From a56a1c1f43990a600de49081988db1bde93526bf Mon Sep 17 00:00:00 2001 From: Zack Cerza Date: Thu, 22 Dec 2016 12:23:39 -0700 Subject: [PATCH] Add role for nsupdate_web See https://github.com/zmc/nsupdate-web/ Signed-off-by: Zack Cerza --- nsupdate_web.yml | 6 ++ roles/nsupdate_web/README.rst | 15 ++++ roles/nsupdate_web/defaults/main.yml | 13 +++ roles/nsupdate_web/tasks/main.yml | 87 +++++++++++++++++++ .../templates/nsupdate-web.service | 12 +++ .../nsupdate_web/templates/nsupdate_web_nginx | 8 ++ roles/nsupdate_web/vars/ubuntu_16.yml | 6 ++ 7 files changed, 147 insertions(+) create mode 100644 nsupdate_web.yml create mode 100644 roles/nsupdate_web/README.rst create mode 100644 roles/nsupdate_web/defaults/main.yml create mode 100644 roles/nsupdate_web/tasks/main.yml create mode 100644 roles/nsupdate_web/templates/nsupdate-web.service create mode 100644 roles/nsupdate_web/templates/nsupdate_web_nginx create mode 100644 roles/nsupdate_web/vars/ubuntu_16.yml diff --git a/nsupdate_web.yml b/nsupdate_web.yml new file mode 100644 index 00000000..81852bd7 --- /dev/null +++ b/nsupdate_web.yml @@ -0,0 +1,6 @@ +--- +- hosts: nsupdate_web + roles: + - common + - nsupdate_web + become: true diff --git a/roles/nsupdate_web/README.rst b/roles/nsupdate_web/README.rst new file mode 100644 index 00000000..59ffb9f4 --- /dev/null +++ b/roles/nsupdate_web/README.rst @@ -0,0 +1,15 @@ +nsupdate-web +============ + +This role sets up `nsupdate-web `_ for updating dynamic DNS records. + +To use the role, you must first have: + +- A DNS server supporting `RFC 2136 `_. We use `bind `_ and the `nameserver` role to help configure ours. +- Key files stored in the location pointed to by `keys_dir` + +You must set the following vars. Here are examples:: + + nsupdate_web_server: "ns1.front.sepia.ceph.com" + pubkey_name: "Kfront.sepia.ceph.com.+157+12548.key" + diff --git a/roles/nsupdate_web/defaults/main.yml b/roles/nsupdate_web/defaults/main.yml new file mode 100644 index 00000000..79178fcc --- /dev/null +++ b/roles/nsupdate_web/defaults/main.yml @@ -0,0 +1,13 @@ +--- +packages: [] +nsupdate_web_user: "nsupdate" +nsupdate_web_ttl: "60" +virtualenv_path: "~/venv" +python_version: "python3.5" +repo_url: "https://github.com/zmc/nsupdate-web.git" +repo_path: "/home/{{ nsupdate_web_user }}/nsupdate_web" +# The public and private keys must be manually placed on the host; +# The pubkey name must be provided - most likely via group_vars +pubkey_name: "your_pubkey.key" +keys_dir: "/home/{{ nsupdate_web_user }}/keys" +allow_hosts: "" diff --git a/roles/nsupdate_web/tasks/main.yml b/roles/nsupdate_web/tasks/main.yml new file mode 100644 index 00000000..6fabefa3 --- /dev/null +++ b/roles/nsupdate_web/tasks/main.yml @@ -0,0 +1,87 @@ +--- +- name: Build args to pass to nsupdate_web + set_fact: + nsupdate_web_args: "--ttl {{ nsupdate_web_ttl }} -d {{ lab_domain }} -K {{ keys_dir }}/{{ pubkey_name }} -s {{ nsupdate_web_server }}{% if allow_hosts %} -a {{ allow_hosts }}{% endif %}" + +- name: Including major version specific variables. + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}.yml" + - empty.yml + +- name: Install packages + package: + name: "{{ item }}" + state: latest + with_items: "{{ packages }}" + +- name: Create nsupdate user + user: + name: "{{ nsupdate_web_user }}" + state: present + system: true + shell: "/bin/false" + +- name: Clone nsupdate_web repo + git: + repo: "{{ repo_url }}" + dest: "~/nsupdate_web" + become_user: "{{ nsupdate_web_user }}" + +- name: Create/update virtualenv + pip: + name: pip + virtualenv_python: "{{ python_version }}" + virtualenv: "{{ virtualenv_path }}" + become_user: "{{ nsupdate_web_user }}" + +- name: Set up nsupdate_web + shell: "source {{ virtualenv_path }}/bin/activate && python setup.py develop" + args: + chdir: "{{ repo_path }}" + executable: "/bin/bash" + become_user: "{{ nsupdate_web_user }}" + +- name: Ship systemd service + template: + src: nsupdate-web.service + dest: "/etc/systemd/system/" + owner: root + group: root + mode: 0644 + register: ship_service + +- name: Reload systemd and enable/restart service + # We use the systemd module here so we can use the daemon_reload feature, + # since we're shipping the .service file ourselves + systemd: + name: nsupdate-web + daemon_reload: true + enabled: true + state: restarted + when: ship_service|changed + +- name: Ship nginx configuration + template: + src: nsupdate_web_nginx + dest: "/etc/nginx/sites-available/nsupdate_web" + owner: root + group: root + mode: 0644 + +- name: Disable default nginx configuration + file: + path: "/etc/nginx/sites-enabled/default" + state: absent + +- name: Enable our nginx configuration + file: + src: "/etc/nginx/sites-available/nsupdate_web" + dest: "/etc/nginx/sites-enabled/nsupdate_web" + state: link + +- name: Enable and restart nginx + service: + name: nginx + enabled: true + state: restarted diff --git a/roles/nsupdate_web/templates/nsupdate-web.service b/roles/nsupdate_web/templates/nsupdate-web.service new file mode 100644 index 00000000..20f74ff8 --- /dev/null +++ b/roles/nsupdate_web/templates/nsupdate-web.service @@ -0,0 +1,12 @@ +# {{ ansible_managed }} +[Unit] +Description=DDNS HTTP update service. + +[Service] +Type=simple +User={{ nsupdate_web_user }} +Group={{ nsupdate_web_user }} +ExecStart=/usr/bin/python3 {{ repo_path }}/ddns-server.py {{ nsupdate_web_args }} + +[Install] +WantedBy=multi-user.target diff --git a/roles/nsupdate_web/templates/nsupdate_web_nginx b/roles/nsupdate_web/templates/nsupdate_web_nginx new file mode 100644 index 00000000..5e60abbc --- /dev/null +++ b/roles/nsupdate_web/templates/nsupdate_web_nginx @@ -0,0 +1,8 @@ +server { + listen 80; + + location = /update { + include proxy_params; + proxy_pass http://localhost:8080; + } +} diff --git a/roles/nsupdate_web/vars/ubuntu_16.yml b/roles/nsupdate_web/vars/ubuntu_16.yml new file mode 100644 index 00000000..efe100f5 --- /dev/null +++ b/roles/nsupdate_web/vars/ubuntu_16.yml @@ -0,0 +1,6 @@ +packages: + - git + - python3-minimal + - virtualenv + - dnsutils + - nginx -- 2.47.3