-
Rafael Guterres Jeffman authored
Modules ipadnsconfig and ipadnsforwardzone allow the setting of forward policy for zone forwarders, but the parameter names differ between the modules. This patch ensures that the same parameter names can be used in each module. To keep backwar compatibility in both modules, both `forward_policy` and `forwardpolicy` are now supported.
Rafael Guterres Jeffman authoredModules ipadnsconfig and ipadnsforwardzone allow the setting of forward policy for zone forwarders, but the parameter names differ between the modules. This patch ensures that the same parameter names can be used in each module. To keep backwar compatibility in both modules, both `forward_policy` and `forwardpolicy` are now supported.
README-dnsconfig.md 3.39 KiB
DNSConfig module
Description
The dnsconfig module allows to modify global DNS configuration.
Features
- Global DNS configuration
Supported FreeIPA Versions
FreeIPA versions 4.4.0 and up are supported by the ipadnsconfig module.
Requirements
Controller
- Ansible version: 2.8+
Node
- Supported FreeIPA version (see above)
Usage
Example inventory file
[ipaserver]
ipaserver.test.localExample playbook to set global DNS configuration:
---
- name: Playbook to handle global DNS configuration
hosts: ipaserver
become: true
tasks:
# Set dnsconfig.
- ipadnsconfig:
forwarders:
- ip_address: 8.8.4.4
- ip_address: 2001:4860:4860::8888
port: 53
forward_policy: only
allow_sync_ptr: yesExample playbook to ensure a global forwarder, with a custom port, is absent:
---
- name: Playbook to handle global DNS configuration
hosts: ipaserver
become: true
tasks:
# Ensure global forwarder with a custom port is absent.
- ipadnsconfig:
forwarders:
- ip_address: 2001:4860:4860::8888
port: 53
action: member
state: absentExample playbook to disable global forwarders:
---
- name: Playbook to disable global DNS forwarders
hosts: ipaserver
become: true
tasks:
# Disable global forwarders.
- ipadnsconfig:
forward_policy: noneExample playbook to change global forward policy:
---
- name: Playbook to change global forward policy
hosts: ipaserver
become: true
tasks:
# Disable global forwarders.
- ipadnsconfig:
forward_policy: firstExample playbook to disallow synchronization of forward (A, AAAA) and reverse (PTR) records:
---
- name: Playbook to disallow reverse synchronization.
hosts: ipaserver
become: true
tasks:
# Disable global forwarders.
- ipadnsconfig:
allow_sync_ptr: noVariables
| Variable | Description | Required |
|---|---|---|
ipaadmin_principal |
The admin principal is a string and defaults to admin
|
no |
ipaadmin_password |
The admin password is a string and is required if there is no admin ticket available on the node | no |
ipaapi_context |
The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are server and client. |
no |
ipaapi_ldap_cache |
Use LDAP cache for IPA connection. The bool setting defaults to yes. (bool) | no |
forwarders |
The list of forwarders dicts. Each forwarders dict entry has: |
no |
ip_address - The IPv4 or IPv6 address of the DNS server. |
yes | |
port - The custom port that should be used on this server. |
no | |
forward_policy | forwardpolicy
|
The global forwarding policy. It can be one of only, first, or none. |
no |
allow_sync_ptr |
Allow synchronization of forward (A, AAAA) and reverse (PTR) records (bool). | yes |
action |
Work on dnsconfig or member level. It can be one of member or dnsconfig and defaults to dnsconfig. Only forwarders can be managed with action: member. |
no |
state |
The state to ensure. It can be one of present or absent, default: present. absent can only be used with action: member and forwarders. |
yes |
Authors
Rafael Guterres Jeffman