Compare commits
11 Commits
b9baf12530
...
d7275597a0
| Author | SHA1 | Date | |
|---|---|---|---|
| d7275597a0 | |||
| c787b5c904 | |||
| f94aebef41 | |||
| 8458675875 | |||
| 9481a70c39 | |||
| c60537f419 | |||
| 347114c51b | |||
| 1090043f34 | |||
| 3b2c621dca | |||
| 6258dd6d57 | |||
| 201ae6d94a |
18
README.md
18
README.md
@ -4,19 +4,19 @@ Ce rôle permet d'installer et configurer dnsmasq.
|
|||||||
|
|
||||||
## Variables
|
## Variables
|
||||||
|
|
||||||
### dnsmasq_conf_domain
|
### dnsmasq_domain
|
||||||
|
|
||||||
Nom de domain utilisé pour qualifier les noms courts.
|
Nom de domain utilisé pour qualifier les noms courts.
|
||||||
|
|
||||||
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
||||||
|
|
||||||
### dnsmasq_conf_servers
|
### dnsmasq_servers
|
||||||
|
|
||||||
Liste d'adresses IP auxquelles les requêtes DNS sont transmises si dnsmasq ne porte pas le domaine.
|
Liste d'adresses IP auxquelles les requêtes DNS sont transmises si dnsmasq ne porte pas le domaine.
|
||||||
|
|
||||||
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
||||||
|
|
||||||
### dnsmasq_servers
|
### dnsmasq_hosts
|
||||||
|
|
||||||
Liste d'IP ou de noms d'hôtes servant de serveur DNS.
|
Liste d'IP ou de noms d'hôtes servant de serveur DNS.
|
||||||
|
|
||||||
@ -46,6 +46,12 @@ Nom d'hôte du client.
|
|||||||
|
|
||||||
*<span style="text-decoration: underline">Valeur par défaut:</span> `{{ inventory_hostname }} {{ inventory_hostname_short }}`*
|
*<span style="text-decoration: underline">Valeur par défaut:</span> `{{ inventory_hostname }} {{ inventory_hostname_short }}`*
|
||||||
|
|
||||||
|
### dnsmasq_specifics
|
||||||
|
|
||||||
|
Liste de dictionnaires contenant le nom d'hôte, les alias et la liste d'IP associées.
|
||||||
|
|
||||||
|
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
|
||||||
|
|
||||||
## Exemple d'utilisation
|
## Exemple d'utilisation
|
||||||
|
|
||||||
### inventory.yml
|
### inventory.yml
|
||||||
@ -69,7 +75,7 @@ all:
|
|||||||
```yaml
|
```yaml
|
||||||
---
|
---
|
||||||
|
|
||||||
dnsmasq_servers: "{{ groups['dnsservers'] }}"
|
dnsmasq_hosts: "{{ groups['dnsservers'] }}"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
@ -78,8 +84,8 @@ dnsmasq_servers: "{{ groups['dnsservers'] }}"
|
|||||||
```yaml
|
```yaml
|
||||||
---
|
---
|
||||||
|
|
||||||
dnsmasq_conf_domain: ykn.local
|
dnsmasq_domain: ykn.local
|
||||||
dnsmasq_conf_servers:
|
dnsmasq_servers:
|
||||||
- 127.0.0.1#53000
|
- 127.0.0.1#53000
|
||||||
- ::1#53000
|
- ::1#53000
|
||||||
```
|
```
|
||||||
|
|||||||
@ -1,13 +1,17 @@
|
|||||||
---
|
---
|
||||||
# defaults file for dnsmasq
|
# defaults file for dnsmasq
|
||||||
|
|
||||||
dnsmasq_conf_domain: ""
|
dnsmasq_domain: ""
|
||||||
dnsmasq_conf_servers: []
|
|
||||||
|
|
||||||
dnsmasq_servers: []
|
dnsmasq_servers: []
|
||||||
|
dnsmasq_rev_servers: []
|
||||||
|
dnsmasq_bogus_priv_enabled: true
|
||||||
|
|
||||||
|
dnsmasq_hosts: []
|
||||||
|
|
||||||
dnsmasq_host_ips: []
|
dnsmasq_host_ips: []
|
||||||
dnsmasq_host_aliases: []
|
dnsmasq_host_aliases: []
|
||||||
|
|
||||||
dnsmasq_client_filename: "{{ inventory_hostname }}"
|
dnsmasq_client_filename: "{{ inventory_hostname }}"
|
||||||
dnsmasq_client_hostname: "{{ inventory_hostname }} {{ inventory_hostname_short }}"
|
dnsmasq_client_hostname: "{{ inventory_hostname }} {{ inventory_hostname_short }}"
|
||||||
|
|
||||||
|
dnsmasq_specifics: []
|
||||||
|
|||||||
@ -12,7 +12,7 @@
|
|||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
state: reloaded
|
state: reloaded
|
||||||
name: dnsmasq.service
|
name: dnsmasq.service
|
||||||
loop: "{{ dnsmasq_servers }}"
|
loop: "{{ dnsmasq_hosts }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: dnsserver
|
loop_var: dnsserver
|
||||||
delegate_to: "{{ dnsserver }}"
|
delegate_to: "{{ dnsserver }}"
|
||||||
|
|||||||
@ -9,10 +9,9 @@
|
|||||||
src: "{{ role_path }}/templates/host.conf.j2"
|
src: "{{ role_path }}/templates/host.conf.j2"
|
||||||
dest: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf
|
dest: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf
|
||||||
when:
|
when:
|
||||||
- dnsmasq_servers | length > 0
|
- dnsmasq_hosts | length > 0
|
||||||
- dnsmasq_host_ipv4 not in dnsmasq_servers
|
- dnsmasq_host_ipv4 not in dnsmasq_hosts
|
||||||
tags: creation
|
loop: "{{ dnsmasq_hosts }}"
|
||||||
loop: "{{ dnsmasq_servers }}"
|
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: dnsserver
|
loop_var: dnsserver
|
||||||
delegate_to: "{{ dnsserver }}"
|
