Major refactoring of the install procedure

README.md

@@ -1,72 +1,129 @@
-dnsdist
-=======
-This sets up dnsdist. Note: this role is in development and cannot be considered stable at the moment.
+PowerDNS dnsdist Role
+=====================
+
+An Ansible role create by the folks behind PowerDNS to set up dnsdist.
 
 Requirements
 ------------
-Ansible 2.0+.
+
+An Ansible 2.0 or higher installation.
+
+Dependencies
+------------
+
+None.
 
 Role Variables
 --------------
-## dnsdist_acls
+
+Available variables are listed below, along with default values (see `defaults/main.yml`):
+
+    dnsdist_install_repo: False
+
+By default dnsdist is installed from the os default repositories.
+You can install dnsdist from the official PowerDNS repository overriding
+the `dnsdist_install_repo` variable value as follows:
+
+    # Install dnsdist from the master branch
+    - hosts: pdns-dnsdists
+      roles:
+      - { role: PowerDNS.dnsdist,
+          dnsdist_install_repo: "{{ dnsdist_powerdns_repo_master }}"
+
+    # Install dnsdist 1.0.x
+    - hosts: pdns-dnsdists
+      roles:
+      - { role: PowerDNS.dnsdist,
+          dnsdist_install_repo: "{{ dnsdist_powerdns_repo_10 }}"
+
+    # Install dnsdist 1.1.x
+    - hosts: pdns-dnsdists
+      roles:
+      - { role: PowerDNS.dnsdist,
+          dnsdist_install_repo: "{{ dnsdist_powerdns_repo_11 }}"
+
+The roles also supports custom repositories
+
+    - hosts: all
+      vars:
+        dnsdist_install_repo:
+          apt_repo_origin: "my.repo.com"  # used to pin dnsdist to the provided repository
+          apt_repo: "deb http://my.repo.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/dnsdist main"
+          gpg_key: "http://my.repo.com/MYREPOGPGPUBKEY.asc" # repository public GPG key
+          gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed
+          yum_repo_baseurl: "http://my.repo.com/centos/$basearch/$releasever/dnsdist"
+          yum_repo_name: "dnsdist"   # used to select only dnsdist packages coming from this repo
+      roles:
+      - { role: PowerDNS.dnsdist }
+
+If targeting only a specific platform (e.g. Debian) it's not needed to provide other platform (e.g. yum) repositories informations.
+
+    dnsdist_install_epel: True
+
+By default the role installs also the EPEL repository.
+EPEL is needed to satisfy some dnsdist dependencies like `lidsodium`.
+If these dependencies are included into other repositories already configured in the
+host or in the custom `dnsdist_install_repo`, set this variable to `False` to skip
+EPEL installation.
+
+    dnsdist_acls: []
+
 A list of dnsdist ACLS (netmasks) to add to the configuration.
 
-## dnsdist_carbonserver
-The IP address of the Carbon server that shoudl receive metrics.
+    dnsdist_carbonserver: ""
+
+The IP address of the Carbon server that should receive dnsdist metrics.
 
-## dnsdist_config
-A string containing the full config for dnsdist. This is copied verbatim to the dnsdist.conf file.
+    dnsdist_controlsocket: "127.0.0.1"
 
-## dnsdist_controlsocket
 The IP address to listen on for the control socket.
 
-## dnsdist_locals
-A list of IP addresses dnsdist should listen on.
+    dnsdist_locals: ['127.0.0.1:5300']
 
-## dnsdist_repo_branch
-When `dnsdist_repo_provider` is set to 'powerdns', use packages from this branch. By default this is 'master', but can be set to '10' for 1.0.X releases.
+A list of IP addresses dnsdist should listen on.
 
-## dnsdist_repo_provider
-When this is set to 'powerdns' (the default), the PowerDNS [dnsdist repositories](http://repo.powerdns.com) are added and dnsdist is installed from there. Set this to 'os' to use the distribution provided packages.
+    dnsdist_servers: []
 
-## dnsdist_servers
 A list of IP addresses denoting the downstream DNS servers in the default pool.
 
-## dnsdist_setkey
+    dnsdist_setkey: ""
+
 A string that has the key for the dnsdist client.
 
-## dnsdist_version
-Set to 'latest', set this to a specific version (or wildcard like '1.0*') to install a specific dnsdist version.
+    dnsdist_webserver_address: ""
 
-## dnsdist_webserver_address
-The IP address where the built-in webserver should listen, empty (and thus disabled) by default.
+The IP address where the built-in webserver should listen, empty thus disabled by default.
 
-## dnsdist_webserver_password
-The password for the webserver. Must be set when dnsdist_webserver_address is set.
+    dnsdist_webserver_password: ""
+
+The password for the webserver. Must be set when `dnsdist_webserver_address` is set.
+
+    dnsdist_config: ""
+
+A string containing the full config for dnsdist. This is copied verbatim to the `dnsdist.conf` file.
 
 
 Example Playbook
 ----------------
 
-```
-- hosts: localhost
-  remote_user: root
-  roles:
-    - {role: dnsdist,
-       dnsdist_servers: ['8.8.8.8', '8.8.4.4'],
-       dnsdist_webserver_password: 'geheim'}
-```
-
-```
-- hosts: localhost
-  remote_user: root
-  roles:
-    - { role: dnsdist,
-        dnsdist_config: |
-          setACL("127.0.0.1/8")
-          newServer("192.0.2.53")
-      }
-```
+Deploy dnsdist in front of Google DNS and enable the web monitoring interface
+
+    - hosts: pdns-dnsdists
+      roles:
+        - { role: PowerDNS.dnsdist,
+            dnsdist_servers: ['8.8.8.8', '8.8.4.4'],
+            dnsdist_webserver_address: "{{ ansible_default_ipv4['address']:8083 }}",
+            dnsdist_webserver_password: 'geheim' }
+
+Configure dnsdist provide custom configuration directives
+
+    - hosts: pdns-dnsdists
+      roles:
+        - { role: PowerDNS.dnsdist,
+            dnsdist_config: |
+              setACL("127.0.0.1/8")
+              newServer("192.0.2.53")
+          }
 
 License
 -------
@@ -75,4 +132,6 @@ GPLv2
 
 Author Information
 ------------------
-Pieter Lexis (PowerDNS) <pieter.lexis@powerdns.com>
+
+- Pieter Lexis <pieter.lexis@powerdns.com>
+- Andrea Tosatto <andrea.tosatto@open-xchange.com>

defaults/main.yml

@@ -1,14 +1,54 @@
 ---
-dnsdist_repo_provider: 'powerdns'
-dnsdist_repo_branch: 'master'
-dnsdist_version: 'latest'
+
+# By default no additional repository is added to the hosts to install dnsdist
+dnsdist_install_repo: False
+#
+# Install the EPEL repository.
+# EPEL is needed to satisfy some dnsdist dependencies like lidsodium
+dnsdist_install_epel: True
+#
+# To install the latest build from the master branch of dnsdist from the
+# PowerDNS official repository use the following playbook
+# - hosts: all
+#   roles:
+#    - { role: PowerDNS.dnsdist,
+#        dnsdist_install_repo: "{{ dnsdist_official_dnsdist_master }}"
+#
+# To install the 1.0.x release of dnsdist from the PowerDNS official repository
+# use the following playbook
+# - hosts: all
+#   roles:
+#    - { role: PowerDNS.dnsdist,
+#        dnsdist_install_repo: "{{ dnsdist_official_dnsdist_10 }}"
+#
+# To install the 1.1.x release of the PowerDNS official repository
+# use the following playbook
+# - hosts: all
+#   roles:
+#    - { role: PowerDNS.dnsdist,
+#        dnsdist_install_repo: "{{ dnsdist_official_dnsdist_11 }}"
+#
+# To install dnsdist from a custom repository
+# override the `dnsdist_install_install_repo` default value in your playbook.
+# e.g.
+# - hosts: all
+#   vars:
+#     dnsdist_install_repo:
+#       apt_repo_origin: "my.repo.com"  # used to pin the dnsdist to the provided repository
+#       apt_repo: "deb http://my.repo.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}/dnsdist main"
+#       gpg_key: "http://my.repo.com/MYREPOGPGPUBKEY.asc" # repository public GPG key
+#       gpg_key_id: "MYREPOGPGPUBKEYID" # to avoid to reimport the key each time the role is executed
+#       yum_repo_baseurl: "http://my.repo.com/centos/$basearch/$releasever/dnsdist"
+#       yum_repo_name: "dnsdist"   # used to select only the dnsdist packages coming from this repo
+#   roles:
+#    - { role: PowerDNS.dnsdist }
+
 dnsdist_locals: ['127.0.0.1:5300']
 dnsdist_servers: []
 dnsdist_acls: []
 dnsdist_setkey: ""
 dnsdist_controlsocket: "127.0.0.1"
-dnsdist_webserver_address: "127.0.0.1:8083"
+dnsdist_webserver_address: ""
 dnsdist_webserver_password: ""
 dnsdist_carbonserver: ""
 dnsdist_config: ""
-

handlers/main.yml

@@ -1,7 +1,6 @@
 ---
-- name: check config and restart dnsdist
-  command: dnsdist --check-config -C /etc/dnsdist/dnsdist.conf
-  notify: restart dnsdist
 
 - name: restart dnsdist
-  service: name=dnsdist state=restarted
+  service:
+    name: dnsdist
+    state: restarted

meta/main.yml

@@ -1,31 +1,30 @@
+---
+
 galaxy_info:
-  author: Pieter Lexis
+  author: PowerDNS Engineering Team
   description: dnsdist is a highly scriptable and DDoS aware DNS loadbalancer
   company: PowerDNS.COM BV
-
   license: GPLv2
-
   min_ansible_version: 2.0
-
   platforms:
-  - name: Ubuntu
-    versions:
-    - trusty
-    - wily
-  - name: Debian
-    versions:
-    - jessie
-
-  galaxy_tags: ['dnsdist', 'DNS', 'system', 'loadbalancer', 'ddos']
-    # List tags for your role here, one per line. A tag is
-    # a keyword that describes and categorizes the role.
-    # Users find roles by searching for tags. Be sure to
-    # remove the '[]' above if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of
-    # alphanumeric characters. Maximum 20 tags per role.
+    - name: EL
+      versions:
+        - 7
+    - name: Debian
+      versions:
+        - jessie
+    - name: Ubuntu
+      versions:
+        - trusty
+        - utopic
+        - vivid
+        - wily
+        - xenial
+  galaxy_tags:
+    - dnsdist
+    - dns
+    - system
+    - loadbalancer
+    - ddos
 
 dependencies: []
-  # List your role dependencies here, one per line.
-  # Be sure to remove the '[]' above if you add dependencies
-  # to this list.

tasks/install-epel.yml

@@ -0,0 +1,14 @@
+---
+
+- name: Install epel-release on CentOS/RedHat
+  yum:
+    name: epel-release
+    state: present
+  when: ansible_distribution in [ 'RedHat', 'CentOS' ]
+
+- name: Install epel-release on OracleLinux 6
+  yum:
+    name: 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm'
+    state: present
+  when: ansible_distribution in [ 'OracleLinux' ]
+    and ansible_distribution_major_version == '6'