Commit 54ee0a06 authored by Patricio Bruna's avatar Patricio Bruna

First Vagrant version

parent ab1760a5
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure(2) do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://atlas.hashicorp.com/search.
config.vm.box = "bento/centos-7.2"
config.ssh.insert_key = false
# Compartir directorio de desarollo de Zimlets
config.vm.provision "ansible" do |ansible|
ansible.playbook = 'vagrant/provision/playbook.yml'
ansible.sudo = true
end
config.vm.network 'private_network', ip: '192.168.50.10'
config.vm.hostname = 'zimbra.zboxapp.dev'
config.vm.network 'forwarded_port', guest: 7071, host: 7071
config.vm.network 'forwarded_port', guest: 8081, host: 6081
config.vm.network 'forwarded_port', guest: 9081, host: 9081
config.vm.network 'forwarded_port', guest: 443, host: 7443
config.vm.network 'forwarded_port', guest: 80, host: 7080
config.vm.network 'forwarded_port', guest: 27017, host: 27017
config.vm.provider 'virtualbox' do |v|
v.name = 'newManagerZimbra'
v.memory = 2048
v.cpus = 2
end
config.vm.provider 'parallels' do |v|
v.name = 'newManagerZimbra'
v.memory = 2048
v.cpus = 2
end
end
...@@ -6,8 +6,6 @@ ...@@ -6,8 +6,6 @@
'url': 'http://zimbra.zboxapp.dev:9000/service/admin/soap', 'url': 'http://zimbra.zboxapp.dev:9000/service/admin/soap',
'user': 'admin@zboxapp.dev', 'user': 'admin@zboxapp.dev',
'password':'12345678' 'password':'12345678'
// 'user': 'superadmin2@zboxtest.com',
// 'password':'zboxapp2016'
}; };
describe('Basic tests', function() { describe('Basic tests', function() {
......
# Custom filters for handling IP addresses
def reverse_dotted_decimals(ipaddress):
"""Reverse the order of the decimals in the specified IP-address.
E.g. "192.168.10" would become "10.168.192"
Keyword arguments:
ipaddress -- An IP address in dotted decimal notation
"""
return '.'.join(ipaddress.split('.')[::-1])
def reverse_lookup_zone(ipaddress):
"""Return the notation for the reverse lookup zone for the specified
network address.
E.g. "192.0.2" would become "2.0.192.in-addr.arpa"
Keyword arguments:
ipaddress -- The network part of an IP address in dotted decimal
notation
"""
return reverse_dotted_decimals(ipaddress) + '.in-addr.arpa'
class FilterModule(object):
''' Ansible core jinja2 filters '''
def filters(self):
return {
'reverse_dotted_decimals': reverse_dotted_decimals,
'reverse_lookup_zone': reverse_lookup_zone,
}
---
- hosts: all
sudo: yes
vars:
bind_listen_ipv4:
- 'any'
bind_allow_query:
- '192.168.0.0/16'
- '127.0.0.0/8'
bind_recursion: 'yes'
bind_zone_name: 'zboxapp.dev'
bind_zone_master_server_ip: '192.168.50.10'
bind_zone_name_servers:
- 'zimbra'
bind_zone_mail_servers:
- name: 'zimbra'
preference: 10
bind_zone_hosts:
- name: 'zimbra'
ip: '192.168.50.10'
roles:
- role: common
- role: bertvv.bind
- role: pbruna.zimbradev
tasks:
- name: Instala Mongo DB y dependencias
yum: name={{ item }} state=present
with_items:
- mongodb-org
- python-pymongo
- name: Configura mongo
copy: src=./roles/common/files/mongod.conf dest=/etc/mongod.conf
- name: Inicia servicio mongodb
service: name=mongod state=started enabled=yes
- name: Configura DB y usuario mongo
mongodb_user: database=manager name=manager password=manager state=present
# .gitignore
# Hidden Vagrant-directory
.vagrant
# Backup files (e.g. Vim, Gedit, etc.)
*~
# Vagrant base boxes (you never know when someone puts one in the repository)
*.box
# Python artefacts
.ropeproject
*.pyc
# Ignore installation directory of BATS test framework
tests/bats
# Change log
## 0.1.8.6 - 2016-02-15
### Added
* Se puede borrar admin de dominio.
### Fixed
* Solo se muestran los verdaderos administradores de Dominio, antes mostraban todos los
que eran `delegated_admin`.
## 0.1.8.5 - 2016-02-15
### Fixed
* Ahora se puede agregar **Administrador de Dominio**
## 0.1.8.4 - 2016-02-13
### Added
* Quotas de casillas por dominio
* Fecha de renovación basada en el dominio
### Fixed
* Formulario para agregar `alias` a una cuenta
# BSD License
Copyright (c) 2014, Bert Van Vreckem, (bert.vanvreckem@gmail.com)
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Ansible role `bind`
An Ansible role for setting up BIND ISC as a master DNS server for a single domain. Specifically, the responsibilities of this role are to:
- install BIND
- set up the main configuration file
- master server
- slave server
- set up forward and reverse lookup zone files
This role supports multiple reverse zones.
## Requirements
- This role is written specifically for RHEL/CentOS and works on versions 6 and 7.
- The `filter_plugins` directory should be copied to `${ANSIBLE_HOME}`. It contains a few functions that manipulate IP addresses.
## Role Variables
Variables are not required, unless specified.
| Variable | Default | Comments (type) |
| :--- | :--- | :--- |
| `bind_allow_query` | `['localhost']` | A list of hosts that are allowed to query this DNS server. Set to ['any'] to allow all hosts |
| `bind_listen_ipv4` | `['127.0.0.1']` | A list of the IPv4 address of the network interface(s) to listen on. Set to ['any'] to listen on all interfaces. |
| `bind_listen_ipv6` | `['::1']` | A list of the IPv6 address of the network interface(s) to listen on |
| `bind_recursion` | `no` | Allow recursion. Set to `yes` for a caching DNS server. |
| `bind_zone_hostmaster_email` | `hostmaster` | The e-mail address of the system administrator |
| `bind_zone_hosts` | - | Host definitions. See below this table for examples. |
| `bind_zone_mail_servers` | `[{name: mail, preference: 10}]` | A list of dicts (with fields `name` and `preference`) specifying the mail servers for this domain. |
| `bind_zone_master_server_ip` | - | **(Required)** The IP address of the master DNS server. |
| `bind_zone_minimum_ttl` | `1D` | Minimum TTL field in the SOA record. |
| `bind_zone_name_servers` | `[ansible_hostname]` | A list of the DNS servers for this domain. |
| `bind_zone_name` | `example.com` | The domain name |
| `bind_zone_networks` | `['10.0.2']` | A list of the networks that are part of the domain |
| `bind_zone_time_to_expire` | `1W` | Time to expire field in the SOA record. |
| `bind_zone_time_to_refresh` | `1D` | Time to refresh field in the SOA record. |
| `bind_zone_time_to_retry` | `1H` | Time to retry field in the SOA record. |
| `bind_zone_ttl` | `1W` | Time to Live field in the SOA record. |
### Host definitions
Host names that this DNS server should resolve can be specified with the variable `bind_zone_hosts` as a list of dicts with fields `name`, `ip` and `aliases`, e.g.:
```Yaml
bind_zone_hosts:
- name: pub01
ip: 192.0.2.1
aliases:
- ns
- name: pub02
ip: 192.0.2.2
aliases:
- www
- web
- name: priv01
ip: 10.0.0.1
```
As you can see, not all hosts are in the same network. This is perfectly acceptable, and supported by this role. All networks should be specified in `bind_zone_networks`, though, or the host will not get a PTR record for reverse lookup:
```Yaml
bind_zone_networks:
- 192.0.2
- 10
```
Remark that only the network part should be specified here!
## Dependencies
No dependencies. If you want to configure the firewall, do this through another role (e.g. [bertvv.el7](https://github.com/bertvv/ansible-role-el7)).
## Example Playbook
See the [test playbook](tests/test.yml) for an elaborate example that shows all features.
## Testing
The `tests` directory contains tests for this role in the form of a Vagrant environment. The command `vagrant up` results in a setup with *two* DNS servers, a master and a slave, set up according to playbook [`test.yml`](tests/test.yml).
| **Hostname** | **ip** |
| :--- | :--- |
| `testbindmaster` | 192.168.56.53 |
| `testbindslave` | 192.168.56.54 |
IP addresses are in the subnet of the default VirtualBox Host Only network interface (192.168.56.0/24). You should be able to query the servers from your host system. For example, to verify if the slave is updated correctly, you can do the following:
```ShellSession
$ dig @192.168.56.54 ns1.example.com +short
testbindmaster.example.com.
192.168.56.53
$ dig @192.168.56.54 example.com www.example.com +short
web.example.com.
192.168.56.20
$ dig @192.168.56.54 MX example.com +short
10 mail.example.com.
```
An automated acceptance test written in [BATS](https://github.com/sstephenson/bats.git) is provided that checks all settings specified in [`test.yml`](tests/test.yml). You can run it by executing the shell script `tests/runtests.sh`. The script can be run on either your host system (assuming you have a Bash shell), or one of the VMs. The script will download BATS if needed and run the test script [`dns.bats`](tests/dns.bats) on both the master and the slave DNS server.
```ShellSession
$ cd tests
$ vagrant up
[...]
$ ./runtests.sh
Testing 192.168.56.53
✓ The `dig` command should be installed
✓ It should return the NS record(s)
✓ It should be able to resolve host names
✓ It should be able to do reverse lookups
✓ It should be able to resolve aliases
✓ It should return the MX record(s)
6 tests, 0 failures
Testing 192.168.56.54
✓ The `dig` command should be installed
✓ It should return the NS record(s)
✓ It should be able to resolve host names
✓ It should be able to do reverse lookups
✓ It should be able to resolve aliases
✓ It should return the MX record(s)
6 tests, 0 failures
```
Running from the VM:
```ShellSession
$ vagrant ssh testbindmaster
Last login: Sun Jun 14 18:52:35 2015 from 10.0.2.2
Welcome to your Packer-built virtual machine.
[vagrant@testbindmaster ~]$ /vagrant/runtests.sh
Testing 192.168.56.53
✓ The `dig` command should be installed
[...]
```
The directory `tests/roles/bind` is a symbolic link that should point to the root of this project in order to work. Also the `filter_plugins` should be linked to the tests directory. To create these links if necessary, do
```ShellSession
$ cd tests/
$ mkdir roles
$ ln -frs ../../PROJECT_DIR roles/bind
$ ln -frs ../filter_plugins/ .
```
You may want to change the base box into one that you like. The current one is based on Box-Cutter's [CentOS Packer template](https://github.com/boxcutter/centos).
## Contributing
Issues, feature requests, ideas are appreciated and can be posted in the Issues section. Pull requests are also very welcome. Preferably, create a topic branch and when submitting, squash your commits into one (with a descriptive message).
## License
BSD
## Author Information
Bert Van Vreckem (bert.vanvreckem@gmail.com)
# roles/bind/defaults/main.yml
---
bind_zone_name: "example.com"
bind_zone_networks:
- "10.0.2"
# List of IPv4 address of the network interface(s) to listen on. Set to "any"
# to listen on all interfaces
bind_listen_ipv4:
- "127.0.0.1"
# List of IPv6 address of the network interface(s) to listen on.
bind_listen_ipv6:
- "::1"
# List of hosts that are allowed to query this DNS server.
bind_allow_query:
- "localhost"
# By default, do not allow recursion, which is suitable for an authoritative
# name server. (set to "yes" for an caching DNS server).
bind_recursion: "no"
# SOA information
bind_zone_hostmaster_email: "hostmaster"
bind_zone_ttl: "1W"
bind_zone_time_to_refresh: "1D"
bind_zone_time_to_retry: "1H"
bind_zone_time_to_expire: "1W"
bind_zone_minimum_ttl: "1D"
# Custom filters for handling IP addresses
def reverse_dotted_decimals(ipaddress):
"""Reverse the order of the decimals in the specified IP-address.
E.g. "192.168.10" would become "10.168.192"
Keyword arguments:
ipaddress -- An IP address in dotted decimal notation
"""
return '.'.join(ipaddress.split('.')[::-1])
def reverse_lookup_zone(ipaddress):
"""Return the notation for the reverse lookup zone for the specified
network address.
E.g. "192.0.2" would become "2.0.192.in-addr.arpa"
Keyword arguments:
ipaddress -- The network part of an IP address in dotted decimal
notation
"""
return reverse_dotted_decimals(ipaddress) + '.in-addr.arpa'
class FilterModule(object):
''' Ansible core jinja2 filters '''
def filters(self):
return {
'reverse_dotted_decimals': reverse_dotted_decimals,
'reverse_lookup_zone': reverse_lookup_zone,
}
# roles/bind/handlers/main.yml
---
- name: restart bind
service:
name: named
state: restarted
{install_date: 'Sun Aug 2 16:05:31 2015', version: v3.0.0}
---
galaxy_info:
author: Bert Van Vreckem
description: Sets up ISC BIND on RHEL/CentOS 6/7 as an authoritative DNS server for a single domain (master and/or slave).
company: University College Ghent
license: BSD
min_ansible_version: 1.7
platforms:
- name: EL
versions:
- 6
- 7
categories:
- networking
dependencies: []
# roles/bind/tasks/main.yml
---
- name: Install BIND
yum:
pkg: "{{ item }}"
state: installed
with_items: bind_packages
tags: bind
- name: Create serial
command: date +%y%m%d%H
register: timestamp
tags: bind
- include: master.yml
when: ansible_all_ipv4_addresses|last == bind_zone_master_server_ip
- include: slave.yml
when: not ansible_all_ipv4_addresses|last == bind_zone_master_server_ip
- name: Start BIND service
service:
name: named
state: started
enabled: yes
tags: bind
# roles/bind/tasks/master.yml
# Set up a BIND master server
---
- name: Main BIND config file (master)
template:
src: master_etc_named.conf.j2
dest: /etc/named.conf
owner: root
group: named
mode: '0640'
setype: named_conf_t
validate: 'named-checkconf %s'
notify: restart bind
tags: bind
- name: Create forward lookup zone file
template:
src: bind_zone.j2
dest: "/var/named/{{ bind_zone_name }}"
owner: root
group: named
mode: "0640"
setype: named_zone_t
validate: "named-checkzone {{ bind_zone_name }} %s"
notify: restart bind
tags: bind
- name: Create reverse lookup zone file
template:
src: reverse_zone.j2
dest: "/var/named/{{ item|reverse_lookup_zone }}"
owner: root
group: named
mode: "0640"
setype: named_zone_t
validate: "named-checkzone {{ item|reverse_lookup_zone }} %s"
with_items: bind_zone_networks
notify: restart bind
tags: bind
# roles/bind/tasks/master.yml
# Set up a BIND slave server
---
- name: Main BIND config file (slave)
template:
src: slave_etc_named.conf.j2
dest: /etc/named.conf
owner: root
group: named
mode: '0640'
setype: named_conf_t
validate: 'named-checkconf %s'
notify: restart bind
tags: bind
; Zone file for {{ bind_zone_name }}
; {{ ansible_managed }}
$ORIGIN {{ bind_zone_name }}.