delegate_to: "{{ dnsserver }}"
|
||||||
@ -24,10 +23,10 @@
|
|||||||
path: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf
|
path: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf
|
||||||
state: absent
|
state: absent
|
||||||
when:
|
when:
|
||||||
- dnsmasq_servers | length > 0
|
- dnsmasq_hosts | length > 0
|
||||||
- dnsmasq_host_ipv4 not in dnsmasq_servers
|
- dnsmasq_host_ipv4 not in dnsmasq_hosts
|
||||||
tags: [destruction, never]
|
tags: [destruction, never]
|
||||||
loop: "{{ dnsmasq_servers }}"
|
loop: "{{ dnsmasq_hosts }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: dnsserver
|
loop_var: dnsserver
|
||||||
delegate_to: "{{ dnsserver }}"
|
delegate_to: "{{ dnsserver }}"
|
||||||
|
|||||||
@ -1,10 +1,16 @@
|
|||||||
---
|
---
|
||||||
# tasks file for security
|
# tasks file for security
|
||||||
|
|
||||||
|
- name: Supprimer l'ancien fichier de configuration
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/dnsmasq.d/cache.conf
|
||||||
|
state: absent
|
||||||
|
become: true
|
||||||
|
|
||||||
- name: Configurer dnsmasq
|
- name: Configurer dnsmasq
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: dnsmasq.conf.j2
|
src: dnsmasq.conf.j2
|
||||||
dest: /etc/dnsmasq.d/cache.conf
|
dest: /etc/dnsmasq.d/dns.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
@ -13,10 +19,26 @@
|
|||||||
|
|
||||||
- name: Déployer la configuration de l'instance
|
- name: Déployer la configuration de l'instance
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
src: host.conf.j2
|
||||||
|
dest: /srv/dnsmasq/{{ inventory_hostname }}.conf
|
||||||
owner: dnsmasq
|
owner: dnsmasq
|
||||||
group: root
|
group: root
|
||||||
mode: u=rw,g=r,o=r
|
mode: u=rw,g=r,o=r
|
||||||
src: host.conf.j2
|
|
||||||
dest: /srv/dnsmasq/{{ inventory_hostname }}.conf
|
|
||||||
become: true
|
become: true
|
||||||
notify: Recharger dnsmasq.service
|
notify: Recharger dnsmasq.service
|
||||||
|
|
||||||
|
- name: Déployer les configurations specifiques
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: specific.conf.j2
|
||||||
|
dest: "{{ filename }}"
|
||||||
|
owner: dnsmasq
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
when: dnsmasq_specifics | length > 0
|
||||||
|
become: true
|
||||||
|
notify: Recharger dnsmasq.service
|
||||||
|
loop: "{{ dnsmasq_specifics }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ filename }}"
|
||||||
|
vars:
|
||||||
|
filename: /srv/dnsmasq/{{ item.hostname }}.conf
|
||||||
|
|||||||
@ -1,14 +1,19 @@
|
|||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
# Répondre aux demandes locales uniquement
|
||||||
|
local-service
|
||||||
|
|
||||||
# Ne pas transmettre les requêtes avec un nom court (pas FQDN)
|
# Ne pas transmettre les requêtes avec un nom court (pas FQDN)
|
||||||
domain-needed
|
domain-needed
|
||||||
|
|
||||||
|
{% if dnsmasq_bogus_priv_enabled %}
|
||||||
# Ne pas envoyer les requête sur les IP privées
|
# Ne pas envoyer les requête sur les IP privées
|
||||||
bogus-priv
|
bogus-priv
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Spécifié le domaine pour qualifié les noms courts
|
# Spécifié le domaine pour qualifié les noms courts
|
||||||
domain={{ dnsmasq_conf_domain }}
|
domain={{ dnsmasq_domain }}
|
||||||
local=/{{ dnsmasq_conf_domain }}/
|
local=/{{ dnsmasq_domain }}/
|
||||||
|
|
||||||
# Ajoute le nom de domaine au noms simples
|
# Ajoute le nom de domaine au noms simples
|
||||||
expand-hosts
|
expand-hosts
|
||||||
@ -22,11 +27,16 @@ no-resolv
|
|||||||
# Ne pas utiliser /etc/hosts
|
# Ne pas utiliser /etc/hosts
|
||||||
no-hosts
|
no-hosts
|
||||||
|
|
||||||
# Utiliser dnscrypt-proxy
|
# Définir les serveurs DNS à suivre
|
||||||
{% for server in dnsmasq_conf_servers %}
|
{% for server in dnsmasq_servers %}
|
||||||
server={{ server }}
|
server={{ server }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
|
# Définir les serveurs DNS à suivre (PTR)
|
||||||
|
{% for server in dnsmasq_rev_servers %}
|
||||||
|
rev-server={{ server }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
# Bloquer le rebond DNS
|
# Bloquer le rebond DNS
|
||||||
stop-dns-rebind
|
stop-dns-rebind
|
||||||
|
|
||||||
|
|||||||
6
templates/specific.conf.j2
Normal file
6
templates/specific.conf.j2
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
{% for ip in item.ips %}
|
||||||
|
{% set aliases = item.get('aliases', []) %}
|
||||||
|
{{ ip }} {{ ([item.hostname] + aliases) | join(' ') }}
|
||||||
|
{% endfor %}
|
||||||
Loading…
Reference in New Issue
Block a user