0a4c83c4b0
- Updated debug tasks to use ansible.builtin.debug (FQCN) - Removed trailing whitespace - Fixed line length violations - Examples now follow Ansible guidelines
126 lines
3.2 KiB
YAML
126 lines
3.2 KiB
YAML
---
|
|
# Example playbook demonstrating nsupdate_zone module usage
|
|
|
|
- name: Manage DNS zones with nsupdate_zone
|
|
hosts: localhost
|
|
gather_facts: false
|
|
|
|
vars:
|
|
# TSIG authentication
|
|
dns_key_name: "nsupdate"
|
|
dns_key_secret: "+bFQtBCta7j2vWkjPkAFtgA=="
|
|
|
|
# Example zone records
|
|
example_com_records:
|
|
# Zone apex records
|
|
- record: 'example.com.'
|
|
type: A
|
|
value: 192.168.1.1
|
|
ttl: 3600
|
|
|
|
- record: 'example.com.'
|
|
type: MX
|
|
value:
|
|
- "10 mail1.example.com."
|
|
- "20 mail2.example.com."
|
|
|
|
- record: 'example.com.'
|
|
type: TXT
|
|
value:
|
|
- "v=spf1 mx a include:_spf.google.com ~all"
|
|
- "google-site-verification=abc123"
|
|
|
|
# Subdomains
|
|
- record: www
|
|
type: A
|
|
value:
|
|
- 192.168.1.10
|
|
- 192.168.1.11
|
|
ttl: 300
|
|
|
|
- record: blog
|
|
type: CNAME
|
|
value: www.example.com.
|
|
|
|
- record: mail1
|
|
type: A
|
|
value: 192.168.1.20
|
|
|
|
- record: mail2
|
|
type: A
|
|
value: 192.168.1.21
|
|
|
|
# Wildcard
|
|
- record: '*'
|
|
type: A
|
|
value: 192.168.1.100
|
|
|
|
# Remove old record
|
|
- record: old-server
|
|
type: A
|
|
value: 192.168.1.99
|
|
state: absent
|
|
|
|
tasks:
|
|
- name: Manage example.com zone
|
|
valid.nsupdate_zone.nsupdate_zone:
|
|
key_name: "{{ dns_key_name }}"
|
|
key_secret: "{{ dns_key_secret }}"
|
|
protocol: tcp
|
|
# SOA and DNSSEC records are ignored by default
|
|
ignore_record_patterns:
|
|
- '^_acme-challenge\..*'
|
|
- '^_dnsauth\..*'
|
|
zones:
|
|
- name: example.com
|
|
dns_server: ns1.example.com
|
|
records: "{{ example_com_records }}"
|
|
register: result
|
|
|
|
- name: Display results
|
|
ansible.builtin.debug:
|
|
var: result
|
|
|
|
- name: Show changes made
|
|
ansible.builtin.debug:
|
|
msg: |
|
|
Zone: {{ item.zone }}
|
|
Changed: {{ item.changed }}
|
|
Adds: {{ item.changes.adds }}
|
|
Deletes: {{ item.changes.deletes }}
|
|
Updates: {{ item.changes.updates }}
|
|
loop: "{{ result.results }}"
|
|
when: result.results is defined
|
|
|
|
# Example: Manage multiple zones with global dns_server
|
|
- name: Manage multiple zones with shared server
|
|
valid.nsupdate_zone.nsupdate_zone:
|
|
key_name: "{{ dns_key_name }}"
|
|
key_secret: "{{ dns_key_secret }}"
|
|
dns_server: ns1.example.com # Global server for all zones
|
|
zones:
|
|
- name: example.com
|
|
records:
|
|
- record: 'example.com.'
|
|
type: A
|
|
value: 192.168.1.1
|
|
|
|
- name: example.org
|
|
records:
|
|
- record: 'example.org.'
|
|
type: A
|
|
value: 192.168.2.1
|
|
|
|
- name: example.net
|
|
records:
|
|
- record: 'example.net.'
|
|
type: A
|
|
value: 192.168.3.1
|
|
register: multi_zone_result
|
|
|
|
- name: Show multi-zone results
|
|
ansible.builtin.debug:
|
|
msg: >-
|
|
Processed {{ multi_zone_result.results | length }} zones,
|
|
{{ multi_zone_result.results | selectattr('changed', 'equalto', true) | list | length }} changed
|