inventoryFromAnsible #4

Merged
pulsar merged 10 commits from inventoryFromAnsible into master 2024-05-06 18:48:20 +00:00
7 changed files with 71 additions and 24 deletions

View File

@ -4,19 +4,19 @@ Ce rôle permet d'installer et configurer dnsmasq.
## Variables
### dnsmasq_conf_domain
### dnsmasq_domain
Nom de domain utilisé pour qualifier les noms courts.
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
### dnsmasq_conf_servers
### dnsmasq_servers
Liste d'adresses IP auxquelles les requêtes DNS sont transmises si dnsmasq ne porte pas le domaine.
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
### dnsmasq_servers
### dnsmasq_hosts
Liste d'IP ou de noms d'hôtes servant de serveur DNS.
@ -46,6 +46,12 @@ Nom d'hôte du client.
*<span style="text-decoration: underline">Valeur par défaut:</span> `{{ inventory_hostname }} {{ inventory_hostname_short }}`*
### dnsmasq_specifics
Liste de dictionnaires contenant le nom d'hôte, les alias et la liste d'IP associées.
*<span style="text-decoration: underline">Valeur par défaut:</span> aucune*
## Exemple d'utilisation
### inventory.yml
@ -69,7 +75,7 @@ all:
```yaml
---
dnsmasq_servers: "{{ groups['dnsservers'] }}"
dnsmasq_hosts: "{{ groups['dnsservers'] }}"
```
@ -78,8 +84,8 @@ dnsmasq_servers: "{{ groups['dnsservers'] }}"
```yaml
---
dnsmasq_conf_domain: ykn.local
dnsmasq_conf_servers:
dnsmasq_domain: ykn.local
dnsmasq_servers:
- 127.0.0.1#53000
- ::1#53000
```

View File

@ -1,13 +1,17 @@
---
# defaults file for dnsmasq
dnsmasq_conf_domain: ""
dnsmasq_conf_servers: []
dnsmasq_domain: ""
dnsmasq_servers: []
dnsmasq_rev_servers: []
dnsmasq_bogus_priv_enabled: true
dnsmasq_hosts: []
dnsmasq_host_ips: []
dnsmasq_host_aliases: []
dnsmasq_client_filename: "{{ inventory_hostname }}"
dnsmasq_client_hostname: "{{ inventory_hostname }} {{ inventory_hostname_short }}"
dnsmasq_specifics: []

View File

@ -12,7 +12,7 @@
ansible.builtin.systemd:
state: reloaded
name: dnsmasq.service
loop: "{{ dnsmasq_servers }}"
loop: "{{ dnsmasq_hosts }}"
loop_control:
loop_var: dnsserver
delegate_to: "{{ dnsserver }}"

View File

@ -9,10 +9,9 @@
src: "{{ role_path }}/templates/host.conf.j2"
dest: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf
when:
- dnsmasq_servers | length > 0
- dnsmasq_host_ipv4 not in dnsmasq_servers
tags: creation
loop: "{{ dnsmasq_servers }}"
- dnsmasq_hosts | length > 0
- dnsmasq_host_ipv4 not in dnsmasq_hosts
loop: "{{ dnsmasq_hosts }}"
loop_control:
loop_var: dnsserver
delegate_to: "{{ dnsserver }}"
@ -24,10 +23,10 @@
path: /srv/dnsmasq/{{ dnsmasq_client_filename }}.conf
state: absent
when:
- dnsmasq_servers | length > 0
- dnsmasq_host_ipv4 not in dnsmasq_servers
- dnsmasq_hosts | length > 0
- dnsmasq_host_ipv4 not in dnsmasq_hosts
tags: [destruction, never]
loop: "{{ dnsmasq_servers }}"
loop: "{{ dnsmasq_hosts }}"
loop_control:
loop_var: dnsserver
delegate_to: "{{ dnsserver }}"

View File

@ -1,10 +1,16 @@
---
# tasks file for security
- name: Supprimer l'ancien fichier de configuration
ansible.builtin.file:
path: /etc/dnsmasq.d/cache.conf
state: absent
become: true
- name: Configurer dnsmasq
ansible.builtin.template:
src: dnsmasq.conf.j2
dest: /etc/dnsmasq.d/cache.conf
dest: /etc/dnsmasq.d/dns.conf
owner: root
group: root
mode: u=rw,g=r,o=r
@ -13,10 +19,26 @@
- name: Déployer la configuration de l'instance
ansible.builtin.template:
src: host.conf.j2
dest: /srv/dnsmasq/{{ inventory_hostname }}.conf
owner: dnsmasq
group: root
mode: u=rw,g=r,o=r
src: host.conf.j2
dest: /srv/dnsmasq/{{ inventory_hostname }}.conf
become: true
notify: Recharger dnsmasq.service
- name: Déployer les configurations specifiques
ansible.builtin.template:
src: specific.conf.j2
dest: "{{ filename }}"
owner: dnsmasq
group: root
mode: u=rw,g=r,o=r
when: dnsmasq_specifics | length > 0
become: true
notify: Recharger dnsmasq.service
loop: "{{ dnsmasq_specifics }}"
loop_control:
label: "{{ filename }}"
vars:
filename: /srv/dnsmasq/{{ item.hostname }}.conf

View File

@ -1,14 +1,19 @@
# {{ ansible_managed }}
# Répondre aux demandes locales uniquement
local-service
# Ne pas transmettre les requêtes avec un nom court (pas FQDN)
domain-needed
{% if dnsmasq_bogus_priv_enabled %}
# Ne pas envoyer les requête sur les IP privées
bogus-priv
{% endif %}
# Spécifié le domaine pour qualifié les noms courts
domain={{ dnsmasq_conf_domain }}
local=/{{ dnsmasq_conf_domain }}/
domain={{ dnsmasq_domain }}
local=/{{ dnsmasq_domain }}/
# Ajoute le nom de domaine au noms simples
expand-hosts
@ -22,11 +27,16 @@ no-resolv
# Ne pas utiliser /etc/hosts
no-hosts
# Utiliser dnscrypt-proxy
{% for server in dnsmasq_conf_servers %}
# Définir les serveurs DNS à suivre
{% for server in dnsmasq_servers %}
server={{ server }}
{% endfor %}
# Définir les serveurs DNS à suivre (PTR)
{% for server in dnsmasq_rev_servers %}
rev-server={{ server }}
{% endfor %}
# Bloquer le rebond DNS
stop-dns-rebind

View File

@ -0,0 +1,6 @@
# {{ ansible_managed }}
{% for ip in item.ips %}
{% set aliases = item.get('aliases', []) %}
{{ ip }} {{ ([item.hostname] + aliases) | join(' ') }}
{% endfor %}