An Ansible role create by the folks behind PowerDNS to set up dnsdist.
An Ansible 2.9 or higher installation.
None.
Available variables are listed below, along with default values (see defaults/main.yml
):
dnsdist_install_repo: ""
By default, dnsdist is installed from the software repositories configured on the target hosts.
# Install dnsdist from the master branch
- hosts: dnsdist
roles:
- { role: PowerDNS.dnsdist,
dnsdist_install_repo: "{{ dnsdist_powerdns_repo_master }}"
# Install dnsdist 1.3.x
- hosts: dnsdist
roles:
- { role: PowerDNS.dnsdist,
dnsdist_install_repo: "{{ dnsdist_powerdns_repo_13 }}"
The examples above, show how to install DNSdist from the official PowerDNS repositories
(see the complete list of pre-defined repos in vars/main.yml
).
- hosts: all
vars:
dnsdist_install_repo:
name: "dnsdist" # the repository name
apt_repo_origin: "example.com" # used to pin dnsdist to the provided repository
apt_repo: "deb http://example.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/dnsdist main"
gpg_key: "http://example.com/MYREPOGPGPUBKEY.asc" # repository public GPG key
gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed
yum_repo_baseurl: "http://example.com/centos/$basearch/$releasever/dnsdist"
yum_debug_symbols_repo_baseurl: "http://example.com/centos/$basearch/$releasever/dnsdist/debug"
roles:
- { role: PowerDNS.dnsdist }
It is also possible to install dnsdist from custom repositories as demonstrated in the example above.
dnsdist_install_epel: True
By default, install EPEL to satisfy some DNSdist dependencies like lidsodium
.
To skip the installation of EPEL set the dnsdist_install_epel
variable to False
.
dnsdist_package_name: "{{ default_dnsdist_package_name }}"
The name of the dnsdist package: "dnsdist" on both RHEL and Debian derivates distributions.
dnsdist_package_version: ""
Optionally, allow to set a specific version of the dnsdist package to be installed.
dnsdist_install_debug_symbols_package: False
Install dnsdist debug symbols package.
dnsdist_debug_symbols_package_name: "{{ default_dnsdist_debug_symbols_package_name }}"
The name of the dnsdist debug symbols package to be installed when dnsdist_install_debug_symbols_package
is True
.
dnsdist_acls: []
Configures the dnsdist ACLS (netmasks).
dnsdist_locals: ['127.0.0.1:5300']
Configure dnsdist's listen addresses.
dnsdist_servers:
- '127.0.0.1'
- "{ address='127.0.0.1:5300', source='127.0.0.1@lo', order=1 }"
The list of IP addresses of the downstream DNS servers dnsdist should be send traffic to OR of Lua tables that the newServer function ( https://dnsdist.org/reference/config.html#newServer ) can parse.
dnsdist_carbonserver: ""
The IP address of the Carbon server that should receive dnsdist metrics.
dnsdist_controlsocket: "127.0.0.1"
The listen IP address of the dnsdist's TCP control socket.
dnsdist_setkey: ""
Encryption key for the dnsdist's TCP control socket. If it is empty, a random key will be generated. If a key is already present in the file, it will be kept.
dnsdist_webserver_address: ""
The listen IP address of the built-in webserver, empty thus disable by default.
dnsdist_webserver_password: ""
The authentication credentials for the built-in webserver. Must be set when dnsdist_webserver_address
is set.
dnsdist_webserver_apikey: ""
The authentication credentials for the built-in API.
dnsdist_webserver_acl: ""
Since 1.5.0, only connections from 127.0.0.1 and ::1 are allowed by default. See https://dnsdist.org/guides/webserver.html for more information.
dnsdist_config: ""
Additional dnsdist configuration to be injected verbatim in the dnsdist.conf
file.
dnsdist_config_owner: 'root'
dnsdist_config_group: 'root'
User and Group that own the dnsdist.conf
file.
dnsdist_service_overrides: {}
Dict with overrides for the service (systemd only).
This can be used to change any systemd settings in the [Service]
category.
dnsdist_unit_overrides: {}
Dict with overrides for the service unit (systemd only).
This can be used to change any systemd settings in the [Unit]
category.
dnsdist_environment_overrides: {}
Dict with overrides for the service environments (systemd only).
This can be used to change any environment variables in systemd settings in the [Service]
category.
dnsdist_service_state: "started"
dnsdist_service_enabled: "yes"
Allow to specify the desired state of the DNSdist service. E.g. This allows to install and configure DNSdist without automatically starting the service.
dnsdist_disable_handlers: False
Disable automated service restart on configuration changes.
dnsdist_tlslocals: []
Configures DNS over TLS listeners. The entries are copied verbatim entry-by-entry.
dnsdist_force_reinstall: False
Force reinstall of dnsdist packages by performing a removal prior to the package installation steps. Intended for usage where a downgrade of dnsdist needs to be performed.
Deploy dnsdist in front of Quad9 and enable the web monitoring interface
- hosts: dnsdist
roles:
- { role: PowerDNS.dnsdist,
dnsdist_servers: ['9.9.9.9'],
dnsdist_webserver_address: "{{ ansible_default_ipv4['address'] }}:8083",
dnsdist_webserver_password: 'geheim' }
A detailed changelog of all the changes applied to the role is available here.
Tests are performed by Molecule.
$ pip install tox
To test all the scenarios run
$ tox
To run a custom molecule command
$ tox -e ansible29 -- molecule test -s dnsdist-15
MIT