$TTL {{ bind_zone_ttl }}
{% if bind_zone_name_servers is defined %}
@ IN SOA {{ bind_zone_name_servers|first }}.{{ bind_zone_name }}. {{ bind_zone_hostmaster_email }}.{{ bind_zone_name }}. (
{% else %}
@ IN SOA {{ ansible_hostname }}.{{ bind_zone_name }}. {{ bind_zone_hostmaster_email }}.{{ bind_zone_name }}. (
{% endif %}
{{ timestamp.stdout }}
{{ bind_zone_time_to_refresh }}
{{ bind_zone_time_to_retry }}
{{ bind_zone_time_to_expire }}
{{ bind_zone_minimum_ttl }} )
{% if bind_zone_name_servers is defined %}
{% for ns in bind_zone_name_servers %}
IN NS {{ ns }}.{{ bind_zone_name }}.
{% endfor %}
{% else %}
IN NS {{ ansible_hostname }}.{{ bind_zone_name }}.
{% endif %}
{% if bind_zone_mail_servers is defined %}
{% for mail in bind_zone_mail_servers %}
{% if loop.first %}@{% else %} {% endif %} IN MX {{ mail.preference}} {{ mail.name }}.{{ bind_zone_name }}.
{% endfor %}
{% endif %}
{% if bind_zone_hosts is defined %}
{% for host in bind_zone_hosts %}
{{ host.name.ljust(20) }} IN A {{ host.ip }}
{% if host.aliases is defined %}
{% for alias in host.aliases %}
{{ alias.ljust(20) }} IN CNAME {{ host.name }}
{% endfor %}
{% endif %}
{% endfor %}
{% else %}
{{ ansible_hostname.ljust(20) }} IN A {{ ansible_default_ipv4.address }}
{% endif %}
//
// named.conf
//
// {{ ansible_managed }}
//
options {
listen-on port 53 { {{ bind_listen_ipv4|join(';') }}; };
listen-on-v6 port 53 { {{ bind_listen_ipv6|join(';') }}; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { {{ bind_allow_query|join(';') }}; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion {{ bind_recursion }};
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "{{ bind_zone_name }}" IN {
type master;
file "{{ bind_zone_name }}";
notify yes;
allow-update { none; };
};
{% if bind_zone_networks is defined %}
{% for network in bind_zone_networks %}
zone "{{ network|reverse_lookup_zone }}" IN {
type master;
file "{{ network|reverse_lookup_zone }}";
notify yes;
allow-update { none; };
};
{% endfor %}
{% endif %}
; Reverse zone file for {{ bind_zone_name }}
; {{ ansible_managed }}
; vi: ft=bindzone
$TTL {{ bind_zone_ttl }}
$ORIGIN {{ item|reverse_lookup_zone }}.
{% if bind_zone_name_servers is defined %}
@ IN SOA {{ bind_zone_name_servers|first }}.{{ bind_zone_name }}. {{ bind_zone_hostmaster_email }}.{{ bind_zone_name }}. (
{% else %}
@ IN SOA {{ ansible_hostname }}.{{ bind_zone_name }}. {{ bind_zone_hostmaster_email }}.{{ bind_zone_name }}. (
{% endif %}
{{ timestamp.stdout }}
{{ bind_zone_time_to_refresh }}
{{ bind_zone_time_to_retry }}
{{ bind_zone_time_to_expire }}
{{ bind_zone_minimum_ttl }} )
{% if bind_zone_name_servers is defined %}
{% for ns in bind_zone_name_servers %}
IN NS {{ ns }}.{{ bind_zone_name }}.
{% endfor %}
{% else %}
IN NS {{ ansible_hostname }}.{{ bind_zone_name }}.
{% endif %}
{% if bind_zone_hosts is defined %}
{% for host in bind_zone_hosts if host.ip.startswith(item) %}
{{ ('.'.join(host.ip.replace(item+'.','').split('.')[::-1])).ljust(8) }} IN PTR {{ host.name }}.{{ bind_zone_name }}.
{% endfor %}
{% else %}
{{ ('.'.join(ansible_default_ipv4.address.replace(item+'.','').split('.')[::-1])).ljust(8) }} IN PTR {{ ansible_hostname }}.{{ bind_zone_name }}.
{% endif %}
//
// named.conf
//
// {{ ansible_managed }}
//
options {
listen-on port 53 { {{ bind_listen_ipv4|join(';') }}; };
listen-on-v6 port 53 { {{ bind_listen_ipv6|join(';') }}; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { {{ bind_allow_query|join(';') }}; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion {{ bind_recursion }};
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "{{ bind_zone_name }}" IN {
type slave;
masters { {{ bind_zone_master_server_ip }}; };
file "{{ bind_zone_name }}";
};
{% if bind_zone_networks is defined %}
{% for network in bind_zone_networks %}
zone "{{ network|reverse_lookup_zone }}" IN {
type slave;
masters { {{ bind_zone_master_server_ip }}; };
file "{{ network|reverse_lookup_zone }}";
};
{% endfor %}
{% endif %}
# vi: set ft=ruby
require 'rbconfig'
ROLE_NAME = 'bind'
BASE_NAME = 'test' + ROLE_NAME
hosts = [
{ name: 'master', ip: '192.168.56.53' },
{ name: 'slave' , ip: '192.168.56.54' }
]
VAGRANTFILE_API_VERSION = '2'
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = 'centos71-nocm'
config.vm.box_url = 'https://tinfbo2.hogent.be/pub/vm/centos71-nocm-1.0.16.box'
hosts.each do |host|
host_name = BASE_NAME + host[:name]
config.vm.define host_name do |node|
node.vm.hostname = host_name
node.vm.network 'private_network', ip: host[:ip]
node.vm.provision 'ansible' do |ansible|
ansible.playbook = 'test.yml' # Elaborate test that shows all features
# ansible.playbook = 'test-bare.yml' # Minimal test case
end
end
end
end
[defaults]
filter_plugins = filter_plugins/
#! /usr/bin/env bats
#
# Acceptance test for the configuration defined in test.yml.
#
# Variable ${ns_ip} should be set outside of this script, e.g.
#
# ns_ip=192.168.56.53 bats dns.bats
domain=example.com
#{{{ Helper functions
# Perform a forward lookup
# Usage: forward_lookup HOSTNAME EXPECTED_IP
forward_lookup() {
result="$(dig @${ns_ip} $1.${domain} +short)"
expected=$2
[ "${expected}" = "${result}" ]
}
# Perform a forward lookup with aliases
# Usage: alias_lookup ALIAS EXPECTED_HOSTNAME EXPECTED_IP
alias_lookup() {
result="$(dig @${ns_ip} $1.${domain} +short)"
expected_hostname="${2}.${domain}."
expected_ip=$3
echo ${result} | grep ${expected_ip}
echo ${result} | grep ${expected_hostname}
}
# Perform a reverse lookup
# Usage: reverse_lookup IP EXPECTED_HOSTNAME
reverse_lookup() {
result="$(dig @${ns_ip} -x ${1} +short)"
expected="${2}.${domain}."
[ "${expected}" = "${result}" ]
}
#}}}
@test 'The `dig` command should be installed' {
which dig
}
@test 'It should return the NS record(s)' {
result="$(dig @${ns_ip} ${domain} NS +short)"
[ -n "${result}" ] # The result should not be empty
}
@test 'It should be able to resolve host names' {
forward_lookup testbindmaster 192.168.56.53
forward_lookup testbindslave 192.168.56.54
forward_lookup web 192.168.56.20
forward_lookup mail 192.168.56.21
forward_lookup priv0001 172.16.0.10
forward_lookup priv0002 172.16.0.11
}
@test 'It should be able to do reverse lookups' {
reverse_lookup 192.168.56.53 testbindmaster
reverse_lookup 192.168.56.54 testbindslave
reverse_lookup 192.168.56.20 web
reverse_lookup 192.168.56.21 mail
reverse_lookup 172.16.0.10 priv0001
reverse_lookup 172.16.0.11 priv0002
}
@test 'It should be able to resolve aliases' {
alias_lookup ns1 testbindmaster 192.168.56.53
alias_lookup ns2 testbindslave 192.168.56.54
alias_lookup www web 192.168.56.20
alias_lookup smtp mail 192.168.56.21
alias_lookup imap mail 192.168.56.21
}
@test 'It should return the MX record(s)' {
result="$(dig @${ns_ip} ${domain} MX +short)"
expected="10 mail.${domain}."
