Skip to content

Z
zimbra-admin-api-js
Commit a3455a86 authored by Elias Nahum's avatar Elias Nahum Committed by Juorder Antonio
Browse files
Options

modify structure for pagination, add store to domain, add only needed attrs... 

modify structure for pagination, add store to domain, add only needed attrs for getting all account.
parent 1ee083bf
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 3004 additions and 56 deletions
.vagrant/machines/default/virtualbox/action_provision 0 → 100644
View file @ a3455a86
1.5:5dc6ad1e-bcee-42fd-9310-3736c040cf90
\ No newline at end of file
.vagrant/machines/default/virtualbox/action_set_name 0 → 100644
View file @ a3455a86
1464106868
\ No newline at end of file
.vagrant/machines/default/virtualbox/id 0 → 100644
View file @ a3455a86
5dc6ad1e-bcee-42fd-9310-3736c040cf90
\ No newline at end of file
.vagrant/machines/default/virtualbox/index_uuid 0 → 100644
View file @ a3455a86
c4c8e8aa02ab4bcfa7eb51a3b350c71e
\ No newline at end of file
.vagrant/machines/default/virtualbox/private_key 0 → 100644
View file @ a3455a86
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAmOtAU9rkxwDGG8ug6vkfOwJ+Gm4+9T2vzf//4DY48Ud7Oux8
1q2JOCT/usGqOYxZ7zwok5bb3wQAnglRCyWZmpw4Kxzq5U8FCaHGZFddAs6Yiqqr
amipsQSzSmzZ5V0ASKXe6vk/WmGoL+RQuoCBwxvAZd9NhjPRROcI+vjnHZ+dLnwq
QDgG5cJsrzhhfRowGomcoYnk2U0rKxWWMmAWcOYiAiiBbUjW/0FZeL6TJq9TbhmV
bPcSGWxi63NUPPwZ8YHRHMB/OqaIbBGQTfb+rwopq+yHj2uqoqy+w+95H0vt7QCe
DvHcOD2iknsna66vBiU6yQzHCa7q1FAo5/F98QIDAQABAoIBAQCBvV6nhpkBqktq
u7o8gb6Yf0XkQNMTmRG2klNStE5dj0sjNA+6yCMaynFZzwQQrV6EViMLDTxgm3G2
o6rp7S3EenRBR9iXUxKwGFxNN74HKqdLRwAGWORX9ufy5iV8rwoVmP1nmK7CjQZ4
E5rWkT8G/V2gUPPiP8Z2UhpRbKoRe9HM0grgBC0wvXEyQ2l0CZMU5o5bJBi/ed62
qZu9xL9/CAyKdVIfR2CDUWXi+yHgS3+9kKloZNwwLxeCWaJEGtxUsWpe2oc7fD6c
UK/unpJcjqdO0SDX+78XLQYnOjt+flqpKlzvhQW+FUk89TfWssC+XBIXKbaSFEMP
QthLXBqdAoGBAMej2Awx6ahseRF9goDk7Fa9xFH2kj7V3w8bNDOQ5xfq83fz1yQf
sGDt6X8dajUPSBD5LnjiLIL2fovQGEfTV7eiCJekNQXMNvGCeLEFUnovjRP9FfL1
J/bMmVQzaito6UVIyrl0Ehw0OKzlu9MAW6Ka5cPdZhwAFTxDkJJjDXvjAoGBAMQW
1e9Qqz72w03x7XDF/B63Q+qKeEN+L39+XzjIWzkdmUrFvD7HrLqxWnZnwX+ZDVxD
IM8Rud3gAMc4hZLMIuk4jRFXMFYfay7W7SFPLZg2R31G5Q6mvSAPUCbQg/cOUbXh
XvATAhcxeHlo7WdS7LrzDhHssnN+tvtGp9LlWm8bAoGAChYGAT+4TVEFoNOVd0uZ
gRxfQcDSTKhjd5DpRz2n3zZ4jHPeR63uLEd4x3pF9l5KRslABs1ucENhy1B9GYvc
36MpCfg60Ysqr3LnBBJ/wzqJxxu/MyIdncNib7WVRJItTtnJnCr4C0K8JkgJADUB
bCqlNwsFcJ60c/H56NtmP/8CgYBFxjpp5bKJvRTR73wl3M1RwLSSCKOyoHwWSclo
UyLit/2L9cB+Nl7oL6OY7mKUHMn8QoayKASTRtoACcS975Wcl1rbCMNSYeupxyCp
8ZqvxuC5Wzi2de5mMgy7QwcyKg45QfCeTKU5y4iq6wNO+Nrzyvj+t9Ln9fb2grXE
/YeocQKBgQCAU7aq4U6Fm6nWL9n8pzkn+A2YHWnk9TfwMsnY3Q91Gu6/PSOvO0Qj
4YI4Tm5kPnmxqCl9NTu81cS9+x5Pc6jFqXOIM1hoLYNsyxUSd223eugO9jNpEs3W
5infFbB4MO5fGUAfXYav0BNpI1o9EugP9A9iX2PgBMwMtG7sI3k8Ig==
-----END RSA PRIVATE KEY-----
.vagrant/machines/default/virtualbox/synced_folders 0 → 100644
View file @ a3455a86
{"virtualbox":{"/opt/zimbra/zimlets-deployed/_dev":{"guestpath":"/opt/zimbra/zimlets-deployed/_dev","hostpath":"/Applications/MAMP/htdocs/manager-react/src","disabled":false,"__vagrantfile":true},"/vagrant":{"guestpath":"/vagrant","hostpath":"/Applications/MAMP/htdocs/manager-react","disabled":false,"__vagrantfile":true}}}
\ No newline at end of file
.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory 0 → 100644
View file @ a3455a86
# Generated by Vagrant
default ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='/Users/juorder/Downloads/ZimbraVagrant/.vagrant/machines/default/virtualbox/private_key'
Vagrantfile 0 → 100644
View file @ a3455a86
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure(2) do |config|
config.vm.box = 'CentOS65'
# Compartir directorio de desarollo de Zimlets
config.vm.synced_folder "src/", "/opt/zimbra/zimlets-deployed/_dev"
config.vm.provision "ansible" do |ansible|
ansible.playbook = 'vagrant/provision/playbook.yml'
ansible.sudo = true
end
config.vm.network 'private_network', ip: '192.168.50.10'
config.vm.hostname = 'zimbra.zboxapp.dev'
config.vm.network 'forwarded_port', guest: 7071, host: 7071
config.vm.network 'forwarded_port', guest: 7110, host: 7110
config.vm.network 'forwarded_port', guest: 8081, host: 8081
config.vm.network 'forwarded_port', guest: 9081, host: 9081
config.vm.network 'forwarded_port', guest: 9082, host: 9082
config.vm.network 'forwarded_port', guest: 443, host: 7443
config.vm.network 'forwarded_port', guest: 80, host: 7080
config.vm.network 'forwarded_port', guest: 389, host: 7389
config.vm.provider 'virtualbox' do |v|
v.name = 'ZimbraVagrant'
v.memory = 2048
v.cpus = 2
end
end
path.json
View file @ a3455a86
module.exports = {"main":{"js":"/072329bundle.js"}}
\ No newline at end of file
module.exports = {"main":{"js":"/263980bundle.js"}}
\ No newline at end of file
src/components/domain/domains.jsx
View file @ a3455a86
......@@ -40,13 +40,25 @@ export default class Domains extends React.Component {
getDomains() {
const self = this;
let domains = null;
if (DomainStore.getDomains()) {
const data = DomainStore.getDomains();
GlobalActions.emitEndLoading();
return self.setState({
data,
loading: false
});
}
Client.getAllDomains(
{
limit: QueryOptions.DEFAULT_LIMIT,
offset: this.state.offset
maxResults: window.manager_config.maxResultOnRequestZimbra
},
(data) => {
const domains = data.domain;
domains = data.domain;
DomainStore.setDomains(data);
this.getPlans(domains).
then(() => {
self.setState({
......@@ -78,6 +90,8 @@ export default class Domains extends React.Component {
GlobalActions.emitEndLoading();
}
);
return null;
}
getPlans(domains) {
......@@ -164,8 +178,15 @@ export default class Domains extends React.Component {
}
if (this.state.data) {
const domain = this.state.data;
let domains = domain.domain;
if (domain.total > Constants.QueryOptions.DEFAULT_LIMIT) {
domains = domain.domain.slice(this.state.offset, (this.state.page * QueryOptions.DEFAULT_LIMIT));
}
const configPlans = global.window.manager_config.plans;
tableResults = this.state.data.domain.map((d) => {
tableResults = domains.map((d) => {
let status;
let statusClass = 'btn btn-sm ';
switch (d.attrs.zimbraDomainStatus) {
......@@ -242,7 +263,7 @@ export default class Domains extends React.Component {
);
});
if (this.state.offset > 0 || (this.state.data && this.state.data.more)) {
if (domain.total > Constants.QueryOptions.DEFAULT_LIMIT) {
const totalPages = this.state.data ? Math.ceil(this.state.data.total / QueryOptions.DEFAULT_LIMIT) : 0;
pagination = (
<Pagination
......
src/components/mailbox/mailbox.jsx
View file @ a3455a86
......@@ -186,11 +186,15 @@ export default class Mailboxes extends React.Component {
getAccounts(domainName, maxResult) {
const attrs = {
limit: QueryOptions.DEFAULT_LIMIT,
maxResults: maxResult,
offset: this.state.offset
maxResults: maxResult
};
const attrneeded = Utils.getAttrsBySectionFromConfig('mailboxes');
if (attrneeded) {
attrs.attrs = attrneeded;
}
if (domainName) {
attrs.domain = domainName;
}
......@@ -204,21 +208,20 @@ export default class Mailboxes extends React.Component {
});
}
if (MailboxStore.hasMailboxes() && MailboxStore.hasThisPage(this.state.page)) {
console.log('has page with data'); //eslint-disable-line no-console
return resolve(MailboxStore.getMailboxByPage(this.state.page));
if (MailboxStore.hasMailboxes()) {
return resolve(MailboxStore.getMailboxes());
}
return Client.getAllAccounts(attrs, (success) => {
MailboxStore.setMailboxes(success, this.state.page);
this.mailboxes = MailboxStore.getMailboxes();
MailboxStore.setMailboxes(success);
return resolve(success);
}, (error) => {
return reject(error);
});
}).then((data) => {
if (data.account) {
this.mailboxes = data;
this.isRefreshing = false;
const tables = this.buildTableFromData(data, ['Todas', 'Bloqueadas']);
......@@ -467,22 +470,24 @@ export default class Mailboxes extends React.Component {
const locked = `${arrayTabNames.shift()} (${lockedAccounts.length})`;
// create structure html for all accountsç
const icon = (
<div>
<i className='fa fa-download'/>
<span>{'Exportar'}</span>
</div>
);
let exportBtn = null;
if (this.props.params.domain_id) {
exportBtn = (
<button
onClick={(e) => {
this.handleExportAsCSV(e);
}}
className='btn btn-default'
>
<i className='fa fa-download'/>
<span>{'Exportar'}</span>
</button>
);
}
const btn = [
{
props: {
className: 'btn btn-default',
onClick: (e) => {
this.handleExportAsCSV(e);
}
},
label: icon
setComponent: exportBtn
},
{
setComponent: (
......
