ipadnsrecord
Description
The dnsrecord module allows management of DNS records and is as compatible as possible with the Ansible upstream ipa_dnsrecord module, but provide some other features like multiple record management in one execution and support for more DNS record types.
Features
- DNS record management.
Supported FreeIPA Versions
FreeIPA versions 4.4.0 and up are supported by the ipadnsrecord module.
Requirements
Controller
- Ansible version: 2.13+
Node
- Supported FreeIPA version (see above)
Usage
Example inventory file
[ipaserver]
ipaserver.example.com
Example playbook to ensure an AAAA record is present:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
name: host01
zone_name: example.com
record_type: 'AAAA'
record_value: '::1'
Example playbook to ensure an AAAA record is present, with a TTL of 300:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
name: host01
zone_name: example.com
record_type: 'AAAA'
record_value: '::1'
record_ttl: 300
Example playbook to ensure an AAAA record is present, with a reverse PTR record:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
name: host02
zone_name: example.com
record_type: 'AAAA'
record_value: 'fd00::0002'
create_reverse: yes
Example playbook to ensure a LOC record is present, given its individual attributes:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host03
loc_lat_deg: 52
loc_lat_min: 22
loc_lat_sec: 23.000
loc_lat_dir: N
loc_lon_deg: 4
loc_lon_min: 53
loc_lon_sec: 32.00
loc_lon_dir: E
loc_altitude: -2.00
loc_size: 1.00
loc_h_precision: 10000
loc_v_precision: 10
Example playbook to ensure multiple DNS records are present:
---
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
records:
- name: host02
zone_name: example.com
record_type: A
record_value:
- ".112"
- ".122"
- name: host02
zone_name: example.com
record_type: AAAA
record_value: ::1
Example playbook to ensure multiple CNAME records are present:
---
- name: Ensure that 'host03' and 'host04' have CNAME records.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
records:
- name: host03
cname_hostname: host03.example.com
- name: host04
cname_hostname: host04.example.com
Example playbook to ensure NS record is absent:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host04
ns_hostname: host04
state: absent
Example playbook to ensure LOC record is present, with fields:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host04
loc_lat_deg: 52
loc_lat_min: 22
loc_lat_sec: 23.000
loc_lat_dir: N
loc_lon_deg: 4
loc_lon_min: 53
loc_lon_sec: 32.000
loc_lon_dir: E
loc_altitude: -2.00
loc_size: 0.00
loc_h_precision: 10000
loc_v_precision: 10
Change value of an existing LOC record:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host04
loc_size: 1.00
loc_rec: 52 22 23 N 4 53 32 E -2 0 10000 10
Example playbook to ensure multiple A records are present:
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host04
a_rec:
- 192.168.122.221
- 192.168.122.222
- 192.168.122.223
- 192.168.122.224
Example playbook to ensure A and AAAA records are present, with reverse records (PTR):
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host01
a_rec:
- 192.168.122.221
- 192.168.122.222
aaaa_rec:
- fd00:;0001
- fd00::0002
create_reverse: yes
Example playbook to ensure multiple A and AAAA records are present, but only A records have reverse records:
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
name: host01
a_ip_address: 192.168.122.221
aaaa_ip_address: fd00::0001
a_create_reverse: yes
Example playbook to ensure multiple DNS records are absent:
---
- ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: example.com
records:
- name: host01
del_all: yes
- name: host02
del_all: yes
- name: host03
del_all: yes
- name: host04
del_all: yes
- name: _ftp._tcp
del_all: yes
- name: _sip._udp
del_all: yes
state: absent
Variables
Variable | Description | Required
——– | ———– | ——–
ipaadmin_principal | The admin principal is a string and defaults to admin | no
ipaadmin_password | The admin password is a string and is required if there is no admin ticket available on the node | no
ipaapi_context | The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are server and client. | no
ipaapi_ldap_cache | Use LDAP cache for IPA connection. The bool setting defaults to yes. (bool) | no
zone_name | dnszone | The DNS zone name to which DNS record needs to be managed. You can use one global zone name for multiple records. | no
required: true
records | The list of dns records dicts. Each records dict entry can contain record variables. | no
| Record variables | no
Record variables | Used when defining a single record. | no
state | The state to ensure. It can be one of present or absent, and defaults to present. | yes
Record Variables:
| Variable | Description | Required |
|---|---|---|
zone_name | dnszone |
The DNS zone name to which DNS record needs to be managed. You can use one global zone name for multiple records. When used on a records dict, overrides the global zone_name. |
yes |
name | record_name |
The DNS record name to manage. | yes |
record_type |
The type of DNS record. Supported values are A, AAAA, A6, AFSDB, CERT, CNAME, DLV, DNAME, DS, KX, LOC, MX, NAPTR, NS, PTR, SRV, SSHFP, TLSA, TXT, URI, and defaults to A. |
no |
record_value |
Manage DNS record name with this values. | no |
record_ttl |
Set the TTL for the record. (int) | no |
del_all |
Delete all associated records. (bool) | no |
a_rec | a_record |
Raw A record. | no |
aaaa_rec | aaaa_record |
Raw AAAA record. | no |
a6_rec | a6_record |
Raw A6 record data. | no |
afsdb_rec | afsdb_record |
Raw AFSDB record. | no |
cert_rec | cert_record |
Raw CERT record. | no |
cname_rec | cname_record |
Raw CNAME record. | no |
dlv_rec | dlv_record |
Raw DLV record. | no |
dname_rec | dname_record |
Raw DNAM record. | no |
ds_rec | ds_record |
Raw DS record. | no |
kx_rec | kx_record |
Raw KX record. | no |
loc_rec | loc_record |
Raw LOC record. | no |
mx_rec | mx_record |
Raw MX record. | no |
naptr_rec | naptr_record |
Raw NAPTR record. | no |
ns_rec | ns_record |
Raw NS record. | no |
ptr_rec | ptr_record |
Raw PTR record. | no |
srv_rec | srv_record |
Raw SRV record. | no |
sshfp_rec | sshfp_record |
Raw SSHFP record. | no |
tlsa_rec | tlsa_record |
Raw TLSA record. | no |
txt_rec | txt_record |
Raw TXT record. | no |
uri_rec | uri_record |
Raw URI record. | no |
ip_address |
IP adress for A or AAAA records. Set record_type to A or AAAA. |
no |
create_reverse | reverse |
Create reverse records for A and AAAA record types. There is no equivalent to remove reverse records. (bool) |
no |
a_ip_address |
IP adress for A records. Set record_type to A. |
no |
a_create_reverse |
Create reverse records only for A records. There is no equivalent to remove reverse records. (bool) |
no |
aaaa_ip_address |
IP adress for AAAA records. Set record_type AAAA. |
no |
aaaa_create_reverse |
Create reverse records only for AAAA record types. There is no equivalent to remove reverse records. (bool) |
no |
a6_data |
A6 record. Set record_type to A6. |
no |
afsdb_subtype |
AFSDB Subtype. Set record_type to AFSDB. (int) |
no |
afsdb_hostname |
AFSDB Hostname. Set record_type to AFSDB. |
no |
cert_type |
CERT Certificate Type. Set record_type to CERT. (int) |
no |
cert_key_tag |
CERT Key Tag. Set record_type to CERT. (int) |
no |
cert_algorithm |
CERT Algorithm. Set record_type to CERT. (int) |
no |
cert_certificate_or_crl |
CERT Certificate or Certificate Revocation List (CRL). Set record_type to CERT. |
no |
cname_hostname |
A hostname which this alias hostname points to. Set record_type to CNAME. |
no |
dlv_key_tag |
DS Key Tag. Set record_type to DLV. (int) |
no |
dlv_algorithm |
DLV Algorithm. Set record_type to DLV. (int) |
no |
dlv_digest_type |
DLV Digest Type. Set record_type to DLV. (int) |
no |
dlv_digest |
DLV Digest. Set record_type to DLV. |
no |
dname_target |
DNAME Target. Set record_type to DNAME. |
no |
ds_key_tag |
DS Key Tag. Set record_type to DS. (int) |
no |
ds_algorithm |
DS Algorithm. Set record_type to DS. (int) |
no |
ds_digest_type |
DS Digest Type. Set record_type to DS. (int) |
no |
ds_digest |
DS Digest. Set record_type to DS. |
no |
kx_preference |
Preference given to this exchanger. Lower values are more preferred. Set record_type to KX. (int) |
no |
kx_exchanger |
A host willing to act as a key exchanger. Set record_type to KX. |
no |
loc_lat_deg |
LOC Degrees Latitude. Set record_type to LOC. (int) |
no |
loc_lat_min |
LOC Minutes Latitude. Set record_type to LOC. (int) |
no |
loc_lat_sec |
LOC Seconds Latitude. Set record_type to LOC. (float) |
no |
loc_lat_dir |
LOC Direction Latitude. Valid values are N or S. Set record_type to LOC. (int) |
no |
loc_lon_deg |
LOC Degrees Longitude. Set record_type to LOC. (int) |
no |
loc_lon_min |
LOC Minutes Longitude. Set record_type to LOC. (int) |
no |
loc_lon_sec |
LOC Seconds Longitude. Set record_type to LOC. (float) |
no |
loc_lon_dir |
LOC Direction Longitude. Valid values are E or W. Set record_type to LOC. (int) |
no |
loc_altitude |
LOC Altitude. Set record_type to LOC. (float) |
no |
loc_size |
LOC Size. Set record_type to LOC. (float) |
no |
loc_h_precision |
LOC Horizontal Precision. Set record_type to LOC. (float) |
no |
loc_v_precision |
LOC Vertical Precision. Set record_type to LOC. (float) |
no |
mx_preference |
Preference given to this exchanger. Lower values are more preferred. Set record_type to MX. (int) |
no |
mx_exchanger |
A host willing to act as a mail exchanger. Set record_type to LOC. |
no |
naptr_order |
NAPTR Order. Set record_type to NAPTR. (int) |
no |
naptr_preference |
NAPTR Preference. Set record_type to NAPTR. (int) |
no |
naptr_flags |
NAPTR Flags. Set record_type to NAPTR. |
no |
naptr_service |
NAPTR Service. Set record_type to NAPTR. |
no |
naptr_regexp |
NAPTR Regular Expression. Set record_type to NAPTR. |
no |
naptr_replacement |
NAPTR Replacement. Set record_type to NAPTR. |
no |
ns_hostname |
NS Hostname. Set record_type to NS. |
no |
ptr_hostname |
The hostname this reverse record points to. . Set record_type to PTR. |
no |
srv_priority |
Lower number means higher priority. Clients will attempt to contact the server with the lowest-numbered priority they can reach. Set record_type to SRV. (int) |
no |
srv_weight |
Relative weight for entries with the same priority. Set record_type to SRV. (int) |
no |
srv_port |
SRV Port. Set record_type to SRV. (int) |
no |
srv_target |
The domain name of the target host or ‘.’ if the service is decidedly not available at this domain. Set record_type to SRV. |
no |
sshfp_algorithm |
SSHFP Algorithm. Set record_type to SSHFP. (int) |
no |
sshfp_fp_type |
SSHFP Fingerprint Type. Set record_type to SSHFP. (int) |
no |
sshfp_fingerprint |
SSHFP Fingerprint. Set record_type to SSHFP. (int) |
no |
txt_data |
TXT Text Data. Set record_type to TXT. |
no |
tlsa_cert_usage |
TLSA Certificate Usage. Set record_type to TLSA. (int) |
no |
tlsa_selector |
TLSA Selector. Set record_type to TLSA. (int) |
no |
tlsa_matching_type |
TLSA Matching Type. Set record_type to TLSA. (int) |
no |
tlsa_cert_association_data |
TLSA Certificate Association Data. Set record_type to TLSA. |
no |
uri_target |
Target Uniform Resource Identifier according to RFC 3986. Set record_type to URI. |
no |
uri_priority |
Lower number means higher priority. Clients will attempt to contact the URI with the lowest-numbered priority they can reach. Set record_type to URI. (int) |
no |
uri_weight |
Relative weight for entries with the same priority. Set record_type to URI. (int) |
no |
Authors
Rafael Guterres Jeffman