[ "${expected}" = "${result}" ]
}
#! /usr/bin/bash
#
# Author: Bert Van Vreckem <bert.vanvreckem@gmail.com>
#
# The script installs BATS if needed. It's best to put ${bats_install_dir} in
# your .gitignore.
set -o errexit # abort on nonzero exitstatus
set -o nounset # abort on unbound variable
#{{{ Variables
test_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
bats_repo_url="https://github.com/sstephenson/bats.git"
bats_install_dir="${test_dir}/bats"
bats="${bats_install_dir}/libexec/bats"
ns_ips="192.168.56.53 192.168.56.54"
# color definitions
Blue='\e[0;34m'
Yellow='\e[0;33m'
Reset='\e[0m'
#}}}
# Script proper
# Install BATS if needed
if [ ! -d "${bats_install_dir}" ]; then
git clone "${bats_repo_url}" "${bats_install_dir}"
rm -rf "${bats_install_dir}/.git*"
fi
# Run the test script on both master and slave server
for sut in ${ns_ips}; do
echo -e "${Blue}Testing ${Yellow}${sut}${Reset}"
ns_ip=${sut} ${bats} ${test_dir}/dns.bats
done
---
- hosts: all
sudo: true
roles:
- bind
---
- hosts: all
sudo: true
vars:
bind_listen_ipv4:
- 'any'
bind_listen_ipv6:
- 'any'
bind_allow_query:
- '192.168.56.0/24'
- '127.0.0.0/8'
bind_zone_name: 'example.com'
bind_zone_networks:
- '192.168.56'
- '172.16'
bind_zone_master_server_ip: '192.168.56.53'
bind_zone_name_servers:
- 'testbindmaster'
- 'testbindslave'
bind_zone_mail_servers:
- name: 'mail'
preference: '10'
bind_zone_hosts:
- name: 'testbindmaster'
ip: '192.168.56.53'
aliases:
- ns1
- name: 'testbindslave'
ip: '192.168.56.54'
aliases:
- ns2
- name: 'web'
ip: '192.168.56.20'
aliases:
- www
- name: 'mail'
ip: '192.168.56.21'
aliases:
- smtp
- imap
- name: 'priv0001'
ip: '172.16.0.10'
- name: 'priv0002'
ip: '172.16.0.11'
roles:
- bind
# roles/bind/vars/main.yml
---
bind_packages:
- bind
- bind-utils
bind_service: named
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
---
# defaults file for cartertdte.mta
[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc
# mongod.conf
# for documentation of all options, see:
# http://docs.mongodb.org/manual/reference/configuration-options/
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: /var/log/mongodb/mongod.log
# Where and how to store data.
storage:
dbPath: /var/lib/mongo
journal:
enabled: true
# engine:
# mmapv1:
# wiredTiger:
# how the process runs
processManagement:
fork: true # fork and run in background
pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile
# network interfaces
net:
port: 27017
bindIp: 0.0.0.0 # Listen to local interface only, comment to listen on all interfaces.
#security:
#operationProfiling:
#replication:
#sharding:
## Enterprise-Only Options
#auditLog:
#snmp:
env NODE_TLS_REJECT_UNAUTHORIZED=0;
env zbox_rbac_config=/var/www/zbox-manager-rbac/config.json;
[nodesource]
name=Node.js Packages for Enterprise Linux 6 - $basearch
baseurl=https://rpm.nodesource.com/pub_5.x/el/6/$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/NODESOURCE-GPG-SIGNING-KEY-EL
[nodesource-source]
name=Node.js for Enterprise Linux 6 - $basearch - Source
baseurl=https://rpm.nodesource.com/pub_5.x/el/6/SRPMS
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/NODESOURCE-GPG-SIGNING-KEY-EL
gpgcheck=1
passenger_root /usr/lib/ruby/1.8/phusion_passenger/locations.ini;
passenger_ruby /opt/rh/ruby193/root/usr/bin/ruby;
passenger_instance_registry_dir /var/run/passenger-instreg;
[passenger]
name=passenger
baseurl=https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
[passenger-source]
name=passenger-source
baseurl=https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/SRPMS
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
upstream pdns {
server localhost:8091;
}
server {
listen 8081;
server_name pdns;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header x-api-key 'otto';
proxy_pass http://pdns/;
proxy_buffering off;
proxy_read_timeout 300s;
gzip off;
}
client_max_body_size 4G;
keepalive_timeout 10;
}
[pdns-MIND]
name=PowerDNS server packages for RHEL6 and friends.
baseurl=https://www.monshouwer.eu/download/3rd_party/pdns/el6/$basearch/
gpgcheck=0
enabled=1
search zboxapp.dev
nameserver 127.0.0.1
nameserver 8.8.8.8
# Conf para ZBOX-RBAC
server {
listen 8070;
server_name rbac-manager.zboxapp.com;
error_log /var/log/nginx/rbac-error.log warn;
access_log /var/log/nginx/rbac-access.log;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
root /var/www/zbox-manager-rbac;
passenger_enabled on;
# Tell Passenger that your app is a Node.js app
passenger_app_type node;
passenger_startup_file /var/www/zbox-manager-rbac/lib/index.js;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/xml application/javascript application/json;
client_max_body_size 4G;
keepalive_timeout 10;
}
{
"port": 30000,
"zimbra_url": "https://localhost:7071/service/admin/soap"
}
---
# handlers file for cartertdte.mta
- name: postfix restart
service: name=postfix state=restarted
\ No newline at end of file
---
galaxy_info:
author: your name
description:
company: your company (optional)
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: license (GPLv2, CC-BY, etc)
min_ansible_version: 1.2
#
# Below are all platforms currently available. Just uncomment
# the ones that apply to your role. If you don't see your
# platform on this list, let us know and we'll get it added!
#
#platforms:
#- name: EL
# versions:
# - all
# - 5
# - 6
# - 7
#- name: GenericUNIX
# versions:
# - all
# - any
#- name: Fedora
# versions:
# - all
# - 16
# - 17
# - 18
# - 19
# - 20
#- name: SmartOS
# versions:
# - all
# - any
#- name: opensuse
# versions:
# - all
# - 12.1
# - 12.2
# - 12.3
# - 13.1
# - 13.2
#- name: Amazon
# versions:
# - all
# - 2013.03
# - 2013.09
#- name: GenericBSD
# versions:
# - all
# - any
#- name: FreeBSD
# versions:
# - all
# - 8.0
# - 8.1
# - 8.2
# - 8.3
# - 8.4
# - 9.0
# - 9.1
# - 9.1
# - 9.2
#- name: Ubuntu
# versions:
# - all
# - lucid
# - maverick
# - natty
# - oneiric
# - precise
# - quantal
# - raring
# - saucy
# - trusty
#- name: SLES
# versions:
# - all
# - 10SP3
# - 10SP4
# - 11
# - 11SP1
# - 11SP2
# - 11SP3
#- name: GenericLinux
# versions:
# - all
# - any
#- name: Debian
# versions:
# - all
# - etch
# - lenny
# - squeeze
# - wheezy
#
# Below are all categories currently available. Just as with
# the platforms above, uncomment those that apply to your role.
#
#categories:
#- cloud
#- cloud:ec2
#- cloud:gce
#- cloud:rax
#- clustering
#- database
#- database:nosql
#- database:sql
#- development
#- monitoring
#- networking
#- packaging
#- system
#- web
dependencies: []
# List your role dependencies here, one per line. Only
# dependencies available via galaxy should be listed here.
# Be sure to remove the '[]' above if you add dependencies
# to this list.
---
# tasks file for cartertdte.mta
- name: RH Install epel-release
yum: name=epel-release update_cache=yes
- name: Deshabilita SELINUX
lineinfile: dest=/etc/sysconfig/selinux regexp=^SELINUX= line=SELINUX=disabled
- name: Instala paquetes Base
yum: name={{ item }} state=present
with_items:
- "{{ system_packages }}"
- name: Copia resolv.conf
copy: src=resolv.conf dest=/etc/resolv.conf
- name: Copia pdns.repo
copy: src=pdns.repo dest=/etc/yum.repos.d/pdns.repo
- name: Copia mongo.repo
copy: src=mongo.repo dest=/etc/yum.repos.d/mongo.repo
- name: "Copia NGinx FS"
copy: src=nginx-filesystem-1.10.0-8.p5.0.29.el6.noarch.rpm dest=/tmp/nginx-filesystem-1.10.0-8.p5.0.29.el6.noarch.rpm
- name: Copia repo de Nodejs
copy: src=node.repo dest=/etc/yum.repos.d/nodesource-el.repo
- name: Desactiva SELINUX
selinux: state=disabled
- name: Instala todos los Fucking paquetes
yum: name={{ item }} state=present disable_gpg_check=yes
with_items:
- nodejs
- curl-devel
- GeoIP
- gd
- gperftools
- pcre
- libev
- git
- name: Copia hosts
template:
src: hosts.j2
dest: /etc/hosts
owner: root
mode: '0644'
- name: Desahbilita postfix
service: name=postfix state=stopped enabled=no
- name: Desahbilita iptables
service: name=firewalld state=stopped enabled=no
127.0.0.1 localhost.localdomain localhost
{{ ansible_all_ipv4_addresses|last }} {{ansible_nodename}} {{ansible_hostname}}
---
# vars file for cartertdte.mta
system_packages:
- screen
- wget
- curl
- sysstat
- nc
- wget
- links
- perl
- ntp
- ntpdate
- strace
- telnet
- nmap
- traceroute
- bind-utils
- tcpdump
- tzdata
- zsh
- vim
- dos2unix
- libselinux-python
- python-pycurl
- mailx
- unzip
\ No newline at end of file
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
search localdomain zboxapp.dev
nameserver 127.0.0.1
---
# handlers file for cartertdte.mta
- name: postfix restart
service: name=postfix state=restarted
\ No newline at end of file
---
galaxy_info:
author: your name
description:
company: your company (optional)
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: license (GPLv2, CC-BY, etc)
min_ansible_version: 1.2
#
# Below are all platforms currently available. Just uncomment
# the ones that apply to your role. If you don't see your
# platform on this list, let us know and we'll get it added!
#
#platforms:
#- name: EL
# versions:
# - all
# - 5
# - 6
# - 7
#- name: GenericUNIX
# versions:
# - all
# - any
#- name: Fedora
# versions:
# - all
# - 16
# - 17
# - 18
# - 19
# - 20
#- name: SmartOS
# versions:
# - all
# - any
#- name: opensuse
# versions:
# - all
# - 12.1
# - 12.2
# - 12.3
# - 13.1
# - 13.2
#- name: Amazon
# versions:
# - all
# - 2013.03
# - 2013.09
#- name: GenericBSD
# versions:
# - all
# - any
#- name: FreeBSD
# versions:
# - all
# - 8.0
# - 8.1
# - 8.2
# - 8.3
# - 8.4
# - 9.0
# - 9.1
# - 9.1
# - 9.2
#- name: Ubuntu
# versions:
# - all
# - lucid
# - maverick
# - natty
# - oneiric
# - precise
# - quantal
# - raring
# - saucy
# - trusty
#- name: SLES
# versions:
# - all
# - 10SP3
# - 10SP4
# - 11
# - 11SP1
# - 11SP2
# - 11SP3
#- name: GenericLinux
# versions:
# - all
# - any
#- name: Debian
# versions:
# - all
# - etch
# - lenny
# - squeeze
# - wheezy
#
# Below are all categories currently available. Just as with
# the platforms above, uncomment those that apply to your role.
#
#categories:
#- cloud
#- cloud:ec2
#- cloud:gce
#- cloud:rax
#- clustering
#- database
#- database:nosql
#- database:sql
#- development
#- monitoring
#- networking
#- packaging
#- system
#- web
dependencies: []
# List your role dependencies here, one per line. Only
# dependencies available via galaxy should be listed here.
# Be sure to remove the '[]' above if you add dependencies
# to this list.
# roles/bind/tasks/confgiure_zimbra.yml
# Configuration of Zimbra
---
- name: Copy configuration file
template:
src: zimbra_configuration.conf.j2
dest: /tmp/zimbra_configuration.conf
owner: zimbra
mode: '0644'
- name: Run Zimbra zmsetup.pl
command: /opt/zimbra/libexec/zmsetup.pl -c /tmp/zimbra_configuration.conf
# roles/bind/tasks/install_zimbra.yml
# Install Zimbra Software
---
- name: Untar Zimbra src
unarchive: src=/opt/src/{{ zimbra_file }}.tgz dest=/tmp/ copy=no
- name: Install Zimbra Software
shell: yes 'Y' | /tmp/{{ zimbra_file }}/install.sh -s --platform-override -x
args:
chdir: /tmp/{{ zimbra_file }}/
creates: /opt/zimbra/bin/zmprov
- name: Remove Zimbra src
file: path=/tmp/{{ zimbra_file }} state=absent
---
# tasks file for cartertdte.mta
- name: Install Zimbra Dependencies
yum: name={{ item }} state=present
with_items:
- "{{ zimbra_required_packages }}"
- name: Create Source Software Directory
file: path=/opt/src state=directory
- name: 'Download Zimbra .tgz file'
get_url: url={{ zimbra_download_url }} dest=/opt/src/{{ zimbra_file }}.tgz timeout=60 sha256sum={{ zimbra_256sum_file }}
- name: Check if Zimbra is installed
stat: path=/opt/zimbra/bin/zmprov
register: zimbra_check_installation
- include: install_zimbra.yml
when: zimbra_check_installation.stat.islnk is not defined
- name: Check if Zimbra is configured
command: /opt/zimbra/bin/zmprov gd {{ zimbra_default_domain }}
ignore_errors: yes
register: zimbra_check_configuration
- include: configure_zimbra.yml
when: zimbra_check_configuration.rc != 0
- include: provision_zimbra.yml
- name: Detiene zimbra Proxy
command: /opt/zimbra/bin//opt/zimbra/bin/zmproxyctl stop
ignore_errors: yes
- name: Disable zimbra Proxy
command: /opt/zimbra/bin/zmprov gs {{ ansible_nodename }} -zimbraServiceEnabled proxy