src/config/config.json
View file @ a3455a86
{
"debug": false,
"zimbraUrl": "http://zimbra.zboxapp.dev:8000/service/admin/soap",
"debug": true,
"zimbraUrl": "http://zimbra.zboxapp.dev:9081/zimbra_proxy/service/admin/soap",
"zimbraProxy": "https://192.168.1.8:7071",
"dnsApiUrl": "http://zimbra.zboxapp.dev:3000",
"webMailUrl": "https://zimbra.zboxapp.dev",
"dns": {
"url": "http://192.168.1.8:8081/powerdns_proxy/",
"url": "http://zimbra.zboxapp.dev:9081//powerdns_proxy/",
"token": "otto"
},
"maxResultOnRequestZimbra": 20000,
......@@ -28,8 +28,30 @@
},
"webmailLifetime": 3600,
"companiesEndPoints": {
"list": "http://zimbra.zboxapp.dev:8001/list",
"detail": "http://zimbra.zboxapp.dev:8001/company/{id}",
"invoices": "http://zimbra.zboxapp.dev:8001/company/{id}/invoices"
"list": "http://zimbra.zboxapp.dev:9081/folio/companies.json",
"detail": "http://zimbra.zboxapp.dev:9081/folio/companies/{id}.json",
"invoices": "http://zimbra.zboxapp.dev:9081/folio/companies/{id}/invoices.json"
},
"globalAttrsBySection": {
"mailboxes": {
"attrs": {
"givenName": true,
"sn": true,
"cn": true,
"displayName": true,
"description": true,
"zimbraCOSId": true,
"zimbraAccountStatus": true,
"zimbraMailHost": true,
"zimbraArchiveAccount": true,
"zimbraMailAlias": true,
"zimbraPrefOutOfOfficeReplyEnabled": true,
"zimbraPrefOutOfOfficeFromDate": true,
"zimbraPrefOutOfOfficeUntilDate": true,
"zimbraPrefOutOfOfficeReply": true,
"zimbraCreateTimestamp": true,
"zimbraLastLogonTimestamp": true
}
}
}
}
src/stores/domain_store.jsx
View file @ a3455a86
......@@ -10,6 +10,7 @@ class DomainStoreClass extends EventEmitter {
constructor() {
super();
this.current = null;
this.domains = null;
this.distributionListOwners = null;
this.distributionListMembers = null;
this.zoneDNS = null;
......@@ -22,6 +23,22 @@ class DomainStoreClass extends EventEmitter {
this.zoneDNS = null;
}
setDomains(domains) {
if (domains) {
this.domains = domains;
}
return true;
}
getDomains() {
if (this.domains) {
return this.domains;
}
return null;
}
getCurrent() {
return this.current;
}
......
src/stores/mailbox_store.jsx
View file @ a3455a86
......@@ -7,20 +7,16 @@ import Constants from '../utils/constants.jsx';
const eventTypes = Constants.EventTypes;
let mailboxesArray = null;
let mailboxesInstances = [];
class MailboxStoreClass extends EventEmitter {
constructor() {
super();
this.current = null;
this.currentPage = {};
}
resetThisStore() {
this.current = null;
this.currentPage = {};
mailboxesArray = null;
mailboxesInstances = [];
}
getMailboxById(id) {
......@@ -91,26 +87,12 @@ class MailboxStoreClass extends EventEmitter {
return mailboxesArray;
}
setMailboxes(mailboxes, page) {
if (mailboxesArray) {
Array.prototype.push.apply(mailboxesInstances, mailboxes.account);
mailboxesArray.account = mailboxesInstances;
if (page) {
this.currentPage[page] = mailboxes;
}
return true;
setMailboxes(mailboxes) {
if (mailboxes) {
mailboxesArray = mailboxes;
}
const copy = Object.assign({}, mailboxes);
const accounts = mailboxes.account.slice();
mailboxesArray = copy;
mailboxesInstances = accounts;
if (page) {
this.currentPage[page] = mailboxes;
}
return true;
return false;
}
changeAccount(newAccount) {
......
src/utils/utils.jsx
View file @ a3455a86
......@@ -609,3 +609,27 @@ export function kickOutUserWhenAuthExpired() {
GlobalActions.emitEndLoading();
browserHistory.push(`/login${query}`);
}
export function handleMaxResults(caller, error) {
if (error.code === 'account.TOO_MANY_SEARCH_RESULTS') {
caller();
}
}
export function getAttrsBySectionFromConfig(section, asObject) {
const returnAsObject = asObject || false;
const globalAttrs = window.manager_config.globalAttrsBySection;
const currentSection = globalAttrs[section];
if (currentSection) {
if (!returnAsObject) {
const attrs = Object.keys(currentSection.attrs);
if (attrs && attrs.length > 0) {
const attrsAsString = attrs.join();
return attrsAsString;
}
}
}
return false;
}
vagrant/provision/filter_plugins/ipaddress.py 0 → 100644
View file @ a3455a86
# Custom filters for handling IP addresses
def reverse_dotted_decimals(ipaddress):
"""Reverse the order of the decimals in the specified IP-address.
E.g. "192.168.10" would become "10.168.192"
Keyword arguments:
ipaddress -- An IP address in dotted decimal notation
"""
return '.'.join(ipaddress.split('.')[::-1])
def reverse_lookup_zone(ipaddress):
"""Return the notation for the reverse lookup zone for the specified
network address.
E.g. "192.0.2" would become "2.0.192.in-addr.arpa"
Keyword arguments:
ipaddress -- The network part of an IP address in dotted decimal
notation
"""
return reverse_dotted_decimals(ipaddress) + '.in-addr.arpa'
class FilterModule(object):
''' Ansible core jinja2 filters '''
def filters(self):
return {
'reverse_dotted_decimals': reverse_dotted_decimals,
'reverse_lookup_zone': reverse_lookup_zone,
}
vagrant/provision/playbook.yml 0 → 100644
View file @ a3455a86
This diff is collapsed.
vagrant/provision/roles/bertvv.bind/.gitignore 0 → 100644
View file @ a3455a86
# .gitignore
# Hidden Vagrant-directory
.vagrant
# Backup files (e.g. Vim, Gedit, etc.)
*~
# Vagrant base boxes (you never know when someone puts one in the repository)
*.box
# Python artefacts
.ropeproject
*.pyc
# Ignore installation directory of BATS test framework
tests/bats
vagrant/provision/roles/bertvv.bind/CHANGELOG.md 0 → 100644
View file @ a3455a86
# Change log
## 0.1.8.6 - 2016-02-15
### Added
* Se puede borrar admin de dominio.
### Fixed
* Solo se muestran los verdaderos administradores de Dominio, antes mostraban todos los
que eran `delegated_admin`.
## 0.1.8.5 - 2016-02-15
### Fixed
* Ahora se puede agregar **Administrador de Dominio**
## 0.1.8.4 - 2016-02-13
### Added
* Quotas de casillas por dominio
* Fecha de renovación basada en el dominio
### Fixed
* Formulario para agregar `alias` a una cuenta
vagrant/provision/roles/bertvv.bind/LICENSE.md 0 → 100644
View file @ a3455a86
# BSD License
Copyright (c) 2014, Bert Van Vreckem, (bert.vanvreckem@gmail.com)
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
vagrant/provision/roles/bertvv.bind/README.md 0 → 100644
View file @ a3455a86
# Ansible role `bind`
An Ansible role for setting up BIND ISC as a master DNS server for a single domain. Specifically, the responsibilities of this role are to:
- install BIND
- set up the main configuration file
- master server
- slave server
- set up forward and reverse lookup zone files
This role supports multiple reverse zones.
## Requirements
- This role is written specifically for RHEL/CentOS and works on versions 6 and 7.
- The `filter_plugins` directory should be copied to `${ANSIBLE_HOME}`. It contains a few functions that manipulate IP addresses.
## Role Variables
Variables are not required, unless specified.
| Variable | Default | Comments (type) |
| :--- | :--- | :--- |
| `bind_allow_query` | `['localhost']` | A list of hosts that are allowed to query this DNS server. Set to ['any'] to allow all hosts |
| `bind_listen_ipv4` | `['127.0.0.1']` | A list of the IPv4 address of the network interface(s) to listen on. Set to ['any'] to listen on all interfaces. |
| `bind_listen_ipv6` | `['::1']` | A list of the IPv6 address of the network interface(s) to listen on |
| `bind_recursion` | `no` | Allow recursion. Set to `yes` for a caching DNS server. |
| `bind_zone_hostmaster_email` | `hostmaster` | The e-mail address of the system administrator |
| `bind_zone_hosts` | - | Host definitions. See below this table for examples. |
| `bind_zone_mail_servers` | `[{name: mail, preference: 10}]` | A list of dicts (with fields `name` and `preference`) specifying the mail servers for this domain. |
| `bind_zone_master_server_ip` | - | **(Required)** The IP address of the master DNS server. |
| `bind_zone_minimum_ttl` | `1D` | Minimum TTL field in the SOA record. |
| `bind_zone_name_servers` | `[ansible_hostname]` | A list of the DNS servers for this domain. |
| `bind_zone_name` | `example.com` | The domain name |
| `bind_zone_networks` | `['10.0.2']` | A list of the networks that are part of the domain |
| `bind_zone_time_to_expire` | `1W` | Time to expire field in the SOA record. |
| `bind_zone_time_to_refresh` | `1D` | Time to refresh field in the SOA record. |
| `bind_zone_time_to_retry` | `1H` | Time to retry field in the SOA record. |
| `bind_zone_ttl` | `1W` | Time to Live field in the SOA record. |
### Host definitions
Host names that this DNS server should resolve can be specified with the variable `bind_zone_hosts` as a list of dicts with fields `name`, `ip` and `aliases`, e.g.:
```Yaml
bind_zone_hosts:
- name: pub01
ip: 192.0.2.1
aliases:
- ns
- name: pub02
ip: 192.0.2.2
aliases:
- www
- web
- name: priv01
ip: 10.0.0.1
```
As you can see, not all hosts are in the same network. This is perfectly acceptable, and supported by this role. All networks should be specified in `bind_zone_networks`, though, or the host will not get a PTR record for reverse lookup:
```Yaml
bind_zone_networks:
- 192.0.2
- 10
```
Remark that only the network part should be specified here!
