verdnatura/vn-ansible
verdnatura
/
vn-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refs #8025 Vault added, core hosts splitted, tasks parametized, auth enabled

This commit is contained in:
Juan Ferrer 2024-09-27 13:26:47 +02:00
parent ca9b87b8f8
commit 1e565544fe
41 changed files with 149 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
.vscode/ .vscode/
.vaultpass

10
README.md
View File

@ -21,12 +21,20 @@ ansible-playbook -u root -i <ip_or_hostname>, [--tags tag1,tag2] playbooks/test.
*Note the comma at the end of the hostname or IP.* *Note the comma at the end of the hostname or IP.*
## Manage vault
Place vault password into *.vaultpass* file.
Edit vault file.
```
ansible-vault edit vault.yml
```
## Common playbooks ## Common playbooks
* **facts.yml**: Collect and display facts from a host * **facts.yml**: Collect and display facts from a host
* **ping.yml**: Check that a host is alive and reachable * **ping.yml**: Check that a host is alive and reachable
* **awx.yml**: Create and configure AWX user * **awx.yml**: Create and configure AWX user
* **test.yml**: Test an specific role. Don't forget to undo changes before pushing!
* **debian.yml**: Setup base Debian server * **debian.yml**: Setup base Debian server
## Documentation ## Documentation

5
ansible.cfg
View File

@ -1,10 +1,11 @@
[defaults] [defaults]
remote_user = root
host_key_checking = False
roles_path = ./roles roles_path = ./roles
inventory = ./inventories/production inventory = ./inventories/production
gathering = smart gathering = smart
interpreter_python = auto_silent interpreter_python = auto_silent
remote_user = awx vault_password_file = .vaultpass
host_key_checking = False
[privilege_escalation] [privilege_escalation]
become = True become = True

32
inventories/core Normal file
View File

@ -0,0 +1,32 @@
[ceph]
ceph1 ansible_host=ceph1.core.dc.verdnatura.es
ceph2 ansible_host=ceph2.core.dc.verdnatura.es
ceph3 ansible_host=ceph3.core.dc.verdnatura.es
[ceph_gw]
ceph-gw1 ansible_host=ceph-gw1.core.dc.verdnatura.es
ceph-gw2 ansible_host=ceph-gw2.core.dc.verdnatura.es
[pve]
pve01 ansible_host=pve01.core.dc.verdnatura.es
pve02 ansible_host=pve02.core.dc.verdnatura.es
pve03 ansible_host=pve03.core.dc.verdnatura.es
pve04 ansible_host=pve04.core.dc.verdnatura.es
pve05 ansible_host=pve04.core.dc.verdnatura.es
[infra:children]
ceph
ceph_gw
pve
[core]
core-agent ansible_host=core-agent.core.dc.verdnatura.es
core-proxy ansible_host=core-proxy.core.dc.verdnatura.es
[backup]
bacula-dir ansible_host=bacula-dir.backup.dc.verdnatura.es
bacula-db ansible_host=bacula-db.backup.dc.verdnatura.es
bacularis ansible_host=bacularis.backup.dc.verdnatura.es
backup-nas ansible_host=backup-nas.backup.dc.verdnatura.es
tftp ansible_host=tftp.backup.dc.verdnatura.es
kube-backup ansible_host=kube-backup.backup.dc.verdnatura.es

47
inventories/group_vars/all.yml
View File

@ -1,5 +1,12 @@
sysadmin_mail: sysadmin@verdnatura.es sysadmin_mail: sysadmin@verdnatura.es
sysadmin_group: sysadmin
smtp_server: smtp.verdnatura.es smtp_server: smtp.verdnatura.es
homes_server: homes.servers.dc.verdnatura.es
nagios_server: nagios.verdnatura.es
time_server: time1.verdnatura.es time2.verdnatura.es
main_dns_server: ns1.verdnatura.es
ldap_uri: ldap://ldap.verdnatura.es
ldap_base: dc=verdnatura,dc=es
dc_net: "10.0.0.0/16" dc_net: "10.0.0.0/16"
resolv: resolv:
domain: verdnatura.es domain: verdnatura.es
@ -12,43 +19,3 @@ awx_pub_key: >
ssh-ed25519 ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAIKzAwWm+IsqZCgMzjdZ7Do3xWtVtoUCpWJpH7KSi2a/H AAAAC3NzaC1lZDI1NTE5AAAAIKzAwWm+IsqZCgMzjdZ7Do3xWtVtoUCpWJpH7KSi2a/H
awx@verdnatura.es awx@verdnatura.es
nslcd_password: !vault >
$ANSIBLE_VAULT;1.1;AES256
30343461633538323832316231383362626636653864353535346461353937313131336135396162
3866623238353638323961363239373236393339333134380a313561363030306165393965396234
65316535626434333331633438613639633163643765633064363833303461363834653864646464
3133313233353730620a343536316266393637623563313563613332646630643632366439343764
30383935303161646339393361393130613266663337373364626635646430326465
rndc_key: !vault >
$ANSIBLE_VAULT;1.1;AES256
36386562613235363931396632656535383336313537636431643338353438313231623839313031
3830616135393732353265666664353963393366343461630a633365396165653761353762383739
66303862376465626435633964313237643230653463353662343831646464633639383336323863
6139333234386565620a653438613165626131653834633931343766343162653932373161653362
38303139333536656263656163623333313234393666353766363565633732366165
radius_ldap_password: !vault >
$ANSIBLE_VAULT;1.1;AES256
31643037313539376337363739616361363339616235623433656131306539373030373731643934
3432656465343430366366646237326137656134346562360a306538303762313261616632643135
39316439653932396134646432633262326631363765643564306565636363356335653539656531
6234636463376364620a636133346337306437643939376531633564633737333133363065633031
61643731646163323636343837373761303930323961653663343135303731623133
radius_client_password: !vault >
$ANSIBLE_VAULT;1.1;AES256
62313333666335316231396365653635356639626563613738363137383434343437393833393934
6439646632303536393438306234323862363532393733630a356136393539363161346631623161
37636365653331333735353166646164613732303035613231353237343139623137396364643637
3261656465336435630a666466643734373830633933613266663631343730386530633839386239
62623434663130363637303035363434313566376661356362663238666166343534
awx_smtp_password: !vault >
$ANSIBLE_VAULT;1.1;AES256
62393936623766653737356136353765336265636136616330306537393638646663326663346138
3631616362363163393036613564623864383365633634660a366563363836363061623566393361
37633364633631333130346332613235303762316435313535613664323830656363353237373561
3866653365636431630a303262666662376662623862663461633361333037643863353135343836
61383730366664353730616331666139376234313562383163613736353231666533
grub_code: >
grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE22
29139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA385
7B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE
0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7

35
inventories/production
View File

@ -1,24 +1,3 @@
[ceph]
ceph1 ansible_host=ceph1.core.dc.verdnatura.es
ceph2 ansible_host=ceph2.core.dc.verdnatura.es
ceph3 ansible_host=ceph3.core.dc.verdnatura.es
[ceph_gw]
ceph-gw1 ansible_host=ceph-gw1.core.dc.verdnatura.es
ceph-gw2 ansible_host=ceph-gw2.core.dc.verdnatura.es
[pve]
pve01 ansible_host=pve01.core.dc.verdnatura.es
pve02 ansible_host=pve02.core.dc.verdnatura.es
pve03 ansible_host=pve03.core.dc.verdnatura.es
pve04 ansible_host=pve04.core.dc.verdnatura.es
pve05 ansible_host=pve04.core.dc.verdnatura.es
[infra:children]
ceph
ceph_gw
pve
[kube_master] [kube_master]
kube-master1 ansible_host=kube-master1.servers.dc.verdnatura.es kube-master1 ansible_host=kube-master1.servers.dc.verdnatura.es
kube-master2 ansible_host=kube-master2.servers.dc.verdnatura.es kube-master2 ansible_host=kube-master2.servers.dc.verdnatura.es
@ -51,18 +30,6 @@ dc1 ansible_host=dc1.servers.dc.verdnatura.es
dc2 ansible_host=dc2.servers.dc.verdnatura.es dc2 ansible_host=dc2.servers.dc.verdnatura.es
server ansible_host=server.servers.dc.verdnatura.es server ansible_host=server.servers.dc.verdnatura.es
[backup]
bacula-dir ansible_host=bacula-dir.backup.dc.verdnatura.es
bacula-db ansible_host=bacula-db.backup.dc.verdnatura.es
bacularis ansible_host=bacularis.backup.dc.verdnatura.es
backup-nas ansible_host=backup-nas.backup.dc.verdnatura.es
tftp ansible_host=tftp.backup.dc.verdnatura.es
kube-backup ansible_host=kube-backup.backup.dc.verdnatura.es
[core]
core-agent ansible_host=core-agent.core.dc.verdnatura.es
core-proxy ansible_host=core-proxy.core.dc.verdnatura.es
[db] [db]
db-proxy1 ansible_host=db-proxy1.servers.dc.verdnatura.es db-proxy1 ansible_host=db-proxy1.servers.dc.verdnatura.es
db-proxy2 ansible_host=db-proxy2.servers.dc.verdnatura.es db-proxy2 ansible_host=db-proxy2.servers.dc.verdnatura.es
@ -121,8 +88,6 @@ dev-db ansible_host=dev-db.servers.dc.verdnatura.es
[guest:children] [guest:children]
ad ad
backup
core
db db
kubernetes kubernetes
ldap ldap