ignore_errors: yes
# roles/bind/tasks/provision_zimbra.yml
# Provision Zimbra with users and etc.
---
- name: Copy provisioning file
template:
src: zimbra_provisioning.j2
dest: /tmp/zimbra_provisioning
owner: zimbra
mode: '0644'
- name: Provision Zimbra
sudo_user: zimbra
shell: /opt/zimbra/bin/zmprov < /tmp/zimbra_provisioning
CREATEADMINPASS="{{ zimbra_password }}"
LDAPAMAVISPASS="{{ zimbra_password }}"
LDAPPOSTPASS="{{ zimbra_password }}"
LDAPROOTPASS="{{ zimbra_password }}"
LDAPADMINPASS="{{ zimbra_password }}"
LDAPREPPASS="{{ zimbra_password }}"
ldap_nginx_password="{{ zimbra_password }}"
ldap_bes_searcher_password="{{ zimbra_password }}"
AVDOMAIN="{{ zimbra_default_domain }}"
AVUSER="admin@{{ zimbra_default_domain }}"
CREATEADMIN="admin@{{ zimbra_default_domain }}"
CREATEDOMAIN="{{ zimbra_default_domain }}"
DOCREATEADMIN="yes"
DOCREATEDOMAIN="yes"
EXPANDMENU="no"
HOSTNAME="{{ ansible_nodename }}"
DOTRAINSA="yes"
ENABLEGALSYNCACCOUNTS=""
{% if zimbra_cos is defined %}
{% for cos_name in zimbra_cos %}
cc {{ cos_name }}
{% endfor %}
{% endif %}
{% if zimbra_domains is defined %}
{% for domain in zimbra_domains %}
cd {{ domain.name }}
md {{ domain.name }} businessCategory {{ domain.bcategory | default('--')}}
{% if domain.attrs is defined %}
{% for attr in domain.attrs %}
md {{ domain.name }} {{ attr }}
{% endfor %}
{% endif %}
{% if domain.alias is defined %}
{% for alias in domain.alias %}
createAliasDomain {{ alias }} {{ domain.name }} zimbraMailCatchAllForwardingAddress @{{ domain.name }} businessCategory {{ domain.bcategory | default('--')}}
{% endfor %}
{% endif %}
{% if domain.accounts is defined %}
{% for account in domain.accounts %}
ca {{ account.name }} {{ account.password | default(12345678)}} zimbraIsAdminAccount {{ account.zimbra_is_admin_account | default('FALSE')}} zimbraAccountStatus {{ account.account_status | default('active') }}
{% if account.extra is defined %}
ma {{ account.name }} {{ account.extra }}
{% endif %}
{% if account.delegated_admin_account is defined %}
ma {{ account.name }} zimbraIsDelegatedAdminAccount TRUE
grr domain {{ domain.name }} usr {{ account.name }} domainAdminRights
{% endif %}
{% if account.cos_name is defined %}
sac {{ account.name }} {{ account.cos_name }}
{% endif %}
{% if domain.alias is defined %}
createAliasDomain {{ domain.alias }} {{ domain.name }}
{% endif %}
{% endfor %}
{% endif %}
{% if domain.admins is defined %}
{% for admin in domain.admins %}
grr domain {{ domain.name }} usr {{ admin }} domainAdminRights
{% endfor %}
{% endif %}
{% if domain.distribution_lists is defined %}
{% for dl in domain.distribution_lists %}
cdl {{ dl.name }}
{% if dl.members is defined %}
{% for member in dl.members %}
adlm {{ dl.name }} {{ member }}
{% endfor %}
{% endif %}
{% if dl.authorized_senders is defined %}
{% for user in dl.authorized_senders %}
grr dl {{ dl.name }} usr {{ user }} sendToDistList
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
This diff is collapsed.
### Linux ###
*~
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
### Vim ###
[._]*.s[a-w][a-z]
[._]s[a-w][a-z]
*.un~
Session.vim
.netrwhist
*~
# test-kitchen relates
.kitchen/
.kitchen.local.yml
---
driver:
name: ec2
aws_ssh_key_id: "<%= ENV['AWS_SSH_KEY_ID']%>"
instance_type: t2.micro
region: eu-central-1
availability_zone: eu-central-1b
transport:
ssh_key: "<%= ENV['AWS_SSH_KEY']%>"
provisioner:
name: ansible_playbook
hosts: localhost
ansible_verbose: true
ansible_verbosity: 4
platforms:
- name: ubuntu-14.04
driver:
image_id: ami-accff2b1
transport:
username: ubuntu
- name: debian-8.1
driver:
image_id: ami-b092aaad
provisioner:
require_ansible_repo: false
require_ansible_omnibus: true
transport:
username: admin
- name: centos-7.1
driver:
image_id: ami-7cc4f661
transport:
username: centos
provisioner:
enable_yum_epel: true
suites:
- name: default
- name: pdnsrepo
excludes:
- ubuntu-14.04
- name: allpkgs
PowerDNS Authoritative Server
=============================
An Ansible role created by the folks behind PowerDNS to install and configure
the PowerDNS Authoritative Server.
Even though PowerDNS supports numerous backends, database servers are not (and
will not) be installed by this role.
This role is considered alpha quality at the moment, but issues and pull requests
are accepted.
Requirements
------------
An Ansible installation.
Role Variables
--------------
### pdns_backends
A dict that allows you configure the backends, this also installs the correct
packages for these backends. By default, no backends are installed and PowerDNS
will be unable to start.
### pdns_config
A dict detailing the configuration of PowerDNS. You should not set the following
options here (other variables set these):
* config-dir
* set-uid
* set-gid
* any backend related options
See below for an example.
### pdns_config_dir
The directory where the configuration (`pdns.conf`) is stored. '/etc/powerdns'
by default.
### pdns_installation_type
How to install PowerDNS, either 'packages' or 'source'. 'packages' by default.
### pdns_repo_provider
When using 'packages' for pdns_installation_type, use operating system packages
('os') or the PowerDNS repository ('PowerDNS'). This is 'os' by default.
### pdns_repo_branch
When installing from the PowerDNS repository, what branch should be installed?
Currently only 'master' is supported.
### pdns_user
The user to run PowerDNS as, this is 'pdns' by default. This user is not (yet)
created.
### pdns_group
The group to run PowerDNS as, this is 'pdns' by default. This group is not (yet)
created.
Example Playbook
----------------
Run as a master using the bind backend (when you already have a named.conf):
```
- hosts: ns1.example.net
roles:
- role: PowerDNS.pdns
vars:
pdns_config:
master: true
local-address: '192.0.2.53'
pdns_backends:
bind:
config: '/etc/named/named.conf'
```
Run the PowerDNS masterbranch from a package from repo.powerdns.com as a slave
with the MySQL backend:
```
- hosts: ns2.example.net
roles:
- role: PowerDNS.pdns
vars:
pdns_config:
master: false
slave: true
local-address: '192.0.2.54'
pdns_backends:
gmysql:
host: 192.0.2.120
port: 3306
user: powerdns
password: P0w3rDn5
dbname: pdns
pdns_repo_provider: 'powerdns'
pdns_repo_branch: 'master'
```
Run as a master on port 5300, using two different PostgreSQL databases:
```
- hosts: ns2.example.net
roles:
- role: PowerDNS.pdns
vars:
pdns_config:
master: true
local-port: 5300
local-address: '192.0.2.111'
pdns_backends:
'gpgsql:serverone':
host: 192.0.2.124
user: powerdns
password: P0w3rDn5
dbname: pdns2
'gpgsql:otherserver':
host: 192.0.2.125
user: root
password: root
dbname: dns
```
License
-------
(C) 2015 - PowerDNS.COM BV
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Author Information
------------------
Pieter Lexis <pieter.lexis@powerdns.com>
To Do
-----
* Travis CI testing (kitchen + AWS?)
* Installation from source
---
pdns_installation_type: packages
pdns_repo_provider: os
# XXX: stable doesnt work ye
pdns_repo_branch: stable
# The user and group to run as.
# NOTE: at the moment, we don't create a user as we assume the package creates
# a "pdns" user and group. If you change these variables, make sure to create
# the user and groups before applying this role
pdns_user: pdns
pdns_group: pdns
# The directory where the config is located
pdns_config_dir: '/etc/powerdns'
# pdns_config: A dict containing all configuration options, except for backend
# configuration and the "config-dir", "setuid" and "setgid" directives.
# NOTE: Right now, we don't verify the options when configuring the server.
#
# Example:
# pdns_config:
# master: yes
# slave: no
# local-address: '192.0.2.53'
# local-ipv6: '2001:DB8:1::53'
# local-port: '5300'
pdns_config: {}
# pdns_backends: A dict with all the backends you'd like to have. You can use
# the multiple backends of the same kind by using {backend}-{instance_name}.
#
# For example:
# pdns_backends:
# 'gmysql:one':
# 'user': root
# 'host': 127.0.0.1
# 'password': root
# 'dbname': pdns
# 'gmysql:two':
# 'user': pdns_user
# 'host': 192.0.2.15
# 'password': my_password
# 'dbname': dns
# 'bind':
# 'config': '/etc/named/named.conf'
# 'hybrid': yes
# 'dnssec-db': '{{pdns_config_dir/dnssec.db}}'
#
# This default starts just the bind-backend with an empty config file
pdns_backends:
bind:
config: '/dev/null'
# Dependencies to build PowerDNS on different distros
pdns_debian_dependencies: []
pdns_rhel_dependencies: []
# Dependency packages per backend
pdns_backend_debian_dependencies: {}
pdns_backend_rhel_dependencies: {}
<?php
/**
* Sample configuration file with default values
*
* @package Poweradmin
* @copyright 2007-2010 Rejo Zenger <rejo@zenger.nl>
* @copyright 2010-2014 Poweradmin Development Team
* @license http://opensource.org/licenses/GPL-3.0 GPL
*/
// NOTE: Do not edit this file, otherwise it's very likely your changes
// will be overwritten with an upgrade.
// Instead, create the file "inc/config.inc.php" and set the variables you
// want to set there. Your changes will override the defaults provided by us.
// Better description of available configuration settings you can find here:
// <https://github.com/poweradmin/poweradmin/wiki/Configuration-File>
// Database settings
$db_host = 'localhost';
$db_port = '3306';
$db_user = 'powerdns';
$db_pass = 'N0melaP1LLA';
$db_name = 'powerdnsdb';
$db_type = 'mysql';
//$db_file = ''; # used only for SQLite, provide full path to database file
//$db_debug = false; # show all SQL queries
$db_layer = 'PDO'; # or MDB2
//$db_ssl_ca = '';
// Security settings
// This should be changed upon install
$session_key = 'p0w3r4dm1nquenomelapillaNICA';
$password_encryption = 'md5'; // or md5salt
// Interface settings
$iface_lang = 'en_EN';
$iface_style = 'example';
$iface_rowamount = 50;
$iface_expire = 1800;
$iface_zonelist_serial = false;
$iface_title = 'Poweradmin';
$iface_add_reverse_record = true;
// Predefined DNS settings
$dns_hostmaster = 'dns.zboxapp.com';
$dns_ns1 = 'ns-01.zboxapp.com';
$dns_ns2 = 'ns-02.zboxapp.com';
$dns_ttl = 900;
$dns_fancy = false;
$dns_strict_tld_check = false;
$dns_top_level_tld_check = false; // Don't allow to create top level TLDs
$dns_third_level_check = false;
// Timezone settings
// See <http://www.php.net/manual/en/timezones.php> for help.
//$timezone = 'UTC';
// Logging settings
// Syslog usage - writes authentication attempts to syslog
// This facility could be used in combination with fail2ban to
// ban IPs with break-in attempts
$syslog_use = false;
$syslog_ident = 'poweradmin';
// On Windows usually only LOG_USER is available
$syslog_facility = LOG_USER;
// PowerDNSSEC settings
$pdnssec_use = false;
$pdnssec_command = '/usr/bin/pdnssec';
// LDAP settings
$ldap_use = false;
$ldap_debug = false;
$ldap_uri = 'ldap://domaincontroller.example.com';
$ldap_basedn = 'OU=Users,DC=example,DC=com';
$ldap_binddn = 'GROUP\lookupuser';
$ldap_bindpw = 'some_password';
$ldap_user_attribute = 'sAMAccountName';
$ldap_proto = 3;
Package: pdns-*
Pin: origin repo.powerdns.com
Pin-Priority: 600
CREATE TABLE domains (
id INT AUTO_INCREMENT,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE TABLE records (
id INT AUTO_INCREMENT,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(10) DEFAULT NULL,
content VARCHAR(64000) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
disabled TINYINT(1) DEFAULT 0,
ordername VARCHAR(255) BINARY DEFAULT NULL,
auth TINYINT(1) DEFAULT 1,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);
CREATE TABLE supermasters (
ip VARCHAR(64) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;
CREATE TABLE comments (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) NOT NULL,
comment VARCHAR(64000) NOT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE domainmetadata (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
kind VARCHAR(32),
content TEXT,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
CREATE TABLE cryptokeys (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
flags INT NOT NULL,
active BOOL,
content TEXT,
PRIMARY KEY(id)
) Engine=InnoDB;
CREATE INDEX domainidindex ON cryptokeys(domain_id);
CREATE TABLE tsigkeys (
id INT AUTO_INCREMENT,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);
---
- name: Restart PowerDNS
service: name=pdns state=restarted
---
galaxy_info:
author: Pieter Lexis
description: PowerDNS Authoritative Server role
company: PowerDNS.COM BV
license: GPLv2
min_ansible_version: 0.9
platforms:
- name: EL
versions:
- 6
- 7
- name: Debian
versions:
- jessie
categories:
- system
dependencies: []
---
- name: Ensure the PowerDNS configuration directory exists
file: name={{pdns_config_dir | default('/etc/powerdns')}} state=directory owner="root" group="root"
- name: Add configuration for PowerDNS
template: src=pdns.conf.j2 dest={{pdns_config_dir | default('/etc/powerdns')}}/pdns.conf
notify: Restart PowerDNS
---
- name: Check pdns_repo_provider
fail: msg="pdns_repo_provider is neither 'powerdns' nor 'os'"
when: pdns_repo_provider not in ["os", "powerdns"]
# XXX: Is this handy to check ( I guess... no)
- name: Check pdns_repo_branch
fail: msg="pdns_repo_branch isn't set to a known branch"
when: pdns_repo_provider == "powerdns" and pdns_repo_branch not in ["master"]
- name: Add the PowerDNS repository key
apt_key: url=http://repo.powerdns.com/CBC8B383-pub.asc id=D47975F8DAE32700A563E64FFF389421CBC8B383
when: pdns_repo_provider == "powerdns" and pdns_repo_branch == "master"
- name: apt-pin the PowerDNS packages to the PowerDNS repo
copy: dest='/etc/apt/preferences.d/pdns' src=pdns.pin owner=root group=root mode=0644
when: pdns_repo_provider == "powerdns"
# XXX: These repo's don't exist yet
#- name: Add the PowerDNS repository key
# apt_key: url=http://repo.powerdns.com/FD380FBB-pub.asc id=9FAAA5577E8FCF62093D036C1B0C6205FD380FBB
# when: pdns_repo_provider == "powerdns" pdns_repo_branch in ["4", "stable"]
- name: Add the PowerDNS repository
apt_repository: repo="deb http://repo.powerdns.com/{{ansible_distribution | lower}} {{ansible_distribution_release|lower}}-auth-{{pdns_repo_branch}} main"
when: pdns_repo_provider == "powerdns"
- name: Install the main PowerDNS package
apt: name=pdns-server state=present update_cache=yes
- name: Install Geo module package
apt: pkg=pdns-backend-geo state=installed
when: item.startswith('geo') and not item.startswith('geoip')
