Merge pull request '[INFO] Création du rôle' (#1) from alpha into master
Reviewed-on: #1
This commit is contained in:
commit
db48a99f30
123
README.md
123
README.md
@ -1,3 +1,122 @@
|
|||||||
# role_modele
|
# role_dnsmasq
|
||||||
|
|
||||||
Modèle
|
Ce rôle permet d'installer et configurer dnsmasq.
|
||||||
|
|
||||||
|
## Variables
|
||||||
|
|
||||||
|
### dnsmasq_conf_domain
|
||||||
|
|
||||||
|
Nom de domain utilisé pour qualifier les noms courts.
|
||||||
|
|
||||||
|
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
||||||
|
|
||||||
|
### dnsmasq_conf_servers
|
||||||
|
|
||||||
|
Liste d'adresses IP auxquelles les requêtes DNS sont transmises si dnsmasq ne porte pas le domaine.
|
||||||
|
|
||||||
|
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
||||||
|
|
||||||
|
### dnsmasq_servers
|
||||||
|
|
||||||
|
Liste d'IP ou de noms d'hôtes servant de serveur DNS.
|
||||||
|
|
||||||
|
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
||||||
|
|
||||||
|
### dnsmasq_host_ipv4 ou dnsmasq_host_ipv6
|
||||||
|
|
||||||
|
Liste d'IP de l'hôte.
|
||||||
|
|
||||||
|
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
||||||
|
|
||||||
|
### dnsmasq_host_aliases
|
||||||
|
|
||||||
|
Liste d'alias pour un hôte (*host_groups*).
|
||||||
|
|
||||||
|
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
||||||
|
|
||||||
|
### dnsmasq_client_filename
|
||||||
|
|
||||||
|
Nom du fichier pour le client.
|
||||||
|
|
||||||
|
*<span style="text-decoration: underline">Valeur par défaut:</span> `{{ inventory_hostname }}`*
|
||||||
|
|
||||||
|
### dnsmasq_client_hostname
|
||||||
|
|
||||||
|
Nom d'hôte du client.
|
||||||
|
|
||||||
|
*<span style="text-decoration: underline">Valeur par défaut:</span> `{{ inventory_hostname }} {{ inventory_hostname_short }}`*
|
||||||
|
|
||||||
|
## Exemple d'utilisation
|
||||||
|
|
||||||
|
### inventory.yml
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
|
||||||
|
all:
|
||||||
|
hosts:
|
||||||
|
host1.ykn.local:
|
||||||
|
host2.ykn.local:
|
||||||
|
children:
|
||||||
|
dnsservers:
|
||||||
|
hosts:
|
||||||
|
dnsmasq1.ykn.local:
|
||||||
|
dnsmasq2.ykn.local:
|
||||||
|
```
|
||||||
|
|
||||||
|
### group_vars/all.yml
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
|
||||||
|
dnsmasq_servers: "{{ groups['dnsservers'] }}"
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
### group_vars/dnsservers.yml
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
|
||||||
|
dnsmasq_conf_domain: ykn.local
|
||||||
|
dnsmasq_conf_servers:
|
||||||
|
- 127.0.0.1#53000
|
||||||
|
- ::1#53000
|
||||||
|
```
|
||||||
|
|
||||||
|
### host_vars/host1.ykn.local.yml
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
|
||||||
|
dnsmasq_host_ipv4: [192.168.50.6]
|
||||||
|
dnsmasq_host_ipv6: [fd00:ff50::d006]
|
||||||
|
|
||||||
|
dnsmasq_host_alias:
|
||||||
|
- monsuperhost1.ykn.local
|
||||||
|
- monsuperhost1
|
||||||
|
- toto.ykn.local
|
||||||
|
- toto
|
||||||
|
```
|
||||||
|
|
||||||
|
### playbook.yml
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Déployer les serveurs DNS
|
||||||
|
hosts: dnsservers
|
||||||
|
roles:
|
||||||
|
- name: stubby
|
||||||
|
- name: dnsmasq
|
||||||
|
- name: nftables
|
||||||
|
|
||||||
|
- name: Gérer l'enregistrement DNS
|
||||||
|
hosts: 'all:!dnsservers'
