Project

General

Profile

Statistics
| Branch: | Revision:

duckcorp-infra / ansible / playbooks / tenants / duckcorp / dns.yml @ f498ead5

History | View | Annotate | Download (1.09 KB)

1
---
2

    
3
- hosts: dns_servers
4
  tasks:
5
    - name: Install DNS Server
6
      import_role:
7
        name: bind9
8
      vars:
9
        dnssec_system: "{{ (inventory_hostname == 'Elwing') | ternary('bind', 'opendnssec') }}"
10
        keys: "{{ ns['keys'] }}"
11
        server_groups: "{{ ns.server_groups }}"
12
        master_zones: "{{ ns.master_zones | default({}) }}"
13
        slave_zones: "{{ ns.slave_zones | default({}) }}"
14
        recursion_allowed_groups: "{{ ns.recursion_allowed_groups | default({}) }}"
15
        options: "{{ ns.options | default({}) }}"
16
  tags: dns
17

    
18
- hosts: dns_servers
19
  tasks:
20
    - name: Install DNSSEC Rollover Service
21
      import_role:
22
        name: opendnssec
23
      vars:
24
        hsm_pin: "{{ ns.dnssec.hsm_pin }}"
25
        ksk: "{{ ns.dnssec.ksk }}"
26
        zsk: "{{ ns.dnssec.zsk }}"
27
        zones: "{{ q('dict', ns.master_zones | default({})) | selectattr('value.dnssec', 'defined') | selectattr('value.dnssec') | map(attribute='key') | list }}"
28
      when: "(ns.master_zones | default({})).values() | selectattr('dnssec', 'defined') | selectattr('dnssec') | list | length > 0"
29
  tags: dnssec
30