source-git / ansible-freeipa

Clone
Source Code
GIT

Blame README-dnsforwardzone.md

c8 c8s master
  1.   224faac6160f668c43b92e20a7890c91f0523435
  2.   README-dnsforwardzone.md
Blob History Raw
Packit Service 0f71a7 
Dnsforwardzone module
Packit Service 0f71a7 
=====================
Packit Service 0f71a7
Packit Service 0f71a7 
Description
Packit Service 0f71a7 
-----------
Packit Service 0f71a7
Packit Service 0f71a7 
The dnsforwardzone module allows the addition and removal of dns forwarders from the IPA DNS config.
Packit Service 0f71a7
Packit Service 0f71a7 
It is desgined to follow the IPA api as closely as possible while ensuring ease of use.
Packit Service 0f71a7
Packit Service 0f71a7
Packit Service 0f71a7 
Features
Packit Service 0f71a7 
--------
Packit Service 0f71a7 
* DNS zone management
Packit Service 0f71a7
Packit Service 0f71a7 
Supported FreeIPA Versions
Packit Service 0f71a7 
--------------------------
Packit Service 0f71a7
Packit Service 0f71a7 
FreeIPA versions 4.4.0 and up are supported by the ipadnsforwardzone module.
Packit Service 0f71a7
Packit Service 0f71a7 
Requirements
Packit Service 0f71a7 
------------
Packit Service 0f71a7 
**Controller**
Packit Service 0f71a7 
* Ansible version: 2.8+
Packit Service 0f71a7
Packit Service 0f71a7 
**Node**
Packit Service 0f71a7 
* Supported FreeIPA version (see above)
Packit Service 0f71a7
Packit Service 0f71a7
Packit Service 0f71a7 
Usage
Packit Service 0f71a7 
=====
Packit Service 0f71a7
Packit Service 0f71a7 
Example inventory file
Packit Service 0f71a7
Packit Service 0f71a7 
```ini
Packit Service 0f71a7 
[ipaserver]
Packit Service 0f71a7 
ipaserver.test.local
Packit Service 0f71a7 
```
Packit Service 0f71a7
Packit Service 0f71a7
Packit Service 0f71a7 
Example playbook to ensure presence of a forwardzone to ipa DNS:
Packit Service 0f71a7
Packit Service 0f71a7 
```yaml
Packit Service 0f71a7 
---
Packit Service 0f71a7 
- name: Playbook to handle add a forwarder
Packit Service 0f71a7 
  hosts: ipaserver
Packit Service 0f71a7 
  become: true
Packit Service 0f71a7
Packit Service 0f71a7 
  tasks:
Packit Service 0f71a7 
  - name: ensure presence of forwardzone for DNS requests for example.com to 8.8.8.8
Packit Service 0f71a7 
    ipadnsforwardzone:
Packit Service 0f71a7 
      ipaadmin_password: password01
Packit Service 0f71a7 
      state: present
Packit Service 0f71a7 
      name: example.com
Packit Service 0f71a7 
      forwarders:
Packit Service 0f71a7 
        - 8.8.8.8
Packit Service 0f71a7 
      forwardpolicy: first
Packit Service 0f71a7 
      skip_overlap_check: true
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: ensure the forward zone is disabled
Packit Service 0f71a7 
    ipadnsforwardzone:
Packit Service 0f71a7 
      ipaadmin_password: password01
Packit Service 0f71a7 
      name: example.com
Packit Service 0f71a7 
      state: disabled
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: ensure presence of multiple upstream DNS servers for example.com
Packit Service 0f71a7 
    ipadnsforwardzone:
Packit Service 0f71a7 
      ipaadmin_password: password01
Packit Service 0f71a7 
      state: present
Packit Service 0f71a7 
      name: example.com
Packit Service 0f71a7 
      forwarders:
Packit Service 0f71a7 
        - 8.8.8.8
Packit Service 0f71a7 
        - 4.4.4.4
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: ensure presence of another forwarder to any existing ones for example.com
Packit Service 0f71a7 
    ipadnsforwardzone:
Packit Service 0f71a7 
      ipaadmin_password: password01
Packit Service 0f71a7 
      state: present
Packit Service 0f71a7 
      name: example.com
Packit Service 0f71a7 
      forwarders:
Packit Service 0f71a7 
        - 1.1.1.1
Packit Service 0f71a7 
      action: member
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: ensure the forwarder for example.com does not exists (delete it if needed)
Packit Service 0f71a7 
    ipadnsforwardzone:
Packit Service 0f71a7 
      ipaadmin_password: password01
Packit Service 0f71a7 
      name: example.com
Packit Service 0f71a7 
      state: absent
Packit Service 0f71a7 
```
Packit Service 0f71a7
Packit Service 0f71a7 
Variables
Packit Service 0f71a7 
=========
Packit Service 0f71a7
Packit Service 0f71a7 
ipagroup
Packit Service 0f71a7 
-------
Packit Service 0f71a7
Packit Service 0f71a7 
Variable | Description | Required
Packit Service 0f71a7 
-------- | ----------- | --------
Packit Service 0f71a7 
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
Packit Service 0f71a7 
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
Packit Service 0f71a7 
`name` \| `cn` | Zone name (FQDN). | yes if `state` == `present`
Packit Service 0f71a7 
`forwarders` \| `idnsforwarders` |  Per-zone conditional forwarding policy. Possible values are `only`, `first`, `none`) | no
Packit Service 0f71a7 
`forwardpolicy` \| `idnsforwardpolicy` | Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded. | no
Packit Service 0f71a7 
`skip_overlap_check` | Force DNS zone creation even if it will overlap with an existing zone. Defaults to False. | no
Packit Service 0f71a7 
`action` | Work on group or member level. It can be on of `member` or `dnsforwardzone` and defaults to `dnsforwardzone`. | no
Packit Service 0f71a7 
`state` | The state to ensure. It can be one of `present`, `absent`, `enabled` or `disabled`, default: `present`. | yes
Packit Service 0f71a7
Packit Service 0f71a7
Packit Service 0f71a7 
Authors
Packit Service 0f71a7 
=======
Packit Service 0f71a7
Packit Service 0f71a7 
Chris Procter

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation