From d3d692865c4050be4949fc0d1c3e487e4da76c9e Mon Sep 17 00:00:00 2001 From: richard Date: Fri, 24 Dec 2021 16:49:15 -0500 Subject: [PATCH] migrate ns.xai-corp.net role to ansible-5 --- ansible-5/inventory.ini | 4 + ansible-5/playbooks/kube.yaml | 2 +- ansible-5/playbooks/ns.xai-corp.net.yml | 18 ++ ansible-5/requirements.yml | 4 + .../roles/ns.xai-corp.net/defaults/main.yml | 14 ++ .../roles/ns.xai-corp.net/handlers/main.yml | 12 + ansible-5/roles/ns.xai-corp.net/meta/main.yml | 8 + .../ns.xai-corp.net/tasks/dynamic_ip.yml | 10 + .../roles/ns.xai-corp.net/tasks/main.yml | 48 ++++ .../templates/localhost.zone.j2 | 12 + .../templates/named.conf.default-zones.j2 | 30 +++ .../ns.xai-corp.net/templates/named.conf.j2 | 205 ++++++++++++++++++ .../templates/named.conf.local.j2 | 85 ++++++++ .../templates/named.conf.options.j2 | 81 +++++++ .../templates/xai-corp.net.external.j2 | 17 ++ .../templates/xai-corp.net.internal.j2 | 73 +++++++ .../templates/xai-corp.net.reverse.j2 | 25 +++ .../roles/ns.xai-corp.net/vars/_extravars.yml | 10 + 18 files changed, 657 insertions(+), 1 deletion(-) create mode 100644 ansible-5/playbooks/ns.xai-corp.net.yml create mode 100644 ansible-5/requirements.yml create mode 100644 ansible-5/roles/ns.xai-corp.net/defaults/main.yml create mode 100644 ansible-5/roles/ns.xai-corp.net/handlers/main.yml create mode 100644 ansible-5/roles/ns.xai-corp.net/meta/main.yml create mode 100644 ansible-5/roles/ns.xai-corp.net/tasks/dynamic_ip.yml create mode 100644 ansible-5/roles/ns.xai-corp.net/tasks/main.yml create mode 100644 ansible-5/roles/ns.xai-corp.net/templates/localhost.zone.j2 create mode 100644 ansible-5/roles/ns.xai-corp.net/templates/named.conf.default-zones.j2 create mode 100644 ansible-5/roles/ns.xai-corp.net/templates/named.conf.j2 create mode 100644 ansible-5/roles/ns.xai-corp.net/templates/named.conf.local.j2 create mode 100644 ansible-5/roles/ns.xai-corp.net/templates/named.conf.options.j2 create mode 100644 ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.external.j2 create mode 100644 ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 create mode 100644 ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.reverse.j2 create mode 100644 ansible-5/roles/ns.xai-corp.net/vars/_extravars.yml diff --git a/ansible-5/inventory.ini b/ansible-5/inventory.ini index e67ddc0..bd9f649 100644 --- a/ansible-5/inventory.ini +++ b/ansible-5/inventory.ini @@ -10,6 +10,10 @@ cubox-i ansible_ssh_host=192.168.4.12 [gfs] home ansible_ssh_host=192.168.4.11 +cubox-i ansible_ssh_host=192.168.4.12 + +[kube] +home ansible_ssh_host=192.168.4.11 ;[desktop] ;richard-desktop ansible_connection=local diff --git a/ansible-5/playbooks/kube.yaml b/ansible-5/playbooks/kube.yaml index 83482e3..80e48ea 100644 --- a/ansible-5/playbooks/kube.yaml +++ b/ansible-5/playbooks/kube.yaml @@ -1,6 +1,6 @@ --- - name: ping - hosts: managed + hosts: kube gather_facts: true roles: diff --git a/ansible-5/playbooks/ns.xai-corp.net.yml b/ansible-5/playbooks/ns.xai-corp.net.yml new file mode 100644 index 0000000..aee6402 --- /dev/null +++ b/ansible-5/playbooks/ns.xai-corp.net.yml @@ -0,0 +1,18 @@ +--- +# playbook for name servers + +- hosts: ns + gather_facts: yes + become: true + + vars: + + roles: + - ns.xai-corp.net +# - dynamic-ip + + post_tasks: + - name: check service is up + ansible.builtin.service: + name: "{{ bind.service }}" + state: started diff --git a/ansible-5/requirements.yml b/ansible-5/requirements.yml new file mode 100644 index 0000000..6911776 --- /dev/null +++ b/ansible-5/requirements.yml @@ -0,0 +1,4 @@ +--- +# ansible requirements + +- src: geerlingguy.glusterfs diff --git a/ansible-5/roles/ns.xai-corp.net/defaults/main.yml b/ansible-5/roles/ns.xai-corp.net/defaults/main.yml new file mode 100644 index 0000000..9a4f947 --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/defaults/main.yml @@ -0,0 +1,14 @@ +--- +# defaults/main.yml +# define default variable values here + +bind: + user: root + group: bind + service: bind9 + zonefiles: + - xai-corp.net.internal + - localhost.zone + - xai-corp.net.external + - xai-corp.net.reverse + diff --git a/ansible-5/roles/ns.xai-corp.net/handlers/main.yml b/ansible-5/roles/ns.xai-corp.net/handlers/main.yml new file mode 100644 index 0000000..486d3af --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/handlers/main.yml @@ -0,0 +1,12 @@ +--- +# handlers/main.yml +# define handlers here + +#- name: restart +# service: name= state=restarted + +#- name: stop +# service: name= state=stopped + +- name: restart bind + service: name={{ bind.service }} state=restarted diff --git a/ansible-5/roles/ns.xai-corp.net/meta/main.yml b/ansible-5/roles/ns.xai-corp.net/meta/main.yml new file mode 100644 index 0000000..edcec77 --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/meta/main.yml @@ -0,0 +1,8 @@ +--- +# meta/main.yml +# define dependancies here + +# dependencies: + # - { role: geerlingguy.java } + +dependencies: [] \ No newline at end of file diff --git a/ansible-5/roles/ns.xai-corp.net/tasks/dynamic_ip.yml b/ansible-5/roles/ns.xai-corp.net/tasks/dynamic_ip.yml new file mode 100644 index 0000000..35f6126 --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/tasks/dynamic_ip.yml @@ -0,0 +1,10 @@ +--- +# create cronjob to set dynamic ip + +- name: create zone edit cronjob + cron: + name: zoneedit + minute: "*/30" + user: root + job: 'IP=`curl -s http://api.ipify.org` && wget -O - --http-user=rmorgan15 --http-passwd=D422B334D3768ACD "https://dynamic.zoneedit.com/auth/dynamic.html?host=test.xai-corp.net&dnsto=$IP" &>/dev/null' + cron_file: zoneedit diff --git a/ansible-5/roles/ns.xai-corp.net/tasks/main.yml b/ansible-5/roles/ns.xai-corp.net/tasks/main.yml new file mode 100644 index 0000000..38fcc26 --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/tasks/main.yml @@ -0,0 +1,48 @@ +--- +# tasks/main.yml +# define tasks here + +- name: install bind package + apt: + name: "{{ item }}" + update_cache: yes + cache_valid_time: 86400 + state: latest + with_items: + - bind9 + +- name: set correct permissions for logging + file: + state=directory + path=/var/log/named/ + owner={{ bind.user }} + group={{ bind.group }} + mode=0777 + notify: + - restart bind + +- name: copy zone files to /etc/bind/ + template: + src: "{{ item }}.j2" + dest: /etc/bind/db.{{ item }} + owner: "{{ bind.user }}" + group: "{{ bind.group }}" + mode: 0644 + with_items: "{{ bind.zonefiles }}" + notify: + - restart bind + +- name: test zone files + command: named-checkzone xai-corp.net /etc/bind/db.xai-corp.net.internal + changed_when: false + +- name: copy named.confs to /etc/bind/ + template: src={{ item }}.j2 dest=/etc/bind/{{ item }} owner={{ bind.user }} group={{ bind.group }} mode=0640 + with_items: + - named.conf.local + - named.conf.options + - named.conf.default-zones + notify: + - restart bind + +- include_tasks: dynamic_ip.yml diff --git a/ansible-5/roles/ns.xai-corp.net/templates/localhost.zone.j2 b/ansible-5/roles/ns.xai-corp.net/templates/localhost.zone.j2 new file mode 100644 index 0000000..1b5e725 --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/templates/localhost.zone.j2 @@ -0,0 +1,12 @@ +$TTL 1W +@ IN SOA localhost. root.localhost. ( + 20150920 ; Serial + 28800 ; Refresh + 14400 ; Retry + 604800 ; Expire - 1 week + 86400 ) ; Minimum +@ IN NS localhost. +@ IN A 127.0.0.1 + +@ IN AAAA ::1 + diff --git a/ansible-5/roles/ns.xai-corp.net/templates/named.conf.default-zones.j2 b/ansible-5/roles/ns.xai-corp.net/templates/named.conf.default-zones.j2 new file mode 100644 index 0000000..f3c8c49 --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/templates/named.conf.default-zones.j2 @@ -0,0 +1,30 @@ +// prime the server with knowledge of the root servers +view "defaults" { +// zone "." { +// type hint; +// file "/etc/bind/db.root"; +// }; + + // be authoritative for the localhost forward and reverse zones, and for + // broadcast zones as per RFC 1912 + + zone "localhost" { + type master; + file "/etc/bind/db.local"; + }; + + zone "127.in-addr.arpa" { + type master; + file "/etc/bind/db.127"; + }; + + zone "0.in-addr.arpa" { + type master; + file "/etc/bind/db.0"; + }; + + zone "255.in-addr.arpa" { + type master; + file "/etc/bind/db.255"; + }; +}; diff --git a/ansible-5/roles/ns.xai-corp.net/templates/named.conf.j2 b/ansible-5/roles/ns.xai-corp.net/templates/named.conf.j2 new file mode 100644 index 0000000..8a4fc3d --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/templates/named.conf.j2 @@ -0,0 +1,205 @@ +/* + * Refer to the named.conf(5) and named(8) man pages, and the documentation + * in /usr/share/doc/bind-9 for more details. + * Online versions of the documentation can be found here: + * http://www.isc.org/software/bind/documentation + * + * If you are going to set up an authoritative server, make sure you + * understand the hairy details of how DNS works. Even with simple mistakes, + * you can break connectivity for affected parties, or cause huge amounts of + * useless Internet traffic. + */ + +acl "xfer" { + /* Deny transfers by default except for the listed hosts. + * If we have other name servers, place them here. + */ + none; +}; + +/* + * You might put in here some ips which are allowed to use the cache or + * recursive queries + */ +acl "trusted" { + 127.0.0.0/8; + 192.168.4.0/24; + ::1/128; +}; + +options { + directory "/var/bind"; + pid-file "/var/run/named/named.pid"; + + /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */ + //bindkeys-file "/etc/bind/bind.keys"; + + /*listen-on-v6 { ::1; };*/ + listen-on { 127.0.0.1; 192.168.4.12; }; + + allow-query { + /* + * Accept queries from our "trusted" ACL. We will + * allow anyone to query our master zones below. + * This prevents us from becoming a free DNS server + * to the masses. + */ + trusted; + }; + + allow-query-cache { + /* Use the cache for the "trusted" ACL. */ + trusted; + }; + +// allow-recursion { +// /* Only trusted addresses are allowed to use recursion. */ +// trusted; +// }; + + allow-transfer { + /* Zone tranfers are denied by default. */ + none; + }; + + allow-update { + /* Don't allow updates, e.g. via nsupdate. */ + none; + }; + + /* + * If you've got a DNS server around at your upstream provider, enter its + * IP address here, and enable the line below. This will make you benefit + * from its cache, thus reduce overall DNS traffic in the Internet. + * + * Uncomment the following lines to turn on DNS forwarding, and change + * and/or update the forwarding ip address(es): + */ + + forward first; + forwarders { + // 207.164.234.129; // Your ISP NS + // 207.164.234.193; // Your ISP NS + 8.8.8.8; // Google Open DNS + 8.8.4.4; // Google Open DNS + 4.2.2.1; // Level3 Public DNS + 4.2.2.2; // Level3 Public DNS + }; + + + + //dnssec-enable yes; + //dnssec-validation yes; + + /* + * As of bind 9.8.0: + * "If the root key provided has expired, + * named will log the expiration and validation will not work." + */ + //dnssec-validation auto; + + /* if you have