with_items: pdns_backends.keys()
- name: Install GeoIP module package
apt: pkg=pdns-backend-geoip state=installed
when: item.startswith('geoip')
with_items: pdns_backends.keys()
- name: Install MySQL module package
apt: pkg=pdns-backend-mysql state=installed
when: item.startswith('gmysql')
with_items: pdns_backends.keys()
- name: Install Postgresql module package
apt: pkg=pdns-backend-pgsql state=installed
when: item.startswith('gpgsql')
with_items: pdns_backends.keys()
- name: Install gsqlite3 module package
apt: pkg=pdns-backend-sqlite3 state=installed
when: item.startswith('gsqlite3')
with_items: pdns_backends.keys()
- name: Install ldap module package
apt: pkg=pdns-backend-ldap state=installed
when: item.startswith('ldap')
with_items: pdns_backends.keys()
- name: Install lmdb module package
apt: pkg=pdns-backend-lmdb state=installed
when: item.startswith('lmdb')
with_items: pdns_backends.keys()
- name: Install lua module package
apt: pkg=pdns-backend-lua state=installed
when: item.startswith('lua')
with_items: pdns_backends.keys()
- name: Install mydns module package
apt: pkg=pdns-backend-mydns state=installed
when: item.startswith('mydns')
with_items: pdns_backends.keys()
- name: Install pipe module package
apt: pkg=pdns-backend-pipe state=installed
when: item.startswith('pipe')
with_items: pdns_backends.keys()
- name: Install remote module package
apt: pkg=pdns-backend-remote state=installed
when: item.startswith('remote')
with_items: pdns_backends.keys()
- name: Install tinydns module package
apt: pkg=pdns-backend-tinydns state=installed
when: item.startswith('tinydns')
with_items: pdns_backends.keys()
---
- name: RH Check pdns_repo_provider
fail: msg="pdns_repo_provider is neither 'powerdns' nor 'os'"
when: pdns_repo_provider not in ["os", "powerdns"]
- name: RH Install yum-plugin-priorities
yum: name=yum-plugin-priorities state=installed
when: pdns_repo_provider == "powerdns"
- name: RH Add PowerDNS repository
get_url: url=https://repo.powerdns.com/repo-files/{{ansible_distribution | lower()}}-auth-{{pdns_repo_branch}}.repo dest=/etc/yum.repos.d/powerdns-auth-{{pdns_repo_branch}}.repo
# get_url: url=https://repo.powerdns.com/repo-files/centos-auth-master.repo dest=/etc/yum.repos.d/powerdns-auth-master.repo
when: pdns_repo_provider == "powerdns"
- name: RH Install epel-release
yum: name=epel-release update_cache=yes
- name: RH Install the PowerDNS package
yum: name=pdns state=installed
- name: RH Install MySQL module package
yum: pkg=pdns-backend-mysql state=installed
---
- include: pre-pdns-install.yml
when: pdns_installation_type == "packages" and ansible_os_family == "RedHat" or ansible_distribution == "CentOS"
#- include: install.packages-debian.yml
# when: pdns_installation_type == "packages" and ansible_os_family == "Debian"
# tags:
# - packages
# - install
- include: install.packages-redhat.yml
when: pdns_installation_type == "packages" and ansible_os_family == "RedHat" or ansible_distribution == "CentOS"
tags:
- packages
- install
- include: configuration.yml
tags:
- conf
- config
- configuration
- name: Start and enable the PowerDNS service
service: name=pdns state=started enabled=true
---
- name: Instala MySQL-python
yum: name=MySQL-python state=present
- name: Instala MariaDBL Server
yum: name={{ item }} state=present
with_items:
- mysql
- mysql-server
- mysql-libs
ignore_errors: yes
- name: Habilita MySQL
service: name=mysqld state=started enabled=yes
- name: Crea DB PowerDNS MySQL
mysql_db: name=powerdnsdb state=present
ignore_errors: true
- name: Crea usuario MySQL
mysql_user: name=powerdns password=12345678 priv=*.*:ALL,GRANT state=present
ignore_errors: true
- name: Copia pdns.sql
copy: src=pdns.sql dest=/tmp/pdns.sql owner=root group=root backup=yes
- name: Crea tablas PowerDNS
mysql_db: state=import name=powerdnsdb login_user=powerdns login_password=12345678 target=/tmp/pdns.sql
ignore_errors: true
config-dir={{pdns_config_dir}}
setuid={{ pdns_user }}
setgid={{ pdns_group }}
{% for config_item in pdns_config.keys() | sort %}
{% endfor %}
daemon=yes
disable-axfr=no
guardian=yes
log-dns-details=yes
log-dns-queries=yes
master=yes
slave=no
local-port=51
send-root-referral=lean
launch=
{% for backend in pdns_backends -%}
launch+={{backend}}
{% for backend_item in pdns_backends[backend] -%}
{{backend | replace(':', '-')}}-{{backend_item}}={{pdns_backends[backend][backend_item]}}
{% endfor %}
{%- endfor -%}
gmysql-dnssec
version-string="DNS IT Linux"
allow-axfr-ips={{ pdns_slaves }}
experimental-api-key=otto
experimental-json-interface=yes
webserver-address=0.0.0.0
webserver-allow-from=0.0.0.0/0
webserver-port=8091
webserver=yes
---
- hosts: localhost
roles:
- role: pdns-ansible
pdns_backends:
'gmysql': {}
'gpgsql': {}
'gsqlite3': {}
'geo': {}
'ldap': {}
'lmdb': {}
'lua': {}
'mydns': {}
'pipe': {}
'remote': {}
when: ansible_distribution == "Debian"
- role: pdns-ansible
pdns_backends:
'gmysql': {}
'gpgsql': {}
'gsqlite3': {}
'geo': {}
'ldap': {}
'lua': {}
'pipe': {}
when: ansible_distribution == "Ubuntu"
- role: pdns-ansible
pdns_backends:
'gmysql': {}
'gpgsql': {}
'gsqlite3': {}
'geo': {}
'ldap': {}
'lmdb': {}
'lua': {}
'mydns': {}
'pipe': {}
'remote': {}
'tinydns': {}
when: ansible_os_family == "RedHat"
require 'spec_helper'
%w(mysql pgsql sqlite3 geo ldap lmdb lua mydns pipe remote tinydns).each do |pkg|
case os[:family]
when 'redhat'
# Change the name of the package for RedHat based systems
pkg = 'sqlite' if pkg == 'sqlite3'
pkg = 'postgresql' if pkg == 'pgsql'
when 'debian'
next if pkg == 'tinydns'
when 'ubuntu'
next if %w(lmdb mydns tinydns remote ).include?(pkg)
end
describe package("pdns-backend-#{pkg}") do
it { should be_installed }
end
end
../../default/serverspec/spec_helper.rb
\ No newline at end of file
---
- hosts: localhost
roles:
- role: pdns-ansible
require 'spec_helper'
describe user('pdns') do
it { should exist }
it { should belong_to_group('pdns') }
end
describe service('pdns') do
it { should be_enabled }
it { should be_running }
end
describe port(53) do
it { should be_listening.with('udp') }
it { should be_listening.with('tcp') }
end
describe file('/etc/powerdns/pdns.conf') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe process('pdns_server'), :if => os[:family] != 'ubuntu' do
its(:user) { should eq "pdns" }
its(:group) { should eq "pdns" }
end
# Because we run inside a guardian, there are 2 processes in ubuntu, but we
# only see the first one
describe command('ps --user pdns -o user=,group=,cmd='), :if => os[:family] == 'ubuntu' do
its(:stdout) { should match /pdns pdns \/usr\/sbin\/pdns_server-instance --daemon --guardian=yes/ }
end
---
- hosts: localhost
roles:
- {role: pdns-ansible, pdns_repo_provider: 'powerdns', pdns_repo_branch: 'master'}
require 'spec_helper'
describe file('/etc/apt/preferences.d/pdns'), :if => os[:family] == 'debian' do
it { should be_file }
its(:content) { should contain "Package: pdns-*" }
its(:content) { should contain "Pin: origin repo.powerdns.com" }
its(:content) { should contain "Pin-Priority: 600" }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/yum.repos.d/powerdns-auth-master.repo'), :if => os[:family] == 'redhat' do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe command('/usr/sbin/pdns_server --version 2>&1') do
its(:stdout) { should match /0\.0\.\d+g/ }
end
../../default/serverspec/spec_helper.rb
\ No newline at end of file
---
# vars file for pdns-ansible
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment