Add role for nsupdate_web

See https://github.com/zmc/nsupdate-web/

Signed-off-by: Zack Cerza <zack@redhat.com>

diff --git a/nsupdate_web.yml b/nsupdate_web.yml
new file mode 100644 (file)
index 0000000..81852bd
--- /dev/null
+++ b/nsupdate_web.yml
@@ -0,0 +1,6 @@
+---
+- hosts: nsupdate_web
+  roles:
+    - common
+    - nsupdate_web
+  become: true

diff --git a/roles/nsupdate_web/README.rst b/roles/nsupdate_web/README.rst
new file mode 100644 (file)
index 0000000..59ffb9f
--- /dev/null
+++ b/roles/nsupdate_web/README.rst
@@ -0,0 +1,15 @@
+nsupdate-web
+============
+
+This role sets up `nsupdate-web <https://github.com/zmc/nsupdate-web>`_ for updating dynamic DNS records.
+
+To use the role, you must first have:
+
+- A DNS server supporting `RFC 2136 <https://tools.ietf.org/html/rfc2136>`_. We use `bind <https://www.isc.org/downloads/bind/>`_ and the `nameserver` role to help configure ours.
+- Key files stored in the location pointed to by `keys_dir`
+
+You must set the following vars. Here are examples::
+
+    nsupdate_web_server: "ns1.front.sepia.ceph.com"
+    pubkey_name: "Kfront.sepia.ceph.com.+157+12548.key"
+

diff --git a/roles/nsupdate_web/defaults/main.yml b/roles/nsupdate_web/defaults/main.yml
new file mode 100644 (file)
index 0000000..79178fc
--- /dev/null
+++ b/roles/nsupdate_web/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+packages: []
+nsupdate_web_user: "nsupdate"
+nsupdate_web_ttl: "60"
+virtualenv_path: "~/venv"
+python_version: "python3.5"
+repo_url: "https://github.com/zmc/nsupdate-web.git"
+repo_path: "/home/{{ nsupdate_web_user }}/nsupdate_web"
+# The public and private keys must be manually placed on the host; 
+# The pubkey name must be provided - most likely via group_vars
+pubkey_name: "your_pubkey.key"
+keys_dir: "/home/{{ nsupdate_web_user }}/keys"
+allow_hosts: ""

diff --git a/roles/nsupdate_web/tasks/main.yml b/roles/nsupdate_web/tasks/main.yml
new file mode 100644 (file)
index 0000000..6fabefa
--- /dev/null
+++ b/roles/nsupdate_web/tasks/main.yml
@@ -0,0 +1,87 @@
+---
+- name: Build args to pass to nsupdate_web
+  set_fact:
+    nsupdate_web_args: "--ttl {{ nsupdate_web_ttl }} -d {{ lab_domain }} -K {{ keys_dir }}/{{ pubkey_name }} -s {{ nsupdate_web_server }}{% if allow_hosts %} -a {{ allow_hosts }}{% endif %}"
+
+- name: Including major version specific variables.
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}.yml"
+    - empty.yml
+
+- name: Install packages
+  package:
+    name: "{{ item }}"
+    state: latest
+  with_items: "{{ packages }}"
+
+- name: Create nsupdate user
+  user:
+    name: "{{ nsupdate_web_user }}"
+    state: present
+    system: true
+    shell: "/bin/false"
+
+- name: Clone nsupdate_web repo
+  git:
+    repo: "{{ repo_url }}"
+    dest: "~/nsupdate_web"
+  become_user: "{{ nsupdate_web_user }}"
+
+- name: Create/update virtualenv
+  pip:
+    name: pip
+    virtualenv_python: "{{ python_version }}"
+    virtualenv: "{{ virtualenv_path }}"
+  become_user: "{{ nsupdate_web_user }}"
+
+- name: Set up nsupdate_web
+  shell: "source {{ virtualenv_path }}/bin/activate && python setup.py develop"
+  args:
+    chdir: "{{ repo_path }}"
+    executable: "/bin/bash"
+  become_user: "{{ nsupdate_web_user }}"
+
+- name: Ship systemd service
+  template:
+    src: nsupdate-web.service
+    dest: "/etc/systemd/system/"
+    owner: root
+    group: root
+    mode: 0644
+  register: ship_service
+
+- name: Reload systemd and enable/restart service
+  # We use the systemd module here so we can use the daemon_reload feature,
+  # since we're shipping the .service file ourselves
+  systemd:
+    name: nsupdate-web
+    daemon_reload: true
+    enabled: true
+    state: restarted
+  when: ship_service|changed
+
+- name: Ship nginx configuration
+  template:
+    src: nsupdate_web_nginx
+    dest: "/etc/nginx/sites-available/nsupdate_web"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Disable default nginx configuration
+  file:
+    path: "/etc/nginx/sites-enabled/default"
+    state: absent
+
+- name: Enable our nginx configuration
+  file:
+    src: "/etc/nginx/sites-available/nsupdate_web"
+    dest: "/etc/nginx/sites-enabled/nsupdate_web"
+    state: link
+
+- name: Enable and restart nginx
+  service:
+    name: nginx
+    enabled: true
+    state: restarted

diff --git a/roles/nsupdate_web/templates/nsupdate-web.service b/roles/nsupdate_web/templates/nsupdate-web.service
new file mode 100644 (file)
index 0000000..20f74ff
--- /dev/null
+++ b/roles/nsupdate_web/templates/nsupdate-web.service
@@ -0,0 +1,12 @@
+# {{ ansible_managed }}
+[Unit]
+Description=DDNS HTTP update service.
+
+[Service]
+Type=simple
+User={{ nsupdate_web_user }}
+Group={{ nsupdate_web_user }}
+ExecStart=/usr/bin/python3 {{ repo_path }}/ddns-server.py {{ nsupdate_web_args }}
+
+[Install]
+WantedBy=multi-user.target

diff --git a/roles/nsupdate_web/templates/nsupdate_web_nginx b/roles/nsupdate_web/templates/nsupdate_web_nginx
new file mode 100644 (file)
index 0000000..5e60abb
--- /dev/null
+++ b/roles/nsupdate_web/templates/nsupdate_web_nginx
@@ -0,0 +1,8 @@
+server {
+    listen 80;
+
+    location = /update {
+        include proxy_params;
+        proxy_pass http://localhost:8080;
+    }
+}

diff --git a/roles/nsupdate_web/vars/ubuntu_16.yml b/roles/nsupdate_web/vars/ubuntu_16.yml
new file mode 100644 (file)
index 0000000..efe100f
--- /dev/null
+++ b/roles/nsupdate_web/vars/ubuntu_16.yml
@@ -0,0 +1,6 @@
+packages:
+  - git
+  - python3-minimal
+  - virtualenv
+  - dnsutils
+  - nginx