problems and are behind a firewall: */ + //query-source address * port 53; +}; + + +logging { + channel default_log { + file "/var/log/named/named.log" versions 3 size 5M; + severity notice; + print-time yes; + print-severity yes; + print-category yes; + }; + + category default { default_log; }; + category general { default_log; }; +}; + + +include "/etc/bind/rndc.key"; +controls { + inet 127.0.0.1 port 953 allow { 127.0.0.1/24; ::1/128; } keys { "rndc-key"; }; +}; + +view "internal" { + match-clients { 192.168.4.12; localhost; 192.168.4.0/24; }; + recursion yes; + +// zone "." in { +// type hint; +// file "/var/bind/named.cache"; +// }; + + zone "localhost" IN { + type master; + file "pri/localhost.zone"; + notify no; + }; + + zone "127.in-addr.arpa" IN { + type master; + file "pri/localhost.zone"; + notify no; + }; + + zone "xai-corp.net." IN { + type master; + file "pri/xai-corp.net.internal"; + allow-transfer { none; }; + }; + + zone "4.168.192.in-addr.arpa." IN { + type master; + file "pri/xai-corp.net.reverse"; + allow-update { none; }; + }; + +}; + +view "external" { + match-clients { none; }; + recursion no; + + +// zone "xai-corp.net" { +// type master; +// file "pri/xai-corp.net.external"; +// allow-query { none; }; +// allow-transfer { 127.0.0.1; }; +// }; +}; + +/* + * Briefly, a zone which has been declared delegation-only will be effectively + * limited to containing NS RRs for subdomains, but no actual data beyond its + * own apex (for example, its SOA RR and apex NS RRset). This can be used to + * filter out "wildcard" or "synthesized" data from NAT boxes or from + * authoritative name servers whose undelegated (in-zone) data is of no + * interest. + * See http://www.isc.org/software/bind/delegation-only for more info + */ + +//zone "COM" { type delegation-only; }; +//zone "NET" { type delegation-only; }; + +//zone "YOUR-DOMAIN.TLD" { +// type master; +// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone"; +// allow-query { any; }; +// allow-transfer { xfer; }; +//}; + +//zone "YOUR-SLAVE.TLD" { +// type slave; +// file "/var/bind/sec/YOUR-SLAVE.TLD.zone"; +// masters { ; }; + + /* Anybody is allowed to query but transfer should be controlled by the master. */ +// allow-query { any; }; +// allow-transfer { none; }; + + /* The master should be the only one who notifies the slaves, shouldn't it? */ +// allow-notify { ; }; +// notify no; +//}; diff --git a/ansible-5/roles/ns.xai-corp.net/templates/named.conf.local.j2 b/ansible-5/roles/ns.xai-corp.net/templates/named.conf.local.j2 new file mode 100644 index 0000000..bbf5ffd --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/templates/named.conf.local.j2 @@ -0,0 +1,85 @@ +# named.conf.local +# +# - local zones and views + +view "internal" { + match-clients { trusted; }; + recursion yes; + + // zone "." in { + // type hint; + // file "/etc/bind/named.cache"; + // }; + + zone "localhost" IN { + type master; + file "/etc/bind/db.127"; + notify no; + }; + + zone "127.in-addr.arpa" IN { + type master; + file "/etc/bind/db.127"; + notify no; + }; + + zone "xai-corp.net." IN { + type master; + file "/etc/bind/db.xai-corp.net.internal"; + allow-transfer { none; }; + }; + + zone "4.168.192.in-addr.arpa." IN { + type master; + file "/etc/bind/db.xai-corp.net.reverse"; + allow-update { none; }; + }; + +}; + +view "external" { + match-clients { none; }; + recursion no; + + +// zone "xai-corp.net" { +// type master; +// file "/etc/bind/db.xai-corp.net.external"; +// allow-query { none; }; +// allow-transfer { 127.0.0.1; }; +// }; +}; + +/* + * Briefly, a zone which has been declared delegation-only will be effectively + * limited to containing NS RRs for subdomains, but no actual data beyond its + * own apex (for example, its SOA RR and apex NS RRset). This can be used to + * filter out "wildcard" or "synthesized" data from NAT boxes or from + * authoritative name servers whose undelegated (in-zone) data is of no + * interest. + * See http://www.isc.org/software/bind/delegation-only for more info + */ + +//zone "COM" { type delegation-only; }; +//zone "NET" { type delegation-only; }; + +//zone "YOUR-DOMAIN.TLD" { +// type master; +// file "/var/bind/pri/YOUR-DOMAIN.TLD.zone"; +// allow-query { any; }; +// allow-transfer { xfer; }; +//}; + +//zone "YOUR-SLAVE.TLD" { +// type slave; +// file "/var/bind/sec/YOUR-SLAVE.TLD.zone"; +// masters { ; }; + + /* Anybody is allowed to query but transfer should be controlled by the master. */ +// allow-query { any; }; +// allow-transfer { none; }; + + /* The master should be the only one who notifies the slaves, shouldn't it? */ +// allow-notify { ; }; +// notify no; +//}; diff --git a/ansible-5/roles/ns.xai-corp.net/templates/named.conf.options.j2 b/ansible-5/roles/ns.xai-corp.net/templates/named.conf.options.j2 new file mode 100644 index 0000000..e375664 --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/templates/named.conf.options.j2 @@ -0,0 +1,81 @@ +/* + * Refer to the named.conf(5) and named(8) man pages, and the documentation + * in /usr/share/doc/bind-9 for more details. + * Online versions of the documentation can be found here: + * http://www.isc.org/software/bind/documentation + * + * If you are going to set up an authoritative server, make sure you + * understand the hairy details of how DNS works. Even with simple mistakes, + * you can break connectivity for affected parties, or cause huge amounts of + * useless Internet traffic. + */ + +acl "xfer" { + /* Deny transfers by default except for the listed hosts. + * If we have other name servers, place them here. + */ + none; +}; + +/* + * You might put in here some ips which are allowed to use the cache or + * recursive queries + */ +acl "trusted" { + 127.0.0.0/8; + 192.168.4.0/24; + ::1/128; +}; + +options { + directory "/var/cache/bind"; + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + forward first; + forwarders { + // 207.164.234.129; // Your ISP NS + // 207.164.234.193; // Your ISP NS + // 4.2.2.1; // Level3 Public DNS + // 4.2.2.2; // Level3 Public DNS + 8.8.8.8; // Google Open DNS + 8.8.4.4; // Google Open DNS + }; + + //======================================================================== + // If BIND logs error messages about the root key being expired, + // you will need to update your keys. See https://www.isc.org/bind-keys + //======================================================================== + dnssec-validation auto; + + auth-nxdomain no; # conform to RFC1035 + listen-on-v6 { any; }; +}; + + + +logging { + channel default_log { + file "/var/log/named/named.log" versions 3 size 5M; + severity notice; + print-time yes; + print-severity yes; + print-category yes; + }; + + category default { default_log; }; + category general { default_log; }; +}; + + +include "/etc/bind/rndc.key"; +controls { + inet 127.0.0.1 port 953 allow { 127.0.0.1; ::1; } keys { "rndc-key"; }; +}; diff --git a/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.external.j2 b/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.external.j2 new file mode 100644 index 0000000..c1955f5 --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.external.j2 @@ -0,0 +1,17 @@ +$ORIGIN xai-corp.net. +$TTL 2d +@ IN SOA ns.xai-corp.net. root.xai-corp.net. ( + 20150920;serial + 3h ;refresh + 1h ;retry + 1w ;expiry + 1d ) ;minimum + +xai-corp.net. IN NS ns.xai-corp.net. +;xai-corp.net. IN A 208.94.116.179 +;xai-corp.net. IN A 208.94.116.21 +;xai-corp.net. IN A 208.94.117.26 +;www.xai-corp.net. IN A 208.94.116.179 +;www.xai-corp.net. IN A 208.94.116.21 +;www.xai-corp.net. IN A 208.94.117.26 + diff --git a/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 b/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 new file mode 100644 index 0000000..b302d3e --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 @@ -0,0 +1,73 @@ +$TTL 1D +@ IN SOA xai-corp.net. root.xai-corp.net. ( + 20150920; serial + 3h ; refresh + 1h ; retry + 1w ; expiry + 1d ) ; minimum + +xai-corp.net. IN NS ns.xai-corp.net. +xai-corp.net. IN MX 0 mail.xai-corp.net. +xai-corp.net. IN TXT "v=spf1 ip4:192.168.4.11/32 mx ptr mx:mail.xai-corp.net ~all" +;mail IN A 192.168.4.12 + +gateway IN A 192.168.4.4 +wireless IN A 192.168.4.3 +printer IN A 192.168.4.13 +scanner IN CNAME printer +laser IN A 192.168.4.14 +tv IN A 192.168.4.16 +xaicorp1 IN A 192.168.4.103 +garden IN A 192.168.4.20 + +; bare metal servers +home IN A 192.168.4.11 +cubox-i IN A 192.168.4.12 + +; virtual machine servers +home02 IN A 192.168.4.22 +dkhost01 IN A 192.168.4.41 +dkhost02 IN A 192.168.4.52 +dkhost03 IN A 192.168.4.53 +dkhost04 IN A 192.168.4.54 +dkhost05 IN A 192.168.4.55 + +; dns servers +ns IN A 192.168.4.11 +ns02 IN CNAME cubox-i + +; gluster servers +gluster IN A 192.168.4.11 +;gluster IN A 192.168.4.12 + +; docker swarm nodes +dkhost IN A 192.168.4.11 +;dkhost IN A 192.168.4.41 +;dkhost IN A 192.168.4.52 +;dkhost IN A 192.168.4.53 +;dkhost IN A 192.168.4.54 +;dkhost IN A 192.168.4.55 + +; docker swarm managers +dkmanager IN A 192.168.4.11 +;dkmanager IN A 192.168.4.52 +;dkmanager IN A 192.168.4.54 + +; service domains +fs IN CNAME dkhost +git IN CNAME dkhost +dkui IN CNAME dkhost +jenkins IN CNAME dkhost +logs IN CNAME dkhost +dkregistry IN CNAME dkhost +sql IN CNAME dkhost +mysql IN CNAME dkhost +tripbuilder IN CNAME dkhost +xaibox IN CNAME dkhost +office IN CNAME dkhost +www IN CNAME dkhost +mail IN CNAME dkhost +abcapi IN CNAME dkhost +prometheus IN CNAME dkhost +metrics IN CNAME dkhost +; xai-corp.net. IN CNAME dkhost diff --git a/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.reverse.j2 b/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.reverse.j2 new file mode 100644 index 0000000..98f3734 --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.reverse.j2 @@ -0,0 +1,25 @@ +$TTL 24h +$ORIGIN 4.168.192.IN-ADDR.ARPA. +@ IN SOA ns.xai-corp.net. root.xai-corp.net. ( + 20150920; serial + 3h ; refresh + 1h ; retry + 1w ; expiry + 1d ) ; minimum + +@ IN NS ns.xai-corp.net. + +1 IN PTR gateway.xai-corp.net. +3 IN PTR wireless.xai-corp.net. +13 IN PTR printer.xai-corp.net. +14 IN PTR laser.xai-corp.net. +16 IN PTR tv.xai-corp.net. +103 IN PTR xaicorp1.xai-corp.net. +11 IN PTR home.xai-corp.net. +12 IN PTR cubox-i.xai-corp.net. +20 IN PTR garden.xai-corp.net. +22 IN PTR home02.xai-corp.net. +41 IN PTR dkhost01.xai-corp.net. +43 IN PTR dkhost02.xai-corp.net. +53 IN PTR dkhost03.xai-corp.net. +54 IN PTR dkhost04.xai-corp.net. diff --git a/ansible-5/roles/ns.xai-corp.net/vars/_extravars.yml b/ansible-5/roles/ns.xai-corp.net/vars/_extravars.yml new file mode 100644 index 0000000..0bee844 --- /dev/null +++ b/ansible-5/roles/ns.xai-corp.net/vars/_extravars.yml @@ -0,0 +1,10 @@ +--- +# vars/_extravars.yml +# define extra variable values here +# this file should be loaded via an include_vars statement in the task. +# often this is used for managing differences in os. + +# Variable setup. +#- name: Include OS-Specific variables +# include_vars: "{{ ansible_os_family }}.yml" +