source-git / ansible-freeipa

Clone
Source Code
GIT

Blame README-dnsforwardzone.md

c8 c8s master
  1.   c8s
  2.   README-dnsforwardzone.md
Blob History Raw
Packit Service 0a38ef 
Dnsforwardzone module
Packit Service 0a38ef 
=====================
Packit Service 0a38ef
Packit Service 0a38ef 
Description
Packit Service 0a38ef 
-----------
Packit Service 0a38ef
Packit Service 0a38ef 
The dnsforwardzone module allows the addition and removal of dns forwarders from the IPA DNS config.
Packit Service 0a38ef
Packit Service 0a38ef 
It is desgined to follow the IPA api as closely as possible while ensuring ease of use.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Features
Packit Service 0a38ef 
--------
Packit Service 0a38ef 
* DNS zone management
Packit Service 0a38ef
Packit Service 0a38ef 
Supported FreeIPA Versions
Packit Service 0a38ef 
--------------------------
Packit Service 0a38ef
Packit Service 0a38ef 
FreeIPA versions 4.4.0 and up are supported by the ipadnsforwardzone module.
Packit Service 0a38ef
Packit Service 0a38ef 
Requirements
Packit Service 0a38ef 
------------
Packit Service 0a38ef 
**Controller**
Packit Service 0a38ef 
* Ansible version: 2.8+
Packit Service 0a38ef
Packit Service 0a38ef 
**Node**
Packit Service 0a38ef 
* Supported FreeIPA version (see above)
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Usage
Packit Service 0a38ef 
=====
Packit Service 0a38ef
Packit Service 0a38ef 
Example inventory file
Packit Service 0a38ef
Packit Service 0a38ef 
```ini
Packit Service 0a38ef 
[ipaserver]
Packit Service 0a38ef 
ipaserver.test.local
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to ensure presence of a forwardzone to ipa DNS:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle add a forwarder
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service a166ed 
  - name: ensure presence of forwardzone with a single forwarder DNS server
Packit Service 0a38ef 
    ipadnsforwardzone:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      state: present
Packit Service 0a38ef 
      name: example.com
Packit Service 0a38ef 
      forwarders:
Packit Service a166ed 
        - ip_address: 8.8.8.8
Packit Service 0a38ef 
      forwardpolicy: first
Packit Service 0a38ef 
      skip_overlap_check: true
Packit Service 0a38ef
Packit Service 0a38ef 
  - name: ensure the forward zone is disabled
Packit Service 0a38ef 
    ipadnsforwardzone:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: example.com
Packit Service 0a38ef 
      state: disabled
Packit Service 0a38ef
Packit Service a166ed 
  - name: ensure presence of forwardzone with multiple forwarder DNS server
Packit Service 0a38ef 
    ipadnsforwardzone:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      state: present
Packit Service 0a38ef 
      name: example.com
Packit Service 0a38ef 
      forwarders:
Packit Service a166ed 
        - ip_address: 8.8.8.8
Packit Service a166ed 
        - ip_address: 4.4.4.4
Packit Service 0a38ef
Packit Service 0a38ef 
  - name: ensure presence of another forwarder to any existing ones for example.com
Packit Service 0a38ef 
    ipadnsforwardzone:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      state: present
Packit Service 0a38ef 
      name: example.com
Packit Service 0a38ef 
      forwarders:
Packit Service a166ed 
        - ip_address: 1.1.1.1
Packit Service 0a38ef 
      action: member
Packit Service 0a38ef
Packit Service a166ed 
  - name: ensure presence of forwardzone with single forwarder DNS server on non-stardard port
Packit Service 0a38ef 
    ipadnsforwardzone:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service a166ed 
      state: present
Packit Service a166ed 
      name: example.com
Packit Service a166ed 
      forwarders:
Packit Service a166ed 
        - ip_address: 4.4.4.4
Packit Service a166ed 
          port: 8053
Packit Service a166ed
Packit Service a166ed 
  - name: ensure the forward zone is absent
Packit Service a166ed 
    ipadnsforwardzone:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: example.com
Packit Service 0a38ef 
      state: absent
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef 
Variables
Packit Service 0a38ef 
=========
Packit Service 0a38ef
Packit Service 0a38ef 
ipagroup
Packit Service 0a38ef 
-------
Packit Service 0a38ef
Packit Service 0a38ef 
Variable | Description | Required
Packit Service 0a38ef 
-------- | ----------- | --------
Packit Service 0a38ef 
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
Packit Service 0a38ef 
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
Packit Service 0a38ef 
`name` \| `cn` | Zone name (FQDN). | yes if `state` == `present`
Packit Service a166ed 
`forwarders` \| `idnsforwarders` |  Per-zone forwarders. A custom port can be specified for each forwarder. Options | no
Packit Service a166ed 
  | `ip_address`: The forwarder IP address. | yes
Packit Service a166ed 
  | `port`: The forwarder IP port. | no
Packit Service a166ed 
`forwardpolicy` \| `idnsforwardpolicy` | Per-zone conditional forwarding policy. Possible values are `only`, `first`, `none`. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded. | no
Packit Service 0a38ef 
`skip_overlap_check` | Force DNS zone creation even if it will overlap with an existing zone. Defaults to False. | no
Packit Service a166ed 
`permission` | Allow DNS Forward Zone to be managed. (bool) | no
Packit Service 0a38ef 
`action` | Work on group or member level. It can be on of `member` or `dnsforwardzone` and defaults to `dnsforwardzone`. | no
Packit Service 0a38ef 
`state` | The state to ensure. It can be one of `present`, `absent`, `enabled` or `disabled`, default: `present`. | yes
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Authors
Packit Service 0a38ef 
=======
Packit Service 0a38ef
Packit Service 0a38ef 
Chris Procter

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation