Add knot role
This commit is contained in:
parent
f045949650
commit
616a8d3792
8 changed files with 133 additions and 1 deletions
23
roles/master/defaults/main.yml
Normal file
23
roles/master/defaults/main.yml
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
knot_server_rundir: /run/knot
|
||||||
|
knot_server_user: knot
|
||||||
|
knot_server_group: knot
|
||||||
|
knot_server_listen:
|
||||||
|
- "::@53"
|
||||||
|
- "0.0.0.0@53"
|
||||||
|
|
||||||
|
knot_log_targets:
|
||||||
|
- target: syslog
|
||||||
|
level: info
|
||||||
|
|
||||||
|
knot_zone_storage_path: /var/lib/knot/master
|
||||||
|
knot_zone_semantic_checks: 'on'
|
||||||
|
knot_zone_dnssec_signing: 'on'
|
||||||
|
|
||||||
|
knot_dnssec_policy_algorithm: ecdsap384sha384
|
||||||
|
knot_dnssec_policy_nsec3: 'on'
|
||||||
|
knot_dnssec_policy_ksk_shared: 'on'
|
||||||
|
knot_dnssec_policy_ksk_size: 384
|
||||||
|
knot_dnssec_policy_zsk_size: 384
|
||||||
|
knot_dnssec_policy_cds_publish: 'always'
|
6
roles/master/handlers/main.yml
Normal file
6
roles/master/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: reload knot
|
||||||
|
service:
|
||||||
|
name: knot
|
||||||
|
state: reloaded
|
|
@ -1,2 +1,35 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- name: render knot master config
|
||||||
|
template:
|
||||||
|
src: etc/knot/knot.conf.j2
|
||||||
|
dest: /etc/knot/knot.conf
|
||||||
|
owner: knot
|
||||||
|
group: knot
|
||||||
|
mode: 0640
|
||||||
|
notify: reload knot
|
||||||
|
|
||||||
|
- name: render knot server config
|
||||||
|
template:
|
||||||
|
src: etc/knot/knot.d/00-server.conf.j2
|
||||||
|
dest: /etc/knot/knot.d/00-server.conf
|
||||||
|
owner: knot
|
||||||
|
group: knot
|
||||||
|
mode: 0640
|
||||||
|
notify: reload knot
|
||||||
|
|
||||||
|
- name: render knot master configs
|
||||||
|
template:
|
||||||
|
src: etc/knot/knot.d/10-master.conf.j2
|
||||||
|
dest: "/etc/knot/knot.d/{{ 10+i }}-master-{{ item.name }}.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
vars:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
replicas: "{{ item.replicas }}"
|
||||||
|
zones: "{{ item.zones }}"
|
||||||
|
loop: "{{ knot_zone_groups }}"
|
||||||
|
loop_control:
|
||||||
|
index_var: i
|
||||||
|
notify: reload knot
|
||||||
|
|
|
@ -5,3 +5,8 @@
|
||||||
name: knot
|
name: knot
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: start and enable knot
|
||||||
|
service:
|
||||||
|
name: knot
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
|
5
roles/master/templates/etc/knot/knot.conf.j2
Normal file
5
roles/master/templates/etc/knot/knot.conf.j2
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
# See knot.conf(5) or refer to the server documentation.
|
||||||
|
|
||||||
|
include: /etc/knot/knot.d/*conf
|
14
roles/master/templates/etc/knot/knot.d/00-server.conf.j2
Normal file
14
roles/master/templates/etc/knot/knot.d/00-server.conf.j2
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
server:
|
||||||
|
rundir: "{{ knot_server_rundir }}"
|
||||||
|
user: "{{ knot_server_user }}:{{ knot_server_group }}"
|
||||||
|
{% for addr in knot_server_listen %}
|
||||||
|
listen: "{{ addr }}"
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
log:
|
||||||
|
{% for target in knot_log_targets %}
|
||||||
|
- target: "{{ target.target }}"
|
||||||
|
any: "{{ target.level }}"
|
||||||
|
{% endfor %}
|
46
roles/master/templates/etc/knot/knot.d/10-master.conf.j2
Normal file
46
roles/master/templates/etc/knot/knot.d/10-master.conf.j2
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Master configuration for zones in group {{ name }}
|
||||||
|
#
|
||||||
|
|
||||||
|
acl:
|
||||||
|
- id: xfr-{{ name }}
|
||||||
|
action: transfer
|
||||||
|
address:
|
||||||
|
{% for replica in replicas %}
|
||||||
|
- "{{ replica }}"
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
remote:
|
||||||
|
{% for replica in replicas %}
|
||||||
|
- id: remote-{{ name }}-{{ loop.index0 }}
|
||||||
|
address: "{{ replica }}"
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
policy:
|
||||||
|
- id: dnssec-{{ name }}
|
||||||
|
algorithm: {{ knot_dnssec_policy_algorithm }}
|
||||||
|
nsec3: {{ knot_dnssec_policy_nsec3 }}
|
||||||
|
ksk-size: {{ knot_dnssec_policy_ksk_size }}
|
||||||
|
zsk-size: {{ knot_dnssec_policy_zsk_size }}
|
||||||
|
ksk-shared: {{ knot_dnssec_policy_ksk_shared }}
|
||||||
|
cds-cdnskey-publish: {{ knot_dnssec_policy_cds_publish }}
|
||||||
|
|
||||||
|
template:
|
||||||
|
- id: {{ name }}
|
||||||
|
storage: {{ knot_zone_storage_path }}
|
||||||
|
semantic_checks: {{ knot_zone_semantic_checks }}
|
||||||
|
dnssec-signing: {{ knot_zone_dnssec_signing }}
|
||||||
|
dnssec-policy: dnssec-{{ name }}
|
||||||
|
acl: xfr-{{ name }}
|
||||||
|
notify:
|
||||||
|
{% for replica in replicas %}
|
||||||
|
- remote-{{ name }}-{{ loop.index0 }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
zone:
|
||||||
|
{% for zone in zones %}
|
||||||
|
- domain: {{ zone }}.
|
||||||
|
template: {{ name }}
|
||||||
|
{% endfor %}
|
|
@ -1,7 +1,7 @@
|
||||||
{{ ansible_managed | comment }}
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Replica for zones of of primary {{ primary }}
|
# Replica for zones of primary {{ primary }}
|
||||||
#
|
#
|
||||||
|
|
||||||
pattern:
|
pattern:
|
||||||
|
|
Loading…
Reference in a new issue