## Dependencies
No dependencies. If you want to configure the firewall, do this through another role (e.g. [bertvv.el7](https://github.com/bertvv/ansible-role-el7)).
## Example Playbook
See the [test playbook](tests/test.yml) for an elaborate example that shows all features.
## Testing
The `tests` directory contains tests for this role in the form of a Vagrant environment. The command `vagrant up` results in a setup with *two* DNS servers, a master and a slave, set up according to playbook [`test.yml`](tests/test.yml).
| **Hostname** | **ip** |
| :--- | :--- |
| `testbindmaster` | 192.168.56.53 |
| `testbindslave` | 192.168.56.54 |
IP addresses are in the subnet of the default VirtualBox Host Only network interface (192.168.56.0/24). You should be able to query the servers from your host system. For example, to verify if the slave is updated correctly, you can do the following:
```ShellSession
$ dig @192.168.56.54 ns1.example.com +short
testbindmaster.example.com.
192.168.56.53
$ dig @192.168.56.54 example.com www.example.com +short
web.example.com.
192.168.56.20
$ dig @192.168.56.54 MX example.com +short
10 mail.example.com.
```
An automated acceptance test written in [BATS](https://github.com/sstephenson/bats.git) is provided that checks all settings specified in [`test.yml`](tests/test.yml). You can run it by executing the shell script `tests/runtests.sh`. The script can be run on either your host system (assuming you have a Bash shell), or one of the VMs. The script will download BATS if needed and run the test script [`dns.bats`](tests/dns.bats) on both the master and the slave DNS server.
```ShellSession
$ cd tests
$ vagrant up
[...]
$ ./runtests.sh
Testing 192.168.56.53
✓ The `dig` command should be installed
✓ It should return the NS record(s)
✓ It should be able to resolve host names
✓ It should be able to do reverse lookups
✓ It should be able to resolve aliases
✓ It should return the MX record(s)
6 tests, 0 failures
Testing 192.168.56.54
✓ The `dig` command should be installed
✓ It should return the NS record(s)
✓ It should be able to resolve host names
✓ It should be able to do reverse lookups
✓ It should be able to resolve aliases
✓ It should return the MX record(s)
6 tests, 0 failures
```
Running from the VM:
```ShellSession
$ vagrant ssh testbindmaster
Last login: Sun Jun 14 18:52:35 2015 from 10.0.2.2
Welcome to your Packer-built virtual machine.
[vagrant@testbindmaster ~]$ /vagrant/runtests.sh
Testing 192.168.56.53
✓ The `dig` command should be installed
[...]
```
The directory `tests/roles/bind` is a symbolic link that should point to the root of this project in order to work. Also the `filter_plugins` should be linked to the tests directory. To create these links if necessary, do
```ShellSession
$ cd tests/
$ mkdir roles
$ ln -frs ../../PROJECT_DIR roles/bind
$ ln -frs ../filter_plugins/ .
```
You may want to change the base box into one that you like. The current one is based on Box-Cutter's [CentOS Packer template](https://github.com/boxcutter/centos).
## Contributing
Issues, feature requests, ideas are appreciated and can be posted in the Issues section. Pull requests are also very welcome. Preferably, create a topic branch and when submitting, squash your commits into one (with a descriptive message).
## License
BSD
## Author Information
Bert Van Vreckem (bert.vanvreckem@gmail.com)
vagrant/provision/roles/bertvv.bind/defaults/main.yml 0 → 100644
View file @ a3455a86
# roles/bind/defaults/main.yml
---
bind_zone_name: "example.com"
bind_zone_networks:
- "10.0.2"
# List of IPv4 address of the network interface(s) to listen on. Set to "any"
# to listen on all interfaces
bind_listen_ipv4:
- "127.0.0.1"
# List of IPv6 address of the network interface(s) to listen on.
bind_listen_ipv6:
- "::1"
# List of hosts that are allowed to query this DNS server.
bind_allow_query:
- "localhost"
# By default, do not allow recursion, which is suitable for an authoritative
# name server. (set to "yes" for an caching DNS server).
bind_recursion: "no"
# SOA information
bind_zone_hostmaster_email: "hostmaster"
bind_zone_ttl: "1W"
bind_zone_time_to_refresh: "1D"
bind_zone_time_to_retry: "1H"
bind_zone_time_to_expire: "1W"
bind_zone_minimum_ttl: "1D"
vagrant/provision/roles/bertvv.bind/filter_plugins/ipaddress.py 0 → 100644
View file @ a3455a86
# Custom filters for handling IP addresses
def reverse_dotted_decimals(ipaddress):
"""Reverse the order of the decimals in the specified IP-address.
E.g. "192.168.10" would become "10.168.192"
Keyword arguments:
ipaddress -- An IP address in dotted decimal notation
"""
return '.'.join(ipaddress.split('.')[::-1])
def reverse_lookup_zone(ipaddress):
"""Return the notation for the reverse lookup zone for the specified
network address.
E.g. "192.0.2" would become "2.0.192.in-addr.arpa"
Keyword arguments:
ipaddress -- The network part of an IP address in dotted decimal
notation
"""
return reverse_dotted_decimals(ipaddress) + '.in-addr.arpa'
class FilterModule(object):
''' Ansible core jinja2 filters '''
def filters(self):
return {
'reverse_dotted_decimals': reverse_dotted_decimals,
'reverse_lookup_zone': reverse_lookup_zone,
}
vagrant/provision/roles/bertvv.bind/handlers/main.yml 0 → 100644
View file @ a3455a86
# roles/bind/handlers/main.yml
---
- name: restart bind
service:
name: named
state: restarted
vagrant/provision/roles/bertvv.bind/meta/.galaxy_install_info 0 → 100644
View file @ a3455a86
{install_date: 'Sun Aug 2 16:05:31 2015', version: v3.0.0}
vagrant/provision/roles/bertvv.bind/meta/main.yml 0 → 100644
View file @ a3455a86
---
galaxy_info:
author: Bert Van Vreckem
description: Sets up ISC BIND on RHEL/CentOS 6/7 as an authoritative DNS server for a single domain (master and/or slave).
company: University College Ghent
license: BSD
min_ansible_version: 1.7
platforms:
- name: EL
versions:
- 6
- 7
categories:
- networking
dependencies: []
vagrant/provision/roles/bertvv.bind/tasks/main.yml 0 → 100644
View file @ a3455a86
# roles/bind/tasks/main.yml
---
- name: Install BIND
yum:
pkg: "{{ item }}"
state: installed
with_items: bind_packages
tags: bind
- name: Create serial
command: date +%y%m%d%H
register: timestamp
tags: bind
- include: master.yml
when: ansible_all_ipv4_addresses|last == bind_zone_master_server_ip
- include: slave.yml
when: not ansible_all_ipv4_addresses|last == bind_zone_master_server_ip
- name: Start BIND service
service:
name: named
state: started
enabled: yes
tags: bind
vagrant/provision/roles/bertvv.bind/tasks/master.yml 0 → 100644
View file @ a3455a86
# roles/bind/tasks/master.yml
# Set up a BIND master server
---
- name: Main BIND config file (master)
template:
src: master_etc_named.conf.j2
dest: /etc/named.conf
owner: root
group: named
mode: '0640'
setype: named_conf_t
validate: 'named-checkconf %s'
notify: restart bind
tags: bind
- name: Create forward lookup zone file
template:
src: bind_zone.j2
dest: "/var/named/{{ bind_zone_name }}"
owner: root
group: named
mode: "0640"
setype: named_zone_t
validate: "named-checkzone {{ bind_zone_name }} %s"
notify: restart bind
tags: bind
- name: Create reverse lookup zone file
template:
src: reverse_zone.j2
dest: "/var/named/{{ item|reverse_lookup_zone }}"
owner: root
group: named
mode: "0640"
setype: named_zone_t
validate: "named-checkzone {{ item|reverse_lookup_zone }} %s"
with_items: bind_zone_networks
notify: restart bind
tags: bind
vagrant/provision/roles/bertvv.bind/tasks/slave.yml 0 → 100644
View file @ a3455a86
# roles/bind/tasks/master.yml
# Set up a BIND slave server
---
- name: Main BIND config file (slave)
template:
src: slave_etc_named.conf.j2
dest: /etc/named.conf
owner: root
group: named
mode: '0640'
setype: named_conf_t
validate: 'named-checkconf %s'
notify: restart bind
tags: bind
vagrant/provision/roles/bertvv.bind/templates/bind_zone.j2 0 → 100644
View file @ a3455a86
; Zone file for {{ bind_zone_name }}
; {{ ansible_managed }}
$ORIGIN {{ bind_zone_name }}.
$TTL {{ bind_zone_ttl }}
{% if bind_zone_name_servers is defined %}
@ IN SOA {{ bind_zone_name_servers|first }}.{{ bind_zone_name }}. {{ bind_zone_hostmaster_email }}.{{ bind_zone_name }}. (
{% else %}
@ IN SOA {{ ansible_hostname }}.{{ bind_zone_name }}. {{ bind_zone_hostmaster_email }}.{{ bind_zone_name }}. (
{% endif %}
{{ timestamp.stdout }}
{{ bind_zone_time_to_refresh }}
{{ bind_zone_time_to_retry }}
{{ bind_zone_time_to_expire }}
{{ bind_zone_minimum_ttl }} )
{% if bind_zone_name_servers is defined %}
{% for ns in bind_zone_name_servers %}
IN NS {{ ns }}.{{ bind_zone_name }}.
{% endfor %}
{% else %}
IN NS {{ ansible_hostname }}.{{ bind_zone_name }}.
{% endif %}
{% if bind_zone_mail_servers is defined %}
{% for mail in bind_zone_mail_servers %}
{% if loop.first %}@{% else %} {% endif %} IN MX {{ mail.preference}} {{ mail.name }}.{{ bind_zone_name }}.
{% endfor %}
{% endif %}
{% if bind_zone_hosts is defined %}
{% for host in bind_zone_hosts %}
{{ host.name.ljust(20) }} IN A {{ host.ip }}
{% if host.aliases is defined %}
{% for alias in host.aliases %}
{{ alias.ljust(20) }} IN CNAME {{ host.name }}
{% endfor %}
{% endif %}
{% endfor %}
{% else %}
{{ ansible_hostname.ljust(20) }} IN A {{ ansible_default_ipv4.address }}
{% endif %}
vagrant/provision/roles/bertvv.bind/templates/master_etc_named.conf.j2 0 → 100644
View file @ a3455a86
//
// named.conf
//
// {{ ansible_managed }}
//
options {
listen-on port 53 { {{ bind_listen_ipv4|join(';') }}; };
listen-on-v6 port 53 { {{ bind_listen_ipv6|join(';') }}; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { {{ bind_allow_query|join(';') }}; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion {{ bind_recursion }};
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "{{ bind_zone_name }}" IN {
type master;
file "{{ bind_zone_name }}";
notify yes;
allow-update { none; };
};
{% if bind_zone_networks is defined %}
{% for network in bind_zone_networks %}
zone "{{ network|reverse_lookup_zone }}" IN {
type master;
file "{{ network|reverse_lookup_zone }}";
notify yes;
allow-update { none; };
};
{% endfor %}
{% endif %}
vagrant/provision/roles/bertvv.bind/templates/reverse_zone.j2 0 → 100644
View file @ a3455a86
; Reverse zone file for {{ bind_zone_name }}
; {{ ansible_managed }}
; vi: ft=bindzone
$TTL {{ bind_zone_ttl }}
$ORIGIN {{ item|reverse_lookup_zone }}.
{% if bind_zone_name_servers is defined %}
@ IN SOA {{ bind_zone_name_servers|first }}.{{ bind_zone_name }}. {{ bind_zone_hostmaster_email }}.{{ bind_zone_name }}. (
{% else %}
@ IN SOA {{ ansible_hostname }}.{{ bind_zone_name }}. {{ bind_zone_hostmaster_email }}.{{ bind_zone_name }}. (
{% endif %}
{{ timestamp.stdout }}
{{ bind_zone_time_to_refresh }}
{{ bind_zone_time_to_retry }}
{{ bind_zone_time_to_expire }}
{{ bind_zone_minimum_ttl }} )
{% if bind_zone_name_servers is defined %}
{% for ns in bind_zone_name_servers %}
IN NS {{ ns }}.{{ bind_zone_name }}.
{% endfor %}
{% else %}
IN NS {{ ansible_hostname }}.{{ bind_zone_name }}.
{% endif %}
{% if bind_zone_hosts is defined %}
{% for host in bind_zone_hosts if host.ip.startswith(item) %}
{{ ('.'.join(host.ip.replace(item+'.','').split('.')[::-1])).ljust(8) }} IN PTR {{ host.name }}.{{ bind_zone_name }}.
{% endfor %}
{% else %}
{{ ('.'.join(ansible_default_ipv4.address.replace(item+'.','').split('.')[::-1])).ljust(8) }} IN PTR {{ ansible_hostname }}.{{ bind_zone_name }}.
{% endif %}
vagrant/provision/roles/bertvv.bind/templates/slave_etc_named.conf.j2 0 → 100644
View file @ a3455a86
//
// named.conf
//
// {{ ansible_managed }}
//
options {
listen-on port 53 { {{ bind_listen_ipv4|join(';') }}; };
listen-on-v6 port 53 { {{ bind_listen_ipv6|join(';') }}; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { {{ bind_allow_query|join(';') }}; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion {{ bind_recursion }};
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "{{ bind_zone_name }}" IN {
type slave;
masters { {{ bind_zone_master_server_ip }}; };
file "{{ bind_zone_name }}";
};
{% if bind_zone_networks is defined %}
{% for network in bind_zone_networks %}
zone "{{ network|reverse_lookup_zone }}" IN {
type slave;
masters { {{ bind_zone_master_server_ip }}; };
file "{{ network|reverse_lookup_zone }}";
};
{% endfor %}
{% endif %}
vagrant/provision/roles/bertvv.bind/tests/Vagrantfile 0 → 100644
View file @ a3455a86
# vi: set ft=ruby
require 'rbconfig'
ROLE_NAME = 'bind'
BASE_NAME = 'test' + ROLE_NAME
hosts = [
{ name: 'master', ip: '192.168.56.53' },
{ name: 'slave' , ip: '192.168.56.54' }
]
VAGRANTFILE_API_VERSION = '2'
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = 'centos71-nocm'
config.vm.box_url = 'https://tinfbo2.hogent.be/pub/vm/centos71-nocm-1.0.16.box'
hosts.each do |host|
host_name = BASE_NAME + host[:name]
config.vm.define host_name do |node|
node.vm.hostname = host_name
node.vm.network 'private_network', ip: host[:ip]
node.vm.provision 'ansible' do |ansible|
ansible.playbook = 'test.yml' # Elaborate test that shows all features
# ansible.playbook = 'test-bare.yml' # Minimal test case
end
end
end
end
vagrant/provision/roles/bertvv.bind/tests/ansible.cfg 0 → 100644
View file @ a3455a86
[defaults]
filter_plugins = filter_plugins/
vagrant/provision/roles/bertvv.bind/tests/dns.bats 0 → 100644
View file @ a3455a86
#! /usr/bin/env bats
#
# Acceptance test for the configuration defined in test.yml.
#
# Variable ${ns_ip} should be set outside of this script, e.g.
#
# ns_ip=192.168.56.53 bats dns.bats
domain=example.com
#{{{ Helper functions
# Perform a forward lookup
# Usage: forward_lookup HOSTNAME EXPECTED_IP
forward_lookup() {
result="$(dig @${ns_ip} $1.${domain} +short)"
expected=$2
[ "${expected}" = "${result}" ]
}
# Perform a forward lookup with aliases
# Usage: alias_lookup ALIAS EXPECTED_HOSTNAME EXPECTED_IP
alias_lookup() {
result="$(dig @${ns_ip} $1.${domain} +short)"
expected_hostname="${2}.${domain}."
expected_ip=$3
echo ${result} | grep ${expected_ip}
echo ${result} | grep ${expected_hostname}
}
# Perform a reverse lookup
# Usage: reverse_lookup IP EXPECTED_HOSTNAME
reverse_lookup() {
result="$(dig @${ns_ip} -x ${1} +short)"
expected="${2}.${domain}."
[ "${expected}" = "${result}" ]
}
#}}}
@test 'The `dig` command should be installed' {
which dig
}
@test 'It should return the NS record(s)' {
result="$(dig @${ns_ip} ${domain} NS +short)"
[ -n "${result}" ] # The result should not be empty
}
@test 'It should be able to resolve host names' {
forward_lookup testbindmaster 192.168.56.53
forward_lookup testbindslave 192.168.56.54
forward_lookup web 192.168.56.20
forward_lookup mail 192.168.56.21
forward_lookup priv0001 172.16.0.10
forward_lookup priv0002 172.16.0.11
}
@test 'It should be able to do reverse lookups' {
reverse_lookup 192.168.56.53 testbindmaster
reverse_lookup 192.168.56.54 testbindslave
reverse_lookup 192.168.56.20 web
reverse_lookup 192.168.56.21 mail
reverse_lookup 172.16.0.10 priv0001
reverse_lookup 172.16.0.11 priv0002
}
@test 'It should be able to resolve aliases' {
alias_lookup ns1 testbindmaster 192.168.56.53
alias_lookup ns2 testbindslave 192.168.56.54
alias_lookup www web 192.168.56.20
alias_lookup smtp mail 192.168.56.21
alias_lookup imap mail 192.168.56.21
}
@test 'It should return the MX record(s)' {
result="$(dig @${ns_ip} ${domain} MX +short)"
expected="10 mail.${domain}."
[ "${expected}" = "${result}" ]
}
vagrant/provision/roles/bertvv.bind/tests/runtests.sh 0 → 100755
View file @ a3455a86
#! /usr/bin/bash
#
# Author: Bert Van Vreckem <bert.vanvreckem@gmail.com>
#
# The script installs BATS if needed. It's best to put ${bats_install_dir} in
# your .gitignore.
set -o errexit # abort on nonzero exitstatus
set -o nounset # abort on unbound variable
#{{{ Variables
test_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
bats_repo_url="https://github.com/sstephenson/bats.git"
bats_install_dir="${test_dir}/bats"
bats="${bats_install_dir}/libexec/bats"
ns_ips="192.168.56.53 192.168.56.54"
# color definitions
Blue='\e[0;34m'
Yellow='\e[0;33m'
Reset='\e[0m'
#}}}
# Script proper
# Install BATS if needed
if [ ! -d "${bats_install_dir}" ]; then
git clone "${bats_repo_url}" "${bats_install_dir}"
rm -rf "${bats_install_dir}/.git*"
fi
# Run the test script on both master and slave server
for sut in ${ns_ips}; do
echo -e "${Blue}Testing ${Yellow}${sut}${Reset}"
ns_ip=${sut} ${bats} ${test_dir}/dns.bats
done
vagrant/provision/roles/bertvv.bind/tests/test-bare.yml 0 → 100644
View file @ a3455a86
---
- hosts: all
sudo: true
roles:
- bind
vagrant/provision/roles/bertvv.bind/tests/test.yml 0 → 100644
View file @ a3455a86
---
- hosts: all
sudo: true
vars:
bind_listen_ipv4:
- 'any'
bind_listen_ipv6:
- 'any'
bind_allow_query:
- '192.168.56.0/24'
- '127.0.0.0/8'
bind_zone_name: 'example.com'
bind_zone_networks:
- '192.168.56'
- '172.16'
bind_zone_master_server_ip: '192.168.56.53'
bind_zone_name_servers:
- 'testbindmaster'
- 'testbindslave'
bind_zone_mail_servers:
- name: 'mail'
preference: '10'
bind_zone_hosts:
- name: 'testbindmaster'
ip: '192.168.56.53'
aliases:
- ns1
- name: 'testbindslave'
ip: '192.168.56.54'
aliases:
- ns2
- name: 'web'
ip: '192.168.56.20'
aliases:
- www
- name: 'mail'
ip: '192.168.56.21'
aliases:
- smtp
- imap
- name: 'priv0001'
ip: '172.16.0.10'
- name: 'priv0002'
ip: '172.16.0.11'
roles:
- bind
vagrant/provision/roles/bertvv.bind/vars/main.yml 0 → 100644
View file @ a3455a86
# roles/bind/vars/main.yml
---
bind_packages:
- bind
- bind-utils
bind_service: named
vagrant/provision/roles/common/README.md 0 → 100644
View file @ a3455a86
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
vagrant/provision/roles/common/defaults/main.yml 0 → 100644
View file @ a3455a86
---
# defaults file for cartertdte.mta
vagrant/provision/roles/common/files/nginx-env.conf 0 → 100644
View file @ a3455a86
env NODE_TLS_REJECT_UNAUTHORIZED=0;
env zbox_rbac_config=/var/www/zbox-manager-rbac/config.json;
vagrant/provision/roles/common/files/node.repo 0 → 100644
View file @ a3455a86
[nodesource]
name=Node.js Packages for Enterprise Linux 6 - $basearch
baseurl=https://rpm.nodesource.com/pub_5.x/el/6/$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/NODESOURCE-GPG-SIGNING-KEY-EL
[nodesource-source]
name=Node.js for Enterprise Linux 6 - $basearch - Source
baseurl=https://rpm.nodesource.com/pub_5.x/el/6/SRPMS
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/NODESOURCE-GPG-SIGNING-KEY-EL
gpgcheck=1
vagrant/provision/roles/common/files/passenger.conf 0 → 100644
View file @ a3455a86
passenger_root /usr/lib/ruby/1.8/phusion_passenger/locations.ini;
passenger_ruby /opt/rh/ruby193/root/usr/bin/ruby;
passenger_instance_registry_dir /var/run/passenger-instreg;
vagrant/provision/roles/common/files/passenger.repo 0 → 100644
View file @ a3455a86
[passenger]
name=passenger
baseurl=https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
[passenger-source]
name=passenger-source
baseurl=https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/SRPMS
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
vagrant/provision/roles/common/files/pdns-nginx.conf 0 → 100644
View file @ a3455a86
upstream pdns {
server localhost:8091;
}
upstream rbac-manager {
server localhost:8070;
}
server {
listen 8081;
server_name pdns;
location / {
auth_request /auth/powerdns;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header x-api-key 'otto';
proxy_pass http://pdns/;
proxy_buffering off;
proxy_read_timeout 300s;
gzip off;
}
location /auth {
proxy_pass http://rbac-manager/;
proxy_pass_request_body off;
proxy_set_header X-Original-URI $request_uri;
}
client_max_body_size 4G;
keepalive_timeout 10;
}
vagrant/provision/roles/common/files/pdns.repo 0 → 100644
View file @ a3455a86
[pdns-MIND]
name=PowerDNS server packages for RHEL6 and friends.
baseurl=https://www.monshouwer.eu/download/3rd_party/pdns/el6/$basearch/
gpgcheck=0
enabled=1
vagrant/provision/roles/common/files/resolv.conf 0 → 100644
View file @ a3455a86
search zboxapp.dev
nameserver 127.0.0.1
nameserver 8.8.8.8
vagrant/provision/roles/common/files/zbox-rbac-manager.conf 0 → 100644
View file @ a3455a86
# Conf para ZBOX-RBAC
server {
listen 8070;
server_name rbac-manager.zboxapp.com;
error_log /var/log/nginx/rbac-error.log warn;
access_log /var/log/nginx/rbac-access.log;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
root /var/www/zbox-manager-rbac;
passenger_enabled on;
# Tell Passenger that your app is a Node.js app
passenger_app_type node;
passenger_startup_file /var/www/zbox-manager-rbac/lib/index.js;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/xml application/javascript application/json;
client_max_body_size 4G;
keepalive_timeout 10;
}
vagrant/provision/roles/common/files/zboxrbac-conf.json 0 → 100644
View file @ a3455a86
{
"port": 30000,
"zimbra_url": "https://localhost:7071/service/admin/soap"
}
vagrant/provision/roles/common/handlers/main.yml 0 → 100644
View file @ a3455a86
---
# handlers file for cartertdte.mta
- name: postfix restart
service: name=postfix state=restarted
\ No newline at end of file
vagrant/provision/roles/common/meta/main.yml 0 → 100644
View file @ a3455a86
---
galaxy_info:
author: your name
description:
company: your company (optional)
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: license (GPLv2, CC-BY, etc)
min_ansible_version: 1.2
#
# Below are all platforms currently available. Just uncomment
# the ones that apply to your role. If you don't see your
# platform on this list, let us know and we'll get it added!
#
#platforms:
#- name: EL
# versions:
# - all
# - 5
# - 6
# - 7
#- name: GenericUNIX
# versions:
# - all
# - any
#- name: Fedora
# versions:
# - all
# - 16
# - 17
# - 18
# - 19
# - 20
#- name: SmartOS
# versions:
# - all
# - any
#- name: opensuse
# versions:
# - all
# - 12.1
# - 12.2
# - 12.3
# - 13.1
# - 13.2
#- name: Amazon
# versions:
# - all
# - 2013.03
# - 2013.09
#- name: GenericBSD
# versions:
# - all
# - any
#- name: FreeBSD
# versions:
# - all
# - 8.0
# - 8.1
# - 8.2
# - 8.3
# - 8.4
# - 9.0
# - 9.1
# - 9.1
# - 9.2
#- name: Ubuntu
# versions:
# - all
# - lucid
# - maverick
# - natty
# - oneiric
# - precise
# - quantal
# - raring
# - saucy
# - trusty
#- name: SLES
# versions:
# - all
# - 10SP3
# - 10SP4
# - 11
# - 11SP1
# - 11SP2
# - 11SP3
#- name: GenericLinux
# versions:
# - all
# - any
#- name: Debian
# versions:
# - all
# - etch
# - lenny
# - squeeze
# - wheezy
#
# Below are all categories currently available. Just as with
# the platforms above, uncomment those that apply to your role.
#
#categories:
#- cloud
#- cloud:ec2
#- cloud:gce
#- cloud:rax
#- clustering
#- database
#- database:nosql
#- database:sql
#- development
#- monitoring
#- networking
#- packaging
#- system
#- web
dependencies: []
# List your role dependencies here, one per line. Only
# dependencies available via galaxy should be listed here.
# Be sure to remove the '[]' above if you add dependencies
# to this list.
vagrant/provision/roles/common/tasks/main.yml 0 → 100644
View file @ a3455a86
---
# tasks file for cartertdte.mta
- name: Instala paquetes Base
yum: name={{ item }} state=present
with_items:
- "{{ system_packages }}"
- name: Copia resolv.conf
copy: src=resolv.conf dest=/etc/resolv.conf
- name: Copia pdns.repo
copy: src=pdns.repo dest=/etc/yum.repos.d/pdns.repo
- name: Instala pdns
yum: name=pdns state=present
- name: Instala mysql
yum: name=pdns-backend-mysql state=present
- name: "Copia NGinx FS"
copy: src=nginx-filesystem-1.10.0-8.p5.0.29.el6.noarch.rpm dest=/tmp/nginx-filesystem-1.10.0-8.p5.0.29.el6.noarch.rpm
- name: "Copia NGinx"
copy: src=nginx-1.10.0-8.p5.0.29.el6.x86_64.rpm dest=/tmp/nginx-1.10.0-8.p5.0.29.el6.x86_64.rpm
- name: Copia repo de Nodejs
copy: src=node.repo dest=/etc/yum.repos.d/nodesource-el.repo
- name: Instal CentOS Software collections
yum: name=centos-release-SCL state=present
- name: Copia repo de Passenger
copy: src=passenger.repo dest=/etc/yum.repos.d/passenger.repo
- name: Desactiva SELINUX
selinux: state=disabled
- name: Instala todos los Fucking paquetes
yum: name={{ item }} state=present disable_gpg_check=yes
with_items:
- nodejs
- passenger
- ruby193
- curl-devel
- ruby193-ruby-devel
- ruby193-rubygems-devel
- GeoIP
- gd
- gperftools
- pcre
- libev
- git
- name: instala NginxFS
yum: name=/tmp/nginx-filesystem-1.10.0-8.p5.0.29.el6.noarch.rpm state=present
- name: instala Nginx
yum: name=/tmp/nginx-1.10.0-8.p5.0.29.el6.x86_64.rpm state=present
- name: "Elimina configuracion default de nginx"
file: path=/etc/nginx/conf.d/default.conf state=absent
- name: Copia configuracion para PowerDNS
copy: src=pdns-nginx.conf dest=/etc/nginx/conf.d/pdns-nginx.conf
- name: Copia configuracion de ZBox RBAC
copy: src=zbox-rbac-manager.conf dest=/etc/nginx/conf.d/zbox-rbac-manager.conf
- name: Clona Repo de ZBox RBAC
git: repo=https://github.com/ZBoxApp/zbox-manager-rbac.git dest=/var/www/zbox-manager-rbac/ update=yes
- name: Instala modules de node para ZBoxRBAC
npm: path=/var/www/zbox-manager-rbac/
- name: Copia configuracion para ZBOXRBAC
copy: src=zboxrbac-conf.json dest=/var/www/zbox-manager-rbac/config.json
- name: Copia config de passenger
copy: src=passenger.conf dest=/etc/nginx/conf.d/passenger.conf
- lineinfile: dest=/etc/nginx/nginx.conf regexp="^env NODE_TLS" line='env NODE_TLS_REJECT_UNAUTHORIZED=0;'
- lineinfile: dest=/etc/nginx/nginx.conf regexp="^env zbox_rbac_config" line='env zbox_rbac_config=/var/www/zbox-manager-rbac/config.json;'
- name: reinicia Nginx
service: name=nginx state=restarted
- name: Copia hosts
template:
src: hosts.j2
dest: /etc/hosts
owner: root
mode: '0644'
- name: Desahbilita postfix
service: name=postfix state=stopped enabled=no
- name: Desahbilita iptables
service: name=iptables state=stopped enabled=no
vagrant/provision/roles/common/templates/hosts.j2 0 → 100644
View file @ a3455a86
127.0.0.1 localhost.localdomain localhost
{{ ansible_all_ipv4_addresses|last }} {{ansible_nodename}} {{ansible_hostname}}
vagrant/provision/roles/common/vars/main.yml 0 → 100644
View file @ a3455a86
---
# vars file for cartertdte.mta
system_packages:
- screen
- wget
- curl
- sysstat
- nc
- wget
- links
- perl
- ntp
- ntpdate
- strace
- telnet
- nmap
- traceroute
- bind-utils
- tcpdump
- tzdata
- zsh
- vim
- dos2unix
- libselinux-python
- python-pycurl
- mailx
- unzip
\ No newline at end of file
vagrant/provision/roles/pbruna.zimbradev/README.md 0 → 100644
View file @ a3455a86
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
vagrant/provision/roles/pbruna.zimbradev/files/resolv.conf 0 → 100644
View file @ a3455a86
search localdomain zboxapp.dev
nameserver 127.0.0.1
vagrant/provision/roles/pbruna.zimbradev/handlers/main.yml 0 → 100644
View file @ a3455a86
---
# handlers file for cartertdte.mta
- name: postfix restart
service: name=postfix state=restarted
\ No newline at end of file
vagrant/provision/roles/pbruna.zimbradev/meta/main.yml 0 → 100644
View file @ a3455a86
---
galaxy_info:
author: your name
description:
company: your company (optional)
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: license (GPLv2, CC-BY, etc)
min_ansible_version: 1.2
#
# Below are all platforms currently available. Just uncomment
# the ones that apply to your role. If you don't see your
# platform on this list, let us know and we'll get it added!
#
#platforms:
#- name: EL
# versions:
# - all
# - 5
# - 6
# - 7
#- name: GenericUNIX
# versions:
# - all
# - any
#- name: Fedora
# versions:
# - all
# - 16
# - 17
# - 18
# - 19
# - 20
#- name: SmartOS
# versions:
# - all
# - any
#- name: opensuse
# versions:
# - all
# - 12.1
# - 12.2
# - 12.3
# - 13.1
# - 13.2
#- name: Amazon
# versions:
# - all
# - 2013.03
# - 2013.09
#- name: GenericBSD
# versions:
# - all
# - any
#- name: FreeBSD
# versions:
# - all
# - 8.0
# - 8.1
# - 8.2
# - 8.3
# - 8.4
# - 9.0
# - 9.1
# - 9.1
# - 9.2
#- name: Ubuntu
# versions:
# - all
# - lucid
# - maverick
# - natty
# - oneiric
# - precise
# - quantal
# - raring
# - saucy
# - trusty
#- name: SLES
# versions:
# - all
# - 10SP3
# - 10SP4
# - 11
# - 11SP1
# - 11SP2
# - 11SP3
#- name: GenericLinux
# versions:
# - all
# - any
#- name: Debian
# versions:
# - all
# - etch
# - lenny
# - squeeze
# - wheezy
#
# Below are all categories currently available. Just as with
# the platforms above, uncomment those that apply to your role.
#
#categories:
#- cloud
#- cloud:ec2
#- cloud:gce
#- cloud:rax
#- clustering
#- database
#- database:nosql
#- database:sql
#- development
#- monitoring
#- networking
#- packaging
#- system
#- web
dependencies: []
# List your role dependencies here, one per line. Only
# dependencies available via galaxy should be listed here.
# Be sure to remove the '[]' above if you add dependencies
# to this list.
vagrant/provision/roles/pbruna.zimbradev/tasks/configure_zimbra.yml 0 → 100644
View file @ a3455a86
# roles/bind/tasks/confgiure_zimbra.yml
# Configuration of Zimbra
---
- name: Copy configuration file
template:
src: zimbra_configuration.conf.j2
dest: /tmp/zimbra_configuration.conf
owner: zimbra
mode: '0644'
- name: Run Zimbra zmsetup.pl
command: /opt/zimbra/libexec/zmsetup.pl -c /tmp/zimbra_configuration.conf
vagrant/provision/roles/pbruna.zimbradev/tasks/install_zimbra.yml 0 → 100644
View file @ a3455a86
# roles/bind/tasks/install_zimbra.yml
# Install Zimbra Software
---
- name: Untar Zimbra src
unarchive: src=/opt/src/{{ zimbra_file }}.tgz dest=/tmp/ copy=no
- name: Install Zimbra Software
shell: yes 'Y' | /tmp/{{ zimbra_file }}/install.sh -s --platform-override -x
args:
chdir: /tmp/{{ zimbra_file }}/
creates: /opt/zimbra/bin/zmprov
- name: Remove Zimbra src
file: path=/tmp/{{ zimbra_file }} state=absent
vagrant/provision/roles/pbruna.zimbradev/tasks/main.yml 0 → 100644
View file @ a3455a86
---
# tasks file for cartertdte.mta
- name: Install Zimbra Dependencies
yum: name={{ item }} state=present
with_items:
- "{{ zimbra_required_packages }}"
- name: Create Source Software Directory
file: path=/opt/src state=directory
- name: 'Download Zimbra .tgz file'
get_url: url={{ zimbra_download_url }} dest=/opt/src/{{ zimbra_file }}.tgz timeout=60 sha256sum={{ zimbra_256sum_file }}
- name: Check if Zimbra is installed
stat: path=/opt/zimbra/bin/zmprov
register: zimbra_check_installation
- include: install_zimbra.yml
when: zimbra_check_installation.stat.islnk is not defined
- name: Check if Zimbra is configured
command: /opt/zimbra/bin/zmprov gd {{ zimbra_default_domain }}
ignore_errors: yes
register: zimbra_check_configuration
- include: configure_zimbra.yml
when: zimbra_check_configuration.rc != 0
- include: provision_zimbra.yml
vagrant/provision/roles/pbruna.zimbradev/tasks/provision_zimbra.yml 0 → 100644
View file @ a3455a86
# roles/bind/tasks/provision_zimbra.yml
# Provision Zimbra with users and etc.
---
- name: Copy provisioning file
template:
src: zimbra_provisioning.j2
dest: /tmp/zimbra_provisioning
owner: zimbra
mode: '0644'
- name: Provision Zimbra
sudo_user: zimbra
shell: /opt/zimbra/bin/zmprov < /tmp/zimbra_provisioning
vagrant/provision/roles/pbruna.zimbradev/templates/zimbra_configuration.conf.j2 0 → 100644
View file @ a3455a86
CREATEADMINPASS="{{ zimbra_password }}"
LDAPAMAVISPASS="{{ zimbra_password }}"
LDAPPOSTPASS="{{ zimbra_password }}"
LDAPROOTPASS="{{ zimbra_password }}"
LDAPADMINPASS="{{ zimbra_password }}"
LDAPREPPASS="{{ zimbra_password }}"
ldap_nginx_password="{{ zimbra_password }}"
ldap_bes_searcher_password="{{ zimbra_password }}"
AVDOMAIN="{{ zimbra_default_domain }}"
AVUSER="admin@{{ zimbra_default_domain }}"
CREATEADMIN="admin@{{ zimbra_default_domain }}"
CREATEDOMAIN="{{ zimbra_default_domain }}"
DOCREATEADMIN="yes"
DOCREATEDOMAIN="yes"
EXPANDMENU="no"
HOSTNAME="{{ ansible_nodename }}"
DOTRAINSA="yes"
ENABLEGALSYNCACCOUNTS=""
vagrant/provision/roles/pbruna.zimbradev/templates/zimbra_provisioning.j2 0 → 100644
View file @ a3455a86
{% if zimbra_cos is defined %}
{% for cos_name in zimbra_cos %}
cc {{ cos_name }}
{% endfor %}
{% endif %}
{% if zimbra_domains is defined %}
{% for domain in zimbra_domains %}
cd {{ domain.name }}
md {{ domain.name }} businessCategory {{ domain.bcategory | default('--')}}
{% if domain.attrs is defined %}
{% for attr in domain.attrs %}
md {{ domain.name }} {{ attr }}
{% endfor %}
{% endif %}
{% if domain.alias is defined %}
{% for alias in domain.alias %}
createAliasDomain {{ alias }} {{ domain.name }} zimbraMailCatchAllForwardingAddress @{{ domain.name }} businessCategory {{ domain.bcategory | default('--')}}
{% endfor %}
{% endif %}
{% if domain.accounts is defined %}
{% for account in domain.accounts %}
ca {{ account.name }} {{ account.password | default(12345678)}} zimbraIsAdminAccount {{ account.zimbra_is_admin_account | default('FALSE')}} zimbraAccountStatus {{ account.account_status | default('active') }}
{% if account.extra is defined %}
ma {{ account.name }} {{ account.extra }}
{% endif %}
{% if account.delegated_admin_account is defined %}
ma {{ account.name }} zimbraIsDelegatedAdminAccount TRUE
grr domain {{ domain.name }} usr {{ account.name }} domainAdminRights
{% endif %}
{% if account.cos_name is defined %}
sac {{ account.name }} {{ account.cos_name }}
{% endif %}
{% if domain.alias is defined %}
createAliasDomain {{ domain.alias }} {{ domain.name }}
{% endif %}
{% endfor %}
{% endif %}
{% if domain.admins is defined %}
{% for admin in domain.admins %}
grr domain {{ domain.name }} usr {{ admin }} domainAdminRights
{% endfor %}
{% endif %}
{% if domain.distribution_lists is defined %}
{% for dl in domain.distribution_lists %}
cdl {{ dl.name }}
{% if dl.members is defined %}
{% for member in dl.members %}
adlm {{ dl.name }} {{ member }}
{% endfor %}
{% endif %}
{% if dl.authorized_senders is defined %}
{% for user in dl.authorized_senders %}
grr dl {{ dl.name }} usr {{ user }} sendToDistList
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
vagrant/provision/roles/pbruna.zimbradev/vars/main.yml 0 → 100644
View file @ a3455a86
---
# vars file for cartertdte.mta
zimbra_required_packages:
- nc
- sudo
- libidn
- gmp
- libaio
- libstdc++
- unzip
- perl-5.10.1
- sysstat
- sqlite
- libreoffice
- libreoffice-headless
vagrant/provision/roles/powerdns/.gitignore 0 → 100755
View file @ a3455a86
### Linux ###
*~
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
### Vim ###
[._]*.s[a-w][a-z]
[._]s[a-w][a-z]
*.un~
Session.vim
.netrwhist
*~
# test-kitchen relates
.kitchen/
.kitchen.local.yml
vagrant/provision/roles/powerdns/.kitchen.yml 0 → 100755
View file @ a3455a86
---
driver:
name: ec2
aws_ssh_key_id: "<%= ENV['AWS_SSH_KEY_ID']%>"
instance_type: t2.micro
region: eu-central-1
availability_zone: eu-central-1b
transport:
ssh_key: "<%= ENV['AWS_SSH_KEY']%>"
provisioner:
name: ansible_playbook
hosts: localhost
ansible_verbose: true
ansible_verbosity: 4
platforms:
- name: ubuntu-14.04
driver:
image_id: ami-accff2b1
transport:
username: ubuntu
- name: debian-8.1
driver:
image_id: ami-b092aaad
provisioner:
require_ansible_repo: false
require_ansible_omnibus: true
transport:
username: admin
- name: centos-7.1
driver:
image_id: ami-7cc4f661
transport:
username: centos
provisioner:
enable_yum_epel: true
suites:
- name: default
- name: pdnsrepo
excludes:
- ubuntu-14.04
- name: allpkgs
vagrant/provision/roles/powerdns/README.md 0 → 100755
View file @ a3455a86
PowerDNS Authoritative Server
=============================
An Ansible role created by the folks behind PowerDNS to install and configure
the PowerDNS Authoritative Server.
Even though PowerDNS supports numerous backends, database servers are not (and
will not) be installed by this role.
This role is considered alpha quality at the moment, but issues and pull requests
are accepted.
Requirements
------------
An Ansible installation.
Role Variables
--------------
### pdns_backends
A dict that allows you configure the backends, this also installs the correct
packages for these backends. By default, no backends are installed and PowerDNS
will be unable to start.
### pdns_config
A dict detailing the configuration of PowerDNS. You should not set the following
options here (other variables set these):
* config-dir
* set-uid
* set-gid
* any backend related options
See below for an example.
### pdns_config_dir
The directory where the configuration (`pdns.conf`) is stored. '/etc/powerdns'
by default.
### pdns_installation_type
How to install PowerDNS, either 'packages' or 'source'. 'packages' by default.
### pdns_repo_provider
When using 'packages' for pdns_installation_type, use operating system packages
('os') or the PowerDNS repository ('PowerDNS'). This is 'os' by default.
### pdns_repo_branch
When installing from the PowerDNS repository, what branch should be installed?
Currently only 'master' is supported.
### pdns_user
The user to run PowerDNS as, this is 'pdns' by default. This user is not (yet)
created.
### pdns_group
The group to run PowerDNS as, this is 'pdns' by default. This group is not (yet)
created.
Example Playbook
----------------
Run as a master using the bind backend (when you already have a named.conf):
```
- hosts: ns1.example.net
roles:
- role: PowerDNS.pdns
vars:
pdns_config:
master: true
local-address: '192.0.2.53'
pdns_backends:
bind:
config: '/etc/named/named.conf'
```
Run the PowerDNS masterbranch from a package from repo.powerdns.com as a slave
with the MySQL backend:
```
- hosts: ns2.example.net
roles:
- role: PowerDNS.pdns
vars:
pdns_config:
master: false
slave: true
local-address: '192.0.2.54'
pdns_backends:
gmysql:
host: 192.0.2.120
port: 3306
user: powerdns
password: P0w3rDn5
dbname: pdns
pdns_repo_provider: 'powerdns'
pdns_repo_branch: 'master'
```
Run as a master on port 5300, using two different PostgreSQL databases:
```
- hosts: ns2.example.net
roles:
- role: PowerDNS.pdns
vars:
pdns_config:
master: true
local-port: 5300
local-address: '192.0.2.111'
pdns_backends:
'gpgsql:serverone':
host: 192.0.2.124
user: powerdns
password: P0w3rDn5
dbname: pdns2
'gpgsql:otherserver':
host: 192.0.2.125
user: root
password: root
dbname: dns
```
License
-------
(C) 2015 - PowerDNS.COM BV
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Author Information
------------------
Pieter Lexis <pieter.lexis@powerdns.com>
To Do
-----
* Travis CI testing (kitchen + AWS?)
* Installation from source
vagrant/provision/roles/powerdns/defaults/main.yml 0 → 100755
View file @ a3455a86
---
pdns_installation_type: packages
pdns_repo_provider: os
# XXX: stable doesnt work ye
pdns_repo_branch: stable
# The user and group to run as.
# NOTE: at the moment, we don't create a user as we assume the package creates
# a "pdns" user and group. If you change these variables, make sure to create
# the user and groups before applying this role
pdns_user: pdns
pdns_group: pdns
# The directory where the config is located
pdns_config_dir: '/etc/powerdns'
# pdns_config: A dict containing all configuration options, except for backend
# configuration and the "config-dir", "setuid" and "setgid" directives.
# NOTE: Right now, we don't verify the options when configuring the server.
#
# Example:
# pdns_config:
# master: yes
# slave: no
# local-address: '192.0.2.53'
# local-ipv6: '2001:DB8:1::53'
# local-port: '5300'
pdns_config: {}
# pdns_backends: A dict with all the backends you'd like to have. You can use
# the multiple backends of the same kind by using {backend}-{instance_name}.
#
# For example:
# pdns_backends:
# 'gmysql:one':
# 'user': root
# 'host': 127.0.0.1
# 'password': root
# 'dbname': pdns
# 'gmysql:two':
# 'user': pdns_user
# 'host': 192.0.2.15
# 'password': my_password
# 'dbname': dns
# 'bind':
# 'config': '/etc/named/named.conf'
# 'hybrid': yes
# 'dnssec-db': '{{pdns_config_dir/dnssec.db}}'
#
# This default starts just the bind-backend with an empty config file
pdns_backends:
bind:
config: '/dev/null'
# Dependencies to build PowerDNS on different distros
pdns_debian_dependencies: []
pdns_rhel_dependencies: []
# Dependency packages per backend
pdns_backend_debian_dependencies: {}
pdns_backend_rhel_dependencies: {}
vagrant/provision/roles/powerdns/files/config.inc.php 0 → 100644
View file @ a3455a86
<?php
/**
* Sample configuration file with default values
*
* @package Poweradmin
* @copyright 2007-2010 Rejo Zenger <rejo@zenger.nl>
* @copyright 2010-2014 Poweradmin Development Team
* @license http://opensource.org/licenses/GPL-3.0 GPL
*/
// NOTE: Do not edit this file, otherwise it's very likely your changes
// will be overwritten with an upgrade.
// Instead, create the file "inc/config.inc.php" and set the variables you
// want to set there. Your changes will override the defaults provided by us.
// Better description of available configuration settings you can find here:
// <https://github.com/poweradmin/poweradmin/wiki/Configuration-File>
// Database settings
$db_host = 'localhost';
$db_port = '3306';
$db_user = 'powerdns';
$db_pass = 'N0melaP1LLA';
$db_name = 'powerdnsdb';
$db_type = 'mysql';
//$db_file = ''; # used only for SQLite, provide full path to database file
//$db_debug = false; # show all SQL queries
$db_layer = 'PDO'; # or MDB2
//$db_ssl_ca = '';
// Security settings
// This should be changed upon install
$session_key = 'p0w3r4dm1nquenomelapillaNICA';
$password_encryption = 'md5'; // or md5salt
// Interface settings
$iface_lang = 'en_EN';
$iface_style = 'example';
$iface_rowamount = 50;
$iface_expire = 1800;
$iface_zonelist_serial = false;
$iface_title = 'Poweradmin';
$iface_add_reverse_record = true;
// Predefined DNS settings
$dns_hostmaster = 'dns.zboxapp.com';
$dns_ns1 = 'ns-01.zboxapp.com';
$dns_ns2 = 'ns-02.zboxapp.com';
$dns_ttl = 900;
$dns_fancy = false;
$dns_strict_tld_check = false;
$dns_top_level_tld_check = false; // Don't allow to create top level TLDs
$dns_third_level_check = false;
// Timezone settings
// See <http://www.php.net/manual/en/timezones.php> for help.
//$timezone = 'UTC';
// Logging settings
// Syslog usage - writes authentication attempts to syslog
// This facility could be used in combination with fail2ban to
// ban IPs with break-in attempts
$syslog_use = false;
$syslog_ident = 'poweradmin';
// On Windows usually only LOG_USER is available
$syslog_facility = LOG_USER;
// PowerDNSSEC settings
$pdnssec_use = false;
$pdnssec_command = '/usr/bin/pdnssec';
// LDAP settings
$ldap_use = false;
$ldap_debug = false;
$ldap_uri = 'ldap://domaincontroller.example.com';
$ldap_basedn = 'OU=Users,DC=example,DC=com';
$ldap_binddn = 'GROUP\lookupuser';
$ldap_bindpw = 'some_password';
$ldap_user_attribute = 'sAMAccountName';
$ldap_proto = 3;
vagrant/provision/roles/powerdns/files/pdns.pin 0 → 100755
View file @ a3455a86
Package: pdns-*
Pin: origin repo.powerdns.com
Pin-Priority: 600
vagrant/provision/roles/powerdns/files/pdns.sql 0 → 100644
View file @ a3455a86
CREATE TABLE domains (
id INT AUTO_INCREMENT,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE TABLE records (
id INT AUTO_INCREMENT,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(10) DEFAULT NULL,
content VARCHAR(64000) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
disabled TINYINT(1) DEFAULT 0,
ordername VARCHAR(255) BINARY DEFAULT NULL,
auth TINYINT(1) DEFAULT 1,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);
CREATE TABLE supermasters (
ip VARCHAR(64) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;
CREATE TABLE comments (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) NOT NULL,
comment VARCHAR(64000) NOT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE domainmetadata (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
kind VARCHAR(32),
content TEXT,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
CREATE TABLE cryptokeys (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
flags INT NOT NULL,
active BOOL,
content TEXT,
PRIMARY KEY(id)
) Engine=InnoDB;
CREATE INDEX domainidindex ON cryptokeys(domain_id);
CREATE TABLE tsigkeys (
id INT AUTO_INCREMENT,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);
vagrant/provision/roles/powerdns/handlers/main.yml 0 → 100755
View file @ a3455a86
---
- name: Restart PowerDNS
service: name=pdns state=restarted
vagrant/provision/roles/powerdns/meta/main.yml 0 → 100755
View file @ a3455a86
---
galaxy_info:
author: Pieter Lexis
description: PowerDNS Authoritative Server role
company: PowerDNS.COM BV
license: GPLv2
min_ansible_version: 0.9
platforms:
- name: EL
versions:
- 6
- 7
- name: Debian
versions:
- jessie
categories:
- system
dependencies: []
vagrant/provision/roles/powerdns/tasks/configuration.yml 0 → 100755
View file @ a3455a86
---
- name: Ensure the PowerDNS configuration directory exists
file: name={{pdns_config_dir | default('/etc/powerdns')}} state=directory owner="root" group="root"
- name: Add configuration for PowerDNS
template: src=pdns.conf.j2 dest={{pdns_config_dir | default('/etc/powerdns')}}/pdns.conf
notify: Restart PowerDNS
vagrant/provision/roles/powerdns/tasks/install.packages-debian.yml 0 → 100755
View file @ a3455a86
---
- name: Check pdns_repo_provider
fail: msg="pdns_repo_provider is neither 'powerdns' nor 'os'"
when: pdns_repo_provider not in ["os", "powerdns"]
# XXX: Is this handy to check ( I guess... no)
- name: Check pdns_repo_branch
fail: msg="pdns_repo_branch isn't set to a known branch"
when: pdns_repo_provider == "powerdns" and pdns_repo_branch not in ["master"]
- name: Add the PowerDNS repository key
apt_key: url=http://repo.powerdns.com/CBC8B383-pub.asc id=D47975F8DAE32700A563E64FFF389421CBC8B383
when: pdns_repo_provider == "powerdns" and pdns_repo_branch == "master"
- name: apt-pin the PowerDNS packages to the PowerDNS repo
copy: dest='/etc/apt/preferences.d/pdns' src=pdns.pin owner=root group=root mode=0644
when: pdns_repo_provider == "powerdns"
# XXX: These repo's don't exist yet
#- name: Add the PowerDNS repository key
# apt_key: url=http://repo.powerdns.com/FD380FBB-pub.asc id=9FAAA5577E8FCF62093D036C1B0C6205FD380FBB
# when: pdns_repo_provider == "powerdns" pdns_repo_branch in ["4", "stable"]
- name: Add the PowerDNS repository
apt_repository: repo="deb http://repo.powerdns.com/{{ansible_distribution | lower}} {{ansible_distribution_release|lower}}-auth-{{pdns_repo_branch}} main"
when: pdns_repo_provider == "powerdns"
- name: Install the main PowerDNS package
apt: name=pdns-server state=present update_cache=yes
- name: Install Geo module package
apt: pkg=pdns-backend-geo state=installed
when: item.startswith('geo') and not item.startswith('geoip')
with_items: pdns_backends.keys()
- name: Install GeoIP module package
apt: pkg=pdns-backend-geoip state=installed
when: item.startswith('geoip')
with_items: pdns_backends.keys()
- name: Install MySQL module package
apt: pkg=pdns-backend-mysql state=installed
when: item.startswith('gmysql')
with_items: pdns_backends.keys()
- name: Install Postgresql module package
apt: pkg=pdns-backend-pgsql state=installed
when: item.startswith('gpgsql')
with_items: pdns_backends.keys()
- name: Install gsqlite3 module package
apt: pkg=pdns-backend-sqlite3 state=installed
when: item.startswith('gsqlite3')
with_items: pdns_backends.keys()
- name: Install ldap module package
apt: pkg=pdns-backend-ldap state=installed
when: item.startswith('ldap')
with_items: pdns_backends.keys()
- name: Install lmdb module package
apt: pkg=pdns-backend-lmdb state=installed
when: item.startswith('lmdb')
with_items: pdns_backends.keys()
- name: Install lua module package
apt: pkg=pdns-backend-lua state=installed
when: item.startswith('lua')
with_items: pdns_backends.keys()
- name: Install mydns module package
apt: pkg=pdns-backend-mydns state=installed
when: item.startswith('mydns')
with_items: pdns_backends.keys()
- name: Install pipe module package
apt: pkg=pdns-backend-pipe state=installed
when: item.startswith('pipe')
with_items: pdns_backends.keys()
- name: Install remote module package
apt: pkg=pdns-backend-remote state=installed
when: item.startswith('remote')
with_items: pdns_backends.keys()
- name: Install tinydns module package
apt: pkg=pdns-backend-tinydns state=installed
when: item.startswith('tinydns')
with_items: pdns_backends.keys()
vagrant/provision/roles/powerdns/tasks/install.packages-redhat.yml 0 → 100755
View file @ a3455a86
---
- name: RH Check pdns_repo_provider
fail: msg="pdns_repo_provider is neither 'powerdns' nor 'os'"
when: pdns_repo_provider not in ["os", "powerdns"]
- name: RH Install yum-plugin-priorities
yum: name=yum-plugin-priorities state=installed
when: pdns_repo_provider == "powerdns"
- name: RH Add PowerDNS repository
get_url: url=https://repo.powerdns.com/repo-files/{{ansible_distribution | lower()}}-auth-{{pdns_repo_branch}}.repo dest=/etc/yum.repos.d/powerdns-auth-{{pdns_repo_branch}}.repo
# get_url: url=https://repo.powerdns.com/repo-files/centos-auth-master.repo dest=/etc/yum.repos.d/powerdns-auth-master.repo
when: pdns_repo_provider == "powerdns"
- name: RH Install epel-release
yum: name=epel-release update_cache=yes
- name: RH Install the PowerDNS package
yum: name=pdns state=installed
- name: RH Install MySQL module package
yum: pkg=pdns-backend-mysql state=installed
vagrant/provision/roles/powerdns/tasks/main.yml 0 → 100755
View file @ a3455a86
---
- include: pre-pdns-install.yml
when: pdns_installation_type == "packages" and ansible_os_family == "RedHat" or ansible_distribution == "CentOS"
#- include: install.packages-debian.yml
# when: pdns_installation_type == "packages" and ansible_os_family == "Debian"
# tags:
# - packages
# - install
- include: install.packages-redhat.yml
when: pdns_installation_type == "packages" and ansible_os_family == "RedHat" or ansible_distribution == "CentOS"
tags:
- packages
- install
- include: configuration.yml
tags:
- conf
- config
- configuration
- name: Start and enable the PowerDNS service
service: name=pdns state=started enabled=true
vagrant/provision/roles/powerdns/tasks/pre-pdns-install.yml 0 → 100755
View file @ a3455a86
---
- name: Instala MySQL-python
yum: name=MySQL-python state=present
- name: Instala MariaDBL Server
yum: name={{ item }} state=present
with_items:
- mysql
- mysql-server
- mysql-libs
ignore_errors: yes
- name: Habilita MySQL
service: name=mysqld state=started enabled=yes
- name: Crea DB PowerDNS MySQL
mysql_db: name=powerdnsdb state=present
ignore_errors: true
- name: Crea usuario MySQL
mysql_user: name=powerdns password=12345678 priv=*.*:ALL,GRANT state=present
ignore_errors: true
- name: Copia pdns.sql
copy: src=pdns.sql dest=/tmp/pdns.sql owner=root group=root backup=yes
- name: Crea tablas PowerDNS
mysql_db: state=import name=powerdnsdb login_user=powerdns login_password=12345678 target=/tmp/pdns.sql
ignore_errors: true
vagrant/provision/roles/powerdns/templates/pdns.conf.j2 0 → 100755
View file @ a3455a86
config-dir={{pdns_config_dir}}
setuid={{ pdns_user }}
setgid={{ pdns_group }}
{% for config_item in pdns_config.keys() | sort %}
{% endfor %}
daemon=yes
disable-axfr=no
guardian=yes
log-dns-details=yes
log-dns-queries=yes
master=yes
slave=no
local-port=51
send-root-referral=lean
launch=
{% for backend in pdns_backends -%}
launch+={{backend}}
{% for backend_item in pdns_backends[backend] -%}
{{backend | replace(':', '-')}}-{{backend_item}}={{pdns_backends[backend][backend_item]}}
{% endfor %}
{%- endfor -%}
gmysql-dnssec
version-string="DNS IT Linux"
allow-axfr-ips={{ pdns_slaves }}
experimental-api-key=otto
experimental-json-interface=yes
webserver-address=0.0.0.0
webserver-allow-from=0.0.0.0/0
webserver-port=8091
webserver=yes
vagrant/provision/roles/powerdns/test/integration/allpkgs/default.yml 0 → 100755
View file @ a3455a86
---
- hosts: localhost
roles:
- role: pdns-ansible
pdns_backends:
'gmysql': {}
'gpgsql': {}
'gsqlite3': {}
'geo': {}
'ldap': {}
'lmdb': {}
'lua': {}
'mydns': {}
'pipe': {}
'remote': {}
when: ansible_distribution == "Debian"
- role: pdns-ansible
pdns_backends:
'gmysql': {}
'gpgsql': {}
'gsqlite3': {}
'geo': {}
'ldap': {}
'lua': {}
'pipe': {}
when: ansible_distribution == "Ubuntu"
- role: pdns-ansible
pdns_backends:
'gmysql': {}
'gpgsql': {}
'gsqlite3': {}
'geo': {}
'ldap': {}
'lmdb': {}
'lua': {}
'mydns': {}
'pipe': {}
'remote': {}
'tinydns': {}
when: ansible_os_family == "RedHat"
vagrant/provision/roles/powerdns/test/integration/allpkgs/serverspec/default_spec.rb 0 → 100755
View file @ a3455a86
require 'spec_helper'
%w(mysql pgsql sqlite3 geo ldap lmdb lua mydns pipe remote tinydns).each do |pkg|
case os[:family]
when 'redhat'
# Change the name of the package for RedHat based systems
pkg = 'sqlite' if pkg == 'sqlite3'
pkg = 'postgresql' if pkg == 'pgsql'
when 'debian'
next if pkg == 'tinydns'
when 'ubuntu'
next if %w(lmdb mydns tinydns remote ).include?(pkg)
end
describe package("pdns-backend-#{pkg}") do
it { should be_installed }
end
end
vagrant/provision/roles/powerdns/test/integration/allpkgs/serverspec/spec_helper.rb 0 → 120000
View file @ a3455a86
../../default/serverspec/spec_helper.rb
\ No newline at end of file
vagrant/provision/roles/powerdns/test/integration/default/default.yml 0 → 100755
View file @ a3455a86
---
- hosts: localhost
roles:
- role: pdns-ansible
vagrant/provision/roles/powerdns/test/integration/default/serverspec/default_spec.rb 0 → 100755
View file @ a3455a86
require 'spec_helper'
describe user('pdns') do
it { should exist }
it { should belong_to_group('pdns') }
end
describe service('pdns') do
it { should be_enabled }
it { should be_running }
end
describe port(53) do
it { should be_listening.with('udp') }
it { should be_listening.with('tcp') }
end
describe file('/etc/powerdns/pdns.conf') do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe process('pdns_server'), :if => os[:family] != 'ubuntu' do
its(:user) { should eq "pdns" }
its(:group) { should eq "pdns" }
end
# Because we run inside a guardian, there are 2 processes in ubuntu, but we
# only see the first one
describe command('ps --user pdns -o user=,group=,cmd='), :if => os[:family] == 'ubuntu' do
its(:stdout) { should match /pdns pdns \/usr\/sbin\/pdns_server-instance --daemon --guardian=yes/ }
end
vagrant/provision/roles/powerdns/test/integration/pdnsrepo/default.yml 0 → 100755
View file @ a3455a86
---
- hosts: localhost
roles:
- {role: pdns-ansible, pdns_repo_provider: 'powerdns', pdns_repo_branch: 'master'}
vagrant/provision/roles/powerdns/test/integration/pdnsrepo/serverspec/pdnsrepo_spec.rb 0 → 100755
View file @ a3455a86
require 'spec_helper'
describe file('/etc/apt/preferences.d/pdns'), :if => os[:family] == 'debian' do
it { should be_file }
its(:content) { should contain "Package: pdns-*" }
its(:content) { should contain "Pin: origin repo.powerdns.com" }
its(:content) { should contain "Pin-Priority: 600" }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe file('/etc/yum.repos.d/powerdns-auth-master.repo'), :if => os[:family] == 'redhat' do
it { should be_file }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
end
describe command('/usr/sbin/pdns_server --version 2>&1') do
its(:stdout) { should match /0\.0\.\d+g/ }
end
vagrant/provision/roles/powerdns/test/integration/pdnsrepo/serverspec/spec_helper.rb 0 → 120000
View file @ a3455a86
../../default/serverspec/spec_helper.rb
\ No newline at end of file
vagrant/provision/roles/powerdns/vars/main.yml 0 → 100755
View file @ a3455a86
---
# vars file for pdns-ansible
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment