source-git / ansible-freeipa

Clone
Source Code
GIT

Blame README-dnszone.md

c8 c8s master
  1.   2939af7787d57313a0cecb9f45123ccfd3e182b1
  2.   README-dnszone.md
Blob History Raw
Packit Service 0a38ef 
DNSZone Module
Packit Service 0a38ef 
==============
Packit Service 0a38ef
Packit Service 0a38ef 
Description
Packit Service 0a38ef 
-----------
Packit Service 0a38ef
Packit Service 0a38ef 
The dnszone module allows to configure zones in DNS server.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Features
Packit Service 0a38ef 
--------
Packit Service 0a38ef
Packit Service 0a38ef 
* Add, remove, modify, enable or disable DNS zones.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Supported FreeIPA Versions
Packit Service 0a38ef 
--------------------------
Packit Service 0a38ef
Packit Service 0a38ef 
FreeIPA versions 4.4.0 and up are supported by ipadnszone module.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Requirements
Packit Service 0a38ef 
------------
Packit Service 0a38ef
Packit Service 0a38ef 
**Controller**
Packit Service 0a38ef 
* Ansible version: 2.8+
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
**Node**
Packit Service 0a38ef 
* Supported FreeIPA version (see above)
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Usage
Packit Service 0a38ef 
-----
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
```ini
Packit Service 0a38ef 
[ipaserver]
Packit Service 0a38ef 
ipaserver.test.local
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to create a simple DNS zone:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: dnszone present
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  - name: Ensure zone is present.
Packit Service 0a38ef 
    ipadnszone:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: testzone.local
Packit Service 0a38ef 
      state: present
Packit Service 0a38ef
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to create a DNS zone with all currently supported variables:
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: dnszone present
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  - name: Ensure zone is present.
Packit Service 0a38ef 
    ipadnszone:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: testzone.local
Packit Service 0a38ef 
      allow_sync_ptr: true
Packit Service 0a38ef 
      dynamic_update: true
Packit Service 0a38ef 
      dnssec: true
Packit Service 0a38ef 
      allow_transfer:
Packit Service 0a38ef 
        - 1.1.1.1
Packit Service 0a38ef 
        - 2.2.2.2
Packit Service 0a38ef 
      allow_query:
Packit Service 0a38ef 
        - 1.1.1.1
Packit Service 0a38ef 
        - 2.2.2.2
Packit Service 0a38ef 
      forwarders:
Packit Service 0a38ef 
        - ip_address: 8.8.8.8
Packit Service 0a38ef 
        - ip_address: 8.8.4.4
Packit Service 0a38ef 
          port: 52
Packit Service 0a38ef 
      serial: 1234
Packit Service 0a38ef 
      refresh: 3600
Packit Service 0a38ef 
      retry: 900
Packit Service 0a38ef 
      expire: 1209600
Packit Service 0a38ef 
      minimum: 3600
Packit Service 0a38ef 
      ttl: 60
Packit Service 0a38ef 
      default_ttl: 90
Packit Service 0a38ef 
      name_server: ipaserver.test.local.
Packit Service 0a38ef 
      admin_email: admin.admin@example.com
Packit Service 0a38ef 
      nsec3param_rec: "1 7 100 0123456789abcdef"
Packit Service 0a38ef 
      skip_overlap_check: true
Packit Service 0a38ef 
      skip_nameserver_check: true
Packit Service 0a38ef 
      state: present
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to disable a zone:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to disable DNS zone
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  - name: Disable zone.
Packit Service 0a38ef 
    ipadnszone:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: testzone.local
Packit Service 0a38ef 
      state: disabled
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to enable a zone:
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to enable DNS zone
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  - name: Enable zone.
Packit Service 0a38ef 
    ipadnszone:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: testzone.local
Packit Service 0a38ef 
      state: enabled
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to remove a zone:
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to remove DNS zone
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  - name: Remove zone.
Packit Service 0a38ef 
    ipadnszone:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: testzone.local
Packit Service 0a38ef 
      state: absent
Packit Service 0a38ef
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 2939af 
Example playbook to create a zone for reverse DNS lookup, from an IP address:
Packit Service 2939af
Packit Service 2939af 
```yaml
Packit Service 2939af
Packit Service 2939af 
---
Packit Service 2939af 
- name: dnszone present
Packit Service 2939af 
  hosts: ipaserver
Packit Service 2939af 
  become: true
Packit Service 2939af
Packit Service 2939af 
  tasks:
Packit Service 2939af 
  - name: Ensure zone for reverse DNS lookup is present.
Packit Service 2939af 
    ipadnszone:
Packit Service 2939af 
      ipaadmin_password: SomeADMINpassword
Packit Service 2939af 
      name_from_ip: 192.168.1.2
Packit Service 2939af 
      state: present
Packit Service 2939af 
```
Packit Service 2939af
Packit Service 2939af 
Note that, on the previous example the zone created with `name_from_ip` might be "1.168.192.in-addr.arpa.", "168.192.in-addr.arpa.", or "192.in-addr.arpa.", depending on the DNS response the system get while querying for zones, and for this reason, when creating a zone using `name_from_ip`, the inferred zone name is returned to the controller, in the attribute `dnszone.name`. Since the zone inferred might not be what a user expects, `name_from_ip` can only be used with `state: present`. To have more control over the zone name, the prefix length for the IP address can be provided.
Packit Service 2939af
Packit Service 2939af 
Example playbook to create a zone for reverse DNS lookup, from an IP address, given the prefix length and displaying the resulting zone name:
Packit Service 2939af
Packit Service 2939af 
```yaml
Packit Service 2939af
Packit Service 2939af 
---
Packit Service 2939af 
- name: dnszone present
Packit Service 2939af 
  hosts: ipaserver
Packit Service 2939af 
  become: true
Packit Service 2939af
Packit Service 2939af 
  tasks:
Packit Service 2939af 
      - name: Ensure zone for reverse DNS lookup is present.
Packit Service 2939af 
    ipadnszone:
Packit Service 2939af 
      ipaadmin_password: SomeADMINpassword
Packit Service 2939af 
      name_from_ip: 192.168.1.2/24
Packit Service 2939af 
      state: present
Packit Service 2939af 
    register: result
Packit Service 2939af 
  - name: Display inferred zone name.
Packit Service 2939af 
    debug:
Packit Service 2939af 
      msg: "Zone name: {{ result.dnszone.name }}"
Packit Service 2939af 
```
Packit Service 2939af
Packit Service 0a38ef
Packit Service 0a38ef 
Variables
Packit Service 0a38ef 
=========
Packit Service 0a38ef
Packit Service 0a38ef 
ipadnszone
Packit Service 0a38ef 
----------
Packit Service 0a38ef
Packit Service 0a38ef 
Variable | Description | Required
Packit Service 0a38ef 
-------- | ----------- | --------
Packit Service 0a38ef 
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
Packit Service 0a38ef 
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
Packit Service 2939af 
`name` \| `zone_name` | The zone name string or list of strings. | no
Packit Service 2939af 
`name_from_ip` | Derive zone name from reverse of IP (PTR). Can only be used with `state: present`. | no
Packit Service 0a38ef 
`forwarders` | The list of forwarders dicts. Each `forwarders` dict entry has:| no
Packit Service 0a38ef 
  | `ip_address` - The IPv4 or IPv6 address of the DNS server. | yes
Packit Service 0a38ef 
  | `port` - The custom port that should be used on this server. | no
Packit Service 0a38ef 
`forward_policy` | The global forwarding policy. It can be one of `only`, `first`, or `none`.  | no
Packit Service 0a38ef 
`allow_sync_ptr` | Allow synchronization of forward (A, AAAA) and reverse (PTR) records (bool). | no
Packit Service 0a38ef 
`state` | The state to ensure. It can be one of `present`, `enabled`, `disabled` or `absent`, default: `present`. | yes
Packit Service 0a38ef 
`name_server`| Authoritative nameserver domain name | no
Packit Service 0a38ef 
`admin_email`| Administrator e-mail address | no
Packit Service 0a38ef 
`update_policy`| BIND update policy | no
Packit Service 0a38ef 
`dynamic_update` \| `dynamicupdate` | Allow dynamic updates | no
Packit Service 0a38ef 
`dnssec`| Allow inline DNSSEC signing of records in the zone | no
Packit Service 0a38ef 
`allow_transfer`| List of IP addresses or networks which are allowed to transfer the zone | no
Packit Service 0a38ef 
`allow_query`| List of IP addresses or networks which are allowed to issue queries | no
Packit Service 0a38ef 
`serial`| SOA record serial number | no
Packit Service 0a38ef 
`refresh`| SOA record refresh time | no
Packit Service 0a38ef 
`retry`| SOA record retry time | no
Packit Service 0a38ef 
`expire`| SOA record expire time | no
Packit Service 0a38ef 
`minimum`| How long should negative responses be cached | no
Packit Service 0a38ef 
`ttl`| Time to live for records at zone apex | no
Packit Service 0a38ef 
`default_ttl`| Time to live for records without explicit TTL definition | no
Packit Service 0a38ef 
`nsec3param_rec`| NSEC3PARAM record for zone in format: hash_algorithm flags iterations salt | no
Packit Service 0a38ef 
`skip_overlap_check`| Force DNS zone creation even if it will overlap with an existing zone | no
Packit Service 0a38ef 
`skip_nameserver_check` | Force DNS zone creation even if nameserver is not resolvable | no
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 2939af 
Return Values
Packit Service 2939af 
=============
Packit Service 2939af
Packit Service 2939af 
ipadnszone
Packit Service 2939af 
----------
Packit Service 2939af
Packit Service 2939af 
Variable | Description | Returned When
Packit Service 2939af 
-------- | ----------- | -------------
Packit Service 2939af 
`dnszone` | DNS Zone dict with zone name infered from `name_from_ip`. 
Options: |  If `state` is `present`, `name_from_ip` is used, and a zone was created.
Packit Service 2939af 
  | `name` - The name of the zone created, inferred from `name_from_ip`. | Always
Packit Service 2939af
Packit Service 0a38ef 
Authors
Packit Service 0a38ef 
=======
Packit Service 0a38ef
Packit Service 0a38ef 
Sergio Oliveira Campos

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation