasks/client.yml index 90f7b5c..1eac074 100644 --- a/tasks/client.yml +++ b/tasks/client.yml @@ -9,9 +9,9 @@ src: "{{ role_path }}/templates/host.conf.j2" dest: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf when: - - dnsmasq_servers | length > 0 - - dnsmasq_host_ipv4 not in dnsmasq_servers - loop: "{{ dnsmasq_servers }}" + - dnsmasq_hosts | length > 0 + - dnsmasq_host_ipv4 not in dnsmasq_hosts + loop: "{{ dnsmasq_hosts }}" loop_control: loop_var: dnsserver delegate_to: "{{ dnsserver }}" @@ -23,10 +23,10 @@ path: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf state: absent when: - - dnsmasq_servers | length > 0 - - dnsmasq_host_ipv4 not in dnsmasq_servers + - dnsmasq_hosts | length > 0 + - dnsmasq_host_ipv4 not in dnsmasq_hosts tags: [destruction, never] - loop: "{{ dnsmasq_servers }}" + loop: "{{ dnsmasq_hosts }}" loop_control: loop_var: dnsserver delegate_to: "{{ dnsserver }}" From f94aebef41e507243fab1d308bf7fa26b243c380 Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Mon, 6 May 2024 20:33:38 +0200 Subject: [PATCH 09/10] feat: Allow only local request --- templates/dnsmasq.conf.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/dnsmasq.conf.j2 b/templates/dnsmasq.conf.j2 index b63fec5..28342d0 100644 --- a/templates/dnsmasq.conf.j2 +++ b/templates/dnsmasq.conf.j2 @@ -1,5 +1,8 @@ # {{ ansible_managed }} +# Répondre aux demandes locales uniquement +local-service + # Ne pas transmettre les requêtes avec un nom court (pas FQDN) domain-needed From c787b5c904f7327d33293e4a57cbe7205dab1f6a Mon Sep 17 00:00:00 2001 From: "pulsar89.5" Date: Mon, 6 May 2024 20:40:10 +0200 Subject: [PATCH 10/10] feat: Change configuration file name --- tasks/configuration.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tasks/configuration.yml b/tasks/configuration.yml index 3f55b91..e88f504 100644 --- a/tasks/configuration.yml +++ b/tasks/configuration.yml @@ -1,10 +1,16 @@ --- # tasks file for security +- name: Supprimer l'ancien fichier de configuration + ansible.builtin.file: + path: /etc/dnsmasq.d/cache.conf + state: absent + become: true + - name: Configurer dnsmasq ansible.builtin.template: src: dnsmasq.conf.j2 - dest: /etc/dnsmasq.d/cache.conf + dest: /etc/dnsmasq.d/dns.conf owner: root group: root mode: u=rw,g=r,o=r