1
playbooks/debian.yml
View File

@ -1,5 +1,6 @@
- name: Configure base Debian host - name: Configure base Debian host
hosts: all hosts: all
vars_files: ../vault.yml
tasks: tasks:
- name: Configure base system - name: Configure base system
import_role: import_role:

2
playbooks/facts.yml
View File

@ -3,7 +3,7 @@
gather_facts: yes gather_facts: yes
tasks: tasks:
- name: Print all available facts - name: Print all available facts
ansible.builtin.debug: debug:
var: ansible_facts var: ansible_facts
- name: Print variable value - name: Print variable value
debug: debug:

5
playbooks/test.yml
View File

@ -1,5 +0,0 @@
- name: Test role
hosts: all
tasks:
- import_role:
name: debian-base

7
roles/debian-base/defaults/main.yaml
View File

@ -1,3 +1,10 @@
default_user: user
root_password: Pa$$w0rd
fail2ban:
email: "{{ sysadmin_mail }}"
bantime: 600
maxretry: 4
ignore: "127.0.0.0/8 {{ dc_net }}"
exim_dc_eximconfig_configtype: satellite exim_dc_eximconfig_configtype: satellite
dc_other_hostnames: "{{ ansible_fqdn }}" dc_other_hostnames: "{{ ansible_fqdn }}"
dc_local_interfaces: 127.0.0.1 dc_local_interfaces: 127.0.0.1

8
roles/debian-base/files/profile.sh
View File

@ -37,3 +37,11 @@ HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "
# Security # Security
TMOUT=3600 TMOUT=3600
# Aliases
#export LS_OPTIONS='--color=auto'
#eval "$(dircolors)"
#alias ls='ls $LS_OPTIONS'
#alias ll='ls $LS_OPTIONS -l'
#alias la='ls $LS_OPTIONS -la'

5
roles/debian-base/files/timesync
View File

@ -1,5 +0,0 @@
#!/bin/sh
test -x /usr/sbin/ntpdate || exit 0
/usr/sbin/ntpdate time1.verdnatura.es
/usr/sbin/ntpdate time2.verdnatura.es

2
roles/debian-base/tasks/bacula.yml
View File

@ -8,7 +8,7 @@
register: bacula_passwords register: bacula_passwords
- name: Configure Bacula FD - name: Configure Bacula FD
template: template:
src: bacula-fd.conf.j2 src: bacula-fd.conf
dest: /etc/bacula/bacula-fd.conf dest: /etc/bacula/bacula-fd.conf
owner: root owner: root
group: bacula group: bacula

2
roles/debian-base/tasks/fail2ban.yml
View File

@ -7,7 +7,7 @@
- rsyslog - rsyslog
- name: Configure fail2ban service - name: Configure fail2ban service
template: template:
src: jail.local.j2 src: jail.local
dest: /etc/fail2ban/jail.local dest: /etc/fail2ban/jail.local
owner: root owner: root
group: root group: root

2
roles/debian-base/tasks/locale.yml
View File

@ -12,4 +12,4 @@
- name: Generate locale - name: Generate locale
command: locale-gen command: locale-gen
- name: Update locale - name: Update locale
command: update-locale LANG=en_US.UTF-8 command: update-locale LANG=en_US.UTF-8

8
roles/debian-base/tasks/nrpe.yml
View File

@ -6,12 +6,12 @@
- nagios-nrpe-server - nagios-nrpe-server
- nagios-plugins-contrib - nagios-plugins-contrib
- name: Set NRPE generic configuration - name: Set NRPE generic configuration
copy: template:
src: nrpe.cfg src: nrpe.cfg
dest: /etc/nagios/nrpe.d/90-vn.cfg dest: /etc/nagios/nrpe.d/90-vn.cfg
owner: root owner: root
group: root group: root
mode: '0644' mode: u=rw,g=r,o=r
notify: restart-nrpe notify: restart-nrpe
- name: Create NRPE local configuration file - name: Create NRPE local configuration file
file: file:
@ -19,4 +19,6 @@
state: touch state: touch
owner: nagios owner: nagios
group: nagios group: nagios
mode: '0640' mode: u=rw,g=r,o=
modification_time: preserve
access_time: preserve

19
roles/debian-base/tasks/root.yaml
View File

@ -6,21 +6,4 @@
- name: Change root password - name: Change root password
user: user:
name: root name: root
password: "{{ ssh_password | password_hash('sha512') }}" password: "{{ root_password | password_hash('sha512') }}"
- name: Configure bashrc
lineinfile:
dest: /root/.bashrc
regexp: "{{item.regexp}}"
line: "{{item.line}}"
state: present
with_items:
- regexp: "^# export LS_OPTIONS"
line: "export LS_OPTIONS='--color=auto"
- regexp: "^# eval"
line: 'eval "$(dircolors)"'
- regexp: "^# alias ls='ls $LS_OPTIONS'"
line: "alias ls='ls $LS_OPTIONS'"
- regexp: "^# alias ll='ls $LS_OPTIONS -l'"
line: "alias ll='ls $LS_OPTIONS -l'"
- regexp: "# alias la='ls $LS_OPTIONS -la'"
line: "alias la='ls $LS_OPTIONS -la'"

4
roles/debian-base/tasks/tymesyncd.yml → roles/debian-base/tasks/timesync.yml
View File

@ -2,7 +2,7 @@
lineinfile: lineinfile:
path: /etc/systemd/timesyncd.conf path: /etc/systemd/timesyncd.conf
regexp: '^#NTP' regexp: '^#NTP'
line: "NTP=time1.verdnatura.es time2.verdnatura.es" line: "NTP={{ time_server }}"
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
@ -14,7 +14,7 @@
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
notify: restart systemd-timesyncd notify: restart systemd-timesyncd
- name: Service should start on boot - name: Service should start on boot
service: service:
name: systemd-timesyncd name: systemd-timesyncd

0
roles/debian-base/templates/bacula-fd.conf.j2 → roles/debian-base/templates/bacula-fd.conf
View File

0
roles/debian-base/templates/jail.local.j2 → roles/debian-base/templates/jail.local
View File

2
roles/debian-base/files/nrpe.cfg → roles/debian-base/templates/nrpe.cfg
View File

@ -1,4 +1,4 @@
allowed_hosts=nagios.verdnatura.es allowed_hosts={{ nagios_server }}
command[check_disk_root]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p / command[check_disk_root]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p /
command[check_disk_var]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p /var command[check_disk_var]=/usr/lib/nagios/plugins/check_disk -w 10% -c 5% -p /var

5
roles/debian-base/vars/main.yml
View File

@ -1,8 +1,3 @@
fail2ban:
email: "{{ sysadmin_mail }}"
bantime: 600
maxretry: 4
ignore: "127.0.0.0/8 {{ dc_net }}"
vn_host: vn_host:
url: http://apt.verdnatura.es/pool/main/v/vn-host url: http://apt.verdnatura.es/pool/main/v/vn-host
package: vn-host_2.0.2_all.deb package: vn-host_2.0.2_all.deb

16
roles/debian-guest/files/nslcd.conf
View File

@ -1,16 +0,0 @@
# See nslcd.conf(5) for details.
uid nslcd
gid nslcd
uri ldap://ldap.verdnatura.es
idle_timelimit 60
base dc=verdnatura,dc=es
binddn cn=nss,ou=admins,dc=verdnatura,dc=es
bindpw password
pagesize 500
filter group (&(objectClass=posixGroup)(cn=sysadmin))
filter passwd (&(objectClass=posixAccount)(memberOf=cn=sysadmin,ou=dnGroups,dc=verdnatura,dc=es))
pam_authz_search (&(objectClass=posixGroup)(cn=sysadmin)(memberuid=$username))

1
roles/debian-guest/files/sudoers
View File

@ -1 +0,0 @@
%sysadmin ALL=(ALL) NOPASSWD: ALL

6
roles/debian-guest/handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
- name: restart-nslcd
service:
name: nslcd
state: restarted
- name: pam-update-ldap
shell: pam-auth-update --enable ldap

21
roles/debian-guest/tasks/auth.yml
View File

@ -3,22 +3,15 @@
name: nslcd name: nslcd
state: present state: present
- name: Configure NSLCD - name: Configure NSLCD
copy: template:
src: nslcd.conf src: nslcd.conf
dest: /etc/nslcd.conf dest: /etc/nslcd.conf
owner: root owner: root
group: nslcd group: nslcd
mode: '0640' mode: '0640'
backup: yes notify:
- name: Add LDAP password to NSLCD configuration - restart-nslcd
lineinfile: - pam-update-ldap
dest: /etc/nslcd.conf
regexp: "{{item.regexp}}"
line: "{{item.line}}"
state: present
with_items:
- regexp: "^bindpw"
line: "bindpw {{ nslcd_password }}"
- name: Configure nsswitch to use NSLCD - name: Configure nsswitch to use NSLCD
lineinfile: lineinfile:
dest: /etc/nsswitch.conf dest: /etc/nsswitch.conf
@ -30,9 +23,3 @@
line: "passwd: files systemd ldap" line: "passwd: files systemd ldap"
- regexp: "^group:" - regexp: "^group:"
line: "group: files systemd ldap" line: "group: files systemd ldap"
- name: Reconfigure PAM to use LDAP
shell: pam-auth-update --enable ldap
- name: Restart NSLCD service
service:
name: nslcd
state: restarted

5
roles/debian-guest/tasks/main.yml
View File

@ -1,3 +1,4 @@
- include_tasks: auth.yml - import_tasks: auth.yml
when: false tags: auth
- import_tasks: sudoers.yml - import_tasks: sudoers.yml
tags: sudoers

2
roles/debian-guest/tasks/sudoers.yml
View File

@ -3,7 +3,7 @@
name: sudo name: sudo
state: present state: present
- name: Add sysadmin to sudoers - name: Add sysadmin to sudoers
copy: template:
src: sudoers src: sudoers
dest: /etc/sudoers.d/vn dest: /etc/sudoers.d/vn
mode: u=rw,g=r,o= mode: u=rw,g=r,o=

16
roles/debian-guest/templates/nslcd.conf Normal file
View File

@ -0,0 +1,16 @@
# See nslcd.conf(5) for details.
uid nslcd
gid nslcd
uri {{ ldap_uri }}
idle_timelimit 60
base {{ ldap_base }}
binddn cn=nss,ou=admins,{{ ldap_base }}
bindpw {{ nslcd_password }}
pagesize 500
filter group (&(objectClass=posixGroup)(cn={{ sysadmin_group }}))
filter passwd (&(objectClass=posixAccount)(memberOf=cn={{ sysadmin_group }},ou=dnGroups,{{ ldap_base }}))
pam_authz_search (&(objectClass=posixGroup)(cn={{ sysadmin_group }})(memberuid=$username))

1
roles/debian-guest/templates/sudoers Normal file
View File

@ -0,0 +1 @@
%{{ sysadmin_group }} ALL=(ALL) NOPASSWD: ALL

0
roles/debian-qemu/vars/main.yml → roles/debian-qemu/defaults/main.yml
View File

1
roles/debian-qemu/files/auto.homes
View File

@ -1 +0,0 @@
* -fstype=nfs4,rw homes.servers.dc.verdnatura.es:/mnt/homes/&

1
roles/debian-qemu/files/homes.autofs
View File

@ -1 +0,0 @@
/mnt/homes /etc/auto.homes --timeout=30

6
roles/debian-qemu/tasks/autofs.yml
View File

@ -8,7 +8,7 @@
- libnfs-utils - libnfs-utils
- autofs-ldap - autofs-ldap
- name: Create homes directory - name: Create homes directory
ansible.builtin.file: file:
path: "{{ homes_path }}" path: "{{ homes_path }}"
state: directory state: directory
mode: '0755' mode: '0755'
@ -18,14 +18,14 @@
line: "automount: files" line: "automount: files"
notify: restart-nslcd notify: restart-nslcd
- name: Add file homes.autofs configured to autofs - name: Add file homes.autofs configured to autofs
copy: template:
src: homes.autofs src: homes.autofs
dest: /etc/auto.master.d/homes.autofs dest: /etc/auto.master.d/homes.autofs
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
- name: Add file /etc/auto.homes configured to the systemd - name: Add file /etc/auto.homes configured to the systemd
copy: template:
src: auto.homes src: auto.homes
dest: /etc/auto.homes dest: /etc/auto.homes
owner: root owner: root

3
roles/debian-qemu/tasks/main.yml
View File

@ -1,3 +1,6 @@
- import_tasks: agent.yml - import_tasks: agent.yml
tags: agent
- import_tasks: hotplug.yml - import_tasks: hotplug.yml
tags: hotplug
- import_tasks: autofs.yml - import_tasks: autofs.yml
tags: autofs

1
roles/debian-qemu/templates/auto.homes Normal file
View File

@ -0,0 +1 @@
* -fstype=nfs4,rw {{ homes_server }}:{{ homes_path }}/&

1
roles/debian-qemu/templates/homes.autofs Normal file
View File

@ -0,0 +1 @@
{{ homes_path }} /etc/auto.homes --timeout=30

5
roles/freeradius/handlers/main.yaml
View File

@ -1,6 +1,5 @@
# restart freeradius service to apply changes - name: restart-freeradius
- name: restart freeradius
service: service:
name: "{{ freeradius_daemon }}" name: freeradius
state: restarted state: restarted
enabled: yes enabled: yes

1
roles/freeradius/vars/main.yaml
View File

@ -8,6 +8,5 @@ freeradius_dictionary_config: "{{ freeradius_base_folder }}dictionary"
freeradius_clients_config: "{{ freeradius_base_folder }}clients.conf" freeradius_clients_config: "{{ freeradius_base_folder }}clients.conf"
freeradius_mod_ldap: "{{ freeradius_mods_available_folder }}ldap" freeradius_mod_ldap: "{{ freeradius_mods_available_folder }}ldap"
freeradius_filter_config: "{{ freeradius_base_folder }}policy.d/filter" freeradius_filter_config: "{{ freeradius_base_folder }}policy.d/filter"
freeradius_daemon: freeradius
freeradius_pam_config: /etc/pam.d/radiusd freeradius_pam_config: /etc/pam.d/radiusd
freeradius_service_config: /lib/systemd/system/freeradius.service freeradius_service_config: /lib/systemd/system/freeradius.service

2
roles/nsupdate/tasks/main.yml
View File

@ -3,7 +3,7 @@
key_name: "rndc-key" key_name: "rndc-key"
key_secret: "{{ rndc_key }}" key_secret: "{{ rndc_key }}"
key_algorithm: "hmac-md5" key_algorithm: "hmac-md5"
server: "ns1.verdnatura.es" server: "{{ main_dns_server }}"
zone: "{{ zone_record }}" zone: "{{ zone_record }}"
record: "{{ name_record }}" record: "{{ name_record }}"
ttl: "{{ ttl_record }}" ttl: "{{ ttl_record }}"

26
vault.yml Normal file
View File

@ -0,0 +1,26 @@
$ANSIBLE_VAULT;1.1;AES256
37396535616365346266643936343463336564303066356131363064633436353763343735666563
3234623639383039393735346632636163623435313965660a363363386637666261626661336333
39643436663965383239323435613339323766623630633430343465313038643235636666343938
3531636532613661650a336631666138306166346363333534613436396565343161623838363132
30643532636332356630306563336165663266663237326262336533363665653230393332623134
63626333303134346435666231386361643137636132383236373937636235326132666230306362
36363136653963366235626239656339663736393636663136656164393031323663623463393438
63646635343462363332636531323634623930643737333430613666366335303362323764363533
39336533366466633132383438633063616564623862366263376638323138623363656164343635
64346437646435383137313162656237303436343839366261633935613735316166376466616635
61616132626539656633353032663932653730633365633331313330323932653465656634383334
64633634326462316164316130373334666365643936646634333032326465373131656161646234
30376135613534303533326133383661353235343034356466333961396237373937353137373735
32373633396438313133663839373663656139346163386336373265356265613038646633386334
37353331373332373636346166333639343936633464663335653762386431376632613430363666
66636139663662633861643733306238646335353664636265623464393163343462326239613662
63633236326161643838353931646566323236326636376331663463333664636566666462303063
31303436356164623234346362386633633633623230366366393839376239636533636564666663
39663034373664663063656561306132383734646263656464626432633963396638363362396664
37303038373038346536613235333237613435663632656334643334326232396336653035326162
63663637306531373030643962386339393263653262363037626538386132353363663761363138
62663532313862396339653364306533326639333139336636343762373038333838313762393431
34386239303765653930306334393339383234303137346461633231353637326137353964613832
61353035353539633334333337346665383937346566396438306465336337366661323435616133
37643932306265633465643430636662653865313661663331316662303861356466