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Inclure le rôle
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: dnsmasq
|
||||||
|
tasks_from: client
|
||||||
|
```
|
||||||
|
14
defaults/main.yml
Normal file
14
defaults/main.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
# defaults file for dnsmasq
|
||||||
|
|
||||||
|
dnsmasq_conf_domain: ""
|
||||||
|
dnsmasq_conf_servers: []
|
||||||
|
|
||||||
|
dnsmasq_servers: []
|
||||||
|
|
||||||
|
dnsmasq_host_ipv4: []
|
||||||
|
dnsmasq_host_ipv6: []
|
||||||
|
dnsmasq_host_aliases: []
|
||||||
|
|
||||||
|
dnsmasq_client_filename: "{{ inventory_hostname }}"
|
||||||
|
dnsmasq_client_hostname: "{{ inventory_hostname }} {{ inventory_hostname_short }}"
|
18
handlers/main.yml
Normal file
18
handlers/main.yml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
# handlers file for dnsmasq
|
||||||
|
|
||||||
|
- name: Recharger dnsmasq.service
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
state: reloaded
|
||||||
|
name: dnsmasq.service
|
||||||
|
|
||||||
|
- name: Recharger dnsmasq.service sur les serveurs
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
state: reloaded
|
||||||
|
name: dnsmasq.service
|
||||||
|
loop: "{{ dnsmasq_servers }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: dnsserver
|
||||||
|
delegate_to: "{{ dnsserver }}"
|
@ -1,14 +1,15 @@
|
|||||||
galaxy_info:
|
galaxy_info:
|
||||||
|
namespace: ykn
|
||||||
author: pulsar89.5
|
author: pulsar89.5
|
||||||
description: Rôle modèle
|
description: Rôle de déploiement de dnsmasq
|
||||||
|
|
||||||
license: GPL-3.0-or-later
|
license: GPL-3.0-or-later
|
||||||
|
|
||||||
min_ansible_version: 2.1
|
min_ansible_version: '2.1'
|
||||||
|
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian (LXD)
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- 11
|
- all
|
||||||
|
|
||||||
dependencies: []
|
dependencies: []
|
||||||
|
31
tasks/client.yml
Normal file
31
tasks/client.yml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
---
|
||||||
|
# tasks file for security
|
||||||
|
|
||||||
|
- name: Déployer le fichier lié à l'hôte
|
||||||
|
ansible.builtin.template:
|
||||||
|
owner: dnsmasq
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
src: "{{ role_path }}/templates/host.conf.j2"
|
||||||
|
dest: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf
|
||||||
|
when: dnsmasq_servers | length > 0
|
||||||
|
tags: creation
|
||||||
|
loop: "{{ dnsmasq_servers }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: dnsserver
|
||||||
|
delegate_to: "{{ dnsserver }}"
|
||||||
|
become: true
|
||||||
|
notify: Recharger dnsmasq.service sur les serveurs
|
||||||
|
|
||||||
|
- name: Supprimer le fichier lié à l'hôte
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf
|
||||||
|
state: absent
|
||||||
|
when: dnsmasq_servers | length > 0
|
||||||
|
tags: [destruction, never]
|
||||||
|
loop: "{{ dnsmasq_servers }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: dnsserver
|
||||||
|
delegate_to: "{{ dnsserver }}"
|
||||||
|
become: true
|
||||||
|
notify: Recharger dnsmasq.service sur les serveurs
|
22
tasks/configuration.yml
Normal file
22
tasks/configuration.yml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
# tasks file for security
|
||||||
|
|
||||||
|
- name: Configurer dnsmasq
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: dnsmasq.conf.j2
|
||||||
|
dest: /etc/dnsmasq.d/cache.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
become: true
|
||||||
|
notify: Recharger dnsmasq.service
|
||||||
|
|
||||||
|
- name: Déployer la configuration de l'instance
|
||||||
|
ansible.builtin.template:
|
||||||
|
owner: dnsmasq
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
src: host.conf.j2
|
||||||
|
dest: /srv/dnsmasq/{{ inventory_hostname }}.conf
|
||||||
|
become: true
|
||||||
|
notify: Recharger dnsmasq.service
|
16
tasks/installation.yml
Normal file
16
tasks/installation.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
# tasks file for dnsmasq
|
||||||
|
|
||||||
|
- name: Installer dnsmasq
|
||||||
|
become: true
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: dnsmasq
|
||||||
|
|
||||||
|
- name: Créer le dossier dédié à dnsmasq
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /srv/dnsmasq
|
||||||
|
state: directory
|
||||||
|
owner: dnsmasq
|
||||||
|
group: root
|
||||||
|
mode: u=rwX,g=rX,o=rX
|
||||||
|
become: true
|
10
tasks/main.yml
Normal file
10
tasks/main.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
# tasks file for dnsmasq
|
||||||
|
|
||||||
|
- name: Importer les tâches d'installation
|
||||||
|
tags: installation
|
||||||
|
ansible.builtin.import_tasks: installation.yml
|
||||||
|
|
||||||
|
- name: Importer les tâches de configuration
|
||||||
|
tags: configuration
|
||||||
|
ansible.builtin.import_tasks: configuration.yml
|
40
templates/dnsmasq.conf.j2
Normal file
40
templates/dnsmasq.conf.j2
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
# Ne pas transmettre les requêtes avec un nom court (pas FQDN)
|
||||||
|
domain-needed
|
||||||
|
|
||||||
|
# Ne pas envoyer les requête sur les IP privées
|
||||||
|
bogus-priv
|
||||||
|
|
||||||
|
# Spécifié le domaine pour qualifié les noms courts
|
||||||
|
domain={{ dnsmasq_conf_domain }}
|
||||||
|
local=/{{ dnsmasq_conf_domain }}/
|
||||||
|
|
||||||
|
# Ajoute le nom de domaine au noms simples
|
||||||
|
expand-hosts
|
||||||
|
|
||||||
|
# Ne pas mettre en cache les requêtes n'aboutissant pas
|
||||||
|
no-negcache
|
||||||
|
|
||||||
|
# Ne pas utiliser /etc/resolv.conf
|
||||||
|
no-resolv
|
||||||
|
|
||||||
|
# Ne pas utiliser /etc/hosts
|
||||||
|
no-hosts
|
||||||
|
|
||||||
|
# Utiliser dnscrypt-proxy
|
||||||
|
{% for server in dnsmasq_conf_servers %}
|
||||||
|
server={{ server }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
# Bloquer le rebond DNS
|
||||||
|
stop-dns-rebind
|
||||||
|
|
||||||
|
# Autoriser le rebond sur localhost
|
||||||
|
rebind-localhost-ok
|
||||||
|
|
||||||
|
# Taille du cache DNS
|
||||||
|
cache-size=1024
|
||||||
|
|
||||||
|
# Définir le fichier des entrées personnalisées
|
||||||
|
addn-hosts=/srv/dnsmasq
|
8
templates/host.conf.j2
Normal file
8
templates/host.conf.j2
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
{% for ip in dnsmasq_host_ipv4 %}
|
||||||
|
{{ ip }} {{ dnsmasq_client_hostname }} {{ dnsmasq_host_aliases | join(' ') }}
|
||||||
|
{% endfor %}
|
||||||
|
{% for ip in dnsmasq_host_ipv6 %}
|
||||||
|
{{ ip }} {{ dnsmasq_client_hostname }} {{ dnsmasq_host_aliases | join(' ') }}
|
||||||
|
{% endfor %}
|
Loading…
Reference in New Issue
Block a user